From michael at dilworth.net Sun Oct 1 03:19:51 2006 From: michael at dilworth.net (Michael R. Dilworth (E-mail)) Date: Sun Oct 1 03:20:06 2006 Subject: Whitelisting and SA, Bayes issues. Message-ID: <033101c6e500$1420c350$5713cc40@OCEANII> Hopefully I'm doing some thing wrong here, but I'm stuck. Question: Why, if an from address is whitelisted, does it still go through SA? Issue: I (root@x) sends email daily, summarizing quarantined messages to my users, thus I white list root. Problem: These messages are being auto learned as "not spam". The messages include the subject line, etc. thus messing with my bayes database slightly. TIA Michael... -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1604 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060930/2ebc2f94/winmail.bin From glenn.steen at gmail.com Sun Oct 1 10:34:28 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 1 10:34:32 2006 Subject: Daily Spam report In-Reply-To: <451EDB50.9060501@gmx.de> References: <451EDB50.9060501@gmx.de> Message-ID: <223f97700610010234p43d8fed4oe377d7b2d0c0d9f@mail.gmail.com> On 30/09/06, Cornelius Koelbel wrote: > Hi there, > > is it possible, to send a daily spam report to the user? > It is easier for my to check false positives in a list, than with every > mail. > > Besides this is a top feature for enterprise usage. > Deliver no Spams, but keep them quarantined. > Get a daily spam report and release a spam mail on user request. > > Kind regards > Cornelius To my knowledge you have two options: 1) MailWatch (version 1.x) has a quarantine report script that will do something like this. Check http://mailwatch.sf.net or the related software in the MailScanner wiki. 2) Fortress systems have a script that will do this (I think). Check http://www.fsl.com/support/ Having said that, I don't use either... (But there seem to be several who do:-) So I can't really vouch for how well they work. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Oct 1 10:39:00 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 1 10:39:05 2006 Subject: Whitelisting and SA, Bayes issues. In-Reply-To: <033101c6e500$1420c350$5713cc40@OCEANII> References: <033101c6e500$1420c350$5713cc40@OCEANII> Message-ID: <223f97700610010239tc930d76k178638e5760dbd7@mail.gmail.com> On 01/10/06, Michael R. Dilworth (E-mail) wrote: > Hopefully I'm doing some thing wrong here, but I'm stuck. > > Question: Why, if an from address is whitelisted, does it still go through > SA? > > Issue: I (root@x) sends email daily, summarizing quarantined messages to my > users, thus I white list root. > > Problem: These messages are being auto learned as "not spam". The messages > include the subject line, etc. thus messing with my bayes database > slightly. > > TIA Michael... > > How do you whitelist it? Through a ruleset on what/which settings? If done right, SA shouldn't be invoked on whitelisted mails. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sun Oct 1 10:53:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 1 10:53:55 2006 Subject: MailScanner ANNOUNCE: Stable version 4.56 released Message-ID: <451F9021.4080600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks! A new stable release for you. New things this time include: - -- control of reports sent to senders of "too large" messages, - -- Postfix 2.3 support, - -- fine control of maximum size of message section sent to SpamAssassin, - -- significant improvement to reliability of tnef extraction utility, - -- new location for web bug replacement to alleviate server load. Available from www.mailscanner.info The full Change Log is this: * New Features and Improvements * 1 Added a complete new set of configuration settings to report on messages and attachments that are outside the size limits set in MailScanner.conf. These are: Sender Size Report Stored Size Message Report Deleted Size Message Report Size Modify Subject Size Subject Text These are used in exactly the same way as the other sets of options that tag and modify the message for other reasons. 3 Improved report of "message too large" case. 3 Updated Catalan language files courtesy of Jordi Sanfeliu. 3 Increased default max SpamAssassin message size to catch more single-image spam messages. 3 Solved compatibility with Postfix 2.3. 3 Upgraded Sys::Syslog to 0.18 which fixes all the compatibility problems of 0.17 and 0.16. 3 Upgraded Kaspersky support to 5.5. 4 Added new features to "Max SpamAssassin Size" setting: --- behave as before trackback --- get n bytes then backtrack looking for the start of the attachment we are in the middle of. continue --- get n bytes then continue up to a maximum of m extra bytes looking for the end of the attachment we are in the middle of. 5 Upgraded to tnef version 1.4.3. 5 Upgraded Archive::Zip to 1.16. Builds properly on x64 architectures. * Fixes * 1 When 'Outgoing Queue Dir' was changed from the default, kicking sendmail into attempting delivery of a new processed message in the outgoing queue would just wait for the next regular run of the queue. Now fixed so that a delivery attempt is made immediately. This fix only affects users who have changed the "Outgoing Queue Dir" setting and who are also using sendmail as their MTA. 2 Missed 2 "defined" checks on variables before using them. Thanks to Andy Kirkpatrick for spotting that one. 2 Fixed version number check. 3 Fixed output bug in less strict phishing net. Does anyone use this? 3 Fixed bug in Sendmail KickMessage() function. Thanks to Martin Billy. 4 Removed Postfix 2.3 extra, and reverted to simple regexp as Holger's version is buggy (mismatched ')'). 5 Changed number of viruses found reported to be max of each AV package's value. 6 Rewrote logic of addenvto so it should now work correctly when the setting is blank. 6 Put in new version of Postfix 2.3 regexp. And please buy the book if you haven't already! :-) Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFH5AiEfZZRxQVtlQRAhHzAJ0ejTZqRudRsWTFb8kzMOr8+ewKygCghDGN BKFM+cEnBlqtCYBc8Jd9mEI= =pfjK -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From cornelius.koelbel at gmx.de Sun Oct 1 10:54:21 2006 From: cornelius.koelbel at gmx.de (Cornelius Koelbel) Date: Sun Oct 1 10:54:37 2006 Subject: Daily Spam report In-Reply-To: <223f97700610010234p43d8fed4oe377d7b2d0c0d9f@mail.gmail.com> References: <451EDB50.9060501@gmx.de> <223f97700610010234p43d8fed4oe377d7b2d0c0d9f@mail.gmail.com> Message-ID: <451F904D.1060307@gmx.de> Hi Glenn, thanks for your reply. So I see that Mailscanner does not support this by itself. I saw mailwatch, but did not like to use mysql and php, which is needed by mailwatch. So I will look around at fortress systems or start my mysqld :( Kind regards Cornelius Glenn Steen schrieb: > On 30/09/06, Cornelius Koelbel wrote: >> Hi there, >> >> is it possible, to send a daily spam report to the user? >> It is easier for my to check false positives in a list, than with every >> mail. >> >> Besides this is a top feature for enterprise usage. >> Deliver no Spams, but keep them quarantined. >> Get a daily spam report and release a spam mail on user request. >> >> Kind regards >> Cornelius > > To my knowledge you have two options: > 1) MailWatch (version 1.x) has a quarantine report script that will do > something like this. Check http://mailwatch.sf.net or the related > software in the MailScanner wiki. > 2) Fortress systems have a script that will do this (I think). Check > http://www.fsl.com/support/ > > Having said that, I don't use either... (But there seem to be several > who do:-) So I can't really vouch for how well they work. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3641 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061001/e7a4a7aa/smime.bin From hkeasytech at gmail.com Sun Oct 1 13:33:17 2006 From: hkeasytech at gmail.com (Barry Kwok) Date: Sun Oct 1 13:33:25 2006 Subject: Custom Header Message-ID: <9d2057cc0610010533n41b8a101t41f7a6eec72ec769@mail.gmail.com> I want to add custom header based on sender's domain and recipeint address. I add Non Spam Actions = %rules-dir%/scan.messages.rules into MailScanner.conf and the scan.messages.rules as: From: *@ hotmail.com and To: barry@mydomain.com header "X-hotmail-check: yes" FromOrTo: default deliver But it doesn't work -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061001/7520c393/attachment.html From glenn.steen at gmail.com Sun Oct 1 14:47:29 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 1 14:47:32 2006 Subject: Daily Spam report In-Reply-To: <451F904D.1060307@gmx.de> References: <451EDB50.9060501@gmx.de> <223f97700610010234p43d8fed4oe377d7b2d0c0d9f@mail.gmail.com> <451F904D.1060307@gmx.de> Message-ID: <223f97700610010647t7e99e1f1j5267f1de2d52d1e4@mail.gmail.com> On 01/10/06, Cornelius Koelbel wrote: > Hi Glenn, > > thanks for your reply. So I see that Mailscanner does not support this > by itself. No, that is true.... Then again, there are a lot of things that MailScanner doesn't do *by itself*;-). > I saw mailwatch, but did not like to use mysql and php, which is needed > by mailwatch. Ok. You lose out on a pretty impressive tool, but that is entirely your prerogative:-) > So I will look around at fortress systems or start my mysqld :( You needn't look that far... It is the QuarantineReport script (a tarball linked as the final link in the first section (MailScanner...)). This excerpt is from the INSTALL file: ------ uarantineReport is: -------------------------------------------- QuarantineReport is a small application that's intended to: * Create a daily report for each user who has messages in MailScanner quarantine * Create a web link to view the message in Quarantine * Provide a link to allow the user to release the message in Quarantine * Email the report to the user The report will contain this information for each message in Quarantine: From: address_of_sender Subject: subject_of message Link_to_View Link_to_Release The application can aslo verify that recipient is a valid user by checking a file or performing an LDAP search. ----- If you run Sendmail or Exim, this seems to be viable for what you want to do. If not (Postfix, Zmail, Qmail...) you'll probably need go with MailWatch, or... hack it up to fit your MTA. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sun Oct 1 15:33:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 1 15:33:55 2006 Subject: Wikipedia Message-ID: <451FD1C3.4070906@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Could someone update the Wikipedia entry for MailScanner please? It's currently a short "stub" entry, which could do with expanding to include a list of features, and pointers to the various support channels available. Please can some do this for me? Thanks folks! Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFH9HEEfZZRxQVtlQRApK2AJwK++d2yaliEehrfeFfTkCMd6J6wQCfcWKA abus9k54HmP/LG7eW8jp5lQ= =z+v0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mgt at stellarcore.net Sun Oct 1 16:01:08 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun Oct 1 16:01:21 2006 Subject: Daily Spam report In-Reply-To: <200610011100.k91B0JfY019223@bkserver.blacknight.ie> References: <200610011100.k91B0JfY019223@bkserver.blacknight.ie> Message-ID: <451FD834.3030107@stellarcore.net> > > On 30/09/06, Cornelius Koelbel wrote: >> >> Hi there, >> >> >> >> is it possible, to send a daily spam report to the user? >> >> It is easier for my to check false positives in a list, than with every >> >> mail. >> >> >> >> Besides this is a top feature for enterprise usage. >> >> Deliver no Spams, but keep them quarantined. >> >> Get a daily spam report and release a spam mail on user request. >> >> >> >> Kind regards >> >> Cornelius > > > > To my knowledge you have two options: > > 1) MailWatch (version 1.x) has a quarantine report script that will do > > something like this. Check http://mailwatch.sf.net or the related > > software in the MailScanner wiki. > > 2) Fortress systems have a script that will do this (I think). Check > > http://www.fsl.com/support/ > > > > Having said that, I don't use either... (But there seem to be several > > who do:-) So I can't really vouch for how well they work. I don't have a daily spam report either but if I had to have one this is how I'd do it. First not sure how you store your spam I forward it to an account with this rule Spam Actions = forward spams-store@localhost Then I use a script to roll the IMAP Folders based on date. #!/bin/bash ########################################################################## #spamstore_roller.sh #Copyright Mar 8 2005 Mike Tremaine # # ########################################################################## # ########################### # ########################### #Set Global dir spamstore_user="spam-store" spamstore_group="spamstore" spamstore_spool="/var/spool/mail/$spamstore_user" spamstore_maildir="/home/$spamstore_user/mail" spamstore_mailboxlist="/home/$spamstore_user/.mailboxlist" targetdate=$(date -d -5min +%Y%m%d) purgeoffset=3weeks ################## #If system has non gnu date use perl like so #targetdate=$(perl -e 'use POSIX qw(strftime); $now_string = strftime "%Y%m%d", localtime; print "$now_string";') ############################# #Rotate spool to dated mbox if [ -s $spamstore_spool ]; then cat $spamstore_spool >> $spamstore_maildir/spam.$targetdate.mbox cp /dev/null $spamstore_spool chown $spamstore_user:$spamstore_user $spamstore_maildir/spam.$targetdate.mbox fi ############################# #Purge control purgeday=$(date -d -$purgeoffset +%Y%m%d) if [ -f $spamstore_maildir/spam.$purgeday.mbox ]; then rm -f $spamstore_maildir/spam.$purgeday.mbox fi ############################## #Rebuild mailboxlist if needed if [ -f $spamstore_mailboxlist ]; then ls -1 $spamstore_maildir | sed -e 's:\(.*\)$:mail\/\1:' > $spamstore_mailboxlist chown $spamstore_user:$spamstore_group $spamstore_mailboxlist fi # vi: shiftwidth=3 tabstop=3 et So now you have daily mailboxes for spam.... The next step to get a report would another Perl or Bash script that could grep the To/From/Subject and make a little list of whats in there. Maybe this pushes you in the right direction, maybe this wastes space in your Inbox. Good luck. -Mike From mikej at rogers.com Sun Oct 1 16:12:48 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Oct 1 16:12:04 2006 Subject: Daily Spam report In-Reply-To: <451F904D.1060307@gmx.de> References: <451EDB50.9060501@gmx.de> <223f97700610010234p43d8fed4oe377d7b2d0c0d9f@mail.gmail.com> <451F904D.1060307@gmx.de> Message-ID: <451FDAF0.5010404@rogers.com> Cornelius Koelbel wrote: > Hi Glenn, > > thanks for your reply. So I see that Mailscanner does not support this > by itself. > I saw mailwatch, but did not like to use mysql and php, which is needed > by mailwatch. > So I will look around at fortress systems or start my mysqld :( > And what the hell do you think fortress systems uses? From prandal at herefordshire.gov.uk Sun Oct 1 16:13:49 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Sun Oct 1 16:14:05 2006 Subject: MailScanner ANNOUNCE: Stable version 4.56 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58017681D3@isabella.herefordshire.gov.uk> Julian, Max Spamassassin Size = 40000 continue 10000 Throws up this error: Oct 1 16:08:51 mx2 MailScanner[12544]: Syntax error in line 1630, 40000 continue 10000 for maxspamassassinsize should be a number Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Sunday, October 01, 2006 10:54 AM To: MailScanner discussion; MailScanner-Announce mailing list list Subject: MailScanner ANNOUNCE: Stable version 4.56 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks! A new stable release for you. New things this time include: - -- control of reports sent to senders of "too large" messages, - -- Postfix 2.3 support, - -- fine control of maximum size of message section sent to SpamAssassin, - -- significant improvement to reliability of tnef extraction utility, - -- new location for web bug replacement to alleviate server load. Available from www.mailscanner.info The full Change Log is this: * New Features and Improvements * 1 Added a complete new set of configuration settings to report on messages and attachments that are outside the size limits set in MailScanner.conf. These are: Sender Size Report Stored Size Message Report Deleted Size Message Report Size Modify Subject Size Subject Text These are used in exactly the same way as the other sets of options that tag and modify the message for other reasons. 3 Improved report of "message too large" case. 3 Updated Catalan language files courtesy of Jordi Sanfeliu. 3 Increased default max SpamAssassin message size to catch more single-image spam messages. 3 Solved compatibility with Postfix 2.3. 3 Upgraded Sys::Syslog to 0.18 which fixes all the compatibility problems of 0.17 and 0.16. 3 Upgraded Kaspersky support to 5.5. 4 Added new features to "Max SpamAssassin Size" setting: --- behave as before trackback --- get n bytes then backtrack looking for the start of the attachment we are in the middle of. continue --- get n bytes then continue up to a maximum of m extra bytes looking for the end of the attachment we are in the middle of. 5 Upgraded to tnef version 1.4.3. 5 Upgraded Archive::Zip to 1.16. Builds properly on x64 architectures. * Fixes * 1 When 'Outgoing Queue Dir' was changed from the default, kicking sendmail into attempting delivery of a new processed message in the outgoing queue would just wait for the next regular run of the queue. Now fixed so that a delivery attempt is made immediately. This fix only affects users who have changed the "Outgoing Queue Dir" setting and who are also using sendmail as their MTA. 2 Missed 2 "defined" checks on variables before using them. Thanks to Andy Kirkpatrick for spotting that one. 2 Fixed version number check. 3 Fixed output bug in less strict phishing net. Does anyone use this? 3 Fixed bug in Sendmail KickMessage() function. Thanks to Martin Billy. 4 Removed Postfix 2.3 extra, and reverted to simple regexp as Holger's version is buggy (mismatched ')'). 5 Changed number of viruses found reported to be max of each AV package's value. 6 Rewrote logic of addenvto so it should now work correctly when the setting is blank. 6 Put in new version of Postfix 2.3 regexp. And please buy the book if you haven't already! :-) Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFH5AiEfZZRxQVtlQRAhHzAJ0ejTZqRudRsWTFb8kzMOr8+ewKygCghDGN BKFM+cEnBlqtCYBc8Jd9mEI= =pfjK -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From pravin.rane at gmail.com Sun Oct 1 16:20:27 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Sun Oct 1 16:20:29 2006 Subject: Selective Spam Checks Message-ID: <13c021a90610010820r13a52d6dwb51d032e97625893@mail.gmail.com> I have 2 IPs 10.1.1.100 and 10.1.1.200 on my mail server 10.1.1.100 is MX 10.1.1.200 is for outgoing SMTP My users use Second IP10.1.1.200 for sending mails I want to disable Spam Checks for the mails which are coming only from my SMTP IP (10.1.1.200) What rule I should wirte ? -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061001/364daa1b/attachment.html From marcel-ml at irc-addicts.de Sun Oct 1 16:39:00 2006 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Sun Oct 1 16:39:33 2006 Subject: Daily Spam report In-Reply-To: <451FDAF0.5010404@rogers.com> References: <451EDB50.9060501@gmx.de> <223f97700610010234p43d8fed4oe377d7b2d0c0d9f@mail.gmail.com> <451F904D.1060307@gmx.de> <451FDAF0.5010404@rogers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, On Sun, 1 Oct 2006, Mike Jakubik wrote: > Cornelius Koelbel wrote: > > Hi Glenn, > > > > thanks for your reply. So I see that Mailscanner does not support this > > by itself. > > I saw mailwatch, but did not like to use mysql and php, which is needed > > by mailwatch. > > So I will look around at fortress systems or start my mysqld :( > > > > And what the hell do you think fortress systems uses? > > i am using the fortress-script. ;) without any kind of mysql ;) I had to do some settings, as the default behaviour sents out the report to every recipient within the mail. Means, if you do reveive a mail for a number of recipient even outside of your system and the system sis setup to sent mails via localhost, the other recipient would also receive the spam-report ;) So, as my system is very low, i use the setup to check for recipient via txt-file. Second: i had to change the domain within the script, as this was setup to use the fortress-domain. I do not know, if this was changed after my download of the script.. So, now all my users (the four) are happy to receive the spamreport on daily basis.. =) and to be able to release false spam-detected mails.. Greetings Marcel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFH+EXeuKbXOoTCo8RApRqAJ9N22J9NY5OonqXla7SvorsaRWNNgCfTZ0J GeVAqTaClwrF9IHvjtVFikU= =Lmuv -----END PGP SIGNATURE----- From hgh at rcwm.com Sun Oct 1 23:31:04 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Sun Oct 1 23:27:26 2006 Subject: SOLVED Re: Only a few incoming emails seem to be getting scanned. {Scanned} In-Reply-To: <223f97700609290635q76e500ck8b1edfe1e0698958@mail.gmail.com> References: <451BBDE5.80104@rcwm.com> <451BC2CE.4090107@solidstatelogic.com> <451CA3FD.2010707@rcwm.com> <223f97700609290059h6ed7138ci50fa9c9e49180c82@mail.gmail.com> <451D0852.3000700@rcwm.com> <223f97700609290635q76e500ck8b1edfe1e0698958@mail.gmail.com> Message-ID: <452041A8.4070108@rcwm.com> Glenn Steen wrote: > On 29/09/06, Henry Hollenberg wrote: > >> Glenn Steen wrote: >> > On 29/09/06, Henry Hollenberg wrote: >> > (snip) >> > >> >> > Have you checked that all the appropriate stuff in postfix has been >> >> done... >> >> > >> >> >> >> Ooops!, you were right. I skipped the postfix steps somehow.... >> >> I've done them and restarted postfix and mailscanner.....now let's >> >> see how it goes.... >> > >> > >> > Ah, that explains it. Setting up postfix for delivery to the "hold" queue fixed my "broken" install. After this MailScanner was able to pick up the emails and process them. THanks guys. hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From hgh at rcwm.com Sun Oct 1 23:57:04 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Sun Oct 1 23:53:23 2006 Subject: mailscanner hangs on automatic restart {Scanned} Message-ID: <452047C0.7010002@rcwm.com> It looks like mailscanner is hanging every time it does it's automatic restart at 14400 sec. If I do a manual restart /etc/init.d/mailscanner restart the logs look like this: Oct 1 17:32:06 bastion MailScanner[30537]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Oct 1 17:32:06 bastion postfix/smtpd[30539]: connect from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] Oct 1 17:32:06 bastion MailScanner[30537]: Read 120 hostnames from the phishing whitelist Oct 1 17:32:09 bastion postfix/smtpd[30539]: NOQUEUE: reject: RCPT from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131]: 554 Service unavailable; Client host [69.138.210.131] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?69.138.210.131; from= to= proto=SMTP helo= Oct 1 17:32:09 bastion postfix/smtpd[30539]: lost connection after RCPT from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] Oct 1 17:32:09 bastion postfix/smtpd[30539]: disconnect from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] Oct 1 17:32:09 bastion MailScanner[30537]: Using locktype = flock Otherwise the system seems to be hammering the spam.....yeah! hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From hgh at rcwm.com Mon Oct 2 00:33:58 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Mon Oct 2 00:30:15 2006 Subject: pyzor ip bad in debian install {Scanned} In-Reply-To: <452047C0.7010002@rcwm.com> References: <452047C0.7010002@rcwm.com> Message-ID: <45205066.2090104@rcwm.com> Has anyone else noticed the pyzor IP being bad in the debian install? I found a reference by a Chris Pollock where he mentioned a new IP and it seemed to work. Link: https://sourceforge.net/mailarchive/forum.php?thread_id=30601945&forum_id=8711 snippet from that post: quote: Olivier, try using this address: quote: quote: 82.94.255.100:24441 quote: quote: Milton Cyrus set this one up back in March and I've been using it ever quote: sense. Just remember that if you run "pyzor discover" you'll have to quote: re-enter it in your Pyzor server list. I've had no problems at all using quote: this server. quote: quote: HTH So I changed mine from what shipped (66.250.40.33:24441), to the IP above and it seemed to work. But is it safe to use??? hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From hgh at rcwm.com Mon Oct 2 01:53:34 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Mon Oct 2 01:49:58 2006 Subject: bayes problem {Scanned} In-Reply-To: <451D2749.8050203@delodder.be> References: <451D2749.8050203@delodder.be> Message-ID: <4520630E.1010400@rcwm.com> Philippe Delodder wrote: > Hi, > > when i run spamassassin -D --lint i see that bayes is used but when i > check the header of an email that is spam i don't see use of bayes in > MailScanner-SpamCheck. is that normal? > > I'm using MailScanner version 4.54.6 with postfix > > Philippe Delodder > > > I was wondering the exact same thing. I have trained the system with a bunch of emails and it still doesn't seem to be putting BAYES scores on them: bastion:~/.pyzor# sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 752 0 non-token data: nspam 0.000 0 695 0 non-token data: nham 0.000 0 80524 0 non-token data: ntokens 0.000 0 1141401016 0 non-token data: oldest atime 0.000 0 1159706957 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count And where I expect to see something: X-gosemr-MailScanner-SpamCheck: spam, SpamAssassin (score=9.285, required 6, DCC_CHECK 1.37, DIGEST_MULTIPLE 0.23, FORGED_RCVD_HELO 0.05, RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 2.00) Am I jumping the gun? hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Mon Oct 2 09:37:04 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 2 09:37:07 2006 Subject: bayes problem {Scanned} In-Reply-To: <4520630E.1010400@rcwm.com> References: <451D2749.8050203@delodder.be> <4520630E.1010400@rcwm.com> Message-ID: <223f97700610020137t6c40aceci5e74f7a1138ba6af@mail.gmail.com> On 02/10/06, Henry Hollenberg wrote: > Philippe Delodder wrote: > > Hi, > > > > when i run spamassassin -D --lint i see that bayes is used but when i > > check the header of an email that is spam i don't see use of bayes in > > MailScanner-SpamCheck. is that normal? > > > > I'm using MailScanner version 4.54.6 with postfix > > > > Philippe Delodder > > > > > > > > I was wondering the exact same thing. I have trained the system with a bunch of > emails and it still doesn't seem to be putting BAYES scores on them: > > bastion:~/.pyzor# sa-learn --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 752 0 non-token data: nspam > 0.000 0 695 0 non-token data: nham > 0.000 0 80524 0 non-token data: ntokens > 0.000 0 1141401016 0 non-token data: oldest atime > 0.000 0 1159706957 0 non-token data: newest atime > 0.000 0 0 0 non-token data: last journal sync atime > 0.000 0 0 0 non-token data: last expiry atime > 0.000 0 0 0 non-token data: last expire atime delta > 0.000 0 0 0 non-token data: last expire reduction count > > > And where I expect to see something: > > X-gosemr-MailScanner-SpamCheck: spam, SpamAssassin (score=9.285, required 6, > DCC_CHECK 1.37, DIGEST_MULTIPLE 0.23, FORGED_RCVD_HELO 0.05, > RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15, URIBL_JP_SURBL 4.00, > URIBL_OB_SURBL 2.00) > > Am I jumping the gun? > Henry, I see you are using root here... (the telltale # prompt:)... Can the postfix user find/read the bayes DB? Become your PF user and redo that;-)... su - postfix -s /bin/bash sa-learn ...... whatever.... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Oct 2 09:43:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 2 09:43:30 2006 Subject: PGP sig missing. Message-ID: <223f97700610020143v5d5570f8r8bf4e3f385095311@mail.gmail.com> The signature file seems to be missing for at least the rpm install... The link http://www.mailscanner.info/files/4/rpm/MailScanner-4.56.7-1.rpm.tar.gz.sig leads to a "Forbidden" error: Forbidden You don't have permission to access /files/4/rpm/MailScanner-4.56.7-1.rpm.tar.gz.sig on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.35 Server at www.mailscanner.info Port 80 .... Could you fix that Jules? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From tgc at statsbiblioteket.dk Mon Oct 2 11:03:13 2006 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Mon Oct 2 11:03:17 2006 Subject: Installing 4.56.7 on RHEL 2.1 Message-ID: <4520E3E1.1050600@statsbiblioteket.dk> I've just done a test upgrade from 4.41-3 to 4.56.7 on an RHEL 2.1 host. There were several issues that I've described below. Before installing the host had 4.41-3 with the perl module versions installed that was distributed with that version of MailScanner + a few updates/extras. Here's MailScanner -v output from a production host with the same config: --- This is Red Hat Enterprise Linux ES release 2.1 (Panama) This is Perl version 5.006001 (5.6.1) This is MailScanner version 4.41.3 Module versions are: 1.14 Archive::Zip 1.119 Convert::BinHex 1.03 Fcntl 2.6 File::Basename 2.03 File::Copy 2.00 FileHandle 1.0404 File::Path 0.12 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.08 IO::File 1.121 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.03 POSIX 1.72 Socket 0.01 Sys::Syslog 1.01 Time::localtime Optional module versions are: 1.75 DB_File missing Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 2.64 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.49 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 1.1604 Test::Harness missing Test::Simple missing Text::Balanced 1.35 URI --- Since I'd be updating SA to 3.1.5 later I had built (with cpan2rpm) and installed perl-ExtUtils-MakeMaker 6.30, perl-Getopt-Long 2.35, perl-Compress-Zlib 1.42, perl-IO-Zlib 1.04 and perl-Archive-Tar 1.30 before doing the MailScanner upgrade. I ran ./install.sh to do the installation but several modules failed to build and the tnef package could not be installed. The modules that failed where: perl-DBI perl-File-Temp perl-Sys-Syslog perl-Archive-Zip perl-DBD-SQLite All of them except perl-DBD-SQLite fails because they need Test::More to run their tests. I installed perl-Test-Simple 0.51 which I happened to have around and this fixes it for perl-Archive-Zip and perl-File-Temp. perl-DBI still fails because it also needs perl-Storable. Curiously the distribution includes perl-Storable-2.15 but install.sh doesn't build it. Rebuilding it by hand works fine. Perl-DBI still fails to complete but what is even worse is that during the build it installs files directly into /usr instead of the BuildRoot! (exactly why I never build stuff as root under normal circumstances). I instead used cpan2rpm to package perl-DBI 1.50 and that produces a working src.rpm. perl-Sys-Syslog fails the build stage and seems not to be perl 5.6.1 compatible out of the box (5.6.1 lacks const char * in the typemap which Sys-Syslog wants). Adding a typemap file to the source with this alias fixes the build. I ended up building a new src.rpm altogether using cpan2rpm after I discovered that the build failed on RHEL 3 & 4 with unpackaged file errors. perl-DBD-SQLite fails because SQLite is not available. After installing SQLite and the new perl-DBI it builds fine. The tnef package requires glibc 2.3 and is thus incompatible with RHEL 2.1 which is based on glibc 2.2. I fixed up the specfile included in the upstream source and rebuilt it to fix this. I realize that I'm fighting a loosing battle since most people are running newer versions of perl and newer Linux dists etc. Just thought you should know that atleast the RPM version of MailScanner seems to effectively require perl 5.8 and glibc 2.3 for easy installation. With that said here's MailScanner 4.56.7 with SpamAssassin 3.1.5 running on RHEL 2.1... --- [root@eon MailScanner-4.56.7-1]# MailScanner -v Running on Linux eon 2.4.9-e.65 #1 Thu Aug 4 20:19:30 EDT 2005 i686 unknown This is Red Hat Enterprise Linux ES release 2.1 (Panama) This is Perl version 5.006001 (5.6.1) This is MailScanner version 4.56.7 Module versions are: 1.16 Archive::Zip 1.119 Convert::BinHex 1.03 Fcntl 2.6 File::Basename 2.03 File::Copy 2.00 FileHandle 1.0404 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.20 IO 1.08 IO::File 1.121 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.03 POSIX 1.72 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.01 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.75 DB_File 1.12 DBD::SQLite 1.50 DBI missing Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001005 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.24 Net::IP 0.49 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 1.1604 Test::Harness 0.51 Test::Simple missing Text::Balanced 1.35 URI --- sa-update is not yet working since it'll need a newer libwww-perl (for LWP::UserAgent) but otherwise it seems to be working well. -tgc From ylacan at teicam.com Mon Oct 2 11:05:56 2006 From: ylacan at teicam.com (Youri LACAN-BARTLEY) Date: Mon Oct 2 11:06:30 2006 Subject: pyzor ip bad in debian install {Scanned} In-Reply-To: <45205066.2090104@rcwm.com> References: <452047C0.7010002@rcwm.com> <45205066.2090104@rcwm.com> Message-ID: <4520E484.70209@teicam.com> Henry Hollenberg wrote: > Has anyone else noticed the pyzor IP being bad in > the debian install? > > I found a reference by a Chris Pollock where he mentioned a new IP and > it seemed > to work. > > Link: > https://sourceforge.net/mailarchive/forum.php?thread_id=30601945&forum_id=8711 > > > snippet from that post: > > quote: Olivier, try using this address: > quote: > quote: 82.94.255.100:24441 > quote: > quote: Milton Cyrus set this one up back in March and I've been > using it ever > quote: sense. Just remember that if you run "pyzor discover" you'll > have to > quote: re-enter it in your Pyzor server list. I've had no problems > at all using > quote: this server. > quote: > quote: HTH > > So I changed mine from what shipped (66.250.40.33:24441), to the IP > above and it seemed to work. > > But is it safe to use??? > > hgh. > Hi, I ran into the same problem as you and stumbled across the same IP. I've been running it for a few months now and haven't run into any trouble whatsoever. Now if it's "safe" to use is a question I couldn't answer right now. I'd be curious to know what IP other people from the mailing list use... -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From prandal at herefordshire.gov.uk Mon Oct 2 11:27:41 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 2 11:29:20 2006 Subject: Installing 4.56.7 on RHEL 2.1 Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580F979A1B@isabella.herefordshire.gov.uk> It would have been easier to upgrade the whole box to CentOS 3.x or 4.x ;-) Your Net::DNS is really old, it might be worthwhile updating that via CPAN. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Tom G. Christensen > Sent: 02 October 2006 11:03 > To: mailscanner@lists.mailscanner.info > Subject: Installing 4.56.7 on RHEL 2.1 > > I've just done a test upgrade from 4.41-3 to 4.56.7 on an > RHEL 2.1 host. > There were several issues that I've described below. > > Before installing the host had 4.41-3 with the perl module versions > installed that was distributed with that version of > MailScanner + a few > updates/extras. > Here's MailScanner -v output from a production host with the > same config: > --- > This is Red Hat Enterprise Linux ES release 2.1 (Panama) > This is Perl version 5.006001 (5.6.1) > > This is MailScanner version 4.41.3 > Module versions are: > 1.14 Archive::Zip > 1.119 Convert::BinHex > 1.03 Fcntl > 2.6 File::Basename > 2.03 File::Copy > 2.00 FileHandle > 1.0404 File::Path > 0.12 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.20 IO > 1.08 IO::File > 1.121 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.03 POSIX > 1.72 Socket > 0.01 Sys::Syslog > 1.01 Time::localtime > > Optional module versions are: > 1.75 DB_File > missing Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 2.64 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.49 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 1.1604 Test::Harness > missing Test::Simple > missing Text::Balanced > 1.35 URI > --- > > Since I'd be updating SA to 3.1.5 later I had built (with > cpan2rpm) and > installed perl-ExtUtils-MakeMaker 6.30, perl-Getopt-Long 2.35, > perl-Compress-Zlib 1.42, perl-IO-Zlib 1.04 and perl-Archive-Tar 1.30 > before doing the MailScanner upgrade. > > I ran ./install.sh to do the installation but several modules > failed to > build and the tnef package could not be installed. > The modules that failed where: > perl-DBI > perl-File-Temp > perl-Sys-Syslog > perl-Archive-Zip > perl-DBD-SQLite > > All of them except perl-DBD-SQLite fails because they need Test::More > to run their tests. I installed perl-Test-Simple 0.51 which I > happened > to have around and this fixes it for perl-Archive-Zip and > perl-File-Temp. > perl-DBI still fails because it also needs perl-Storable. > Curiously the > distribution includes perl-Storable-2.15 but install.sh doesn't build > it. Rebuilding it by hand works fine. Perl-DBI still fails to > complete > but what is even worse is that during the build it installs files > directly into /usr instead of the BuildRoot! (exactly why I > never build > stuff as root under normal circumstances). > I instead used cpan2rpm to package perl-DBI 1.50 and that produces a > working src.rpm. > perl-Sys-Syslog fails the build stage and seems not to be perl 5.6.1 > compatible out of the box (5.6.1 lacks const char * in the > typemap which > Sys-Syslog wants). Adding a typemap file to the source with > this alias > fixes the build. I ended up building a new src.rpm altogether using > cpan2rpm after I discovered that the build failed on RHEL 3 & 4 with > unpackaged file errors. > perl-DBD-SQLite fails because SQLite is not available. After > installing > SQLite and the new perl-DBI it builds fine. > > The tnef package requires glibc 2.3 and is thus incompatible > with RHEL > 2.1 which is based on glibc 2.2. I fixed up the specfile > included in the > upstream source and rebuilt it to fix this. > > I realize that I'm fighting a loosing battle since most people are > running newer versions of perl and newer Linux dists etc. > Just thought you should know that atleast the RPM version of > MailScanner > seems to effectively require perl 5.8 and glibc 2.3 for easy > installation. > > With that said here's MailScanner 4.56.7 with SpamAssassin > 3.1.5 running > on RHEL 2.1... > > --- > [root@eon MailScanner-4.56.7-1]# MailScanner -v > Running on > Linux eon 2.4.9-e.65 #1 Thu Aug 4 20:19:30 EDT 2005 i686 unknown > This is Red Hat Enterprise Linux ES release 2.1 (Panama) > This is Perl version 5.006001 (5.6.1) > > This is MailScanner version 4.56.7 > Module versions are: > 1.16 Archive::Zip > 1.119 Convert::BinHex > 1.03 Fcntl > 2.6 File::Basename > 2.03 File::Copy > 2.00 FileHandle > 1.0404 File::Path > 0.16 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.54 HTML::Parser > 2.37 HTML::TokeParser > 1.20 IO > 1.08 IO::File > 1.121 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.10 Net::CIDR > 1.03 POSIX > 1.72 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.86 Time::HiRes > 1.01 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.75 DB_File > 1.12 DBD::SQLite > 1.50 DBI > missing Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001005 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 1.24 Net::IP > 0.49 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 1.1604 Test::Harness > 0.51 Test::Simple > missing Text::Balanced > 1.35 URI > --- > > sa-update is not yet working since it'll need a newer > libwww-perl (for > LWP::UserAgent) but otherwise it seems to be working well. > > -tgc > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hgh at rcwm.com Mon Oct 2 13:17:06 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Mon Oct 2 13:13:34 2006 Subject: bayes problem {Scanned} In-Reply-To: <223f97700610020137t6c40aceci5e74f7a1138ba6af@mail.gmail.com> References: <451D2749.8050203@delodder.be> <4520630E.1010400@rcwm.com> <223f97700610020137t6c40aceci5e74f7a1138ba6af@mail.gmail.com> Message-ID: <45210342.2060607@rcwm.com> Glenn Steen wrote: >> >> And where I expect to see something: >> >> X-gosemr-MailScanner-SpamCheck: spam, SpamAssassin (score=9.285, >> required 6, >> DCC_CHECK 1.37, DIGEST_MULTIPLE 0.23, FORGED_RCVD_HELO 0.05, >> RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15, URIBL_JP_SURBL >> 4.00, >> URIBL_OB_SURBL 2.00) >> >> Am I jumping the gun? >> > Henry, I see you are using root here... (the telltale # prompt:)... > Can the postfix user find/read the bayes DB? Become your PF user and > redo that;-)... > su - postfix -s /bin/bash > sa-learn ...... whatever.... > Ok, changed the permissions on /root/.spamassassin to postfix:postfix but still seem to be getting some errors. Don't see where to change the expected location of the bayes db in the config files.....got to get to work....I'll look around some more tonight! hgh. postfix@bastion:/root$ sa-learn --dump magic ERROR: Bayes dump returned an error, please re-run with -D for more information postfix@bastion:/root$ sa-learn -D --dump magic debug: SpamAssassin version 3.0.3 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/bin/X11', which doesn't exist, dropping. debug: PATH included '/usr/games', keeping. debug: Final PATH set to: /usr/local/bin:/usr/bin:/bin:/usr/games debug: using "/etc/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: config: read file /usr/share/spamassassin/65_debian.cf debug: using "/etc/spamassassin" for site rules dir debug: config: read file /etc/spamassassin/local.cf debug: mkdir /var/spool/postfix/.spamassassin failed: mkdir /var/spool/postfix/.spamassassin: Permission denied at /usr/share/perl5/Mail/SpamAssassin.pm line 1453 debug: using "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x857fa28) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8ec8a50) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8eaa8dc) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x857fa28) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8ec8a50) implements 'parse_config' debug: mkdir /var/spool/postfix/.spamassassin failed: mkdir /var/spool/postfix/.spamassassin: Permission denied at /usr/share/perl5/Mail/SpamAssassin.pm line 1453 No such file or directory debug: bayes: no dbs present, cannot tie DB R/O: /var/spool/postfix/.spamassassin/bayes_toks debug: Score set 0 chosen. debug: bayes: no dbs present, cannot tie DB R/O: /var/spool/postfix/.spamassassin/bayes_toks ERROR: Bayes dump returned an error, please re-run with -D for more information postfix@bastion:/root$ -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From drew at technologytiger.net Mon Oct 2 13:32:52 2006 From: drew at technologytiger.net (Drew Marshall) Date: Mon Oct 2 13:33:16 2006 Subject: bayes problem {Scanned} In-Reply-To: <45210342.2060607@rcwm.com> References: <451D2749.8050203@delodder.be> <4520630E.1010400@rcwm.com> <223f97700610020137t6c40aceci5e74f7a1138ba6af@mail.gmail.com> <45210342.2060607@rcwm.com> Message-ID: <49714.194.70.180.170.1159792372.squirrel@www.technologytiger.net> On Mon, October 2, 2006 13:17, Henry Hollenberg wrote: > Glenn Steen wrote: >> Henry, I see you are using root here... (the telltale # prompt:)... >> Can the postfix user find/read the bayes DB? Become your PF user and >> redo that;-)... >> su - postfix -s /bin/bash >> sa-learn ...... whatever.... >> > > Ok, changed the permissions on /root/.spamassassin to postfix:postfix but > still seem to be getting some errors. Don't see where to change the > expected location of the bayes db in the config files.....got > to get to work....I'll look around some more tonight! > > hgh. > debug: using "/var/spool/postfix/.spamassassin/user_prefs" for user prefs > file OK this is your clue ^^^^^^^^^^^^^^^^ In fact that's wrong also as you will have a good chance that Postfix will moan about non queue files in it's home directory if you are not careful. Check out the bottom of MailScanner.conf where there is an 'advanced option' for the location of the Bayes database (/var/spool/MailScanner/spamassassin from memory). Make sure you set it and give it postfix:postfix permissions. That is where you need to put your starter database/ trained database, again with the right permissions. At the same time, you will want to watch our for Razor files too. There was a thread over the last couple of months giving the file settings to tell Razor where to put it's home directory. All this is only because in your passwd file the user postfix has a home directory of /var/spool/postfix and that's where MailScanner will try to put things (Because it's running as the postfix user). HTH Drew From glenn.steen at gmail.com Mon Oct 2 13:35:03 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 2 13:35:06 2006 Subject: bayes problem {Scanned} In-Reply-To: <45210342.2060607@rcwm.com> References: <451D2749.8050203@delodder.be> <4520630E.1010400@rcwm.com> <223f97700610020137t6c40aceci5e74f7a1138ba6af@mail.gmail.com> <45210342.2060607@rcwm.com> Message-ID: <223f97700610020535q3a35225fn9b34c5191a7e3a22@mail.gmail.com> On 02/10/06, Henry Hollenberg wrote: > Glenn Steen wrote: > >> > >> And where I expect to see something: > >> > >> X-gosemr-MailScanner-SpamCheck: spam, SpamAssassin (score=9.285, > >> required 6, > >> DCC_CHECK 1.37, DIGEST_MULTIPLE 0.23, FORGED_RCVD_HELO 0.05, > >> RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15, URIBL_JP_SURBL > >> 4.00, > >> URIBL_OB_SURBL 2.00) > >> > >> Am I jumping the gun? > >> > > Henry, I see you are using root here... (the telltale # prompt:)... > > Can the postfix user find/read the bayes DB? Become your PF user and > > redo that;-)... > > su - postfix -s /bin/bash > > sa-learn ...... whatever.... > > > > Ok, changed the permissions on /root/.spamassassin to postfix:postfix but > still seem to be getting some errors. Don't see where to change the > expected location of the bayes db in the config files.....got > to get to work....I'll look around some more tonight! > > hgh. > > > postfix@bastion:/root$ sa-learn --dump magic > ERROR: Bayes dump returned an error, please re-run with -D for more information > postfix@bastion:/root$ sa-learn -D --dump magic (snip) > debug: mkdir /var/spool/postfix/.spamassassin failed: mkdir /var/spool/postfix/.spamassassin: Permission denied at /usr/share/perl5/Mail/SpamAssassin.pm line 1453 > No such file or directory As expected when run as postfix where ~postfix is a non-writable home directory, this fails. And then the following is just as expected. > > debug: bayes: no dbs present, cannot tie DB R/O: /var/spool/postfix/.spamassassin/bayes_toks > debug: Score set 0 chosen. > debug: bayes: no dbs present, cannot tie DB R/O: /var/spool/postfix/.spamassassin/bayes_toks > ERROR: Bayes dump returned an error, please re-run with -D for more information > postfix@bastion:/root$ > What you need do is either to make sure there are adequate writable subdirs in the home directory of the postfix user (.spamassassin, .razor, .pyzor ... whatever:), or explicitly place these things somewhere and tell the relevant subsystem/program where it is. For Bayes, you might have bayes_path /etc/MailScanner/bayes/bayes bayes_file_mode 0770 in your /etc/mail/spamassassin/mailscanner.cf file (note that the above should be a path to an existing directory + the leading "fragment" of the filenames the bayes files are to have...). If you have manually set a lot of ham/spam in _roots_ bayes files, you could well just move them to the new location and chown/chmod them appropriately. After that everything should be fine:). Much (if not all) of this is mentioned in various places on the wiki etc etc. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gborders at jlewiscooper.com Mon Oct 2 14:17:07 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Mon Oct 2 14:17:47 2006 Subject: "Friends Only" In-Reply-To: <4520E3E1.1050600@statsbiblioteket.dk> References: <4520E3E1.1050600@statsbiblioteket.dk> Message-ID: <45211153.3030509@jlewiscooper.com> Greetings list-mates, The PHB's have discovered the ability of some mail systems that require you to "validate" your address before they will accept messages, thus avoiding SPAM. Example, surgemail has a "Friends System" http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a package that sits between the MTA and MUA and does the authentication. Yippie yay, now they want it too. -_- Without wanting to spark any further heated debates on autoresponders, I wanted to query the group and see if there was any slick bolt-ons for sendmail / MailScanner / Mailwatch out there that might take advantage of some whitelisting mechanisms we already have. I can see potential of a custom script within MailScanner that could send a subscribe/verify message, and then auto-add to a whitelist upon receiving a proper response from the human sender. Any ideas folks? Greg. Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpumphrey at woodmclaw.com Mon Oct 2 15:36:45 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Oct 2 15:36:52 2006 Subject: bayes problem In-Reply-To: <451D2749.8050203@delodder.be> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501729731@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Philippe Delodder > Sent: Friday, September 29, 2006 10:02 AM > To: MailScanner discussion > Subject: bayes problem > > Hi, > > when i run spamassassin -D --lint i see that bayes is used but when i > check the header of an email that is spam i don't see use of bayes in > MailScanner-SpamCheck. is that normal? > > I'm using MailScanner version 4.54.6 with postfix > > Philippe Delodder > I would start by making sure you do the correct lint. Make sure you specify the config file. It was mentioned that you shouldn't have to anymore, either I misunderstood it or it was wrong. Anyway, do this: spamassassin -D --lint -p /etc/MailScanner/spam.assassin.conf.prefs Here is the different in the lint: (without the -p argument) [1712] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file (with the -p argument) [1712] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file I am not sure about the normal bayes in header question. I checked my headers of random emails and bayes was in all of them. Seems like I remember something normal about it sometimes not being in the header, but wait for other input. Also here is a good command to run. sa-learn --dump magic Example of mine: [root@WoodenMS2 ~]# sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 164042 0 non-token data: nspam 0.000 0 328180 0 non-token data: nham 0.000 0 174468 0 non-token data: ntokens 0.000 0 1159604893 0 non-token data: oldest atime 0.000 0 1159797182 0 non-token data: newest atime 0.000 0 1159796609 0 non-token data: last journal sync atime 0.000 0 1159777716 0 non-token data: last expiry atime 0.000 0 172800 0 non-token data: last expire atime delta 0.000 0 31252 0 non-token data: last expire reduction count Shows you that things are going on and bayes is populating. I am also assuming that you are running this all in root and using config defaults in most places, like the bayes configuration in /etc/MailScanner/spam.assassin.conf.prefs From matt at coders.co.uk Mon Oct 2 15:41:10 2006 From: matt at coders.co.uk (Matt Hampton) Date: Mon Oct 2 15:41:26 2006 Subject: "Friends Only" In-Reply-To: <45211153.3030509@jlewiscooper.com> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> Message-ID: <45212506.8060906@coders.co.uk> Greg Borders wrote: > Greetings list-mates, > > The PHB's have discovered the ability of some mail systems that require > you to "validate" your address before they will accept messages, thus > avoiding SPAM. Example, surgemail has a "Friends System" > http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a > package that sits between the MTA and MUA and does the authentication. > > Yippie yay, now they want it too. -_- > > Without wanting to spark any further heated debates on autoresponders, > I wanted to query the group and see if there was any slick bolt-ons for > sendmail / MailScanner / Mailwatch out there that might take advantage > of some whitelisting mechanisms we already have. I can see potential of > a custom script within MailScanner that could send a subscribe/verify > message, and then auto-add to a whitelist upon receiving a proper > response from the human sender. > Before you go down this router - try milter-sender (or I have a perl replacement if you are interested) which checks that the email address is accepted by the MX's for the domain before accepting it. I have found a 60% reduction in crud before it gets as far as MailScanner. I would highly recommend doing this even if you are wanting to go down the auto responder route and I would also suggest that the auto responder is placed AFTER MailScanner as it would ensure that the majority of Spam is removed before sending more crap to the joe jobbed addresses. You will also need to ensure that the email is sent from a different IP than your outbound email as it will only take about a week before you will be in SpamCop. Matt From bpumphrey at woodmclaw.com Mon Oct 2 15:43:54 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Oct 2 15:43:58 2006 Subject: MailScanner ANNOUNCE: Stable version 4.56 released In-Reply-To: <451F9021.4080600@ecs.soton.ac.uk> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501729732@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Sunday, October 01, 2006 5:54 AM > To: MailScanner discussion; MailScanner-Announce mailing list list > Subject: MailScanner ANNOUNCE: Stable version 4.56 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi folks! > > A new stable release for you. New things this time include: > Web site suggestion: On the news, it would be convenient for a link of the releases for download. Such as: 1/10/2006 - Release stable version 4.56. New this month: control of reports sent to senders of "too large" messages, Postfix 2.3 support, fine control of maximum size of message section sent to SpamAssassin, significant improvement to reliability of tnef extraction utility. From dward at nccumc.org Mon Oct 2 15:47:15 2006 From: dward at nccumc.org (Douglas Ward) Date: Mon Oct 2 15:47:18 2006 Subject: "Friends Only" In-Reply-To: <45212506.8060906@coders.co.uk> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> Message-ID: Is there a similar function in postfix? On 10/2/06, Matt Hampton wrote: > > Greg Borders wrote: > > Greetings list-mates, > > > > The PHB's have discovered the ability of some mail systems that require > > you to "validate" your address before they will accept messages, thus > > avoiding SPAM. Example, surgemail has a "Friends System" > > http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a > > package that sits between the MTA and MUA and does the authentication. > > > > Yippie yay, now they want it too. -_- > > > > Without wanting to spark any further heated debates on autoresponders, > > I wanted to query the group and see if there was any slick bolt-ons for > > sendmail / MailScanner / Mailwatch out there that might take advantage > > of some whitelisting mechanisms we already have. I can see potential of > > a custom script within MailScanner that could send a subscribe/verify > > message, and then auto-add to a whitelist upon receiving a proper > > response from the human sender. > > > > Before you go down this router - try milter-sender (or I have a perl > replacement if you are interested) which checks that the email address > is accepted by the MX's for the domain before accepting it. I have > found a 60% reduction in crud before it gets as far as MailScanner. > > I would highly recommend doing this even if you are wanting to go down > the auto responder route and I would also suggest that the auto > responder is placed AFTER MailScanner as it would ensure that the > majority of Spam is removed before sending more crap to the joe jobbed > addresses. > > You will also need to ensure that the email is sent from a different IP > than your outbound email as it will only take about a week before you > will be in SpamCop. > > Matt > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061002/f78e3d1f/attachment.html From lodder at delodder.be Mon Oct 2 15:54:35 2006 From: lodder at delodder.be (Philippe Delodder) Date: Mon Oct 2 15:55:08 2006 Subject: bayes problem In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501729731@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501729731@woodenex.woodmaclaw.local> Message-ID: <4521282B.6080107@delodder.be> Billy A. Pumphrey schreef: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Philippe Delodder >> Sent: Friday, September 29, 2006 10:02 AM >> To: MailScanner discussion >> Subject: bayes problem >> >> Hi, >> >> when i run spamassassin -D --lint i see that bayes is used but when i >> check the header of an email that is spam i don't see use of bayes in >> MailScanner-SpamCheck. is that normal? >> >> I'm using MailScanner version 4.54.6 with postfix >> >> Philippe Delodder >> >> > > I would start by making sure you do the correct lint. Make sure you > specify the config file. It was mentioned that you shouldn't have to > anymore, either I misunderstood it or it was wrong. Anyway, do this: > spamassassin -D --lint -p /etc/MailScanner/spam.assassin.conf.prefs > > Here is the different in the lint: > (without the -p argument) > [1712] dbg: config: using "/root/.spamassassin/user_prefs" for user > prefs file > > (with the -p argument) > [1712] dbg: config: using "/root/.spamassassin/user_prefs" for user > prefs file > > I am not sure about the normal bayes in header question. I checked my > headers of random emails and bayes was in all of them. Seems like I > remember something normal about it sometimes not being in the header, > but wait for other input. > > Also here is a good command to run. > sa-learn --dump magic > > Example of mine: > [root@WoodenMS2 ~]# sa-learn --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 164042 0 non-token data: nspam > 0.000 0 328180 0 non-token data: nham > 0.000 0 174468 0 non-token data: ntokens > 0.000 0 1159604893 0 non-token data: oldest atime > 0.000 0 1159797182 0 non-token data: newest atime > 0.000 0 1159796609 0 non-token data: last journal > sync atime > 0.000 0 1159777716 0 non-token data: last expiry > atime > 0.000 0 172800 0 non-token data: last expire > atime delta > 0.000 0 31252 0 non-token data: last expire > reduction count > > Shows you that things are going on and bayes is populating. I am also > assuming that you are running this all in root and using config defaults > in most places, like the bayes configuration in > /etc/MailScanner/spam.assassin.conf.prefs > > > With help of you guys i fixed it and now it's all seems to work perfectly thx for the help -- Philippe Delodder lodder@delodder.be http://www.delodder.be -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061002/dbac85cb/signature.bin From martinh at solidstatelogic.com Mon Oct 2 15:55:17 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Mon Oct 2 15:55:40 2006 Subject: "Friends Only" In-Reply-To: <45212506.8060906@coders.co.uk> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> Message-ID: <45212855.2030102@solidstatelogic.com> Matt Hampton wrote: > Greg Borders wrote: >> Greetings list-mates, >> >> The PHB's have discovered the ability of some mail systems that require >> you to "validate" your address before they will accept messages, thus >> avoiding SPAM. Example, surgemail has a "Friends System" >> http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a >> package that sits between the MTA and MUA and does the authentication. >> >> Yippie yay, now they want it too. -_- >> >> Without wanting to spark any further heated debates on autoresponders, >> I wanted to query the group and see if there was any slick bolt-ons for >> sendmail / MailScanner / Mailwatch out there that might take advantage >> of some whitelisting mechanisms we already have. I can see potential of >> a custom script within MailScanner that could send a subscribe/verify >> message, and then auto-add to a whitelist upon receiving a proper >> response from the human sender. >> > > Before you go down this router - try milter-sender (or I have a perl > replacement if you are interested) which checks that the email address > is accepted by the MX's for the domain before accepting it. I have > found a 60% reduction in crud before it gets as far as MailScanner. > > I would highly recommend doing this even if you are wanting to go down > the auto responder route and I would also suggest that the auto > responder is placed AFTER MailScanner as it would ensure that the > majority of Spam is removed before sending more crap to the joe jobbed > addresses. > > You will also need to ensure that the email is sent from a different IP > than your outbound email as it will only take about a week before you > will be in SpamCop. > > Matt > > And of course this auto resonder 'annoys' people when they get the autoresponder emailing them when they never sent you a message in the first place..(bit like bouncing spam, autoresonders are a bad idea). http://spamlinks.net/prevent-secure-backscatter-fake.htm (for one of many good links on why bouncing spam/autoresponders are a bad idea). Besides milter-sender there's also milter-ahead which checks the 'to' address existing on your system (if you're not using sendmail see the mailScanner wiki for your MTA on how to do this). Again using this technique you can drop over 66% of inbound traffic... -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mikea at mikea.ath.cx Mon Oct 2 16:23:13 2006 From: mikea at mikea.ath.cx (mikea) Date: Mon Oct 2 16:23:18 2006 Subject: "Friends Only" In-Reply-To: <45212855.2030102@solidstatelogic.com>; from martinh@solidstatelogic.com on Mon, Oct 02, 2006 at 03:55:17PM +0100 References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> Message-ID: <20061002102313.A54043@mikea.ath.cx> On Mon, Oct 02, 2006 at 03:55:17PM +0100, Martin Hepworth wrote: > Matt Hampton wrote: > > Greg Borders wrote: > >> Greetings list-mates, > >> The PHB's have discovered the ability of some mail systems that require > >> you to "validate" your address before they will accept messages, thus > >> avoiding SPAM. Example, surgemail has a "Friends System" > >> http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a > >> package that sits between the MTA and MUA and does the authentication. > >> Yippie yay, now they want it too. -_- > >> Without wanting to spark any further heated debates on autoresponders, > >> I wanted to query the group and see if there was any slick bolt-ons for > >> sendmail / MailScanner / Mailwatch out there that might take advantage > >> of some whitelisting mechanisms we already have. I can see potential of > >> a custom script within MailScanner that could send a subscribe/verify > >> message, and then auto-add to a whitelist upon receiving a proper > >> response from the human sender. > > Before you go down this router - try milter-sender (or I have a perl > > replacement if you are interested) which checks that the email address > > is accepted by the MX's for the domain before accepting it. I have > > found a 60% reduction in crud before it gets as far as MailScanner. > > I would highly recommend doing this even if you are wanting to go down > > the auto responder route and I would also suggest that the auto > > responder is placed AFTER MailScanner as it would ensure that the > > majority of Spam is removed before sending more crap to the joe jobbed > > addresses. > > You will also need to ensure that the email is sent from a different IP > > than your outbound email as it will only take about a week before you > > will be in SpamCop. > And of course this auto resonder 'annoys' people when they get the > autoresponder emailing them when they never sent you a message in the > first place..(bit like bouncing spam, autoresonders are a bad idea). > http://spamlinks.net/prevent-secure-backscatter-fake.htm > (for one of many good links on why bouncing spam/autoresponders are a > bad idea). As regards autoresponders: if you autorespond to spam with forged headers and envelope senders, those responses are: o unsolicited o bulk o E-mail which is how a great many mailadmins define spam. You'll wind up in their bl[oa]cklists as a result, which I strongly suspect is _directly_ contrary to the desires of your PHBs. At best, Challenge/Response (or C/R) systems are not a _good_ idea, and in the present environment, they're a Very Bad Idea Indeed. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From gborders at jlewiscooper.com Mon Oct 2 16:32:52 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Mon Oct 2 16:33:21 2006 Subject: "Friends Only" In-Reply-To: <45212855.2030102@solidstatelogic.com> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> Message-ID: <45213124.30701@jlewiscooper.com> Martin Hepworth wrote: > Matt Hampton wrote: >> Greg Borders wrote: >>> Greetings list-mates, >>> >>> The PHB's have discovered the ability of some mail systems that require >>> you to "validate" your address before they will accept messages, thus >>> avoiding SPAM. Example, surgemail has a "Friends System" >>> http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a >>> package that sits between the MTA and MUA and does the authentication. >>> >>> Yippie yay, now they want it too. -_- >>> >>> Without wanting to spark any further heated debates on >>> autoresponders, I wanted to query the group and see if there was any >>> slick bolt-ons for >>> sendmail / MailScanner / Mailwatch out there that might take advantage >>> of some whitelisting mechanisms we already have. I can see >>> potential of >>> a custom script within MailScanner that could send a subscribe/verify >>> message, and then auto-add to a whitelist upon receiving a proper >>> response from the human sender. >>> >> >> Before you go down this router - try milter-sender (or I have a perl >> replacement if you are interested) which checks that the email address >> is accepted by the MX's for the domain before accepting it. I have >> found a 60% reduction in crud before it gets as far as MailScanner. >> >> I would highly recommend doing this even if you are wanting to go down >> the auto responder route and I would also suggest that the auto >> responder is placed AFTER MailScanner as it would ensure that the >> majority of Spam is removed before sending more crap to the joe jobbed >> addresses. >> >> You will also need to ensure that the email is sent from a different IP >> than your outbound email as it will only take about a week before you >> will be in SpamCop. >> >> Matt >> >> > > And of course this auto resonder 'annoys' people when they get the > autoresponder emailing them when they never sent you a message in the > first place..(bit like bouncing spam, autoresonders are a bad idea). > > http://spamlinks.net/prevent-secure-backscatter-fake.htm > (for one of many good links on why bouncing spam/autoresponders are a > bad idea). > > Besides milter-sender there's also milter-ahead which checks the 'to' > address existing on your system (if you're not using sendmail see the > mailScanner wiki for your MTA on how to do this). Again using this > technique you can drop over 66% of inbound traffic... Thanks for the replies fellas. I totally agree this is a bad idea. I fully am aware of the milter techniques to reduce SPAM in general. (I'm using milter-greylist, and greet-pause features already.) This is more along the lines of the PHP's seeing something they perceive as 'slick', and wanting it for themselves, not realizing the hornet's nest of autoresponder complications that can occur on the back end. I'll send the info up the line and let them sweat it out if they want to risk getting SpamCop-ed. Thanks for the link Martin, Great info/ammo for PHB's there. ^_^ -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Mon Oct 2 16:50:54 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Mon Oct 2 16:51:45 2006 Subject: "Friends Only" In-Reply-To: <45213124.30701@jlewiscooper.com> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45213124.30701@jlewiscooper.com> Message-ID: <4521355E.2050405@elirion.net> Greg Borders wrote: [snip] > This is more along the lines of the PHP's seeing something they perceive > as 'slick', and wanting it for themselves, not realizing the hornet's > nest of autoresponder complications that can occur on the back end. > I'll send the info up the line and let them sweat it out if they want to > risk getting SpamCop-ed. Thanks for the link Martin, Great info/ammo for > PHB's there. ^_^ Greg, There's also the argument that many people will not respond to such auto-responders when they send legitimate mail, so there's the potential for loss of business. Regards, Richard Siddall From jaearick at colby.edu Mon Oct 2 17:00:39 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Oct 2 17:00:51 2006 Subject: 4.56.7: "max message size is '40000'" Message-ID: Julian, Ok, I hang my head in shame and say that I didn't beta-test earlier versions of 4.56. September was a busy month. I just upgraded from 4.55.10 to 4.56.7 on my setup (Solaris 10, SA 3.1.5, sophos and clam, dcc 1.3.40). I ran it first in debug mode to see what would happen (output attached). Not much. Then I attempted to fire up 4.56.7 in normal mode. I got zero syslog output, and nothing seemed to happen except several MS processes were sucking up CPU time: # ps -ef | grep perl root 15405 15337 0 11:55:16 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 15394 15336 2 11:55:14 ? 0:02 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 15407 19023 0 11:55:16 pts/2 0:00 grep perl root 15336 1 0 11:55:03 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 15337 15336 3 11:55:03 ? 0:08 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail I did go from version 0.13 to 0.18 of Sys-Syslog, but this does not seem to have anything to do with this. 4.55.10 works fine with the new Sys-Syslog. So, 4.56.7 never gets off the ground. Any ideas? Any other Solaris 10 users with this issue? Jeff Earickson Colby College -------------- next part -------------- Sun Microsystems Inc. SunOS 5.10 Generic January 2005 Starting MailScanner... In Debugging mode, not forking... [11203] dbg: logger: adding facilities: all [11203] dbg: logger: logging level is DBG [11203] dbg: generic: SpamAssassin version 3.1.5 [11203] dbg: config: score set 0 chosen. [11203] dbg: util: running in taint mode? no [11203] dbg: message: ---- MIME PARSER START ---- [11203] dbg: message: main message type: text/plain [11203] dbg: message: parsing normal part [11203] dbg: message: added part, type: text/plain [11203] dbg: message: ---- MIME PARSER END ---- [11203] dbg: dns: is Net::DNS::Resolver available? yes [11203] dbg: dns: Net::DNS version: 0.58 [11203] dbg: ignore: test message to precompile patterns and load modules [11203] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [11203] dbg: config: read file /etc/mail/spamassassin/init.pre [11203] dbg: config: read file /etc/mail/spamassassin/v310.pre [11203] dbg: config: read file /etc/mail/spamassassin/v312.pre [11203] dbg: config: using "/opt/perl5/share/spamassassin" for sys rules pre files [11203] dbg: config: using "/opt/perl5/share/spamassassin" for default rules dir [11203] dbg: config: read file /opt/perl5/share/spamassassin/10_misc.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_advance_fee.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_anti_ratware.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_body_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_compensate.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_dnsbl_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_drugs.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_fake_helo_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_head_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_html_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_meta_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_net_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_phrases.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_porn.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_ratware.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/20_uri_tests.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/23_bayes.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_accessdb.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_antivirus.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_body_tests_es.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_body_tests_pl.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_dcc.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_dkim.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_domainkeys.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_hashcash.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_pyzor.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_razor2.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_replace.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_spf.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_textcat.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/25_uribl.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/30_text_de.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/30_text_fr.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/30_text_it.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/30_text_nl.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/30_text_pl.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/30_text_pt_br.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/50_scores.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/60_awl.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_dk.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_dkim.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_spf.cf [11203] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_subject.cf [11203] dbg: config: using "/etc/mail/spamassassin" for site rules dir [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_html0.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_html1.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_html2.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_html3.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_stocks.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_unsub.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_uri0.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_uri1.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_uri3.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist_rcvd.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sare_whitelist_spf.cf [11203] dbg: config: read file /etc/mail/spamassassin/70_sc_top200.cf [11203] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf [11203] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf [11203] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [11203] dbg: config: read file /etc/mail/spamassassin/backhair.cf [11203] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [11203] dbg: config: read file /etc/mail/spamassassin/imageinfo.cf [11203] dbg: config: read file /etc/mail/spamassassin/local.cf [11203] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x1695740) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1744438) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xf8ecfc) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x16b9430) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [11203] dbg: dcc: network tests on, registering DCC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x174e278) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [11203] dbg: pyzor: network tests on, attempting Pyzor [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x185abc8) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [11203] dbg: razor2: razor2 is available, version 2.82 [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x16d3994) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [11203] dbg: reporter: network tests on, attempting SpamCop [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x1fb6798) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x2122be4) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x212dd64) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x212e790) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x2137a0c) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x214401c) [11203] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from /opt/perl5/lib/site_perl/5.8.8/Mail/SpamAssassin/ImageInfo.pm [11203] dbg: plugin: registered Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x2165fa8) [11203] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [11203] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [11203] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [11203] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [11203] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [11203] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [11203] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [11203] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i [11203] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i [11203] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&\#])'i [11203] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&\#])'i [11203] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&\#])'i [11203] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x214401c) implements 'finish_parsing_end' [11203] dbg: replacetags: replacing tags [11203] dbg: replacetags: done replacing tags [11203] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks [11203] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen [11203] dbg: bayes: found bayes db version 3 [11203] dbg: bayes: DB journal sync: last sync: 1159802156 [11203] dbg: config: score set 3 chosen. [11203] dbg: message: ---- MIME PARSER START ---- [11203] dbg: message: main message type: text/plain [11203] dbg: message: parsing normal part [11203] dbg: message: added part, type: text/plain [11203] dbg: message: ---- MIME PARSER END ---- [11203] dbg: dns: dns_available set to yes in config file, skipping test [11203] dbg: metadata: X-Spam-Relays-Trusted: [11203] dbg: metadata: X-Spam-Relays-Untrusted: [11203] dbg: metadata: X-Spam-Relays-Internal: [11203] dbg: metadata: X-Spam-Relays-External: [11203] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x1695740) implements 'extract_metadata' [11203] dbg: metadata: X-Relay-Countries: [11203] dbg: message: no encoding detected [11203] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x1695740) implements 'parsed_metadata' [11203] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1744438) implements 'parsed_metadata' [11203] dbg: uridnsbl: domains to query: [11203] dbg: check: running tests for priority: 0 [11203] dbg: rules: running header regexp tests; score so far=0 [11203] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [11203] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got hit: "i" [11203] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1159802232.9713@spamassassin_spamd_init> [11203] dbg: rules: " [11203] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassassin_spamd_init>" [11203] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [11203] dbg: rules: " [11203] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1159802232" [11203] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check [11203] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [11203] dbg: eval: all '*To' addrs: [11203] dbg: spf: no suitable relay for spf use found, skipping SPF check [11203] dbg: rules: ran eval rule NO_RELAYS ======> got hit [11203] dbg: spf: cannot get Envelope-From, cannot use SPF [11203] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [11203] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [11203] dbg: spf: spf_whitelist_from: could not find useable envelope sender [11203] dbg: rules: running body-text per-line regexp tests; score so far=0.96 [11203] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [11203] dbg: uri: running uri tests; score so far=0.96 [11203] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.96 [11203] dbg: rules: running full-text regexp tests; score so far=0.96 [11203] dbg: info: entering helper-app run mode [11203] dbg: info: leaving helper-app run mode [11203] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [11203] dbg: razor2: results: spam? 0 [11203] dbg: razor2: results: engine 8, highest cf score: 0 [11203] dbg: razor2: results: engine 4, highest cf score: 0 [11203] dbg: pyzor: use_pyzor option not enabled, disabling Pyzor [11203] dbg: dcc: dccifd is available: /opt/dcc/dccifd [11203] dbg: info: entering helper-app run mode [11203] dbg: dcc: dccifd got response: X-DCC-dcc.uncw.edu-Metrics: jasper 1201; Body=11284 Fuz1=14545 Fuz2=2866124 [11203] dbg: info: leaving helper-app run mode [11203] dbg: dcc: listed: BODY=11284/999999 FUZ1=14545/999999 FUZ2=2866124/999999 [11203] dbg: rules: ran eval rule DCC_CHECK ======> got hit [11203] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1744438) implements 'check_tick' [11203] dbg: check: running tests for priority: 500 [11203] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1744438) implements 'check_post_dnsbl' [11203] dbg: rules: running meta tests; score so far=3.13 [11203] info: rules: meta test SARE_SUB_ACCEPT_CCARDS has undefined dependency '__SARE_SUB_FROM_PAYPAL' [11203] info: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score [11203] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' [11203] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' [11203] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' [11203] info: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' [11203] info: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' [11203] info: rules: meta test FP_MIXED_PORN3 has undefined dependency 'FP_PENETRATION' [11203] dbg: rules: running header regexp tests; score so far=5.076 [11203] dbg: rules: running body-text per-line regexp tests; score so far=5.076 [11203] dbg: uri: running uri tests; score so far=5.076 [11203] dbg: rules: running raw-body-text per-line regexp tests; score so far=5.076 [11203] dbg: rules: running full-text regexp tests; score so far=5.076 [11203] dbg: check: running tests for priority: 1000 [11203] dbg: rules: running meta tests; score so far=5.076 [11203] dbg: rules: running header regexp tests; score so far=5.076 [11203] dbg: rules: running body-text per-line regexp tests; score so far=5.076 [11203] dbg: uri: running uri tests; score so far=5.076 [11203] dbg: rules: running raw-body-text per-line regexp tests; score so far=5.076 [11203] dbg: rules: running full-text regexp tests; score so far=5.076 [11203] dbg: check: is spam? score=5.076 required=5 [11203] dbg: check: tests=DCC_CHECK,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [11203] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID [11203] dbg: bayes: untie-ing [11203] dbg: bayes: untie-ing db_toks [11203] dbg: bayes: untie-ing db_seen max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' max message size is '40000' Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 max message size is '40000' Terminated From steve.swaney at fsl.com Mon Oct 2 17:19:04 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Oct 2 17:19:14 2006 Subject: "Friends Only" In-Reply-To: <4521355E.2050405@elirion.net> Message-ID: <030801c6e63e$7abb64a0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Siddall > Sent: Monday, October 02, 2006 11:51 AM > To: MailScanner discussion > Subject: Re: "Friends Only" > > Greg Borders wrote: > [snip] > > This is more along the lines of the PHP's seeing something they perceive > > as 'slick', and wanting it for themselves, not realizing the hornet's > > nest of autoresponder complications that can occur on the back end. > > I'll send the info up the line and let them sweat it out if they want to > > risk getting SpamCop-ed. Thanks for the link Martin, Great info/ammo for > > PHB's there. ^_^ > > Greg, > > There's also the argument that many people will not respond to such > auto-responders when they send legitimate mail, so there's the potential > for loss of business. > > Regards, > > Richard Siddall I'm one of the ones that don't respond to auto-responders. And when the fist e-tickets go missing you probably hear about it :( Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From hmkash at arl.army.mil Mon Oct 2 17:49:55 2006 From: hmkash at arl.army.mil (Kash, Howard (Civ, ARL/CISD)) Date: Mon Oct 2 17:50:00 2006 Subject: Large emails being tagged as spam - false positives Message-ID: <229A346E44379140A59A48951B56E0C00260CD33@ARLABML01.DS.ARL.ARMY.MIL> > And hopefully the new more complex settings of Max SpamAssassin Size > that you can use if you want, will help to alleviate the problem. Take a > look at the Change Log. But there's still no way to say "I don't think there will ever be a spam over 100k, so don't bother sending any messages over 100k to SA since they could potentially be blocked as false positives." The message the original poster on this topic complained about was blocked based mostly on header checks - changing the amount of the body that was sent to SA wouldn't have made any difference. The only way to have avoided this false positive would be an option to not send messages over a certain size to SA. I still advocate a "Max SpamAssassin Size = ### skip" option so that any messages over ### bytes bypasses the SA checks. Some people may not agree with this, but it should be an option the user has at their disposal. Howard From mkettler at evi-inc.com Mon Oct 2 18:06:00 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 2 18:06:17 2006 Subject: "Friends Only" In-Reply-To: <45211153.3030509@jlewiscooper.com> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> Message-ID: <452146F8.8070405@evi-inc.com> Greg Borders wrote: > Greetings list-mates, > > The PHB's have discovered the ability of some mail systems that require > you to "validate" your address before they will accept messages, thus > avoiding SPAM. Example, surgemail has a "Friends System" > http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a > package that sits between the MTA and MUA and does the authentication. > > Yippie yay, now they want it too. -_- > > Without wanting to spark any further heated debates on autoresponders, > I wanted to query the group and see if there was any slick bolt-ons for > sendmail / MailScanner / Mailwatch out there that might take advantage > of some whitelisting mechanisms we already have. I can see potential of > a custom script within MailScanner that could send a subscribe/verify > message, and then auto-add to a whitelist upon receiving a proper > response from the human sender. > > Any ideas folks? TMDA is the bolt-on I can think of. That said, systems like this are in effect trusting someone else to do your spam filtering for you. I personally take the approach of doing whatever I want when I get a TMDA-type challenge. After all, you're unwillingly foisting your spam problems into my mailbox. So after pissing me off by spamming me, do you really expect me to make a reasonable choice for your benefit? - If I get a challenge for an email I'm pretty sure I did not send, I authorize it. After all, what do i know, maybe you really did want that pharmacy spam. I'm just trying to help you receive all the mail you deserve :) - I also sometimes report the mis-directed TMDA messages to spamcop if I can prove it wasn't actually sent from my domain. My domain has SPF records, so if you can't even bother to do a SPF check to eliminate obvious forgeries before sending me notices, I consider it abuse. - If I get one for an email I did send, but the content is really only to the recipients benefit, I refuse to authorize it. - If I get one for an email that I did send, but is to my benefit, I might authorize it, unless I can find a way to blame the sender that will cause them more inconvenience than it does me. And apparently I'm not the only one who takes to SpamCop'ing TMDA messages: http://mla.libertine.org/tmda-users/2003-08/msg00171.html http://www.mail-archive.com/tmda-users@tmda.net/msg07964.html From ssilva at sgvwater.com Mon Oct 2 19:07:10 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 2 19:09:00 2006 Subject: [OT] Sendmail and access file question In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B023A0D5E@MED-CORE03-MS1.med.wayne.edu> References: <45194556.21708.19C30420@cobalt-users1.fishnet.co.uk> <8F2A53954C22554EB75D9643FCCE0C6B023A0D5E@MED-CORE03-MS1.med.wayne.edu> Message-ID: Rose, Bobby spake the following on 9/30/2006 2:45 PM: > > I've researched this before in the past but I didn't really find > anything about it on the net or the bat book that says 'ay' or 'nay' on > the possibility. Does anyone know if sendmail's access file can > override the default action based on "both" the mail from and rcpt to or > if a hack exists that allows such definitions? For example I'm blocking > the domain of evil.remote.domain in the access file but > user@local.domain wants mail from spammer@evil.remote.domain but only > from spammer@evil.remote.domain. In that example, I'm only aware that I > can either OK spammer@evil.remote.domain and thus allow it to email > everyone or I use the spamfriend rule on user@local.domain which means > he'll get spam from all remote.domains. > > I know I can define this kind of rule in Mailscanner but that also means > I have to accept all mail from spammer@evil.remote.domain which leads to > undeliverable bounces and more wasted traffic and cpu cycles. > > Thanks for any input. > -=B AFAIK the access file is all or nothing. You would have to allow all from the evil spammer, and then let MailScanner sort it out. Sounds like you need to lart a luser. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Oct 2 19:21:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 2 19:22:08 2006 Subject: Large emails being tagged as spam - false positives In-Reply-To: <229A346E44379140A59A48951B56E0C00260CD33@ARLABML01.DS.ARL.ARMY.MIL> References: <229A346E44379140A59A48951B56E0C00260CD33@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: Kash, Howard (Civ, ARL/CISD) spake the following on 10/2/2006 9:49 AM: > >> And hopefully the new more complex settings of Max SpamAssassin Size >> that you can use if you want, will help to alleviate the problem. Take > a >> look at the Change Log. > > But there's still no way to say "I don't think there will ever be a spam > over 100k, so don't bother sending any messages over 100k to SA since > they could potentially be blocked as false positives." The message the > original poster on this topic complained about was blocked based mostly > on header checks - changing the amount of the body that was sent to SA > wouldn't have made any difference. The only way to have avoided this > false positive would be an option to not send messages over a certain > size to SA. I still advocate a "Max SpamAssassin Size = ### skip" > option so that any messages over ### bytes bypasses the SA checks. Some > people may not agree with this, but it should be an option the user has > at their disposal. > > > Howard Then you will be the first one on the list of quarter meg spam! A spammer will do whatever he can to get his junk across the most accounts possible. It is just "spray and pray", and hope you get someone to buy your crap. If the spammer has to send larger messages to assure that he gets more "views", then he will do just that. If the problem is that a certain MailScanner user wants to accept mail from dial-up addresses and open proxies, then just turn off the spamassassin tests for those occurances. Or make the users authenticate first, and they won't hit those traps. You don't have to do a complete re-write of a program so it makes it easier to do something the wrong way. I have users that send from dial-up accounts, and dsl and cable addresses. But they have to smtp-auth first, and they have no problems, because then they are trusted. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From t.d.lee at durham.ac.uk Mon Oct 2 19:55:02 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon Oct 2 19:55:10 2006 Subject: [OT] Sendmail and access file question In-Reply-To: References: <45194556.21708.19C30420@cobalt-users1.fishnet.co.uk> <8F2A53954C22554EB75D9643FCCE0C6B023A0D5E@MED-CORE03-MS1.med.wayne.edu> Message-ID: Re: > > I've researched this before in the past but I didn't really find > > anything about it on the net or the bat book that says 'ay' or 'nay' on > > the possibility. Does anyone know if sendmail's access file can > > override the default action based on "both" the mail from and rcpt to or > > if a hack exists that allows such definitions? For example I'm blocking > > the domain of evil.remote.domain in the access file but > > user@local.domain wants mail from spammer@evil.remote.domain but only > > from spammer@evil.remote.domain. In that example, I'm only aware that I > > can either OK spammer@evil.remote.domain and thus allow it to email > > everyone or I use the spamfriend rule on user@local.domain which means > > he'll get spam from all remote.domains. > > > > I know I can define this kind of rule in Mailscanner but that also means > > I have to accept all mail from spammer@evil.remote.domain which leads to > > undeliverable bounces and more wasted traffic and cpu cycles. > > > > Thanks for any input. > > -=B > AFAIK the access file is all or nothing. You would have to allow all from the > evil spammer, and then let MailScanner sort it out. > Sounds like you need to lart a luser. To operate on sender/recipient combinations, the "check_compat" ruleset and FEATURE(compat_check) might give you routes to explore. A slight caution: This is one of the lesser known corners of sendmail. It may require some work, perhaps even creating your own "LOCAL_RUELSETS" entry etc. The path to success may be more tortuous than for "access". The journey may be more solitary, with fewer experienced guides to hand. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From ssilva at sgvwater.com Mon Oct 2 20:04:58 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 2 20:06:07 2006 Subject: Installing 4.56.7 on RHEL 2.1 In-Reply-To: <4520E3E1.1050600@statsbiblioteket.dk> References: <4520E3E1.1050600@statsbiblioteket.dk> Message-ID: Tom G. Christensen spake the following on 10/2/2006 3:03 AM: > I've just done a test upgrade from 4.41-3 to 4.56.7 on an RHEL 2.1 host. > There were several issues that I've described below. > > Before installing the host had 4.41-3 with the perl module versions > installed that was distributed with that version of MailScanner + a few > updates/extras. > Here's MailScanner -v output from a production host with the same config: > --- > This is Red Hat Enterprise Linux ES release 2.1 (Panama) > This is Perl version 5.006001 (5.6.1) > > This is MailScanner version 4.41.3 > Module versions are: > 1.14 Archive::Zip > 1.119 Convert::BinHex > 1.03 Fcntl > 2.6 File::Basename > 2.03 File::Copy > 2.00 FileHandle > 1.0404 File::Path > 0.12 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.20 IO > 1.08 IO::File > 1.121 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.03 POSIX > 1.72 Socket > 0.01 Sys::Syslog > 1.01 Time::localtime > > Optional module versions are: > 1.75 DB_File > missing Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 2.64 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.49 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 1.1604 Test::Harness > missing Test::Simple > missing Text::Balanced > 1.35 URI > --- > > Since I'd be updating SA to 3.1.5 later I had built (with cpan2rpm) and > installed perl-ExtUtils-MakeMaker 6.30, perl-Getopt-Long 2.35, > perl-Compress-Zlib 1.42, perl-IO-Zlib 1.04 and perl-Archive-Tar 1.30 > before doing the MailScanner upgrade. > > I ran ./install.sh to do the installation but several modules failed to > build and the tnef package could not be installed. > The modules that failed where: > perl-DBI > perl-File-Temp > perl-Sys-Syslog > perl-Archive-Zip > perl-DBD-SQLite > > All of them except perl-DBD-SQLite fails because they need Test::More to > run their tests. I installed perl-Test-Simple 0.51 which I happened to > have around and this fixes it for perl-Archive-Zip and perl-File-Temp. > perl-DBI still fails because it also needs perl-Storable. Curiously the > distribution includes perl-Storable-2.15 but install.sh doesn't build > it. Rebuilding it by hand works fine. Perl-DBI still fails to complete > but what is even worse is that during the build it installs files > directly into /usr instead of the BuildRoot! (exactly why I never build > stuff as root under normal circumstances). > I instead used cpan2rpm to package perl-DBI 1.50 and that produces a > working src.rpm. > perl-Sys-Syslog fails the build stage and seems not to be perl 5.6.1 > compatible out of the box (5.6.1 lacks const char * in the typemap which > Sys-Syslog wants). Adding a typemap file to the source with this alias > fixes the build. I ended up building a new src.rpm altogether using > cpan2rpm after I discovered that the build failed on RHEL 3 & 4 with > unpackaged file errors. > perl-DBD-SQLite fails because SQLite is not available. After installing > SQLite and the new perl-DBI it builds fine. > > The tnef package requires glibc 2.3 and is thus incompatible with RHEL > 2.1 which is based on glibc 2.2. I fixed up the specfile included in the > upstream source and rebuilt it to fix this. > > I realize that I'm fighting a loosing battle since most people are > running newer versions of perl and newer Linux dists etc. > Just thought you should know that atleast the RPM version of MailScanner > seems to effectively require perl 5.8 and glibc 2.3 for easy installation. > > With that said here's MailScanner 4.56.7 with SpamAssassin 3.1.5 running > on RHEL 2.1... > > --- > [root@eon MailScanner-4.56.7-1]# MailScanner -v > Running on > Linux eon 2.4.9-e.65 #1 Thu Aug 4 20:19:30 EDT 2005 i686 unknown > This is Red Hat Enterprise Linux ES release 2.1 (Panama) > This is Perl version 5.006001 (5.6.1) > > This is MailScanner version 4.56.7 > Module versions are: > 1.16 Archive::Zip > 1.119 Convert::BinHex > 1.03 Fcntl > 2.6 File::Basename > 2.03 File::Copy > 2.00 FileHandle > 1.0404 File::Path > 0.16 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.54 HTML::Parser > 2.37 HTML::TokeParser > 1.20 IO > 1.08 IO::File > 1.121 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.10 Net::CIDR > 1.03 POSIX > 1.72 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.86 Time::HiRes > 1.01 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.75 DB_File > 1.12 DBD::SQLite > 1.50 DBI > missing Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001005 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 1.24 Net::IP > 0.49 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 1.1604 Test::Harness > 0.51 Test::Simple > missing Text::Balanced > 1.35 URI > --- > > sa-update is not yet working since it'll need a newer libwww-perl (for > LWP::UserAgent) but otherwise it seems to be working well. > > -tgc That is why old distros go off of support and die. As time passes, it takes more and more work to keep them running. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brose at med.wayne.edu Mon Oct 2 20:06:16 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Oct 2 20:06:20 2006 Subject: [OT] Sendmail and access file question In-Reply-To: Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B023A0EDC@MED-CORE03-MS1.med.wayne.edu> I knew about the check_compat option but it has 2 problems, 1) you've already accepted the whole message 2) doesn't have an OK/RELAY action. I'm taking a look at milter-regex even though I was hoping for something less intrusive like a local ruleset that someone had already written for this kind of purpose. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of David Lee Sent: Monday, October 02, 2006 2:55 PM To: MailScanner discussion Subject: Re: [OT] Sendmail and access file question Re: > > I've researched this before in the past but I didn't really find > > anything about it on the net or the bat book that says 'ay' or 'nay' > > on the possibility. Does anyone know if sendmail's access file can > > override the default action based on "both" the mail from and rcpt > > to or if a hack exists that allows such definitions? For example > > I'm blocking the domain of evil.remote.domain in the access file but > > user@local.domain wants mail from spammer@evil.remote.domain but > > only from spammer@evil.remote.domain. In that example, I'm only > > aware that I can either OK spammer@evil.remote.domain and thus allow > > it to email everyone or I use the spamfriend rule on > > user@local.domain which means he'll get spam from all remote.domains. > > > > I know I can define this kind of rule in Mailscanner but that also > > means I have to accept all mail from spammer@evil.remote.domain > > which leads to undeliverable bounces and more wasted traffic and cpu cycles. > > > > Thanks for any input. > > -=B > AFAIK the access file is all or nothing. You would have to allow all > from the evil spammer, and then let MailScanner sort it out. > Sounds like you need to lart a luser. To operate on sender/recipient combinations, the "check_compat" ruleset and FEATURE(compat_check) might give you routes to explore. A slight caution: This is one of the lesser known corners of sendmail. It may require some work, perhaps even creating your own "LOCAL_RUELSETS" entry etc. The path to success may be more tortuous than for "access". The journey may be more solitary, with fewer experienced guides to hand. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Mon Oct 2 20:46:27 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Oct 2 20:46:34 2006 Subject: URIBL Message-ID: Some while back Julian added the URIBL black and greylist entries in spam.assassin.prefs.conf but they're commented out by default. Have they proven themselves to be pretty reliable - i.e., not a lot of false positives? I'm inclined to enable them but am interested in some feedback first. Thanks much... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From campbell at cnpapers.com Mon Oct 2 21:04:03 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Oct 2 21:04:38 2006 Subject: Another Auto Learn question Message-ID: <174701c6e65d$e8e29bf0$0705000a@DDF5DW71> I sort of followed the thread on auto-learning recently back in August, but didn't pay much mind to it as I _used_ to have auto-learn working. I recently checked, though, and don't see anything showing up that is autolearned. I have a well used Bayes file set so I have long ago reached the 200 email mark. I am a little behind in versions, running MS 4.52.2 and SA 3.001001 (listed by MS -v). I think everything is OK in my spam.assassin.prefs.conf file to enable this, although I just recently uncommented the bayes_auto_learn line there, but the comment says it is on by default. Sorry to rehash something, but the prior thread ended as solved without saying how it was solved. I didn't see much in the archives by the way I was searching. Thanks for clues. Steve Campbell campbell@cnpapers.com Charleston Newspapers From ocean at dilworth.net Mon Oct 2 21:17:59 2006 From: ocean at dilworth.net (Michael Dilworth) Date: Mon Oct 2 21:18:18 2006 Subject: Whitelisting and SA, Bayes issues. In-Reply-To: <223f97700610010239tc930d76k178638e5760dbd7@mail.gmail.com> Message-ID: <05a801c6e65f$dbcffb40$5713cc40@OCEANII> > > Hopefully I'm doing some thing wrong here, but I'm stuck. > > > > Question: Why, if an from address is whitelisted, does it > still go through > > SA? > > > > Issue: I (root@x) sends email daily, summarizing > quarantined messages to my > > users, thus I white list root. > > > > Problem: These messages are being auto learned as "not > spam". The messages > > include the subject line, etc. thus messing with my bayes database > > slightly. > > > > TIA Michael... > > > > > How do you whitelist it? Through a ruleset on what/which settings? > If done right, SA shouldn't be invoked on whitelisted mails. > > -- > -- Glenn I've added from: root@x to spam.whitelist.rules... The email is still passed to SA, which autolearns stuff I'd rather it didn't. From daniel.maher at ubisoft.com Mon Oct 2 21:29:23 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon Oct 2 21:29:29 2006 Subject: URIBL In-Reply-To: Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D2E5@UBIMAIL1.ubisoft.org> I use URIBL and have been happy with the results. YMMV, of course. -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > Sent: October 2, 2006 3:46 PM > To: MailScanner discussion > Subject: URIBL > > Some while back Julian added the URIBL black and greylist entries in > spam.assassin.prefs.conf but they're commented out by default. Have > they proven themselves to be pretty reliable - i.e., not a lot of false > positives? I'm inclined to enable them but am interested in some > feedback first. > > Thanks much... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Mon Oct 2 21:36:54 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Oct 2 21:37:12 2006 Subject: URIBL In-Reply-To: References: Message-ID: <45217865.5030506@USherbrooke.ca> Kevin Miller a ?crit : > Some while back Julian added the URIBL black and greylist entries in > spam.assassin.prefs.conf but they're commented out by default. Have > they proven themselves to be pretty reliable - i.e., not a lot of false > positives? I'm inclined to enable them but am interested in some > feedback first. > > Thanks much... > > ...Kevin > Kevin, So far today URIBL scored that many emails: URIBL_BLACK 19658 URIBL_GREY 136 URIBL_JP_SURBL 10317 URIBL_SBL 15676 Yesterday they scored: URIBL_BLACK 51669 URIBL_GREY 193 URIBL_JP_SURBL 35168 URIBL_SBL 45264 Have been running it for months and have been really happy with it. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061002/8a0d7e2e/smime.bin From mkettler at evi-inc.com Mon Oct 2 21:37:30 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 2 21:37:40 2006 Subject: URIBL In-Reply-To: References: Message-ID: <4521788A.1070400@evi-inc.com> Kevin Miller wrote: > Some while back Julian added the URIBL black and greylist entries in > spam.assassin.prefs.conf but they're commented out by default. Have > they proven themselves to be pretty reliable - i.e., not a lot of false > positives? I'm inclined to enable them but am interested in some > feedback first. IMHO, no, they aren't very reliable but I'd be in the minority. That said, I still find them very useful, but I also find they tend to FP on "overlap" conditions a lot. And that overlap causes a lot of problems when you've got URIBL scoring high, and tacking onto some other URIBL (most often BLACK+WS) which also scores high. (Note: I'm also the cause of a massive flamewar over on spamassassin-users on this topic. ) As a result of my own real-world problems with "multi-listing" I personally use very mild scores: score URIBL_BLACK 1.5 score URIBL_GREY 0.001 And an over-lap compensation rule (beware of line wrap): meta URIBL_BLACK_OVERLAP (URIBL_BLACK && (URIBL_AB_SURBL || URIBL_JP_SURBL || URIBL_OB_SURBL || URIBL_WS_SURBL || URIBL_SC_SURBL)) score URIBL_BLACK_OVERLAP -1.0 The over-lap rule in effect reduces URIBL_BLACK to 0.5 points if it's also matching any other SURBL rule. To me, this makes a lot of sense because the SURBL rules were score-tuned with respect to each other, but URIBL_BLACK was not a part of that mix. Simply adding URIBL_BLACK in with a strong score upsets that balance. From mkettler at evi-inc.com Mon Oct 2 22:06:00 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 2 22:06:10 2006 Subject: URIBL In-Reply-To: <45217865.5030506@USherbrooke.ca> References: <45217865.5030506@USherbrooke.ca> Message-ID: <45217F38.5020502@evi-inc.com> Denis Beauchemin wrote: > Kevin Miller a ?crit : >> Some while back Julian added the URIBL black and greylist entries in >> spam.assassin.prefs.conf but they're commented out by default. Have >> they proven themselves to be pretty reliable - i.e., not a lot of false >> positives? I'm inclined to enable them but am interested in some >> feedback first. >> >> Thanks much... >> >> ...Kevin >> > Kevin, > > So far today URIBL scored that many emails: > URIBL_BLACK 19658 > URIBL_GREY 136 > URIBL_JP_SURBL 10317 > URIBL_SBL 15676 For what it's worth my stats so far this week (Today and Sunday) are: URIBL_BLACK 2410 URIBL_GREY 56 URIBL_AB_SURBL 375 URIBL_JP_SURBL 1948 URIBL_OB_SURBL 1678 URIBL_SC_SURBL 263 URIBL_WS_SURBL 1449 And some stats from some custom rules that track multi-list hits: URIBL_BLACK_OVERLAP (uribl + one or more SURBL lists) 2113 SURBL_MULTI1 (at least 2 surbl lists ie: 1 extra beyond the first) 1867 SURBL_MULTI2 (at least 3 surbl lists ) 1192 SURBL_MULTI3 (at least 4 surbl lists) 320 SURBL_MULTI4 (all 5 surbl lists) 101 And some totals: total spam: 2849 total not spam: 2057 total email examined by SA : 4906 From spamtrap71892316634 at anime.net Mon Oct 2 22:34:35 2006 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Mon Oct 2 22:34:39 2006 Subject: "Friends Only" In-Reply-To: <45212855.2030102@solidstatelogic.com> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> Message-ID: On Mon, 2 Oct 2006, Martin Hepworth wrote: > Besides milter-sender there's also milter-ahead which checks the 'to' address > existing on your system (if you're not using sendmail see the mailScanner > wiki for your MTA on how to do this). Again using this technique you can drop > over 66% of inbound traffic... Is there any milter which checks the SOA of URLs in the message body and drops them if the SOA is in china (or pakistan, or wherever)? -Dan From mkettler at evi-inc.com Mon Oct 2 22:54:09 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 2 22:54:20 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> Message-ID: <45218A81.20503@evi-inc.com> Dan Hollis wrote: > On Mon, 2 Oct 2006, Martin Hepworth wrote: >> Besides milter-sender there's also milter-ahead which checks the 'to' >> address existing on your system (if you're not using sendmail see the >> mailScanner wiki for your MTA on how to do this). Again using this >> technique you can drop over 66% of inbound traffic... > > Is there any milter which checks the SOA of URLs in the message body and > drops them if the SOA is in china (or pakistan, or wherever)? > > -Dan Not that I know of. That and you'd probably have a lot more false positives here than you expect. With the amount of "farming out" of basic web-presence services, where the website's DNS hosting lives really has very little to do with where the company that owns it is. I mean, if I get re-routed to India when I call a US-based company for tech support, why should I expect to have a US-based DNS server for their website? From cornelius.koelbel at gmx.de Mon Oct 2 23:16:04 2006 From: cornelius.koelbel at gmx.de (Cornelius Koelbel) Date: Mon Oct 2 23:16:12 2006 Subject: Panda Wrapper Message-ID: <45218FA4.7000800@gmx.de> Hi, something seems to be wrong with the panda wrapper. When testing the wrapper with /usr/lib/MailScanner/panda-wrapper /opt/pavcl/usr /tmp/ it will not return. The call /opt/pavcl/usr /tmp/ opens an interactive text interface. Using ame : pavcl Relocations: (not relocatable) Version : 9.0.0 Vendor: (none) and Name : mailscanner Relocations: (not relocatable) Version : 4.55.10 Vendor: Electronics and Computer Science, University of Southampton Kind regards Cornelius -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3641 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061003/76b4a2c6/smime.bin From mkettler at evi-inc.com Mon Oct 2 23:32:33 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 2 23:32:58 2006 Subject: Whitelisting and SA, Bayes issues. In-Reply-To: <05a801c6e65f$dbcffb40$5713cc40@OCEANII> References: <05a801c6e65f$dbcffb40$5713cc40@OCEANII> Message-ID: <45219381.70706@evi-inc.com> Michael Dilworth wrote: > I've added from: root@x to spam.whitelist.rules... > > The email is still passed to SA, which autolearns stuff > I'd rather it didn't. > Do you have: Always Include SpamAssassin Report = yes In your MailScanner.conf? If so, this forces the message to be SA-scanned, even if it's whitelisted. From res at ausics.net Mon Oct 2 23:33:08 2006 From: res at ausics.net (Res) Date: Mon Oct 2 23:33:15 2006 Subject: [OT] Sendmail and access file question In-Reply-To: References: <45194556.21708.19C30420@cobalt-users1.fishnet.co.uk> <8F2A53954C22554EB75D9643FCCE0C6B023A0D5E@MED-CORE03-MS1.med.wayne.edu> Message-ID: On Mon, 2 Oct 2006, Scott Silva wrote: >> the domain of evil.remote.domain in the access file but >> user@local.domain wants mail from spammer@evil.remote.domain but only >> from spammer@evil.remote.domain. In that example, I'm only aware that I > AFAIK the access file is all or nothing. You would have to allow all from the > evil spammer, and then let MailScanner sort it out. > Sounds like you need to lart a luser. The better approach is to allow ALL mail to the user that wants it, To:usr@wants.spam then mailscanner can whitelist the from: evil@bunny and to usr@wants.spam This minimises the risk to other users > > > -- Cheers Res "Just a world that we all must share, it's not enough just to stand and stare, is it only a dream that there'll be no more turning away" - Floyd From brose at med.wayne.edu Mon Oct 2 23:52:12 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Oct 2 23:52:15 2006 Subject: [OT] Sendmail and access file question In-Reply-To: Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B023A0F56@MED-CORE03-MS1.med.wayne.edu> But it also increase load since the message has to be processed and you've already accepted the message so it's not possible to reject; bounce yes but then that's another issue if the message have bogus return addresses so you end up with the extra load of sendmail retries. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Monday, October 02, 2006 6:33 PM To: MailScanner discussion Subject: Re: [OT] Sendmail and access file question On Mon, 2 Oct 2006, Scott Silva wrote: >> the domain of evil.remote.domain in the access file but >> user@local.domain wants mail from spammer@evil.remote.domain but only >> from spammer@evil.remote.domain. In that example, I'm only aware >> that I > AFAIK the access file is all or nothing. You would have to allow all > from the evil spammer, and then let MailScanner sort it out. > Sounds like you need to lart a luser. The better approach is to allow ALL mail to the user that wants it, To:usr@wants.spam then mailscanner can whitelist the from: evil@bunny and to usr@wants.spam This minimises the risk to other users > > > -- Cheers Res "Just a world that we all must share, it's not enough just to stand and stare, is it only a dream that there'll be no more turning away" - Floyd -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From spamtrap71892316634 at anime.net Tue Oct 3 01:11:32 2006 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Tue Oct 3 01:11:36 2006 Subject: "Friends Only" In-Reply-To: <45218A81.20503@evi-inc.com> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> Message-ID: On Mon, 2 Oct 2006, Matt Kettler wrote: > Dan Hollis wrote: >> On Mon, 2 Oct 2006, Martin Hepworth wrote: >>> Besides milter-sender there's also milter-ahead which checks the 'to' >>> address existing on your system (if you're not using sendmail see the >>> mailScanner wiki for your MTA on how to do this). Again using this >>> technique you can drop over 66% of inbound traffic... >> Is there any milter which checks the SOA of URLs in the message body and >> drops them if the SOA is in china (or pakistan, or wherever)? > Not that I know of. > That and you'd probably have a lot more false positives here than you expect. > > With the amount of "farming out" of basic web-presence services, where the > website's DNS hosting lives really has very little to do with where the company > that owns it is. > I mean, if I get re-routed to India when I call a US-based company for tech > support, why should I expect to have a US-based DNS server for their website? Why shouldn't I be able to blacklist individual known spam SOAs? -Dan From tim at denmantire.com Tue Oct 3 01:07:49 2006 From: tim at denmantire.com (Tim Boyer) Date: Tue Oct 3 02:20:37 2006 Subject: Reject vs. bounce Message-ID: Apologies if this has been discussed ad infinitum before. I've been running a mailserver since 1996, but just heard about MailScanner Saturday, thanks to Steve Swaney's excellent talk at the Ohio LinuxFest. I've been using DNSBLs and a private blocklist with SpamAssassin, and ClamAV as milters, so when I reject an email it's rejected, not bounced back to the (99.999% bogus) 'From" address. I've heard and read that MailScanner has a 'bounce' option. Is this what I think it is - a bounce back to the 'From'? Or is it a reject before the connection's been dropped and the email accepted? -- tim boyer tim@denmantire.com From hgh at rcwm.com Tue Oct 3 03:24:32 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Tue Oct 3 03:20:56 2006 Subject: bayes problem {Scanned} In-Reply-To: <223f97700610020535q3a35225fn9b34c5191a7e3a22@mail.gmail.com> References: <451D2749.8050203@delodder.be> <4520630E.1010400@rcwm.com> <223f97700610020137t6c40aceci5e74f7a1138ba6af@mail.gmail.com> <45210342.2060607@rcwm.com> <223f97700610020535q3a35225fn9b34c5191a7e3a22@mail.gmail.com> Message-ID: <4521C9E0.3060204@rcwm.com> Glenn Steen wrote: summary: bayes manually fed several hundred SPAM/HAM and still not working. > What you need do is either to make sure there are adequate writable > subdirs in the home directory of the postfix user (.spamassassin, > .razor, .pyzor ... whatever:), or explicitly place these things > somewhere and tell the relevant subsystem/program where it is. For > Bayes, you might have > bayes_path /etc/MailScanner/bayes/bayes > bayes_file_mode 0770 > > in your /etc/mail/spamassassin/mailscanner.cf file (note that the > above should be a path to an existing directory + the leading > "fragment" of the filenames the bayes files are to have...). > If you have manually set a lot of ham/spam in _roots_ bayes files, you > could well just move them to the new location and chown/chmod them > appropriately. After that everything should be fine:). > > Much (if not all) of this is mentioned in various places on the wiki etc > etc. > Ok, added dir: .spamassassin, .razor, .pyzor and did chown postfix:root on them: bastion:/var/spool/postfix# ls -la total 88 drwxr-xr-x 22 root root 4096 Oct 2 21:07 . drwxr-xr-x 8 root root 4096 Sep 26 20:41 .. drwxr-xr-x 2 postfix root 4096 Oct 2 21:07 .pyzor drwxr-xr-x 2 postfix root 4096 Oct 2 21:07 .razor drwxr-xr-x 2 postfix root 4096 Oct 2 21:05 .spamassassin drwx------ 18 postfix root 4096 Jun 26 2004 active drwx------ 18 postfix root 4096 Jun 26 2004 bounce drwx------ 2 postfix root 4096 Jun 24 2004 corrupt drwx------ 18 postfix root 4096 Jun 28 2004 defer drwx------ 18 postfix root 4096 Jun 28 2004 deferred drwxr-xr-x 2 root root 4096 Oct 1 14:22 etc drwx------ 4 postfix root 4096 Aug 11 2004 flush drwx------ 18 postfix root 4096 Sep 29 01:00 hold drwx------ 18 postfix root 4096 Oct 2 21:07 incoming drwxr-xr-x 2 root root 4096 Oct 1 14:22 lib drwx-wx--T 2 postfix postdrop 4096 Oct 1 06:25 maildrop drwxr-xr-x 2 postfix root 4096 Jun 30 2004 pid drwx------ 2 postfix root 4096 Oct 1 14:22 private drwx--s--- 2 postfix postdrop 4096 Oct 1 14:22 public drwx------ 2 postfix root 4096 Jun 24 2004 saved drwx------ 12 postfix root 4096 Aug 8 21:32 trace drwxr-xr-x 3 root root 4096 Jun 24 2004 usr Now have output of sa-learn -D --dump magic: bastion:/var/spool/postfix# sa-learn -D --dump magic debug: SpamAssassin version 3.0.3 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/bin/X11', which doesn't exist, dropping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: Final PATH set to: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin debug: using "/etc/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: config: read file /usr/share/spamassassin/65_debian.cf debug: using "/etc/spamassassin" for site rules dir debug: config: read file /etc/spamassassin/local.cf debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x857fef4) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8eb8418) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8e848f4) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x857fef4) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8eb8418) implements 'parse_config' debug: bayes: 8558 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 8558 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: Score set 2 chosen. 0.000 0 3 0 non-token data: bayes db version 0.000 0 752 0 non-token data: nspam 0.000 0 695 0 non-token data: nham 0.000 0 80524 0 non-token data: ntokens 0.000 0 1141401016 0 non-token data: oldest atime 0.000 0 1159706957 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count debug: bayes: 8558 untie-ing debug: bayes: 8558 untie-ing db_toks debug: bayes: 8558 untie-ing db_seen And it works!!!, I think? X-gosemr-MailScanner-SpamCheck: not spam, SpamAssassin (score=-5.899, required 6, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60), not spam, SpamAssassin (score=-2.599, required 6, autolearn=not spam, BAYES_00 -2.60) Halleluja, THankyou Glenn and of course Julian. Kicking spam butt and liking it. hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jrudd at ucsc.edu Tue Oct 3 03:34:23 2006 From: jrudd at ucsc.edu (John Rudd) Date: Tue Oct 3 03:34:54 2006 Subject: Reject vs. bounce In-Reply-To: References: Message-ID: <4521CC2F.6080508@ucsc.edu> Tim Boyer wrote: > Apologies if this has been discussed ad infinitum before. I've been running a > mailserver since 1996, but just heard about MailScanner Saturday, thanks to > Steve Swaney's excellent talk at the Ohio LinuxFest. > > I've been using DNSBLs and a private blocklist with SpamAssassin, and ClamAV as > milters, so when I reject an email it's rejected, not bounced back to the > (99.999% bogus) 'From" address. > > I've heard and read that MailScanner has a 'bounce' option. Is this what I > think it is - a bounce back to the 'From'? Or is it a reject before the > connection's been dropped and the email accepted? > It is a bounce back to the "From" address, not a rejection during the connection. Mailscanner doesn't run during the SMTP session, therefore it can't do SMTP rejections nor SMTP tempfails. From ugob at camo-route.com Tue Oct 3 03:43:42 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Oct 3 03:44:04 2006 Subject: Reject vs. bounce In-Reply-To: <4521CC2F.6080508@ucsc.edu> References: <4521CC2F.6080508@ucsc.edu> Message-ID: John Rudd wrote: > Tim Boyer wrote: >> Apologies if this has been discussed ad infinitum before. I've been >> running a >> mailserver since 1996, but just heard about MailScanner Saturday, >> thanks to >> Steve Swaney's excellent talk at the Ohio LinuxFest. >> >> I've been using DNSBLs and a private blocklist with SpamAssassin, and >> ClamAV as >> milters, so when I reject an email it's rejected, not bounced back to the >> (99.999% bogus) 'From" address. >> I've heard and read that MailScanner has a 'bounce' option. Is this >> what I >> think it is - a bounce back to the 'From'? Or is it a reject before the >> connection's been dropped and the email accepted? >> > > It is a bounce back to the "From" address, not a rejection during the > connection. Mailscanner doesn't run during the SMTP session, therefore > it can't do SMTP rejections nor SMTP tempfails. And it is not a practice that is encouraged here. Bouncing has been off by default for a while in MailScanner, and can only be set on using a ruleset. From hgh at rcwm.com Tue Oct 3 03:47:53 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Tue Oct 3 03:44:12 2006 Subject: pyzor ip bad in debian install {Scanned} In-Reply-To: <4520E484.70209@teicam.com> References: <452047C0.7010002@rcwm.com> <45205066.2090104@rcwm.com> <4520E484.70209@teicam.com> Message-ID: <4521CF59.3020701@rcwm.com> Youri LACAN-BARTLEY wrote: > Henry Hollenberg wrote: > >> Has anyone else noticed the pyzor IP being bad in >> the debian install? >> >> I found a reference by a Chris Pollock where he mentioned a new IP and >> it seemed >> to work. >> >> Link: >> https://sourceforge.net/mailarchive/forum.php?thread_id=30601945&forum_id=8711 >> >> >> snippet from that post: >> >> quote: Olivier, try using this address: >> quote: >> quote: 82.94.255.100:24441 >> quote: >> quote: Milton Cyrus set this one up back in March and I've been >> using it ever >> quote: sense. Just remember that if you run "pyzor discover" you'll >> have to >> quote: re-enter it in your Pyzor server list. I've had no problems >> at all using >> quote: this server. >> quote: >> quote: HTH >> >> So I changed mine from what shipped (66.250.40.33:24441), to the IP >> above and it seemed to work. >> >> But is it safe to use??? >> >> hgh. >> > Hi, > > I ran into the same problem as you and stumbled across the same IP. > I've been running it for a few months now and haven't run into any > trouble whatsoever. > Now if it's "safe" to use is a question I couldn't answer right now. > > I'd be curious to know what IP other people from the mailing list use... > Thanks for the reply and sorry I accidentally started this thread under the "mailscanner hangs on automatic restart", guess I had a few to many windows open and got confused. hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Tue Oct 3 04:57:21 2006 From: ka at pacific.net (Ken) Date: Tue Oct 3 04:57:13 2006 Subject: Reject vs. bounce In-Reply-To: References: Message-ID: <4521DFA1.7010302@pacific.net> Tim Boyer wrote: > Apologies if this has been discussed ad infinitum before. I've been running a > mailserver since 1996, but just heard about MailScanner Saturday, thanks to > Steve Swaney's excellent talk at the Ohio LinuxFest. > > I've been using DNSBLs and a private blocklist with SpamAssassin, and ClamAV as > milters, so when I reject an email it's rejected, not bounced back to the > (99.999% bogus) 'From" address. > > I've heard and read that MailScanner has a 'bounce' option. Is this what I > think it is - a bounce back to the 'From'? Or is it a reject before the > connection's been dropped and the email accepted? > > The 'Feature' is pretty much useless, as has been mentioned here many times. I'd only add that you can do both what you are doing now AND run MailScanner to further process your mail using more aggressive spamassassin rulesets. Because MailScanner queues and scans mail with a perl process that uses the spamassassin perl api, you can run tons of SA rules, rbl and uribl tests, plugins and virus scanners as long as you dedicate sufficient resources to the process. It's much more than you can do in an smtp transaction. Most users here combine the fast milters doing some rejections, with MailScanner & SpamAssassin doing the heavy work. Ken Anderson Pacific.Net From tgc at statsbiblioteket.dk Tue Oct 3 07:14:06 2006 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Tue Oct 3 07:14:09 2006 Subject: Installing 4.56.7 on RHEL 2.1 In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> Message-ID: <4521FFAE.5090707@statsbiblioteket.dk> Scott Silva wrote: > > That is why old distros go off of support and die. As time passes, it takes > more and more work to keep them running. > There's plenty of life left in RHEL 2.1 yet. It won't go off support before May 31, 2009. -tgc From tgc at statsbiblioteket.dk Tue Oct 3 07:30:13 2006 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Tue Oct 3 07:30:16 2006 Subject: Installing 4.56.7 on RHEL 2.1 In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580F979A1B@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580F979A1B@isabella.herefordshire.gov.uk> Message-ID: <45220375.9010403@statsbiblioteket.dk> Randal, Phil wrote: > It would have been easier to upgrade the whole box to CentOS 3.x or 4.x > ;-) > Had that been the case I would have done so. > Your Net::DNS is really old, it might be worthwhile updating that via > CPAN. > Why? I realize that 0.59 is out but AFAIK the only requirement for Net::DNS on unix is v0.34 or newer so I fail to see the point. -tgc From drew at technologytiger.net Tue Oct 3 07:41:03 2006 From: drew at technologytiger.net (Drew Marshall) Date: Tue Oct 3 07:41:11 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> Message-ID: On 2 Oct 2006, at 15:47, Douglas Ward wrote: > Is there a similar function in postfix? Yes, built in. Have a look at smtpd_sender_restrictions with reject_unverified_sender and smtpd_recipient_checks with reject_unverified_recipient more details can be found http:// www.postfix.org/ADDRESS_VERIFICATION_README.html the same principal can be used for each restriction. Drew From james at grayonline.id.au Tue Oct 3 07:16:18 2006 From: james at grayonline.id.au (James Gray) Date: Tue Oct 3 08:58:44 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> Message-ID: On 03/10/2006, at 10:11 AM, Dan Hollis wrote: > On Mon, 2 Oct 2006, Matt Kettler wrote: >> Dan Hollis wrote: >>> On Mon, 2 Oct 2006, Martin Hepworth wrote: >>>> Besides milter-sender there's also milter-ahead which checks the >>>> 'to' >>>> address existing on your system (if you're not using sendmail >>>> see the >>>> mailScanner wiki for your MTA on how to do this). Again using this >>>> technique you can drop over 66% of inbound traffic... >>> Is there any milter which checks the SOA of URLs in the message >>> body and >>> drops them if the SOA is in china (or pakistan, or wherever)? >> Not that I know of. >> That and you'd probably have a lot more false positives here than >> you expect. >> >> With the amount of "farming out" of basic web-presence services, >> where the >> website's DNS hosting lives really has very little to do with >> where the company >> that owns it is. >> I mean, if I get re-routed to India when I call a US-based company >> for tech >> support, why should I expect to have a US-based DNS server for >> their website? > > Why shouldn't I be able to blacklist individual known spam SOAs? Why not use the URIBL lists like "OutBlaze" and friends. Not exactly what you're after but I've found them extremely effective in combating URLs etc that link to known spammers' domains. Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2440 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061003/4c6310b5/smime.bin From glenn.steen at gmail.com Tue Oct 3 08:59:18 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 3 08:59:23 2006 Subject: 4.56.7: "max message size is '40000'" In-Reply-To: References: Message-ID: <223f97700610030059s3a734599n963615622450fbf8@mail.gmail.com> On 02/10/06, Jeff A. Earickson wrote: > Julian, > > Ok, I hang my head in shame and say that I didn't beta-test > earlier versions of 4.56. September was a busy month. > > I just upgraded from 4.55.10 to 4.56.7 on my setup (Solaris 10, > SA 3.1.5, sophos and clam, dcc 1.3.40). I ran it first in debug > mode to see what would happen (output attached). Not much. > > Then I attempted to fire up 4.56.7 in normal mode. I got zero syslog > output, and nothing seemed to happen except several MS processes > were sucking up CPU time: > > # ps -ef | grep perl > root 15405 15337 0 11:55:16 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 15394 15336 2 11:55:14 ? 0:02 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 15407 19023 0 11:55:16 pts/2 0:00 grep perl > root 15336 1 0 11:55:03 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 15337 15336 3 11:55:03 ? 0:08 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > I did go from version 0.13 to 0.18 of Sys-Syslog, but this does > not seem to have anything to do with this. 4.55.10 works fine with > the new Sys-Syslog. > > So, 4.56.7 never gets off the ground. Any ideas? Any other Solaris 10 > users with this issue? > Hi Jeff, I'm certainly no Solaris guru, but could this have something to do with the pretty recent thread "No logging in Solaris 9 (with workaround) - question?"? Look at http://search.gmane.org/?query=No+logging+in+Solaris+9+%28with+workaround%29+-+question%3F&author=&group=gmane.mail.virus.mailscanner&sort=date&DEFAULTOP=and&xP=logging.solaris.9.workaround.question.&xFILTERS=--A ... HtH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Oct 3 09:11:57 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 3 09:12:00 2006 Subject: Panda Wrapper In-Reply-To: <45218FA4.7000800@gmx.de> References: <45218FA4.7000800@gmx.de> Message-ID: <223f97700610030111m1467df9bx8aafdfbc6102c447@mail.gmail.com> On 03/10/06, Cornelius Koelbel wrote: > Hi, > > something seems to be wrong with the panda wrapper. > > When testing the wrapper with > /usr/lib/MailScanner/panda-wrapper /opt/pavcl/usr /tmp/ > it will not return. > The call > /opt/pavcl/usr /tmp/ > opens an interactive text interface. > > Using > ame : pavcl Relocations: (not relocatable) > Version : 9.0.0 Vendor: (none) > > and > Name : mailscanner Relocations: (not relocatable) > Version : 4.55.10 Vendor: Electronics and > Computer Science, University of Southampton > > Kind regards > Cornelius Read the wrapper file and you'll find that you are probably "calling it the wrong way":-). This is what it says: ------- # To test from the command line change to the directory you wish to # check and issue this command (change paths to reflect your install) # "/opt/MailScanner/lib/panda-wrapper /usr -nsb -eng -aex -nso -aut -cmp ." # Make sure your testing dir is one directory deep (don't for get the . BTW) # example # test+ # .+ testfiles # .+ moretestfiles # execute from directory test and it will scan the testfiles and moretestfiles # directories. There should be no sub-dirs below those two, this simulates # MailScanner's process-dir->message-dir structure ------- With the latest panda out, this wrapper should be rewritten... If only one had the time...:-) I don't remember if the options still work as expected... there was something about that a while back, so check the archives. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Oct 3 09:26:38 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 3 09:26:42 2006 Subject: bayes problem {Scanned} In-Reply-To: <4521C9E0.3060204@rcwm.com> References: <451D2749.8050203@delodder.be> <4520630E.1010400@rcwm.com> <223f97700610020137t6c40aceci5e74f7a1138ba6af@mail.gmail.com> <45210342.2060607@rcwm.com> <223f97700610020535q3a35225fn9b34c5191a7e3a22@mail.gmail.com> <4521C9E0.3060204@rcwm.com> Message-ID: <223f97700610030126qf88d77bsbaed5452348f0cbb@mail.gmail.com> On 03/10/06, Henry Hollenberg wrote: (snip) > bastion:/var/spool/postfix# sa-learn -D --dump magic (snip) > debug: bayes: 8558 tie-ing to DB file R/O /root/.spamassassin/bayes_toks This is still root operating on roots bayes copy. > debug: bayes: 8558 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: Score set 2 chosen. > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 752 0 non-token data: nspam > 0.000 0 695 0 non-token data: nham > 0.000 0 80524 0 non-token data: ntokens > 0.000 0 1141401016 0 non-token data: oldest atime > 0.000 0 1159706957 0 non-token data: newest atime > 0.000 0 0 0 non-token data: last journal sync atime > 0.000 0 0 0 non-token data: last expiry atime > 0.000 0 0 0 non-token data: last expire atime delta > 0.000 0 0 0 non-token data: last expire reduction count > debug: bayes: 8558 untie-ing > debug: bayes: 8558 untie-ing db_toks > debug: bayes: 8558 untie-ing db_seen > > > And it works!!!, I think? Yes, probably. You are now learning to a bayes database in ~postfix/.spamassassin, which is good, and since you are getting a bayes score, you seem to have enough ham/spam to let it run like that. I see that the ALL_TRUSTED is firing... Which might indicate a problem, unless that really was a mail from your trusted servers/netwok(s).... Did you check/set your trusted_networks? Or perhaps your topology doesn't require you to do that. > X-gosemr-MailScanner-SpamCheck: not spam, SpamAssassin (score=-5.899, > required 6, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60), not spam, SpamAssassin (score=-2.599, > required 6, autolearn=not spam, BAYES_00 -2.60) > > Halleluja, > > THankyou Glenn and of course Julian. Glad to be of what help I may. > Kicking spam butt and liking it. > :-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From keith at 12345678.org Tue Oct 3 09:28:30 2006 From: keith at 12345678.org (keith) Date: Tue Oct 3 09:28:41 2006 Subject: 4.56.7-1 & kaspersky 5.5 supported ? Message-ID: <20061003081958.M95052@12345678.org> Hi All, My mailscanner was upgraded to 4.56.7-1 in yesterday, and purchase a new license of kaspersky 5.5 for linux on a centos 4.4 machine, I have seen the MS change log was said kaspersky 5.5 is support, and I changed the mailscanner.conf to "Virus Scanners = bitdefender kaspersky f-prot clamavmodule" , but the ms only can found ClamAV, bitdefender, f-port, how can I tell the mailscanner to use the kaspersky 5.5 ? Thanks -- From martinh at solidstatelogic.com Tue Oct 3 09:28:32 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Tue Oct 3 09:28:49 2006 Subject: URIBL In-Reply-To: References: Message-ID: <45221F30.9030800@solidstatelogic.com> Kevin Miller wrote: > Some while back Julian added the URIBL black and greylist entries in > spam.assassin.prefs.conf but they're commented out by default. Have > they proven themselves to be pretty reliable - i.e., not a lot of false > positives? I'm inclined to enable them but am interested in some > feedback first. > > Thanks much... > > ...Kevin Kevin been using them since where in beta, no problems. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue Oct 3 09:44:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 3 09:44:30 2006 Subject: Custom Header In-Reply-To: <9d2057cc0610010533n41b8a101t41f7a6eec72ec769@mail.gmail.com> References: <9d2057cc0610010533n41b8a101t41f7a6eec72ec769@mail.gmail.com> Message-ID: <452222D9.5070702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try: From hotmail.com and to barry@mydomain.com deliver header "X-hotmail-check: yes" You had a space after "*@" (which is unnecessary anyway) and you hadn't told it to deliver the messages. Barry Kwok wrote: > I want to add custom header based on sender's domain and recipeint > address. I add > Non Spam Actions = %rules-dir%/scan.messages.rules > into MailScanner.conf and the scan.messages.rules as: > > From: *@ hotmail.com and To: barry@mydomain.com > header "X-hotmail-check: yes" > FromOrTo: default deliver > > > But it doesn't work > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFIiLZEfZZRxQVtlQRAs3IAKCf5WWWTMB5A+0tASbp0J9QqdY+8ACfYrdT K3MdsaWtw/5W/oqR2LX7nEg= =mV+O -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Oct 3 09:46:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 3 09:46:57 2006 Subject: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <452047C0.7010002@rcwm.com> References: <452047C0.7010002@rcwm.com> Message-ID: <4522236E.1030005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henry Hollenberg wrote: > It looks like mailscanner is hanging every time it does it's automatic > restart at 14400 sec. > > If I do a manual restart > > /etc/init.d/mailscanner restart > > the logs look like this: > > Oct 1 17:32:06 bastion MailScanner[30537]: MailScanner E-Mail Virus > Scanner version 4.41.3 starting... > Oct 1 17:32:06 bastion postfix/smtpd[30539]: connect from > c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] > Oct 1 17:32:06 bastion MailScanner[30537]: Read 120 hostnames from > the phishing whitelist > Oct 1 17:32:09 bastion postfix/smtpd[30539]: NOQUEUE: reject: RCPT > from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131]: 554 Service > unavailable; Client host [69.138.210.131] blocked using > bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?69.138.210.131; > from= to= > proto=SMTP helo= > Oct 1 17:32:09 bastion postfix/smtpd[30539]: lost connection after > RCPT from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] > Oct 1 17:32:09 bastion postfix/smtpd[30539]: disconnect from > c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] > Oct 1 17:32:09 bastion MailScanner[30537]: Using locktype = flock What do you think is wrong there? You get a startup notice from it, followed by the locktype notice, all looks fine. Remember MailScanner doesn't have anything to do with your SMTP service. > > > Otherwise the system seems to be hammering the spam.....yeah! > > hgh. Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFIiNvEfZZRxQVtlQRAhIrAKCwWr1vXpYlJjMzqQFGw1ZMaHj2WQCgxbIz B4BvVu+50WUs/LaG7rlGieQ= =5KW0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Oct 3 09:58:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 3 09:58:57 2006 Subject: 4.56.7-1 & kaspersky 5.5 supported ? In-Reply-To: <20061003081958.M95052@12345678.org> References: <20061003081958.M95052@12345678.org> Message-ID: <4522263B.7040103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE-----=0A= Hash: SHA1=0A= =0A= You almost certainly need to edit your=0A= /etc/MailScanner/virus.scanners.conf to tell it where to find kaspersky.=0A= =0A= keith wrote:=0A= > Hi All,=0A= >=0A= > My mailscanner was upgraded to 4.56.7-1 in yesterday, and purchase a new= =0A= > license of kaspersky 5.5 for linux on a centos 4.4 machine, I have seen= the=0A= > MS change log was said kaspersky 5.5 is support, and I changed the=0A= > mailscanner.conf to "Virus Scanners =3D bitdefender kaspersky f-prot=0A= > clamavmodule" , but the ms only can found ClamAV, bitdefender, f-port, ho= w can=0A= > I tell the mailscanner to use the kaspersky 5.5 ?=0A= >=0A= > Thanks=0A= > --=0A= >=0A= >=20=20=20=0A= =0A= Jules=0A= =0A= - --=20=0A= Julian Field=0A= www.MailScanner.info=0A= Buy the MailScanner book at www.MailScanner.info/store=0A= =0A= Need help customising MailScanner?=0A= Contact me!=0A= Need help fixing or optimising your systems?=0A= Contact me!=0A= Need help getting you started solving new requirements from your boss?=0A= Contact me!=0A= =0A= PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654=0A= =0A= =0A= -----BEGIN PGP SIGNATURE-----=0A= Version: PGP Desktop 9.5.0 (Build 1112)=0A= Comment: (pgp-secured)=0A= Charset: Big5=0A= =0A= wj8DBQFFIiY8EfZZRxQVtlQRAgiJAJ4rmOHlVa1hmM8PfEMzQnNDc+nf/ACguuqf=0A= 0CN8M0ngSXCMPmEYQxNNPo0=3D=0A= =3DEp+4=0A= -----END PGP SIGNATURE-----=0A= =0A= --=20=0A= This message has been scanned for viruses and=0A= dangerous content by MailScanner, and is=0A= believed to be clean.=0A= For all your IT requirements visit www.transtec.co.uk=0A= =0A= From rk at village-net.at Tue Oct 3 10:20:14 2006 From: rk at village-net.at (Rudolf Kliemstein, village-net) Date: Tue Oct 3 10:20:17 2006 Subject: Mailscanner unlinking error Message-ID: <006301c6e6cd$22c7c740$a100a8c0@villagenet.local> Hello, I have the following problem after upgrading to 4.55 Unlinking /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/qfk92F6oIa008264 failed: No such file or directory This appears with some emails but not with all. I have greylisting and sendmail rlb checks running. Could this be related with those services? Thx Best Regards Rudi From rk at village-net.at Tue Oct 3 10:50:26 2006 From: rk at village-net.at (Rudolf Kliemstein, village-net) Date: Tue Oct 3 10:50:38 2006 Subject: AW: Mailscanner unlinking error In-Reply-To: <006301c6e6cd$22c7c740$a100a8c0@villagenet.local> Message-ID: <007101c6e6d1$5cf34d00$a100a8c0@villagenet.local> Some more extensive logs: Oct 3 11:46:32 server MailScanner[20684]: Failed to link message body between queues (/home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue.scanned/dfk939kWW Q017291 --> /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/dfk939kWWQ017291) Oct 3 11:46:33 server MailScanner[20684]: Unlinking /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/qfk939kWWQ017291 failed: No such file or directory Oct 3 11:46:33 server MailScanner[20684]: Unlinking /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/dfk939kWWQ017291 failed: No such file or directory -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Rudolf Kliemstein, village-net Gesendet: Dienstag, 03. Oktober 2006 11:20 An: mailscanner@lists.mailscanner.info Betreff: Mailscanner unlinking error Hello, I have the following problem after upgrading to 4.55 Unlinking /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/qfk92F6oIa008264 failed: No such file or directory This appears with some emails but not with all. I have greylisting and sendmail rlb checks running. Could this be related with those services? Thx Best Regards Rudi -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at mango.zw Tue Oct 3 11:06:50 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Oct 3 11:04:19 2006 Subject: AW: Mailscanner unlinking error In-Reply-To: <007101c6e6d1$5cf34d00$a100a8c0@villagenet.local> Message-ID: On Tue, 3 Oct 2006, Rudolf Kliemstein, village-net wrote: > Some more extensive logs: > > Oct 3 11:46:32 server MailScanner[20684]: Failed to link message body > between queues > (/home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue.scanned/dfk939kWW > Q017291 --> > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/dfk939kWWQ017291) > Oct 3 11:46:33 server MailScanner[20684]: Unlinking > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/qfk939kWWQ017291 > failed: No such file or directory > Oct 3 11:46:33 server MailScanner[20684]: Unlinking > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/dfk939kWWQ017291 > failed: No such file or directory > > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Rudolf > Kliemstein, village-net > Gesendet: Dienstag, 03. Oktober 2006 11:20 > An: mailscanner@lists.mailscanner.info > Betreff: Mailscanner unlinking error > > > Hello, > > I have the following problem after upgrading to 4.55 > > Unlinking > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/qfk92F6oIa008264 > failed: No such file or directory > > This appears with some emails but not with all. > I have greylisting and sendmail rlb checks running. Could this be related > with those services? Look at this in MailScanner.conf: # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to change it to flock, # particularly on Linux systems. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = posix Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From prandal at herefordshire.gov.uk Tue Oct 3 11:20:25 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 3 11:26:59 2006 Subject: Installing 4.56.7 on RHEL 2.1 Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580F979CD5@isabella.herefordshire.gov.uk> Because newer versions fix bugs? Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Tom G. Christensen > Sent: 03 October 2006 07:30 > To: MailScanner discussion > Subject: Re: Installing 4.56.7 on RHEL 2.1 > > Randal, Phil wrote: > > It would have been easier to upgrade the whole box to > CentOS 3.x or 4.x > > ;-) > > > Had that been the case I would have done so. > > > Your Net::DNS is really old, it might be worthwhile > updating that via > > CPAN. > > > Why? > I realize that 0.59 is out but AFAIK the only requirement for > Net::DNS > on unix is v0.34 or newer so I fail to see the point. > > > > -tgc > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Oct 3 11:52:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 3 11:52:32 2006 Subject: Installing 4.56.7 on RHEL 2.1 In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580F979CD5@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580F979CD5@isabella.herefordshire.gov.uk> Message-ID: <452240DD.4070605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think SpamAssassin requires at least Net::DNS 0.48 for required features. Randal, Phil wrote: > Because newer versions fix bugs? > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Tom G. Christensen >> Sent: 03 October 2006 07:30 >> To: MailScanner discussion >> Subject: Re: Installing 4.56.7 on RHEL 2.1 >> >> Randal, Phil wrote: >> >>> It would have been easier to upgrade the whole box to >>> >> CentOS 3.x or 4.x >> >>> ;-) >>> >>> >> Had that been the case I would have done so. >> >> >>> Your Net::DNS is really old, it might be worthwhile >>> >> updating that via >> >>> CPAN. >>> >>> >> Why? >> I realize that 0.59 is out but AFAIK the only requirement for >> Net::DNS >> on unix is v0.34 or newer so I fail to see the point. >> >> >> >> -tgc >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj4DBQFFIkDeEfZZRxQVtlQRAmIVAJME/9bJ3UJlGk32SOeK0QrCGlC4AKCf/vms 472ftn4GQeaPhDjlOzhdsw== =gofn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From keith at 12345678.org Tue Oct 3 11:59:11 2006 From: keith at 12345678.org (keith) Date: Tue Oct 3 11:59:22 2006 Subject: 4.56.7-1 & kaspersky 5.5 supported ? In-Reply-To: <4522263B.7040103@ecs.soton.ac.uk> References: <20061003081958.M95052@12345678.org> <4522263B.7040103@ecs.soton.ac.uk> Message-ID: <20061003105747.M79263@12345678.org> Thank you, I was found the kaspersky 5.5 new path is changed to /opt/kav/5.5/ , I will check the result for restart service at midnight. Thanks On Tue, 03 Oct 2006 09:58:35 +0100, Julian Field wrote > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You almost certainly need to edit your > /etc/MailScanner/virus.scanners.conf to tell it where to find kaspersky. > > keith wrote: > > Hi All, > > > > My mailscanner was upgraded to 4.56.7-1 in yesterday, and purchase a new > > license of kaspersky 5.5 for linux on a centos 4.4 machine, I have seen the > > MS change log was said kaspersky 5.5 is support, and I changed the > > mailscanner.conf to "Virus Scanners = bitdefender kaspersky f-prot > > clamavmodule" , but the ms only can found ClamAV, bitdefender, f-port, how can > > I tell the mailscanner to use the kaspersky 5.5 ? > > > > Thanks > > -- > > > > > > Jules > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.0 (Build 1112) > Comment: (pgp-secured) > Charset: Big5 > > wj8DBQFFIiY8EfZZRxQVtlQRAgiJAJ4rmOHlVa1hmM8PfEMzQnNDc+nf/ACguuqf > 0CN8M0ngSXCMPmEYQxNNPo0= > =Ep+4 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- From hgh at rcwm.com Tue Oct 3 12:07:36 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Tue Oct 3 12:03:57 2006 Subject: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <4522236E.1030005@ecs.soton.ac.uk> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> Message-ID: <45224478.2030403@rcwm.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Henry Hollenberg wrote: > >>It looks like mailscanner is hanging every time it does it's automatic >>restart at 14400 sec. >> >>If I do a manual restart >> >>/etc/init.d/mailscanner restart >> >>the logs look like this: >> >>Oct 1 17:32:06 bastion MailScanner[30537]: MailScanner E-Mail Virus >>Scanner version 4.41.3 starting... >>Oct 1 17:32:06 bastion postfix/smtpd[30539]: connect from >>c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] >>Oct 1 17:32:06 bastion MailScanner[30537]: Read 120 hostnames from >>the phishing whitelist >>Oct 1 17:32:09 bastion postfix/smtpd[30539]: NOQUEUE: reject: RCPT >>from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131]: 554 Service >>unavailable; Client host [69.138.210.131] blocked using >>bl.spamcop.net; Blocked - see >>http://www.spamcop.net/bl.shtml?69.138.210.131; >>from= to= >>proto=SMTP helo= >>Oct 1 17:32:09 bastion postfix/smtpd[30539]: lost connection after >>RCPT from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] >>Oct 1 17:32:09 bastion postfix/smtpd[30539]: disconnect from >>c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] >>Oct 1 17:32:09 bastion MailScanner[30537]: Using locktype = flock > > What do you think is wrong there? You get a startup notice from it, > followed by the locktype notice, all looks fine. Remember MailScanner > doesn't have anything to do with your SMTP service. > > Jules > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Are you suggesting I change the locktype? It did hang again last night, and bayesian db is working now as is pyzor and razor, so I don't think they are hanging things up. Thanks, hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From tim at denmantire.com Tue Oct 3 12:21:29 2006 From: tim at denmantire.com (Tim Boyer) Date: Tue Oct 3 12:21:53 2006 Subject: Reject vs. bounce References: <4521DFA1.7010302@pacific.net> Message-ID: On Mon, 02 Oct 2006 20:57:21 -0700, Ken wrote: >Tim Boyer wrote: >> Apologies if this has been discussed ad infinitum before. I've been running a >> mailserver since 1996, but just heard about MailScanner Saturday, thanks to >> Steve Swaney's excellent talk at the Ohio LinuxFest. >> >> I've been using DNSBLs and a private blocklist with SpamAssassin, and ClamAV as >> milters, so when I reject an email it's rejected, not bounced back to the >> (99.999% bogus) 'From" address. >> >> I've heard and read that MailScanner has a 'bounce' option. Is this what I >> think it is - a bounce back to the 'From'? Or is it a reject before the >> connection's been dropped and the email accepted? >> >> >The 'Feature' is pretty much useless, as has been mentioned here many >times. >I'd only add that you can do both what you are doing now AND run >MailScanner to further process your mail using more aggressive >spamassassin rulesets. Because MailScanner queues and scans mail with a >perl process that uses the spamassassin perl api, you can run tons of SA >rules, rbl and uribl tests, plugins and virus scanners as long as you >dedicate sufficient resources to the process. It's much more than you >can do in an smtp transaction. Most users here combine the fast milters >doing some rejections, with MailScanner & SpamAssassin doing the heavy >work. >Ken Anderson >Pacific.Net That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter - running all my SpamAssassin tests there. My fear is that if I move them from there to a post-smtp scan, I'll lose the ability to reject. For instance, we once got a legitimate sales request that scored over 19 on SA. /dev/null fodder if ever there was one, but because I reject with a 'email postmaster if you're real' message, they re-sent and it got through. If I scan afterwards, my only real options are discard it or tag it and do something with it, right? -- tim boyer tim@denmantire.com From glenn.steen at gmail.com Tue Oct 3 12:27:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 3 12:27:52 2006 Subject: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <45224478.2030403@rcwm.com> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> Message-ID: <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> On 03/10/06, Henry Hollenberg wrote: > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Henry Hollenberg wrote: > > > >>It looks like mailscanner is hanging every time it does it's automatic > >>restart at 14400 sec. > >> > >>If I do a manual restart > >> > >>/etc/init.d/mailscanner restart > >> > >>the logs look like this: > >> > >>Oct 1 17:32:06 bastion MailScanner[30537]: MailScanner E-Mail Virus > >>Scanner version 4.41.3 starting... > >>Oct 1 17:32:06 bastion postfix/smtpd[30539]: connect from > >>c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] > >>Oct 1 17:32:06 bastion MailScanner[30537]: Read 120 hostnames from > >>the phishing whitelist > >>Oct 1 17:32:09 bastion postfix/smtpd[30539]: NOQUEUE: reject: RCPT > >>from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131]: 554 Service > >>unavailable; Client host [69.138.210.131] blocked using > >>bl.spamcop.net; Blocked - see > >>http://www.spamcop.net/bl.shtml?69.138.210.131; > >>from= to= > >>proto=SMTP helo= > >>Oct 1 17:32:09 bastion postfix/smtpd[30539]: lost connection after > >>RCPT from c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] > >>Oct 1 17:32:09 bastion postfix/smtpd[30539]: disconnect from > >>c-69-138-210-131.hsd1.md.comcast.net[69.138.210.131] > >>Oct 1 17:32:09 bastion MailScanner[30537]: Using locktype = flock > > > > What do you think is wrong there? You get a startup notice from it, > > followed by the locktype notice, all looks fine. Remember MailScanner > > doesn't have anything to do with your SMTP service. > > > > Jules > > > > - -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Are you suggesting I change the locktype? > > It did hang again last night, and bayesian db is working now as is > pyzor and razor, so I don't think they are hanging things up. > No, changing the locktype shouldn't affect your situation, since you use Postfix... What might be happening would be if some stray non-queue file end up in the hold queue. Check that that isn't happening. Depending on what you find, you should be able to determine if that is it, and if so... what is responsible for putting it there:-). Might be razor still being a bit confused where the logfile should go (fix is to make sure it knows where too put it by way of the razor-agent.conf file setting... and making sure the postfix user can write where you say it should go), or perhaps the tnef expander placing a file wrong... (don't remember the fix for that... Search the archives, it has cropped up before... Perhaps switch to the internal one). HtH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Oct 3 12:43:30 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 3 12:43:33 2006 Subject: Reject vs. bounce In-Reply-To: References: <4521DFA1.7010302@pacific.net> Message-ID: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> On 03/10/06, Tim Boyer wrote: (Snip good comment by Ken A) > > That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter > - running all my SpamAssassin tests there. My fear is that if I move them from > there to a post-smtp scan, I'll lose the ability to reject. Well, from a resource standpoint... You'd only be able to do rejection after DATA, so all that would land you is that you don't "take responsibility" for the NDN... You still gobble down all the message. > For instance, we once got a legitimate sales request that scored over 19 on SA. > /dev/null fodder if ever there was one, but because I reject with a 'email > postmaster if you're real' message, they re-sent and it got through. If I scan > afterwards, my only real options are discard it or tag it and do something with > it, right? To be able to do that type of thing, you'd be needing "bounces" yes. Or use a quarantine, perhaps with a very short retention period (perhaps only viable for smaller setups, like mine:-). Then again, if the sales request ended up with 19 points, it probably hiot a lot of rules... One might argue they got what they deserved:-):-). You could alleviate that type of thing with SA whitelistings (perhaps the spf thingies, if you can use that for those senders). But the bottom line is: MailScanner doesn't do SMTP, the MTAs do that. So, in some situations you end up doing things quite differently than you would've (perhaps "not at all":-) with a more SMTP-aware product. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From tgc at statsbiblioteket.dk Tue Oct 3 13:01:56 2006 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Tue Oct 3 13:02:01 2006 Subject: Installing 4.56.7 on RHEL 2.1 In-Reply-To: <452240DD.4070605@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580F979CD5@isabella.herefordshire.gov.uk> <452240DD.4070605@ecs.soton.ac.uk> Message-ID: <45225134.6050707@statsbiblioteket.dk> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I think SpamAssassin requires at least Net::DNS 0.48 for required features. > This is taken directly from SA 3.1.5 install notes: - version 0.34 or higher on Unix systems - version 0.46 or higher on Windows systems I think It's pretty safe to say that 0.34 or newer will do the trick on Unix. I actually went to the trouble of looking through the changelog for Net::DNS and I didn't spot any fixes important enough to warrant and upgrade. -tgc From tgc at statsbiblioteket.dk Tue Oct 3 13:05:34 2006 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Tue Oct 3 13:05:36 2006 Subject: Installing 4.56.7 on RHEL 2.1 In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580F979CD5@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580F979CD5@isabella.herefordshire.gov.uk> Message-ID: <4522520E.1020808@statsbiblioteket.dk> Randal, Phil wrote: > Because newer versions fix bugs? > Yes but they also introduce new ones. -tgc > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Tom G. Christensen >> Sent: 03 October 2006 07:30 >> To: MailScanner discussion >> Subject: Re: Installing 4.56.7 on RHEL 2.1 >> >> Randal, Phil wrote: >>> It would have been easier to upgrade the whole box to >> CentOS 3.x or 4.x >>> ;-) >>> >> Had that been the case I would have done so. >> >>> Your Net::DNS is really old, it might be worthwhile >> updating that via >>> CPAN. >>> >> Why? >> I realize that 0.59 is out but AFAIK the only requirement for >> Net::DNS >> on unix is v0.34 or newer so I fail to see the point. >> >> >> >> -tgc From rk at village-net.at Tue Oct 3 13:59:05 2006 From: rk at village-net.at (Rudolf Kliemstein, village-net) Date: Tue Oct 3 13:59:14 2006 Subject: AW: AW: Mailscanner unlinking error In-Reply-To: Message-ID: <008a01c6e6eb$b5198750$a100a8c0@villagenet.local> Yeah this helped, thx a lot! Mag. Rudolf Kliemstein --------------------------------------- village-net internet services Rathausplatz 5 4701 Bad Schallerbach t.: +43-7249-48069-0 f.: +43-7249-48069-72 e.: rk@village-net.at -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Jim Holland Gesendet: Dienstag, 03. Oktober 2006 12:07 An: MailScanner discussion Betreff: Re: AW: Mailscanner unlinking error On Tue, 3 Oct 2006, Rudolf Kliemstein, village-net wrote: > Some more extensive logs: > > Oct 3 11:46:32 server MailScanner[20684]: Failed to link message body > between queues > (/home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue.scanned/dfk > 939kWW > Q017291 --> > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/dfk939kWWQ01 > 7291) Oct 3 11:46:33 server MailScanner[20684]: Unlinking > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/qfk939kWWQ01 > 7291 > failed: No such file or directory > Oct 3 11:46:33 server MailScanner[20684]: Unlinking > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/dfk939kWWQ01 > 7291 > failed: No such file or directory > > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von > Rudolf Kliemstein, village-net > Gesendet: Dienstag, 03. Oktober 2006 11:20 > An: mailscanner@lists.mailscanner.info > Betreff: Mailscanner unlinking error > > > Hello, > > I have the following problem after upgrading to 4.55 > > Unlinking > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue/qfk92F6oIa00 > 8264 > failed: No such file or directory > > This appears with some emails but not with all. > I have greylisting and sendmail rlb checks running. Could this be > related with those services? Look at this in MailScanner.conf: # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to change it to flock, # particularly on Linux systems. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = posix Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brian.duncan at kattenlaw.com Tue Oct 3 14:43:17 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Tue Oct 3 14:43:25 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spam scoring? Message-ID: <65234743FE1555428435CE39E6AC4078B38A3D@CHI-US-EXCH-01.us.kmz.com> For those of us that are environments that support MS Exchange and Outlook 2003+ at the desktop, the capability to support MS IMF (MS Exchange Intelligent Message Filter scoring) from the network edge is very beneficial. Most organizations that have SpamAssassin/Mailscanner at the edge of their network rely on custom created rules on clients to move the SpamAssassin tagged messages into their local "Junk-Mail" folder or Spam folder - Or delete them right away. This leads to support issues in large organizations. Creating custom exceptions etc, usually in most companies these local users cannot manage the rules efficiently. MS in the last year has released a free add-on for Exchange that works very similarly to SpamAssassin it assigns a Score to a message that looks to be in the headers. Exchange will then automatically put messages based on the local Outlook clients preference level into their local Junk Mail folder. The great thing with this is that users can just right click on messages and add to their "white list" or do complete domains. No custom scripts to create, much easier to support in a large environment. If SpamAssassin/Mailscanner could support adding the IMF headers at the edge, then those that would still like to leverage a SpamAssassin (or any product for that matter, as long as it used the IMF score header) solution at the edge of their network they could do so easily. You could tune your MS Exchange servers to not be reactive and the SpamAssasin edge products would dictate what was Spam and what was not. Microsoft with Exchange 12 is pushing companies into putting Exchange at the edge of a network . I have already had this discussion in my environment and that I do not think it makes sense given that Sendmail + Mailscanner + SpamAssassin is almost rock solid. At the end of this is a previous message to this mailing list that is asking for the same thing that I am. Does anyone have anything to add to this or is this request really not that worthwhile. Just the capability of being able to add a generic header to all Spam detected messages would be a great start: X-MS-Exchange-Organization-SCL: 6.5 (I have already tested this, all headers that are added by Mailscanner seems to include additional information added to the same line) Thanks Brian Duncan brian.duncan@kattenlaw.com P.S. There is already a product that can sit on an Exchange server that will convert SpamAssassin scores to equivalent MS IMF Scores. It would be great if we could handle it from the Unix/Linux side transparently. (It's called Assassin2Exchange filter) http://www.smtptracker.com/ Previous message that went unanswered to this list: >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it to deal with spam messages identified by systems like MailScanner or other appliance based solutions. >Basically, it looks for the following header(s): >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) >More details can be found at: >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5c2 -8509-4b25-9876-763536e77c27.mspx?mfr=true >So, my question is -- can I add this header with MailScanner, inserting the appropriate spam score after the header, e.g.: >X-MS-Exchange-Organization-SCL:5 >The trick is, I don't want to mess with my existing header adds, I want to add this in addition to my normal ones (X-Spam-Score: XX). I see where I can add additional headers in the: >Spam Actions = deliver header "X-Spam-Status: Yes" >However, it is unclear how to insert the spam score "value" in the "value" area that it needs to be in. It is also unclear from the Microsoft docs if the "score" can be anything other than whole numbers (e.g. can't be 5.5 but 5 is OK). So, a way to "round" the score would be helpful. >Any pointers? >-- >----------------------------------------- >Mike Bacher / listacct@tulsaconnect.com >TCIS - TulsaConnect Internet Services >http://www.tulsaconnect.com >----------------------------------------- =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061003/2499d171/attachment.html From cornelius.koelbel at gmx.de Tue Oct 3 15:42:08 2006 From: cornelius.koelbel at gmx.de (Cornelius Koelbel) Date: Tue Oct 3 15:42:18 2006 Subject: Panda Wrapper In-Reply-To: <223f97700610030111m1467df9bx8aafdfbc6102c447@mail.gmail.com> References: <45218FA4.7000800@gmx.de> <223f97700610030111m1467df9bx8aafdfbc6102c447@mail.gmail.com> Message-ID: <452276C0.8010603@gmx.de> OK, thanks. Cornelius Glenn Steen schrieb: > On 03/10/06, Cornelius Koelbel wrote: >> Hi, >> >> something seems to be wrong with the panda wrapper. >> >> When testing the wrapper with >> /usr/lib/MailScanner/panda-wrapper /opt/pavcl/usr /tmp/ >> it will not return. >> The call >> /opt/pavcl/usr /tmp/ >> opens an interactive text interface. >> >> Using >> ame : pavcl Relocations: (not relocatable) >> Version : 9.0.0 Vendor: (none) >> >> and >> Name : mailscanner Relocations: (not relocatable) >> Version : 4.55.10 Vendor: Electronics and >> Computer Science, University of Southampton >> >> Kind regards >> Cornelius > > Read the wrapper file and you'll find that you are probably "calling > it the wrong way":-). This is what it says: > ------- > # To test from the command line change to the directory you wish to > # check and issue this command (change paths to reflect your install) > # "/opt/MailScanner/lib/panda-wrapper /usr -nsb -eng -aex -nso -aut -cmp ." > # Make sure your testing dir is one directory deep (don't for get the . > BTW) > # example > # test+ > # .+ testfiles > # .+ moretestfiles > # execute from directory test and it will scan the testfiles and > moretestfiles > # directories. There should be no sub-dirs below those two, this simulates > # MailScanner's process-dir->message-dir structure > ------- > > With the latest panda out, this wrapper should be rewritten... If only > one had the time...:-) > I don't remember if the options still work as expected... there was > something about that a while back, so check the archives. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3641 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061003/940342e2/smime.bin From ka at pacific.net Tue Oct 3 16:03:24 2006 From: ka at pacific.net (Ken A) Date: Tue Oct 3 16:01:47 2006 Subject: Reject vs. bounce In-Reply-To: References: <4521DFA1.7010302@pacific.net> Message-ID: <45227BBC.9080303@pacific.net> Tim Boyer wrote: > On Mon, 02 Oct 2006 20:57:21 -0700, Ken wrote: > >> Tim Boyer wrote: >>> Apologies if this has been discussed ad infinitum before. I've been running a >>> mailserver since 1996, but just heard about MailScanner Saturday, thanks to >>> Steve Swaney's excellent talk at the Ohio LinuxFest. >>> >>> I've been using DNSBLs and a private blocklist with SpamAssassin, and ClamAV as >>> milters, so when I reject an email it's rejected, not bounced back to the >>> (99.999% bogus) 'From" address. >>> >>> I've heard and read that MailScanner has a 'bounce' option. Is this what I >>> think it is - a bounce back to the 'From'? Or is it a reject before the >>> connection's been dropped and the email accepted? >>> >>> >> The 'Feature' is pretty much useless, as has been mentioned here many >> times. >> I'd only add that you can do both what you are doing now AND run >> MailScanner to further process your mail using more aggressive >> spamassassin rulesets. Because MailScanner queues and scans mail with a >> perl process that uses the spamassassin perl api, you can run tons of SA >> rules, rbl and uribl tests, plugins and virus scanners as long as you >> dedicate sufficient resources to the process. It's much more than you >> can do in an smtp transaction. Most users here combine the fast milters >> doing some rejections, with MailScanner & SpamAssassin doing the heavy >> work. >> Ken Anderson >> Pacific.Net > > That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter > - running all my SpamAssassin tests there. My fear is that if I move them from > there to a post-smtp scan, I'll lose the ability to reject. Is running SA in both places with different rules not possible? I'd try that if I had the time to set it up! > For instance, we once got a legitimate sales request that scored over 19 on SA. > /dev/null fodder if ever there was one, but because I reject with a 'email > postmaster if you're real' message, they re-sent and it got through. If I scan > afterwards, my only real options are discard it or tag it and do something with > it, right? Right. Ken A Pacific.Net From mkettler at evi-inc.com Tue Oct 3 16:34:51 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Oct 3 16:35:07 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> Message-ID: <4522831B.8030900@evi-inc.com> Dan Hollis wrote: > On Mon, 2 Oct 2006, Matt Kettler wrote: >> Dan Hollis wrote: >>> On Mon, 2 Oct 2006, Martin Hepworth wrote: >>>> Besides milter-sender there's also milter-ahead which checks the 'to' >>>> address existing on your system (if you're not using sendmail see the >>>> mailScanner wiki for your MTA on how to do this). Again using this >>>> technique you can drop over 66% of inbound traffic... >>> Is there any milter which checks the SOA of URLs in the message body and >>> drops them if the SOA is in china (or pakistan, or wherever)? >> Not that I know of. >> That and you'd probably have a lot more false positives here than you >> expect. >> >> With the amount of "farming out" of basic web-presence services, where >> the >> website's DNS hosting lives really has very little to do with where >> the company >> that owns it is. >> I mean, if I get re-routed to India when I call a US-based company for >> tech >> support, why should I expect to have a US-based DNS server for their >> website? > > Why shouldn't I be able to blacklist individual known spam SOAs? That's perfectly reasonable.. But it's not what you asked for. You asked for geographic location based blacklisting. From bpumphrey at woodmclaw.com Tue Oct 3 16:57:26 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Oct 3 16:57:30 2006 Subject: How to tell if SpamAssassin Bayasian filtering is working In-Reply-To: <1356937812.20060929212711@bayerfamily.net> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501729759@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jonathan B. Bayer > Sent: Friday, September 29, 2006 9:27 PM > To: MailScanner discussion > Subject: Re[2]: How to tell if SpamAssassin Bayasian filtering is working > > Hello Martin, > > OK. I've downloaded and installed the starter DB. How can I tell if the > Bayes is working, both the scanning and the autolearn? > > Thanks > > One way is to run this command every few minutes or longer and see if the numbers increase as emails are hopefully getting learned. sa-learn --dump magic From mailscanner at mango.zw Tue Oct 3 17:19:12 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Oct 3 17:16:43 2006 Subject: Reject vs. bounce In-Reply-To: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> Message-ID: > On 03/10/06, Tim Boyer wrote: > (Snip good comment by Ken A) > > > > That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter > > - running all my SpamAssassin tests there. My fear is that if I move them from > > there to a post-smtp scan, I'll lose the ability to reject. > > Well, from a resource standpoint... You'd only be able to do rejection > after DATA, so all that would land you is that you don't "take > responsibility" for the NDN... You still gobble down all the message. > > > For instance, we once got a legitimate sales request that scored over 19 on SA. > > /dev/null fodder if ever there was one, but because I reject with a 'email > > postmaster if you're real' message, they re-sent and it got through. If I scan > > afterwards, my only real options are discard it or tag it and do something with > > it, right? eg quarantine it - see below. > To be able to do that type of thing, you'd be needing "bounces" yes. Bouncing should always be done at SMTP time and not by MailScanner - for reasons already stated by others. > Or use a quarantine, perhaps with a very short retention period > (perhaps only viable for smaller setups, like mine:-). Once mail has been accepted then why not quarantine all mail that is flagged as spam? An essential component of managing spam is to notify users of what has been rejected, and to quarantine the marginal mail rather than deleting it or rejecting it. We send out two separate notifications per day to our users - one that indicates the mail that has been bounced at SMTP time, with reports in the following format: Oct 2 14:56:02 sender: vczr@chrispowerz.wanadoo.co.uk recip: user@mango.zw server: dsl.static81214188253.ttnet.net.tr and the other that indicates mail that has been quarantined (where more information is available for the report): 02 Oct 2006 06:30:49 From: "PokerBot Max" Server: static-66-16-28-242.dsl.cavtel.net [66.16.28.242] Date: Sun 01 Oct 2006 23:28:06 -0600 Subject: Make Money Online with PokerBot Saved as: user@mango.zw 20061002/spam/k924USZ9020056 The server information is useful for users to quickly pick out the origin of the message and often gives a very good indication of the likelihood of the mail being genuine or not. I guess that we would probably bounce or block around 85% of incoming connections, with the remainder being split between genuine and quarantined mail. We typically quarantine only around 650 messages per day, so the storage requirement for our 2500 users is not significant - we keep it for 90 days. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From sandrews at andrewscompanies.com Tue Oct 3 17:17:19 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Oct 3 17:17:25 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? Message-ID: <1964AAFBC212F742958F9275BF63DBB0429535@winchester.andrewscompanies.com> If I read this right, that capability is already in mailscanner...take a look under your "what to do with spam" section, where it says Spam Actions = typical is deliver, but you could have "deliver header X-MS-Exchange-Organization-SCL: 6.5" in there just as well. You could give it some high SCL for the high spam that matches what you're looking for on the exchange side for the SCL. So what if it's not the PRECISE score in SCL terms, only so that it trips the trigger for the right behavior on the exchange side. Steve _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. Sent: Tuesday, October 03, 2006 9:43 AM To: mailscanner@lists.mailscanner.info Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? For those of us that are environments that support MS Exchange and Outlook 2003+ at the desktop, the capability to support MS IMF (MS Exchange Intelligent Message Filter scoring) from the network edge is very beneficial. Most organizations that have SpamAssassin/Mailscanner at the edge of their network rely on custom created rules on clients to move the SpamAssassin tagged messages into their local "Junk-Mail" folder or Spam folder - Or delete them right away. This leads to support issues in large organizations. Creating custom exceptions etc, usually in most companies these local users cannot manage the rules efficiently. MS in the last year has released a free add-on for Exchange that works very similarly to SpamAssassin it assigns a Score to a message that looks to be in the headers. Exchange will then automatically put messages based on the local Outlook clients preference level into their local Junk Mail folder. The great thing with this is that users can just right click on messages and add to their "white list" or do complete domains. No custom scripts to create, much easier to support in a large environment. If SpamAssassin/Mailscanner could support adding the IMF headers at the edge, then those that would still like to leverage a SpamAssassin (or any product for that matter, as long as it used the IMF score header) solution at the edge of their network they could do so easily. You could tune your MS Exchange servers to not be reactive and the SpamAssasin edge products would dictate what was Spam and what was not. Microsoft with Exchange 12 is pushing companies into putting Exchange at the edge of a network . I have already had this discussion in my environment and that I do not think it makes sense given that Sendmail + Mailscanner + SpamAssassin is almost rock solid. At the end of this is a previous message to this mailing list that is asking for the same thing that I am. Does anyone have anything to add to this or is this request really not that worthwhile. Just the capability of being able to add a generic header to all Spam detected messages would be a great start: X-MS-Exchange-Organization-SCL: 6.5 (I have already tested this, all headers that are added by Mailscanner seems to include additional information added to the same line) Thanks Brian Duncan brian.duncan@kattenlaw.com P.S. There is already a product that can sit on an Exchange server that will convert SpamAssassin scores to equivalent MS IMF Scores. It would be great if we could handle it from the Unix/Linux side transparently. (It's called Assassin2Exchange filter) http://www.smtptracker.com/ Previous message that went unanswered to this list: >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it to deal with spam messages identified by systems like MailScanner or other appliance based solutions. >Basically, it looks for the following header(s): >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) >More details can be found at: >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5c2 -8509-4b25-9876-763536e77c27.mspx?mfr=true >So, my question is -- can I add this header with MailScanner, inserting the appropriate spam score after the header, e.g.: >X-MS-Exchange-Organization-SCL:5 >The trick is, I don't want to mess with my existing header adds, I want to add this in addition to my normal ones (X-Spam-Score: XX). I see where I can add additional headers in the: >Spam Actions = deliver header "X-Spam-Status: Yes" >However, it is unclear how to insert the spam score "value" in the "value" area that it needs to be in. It is also unclear from the Microsoft docs if the "score" can be anything other than whole numbers (e.g. can't be 5.5 but 5 is OK). So, a way to "round" the score would be helpful. >Any pointers? >-- >----------------------------------------- >Mike Bacher / listacct@tulsaconnect.com >TCIS - TulsaConnect Internet Services >http://www.tulsaconnect.com >----------------------------------------- =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061003/65d6c7c1/attachment.html From mike at tc3net.com Tue Oct 3 17:35:52 2006 From: mike at tc3net.com (Michael Baird) Date: Tue Oct 3 17:33:42 2006 Subject: MailScanner settings Message-ID: <1159893352.18636.8.camel@localhost> I've got a canned hosting package which uses MailScanner (Ensim). It doesn't use spamassassin within mailscanner, but I've activated spam checks and added spam lists. My question is, with spamassassin = no do the high scoring spam actions work in relation to the spam lists (I want 2 hits of spam list to go high scoring which I want to have deleted at this point in processing). Regards Michael Baird From mailscanner at mango.zw Tue Oct 3 17:36:33 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Oct 3 17:33:55 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spam scoring? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38A3D@CHI-US-EXCH-01.us.kmz.com> Message-ID: On Tue, 3 Oct 2006, Duncan, Brian M. wrote: > Previous message that went unanswered to this list: > > >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it to > deal with spam messages identified by systems like MailScanner or other > appliance based solutions. > > >Basically, it looks for the following header(s): > > >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) > >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) > > >More details can be found at: > > >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5c2 > -8509-4b25-9876-763536e77c27.mspx?mfr=true > > >So, my question is -- can I add this header with MailScanner, inserting > the appropriate spam score after the header, e.g.: > > >X-MS-Exchange-Organization-SCL:5 > > >The trick is, I don't want to mess with my existing header adds, I want > to add this in addition to my normal ones (X-Spam-Score: XX). I see > where I can add additional headers in the: > > >Spam Actions = deliver header "X-Spam-Status: Yes" > > >However, it is unclear how to insert the spam score "value" in the > "value" area that it needs to be in. It is also unclear from the > Microsoft docs if the "score" can be anything other than whole numbers > (e.g. can't be 5.5 but 5 is OK). So, a way to "round" the score would > be helpful. > > >Any pointers? If the MailScanner/SpamAssassin system has determined that the message is spam, why not always add a fixed header such as: X-MS-Exchange-Organization-SCL: 10 so that the message will always be quarantined by Exchange? I don't see the benefit of using variable values for the spam score at this point. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From brian.duncan at kattenlaw.com Tue Oct 3 17:50:17 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Tue Oct 3 17:50:27 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spam scoring? Message-ID: <65234743FE1555428435CE39E6AC4078B38A41@CHI-US-EXCH-01.us.kmz.com> Thanks, actually it looks like that is probably the best method. I was not even thinking of the use of the Spam Actions section. duh I was more focused on the section of the config for Spam Header and Mail Header for Mailscanner. Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim Holland Sent: Tuesday, October 03, 2006 11:37 AM To: MailScanner discussion Subject: Re: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spam scoring? On Tue, 3 Oct 2006, Duncan, Brian M. wrote: > Previous message that went unanswered to this list: > > >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it > >to > deal with spam messages identified by systems like MailScanner or > other appliance based solutions. > > >Basically, it looks for the following header(s): > > >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) > >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) > > >More details can be found at: > > >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5 > >c2 > -8509-4b25-9876-763536e77c27.mspx?mfr=true > > >So, my question is -- can I add this header with MailScanner, > >inserting > the appropriate spam score after the header, e.g.: > > >X-MS-Exchange-Organization-SCL:5 > > >The trick is, I don't want to mess with my existing header adds, I > >want > to add this in addition to my normal ones (X-Spam-Score: XX). I see > where I can add additional headers in the: > > >Spam Actions = deliver header "X-Spam-Status: Yes" > > >However, it is unclear how to insert the spam score "value" in the > "value" area that it needs to be in. It is also unclear from the > Microsoft docs if the "score" can be anything other than whole numbers > (e.g. can't be 5.5 but 5 is OK). So, a way to "round" the score would > be helpful. > > >Any pointers? If the MailScanner/SpamAssassin system has determined that the message is spam, why not always add a fixed header such as: X-MS-Exchange-Organization-SCL: 10 so that the message will always be quarantined by Exchange? I don't see the benefit of using variable values for the spam score at this point. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From christian at columbiafuels.com Tue Oct 3 17:52:04 2006 From: christian at columbiafuels.com (Christian Rasmussen) Date: Tue Oct 3 17:52:14 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38A3D@CHI-US-EXCH-01.us.kmz.com> Message-ID: <2023D81BC0235143A46589958FF543F502F5D9E6@bigbird.columbiafuels.com> I've been using the exchange features to assign a SCL score to any message that has the tag added by the mailscanner server. You can set it up so that all of those tagged messages go automatically to the exchange user's junk email folder. I haven't had any complaints about it and it allows for easier cleanup of those messages later. If anyone is interested, check out the following page http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html Once you have it enabled, just create a rule in your MSExchange.UceContentFilter.xml with something similar to: To tag it with any score you've set above your junk level (in the above example 8) Cheers, -Christian ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. Sent: Tuesday, October 03, 2006 6:43 AM To: mailscanner@lists.mailscanner.info Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? ? For those of us that are environments that support MS Exchange and Outlook 2003+ at the desktop, the capability to support MS IMF (MS Exchange Intelligent Message Filter?scoring) from?the network edge is very beneficial. ? ?Most organizations that have SpamAssassin/Mailscanner at the edge of their network rely?on custom created rules on clients to move the SpamAssassin tagged messages into their local "Junk-Mail" folder or Spam folder - Or delete them right away. ? This leads to support issues in large organizations.? Creating custom exceptions etc, usually in most companies these??local users?cannot manage the rules efficiently. ? MS in the last year has released a free add-on for Exchange that works very similarly to SpamAssassin it assigns a Score to a message that looks to be in the headers.? Exchange will then automatically put messages based on the local Outlook clients preference level into their?local Junk Mail folder. The great thing with this is that users can just right click on messages and add to their "white list" or do complete domains.? No custom scripts to create,? much easier to support in a large environment. ? If SpamAssassin/Mailscanner could support adding the IMF headers at the edge, then those that would still like to leverage a SpamAssassin (or any product for that matter, as long as it used the IMF score header) solution at the edge of their network they could do so easily.? You could tune your MS Exchange servers to not be reactive and the SpamAssasin edge products would dictate what was Spam and what was not. ? Microsoft with Exchange 12 is pushing? companies into? putting Exchange at the edge of a network?. I have already had this?discussion in my environment?and that I do not think it makes sense given that Sendmail?+ Mailscanner?+ SpamAssassin is?almost rock solid.???? ? At the end of this?is a previous message to this mailing list that is asking for the same thing that I am. ? Does anyone have anything to add to this or is this request really not that worthwhile. ? Just the capability of being able to add a generic header to all Spam detected messages would be a great start: ? X-MS-Exchange-Organization-SCL: 6.5 ? (I have already tested this, all headers that are added by Mailscanner seems to include additional information added to the same line) ? Thanks ? Brian Duncan ? brian.duncan@kattenlaw.com ? P.S. ? There is already a product that can sit on an Exchange server that will convert SpamAssassin scores to equivalent MS IMF Scores.? It would be great if we could handle it from the Unix/Linux side transparently. (It's called Assassin2Exchange filter) ? http://www.smtptracker.com/ ? Previous message that went unanswered to this list: ? >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it to deal with spam messages identified by systems like MailScanner or other appliance based solutions. ? >Basically, it looks for the following header(s): ? >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) ? >More details can be found at: ? >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5c2-8509-4b25-9876-763536e77c27.mspx?mfr=true ? >So, my question is -- can I add this header with MailScanner, inserting the appropriate spam score after the header, e.g.: ? >X-MS-Exchange-Organization-SCL:5 ? >The trick is, I don't want to mess with my existing header adds, I want to add this in addition to my normal ones (X-Spam-Score: XX).? I see where I can add additional headers in the: ? >Spam Actions = deliver header "X-Spam-Status: Yes" ? >However, it is unclear how to insert the spam score "value" in the "value" area that it needs to be in.? It is also unclear from the Microsoft docs if the "score" can be anything other than whole numbers (e.g. can't be 5.5 but 5 is OK).? So, a way to "round" the score would be helpful. ? >Any pointers? ? >-- ? >----------------------------------------- >Mike Bacher / listacct@tulsaconnect.com >TCIS - TulsaConnect Internet Services >http://www.tulsaconnect.com >----------------------------------------- From spamtrap71892316634 at anime.net Tue Oct 3 18:49:53 2006 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Tue Oct 3 18:49:57 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> Message-ID: On Tue, 3 Oct 2006, James Gray wrote: > On 03/10/2006, at 10:11 AM, Dan Hollis wrote: >> Why shouldn't I be able to blacklist individual known spam SOAs? > Why not use the URIBL lists like "OutBlaze" and friends. Not exactly what > you're after but I've found them extremely effective in combating URLs etc > that link to known spammers' domains. The problem is that spammers are now using hundreds of totally randomized domains, making URIBL pretty useless. -Dan From mkettler at EVI-INC.COM Tue Oct 3 19:08:53 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Tue Oct 3 19:09:21 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> Message-ID: <4522A735.4070500@evi-inc.com> Dan Hollis wrote: > On Tue, 3 Oct 2006, James Gray wrote: >> On 03/10/2006, at 10:11 AM, Dan Hollis wrote: >>> Why shouldn't I be able to blacklist individual known spam SOAs? >> Why not use the URIBL lists like "OutBlaze" and friends. Not exactly >> what you're after but I've found them extremely effective in combating >> URLs etc that link to known spammers' domains. > > The problem is that spammers are now using hundreds of totally > randomized domains, making URIBL pretty useless. > > -Dan Really? mine hit beautifully. Why do you think uribl is useless? JP has hit over 38% of the total mail volume on my server this week! Over 87 percent of my spam-tagged mail has been hit by at least one URIBL rule (uribl.com, surbl.org or sbl) Some stats: total spam: 4587 total not spam: 3383 total email examined by SA : 7970 any uribl, spam tagged 4020 any uribl, not spam tagged 110 total any uribl 4130 In the face of stats like that, how can you even begin to say the URIBLs are "pretty useless". Try the attached shell script. It assumes you log spam and nonspam results in MailScanner format to /var/log/maillog, but it should get you some basic stats on how your URIBL rules are doing. -------------- next part -------------- #!/bin/sh echo URIBL_BLACK grep URIBL_BLACK /var/log/maillog |wc -l echo URIBL_GREY grep URIBL_GREY /var/log/maillog |wc -l echo URIBL_BLACK_OVERLAP grep URIBL_BLACK_OVERLAP /var/log/maillog |wc -l echo URIBL_AB_SURBL grep URIBL_AB_SURBL /var/log/maillog |wc -l echo URIBL_JP_SURBL grep URIBL_JP_SURBL /var/log/maillog |wc -l echo URIBL_OB_SURBL grep URIBL_OB_SURBL /var/log/maillog |wc -l echo URIBL_SC_SURBL grep URIBL_SC_SURBL /var/log/maillog |wc -l echo URIBL_WS_SURBL grep URIBL_WS_SURBL /var/log/maillog |wc -l echo SURBL_MULTI1 grep SURBL_MULTI1 /var/log/maillog |wc -l echo SURBL_MULTI2 grep SURBL_MULTI2 /var/log/maillog |wc -l echo SURBL_MULTI3 grep SURBL_MULTI3 /var/log/maillog |wc -l echo SURBL_MULTI4 grep SURBL_MULTI4 /var/log/maillog |wc -l echo total spam: grep " is spam, SpamAssassin" /var/log/maillog |wc -l echo total not spam: grep " is not spam, SpamAssassin" /var/log/maillog |wc -l echo total email examined by SA : grep " spam, SpamAssassin" /var/log/maillog |wc -l echo any uribl, spam tagged grep " is spam, SpamAssassin" /var/log/maillog | grep "URIBL_" |wc -l echo any uribl, not spam tagged grep " is not spam, SpamAssassin" /var/log/maillog | grep "URIBL_" |wc -l echo total any uribl grep "URIBL_" /var/log/maillog |wc -l From Phil.Udel at SalemCorp.com Tue Oct 3 19:35:27 2006 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Oct 3 19:35:34 2006 Subject: Logwatch Update In-Reply-To: <4522A735.4070500@evi-inc.com> Message-ID: <200610031836.k93IagoW027688@cat.salemcarriers.com> Hi Not sure if anyone would like this but I just finished updating my MS Logwatch Script. I add Mailwatch, Whitelist SQL, Blacklist SQL, Clamav, and Some other messages I cleaned up about 28 Daily **Unmatched Entries** From ssilva at sgvwater.com Tue Oct 3 19:34:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 3 19:36:04 2006 Subject: Reject vs. bounce In-Reply-To: References: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> Message-ID: Jim Holland spake the following on 10/3/2006 9:19 AM: >> On 03/10/06, Tim Boyer wrote: >> (Snip good comment by Ken A) >>> That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter >>> - running all my SpamAssassin tests there. My fear is that if I move them from >>> there to a post-smtp scan, I'll lose the ability to reject. >> Well, from a resource standpoint... You'd only be able to do rejection >> after DATA, so all that would land you is that you don't "take >> responsibility" for the NDN... You still gobble down all the message. >> >>> For instance, we once got a legitimate sales request that scored over 19 on SA. >>> /dev/null fodder if ever there was one, but because I reject with a 'email >>> postmaster if you're real' message, they re-sent and it got through. If I scan >>> afterwards, my only real options are discard it or tag it and do something with >>> it, right? > > eg quarantine it - see below. > >> To be able to do that type of thing, you'd be needing "bounces" yes. > > Bouncing should always be done at SMTP time and not by MailScanner - for > reasons already stated by others. > >> Or use a quarantine, perhaps with a very short retention period >> (perhaps only viable for smaller setups, like mine:-). > > Once mail has been accepted then why not quarantine all mail that is > flagged as spam? > > An essential component of managing spam is to notify users of what has > been rejected, and to quarantine the marginal mail rather than deleting it > or rejecting it. We send out two separate notifications per day to our > users - one that indicates the mail that has been bounced at SMTP time, > with reports in the following format: > > Oct 2 14:56:02 > sender: vczr@chrispowerz.wanadoo.co.uk > recip: user@mango.zw > server: dsl.static81214188253.ttnet.net.tr > > and the other that indicates mail that has been quarantined (where more > information is available for the report): > > 02 Oct 2006 06:30:49 > From: "PokerBot Max" > Server: static-66-16-28-242.dsl.cavtel.net [66.16.28.242] > Date: Sun 01 Oct 2006 23:28:06 -0600 > Subject: Make Money Online with PokerBot > Saved as: user@mango.zw 20061002/spam/k924USZ9020056 > > The server information is useful for users to quickly pick out the origin > of the message and often gives a very good indication of the likelihood of > the mail being genuine or not. > > I guess that we would probably bounce or block around 85% of incoming > connections, with the remainder being split between genuine and > quarantined mail. We typically quarantine only around 650 messages per > day, so the storage requirement for our 2500 users is not significant - we > keep it for 90 days. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > Do you have any plans to share your scripts for notifying users? I know that quarantine report does the latter, but I am curious about the notifies on SMTP dropped mail. Sure, it isn't a "difficult" process, but why re-invent the wheel? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From spamtrap71892316634 at anime.net Tue Oct 3 19:51:05 2006 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Tue Oct 3 19:51:11 2006 Subject: "Friends Only" In-Reply-To: <4522831B.8030900@evi-inc.com> References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> <4522831B.8030900@evi-inc.com> Message-ID: On Tue, 3 Oct 2006, Matt Kettler wrote: > That's perfectly reasonable.. But it's not what you asked for. You asked for > geographic location based blacklisting. Well I do block all email from china and korea. But then it's my PC. -Dan From ssilva at sgvwater.com Tue Oct 3 19:54:01 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 3 19:55:08 2006 Subject: Logwatch Update In-Reply-To: <200610031836.k93IagoW027688@cat.salemcarriers.com> References: <4522A735.4070500@evi-inc.com> <200610031836.k93IagoW027688@cat.salemcarriers.com> Message-ID: Phil Udel spake the following on 10/3/2006 11:35 AM: > > Hi > Not sure if anyone would like this but I just finished updating my > MS Logwatch Script. I add Mailwatch, Whitelist SQL, Blacklist SQL, Clamav, > and Some other messages > I cleaned up about 28 Daily **Unmatched Entries** > > > > Great!! I have just been planning to do something with the logwatch script. I would like to also get it to report on the rejections due to greet pause, and it looks to be there, but since sendmail isn't enabled with MailScanner it doesn't seem to fire. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From lodder at delodder.be Tue Oct 3 19:58:26 2006 From: lodder at delodder.be (Philippe Delodder) Date: Tue Oct 3 19:58:51 2006 Subject: Logwatch Update In-Reply-To: <200610031836.k93IagoW027688@cat.salemcarriers.com> References: <200610031836.k93IagoW027688@cat.salemcarriers.com> Message-ID: <4522B2D2.6040607@delodder.be> Phil Udel schreef: > > Hi > Not sure if anyone would like this but I just finished updating my > MS Logwatch Script. I add Mailwatch, Whitelist SQL, Blacklist SQL, Clamav, > and Some other messages > I cleaned up about 28 Daily **Unmatched Entries** > > > > > yes i would be interested in it -- Philippe Delodder lodder@delodder.be http://www.delodder.be -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061003/9fc97d27/signature.bin From mkettler at evi-inc.com Tue Oct 3 20:00:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Oct 3 20:00:57 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> <4522831B.8030900@evi-inc.com> Message-ID: <4522B353.50509@evi-inc.com> Dan Hollis wrote: > On Tue, 3 Oct 2006, Matt Kettler wrote: >> That's perfectly reasonable.. But it's not what you asked for. You >> asked for >> geographic location based blacklisting. > > Well I do block all email from china and korea. But then it's my PC. True, I was merely pointing out that checking the SOA for a URL, and determining what country that URL was DNS hosted from would likely cause more FPs than you think. Website and DNS hosting are a very commonly outsourced thing. Not all of that hosting ends up in the same country as the company that owns the domain. From sandrews at andrewscompanies.com Tue Oct 3 20:15:52 2006 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Oct 3 20:15:55 2006 Subject: Logwatch Update Message-ID: <1964AAFBC212F742958F9275BF63DBB0429539@winchester.andrewscompanies.com> Where can we get this magic script? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: Tuesday, October 03, 2006 2:35 PM To: 'MailScanner discussion' Subject: Logwatch Update Hi Not sure if anyone would like this but I just finished updating my MS Logwatch Script. I add Mailwatch, Whitelist SQL, Blacklist SQL, Clamav, and Some other messages I cleaned up about 28 Daily **Unmatched Entries** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Phil.Udel at SalemCorp.com Tue Oct 3 20:21:28 2006 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Oct 3 20:21:39 2006 Subject: Logwatch Update In-Reply-To: <200610031836.k93IagoW027688@cat.salemcarriers.com> Message-ID: <200610031922.k93JMhoW000686@cat.salemcarriers.com> Can I send it as a attachment to this Group? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: Tuesday, October 03, 2006 2:35 PM To: 'MailScanner discussion' Subject: Logwatch Update Hi Not sure if anyone would like this but I just finished updating my MS Logwatch Script. I add Mailwatch, Whitelist SQL, Blacklist SQL, Clamav, and Some other messages I cleaned up about 28 Daily **Unmatched Entries** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Oct 3 20:31:57 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 3 20:32:39 2006 Subject: Logwatch Update In-Reply-To: <200610031922.k93JMhoW000686@cat.salemcarriers.com> References: <200610031836.k93IagoW027688@cat.salemcarriers.com> <200610031922.k93JMhoW000686@cat.salemcarriers.com> Message-ID: Phil Udel spake the following on 10/3/2006 12:21 PM: > Can I send it as a attachment to this Group? > Yes you can, but some scripts go better if they are tar.gz'd. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Phil.Udel at SalemCorp.com Tue Oct 3 20:42:18 2006 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Oct 3 20:42:26 2006 Subject: Logwatch Update In-Reply-To: <200610031922.k93JMhoW000686@cat.salemcarriers.com> Message-ID: <200610031943.k93JhYcv003183@cat.salemcarriers.com> OK. Here is the script. Just replace the old Logwatch script with this one -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: Tuesday, October 03, 2006 3:21 PM To: 'MailScanner discussion' Subject: RE: Logwatch Update Can I send it as a attachment to this Group? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: Tuesday, October 03, 2006 2:35 PM To: 'MailScanner discussion' Subject: Logwatch Update Hi Not sure if anyone would like this but I just finished updating my MS Logwatch Script. I add Mailwatch, Whitelist SQL, Blacklist SQL, Clamav, and Some other messages I cleaned up about 28 Daily **Unmatched Entries** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: mailscanner.gz Type: application/x-gzip Size: 2285 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061003/60e0848e/mailscanner.gz From r.berber at computer.org Tue Oct 3 21:05:55 2006 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue Oct 3 21:07:07 2006 Subject: 4.56.7: "max message size is '40000'" In-Reply-To: <223f97700610030059s3a734599n963615622450fbf8@mail.gmail.com> References: <223f97700610030059s3a734599n963615622450fbf8@mail.gmail.com> Message-ID: Glenn Steen wrote: > On 02/10/06, Jeff A. Earickson wrote: >> Julian, >> >> Ok, I hang my head in shame and say that I didn't beta-test >> earlier versions of 4.56. September was a busy month. >> >> I just upgraded from 4.55.10 to 4.56.7 on my setup (Solaris 10, >> SA 3.1.5, sophos and clam, dcc 1.3.40). I ran it first in debug >> mode to see what would happen (output attached). Not much. >> >> Then I attempted to fire up 4.56.7 in normal mode. I got zero syslog >> output, and nothing seemed to happen except several MS processes >> were sucking up CPU time: >> >> # ps -ef | grep perl >> root 15405 15337 0 11:55:16 ? 0:00 /usr/bin/perl >> -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail >> root 15394 15336 2 11:55:14 ? 0:02 /usr/bin/perl >> -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail >> root 15407 19023 0 11:55:16 pts/2 0:00 grep perl >> root 15336 1 0 11:55:03 ? 0:00 /usr/bin/perl >> -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail >> root 15337 15336 3 11:55:03 ? 0:08 /usr/bin/perl >> -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail >> >> I did go from version 0.13 to 0.18 of Sys-Syslog, but this does >> not seem to have anything to do with this. 4.55.10 works fine with >> the new Sys-Syslog. >> >> So, 4.56.7 never gets off the ground. Any ideas? Any other Solaris 10 >> users with this issue? >> > Hi Jeff, > I'm certainly no Solaris guru, but could this have something to do > with the pretty recent thread "No logging in Solaris 9 (with > workaround) - question?"? No, that was already changed in version 4.56.5 and I tested* it with Solaris 10. * OK, sort of tested it, in fact I made 2 changes to lib/MailScanner/Log.pm (and it is recorded on the thread): line 39 - use Sys::Syslog qw(:DEFAULT setlogsock); line 71 - Sys::Syslog::setlogsock('native'); The first one could be the problem in the current MS under Solaris 10; the second one just makes the syslog output come out with the normal format, the original 'udp' works fine, just not perfect ;-) -- Ren? Berber From mailscanner at mango.zw Tue Oct 3 21:30:48 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Oct 3 21:27:58 2006 Subject: Reject vs. bounce In-Reply-To: Message-ID: On Tue, 3 Oct 2006, Scott Silva wrote: > Jim Holland spake the following on 10/3/2006 9:19 AM: > > An essential component of managing spam is to notify users of what has > > been rejected, and to quarantine the marginal mail rather than deleting it > > or rejecting it. We send out two separate notifications per day to our > > users - one that indicates the mail that has been bounced at SMTP time, > > with reports in the following format: > > > > Oct 2 14:56:02 > > sender: vczr@chrispowerz.wanadoo.co.uk > > recip: user@mango.zw > > server: dsl.static81214188253.ttnet.net.tr > > > > and the other that indicates mail that has been quarantined (where more > > information is available for the report): > > > > 02 Oct 2006 06:30:49 > > From: "PokerBot Max" > > Server: static-66-16-28-242.dsl.cavtel.net [66.16.28.242] > > Date: Sun 01 Oct 2006 23:28:06 -0600 > > Subject: Make Money Online with PokerBot > > Saved as: user@mango.zw 20061002/spam/k924USZ9020056 > > > > The server information is useful for users to quickly pick out the origin > > of the message and often gives a very good indication of the likelihood of > > the mail being genuine or not. > > > > I guess that we would probably bounce or block around 85% of incoming > > connections, with the remainder being split between genuine and > > quarantined mail. We typically quarantine only around 650 messages per > > day, so the storage requirement for our 2500 users is not significant - we > > keep it for 90 days. > Do you have any plans to share your scripts for notifying users? > I know that quarantine report does the latter, but I am curious about the > notifies on SMTP dropped mail. Sure, it isn't a "difficult" process, but why > re-invent the wheel? The two scripts I use are somewhat customised for usage here, and are specific to sendmail. They are a mixture of bash and perl and have just grown to get the job done - not very pretty and they still have a few bugs. I am just a hacker, so my programming style would probably result in much mirth from the real programmers on this list (eg bash pipes in the perl script and sections of perl scripting in the bash script). I would need to tidy them up somewhat to make them more generic. If there is any interest then I would be prepared to let others see them, if only to stimulate them to do better. One of the problems with SMTP whitelisting is that because sites can be blacklisted in so many ways in the access file I wouldn't know where to start with automating the whitelisting. For the moment I just grep the maillog file, find out how the message got blocked, and then take appropriate action in the access file - very tedious. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From jeffm at andersonlabs.com Tue Oct 3 21:27:53 2006 From: jeffm at andersonlabs.com (Jeff Meyer) Date: Tue Oct 3 21:32:16 2006 Subject: symantec scan engine Message-ID: I noticed that MailScanner has support for Symantec Scan Engine, but it doesn't appear to be working correctly. First, had to make a change to the symscanengine-wrapper: changed: prog=savsecls/savsecls to: prog=ssecls/ssecls Then when testing the wrapper: /usr/lib/MailScanner/symscanengine-wrapper /opt/SYMScan /temp eveything works, even tried on eicar test file and it found it. However, when running it with MailScanner, nothing appears to be getting logged when testing with eicar files. McAfee, Bitdefender and ClamAV all log there results, but symantec doesn't. I would like to see when symantec does catch something and when it doesn't. What do I need to do to change this. Jeff From ssilva at sgvwater.com Tue Oct 3 21:49:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 3 21:49:52 2006 Subject: Logwatch Update In-Reply-To: <200610031943.k93JhYcv003183@cat.salemcarriers.com> References: <200610031922.k93JMhoW000686@cat.salemcarriers.com> <200610031943.k93JhYcv003183@cat.salemcarriers.com> Message-ID: Phil Udel spake the following on 10/3/2006 12:42 PM: > OK. Here is the script. Just replace the old Logwatch script with this > one This is much better! Thank you. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From taz at taz-mania.com Tue Oct 3 22:03:03 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Oct 3 22:03:12 2006 Subject: Reject vs. bounce In-Reply-To: Message-ID: Actually what I do is; a lot of smtp rejections for different criteria, then I use MailScanner with SpamAssassin and ClamAV for the email that gets through the smtp phase. If the email scores high with SpamAssassin then I quarantine the email. Each night at midnight each user gets one email with a list of senders and subjects of the email that were quarantined that day and it includes a link to release it if they see from the sender and/or subject it's something they want. After 7 days the quarantined email is deleted from the quarantine. On Tue, 03 Oct 2006 07:21:29 -0400 Tim Boyer wrote: >On Mon, 02 Oct 2006 20:57:21 -0700, Ken wrote: > >>Tim Boyer wrote: >>> Apologies if this has been discussed ad infinitum before. I've been >>>running a >>> mailserver since 1996, but just heard about MailScanner Saturday, >>>thanks to >>> Steve Swaney's excellent talk at the Ohio LinuxFest. >>> >>> I've been using DNSBLs and a private blocklist with SpamAssassin, >>>and ClamAV as >>> milters, so when I reject an email it's rejected, not bounced back >>>to the >>> (99.999% bogus) 'From" address. >>> >>> I've heard and read that MailScanner has a 'bounce' option. Is this >>>what I >>> think it is - a bounce back to the 'From'? Or is it a reject before >>>the >>> connection's been dropped and the email accepted? >>> >>> >>The 'Feature' is pretty much useless, as has been mentioned here many >>times. >>I'd only add that you can do both what you are doing now AND run >>MailScanner to further process your mail using more aggressive >>spamassassin rulesets. Because MailScanner queues and scans mail with >>a >>perl process that uses the spamassassin perl api, you can run tons of >>SA >>rules, rbl and uribl tests, plugins and virus scanners as long as you >>dedicate sufficient resources to the process. It's much more than you >>can do in an smtp transaction. Most users here combine the fast >>milters >>doing some rejections, with MailScanner & SpamAssassin doing the >>heavy >>work. >>Ken Anderson >>Pacific.Net > >That's what I'm doing now, in the smtp transaction, using the >MIMEDefang milter >- running all my SpamAssassin tests there. My fear is that if I move >them from >there to a post-smtp scan, I'll lose the ability to reject. > >For instance, we once got a legitimate sales request that scored over >19 on SA. >/dev/null fodder if ever there was one, but because I reject with a >'email >postmaster if you're real' message, they re-sent and it got through. > If I scan >afterwards, my only real options are discard it or tag it and do >something with >it, right? > >-- >tim boyer >tim@denmantire.com > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------------------------------------------- Dennis Willson taz@taz-mania.com http://www.taz-mania.com Ham: ka6lsw Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, Gas Blender Owner: Kepnet Internet Services Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" From nick.smith67 at googlemail.com Tue Oct 3 22:23:18 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Tue Oct 3 22:23:21 2006 Subject: 4.56.7: "max message size is '40000'" In-Reply-To: References: Message-ID: On 10/2/06, Jeff A. Earickson wrote: > Julian, > > Ok, I hang my head in shame and say that I didn't beta-test > earlier versions of 4.56. September was a busy month. > > I just upgraded from 4.55.10 to 4.56.7 on my setup (Solaris 10, > SA 3.1.5, sophos and clam, dcc 1.3.40). I ran it first in debug > mode to see what would happen (output attached). Not much. > > Then I attempted to fire up 4.56.7 in normal mode. I got zero syslog > output, and nothing seemed to happen except several MS processes > were sucking up CPU time: > > # ps -ef | grep perl > root 15405 15337 0 11:55:16 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 15394 15336 2 11:55:14 ? 0:02 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 15407 19023 0 11:55:16 pts/2 0:00 grep perl > root 15336 1 0 11:55:03 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 15337 15336 3 11:55:03 ? 0:08 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > I did go from version 0.13 to 0.18 of Sys-Syslog, but this does > not seem to have anything to do with this. 4.55.10 works fine with > the new Sys-Syslog. > > So, 4.56.7 never gets off the ground. Any ideas? Any other Solaris 10 > users with this issue? > > Jeff Earickson > Colby College > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > Are you running syslogd with remote mode (ie UDP) enabled? I had to comment out LOG_FROM_REMOTE=NO in /etc/default/syslogd and restart syslogd before it would work - otherwise I saw the same behaviour you describe Cheers Nick From tim at denmantire.com Wed Oct 4 01:06:11 2006 From: tim at denmantire.com (Tim Boyer) Date: Wed Oct 4 01:06:39 2006 Subject: Reject vs. bounce References: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> Message-ID: On Tue, 3 Oct 2006 18:19:12 +0200 (CAT), Jim Holland wrote: > >Once mail has been accepted then why not quarantine all mail that is >flagged as spam? > >An essential component of managing spam is to notify users of what has >been rejected, and to quarantine the marginal mail rather than deleting it >or rejecting it. We send out two separate notifications per day to our >users - one that indicates the mail that has been bounced at SMTP time, >with reports in the following format: > > Oct 2 14:56:02 > sender: vczr@chrispowerz.wanadoo.co.uk > recip: user@mango.zw > server: dsl.static81214188253.ttnet.net.tr > >and the other that indicates mail that has been quarantined (where more >information is available for the report): > > 02 Oct 2006 06:30:49 > From: "PokerBot Max" > Server: static-66-16-28-242.dsl.cavtel.net [66.16.28.242] > Date: Sun 01 Oct 2006 23:28:06 -0600 > Subject: Make Money Online with PokerBot > Saved as: user@mango.zw 20061002/spam/k924USZ9020056 > >The server information is useful for users to quickly pick out the origin >of the message and often gives a very good indication of the likelihood of >the mail being genuine or not. > >I guess that we would probably bounce or block around 85% of incoming >connections, with the remainder being split between genuine and >quarantined mail. We typically quarantine only around 650 messages per >day, so the storage requirement for our 2500 users is not significant - we >keep it for 90 days. > >Regards > >Jim Holland >System Administrator >MANGO - Zimbabwe's non-profit e-mail service I'm rejecting 2,000 per day for 50 users. If I quarantined and had them go through them, it would be as time-consuming as letting them go through. -- tim boyer tim@denmantire.com From tim at denmantire.com Wed Oct 4 01:10:27 2006 From: tim at denmantire.com (Tim Boyer) Date: Wed Oct 4 01:15:11 2006 Subject: Reject vs. bounce References: <4521DFA1.7010302@pacific.net> <45227BBC.9080303@pacific.net> Message-ID: On Tue, 03 Oct 2006 08:03:24 -0700, Ken A wrote: > >Is running SA in both places with different rules not possible? I'd try >that if I had the time to set it up! > >> For instance, we once got a legitimate sales request that scored over 19 on SA. >> /dev/null fodder if ever there was one, but because I reject with a 'email >> postmaster if you're real' message, they re-sent and it got through. If I scan >> afterwards, my only real options are discard it or tag it and do something with >> it, right? > >Right. > >Ken A >Pacific.Net Hmmm.... not a bad idea at all, if I can do it. A set of quick and dirty rules at the smtp level, to reject 99% of the spam, and then another run once through - and quarantine what that tags. -- tim boyer tim@denmantire.com From derek at adcatanzaro.com Wed Oct 4 01:48:25 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Wed Oct 4 01:48:48 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing Message-ID: <452304D9.3090400@adcatanzaro.com> This morning while tailing my maillog I had roughly 200 messages waiting which is pretty normal for me. As the day progressed the number kept increasing all the way up to close to 10,000 messages waiting. I need some help in determining what is causing this or some guidance on what to look for. I have had this happen in the past and it has usually been DNS related but I can rule that out this time. I have named running and I am running a local caching name server and it is working as expected. I did notice several times throughout the day that spamassassin was timing out but I am not sure if this is the actual cause of the backup. The only other thing that has changed on my system is that I have pyzor working now (it was not working before) but that change was made a few days ago and I have not seen a backup like this until today. I have spot checked a few mail files and some emails are coming in by as much as 8 hours late, this is not going to make for a good Wednesday morning. Any suggestions on what to check for would be greatly appreciated. Fedora Core 1 MailScanner 4.49.7 spamassassin 3.1.0 Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jlmiller at mmtnetworks.com.au Wed Oct 4 02:02:53 2006 From: jlmiller at mmtnetworks.com.au (Jon Miller) Date: Wed Oct 4 01:54:20 2006 Subject: Help needed with mailscanner Message-ID: Can anyone help with fixing mailscanner running on a Linux server. The main problem seems that I cannot get the web page to display (console) so I can do the updates and view the stats. Is there a command that can be issue in a terminal session that can do the updates? Thanks Jon -------------- next part --------------
Can anyone help with fixing mailscanner running on a Linux server.  The main problem seems that I cannot get the web page to display (console) so I can do the updates and view the stats.  Is there a command that can be issue in a terminal session that can do the updates?
 
Thanks
 
Jon
From hgh at rcwm.com Wed Oct 4 01:52:25 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Wed Oct 4 02:07:20 2006 Subject: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> Message-ID: <452305C9.5060703@rcwm.com> >> Are you suggesting I change the locktype? >> >> It did hang again last night, and bayesian db is working now as is >> pyzor and razor, so I don't think they are hanging things up. >> > No, changing the locktype shouldn't affect your situation, since you > use Postfix... > What might be happening would be if some stray non-queue file end up > in the hold queue. Check that that isn't happening. > Depending on what you find, you should be able to determine if that is > it, and if so... what is responsible for putting it there:-). > Might be razor still being a bit confused where the logfile should go > (fix is to make sure it knows where too put it by way of the > razor-agent.conf file setting... and making sure the postfix user can > write where you say it should go), or perhaps the tnef expander > placing a file wrong... (don't remember the fix for that... Search the > archives, it has cropped up before... Perhaps switch to the internal > one). > > HtH > Oh!, like the razor-agent file? : -- bastion:/var/spool/postfix/hold# ls -R .: 0 1 2 3 4 5 6 7 8 9 A B C D E F razor-agent.log ./0: 001201623AB 023491623C5 0450A16232B 08A6216233E 09AE916235C 0BEC81623A5 0C45A1623DE 0C8C5162337 0D5561623E4 0F59B1623FD 01A6A162390 03B88162392 074FD16237D 09A571623E9 0BA031623BB 0C2E81623EC 0C67B1623B6 0CA71162364 0DE771623E8 ./1: 102CB161ED8 11253162356 13F63162401 151DF162350 154B216238F 16EFC162403 18F99162346 1AE7516236D 1D06B16239E 1EBF41623DD 10DB916234C 11A9B16236B 14E5C16235A 154201623E1 156B316239A 182E31623D3 196C816233C 1C85A161EDC 1D962162393 1ED64162385 ./2: 200C416237B 239E41623D2 255E8162335 270A9162372 28067162336 287B9162383 29141162387 2948F16236C 2A9CC16233B 2B3F4162348 2C5C01623D6 2DC521623C8 2E5101623AA 2FDE3162343 continues with lots more queued mails..... hgh. Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From hgh at rcwm.com Wed Oct 4 02:36:29 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Wed Oct 4 02:32:56 2006 Subject: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <452305C9.5060703@rcwm.com> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> Message-ID: <4523101D.7000604@rcwm.com> Henry Hollenberg wrote: >>> Are you suggesting I change the locktype? >>> >>> It did hang again last night, and bayesian db is working now as is >>> pyzor and razor, so I don't think they are hanging things up. >>> >> No, changing the locktype shouldn't affect your situation, since you >> use Postfix... >> What might be happening would be if some stray non-queue file end up >> in the hold queue. Check that that isn't happening. >> Depending on what you find, you should be able to determine if that is >> it, and if so... what is responsible for putting it there:-). >> Might be razor still being a bit confused where the logfile should go >> (fix is to make sure it knows where too put it by way of the >> razor-agent.conf file setting... > Oh!, like the razor-agent file? : > > > -- bastion:/var/spool/postfix/hold# ls -R > .: > 0 1 2 3 4 5 6 7 8 9 A B C D E F razor-agent.log > > ./0: > 001201623AB 023491623C5 0450A16232B 08A6216233E 09AE916235C > 0BEC81623A5 0C45A1623DE 0C8C5162337 0D5561623E4 0F59B1623FD Ok, I found a new version of the razor-agent.log file in /var/spool/postfix/.razor/* so I deleted the older /var/spool/postfix/razor-agent.log file. We'll see tonight if that does the trick. hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From hgh at rcwm.com Wed Oct 4 03:18:14 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Wed Oct 4 03:14:31 2006 Subject: Reporting SPAM {Scanned} Message-ID: <452319E6.3000102@rcwm.com> Hey gang, Now that I have this slick mailscanner setup and am not quite so overwhelmed by the sheer volume of SPAM I thought I would try to start reporting some SPAM to the clearing houses using: spamassassin -r SPAM_mail_file Which I understand will not only train my Bayes DB but also submit the email as SPAM to some clearing houses. To start with I wanted to choose some clear cut SPAM and and one good way for me to differentiate from a potential legit organization such as Amazon, or LLBean and a blatant spammer is what I have been calling a dictionary attack..... or an attempt to confuse the BAYES engine with a bunch of words that are thrown together that don't make any real sense usually at the end of a SPAM. To me no legitimate outfit would ever use this scheme/technique. Does that sound reasonable? hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From hgh at rcwm.com Wed Oct 4 03:34:05 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Wed Oct 4 03:30:25 2006 Subject: Reporting SPAM {Scanned} In-Reply-To: <452319E6.3000102@rcwm.com> References: <452319E6.3000102@rcwm.com> Message-ID: <45231D9D.60807@rcwm.com> Henry Hollenberg wrote: > Hey gang, > > Now that I have this slick mailscanner setup and am not > quite so overwhelmed by the sheer volume of SPAM I thought > I would try to start reporting some SPAM to the clearing houses > using: > > spamassassin -r SPAM_mail_file > > Which I understand will not only train my Bayes DB but also > submit the email as SPAM to some clearing houses. > > To start with I wanted to choose some clear cut SPAM and > and one good way for me to differentiate from a potential > legit organization such as Amazon, or LLBean and a blatant > spammer is what I have been calling a dictionary attack..... > or an attempt to confuse the BAYES engine with a bunch of > words that are thrown together that don't make any real sense > usually at the end of a SPAM. > > To me no legitimate outfit would ever use this scheme/technique. > > Does that sound reasonable? > > hgh. > Tried one, yuck, not too good on those attempts. Try again tommorrow. postfix@bastion:~$ spamassassin -r /home/hgh/BAYES/PURE_SPAM/1159729706.M527050P3438V0000000000003005I0005A3DA_18.mail,S=5256:2,S Created user preferences file: /var/spool/postfix/.spamassassin/user_prefs Pyzor -> report failed: Exited with non-zero exit code 1 razor2 report failed: No such file or directory Razor2 report requires authentication at /usr/share/perl5/Mail/SpamAssassin/Reporter.pm line 148. SpamCop -> message older than 2 days, not reporting 1 message(s) examined. postfix@bastion:/home/hgh/BAYES/PURE_SPAM$ spamassassin -r /home/hgh/BAYES/PURE_SPAM/1159925366.M785409P10172V0000000000003005I0005A44F_75.mail,S=51525:2,S Pyzor -> report failed: Exited with non-zero exit code 1 razor2 report failed: No such file or directory Razor2 report requires authentication at /usr/share/perl5/Mail/SpamAssassin/Reporter.pm line 148. SpamCop -> report to vmx1.spamcop.net failed: Net::SMTP error SpamCop -> report to vmx2.spamcop.net failed: Net::SMTP error 1 message(s) examined. hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mike at vesol.com Wed Oct 4 03:30:49 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Oct 4 03:34:05 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <452304D9.3090400@adcatanzaro.com> Message-ID: Are you running a local caching-only nameserver? Are you doing RBL checks from within spamassassin or at the MTA? Any custom SA rulesets? Mike -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Derek Catanzaro Sent: Tuesday, October 03, 2006 7:48 PM To: MailScanner discussion Subject: New Batch: found 200 messages waiting, Number keeps increasing This morning while tailing my maillog I had roughly 200 messages waiting which is pretty normal for me. As the day progressed the number kept increasing all the way up to close to 10,000 messages waiting. I need some help in determining what is causing this or some guidance on what to look for. I have had this happen in the past and it has usually been DNS related but I can rule that out this time. I have named running and I am running a local caching name server and it is working as expected. I did notice several times throughout the day that spamassassin was timing out but I am not sure if this is the actual cause of the backup. The only other thing that has changed on my system is that I have pyzor working now (it was not working before) but that change was made a few days ago and I have not seen a backup like this until today. I have spot checked a few mail files and some emails are coming in by as much as 8 hours late, this is not going to make for a good Wednesday morning. Any suggestions on what to check for would be greatly appreciated. Fedora Core 1 MailScanner 4.49.7 spamassassin 3.1.0 Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From derek at adcatanzaro.com Wed Oct 4 04:21:08 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Wed Oct 4 04:21:43 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: References: Message-ID: <452328A4.5060204@adcatanzaro.com> -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Derek > Catanzaro > Sent: Tuesday, October 03, 2006 7:48 PM > To: MailScanner discussion > Subject: New Batch: found 200 messages waiting, Number keeps increasing > > This morning while tailing my maillog I had roughly 200 messages waiting > which is pretty normal for me. As the day progressed the number kept > increasing all the way up to close to 10,000 messages waiting. I need > some help in determining what is causing this or some guidance on what > to look for. I have had this happen in the past and it has usually been > DNS related but I can rule that out this time. I have named running and > I am running a local caching name server and it is working as expected. > > I did notice several times throughout the day that spamassassin was > timing out but I am not sure if this is the actual cause of the backup. > > The only other thing that has changed on my system is that I have pyzor > working now (it was not working before) but that change was made a few > days ago and I have not seen a backup like this until today. > > I have spot checked a few mail files and some emails are coming in by as > much as 8 hours late, this is not going to make for a good Wednesday > morning. Any suggestions on what to check for would be greatly > appreciated. > > Fedora Core 1 > MailScanner 4.49.7 > spamassassin 3.1.0 > Mike Kercher wrote: > Are you running a local caching-only nameserver? Are you doing RBL > checks from within spamassassin or at the MTA? Any custom SA rulesets? > > Mike > I am caching DNS entries locally for the sake of performance. I do however have my ISP's DNS servers listed as well in case the local machine does not have a name cached. RBL checks are not occurring at the MTA (sendmail) level. The only other rules I have added myself would be the 70_sare_stocks.cf and one other german ruleset to stop german spam, that's all.* *One other thing I have noticed in the log is the following message: "stat=timeout waiting for input during message collect". I am going to see what I can find out about that error. If anyone has any input on that I would appreciate it. Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at vesol.com Wed Oct 4 04:33:15 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Oct 4 04:36:30 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <452328A4.5060204@adcatanzaro.com> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Derek >> Catanzaro >> Sent: Tuesday, October 03, 2006 7:48 PM >> To: MailScanner discussion >> Subject: New Batch: found 200 messages waiting, Number keeps >> increasing >> >> This morning while tailing my maillog I had roughly 200 messages >> waiting which is pretty normal for me. As the day progressed the >> number kept increasing all the way up to close to 10,000 messages >> waiting. I need some help in determining what is causing > this or some >> guidance on what to look for. I have had this happen in > the past and >> it has usually been DNS related but I can rule that out > this time. I >> have named running and I am running a local caching name > server and it is working as expected. >> >> I did notice several times throughout the day that spamassassin was >> timing out but I am not sure if this is the actual cause of > the backup. >> >> The only other thing that has changed on my system is that I have >> pyzor working now (it was not working before) but that > change was made >> a few days ago and I have not seen a backup like this until today. >> >> I have spot checked a few mail files and some emails are > coming in by >> as much as 8 hours late, this is not going to make for a good >> Wednesday morning. Any suggestions on what to check for would be >> greatly appreciated. >> >> Fedora Core 1 >> MailScanner 4.49.7 >> spamassassin 3.1.0 >> > > Mike Kercher wrote: >> Are you running a local caching-only nameserver? Are you doing RBL >> checks from within spamassassin or at the MTA? Any custom > SA rulesets? >> >> Mike >> > > I am caching DNS entries locally for the sake of performance. > I do however have my ISP's DNS servers listed as well in > case the local machine does not have a name cached. RBL > checks are not occurring at the MTA (sendmail) level. The > only other rules I have added myself would be the > 70_sare_stocks.cf and one other german ruleset to stop german > spam, that's all.* > > *One other thing I have noticed in the log is the following message: > "stat=timeout waiting for input during message collect". I > am going to see what I can find out about that error. If > anyone has any input on that I would appreciate it. > > Derek > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. What kind of firewall do you have in place? Mike From mike at vesol.com Wed Oct 4 04:35:53 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Oct 4 04:39:04 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <452328A4.5060204@adcatanzaro.com> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Derek >> Catanzaro >> Sent: Tuesday, October 03, 2006 7:48 PM >> To: MailScanner discussion >> Subject: New Batch: found 200 messages waiting, Number keeps >> increasing >> >> This morning while tailing my maillog I had roughly 200 messages >> waiting which is pretty normal for me. As the day progressed the >> number kept increasing all the way up to close to 10,000 messages >> waiting. I need some help in determining what is causing > this or some >> guidance on what to look for. I have had this happen in > the past and >> it has usually been DNS related but I can rule that out > this time. I >> have named running and I am running a local caching name > server and it is working as expected. >> >> I did notice several times throughout the day that spamassassin was >> timing out but I am not sure if this is the actual cause of > the backup. >> >> The only other thing that has changed on my system is that I have >> pyzor working now (it was not working before) but that > change was made >> a few days ago and I have not seen a backup like this until today. >> >> I have spot checked a few mail files and some emails are > coming in by >> as much as 8 hours late, this is not going to make for a good >> Wednesday morning. Any suggestions on what to check for would be >> greatly appreciated. >> >> Fedora Core 1 >> MailScanner 4.49.7 >> spamassassin 3.1.0 >> > > Mike Kercher wrote: >> Are you running a local caching-only nameserver? Are you doing RBL >> checks from within spamassassin or at the MTA? Any custom > SA rulesets? >> >> Mike >> > > I am caching DNS entries locally for the sake of performance. > I do however have my ISP's DNS servers listed as well in > case the local machine does not have a name cached. RBL > checks are not occurring at the MTA (sendmail) level. The > only other rules I have added myself would be the > 70_sare_stocks.cf and one other german ruleset to stop german > spam, that's all.* > > *One other thing I have noticed in the log is the following message: > "stat=timeout waiting for input during message collect". I > am going to see what I can find out about that error. If > anyone has any input on that I would appreciate it. > > Derek > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. You might also try adding to sendmail.mc: define(`confTO_IDENT',`0s')dnl rebuild your sendmail.cf, restart MailScanner and see if that helps. Mike From derek at adcatanzaro.com Wed Oct 4 04:48:00 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Wed Oct 4 04:48:25 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: References: Message-ID: <45232EF0.8050409@adcatanzaro.com> Mike Kercher wrote: > mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > >> -----Original Message----- >> >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On >>> >> Behalf Of Derek >> >>> Catanzaro >>> Sent: Tuesday, October 03, 2006 7:48 PM >>> To: MailScanner discussion >>> Subject: New Batch: found 200 messages waiting, Number keeps >>> increasing >>> >>> This morning while tailing my maillog I had roughly 200 messages >>> waiting which is pretty normal for me. As the day progressed the >>> number kept increasing all the way up to close to 10,000 messages >>> waiting. I need some help in determining what is causing >>> >> this or some >> >>> guidance on what to look for. I have had this happen in >>> >> the past and >> >>> it has usually been DNS related but I can rule that out >>> >> this time. I >> >>> have named running and I am running a local caching name >>> >> server and it is working as expected. >> >>> I did notice several times throughout the day that spamassassin was >>> timing out but I am not sure if this is the actual cause of >>> >> the backup. >> >>> The only other thing that has changed on my system is that I have >>> pyzor working now (it was not working before) but that >>> >> change was made >> >>> a few days ago and I have not seen a backup like this until today. >>> >>> I have spot checked a few mail files and some emails are >>> >> coming in by >> >>> as much as 8 hours late, this is not going to make for a good >>> Wednesday morning. Any suggestions on what to check for would be >>> greatly appreciated. >>> >>> Fedora Core 1 >>> MailScanner 4.49.7 >>> spamassassin 3.1.0 >>> >>> >> Mike Kercher wrote: >> >>> Are you running a local caching-only nameserver? Are you doing RBL >>> checks from within spamassassin or at the MTA? Any custom >>> >> SA rulesets? >> >>> Mike >>> >>> >> I am caching DNS entries locally for the sake of performance. >> I do however have my ISP's DNS servers listed as well in >> case the local machine does not have a name cached. RBL >> checks are not occurring at the MTA (sendmail) level. The >> only other rules I have added myself would be the >> 70_sare_stocks.cf and one other german ruleset to stop german >> spam, that's all.* >> >> *One other thing I have noticed in the log is the following message: >> "stat=timeout waiting for input during message collect". I >> am going to see what I can find out about that error. If >> anyone has any input on that I would appreciate it. >> >> Derek >> >> -- >> This message has been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> > > What kind of firewall do you have in place? > > Mike > -- > No firewall running on my linux box. Security is administered elsewhere by my WAN group. I have the following ports opened for this server: * Regular tcp SMTP port (25) (of course...) * Razor2 tcp ports 2703 and 7 (outgoing) * Pyzor udp port 24441 (outgoing) * DCC udp port 6277 (outgoing) * Of course, DNS ports (outgoing) Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at vesol.com Wed Oct 4 04:50:28 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Oct 4 04:53:45 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <45232EF0.8050409@adcatanzaro.com> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : >>> >> >> What kind of firewall do you have in place? >> >> Mike >> -- >> > No firewall running on my linux box. Security is > administered elsewhere by my WAN group. I have the following > ports opened for this server: > > * > Regular tcp SMTP port (25) (of course...) > * > Razor2 tcp ports 2703 and 7 (outgoing) > * > Pyzor udp port 24441 (outgoing) > * > DCC udp port 6277 (outgoing) > * > Of course, DNS ports (outgoing) > > Derek > > I wonder if that might be part of your problem. I've read where certain PIX firewalls and Cisco routers with older IOS versions can cause problems such as your timeout issues. I'd also suspect that the spamassassin timeouts are due to sluggish DNS queries. Are you using any RBL's in your MailScanner.conf? If so, try disabling those and see if your queue processes any faster. Mike From derek at adcatanzaro.com Wed Oct 4 05:07:59 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Wed Oct 4 05:08:24 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: References: Message-ID: <4523339F.2050601@adcatanzaro.com> Mike Kercher wrote: > mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > >>> What kind of firewall do you have in place? >>> >>> Mike >>> -- >>> >>> >> No firewall running on my linux box. Security is >> administered elsewhere by my WAN group. I have the following >> ports opened for this server: >> >> * >> Regular tcp SMTP port (25) (of course...) >> * >> Razor2 tcp ports 2703 and 7 (outgoing) >> * >> Pyzor udp port 24441 (outgoing) >> * >> DCC udp port 6277 (outgoing) >> * >> Of course, DNS ports (outgoing) >> >> Derek >> >> >> > > I wonder if that might be part of your problem. I've read where certain > PIX firewalls and Cisco routers with older IOS versions can cause > problems such as your timeout issues. I'd also suspect that the > spamassassin timeouts are due to sluggish DNS queries. Are you using > any RBL's in your MailScanner.conf? If so, try disabling those and see > if your queue processes any faster. > > Mike > -- > I will see how things go in the morning. Right now I'm back down to about 150 messages waiting which is normal for me. It took most of the day and some of the night for it to chew through the nearly 10,000 that accumulated through the day. I have not had an issue like this for some time and prior to this it was DNS queries causing the problem, that is when I implemented the local caching name server and it has been pretty solid since then. I am using the following in MailScanner.conf. Spam List = ORDB-RBL SBL+XBL I will try your suggestions if the problem occurs again. I appreciate the feedback. Thanks for your help. Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgt at stellarcore.net Wed Oct 4 05:19:55 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Wed Oct 4 05:20:10 2006 Subject: Logwatch Update (Phil Udel) In-Reply-To: <200610040234.k942YkCw009554@bkserver.blacknight.ie> References: <200610040234.k942YkCw009554@bkserver.blacknight.ie> Message-ID: <4523366B.9090105@stellarcore.net> The logwatch script you used as your base was pretty old # $Id: mailscanner,v 1.4 2004/06/21 14:59:05 kirk Exp $ The most recent is # $Id: mailscanner,v 1.24 2006/04/06 14:01:31 mike Exp $ I generally keep a current copy here http://www.stellarcore.net/downloads/mailscanner Or you can always get in out of cvs at logwatch.org. Having said that I'll see if I can roll your changes into the current version. I'd also encourge you [and everyone who uses logwatch] to upgrade to the 7.3.1 release it. -Mike From glenn.steen at gmail.com Wed Oct 4 08:18:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 4 08:18:43 2006 Subject: Reject vs. bounce In-Reply-To: References: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> Message-ID: <223f97700610040018u7ef9db3bi50a6fbd87c998aca@mail.gmail.com> On 03/10/06, Jim Holland wrote: > > On 03/10/06, Tim Boyer wrote: > > (Snip good comment by Ken A) > > > > > > That's what I'm doing now, in the smtp transaction, using the MIMEDefang milter > > > - running all my SpamAssassin tests there. My fear is that if I move them from > > > there to a post-smtp scan, I'll lose the ability to reject. > > > > Well, from a resource standpoint... You'd only be able to do rejection > > after DATA, so all that would land you is that you don't "take > > responsibility" for the NDN... You still gobble down all the message. > > > > > For instance, we once got a legitimate sales request that scored over 19 on SA. > > > /dev/null fodder if ever there was one, but because I reject with a 'email > > > postmaster if you're real' message, they re-sent and it got through. If I scan > > > afterwards, my only real options are discard it or tag it and do something with > > > it, right? > > eg quarantine it - see below. As was one of my points... > > To be able to do that type of thing, you'd be needing "bounces" yes. > > Bouncing should always be done at SMTP time and not by MailScanner - for > reasons already stated by others. Jim, who are you trying to convince?;) I'm part on the choir on this one (although I prefer to refer to SMTP time "bounces" as the rejections they really are;-). On the straight question from Tim though, he is correct that if you have accepted the message, you need bounce it to mimic the same behaviour. That it is icky and error-prone and that Jules nice informative bounces are not really helping for general wholesale bouncing is another matter. > > > Or use a quarantine, perhaps with a very short retention period > > (perhaps only viable for smaller setups, like mine:-). > > Once mail has been accepted then why not quarantine all mail that is > flagged as spam? Yes, this is exactly what I do. If the quarantine grows out of proportion, I will employ different retention periods for high/low scoring spam... but so far that has not been needed (for me). Hence my suggestion. > > An essential component of managing spam is to notify users of what has > been rejected, and to quarantine the marginal mail rather than deleting it > or rejecting it. (snip nice policy-dependant suggestions/descriptions) > I guess that we would probably bounce or block around 85% of incoming > connections, with the remainder being split between genuine and > quarantined mail. We typically quarantine only around 650 messages per > day, so the storage requirement for our 2500 users is not significant - we > keep it for 90 days. On any day, I see typically the same number of quarantined messages, for our very much fewer users. So far that has been manageable (I do have the same default retention period as you have... Well, actually 93 days:). The policy I toil under (which is in a large part driven by applicaple law (for .gov in Sweden)) doesn't come out and say that it is the recipients that need inspect the quarantine though, so we only have a few people doing that (with MailWatch, no less:-). So (as with everything) it comes down to law, standard and policy regarding what you can do, and how... as usual:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Oct 4 08:26:03 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 4 08:26:07 2006 Subject: Reject vs. bounce In-Reply-To: References: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> Message-ID: <223f97700610040026k412065e9md61050b85ab943b5@mail.gmail.com> On 04/10/06, Tim Boyer wrote: (snip) > > I'm rejecting 2,000 per day for 50 users. If I quarantined and had them go > through them, it would be as time-consuming as letting them go through. > But are all 2000 SA-driven? Could you perhaps use "other measures" (like rfc strictness, only accepting valid addresses, greet_pause, graylist, whatever) to slim that down (assuming you don't do all/any of that already:-)? Might make quarantining a more palatable option. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Wed Oct 4 08:28:56 2006 From: res at ausics.net (Res) Date: Wed Oct 4 08:29:02 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <4523339F.2050601@adcatanzaro.com> References: <4523339F.2050601@adcatanzaro.com> Message-ID: On Wed, 4 Oct 2006, Derek Catanzaro wrote: > I will see how things go in the morning. Right now I'm back down to about > 150 messages waiting which is normal for me. It took most of the day and > some of the night for it to chew through the nearly 10,000 that accumulated > through the day. I have not had an issue like this for some time and prior > to this it was DNS queries causing the problem, that is when I implemented > the local caching name server and it has been pretty solid since then. I am > using the following in MailScanner.conf. next time it happens disable spamassassin -- Cheers Res "Just a world that we all must share, it's not enough just to stand and stare, is it only a dream that there'll be no more turning away" - Floyd From drew at technologytiger.net Wed Oct 4 08:42:21 2006 From: drew at technologytiger.net (Drew Marshall) Date: Wed Oct 4 08:42:40 2006 Subject: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <452305C9.5060703@rcwm.com> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> Message-ID: <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> On Wed, October 4, 2006 01:52, Henry Hollenberg wrote: >>> Are you suggesting I change the locktype? >>> >>> It did hang again last night, and bayesian db is working now as is >>> pyzor and razor, so I don't think they are hanging things up. >>> >> No, changing the locktype shouldn't affect your situation, since you >> use Postfix... >> What might be happening would be if some stray non-queue file end up >> in the hold queue. Check that that isn't happening. >> Depending on what you find, you should be able to determine if that is >> it, and if so... what is responsible for putting it there:-). >> Might be razor still being a bit confused where the logfile should go >> (fix is to make sure it knows where too put it by way of the >> razor-agent.conf file setting... and making sure the postfix user can >> write where you say it should go), or perhaps the tnef expander >> placing a file wrong... (don't remember the fix for that... Search the >> archives, it has cropped up before... Perhaps switch to the internal >> one). >> >> HtH >> > > Oh!, like the razor-agent file? : Yup, just like that. Never one to say told you so but... :-) Having said that, you have fixed the cause so delete that one (Oh I see from your next message you have. Nice to see you are continuing the tradition of Postfix users replying to themselves ;-) Keep up the good work :-> ) You shuld now have few (No?) problems and a damn sight less Spam. Regards Drew From MailScanner at ecs.soton.ac.uk Wed Oct 4 08:52:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 4 08:52:44 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spam scoring? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38A3D@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38A3D@CHI-US-EXCH-01.us.kmz.com> Message-ID: <45236837.20409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Duncan, Brian M. wrote: > > For those of us that are environments that support MS Exchange and > Outlook 2003+ at the desktop, the capability to support MS IMF (MS > Exchange Intelligent Message Filter scoring) from the network edge is > very beneficial. > > Most organizations that have SpamAssassin/Mailscanner at the edge of > their network rely on custom created rules on clients to move the > SpamAssassin tagged messages into their local "Junk-Mail" folder or > Spam folder - Or delete them right away. > > This leads to support issues in large organizations. Creating custom > exceptions etc, usually in most companies these local users cannot > manage the rules efficiently. > > MS in the last year has released a free add-on for Exchange that works > very similarly to SpamAssassin it assigns a Score to a message that > looks to be in the headers. Exchange will then automatically put > messages based on the local Outlook clients preference level into > their local Junk Mail folder. The great thing with this is that users > can just right click on messages and add to their "white list" or do > complete domains. No custom scripts to create, much easier to > support in a large environment. > > If SpamAssassin/Mailscanner could support adding the IMF headers at > the edge, then those that would still like to leverage a SpamAssassin > (or any product for that matter, as long as it used the IMF score > header) solution at the edge of their network they could do so > easily. You could tune your MS Exchange servers to not be reactive > and the SpamAssasin edge products would dictate what was Spam and what > was not. > > Microsoft with Exchange 12 is pushing companies into putting > Exchange at the edge of a network . I have already had this discussion > in my environment and that I do not think it makes sense given that > Sendmail + Mailscanner + SpamAssassin is almost rock solid. > > At the end of this is a previous message to this mailing list that is > asking for the same thing that I am. > > Does anyone have anything to add to this or is this request really not > that worthwhile. > > Just the capability of being able to add a generic header to all Spam > detected messages would be a great start: > > X-MS-Exchange-Organization-SCL: 6.5 Read the docs. Check out "Spam Actions" and the "header" action. > > (I have already tested this, all headers that are added by Mailscanner > seems to include additional information added to the same line) > > Thanks > > Brian Duncan > > brian.duncan@kattenlaw.com > > P.S. > > There is already a product that can sit on an Exchange server that > will convert SpamAssassin scores to equivalent MS IMF Scores. It > would be great if we could handle it from the Unix/Linux side > transparently. (It's called Assassin2Exchange filter) > > http://www.smtptracker.com/ > > Previous message that went unanswered to this list: > > >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it > to deal with spam messages identified by systems like MailScanner or > other appliance based solutions. > > >Basically, it looks for the following header(s): > > >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) > >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) > > >More details can be found at: > > >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5c2-8509-4b25-9876-763536e77c27.mspx?mfr=true > > >So, my question is -- can I add this header with MailScanner, > inserting the appropriate spam score after the header, e.g.: > > >X-MS-Exchange-Organization-SCL:5 > > >The trick is, I don't want to mess with my existing header adds, I > want to add this in addition to my normal ones (X-Spam-Score: XX). I > see where I can add additional headers in the: > > >Spam Actions = deliver header "X-Spam-Status: Yes" > > >However, it is unclear how to insert the spam score "value" in the > "value" area that it needs to be in. It is also unclear from the > Microsoft docs if the "score" can be anything other than whole numbers > (e.g. can't be 5.5 but 5 is OK). So, a way to "round" the score would > be helpful. > > >Any pointers? > > >-- > > >----------------------------------------- > >Mike Bacher / listacct@tulsaconnect.com > > >TCIS - TulsaConnect Internet Services > >http://www.tulsaconnect.com > >----------------------------------------- > =========================================================== > CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice > Before the Internal Revenue Service, any tax advice contained herein > is not intended or written to be used and cannot be used by a taxpayer > for the purpose of avoiding tax penalties that may be imposed on the > taxpayer. > =========================================================== > CONFIDENTIALITY NOTICE: > This electronic mail message and any attached files contain > information intended for the exclusive use of the individual or entity > to whom it is addressed and may contain information that is > proprietary, privileged, confidential and/or exempt from disclosure > under applicable law. If you are not the intended recipient, you are > hereby notified that any viewing, copying, disclosure or distribution > of this information may be subject to legal restriction or sanction. > Please notify the sender, by electronic mail or telephone, of any > unintended recipients and delete the original message without making > any copies. > =========================================================== > NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited > liability partnership that has elected to be governed by the Illinois > Uniform Partnership Act (1997). > =========================================================== > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFI2g3EfZZRxQVtlQRApmeAKDY2TS57caPkJJWBNGp6PsnVAuhhQCgzUeP SzU9gPH/s2ubwKh+r6awq/Q= =+mJt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 4 08:53:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 4 08:53:36 2006 Subject: MailScanner settings In-Reply-To: <1159893352.18636.8.camel@localhost> References: <1159893352.18636.8.camel@localhost> Message-ID: <4523686C.2030201@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, they do. Michael Baird wrote: > I've got a canned hosting package which uses MailScanner (Ensim). It > doesn't use spamassassin within mailscanner, but I've activated spam > checks and added spam lists. My question is, with spamassassin = no do > the high scoring spam actions work in relation to the spam lists (I want > 2 hits of spam list to go high scoring which I want to have deleted at > this point in processing). > > Regards > Michael Baird > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFI2hsEfZZRxQVtlQRAvKrAKD9EmXiSA1vyUrly6FkvzuiaZUubgCgnReP /5Ox0mcv53vIIofkFCn1qSM= =ibsr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From martinh at solidstatelogic.com Wed Oct 4 08:54:01 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Wed Oct 4 08:54:11 2006 Subject: "Friends Only" In-Reply-To: References: <4520E3E1.1050600@statsbiblioteket.dk> <45211153.3030509@jlewiscooper.com> <45212506.8060906@coders.co.uk> <45212855.2030102@solidstatelogic.com> <45218A81.20503@evi-inc.com> Message-ID: <45236899.3040708@solidstatelogic.com> Dan Hollis wrote: > On Tue, 3 Oct 2006, James Gray wrote: >> On 03/10/2006, at 10:11 AM, Dan Hollis wrote: >>> Why shouldn't I be able to blacklist individual known spam SOAs? >> Why not use the URIBL lists like "OutBlaze" and friends. Not exactly >> what you're after but I've found them extremely effective in combating >> URLs etc that link to known spammers' domains. > > The problem is that spammers are now using hundreds of totally > randomized domains, making URIBL pretty useless. > > -Dan Dan I'd agree with Matt here - the URI-BLs are wonderful at trapping expectially JP and the URIBLACK added in with MailScanner's mailscanner.cf. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solidstatelogic.com Wed Oct 4 08:56:13 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Wed Oct 4 08:56:21 2006 Subject: Help needed with mailscanner In-Reply-To: References: Message-ID: <4523691D.601@solidstatelogic.com> Jon Miller wrote: > Can anyone help with fixing mailscanner running on a Linux server. The main problem seems that I cannot get the web page to display (console) so I can do the updates and view the stats. Is there a command that can be issue in a terminal session that can do the updates? > > Thanks > > Jon > > > ------------------------------------------------------------------------ > > > > > > >
Can anyone help with fixing mailscanner running on a Linux server.  > The main problem seems that I cannot get the web page to display (console) so I > can do the updates and view the stats.  Is there a command that can be > issue in a terminal session that can do the updates?
>
 
>
Thanks
>
 
>
Jon
> Jon MailScanner doesn't come with a html interface, which add-on are you using? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Oct 4 08:56:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 4 08:57:06 2006 Subject: symantec scan engine In-Reply-To: References: Message-ID: <4523693D.9070108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You need to send me a fully licenced copy of the package, including any licence keys I will need to install it. I personally guarantee that I will not use it for anything other than development, and I guarantee that no-one else will get access to it. Remember, I've got a reputation to protect. Please send it all to me off-list! Jeff Meyer wrote: > I noticed that MailScanner has support for Symantec Scan Engine, but > it doesn't appear to be working correctly. > > First, had to make a change to the symscanengine-wrapper: > changed: > prog=savsecls/savsecls > to: > prog=ssecls/ssecls > > Then when testing the wrapper: > /usr/lib/MailScanner/symscanengine-wrapper /opt/SYMScan /temp > eveything works, even tried on eicar test file and it found it. > > However, when running it with MailScanner, nothing appears to be > getting logged when testing with eicar files. McAfee, Bitdefender and > ClamAV all log there results, but symantec doesn't. I would like to > see when symantec does catch something and when it doesn't. > > What do I need to do to change this. > > Jeff > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFI2k+EfZZRxQVtlQRAmjgAJ9uXuwpt7CpRybVVooicKE0qZ/TZwCgpqoN 6rhfvTQiBVB2g9yILPnBpbs= =N9Ji -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ckowarzik at email.de Wed Oct 4 09:10:53 2006 From: ckowarzik at email.de (Christian Kowarzik) Date: Wed Oct 4 09:10:49 2006 Subject: OT: spamassassin-3.1.5 sa-lean mbx-mailbox Bug Message-ID: <45236C8D.6010704@email.de> Just for those of you - using mbx-mailbox format and - want to update to spamassassin 3.1.5 => sa-lean in 3.1.5 is broken for mbx-mailbox format for references and patch check http://thread.gmane.org/gmane.mail.spam.spamassassin.general/87109/focus=87134 http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5101 christian From MailScanner at ecs.soton.ac.uk Wed Oct 4 09:31:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 4 09:31:26 2006 Subject: OT: MailScanner-MRTG config Message-ID: <45237146.5020600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just installed it from RPM and I get the error message: You are seeing this message because your apache install is not configured correctly for MailScanner-MRTG. Please ensure that mod_include is loaded by apache I have a stock RHEL4 install, which appears to have mod_include loaded by default, so why isn't it working? Never did understand Apache installs, too damn complicated by half. Thanks folks! Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFI3FHEfZZRxQVtlQRAsyYAJ9jsL8CHJINfV63UsagFea6qhSXGwCfU3TN JiZ+EgFxTjchpZ2sTOkrnLs= =nXcu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From jethro.binks at strath.ac.uk Wed Oct 4 09:56:29 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed Oct 4 09:56:34 2006 Subject: Reject vs. bounce In-Reply-To: <223f97700610040018u7ef9db3bi50a6fbd87c998aca@mail.gmail.com> References: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> <223f97700610040018u7ef9db3bi50a6fbd87c998aca@mail.gmail.com> Message-ID: <20061004092246.J3389@defjam.cc.strath.ac.uk> On Wed, 4 Oct 2006, Glenn Steen wrote: > > > To be able to do that type of thing, you'd be needing "bounces" yes. > > > > Bouncing should always be done at SMTP time and not by MailScanner - for > > reasons already stated by others. > Jim, who are you trying to convince?;) I'm part on the choir on this > one (although I prefer to refer to SMTP time "bounces" as the > rejections they really are;-). While I think 'bounces' is fairly clear, I always felt that 'reject' was slightly ambiguous: is that reject before receiving (at SMTP time), or afterwards (by bouncing)? Hence, I try and force myself to say "refuse to accept" instead, which is also clearer when explaining things to the end user (failed sender or potential receiver). Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From martin.lyberg at gmail.com Wed Oct 4 10:15:52 2006 From: martin.lyberg at gmail.com (Martin) Date: Wed Oct 4 10:16:55 2006 Subject: Logwatch Update In-Reply-To: <200610031836.k93IagoW027688@cat.salemcarriers.com> References: <4522A735.4070500@evi-inc.com> <200610031836.k93IagoW027688@cat.salemcarriers.com> Message-ID: Phil Udel wrote: > > Hi > Not sure if anyone would like this but I just finished updating my > MS Logwatch Script. I add Mailwatch, Whitelist SQL, Blacklist SQL, Clamav, > and Some other messages > I cleaned up about 28 Daily **Unmatched Entries** This looks interesting. But beeing a noob, how do i use this? :) Thank you From jlmiller at mmtnetworks.com.au Wed Oct 4 11:12:31 2006 From: jlmiller at mmtnetworks.com.au (Jon Miller) Date: Wed Oct 4 11:03:57 2006 Subject: Help needed with mailscanner Message-ID: MailWatch I'm assuming as I did not put this system together another engineer did and now he is in the states. Supposedly it has MailScanner, MailWatch, Sophos as the AntiVirus component and Spam Assassin as the Spam filter. Thanks >>> martinh@solidstatelogic.com 3:56:13 pm 4/10/2006 >>> Jon Miller wrote: > Can anyone help with fixing mailscanner running on a Linux server. The main problem seems that I cannot get the web page to display (console) so I can do the updates and view the stats. Is there a command that can be issue in a terminal session that can do the updates? > > Thanks > > Jon > > > ------------------------------------------------------------------------ > > > > > > >
Can anyone help with fixing mailscanner running on a Linux server.  > The main problem seems that I cannot get the web page to display (console) so I > can do the updates and view the stats.  Is there a command that can be > issue in a terminal session that can do the updates?
>
 
>
Thanks
>
 
>
Jon
> Jon MailScanner doesn't come with a html interface, which add-on are you using? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Wed Oct 4 11:10:22 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Wed Oct 4 11:10:38 2006 Subject: Help needed with mailscanner In-Reply-To: References: Message-ID: <4523888E.9070907@solidstatelogic.com> Jon Miller wrote: > MailWatch I'm assuming as I did not put this system together another engineer did and now he is in the states. > Supposedly it has MailScanner, MailWatch, Sophos as the AntiVirus component and Spam Assassin as the Spam filter. > > Thanks > >>>> martinh@solidstatelogic.com 3:56:13 pm 4/10/2006 >>> > Jon Miller wrote: >> Can anyone help with fixing mailscanner running on a Linux server. The main problem seems that I cannot get the web page to display (console) so I can do the updates and view the stats. Is there a command that can be issue in a terminal session that can do the updates? >> >> Thanks >> >> Jon >> >> >> ------------------------------------------------------------------------ >> >> >> >> >> >> >>
Can anyone help with fixing mailscanner running on a Linux server.  >> The main problem seems that I cannot get the web page to display (console) so I >> can do the updates and view the stats.  Is there a command that can be >> issue in a terminal session that can do the updates?
>>
 
>>
Thanks
>>
 
>>
Jon
>> > Jon > > MailScanner doesn't come with a html interface, which add-on are you using? > Jon ah - ask on the MailWatch mailing list...a bit more ontopic there ;-) -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From a.peacock at chime.ucl.ac.uk Wed Oct 4 11:26:29 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Oct 4 11:27:06 2006 Subject: Help needed with mailscanner In-Reply-To: References: Message-ID: <45238C55.20907@chime.ucl.ac.uk> Hi Jon, Jon Miller wrote: > MailWatch I'm assuming as I did not put this system together another engineer did and now he is in the states. > Supposedly it has MailScanner, MailWatch, Sophos as the AntiVirus component and Spam Assassin as the Spam filter. > > Thanks > >>>> martinh@solidstatelogic.com 3:56:13 pm 4/10/2006 >>> > Jon Miller wrote: >> Can anyone help with fixing mailscanner running on a Linux server. The main problem seems that I cannot get the web page to display (console) so I can do the updates and view the stats. Is there a command that can be issue in a terminal session that can do the updates? >> >> Thanks >> >> Jon >> >> >> ------------------------------------------------------------------------ >> >> >> >> >> >> >>
Can anyone help with fixing mailscanner running on a Linux server.  >> The main problem seems that I cannot get the web page to display (console) so I >> can do the updates and view the stats.  Is there a command that can be >> issue in a terminal session that can do the updates?
>>
 
>>
Thanks
>>
 
>>
Jon
>> > Jon > > MailScanner doesn't come with a html interface, which add-on are you using? > As far as I can see there are two questions in your request. 1. How do I get the web interface to work? 2. How can I do updates without the web interface? For number 1 you probably need to ask on the MailWatch list. Before you do that though you should get a better fault description than "cannot get the web page to display", do you get an error, check the server logs to see if there is an error in there. Was this working before? What has changed since then? For number 2 you need to be more explicit in what you mean by updates. The whole system you describe is made up of many components, pulled together by Mailscanner. Each of these can be updated, but the method for each may be different. Do you want to upgrade th various components to newer versions? Do you want to make sure the virus checkers are updating their virus libraries? Do you want to update the spam detection rules of SpamAssassin? If you can be clearer about this I am sure many people on this list could help. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From hgh at rcwm.com Wed Oct 4 11:42:14 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Wed Oct 4 11:38:25 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> Message-ID: <45239006.6080905@rcwm.com> SOLVED: razor-agent.log file in mailscanner incoming queue directory /var/spool/postfix/hold was hanging mailscanner on automatic restart every 14400 seconds. Synopsis top-posted for your convenience. See reply to Drew as bottom-post below. hgh. Drew Marshall wrote: > On Wed, October 4, 2006 01:52, Henry Hollenberg wrote: > >>>>Are you suggesting I change the locktype? >>>> >>>>It did hang again last night, and bayesian db is working now as is >>>>pyzor and razor, so I don't think they are hanging things up. >>>> >>> >>>No, changing the locktype shouldn't affect your situation, since you >>>use Postfix... >>>What might be happening would be if some stray non-queue file end up >>>in the hold queue. Check that that isn't happening. >>>Depending on what you find, you should be able to determine if that is >>>it, and if so... what is responsible for putting it there:-). >>>Might be razor still being a bit confused where the logfile should go >>>(fix is to make sure it knows where too put it by way of the >>>razor-agent.conf file setting... and making sure the postfix user can >>>write where you say it should go), or perhaps the tnef expander >>>placing a file wrong... (don't remember the fix for that... Search the >>>archives, it has cropped up before... Perhaps switch to the internal >>>one). >>> >>>HtH >>> >> >>Oh!, like the razor-agent file? : > > > Yup, just like that. Never one to say told you so but... :-) > > Having said that, you have fixed the cause so delete that one (Oh I see > from your next message you have. Nice to see you are continuing the > tradition of Postfix users replying to themselves ;-) Keep up the good > work :-> ) > > You shuld now have few (No?) problems and a damn sight less Spam. > > Regards > > Drew > Talk to myself alot too, anyway, that seemed to fix it as my mailbox has 21 general emails in it (non-mailing list mails). Damn sight less than the 100+ I was waking up to. 3 were appropriately labeled as SPAM 17 slipped thru 1 valid email about a dead disk at work Thanks for all the help! -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Wed Oct 4 11:55:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 4 11:55:30 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <45239006.6080905@rcwm.com> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> Message-ID: <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> On 04/10/06, Henry Hollenberg wrote: > SOLVED: razor-agent.log file in mailscanner incoming queue directory > /var/spool/postfix/hold was hanging mailscanner on automatic > restart every 14400 seconds. Synopsis top-posted for your convenience. > See reply to Drew as bottom-post below. hgh. > Somewhat a known issue. Good to know what solved it for you though. > Drew Marshall wrote: > > On Wed, October 4, 2006 01:52, Henry Hollenberg wrote: (snip) > >>Oh!, like the razor-agent file? : > > > > > > Yup, just like that. Never one to say told you so but... :-) > > > > Having said that, you have fixed the cause so delete that one (Oh I see > > from your next message you have. Nice to see you are continuing the > > tradition of Postfix users replying to themselves ;-) Keep up the good > > work :-> ) > > > > You shuld now have few (No?) problems and a damn sight less Spam. > > > > Regards > > > > Drew > > > > Talk to myself alot too, anyway, that seemed to fix it > as my mailbox has 21 general emails in it (non-mailing list > mails). Damn sight less than the 100+ I was waking up to. > > 3 were appropriately labeled as SPAM > 17 slipped thru > 1 valid email about a dead disk at work Were those image type spam? I find ImageInfo (http://www.rulesemporium.com/plugins.htm) fixes that well for me... Or one could do FuzzyOcr (look at the apache spamassassin site...). > Thanks for all the help! We do what we can:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ryanw at falsehope.com Wed Oct 4 12:08:36 2006 From: ryanw at falsehope.com (Ryan Weaver) Date: Wed Oct 4 12:09:02 2006 Subject: Logwatch Update In-Reply-To: <4523366B.9090105@stellarcore.net> Message-ID: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com> ----Original Message---- From: Mike Tremaine Sent: Tuesday, October 03, 2006 11:20 PM To: mailscanner@lists.mailscanner.info Subject: RE: Logwatch Update (Phil Udel) > Or you can always get in out of cvs at logwatch.org. Having said > that I'll see if I can roll your changes into the current version. > I'd also encourge you [and everyone who uses logwatch] to upgrade > to the 7.3.1 release it. > > -Mike If you are running RedHat or CentOS, the Razor's Edge RPM Repository keeps logwatch fairly up to date.... http://rpm.razorsedge.org/ Thanks, Ryan From jlmiller at mmtnetworks.com.au Wed Oct 4 12:56:57 2006 From: jlmiller at mmtnetworks.com.au (Jon Miller) Date: Wed Oct 4 12:48:38 2006 Subject: Help needed with mailscanner Message-ID: For number 2 you need to be more explicit in what you mean by updates. The whole system you describe is made up of many components, pulled together by Mailscanner. Each of these can be updated, but the method for each may be different. Do you want to upgrade th various components to newer versions? Do you want to make sure the virus checkers are updating their virus libraries? Do you want to update the spam detection rules of SpamAssassin? Thanks for the reply: for now until a new system is put together and tested I want to make sure that the spam detection rules of SpamAssassin are up to date. I can do the Sophos updates. Currently not interested in upgrading the MailScanner program. Thanks Jon >>> a.peacock@chime.ucl.ac.uk 6:26:29 pm 4/10/2006 >>> Hi Jon, Jon Miller wrote: > MailWatch I'm assuming as I did not put this system together another engineer did and now he is in the states. > Supposedly it has MailScanner, MailWatch, Sophos as the AntiVirus component and Spam Assassin as the Spam filter. > > Thanks > >>>> martinh@solidstatelogic.com 3:56:13 pm 4/10/2006 >>> > Jon Miller wrote: >> Can anyone help with fixing mailscanner running on a Linux server. The main problem seems that I cannot get the web page to display (console) so I can do the updates and view the stats. Is there a command that can be issue in a terminal session that can do the updates? >> >> Thanks >> >> Jon >> >> >> ------------------------------------------------------------------------ >> >> >> >> >> >> >>
Can anyone help with fixing mailscanner running on a Linux server.  >> The main problem seems that I cannot get the web page to display (console) so I >> can do the updates and view the stats.  Is there a command that can be >> issue in a terminal session that can do the updates?
>>
 
>>
Thanks
>>
 
>>
Jon
>> > Jon > > MailScanner doesn't come with a html interface, which add-on are you using? > As far as I can see there are two questions in your request. 1. How do I get the web interface to work? 2. How can I do updates without the web interface? For number 1 you probably need to ask on the MailWatch list. Before you do that though you should get a better fault description than "cannot get the web page to display", do you get an error, check the server logs to see if there is an error in there. Was this working before? What has changed since then? For number 2 you need to be more explicit in what you mean by updates. The whole system you describe is made up of many components, pulled together by Mailscanner. Each of these can be updated, but the method for each may be different. Do you want to upgrade th various components to newer versions? Do you want to make sure the virus checkers are updating their virus libraries? Do you want to update the spam detection rules of SpamAssassin? If you can be clearer about this I am sure many people on this list could help. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From a.peacock at chime.ucl.ac.uk Wed Oct 4 13:18:15 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Oct 4 13:18:34 2006 Subject: Help needed with mailscanner In-Reply-To: References: Message-ID: <4523A687.9090709@chime.ucl.ac.uk> Hi Jon, Jon Miller wrote: > For number 2 you need to be more explicit in what you mean by > updates. The whole system you describe is made up of many components, > pulled together by Mailscanner. Each of these can be updated, but > the method for each may be different. Do you want to upgrade th > various components to newer versions? Do you want to make sure the > virus checkers are updating their virus libraries? Do you want to > update the spam detection rules of SpamAssassin? > > > Thanks for the reply: for now until a new system is put together and > tested I want to make sure that the spam detection rules of > SpamAssassin are up to date. I can do the Sophos updates. Currently > not interested in upgrading the MailScanner program. This largely depends on what version you are running, run this from the command line: spamassassin -V Newer versions of SpamAssassin have a process called sa-update which downloads updated versions of the core SpamAssassin rules. There is also the add-on rules supplied by the SpamAssassin Rules Emporium (SARE) people http://www.rulesemporium.com/. These rules can be updated using the RulesDuJour program. You might also get better help if you ask your question on the spamassasin-users list which is just as friendly and helpful as this list. http://wiki.apache.org/spamassassin/MailingLists -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From jlmiller at mmtnetworks.com.au Wed Oct 4 13:47:25 2006 From: jlmiller at mmtnetworks.com.au (Jon Miller) Date: Wed Oct 4 13:38:55 2006 Subject: Help needed with mailscanner Message-ID: mail:/# spamassassin -V SpamAssassin version 3.0.3 running on Perl version 5.8.4 >>> a.peacock@chime.ucl.ac.uk 8:18:15 pm 4/10/2006 >>> Hi Jon, Jon Miller wrote: > For number 2 you need to be more explicit in what you mean by > updates. The whole system you describe is made up of many components, > pulled together by Mailscanner. Each of these can be updated, but > the method for each may be different. Do you want to upgrade th > various components to newer versions? Do you want to make sure the > virus checkers are updating their virus libraries? Do you want to > update the spam detection rules of SpamAssassin? > > > Thanks for the reply: for now until a new system is put together and > tested I want to make sure that the spam detection rules of > SpamAssassin are up to date. I can do the Sophos updates. Currently > not interested in upgrading the MailScanner program. This largely depends on what version you are running, run this from the command line: spamassassin -V Newer versions of SpamAssassin have a process called sa-update which downloads updated versions of the core SpamAssassin rules. There is also the add-on rules supplied by the SpamAssassin Rules Emporium (SARE) people http://www.rulesemporium.com/. These rules can be updated using the RulesDuJour program. You might also get better help if you ask your question on the spamassasin-users list which is just as friendly and helpful as this list. http://wiki.apache.org/spamassassin/MailingLists -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From a.peacock at chime.ucl.ac.uk Wed Oct 4 13:51:19 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Oct 4 13:51:45 2006 Subject: Help needed with mailscanner In-Reply-To: References: Message-ID: <4523AE47.50804@chime.ucl.ac.uk> >>>> a.peacock@chime.ucl.ac.uk 8:18:15 pm 4/10/2006 >>> > Hi Jon, > > Jon Miller wrote: >> For number 2 you need to be more explicit in what you mean by >> updates. The whole system you describe is made up of many components, >> pulled together by Mailscanner. Each of these can be updated, but >> the method for each may be different. Do you want to upgrade th >> various components to newer versions? Do you want to make sure the >> virus checkers are updating their virus libraries? Do you want to >> update the spam detection rules of SpamAssassin? >> >> >> Thanks for the reply: for now until a new system is put together and >> tested I want to make sure that the spam detection rules of >> SpamAssassin are up to date. I can do the Sophos updates. Currently >> not interested in upgrading the MailScanner program. > > This largely depends on what version you are running, run this from the > command line: > > spamassassin -V > > Newer versions of SpamAssassin have a process called sa-update which > downloads updated versions of the core SpamAssassin rules. > > There is also the add-on rules supplied by the SpamAssassin Rules > Emporium (SARE) people http://www.rulesemporium.com/. These rules can > be updated using the RulesDuJour program. > > You might also get better help if you ask your question on the > spamassasin-users list which is just as friendly and helpful as this > list. http://wiki.apache.org/spamassassin/MailingLists Jon Miller wrote: > mail:/# spamassassin -V > SpamAssassin version 3.0.3 > running on Perl version 5.8.4 > The latest version of SpamAssasin is 3.1.5. I would suggest that you upgrade and activate sa-update. How you upgrade really depends on how it was installed in the first place. Julian produces a very useful combined installation package that installs the latest versions of MailScanner, ClamAV and SpamAssassin in one go. But you can get very screwy results if you try to upgrade by a different method than the one you used in the first place. Do you know how this was installed? What OS are you on? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From jlmiller at mmtnetworks.com.au Wed Oct 4 14:29:40 2006 From: jlmiller at mmtnetworks.com.au (Jon Miller) Date: Wed Oct 4 14:21:31 2006 Subject: Help needed with mailscanner Message-ID: mail:/# uname -a Linux mail 2.4.25-bf2.4-lit #2 Tue Feb 24 16:40:45 WST 2004 i686 GNU/Linux mail:/# cat /etc/debian_version 3.1 I suspect that Mailscanner, Mailwatch, Perl and Sophos are on the same server and php, mysql is on another server (RH7). Jon >>> a.peacock@chime.ucl.ac.uk 8:51:19 pm 4/10/2006 >>> >>>> a.peacock@chime.ucl.ac.uk 8:18:15 pm 4/10/2006 >>> > Hi Jon, > > Jon Miller wrote: >> For number 2 you need to be more explicit in what you mean by >> updates. The whole system you describe is made up of many components, >> pulled together by Mailscanner. Each of these can be updated, but >> the method for each may be different. Do you want to upgrade th >> various components to newer versions? Do you want to make sure the >> virus checkers are updating their virus libraries? Do you want to >> update the spam detection rules of SpamAssassin? >> >> >> Thanks for the reply: for now until a new system is put together and >> tested I want to make sure that the spam detection rules of >> SpamAssassin are up to date. I can do the Sophos updates. Currently >> not interested in upgrading the MailScanner program. > > This largely depends on what version you are running, run this from the > command line: > > spamassassin -V > > Newer versions of SpamAssassin have a process called sa-update which > downloads updated versions of the core SpamAssassin rules. > > There is also the add-on rules supplied by the SpamAssassin Rules > Emporium (SARE) people http://www.rulesemporium.com/. These rules can > be updated using the RulesDuJour program. > > You might also get better help if you ask your question on the > spamassasin-users list which is just as friendly and helpful as this > list. http://wiki.apache.org/spamassassin/MailingLists Jon Miller wrote: > mail:/# spamassassin -V > SpamAssassin version 3.0.3 > running on Perl version 5.8.4 > The latest version of SpamAssasin is 3.1.5. I would suggest that you upgrade and activate sa-update. How you upgrade really depends on how it was installed in the first place. Julian produces a very useful combined installation package that installs the latest versions of MailScanner, ClamAV and SpamAssassin in one go. But you can get very screwy results if you try to upgrade by a different method than the one you used in the first place. Do you know how this was installed? What OS are you on? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From a.peacock at chime.ucl.ac.uk Wed Oct 4 14:29:53 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Oct 4 14:30:32 2006 Subject: Help needed with mailscanner In-Reply-To: References: Message-ID: <4523B751.4050304@chime.ucl.ac.uk> >>>> a.peacock@chime.ucl.ac.uk 8:51:19 pm 4/10/2006 >>> >>>>> a.peacock@chime.ucl.ac.uk 8:18:15 pm 4/10/2006 >>> >> Hi Jon, >> >> Jon Miller wrote: >>> For number 2 you need to be more explicit in what you mean by >>> updates. The whole system you describe is made up of many components, >>> pulled together by Mailscanner. Each of these can be updated, but >>> the method for each may be different. Do you want to upgrade th >>> various components to newer versions? Do you want to make sure the >>> virus checkers are updating their virus libraries? Do you want to >>> update the spam detection rules of SpamAssassin? >>> >>> >>> Thanks for the reply: for now until a new system is put together and >>> tested I want to make sure that the spam detection rules of >>> SpamAssassin are up to date. I can do the Sophos updates. Currently >>> not interested in upgrading the MailScanner program. >> This largely depends on what version you are running, run this from the >> command line: >> >> spamassassin -V >> >> Newer versions of SpamAssassin have a process called sa-update which >> downloads updated versions of the core SpamAssassin rules. >> >> There is also the add-on rules supplied by the SpamAssassin Rules >> Emporium (SARE) people http://www.rulesemporium.com/. These rules can >> be updated using the RulesDuJour program. >> >> You might also get better help if you ask your question on the >> spamassasin-users list which is just as friendly and helpful as this >> list. http://wiki.apache.org/spamassassin/MailingLists > > Jon Miller wrote: > > mail:/# spamassassin -V > > SpamAssassin version 3.0.3 > > running on Perl version 5.8.4 > > > > The latest version of SpamAssasin is 3.1.5. I would suggest that you > upgrade and activate sa-update. > > How you upgrade really depends on how it was installed in the first place. > > Julian produces a very useful combined installation package that > installs the latest versions of MailScanner, ClamAV and SpamAssassin in > one go. > > But you can get very screwy results if you try to upgrade by a different > method than the one you used in the first place. Do you know how this > was installed? What OS are you on? > Jon Miller wrote: > mail:/# uname -a > Linux mail 2.4.25-bf2.4-lit #2 Tue Feb 24 16:40:45 WST 2004 i686 GNU/Linux > mail:/# cat /etc/debian_version > 3.1 > > I suspect that Mailscanner, Mailwatch, Perl and Sophos are on the same server and php, mysql is on another server (RH7). > > Jon > > This is where I probably have to bow out. The chances are that these were installed using some form of package manager (RPM, apt-get, etc), someone with more experience of Debian will need to help with that. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From brian.duncan at kattenlaw.com Wed Oct 4 15:27:19 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Oct 4 15:27:28 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCLSpamscoring? Message-ID: <65234743FE1555428435CE39E6AC4078B38A48@CHI-US-EXCH-01.us.kmz.com> Thanks Christian for the example of using IMF with MailScanner/SpamAssassin. It looks like as soon as the Exchange admins get IMF installed we can accomplish this today without changing anything. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Christian Rasmussen Sent: Tuesday, October 03, 2006 11:52 AM To: MailScanner discussion Subject: RE: Mailscanner/Spam Assassin support for Microsoft IMF/SCLSpamscoring? I've been using the exchange features to assign a SCL score to any message that has the tag added by the mailscanner server. You can set it up so that all of those tagged messages go automatically to the exchange user's junk email folder. I haven't had any complaints about it and it allows for easier cleanup of those messages later. If anyone is interested, check out the following page http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html Once you have it enabled, just create a rule in your MSExchange.UceContentFilter.xml with something similar to: To tag it with any score you've set above your junk level (in the above example 8) Cheers, -Christian ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. Sent: Tuesday, October 03, 2006 6:43 AM To: mailscanner@lists.mailscanner.info Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? ? For those of us that are environments that support MS Exchange and Outlook 2003+ at the desktop, the capability to support MS IMF (MS Exchange Intelligent Message Filter?scoring) from?the network edge is very beneficial. ? ?Most organizations that have SpamAssassin/Mailscanner at the edge of their network rely?on custom created rules on clients to move the SpamAssassin tagged messages into their local "Junk-Mail" folder or Spam folder - Or delete them right away. ? This leads to support issues in large organizations.? Creating custom exceptions etc, usually in most companies these??local users?cannot manage the rules efficiently. ? MS in the last year has released a free add-on for Exchange that works very similarly to SpamAssassin it assigns a Score to a message that looks to be in the headers.? Exchange will then automatically put messages based on the local Outlook clients preference level into their?local Junk Mail folder. The great thing with this is that users can just right click on messages and add to their "white list" or do complete domains.? No custom scripts to create,? much easier to support in a large environment. ? If SpamAssassin/Mailscanner could support adding the IMF headers at the edge, then those that would still like to leverage a SpamAssassin (or any product for that matter, as long as it used the IMF score header) solution at the edge of their network they could do so easily.? You could tune your MS Exchange servers to not be reactive and the SpamAssasin edge products would dictate what was Spam and what was not. ? Microsoft with Exchange 12 is pushing? companies into? putting Exchange at the edge of a network?. I have already had this?discussion in my environment?and that I do not think it makes sense given that Sendmail?+ Mailscanner?+ SpamAssassin is?almost rock solid.???? ? At the end of this?is a previous message to this mailing list that is asking for the same thing that I am. ? Does anyone have anything to add to this or is this request really not that worthwhile. ? Just the capability of being able to add a generic header to all Spam detected messages would be a great start: ? X-MS-Exchange-Organization-SCL: 6.5 ? (I have already tested this, all headers that are added by Mailscanner seems to include additional information added to the same line) ? Thanks ? Brian Duncan ? brian.duncan@kattenlaw.com ? P.S. ? There is already a product that can sit on an Exchange server that will convert SpamAssassin scores to equivalent MS IMF Scores.? It would be great if we could handle it from the Unix/Linux side transparently. (It's called Assassin2Exchange filter) ? http://www.smtptracker.com/ ? Previous message that went unanswered to this list: ? >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it to deal with spam messages identified by systems like MailScanner or other appliance based solutions. ? >Basically, it looks for the following header(s): ? >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) ? >More details can be found at: ? >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5c2 >-8509-4b25-9876-763536e77c27.mspx?mfr=true ? >So, my question is -- can I add this header with MailScanner, inserting the appropriate spam score after the header, e.g.: ? >X-MS-Exchange-Organization-SCL:5 ? >The trick is, I don't want to mess with my existing header adds, I want to add this in addition to my normal ones (X-Spam-Score: XX).? I see where I can add additional headers in the: ? >Spam Actions = deliver header "X-Spam-Status: Yes" ? >However, it is unclear how to insert the spam score "value" in the "value" area that it needs to be in.? It is also unclear from the Microsoft docs if the "score" can be anything other than whole numbers (e.g. can't be 5.5 but 5 is OK).? So, a way to "round" the score would be helpful. ? >Any pointers? ? >-- ? >----------------------------------------- >Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet >Services http://www.tulsaconnect.com >----------------------------------------- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From ka at pacific.net Wed Oct 4 16:07:40 2006 From: ka at pacific.net (Ken A) Date: Wed Oct 4 16:06:00 2006 Subject: SA cached timed out? Message-ID: <4523CE3C.40507@pacific.net> hmm... In the log: Oct 3 22:26:27 server MailScanner[15463]: SpamAssassin cache hit for message k945POHg026840 In the msg header: MailScanner-SpamCheck: not spam, SpamAssassin (cached, timed out) Is the SA cache saving 'timed out' results? I'd rather it not do that. There must be some room for improvement here? Ken A. Pacific.Net From campbell at cnpapers.com Wed Oct 4 16:22:08 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Oct 4 16:22:21 2006 Subject: Logwatch Update References: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com> Message-ID: <000801c6e7c8$db8a0990$0705000a@DDF5DW71> ----- Original Message ----- From: "Ryan Weaver" To: "'MailScanner discussion'" Sent: Wednesday, October 04, 2006 7:08 AM Subject: RE: Logwatch Update > ----Original Message---- > From: Mike Tremaine > Sent: Tuesday, October 03, 2006 11:20 PM > To: mailscanner@lists.mailscanner.info > Subject: RE: Logwatch Update (Phil Udel) > > > >> Or you can always get in out of cvs at logwatch.org. Having said >> that I'll see if I can roll your changes into the current version. >> I'd also encourge you [and everyone who uses logwatch] to upgrade >> to the 7.3.1 release it. >> >> -Mike > > If you are running RedHat or CentOS, the Razor's Edge RPM Repository keeps > logwatch fairly up to date.... http://rpm.razorsedge.org/ > > Thanks, > Ryan > > -- I just upgraded the logwatch on my CentOS 3 machine from the link above. A general pair of questions about all of this: 1. I run the cron.daily logwatch and would like to email myself when this is run. Cron seems to want to run this and mail to root. I changed the logwatch.conf file (in a few different places) to "mailto" my address, but it still mails to root. Anyone know which of the four or five logwatch.conf files will correct this? 2. If I upgraded, what do I do with the file attached in the earlier posts? I do see ClamAV and other new stuff in the report, but will the attached file make a difference in what I get with the off-the-shelf RPM from above? Thanks Steve From brian.duncan at kattenlaw.com Wed Oct 4 16:25:09 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Oct 4 16:25:18 2006 Subject: Mailscanner/Spam Assassin support for MicrosoftIMF/SCLSpamscoring? Message-ID: <65234743FE1555428435CE39E6AC4078B38A4C@CHI-US-EXCH-01.us.kmz.com> I spoke to soon. I looked through all the MS documentation on IMF and custom rules and you can only act on Body and Subject line phrases. It does not support acting on message headers!? We don't modify subjects incase there is a false positive. So it looks like IMF cannot move MailScanner/Spam Assassin scored messages to a users Junk Mail folder unless you do modify subject or body. I guess I will need to used something 3rd party. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. Sent: Wednesday, October 04, 2006 9:27 AM To: MailScanner discussion Subject: RE: Mailscanner/Spam Assassin support for MicrosoftIMF/SCLSpamscoring? Thanks Christian for the example of using IMF with MailScanner/SpamAssassin. It looks like as soon as the Exchange admins get IMF installed we can accomplish this today without changing anything. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Christian Rasmussen Sent: Tuesday, October 03, 2006 11:52 AM To: MailScanner discussion Subject: RE: Mailscanner/Spam Assassin support for Microsoft IMF/SCLSpamscoring? I've been using the exchange features to assign a SCL score to any message that has the tag added by the mailscanner server. You can set it up so that all of those tagged messages go automatically to the exchange user's junk email folder. I haven't had any complaints about it and it allows for easier cleanup of those messages later. If anyone is interested, check out the following page http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html Once you have it enabled, just create a rule in your MSExchange.UceContentFilter.xml with something similar to: To tag it with any score you've set above your junk level (in the above example 8) Cheers, -Christian ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. Sent: Tuesday, October 03, 2006 6:43 AM To: mailscanner@lists.mailscanner.info Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? ? For those of us that are environments that support MS Exchange and Outlook 2003+ at the desktop, the capability to support MS IMF (MS Exchange Intelligent Message Filter?scoring) from?the network edge is very beneficial. ? ?Most organizations that have SpamAssassin/Mailscanner at the edge of their network rely?on custom created rules on clients to move the SpamAssassin tagged messages into their local "Junk-Mail" folder or Spam folder - Or delete them right away. ? This leads to support issues in large organizations.? Creating custom exceptions etc, usually in most companies these??local users?cannot manage the rules efficiently. ? MS in the last year has released a free add-on for Exchange that works very similarly to SpamAssassin it assigns a Score to a message that looks to be in the headers.? Exchange will then automatically put messages based on the local Outlook clients preference level into their?local Junk Mail folder. The great thing with this is that users can just right click on messages and add to their "white list" or do complete domains.? No custom scripts to create,? much easier to support in a large environment. ? If SpamAssassin/Mailscanner could support adding the IMF headers at the edge, then those that would still like to leverage a SpamAssassin (or any product for that matter, as long as it used the IMF score header) solution at the edge of their network they could do so easily.? You could tune your MS Exchange servers to not be reactive and the SpamAssasin edge products would dictate what was Spam and what was not. ? Microsoft with Exchange 12 is pushing? companies into? putting Exchange at the edge of a network?. I have already had this?discussion in my environment?and that I do not think it makes sense given that Sendmail?+ Mailscanner?+ SpamAssassin is?almost rock solid.???? ? At the end of this?is a previous message to this mailing list that is asking for the same thing that I am. ? Does anyone have anything to add to this or is this request really not that worthwhile. ? Just the capability of being able to add a generic header to all Spam detected messages would be a great start: ? X-MS-Exchange-Organization-SCL: 6.5 ? (I have already tested this, all headers that are added by Mailscanner seems to include additional information added to the same line) ? Thanks ? Brian Duncan ? brian.duncan@kattenlaw.com ? P.S. ? There is already a product that can sit on an Exchange server that will convert SpamAssassin scores to equivalent MS IMF Scores.? It would be great if we could handle it from the Unix/Linux side transparently. (It's called Assassin2Exchange filter) ? http://www.smtptracker.com/ ? Previous message that went unanswered to this list: ? >Exchange 2003 SP2 has added a "Intelligent Mail Filter" to allow it to deal with spam messages identified by systems like MailScanner or other appliance based solutions. ? >Basically, it looks for the following header(s): ? >X-MS-Exchange-Organization-PCL: (Phishing Confidence Level) >X-MS-Exchange-Organization-SCL: (Spam Confidence Level) ? >More details can be found at: ? >http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/28d3a5c2 >-8509-4b25-9876-763536e77c27.mspx?mfr=true ? >So, my question is -- can I add this header with MailScanner, inserting the appropriate spam score after the header, e.g.: ? >X-MS-Exchange-Organization-SCL:5 ? >The trick is, I don't want to mess with my existing header adds, I want to add this in addition to my normal ones (X-Spam-Score: XX).? I see where I can add additional headers in the: ? >Spam Actions = deliver header "X-Spam-Status: Yes" ? >However, it is unclear how to insert the spam score "value" in the "value" area that it needs to be in.? It is also unclear from the Microsoft docs if the "score" can be anything other than whole numbers (e.g. can't be 5.5 but 5 is OK).? So, a way to "round" the score would be helpful. ? >Any pointers? ? >-- ? >----------------------------------------- >Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet >Services http://www.tulsaconnect.com >----------------------------------------- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Wed Oct 4 16:30:55 2006 From: ka at pacific.net (Ken A) Date: Wed Oct 4 16:29:14 2006 Subject: Logwatch Update In-Reply-To: <000801c6e7c8$db8a0990$0705000a@DDF5DW71> References: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com> <000801c6e7c8$db8a0990$0705000a@DDF5DW71> Message-ID: <4523D3AF.4040106@pacific.net> Steve Campbell wrote: > > ----- Original Message ----- From: "Ryan Weaver" > To: "'MailScanner discussion'" > Sent: Wednesday, October 04, 2006 7:08 AM > Subject: RE: Logwatch Update > > >> ----Original Message---- >> From: Mike Tremaine >> Sent: Tuesday, October 03, 2006 11:20 PM >> To: mailscanner@lists.mailscanner.info >> Subject: RE: Logwatch Update (Phil Udel) >> >> >> >>> Or you can always get in out of cvs at logwatch.org. Having said >>> that I'll see if I can roll your changes into the current version. >>> I'd also encourge you [and everyone who uses logwatch] to upgrade >>> to the 7.3.1 release it. >>> >>> -Mike >> >> If you are running RedHat or CentOS, the Razor's Edge RPM Repository >> keeps >> logwatch fairly up to date.... http://rpm.razorsedge.org/ >> >> Thanks, >> Ryan >> >> -- > I just upgraded the logwatch on my CentOS 3 machine from the link above. > A general pair of questions about all of this: > > 1. I run the cron.daily logwatch and would like to email myself when > this is run. Cron seems to want to run this and mail to root. I changed > the logwatch.conf file (in a few different places) to "mailto" my > address, but it still mails to root. Anyone know which of the four or > five logwatch.conf files will correct this? Add this above the logwatch cron job in your root crontab: MAILTO="you@yourdomain.com" Ken A. Pacific.Net > > 2. If I upgraded, what do I do with the file attached in the earlier > posts? I do see ClamAV and other new stuff in the report, but will the > attached file make a difference in what I get with the off-the-shelf RPM > from above? > > Thanks > > Steve > From bpumphrey at woodmclaw.com Wed Oct 4 16:29:50 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Oct 4 16:29:54 2006 Subject: Logwatch Update In-Reply-To: <000801c6e7c8$db8a0990$0705000a@DDF5DW71> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501729769@woodenex.woodmaclaw.local> > > 1. I run the cron.daily logwatch and would like to email myself when this > is > run. Cron seems to want to run this and mail to root. I changed the > logwatch.conf file (in a few different places) to "mailto" my address, but > it still mails to root. Anyone know which of the four or five > logwatch.conf > files will correct this? This may or may not help you. Remember the .forward file that will forward all roots email to someone. Simple and effective, but if you want only logwatch emails than this would not help. > > 2. If I upgraded, what do I do with the file attached in the earlier > posts? > I do see ClamAV and other new stuff in the report, but will the attached > file make a difference in what I get with the off-the-shelf RPM from > above? > > Thanks > > Steve From bpumphrey at woodmclaw.com Wed Oct 4 16:30:33 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Oct 4 16:30:36 2006 Subject: Mailscanner/Spam Assassin support forMicrosoftIMF/SCLSpamscoring? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38A4C@CHI-US-EXCH-01.us.kmz.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D150172976A@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. > Sent: Wednesday, October 04, 2006 11:25 AM > To: MailScanner discussion > Subject: RE: Mailscanner/Spam Assassin support > forMicrosoftIMF/SCLSpamscoring? > > I spoke to soon. I looked through all the MS documentation on IMF and > custom rules and you can only act on Body and Subject line phrases. > > It does not support acting on message headers!? We don't modify subjects > incase there is a false positive. > > So it looks like IMF cannot move MailScanner/Spam Assassin scored messages > to a users Junk Mail folder unless you do modify subject or body. > > I guess I will need to used something 3rd party. > That is good to know, thanks for the research and follow up. From ssilva at sgvwater.com Wed Oct 4 16:43:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 4 16:46:04 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> Message-ID: Glenn Steen spake the following on 10/4/2006 3:55 AM: > On 04/10/06, Henry Hollenberg wrote: >> SOLVED: razor-agent.log file in mailscanner incoming queue directory >> /var/spool/postfix/hold was hanging mailscanner on automatic >> restart every 14400 seconds. Synopsis top-posted for your convenience. >> See reply to Drew as bottom-post below. hgh. >> > Somewhat a known issue. Good to know what solved it for you though. > >> Drew Marshall wrote: >> > On Wed, October 4, 2006 01:52, Henry Hollenberg wrote: > (snip) >> >>Oh!, like the razor-agent file? : >> > >> > >> > Yup, just like that. Never one to say told you so but... :-) >> > >> > Having said that, you have fixed the cause so delete that one (Oh I see >> > from your next message you have. Nice to see you are continuing the >> > tradition of Postfix users replying to themselves ;-) Keep up the good >> > work :-> ) >> > >> > You shuld now have few (No?) problems and a damn sight less Spam. >> > >> > Regards >> > >> > Drew >> > >> >> Talk to myself alot too, anyway, that seemed to fix it >> as my mailbox has 21 general emails in it (non-mailing list >> mails). Damn sight less than the 100+ I was waking up to. >> >> 3 were appropriately labeled as SPAM >> 17 slipped thru >> 1 valid email about a dead disk at work > > Were those image type spam? I find ImageInfo > (http://www.rulesemporium.com/plugins.htm) fixes that well for me... > Or one could do FuzzyOcr (look at the apache spamassassin site...). > >> Thanks for all the help! > We do what we can:-) Hey Glenn, Does the imageinfo plugin load like the old plugins always did, or do you now have to use a load plugin line in init.pre? (Not hijacking the thread as Glenn mentioned the plugin above.) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From christian at columbiafuels.com Wed Oct 4 16:54:03 2006 From: christian at columbiafuels.com (Christian Rasmussen) Date: Wed Oct 4 16:54:14 2006 Subject: Mailscanner/Spam Assassin supportforMicrosoftIMF/SCLSpamscoring? In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150172976A@woodenex.woodmaclaw.local> Message-ID: <2023D81BC0235143A46589958FF543F502F5D9EA@bigbird.columbiafuels.com> Strange, I tried to send to the list yesterday and it just went *poof* for some reason. Here's my experience with IMF/SCL and MailScanner: I've been using the exchange features to assign a SCL score to any message that has the tag added by the mailscanner server. You can set it up so that all of those tagged messages go automatically to the exchange user's junk email folder. I haven't had any complaints about it and it allows for easier cleanup of those messages later. If anyone is interested, check out the following page http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2 -IMF-v2.html Once you have it enabled, just create a rule in your MSExchange.UceContentFilter.xml with something similar to: To tag it with any score you've set above your junk level (in the above example 8) Cheers, -Christian -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Billy A. Pumphrey Sent: Wednesday, October 04, 2006 8:31 AM To: MailScanner discussion Subject: RE: Mailscanner/Spam Assassin supportforMicrosoftIMF/SCLSpamscoring? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. > Sent: Wednesday, October 04, 2006 11:25 AM > To: MailScanner discussion > Subject: RE: Mailscanner/Spam Assassin support > forMicrosoftIMF/SCLSpamscoring? > > I spoke to soon. I looked through all the MS documentation on IMF and > custom rules and you can only act on Body and Subject line phrases. > > It does not support acting on message headers!? We don't modify subjects > incase there is a false positive. > > So it looks like IMF cannot move MailScanner/Spam Assassin scored messages > to a users Junk Mail folder unless you do modify subject or body. > > I guess I will need to used something 3rd party. > That is good to know, thanks for the research and follow up. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed Oct 4 17:21:59 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Oct 4 17:22:19 2006 Subject: Logwatch Update References: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com><000801c6e7c8$db8a0990$0705000a@DDF5DW71> <4523D3AF.4040106@pacific.net> Message-ID: <001401c6e7d1$381c07a0$0705000a@DDF5DW71> ----- Original Message ----- From: "Ken A" To: "MailScanner discussion" Sent: Wednesday, October 04, 2006 11:30 AM Subject: Re: Logwatch Update > > Steve Campbell wrote: >> >> ----- Original Message ----- From: "Ryan Weaver" >> To: "'MailScanner discussion'" >> Sent: Wednesday, October 04, 2006 7:08 AM >> Subject: RE: Logwatch Update >> >> >>> ----Original Message---- >>> From: Mike Tremaine >>> Sent: Tuesday, October 03, 2006 11:20 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: RE: Logwatch Update (Phil Udel) >>> >>> >>> >>>> Or you can always get in out of cvs at logwatch.org. Having said >>>> that I'll see if I can roll your changes into the current version. >>>> I'd also encourge you [and everyone who uses logwatch] to upgrade >>>> to the 7.3.1 release it. >>>> >>>> -Mike >>> >>> If you are running RedHat or CentOS, the Razor's Edge RPM Repository >>> keeps >>> logwatch fairly up to date.... http://rpm.razorsedge.org/ >>> >>> Thanks, >>> Ryan >>> >>> -- >> I just upgraded the logwatch on my CentOS 3 machine from the link above. >> A general pair of questions about all of this: >> >> 1. I run the cron.daily logwatch and would like to email myself when this >> is run. Cron seems to want to run this and mail to root. I changed the >> logwatch.conf file (in a few different places) to "mailto" my address, >> but it still mails to root. Anyone know which of the four or five >> logwatch.conf files will correct this? > > Add this above the logwatch cron job in your root crontab: > MAILTO="you@yourdomain.com" I'm not sure if this is the cron variable you're speaking of or not, but I don't understand where you are suggesting the line should be inserted. This job is run from cron.daily on a RH system, using a Perl script that sets a lot of variables within that script. There is a line to change the logwatch variable "mailto", but that doesn't seem to work. The script runs through all of the 4 default directories to set variables as described in the man page. The big problem is that when I set the mailto variable in the script using myname@mydomain.com, it indicates a bad variable due to the "@". I tried using another form, along with a Perl string, and that doesn't work either. I think I'll try the /etc/logwatch/conf files and see where I go with that. Thanks, though Steve > > Ken A. > Pacific.Net > > >> >> 2. If I upgraded, what do I do with the file attached in the earlier >> posts? I do see ClamAV and other new stuff in the report, but will the >> attached file make a difference in what I get with the off-the-shelf RPM >> from above? >> >> Thanks >> >> Steve >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mikes at hartwellcorp.com Wed Oct 4 17:14:30 2006 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed Oct 4 17:26:57 2006 Subject: Config for Out of Office in Outlook Message-ID: <3BF93070B3D1B047BA7ABF612958950D021F81@hcex.hartwellcorp.com> This is not directly related to MailScanner but I'm hoping someone on the list can point me in the right direction. We have folks here who use Outlook's Out of Office Assistant and who wish to ensure that no automatic replies are sent to mailing lists. The mail server is running Exchange 2003. Do I need to change any settings or modify the registry to accomplish this? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061004/ac8d5f06/attachment.html From MailScanner at ecs.soton.ac.uk Wed Oct 4 18:07:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 4 18:07:49 2006 Subject: Logwatch Update In-Reply-To: <001401c6e7d1$381c07a0$0705000a@DDF5DW71> References: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com><000801c6e7c8$db8a0990$0705000a@DDF5DW71> <4523D3AF.4040106@pacific.net> <001401c6e7d1$381c07a0$0705000a@DDF5DW71> Message-ID: <4523EA57.9090404@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Campbell wrote: > > ----- Original Message ----- From: "Ken A" > To: "MailScanner discussion" > Sent: Wednesday, October 04, 2006 11:30 AM > Subject: Re: Logwatch Update > > >> >> Steve Campbell wrote: >>> >>> ----- Original Message ----- From: "Ryan Weaver" >>> To: "'MailScanner discussion'" >>> Sent: Wednesday, October 04, 2006 7:08 AM >>> Subject: RE: Logwatch Update >>> >>> >>>> ----Original Message---- >>>> From: Mike Tremaine >>>> Sent: Tuesday, October 03, 2006 11:20 PM >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: RE: Logwatch Update (Phil Udel) >>>> >>>> >>>> >>>>> Or you can always get in out of cvs at logwatch.org. Having said >>>>> that I'll see if I can roll your changes into the current version. >>>>> I'd also encourge you [and everyone who uses logwatch] to upgrade >>>>> to the 7.3.1 release it. >>>>> >>>>> -Mike >>>> >>>> If you are running RedHat or CentOS, the Razor's Edge RPM >>>> Repository keeps >>>> logwatch fairly up to date.... http://rpm.razorsedge.org/ >>>> >>>> Thanks, >>>> Ryan >>>> >>>> -- >>> I just upgraded the logwatch on my CentOS 3 machine from the link >>> above. A general pair of questions about all of this: >>> >>> 1. I run the cron.daily logwatch and would like to email myself when >>> this is run. Cron seems to want to run this and mail to root. I >>> changed the logwatch.conf file (in a few different places) to >>> "mailto" my address, but it still mails to root. Anyone know which >>> of the four or five logwatch.conf files will correct this? >> >> Add this above the logwatch cron job in your root crontab: >> MAILTO="you@yourdomain.com" > > I'm not sure if this is the cron variable you're speaking of or not, > but I don't understand where you are suggesting the line should be > inserted. This job is run from cron.daily on a RH system, using a Perl > script that sets a lot of variables within that script. There is a > line to change the logwatch variable "mailto", but that doesn't seem > to work. The script runs through all of the 4 default directories to > set variables as described in the man page. > > The big problem is that when I set the mailto variable in the script > using myname@mydomain.com, it indicates a bad variable due to the "@". Put a \ before the @ > I tried using another form, along with a Perl string, and that doesn't > work either. I think I'll try the /etc/logwatch/conf files and see > where I go with that. > > Thanks, though > > Steve >> >> Ken A. >> Pacific.Net >> >> >>> >>> 2. If I upgraded, what do I do with the file attached in the earlier >>> posts? I do see ClamAV and other new stuff in the report, but will >>> the attached file make a difference in what I get with the >>> off-the-shelf RPM from above? >>> >>> Thanks >>> >>> Steve >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFI+pYEfZZRxQVtlQRAlGZAJsEB8dMhzXQ+bI0x2zdK2WqHHqXYQCgusVF SAEHgSFpLLHfiUDeJz8NYNU= =PYSs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ka at pacific.net Wed Oct 4 18:13:32 2006 From: ka at pacific.net (Ken A) Date: Wed Oct 4 18:11:51 2006 Subject: Logwatch Update In-Reply-To: <001401c6e7d1$381c07a0$0705000a@DDF5DW71> References: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com><000801c6e7c8$db8a0990$0705000a@DDF5DW71> <4523D3AF.4040106@pacific.net> <001401c6e7d1$381c07a0$0705000a@DDF5DW71> Message-ID: <4523EBBC.7080503@pacific.net> Steve Campbell wrote: > > ----- Original Message ----- From: "Ken A" > To: "MailScanner discussion" > Sent: Wednesday, October 04, 2006 11:30 AM > Subject: Re: Logwatch Update > > >> >> Steve Campbell wrote: >>> >>> ----- Original Message ----- From: "Ryan Weaver" >>> To: "'MailScanner discussion'" >>> Sent: Wednesday, October 04, 2006 7:08 AM >>> Subject: RE: Logwatch Update >>> >>> >>>> ----Original Message---- >>>> From: Mike Tremaine >>>> Sent: Tuesday, October 03, 2006 11:20 PM >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: RE: Logwatch Update (Phil Udel) >>>> >>>> >>>> >>>>> Or you can always get in out of cvs at logwatch.org. Having said >>>>> that I'll see if I can roll your changes into the current version. >>>>> I'd also encourge you [and everyone who uses logwatch] to upgrade >>>>> to the 7.3.1 release it. >>>>> >>>>> -Mike >>>> >>>> If you are running RedHat or CentOS, the Razor's Edge RPM Repository >>>> keeps >>>> logwatch fairly up to date.... http://rpm.razorsedge.org/ >>>> >>>> Thanks, >>>> Ryan >>>> >>>> -- >>> I just upgraded the logwatch on my CentOS 3 machine from the link >>> above. A general pair of questions about all of this: >>> >>> 1. I run the cron.daily logwatch and would like to email myself when >>> this is run. Cron seems to want to run this and mail to root. I >>> changed the logwatch.conf file (in a few different places) to >>> "mailto" my address, but it still mails to root. Anyone know which of >>> the four or five logwatch.conf files will correct this? >> >> Add this above the logwatch cron job in your root crontab: >> MAILTO="you@yourdomain.com" Sorry, I think you'd actually have to set myname\@mydomain.com in the perl script. Perl doesn't like the unescaped @. Ken Pacific.Net > I'm not sure if this is the cron variable you're speaking of or not, but > I don't understand where you are suggesting the line should be inserted. > This job is run from cron.daily on a RH system, using a Perl script that > sets a lot of variables within that script. There is a line to change > the logwatch variable "mailto", but that doesn't seem to work. The > script runs through all of the 4 default directories to set variables as > described in the man page. > > The big problem is that when I set the mailto variable in the script > using myname@mydomain.com, it indicates a bad variable due to the "@". I > tried using another form, along with a Perl string, and that doesn't > work either. I think I'll try the /etc/logwatch/conf files and see where > I go with that. > > Thanks, though > > Steve >> >> Ken A. >> Pacific.Net >> >> >>> >>> 2. If I upgraded, what do I do with the file attached in the earlier >>> posts? I do see ClamAV and other new stuff in the report, but will >>> the attached file make a difference in what I get with the >>> off-the-shelf RPM from above? >>> >>> Thanks >>> >>> Steve >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > From derek at adcatanzaro.com Wed Oct 4 18:31:05 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Wed Oct 4 18:31:19 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: References: <4523339F.2050601@adcatanzaro.com> Message-ID: <4523EFD9.8040702@adcatanzaro.com> Res wrote: > On Wed, 4 Oct 2006, Derek Catanzaro wrote: > >> I will see how things go in the morning. Right now I'm back down to >> about 150 messages waiting which is normal for me. It took most of >> the day and some of the night for it to chew through the nearly >> 10,000 that accumulated through the day. I have not had an issue >> like this for some time and prior to this it was DNS queries causing >> the problem, that is when I implemented the local caching name server >> and it has been pretty solid since then. I am using the following in >> MailScanner.conf. > > next time it happens disable spamassassin > > > The backup started occurring again this morning, reached about 1500 messages waiting. I took Res' suggestion and turned off spamassassin in the MailScanner.conf and sure enough it was only a matter of a couple minutes until the messages waiting went back down to under 200. That will at least help in preventing delayed email (thanks Res) but now spamassassin is not running which I would obviously like to have running. Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Wed Oct 4 18:46:31 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Oct 4 18:46:39 2006 Subject: 4.56: Solaris syslog issues (+workarounds) Message-ID: Julian, Thanks to postings by Nick Smith and Rene Berber on the thread, "4.56.7: max message size is 40000", I got 4.56.7 going on my Solaris 10 box. My setup: Solaris 10 6/06 + current patches, MS 4.56.7, perl 5.8.8, Sys:Syslog 0.18. Here is what I discovered: 1) Comment out the line: LOG_FROM_REMOTE=NO from /etc/default/syslogd, restart syslogd ("svcadm -v restart system-log") AND use the Log.pm file as shipped with version 4.56.7 ==> WORKS. (Suggestion thanks to Nick Smith). 2) Leave /etc/default/syslogd alone and modify Log.pm, per Rene Berber's suggestion: line 39 - use Sys::Syslog qw(:DEFAULT setlogsock); line 71 - Sys::Syslog::setlogsock('native'); This also WORKS. I had to have both changes in place for MailScanner to go. I opted for suggestion one to get going. I'm sure this will bite others later. Which way to go? Maybe add more logic to the "if ($^O =~ /solaris|sunos|irix/i)" test in Log.pm? Jeff Earickson Colby College From rob at robhq.com Wed Oct 4 18:43:39 2006 From: rob at robhq.com (rob) Date: Wed Oct 4 18:46:56 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <4523EFD9.8040702@adcatanzaro.com> References: <4523339F.2050601@adcatanzaro.com> <4523EFD9.8040702@adcatanzaro.com> Message-ID: <20061004174227.M95785@robhq.com> On Wed, 04 Oct 2006 13:31:05 -0400, Derek Catanzaro wrote > Res wrote: > > On Wed, 4 Oct 2006, Derek Catanzaro wrote: > > > >> I will see how things go in the morning. Right now I'm back down to > >> about 150 messages waiting which is normal for me. It took most of > >> the day and some of the night for it to chew through the nearly > >> 10,000 that accumulated through the day. I have not had an issue > >> like this for some time and prior to this it was DNS queries causing > >> the problem, that is when I implemented the local caching name server > >> and it has been pretty solid since then. I am using the following in > >> MailScanner.conf. > > > > next time it happens disable spamassassin > > > > > > > The backup started occurring again this morning, reached about 1500 > messages waiting. I took Res' suggestion and turned off spamassassin in > the MailScanner.conf and sure enough it was only a matter of a couple > minutes until the messages waiting went back down to under 200. That > will at least help in preventing delayed email (thanks Res) but now > spamassassin is not running which I would obviously like to have running. > > Thanks, > Derek > We ran into something like this a few months ago. Found out the machine was swapping a ton with only 1 gig of RAM installed. Once we bumped this up to 4 gigs of ram, we have not had the issue return. From campbell at cnpapers.com Wed Oct 4 19:08:24 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Oct 4 19:08:42 2006 Subject: Logwatch Update References: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com><000801c6e7c8$db8a0990$0705000a@DDF5DW71> <4523D3AF.4040106@pacific.net><001401c6e7d1$381c07a0$0705000a@DDF5DW71> <4523EA57.9090404@ecs.soton.ac.uk> Message-ID: <002d01c6e7e0$15451fa0$0705000a@DDF5DW71> Ken, Julian, ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Wednesday, October 04, 2006 1:07 PM Subject: Re: Logwatch Update > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Steve Campbell wrote: >> >> ----- Original Message ----- From: "Ken A" >> To: "MailScanner discussion" >> Sent: Wednesday, October 04, 2006 11:30 AM >> Subject: Re: Logwatch Update >> >> >>> >>> Steve Campbell wrote: >>>> >>>> ----- Original Message ----- From: "Ryan Weaver" >>>> To: "'MailScanner discussion'" >>>> Sent: Wednesday, October 04, 2006 7:08 AM >>>> Subject: RE: Logwatch Update >>>> >>>> >>>>> ----Original Message---- >>>>> From: Mike Tremaine >>>>> Sent: Tuesday, October 03, 2006 11:20 PM >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: RE: Logwatch Update (Phil Udel) >>>>> >>>>> >>>>> >>>>>> Or you can always get in out of cvs at logwatch.org. Having said >>>>>> that I'll see if I can roll your changes into the current version. >>>>>> I'd also encourge you [and everyone who uses logwatch] to upgrade >>>>>> to the 7.3.1 release it. >>>>>> >>>>>> -Mike >>>>> >>>>> If you are running RedHat or CentOS, the Razor's Edge RPM >>>>> Repository keeps >>>>> logwatch fairly up to date.... http://rpm.razorsedge.org/ >>>>> >>>>> Thanks, >>>>> Ryan >>>>> >>>>> -- >>>> I just upgraded the logwatch on my CentOS 3 machine from the link >>>> above. A general pair of questions about all of this: >>>> >>>> 1. I run the cron.daily logwatch and would like to email myself when >>>> this is run. Cron seems to want to run this and mail to root. I >>>> changed the logwatch.conf file (in a few different places) to >>>> "mailto" my address, but it still mails to root. Anyone know which >>>> of the four or five logwatch.conf files will correct this? >>> >>> Add this above the logwatch cron job in your root crontab: >>> MAILTO="you@yourdomain.com" >> >> I'm not sure if this is the cron variable you're speaking of or not, >> but I don't understand where you are suggesting the line should be >> inserted. This job is run from cron.daily on a RH system, using a Perl >> script that sets a lot of variables within that script. There is a >> line to change the logwatch variable "mailto", but that doesn't seem >> to work. The script runs through all of the 4 default directories to >> set variables as described in the man page. >> >> The big problem is that when I set the mailto variable in the script >> using myname@mydomain.com, it indicates a bad variable due to the "@". > Put a \ before the @ I tried that also with no luck. I even used a slash before the .com and it still didn't work. I think that's enough on this list though as this is a logwatch problem and not MS, so I'll try to see what I can find out somewhere else and let this list get back to its main business. I think this is all being loaded into an array (I'm still not Perl-literate) by a statement such as $Config{'mailto'} = "campbell\@cnpapers.com"; The original is: $Config('mailto'} = "root"; Thanks for all the help, though. Steve > >> I tried using another form, along with a Perl string, and that doesn't >> work either. I think I'll try the /etc/logwatch/conf files and see >> where I go with that. >> >> Thanks, though >> >> Steve >>> >>> Ken A. >>> Pacific.Net >>> >>> >>>> >>>> 2. If I upgraded, what do I do with the file attached in the earlier >>>> posts? I do see ClamAV and other new stuff in the report, but will >>>> the attached file make a difference in what I get with the >>>> off-the-shelf RPM from above? >>>> >>>> Thanks >>>> >>>> Steve >>>> >>> -- > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > From mgt at stellarcore.net Wed Oct 4 19:41:11 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Wed Oct 4 19:41:25 2006 Subject: OT: Logwatch Update In-Reply-To: <200610041738.k94HcUge002250@bkserver.blacknight.ie> References: <200610041738.k94HcUge002250@bkserver.blacknight.ie> Message-ID: <45240047.3010608@stellarcore.net> > I'm not sure if this is the cron variable you're speaking of or not, but > I don't understand where you are suggesting the line should be inserted. > This job is run from cron.daily on a RH system, using a Perl script that > sets a lot of variables within that script. There is a line to change > the logwatch variable "mailto", but that doesn't seem to work. The > script runs through all of the 4 default directories to set variables as > described in the man page. > > The big problem is that when I set the mailto variable in the script > using myname@mydomain.com, it indicates a bad variable due to the "@". I > tried using another form, along with a Perl string, and that doesn't > work either. I think I'll try the /etc/logwatch/conf files and see where > I go with that. This is obviously off topic so apologies but just to get it all down. First from logwatch 7+ the conf layout changed. There is no more /etc/log.d instead everything lives in /usr/share/logwatch with end user configs in /etc/logwatch. So for this specific question you should only be editing /etc/logwatch/conf/logwatch.conf. And yes as Julian pointed out you need to escape the @ [ <- Perl Arrays ;0 ]. For more information then you wanted the default conf are under /usr/share/logwatch/default.conf and there is another directory called dist.conf provided for distribution to make there own. dist.conf overrides default.conf /etc/logwatch/conf overrides dist.conf The rpm packages should never replace anything in /etc/logwatch/conf. Now back to our MailScanner program... -Mike From brian.duncan at kattenlaw.com Wed Oct 4 19:42:59 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Oct 4 19:43:07 2006 Subject: Mailscanner/Spam Assassin supportforMicrosoftIMF/SCLSpamscoring? Message-ID: <65234743FE1555428435CE39E6AC4078B38A50@CHI-US-EXCH-01.us.kmz.com> No Christian, your message did make it yesterday. I was excited that someone was already doing this.. I read it and figured I would be able to do what you documented. Unfortunately, the MS IMF user configurable content filter will ONLY act on subject or body or both. NOT message headers. (From everything I have read, I even had an Exchange admin here set it up and from looking at it there is NO capability to act on the presence of a specific header) So organizations that tag Spam based on message headers it does not look like you can get Spam Assassin/Mail Scanner logic to flow through to Exchange/Outlook junk mail folder. Yet there is a possible solution, I have sent emails to this company and am awaiting a reply and an eval of the product. http://www.smtptracker.com/ Assassin2Exchange filter (SpamAssassin to Exchange Spam Confidence Level conversion utility) released with SMTPTracker version 2.0. This stand-alone utility offers custom header conversion from spamassassin spam level to Exchange 2003 scl value (more complex than current s-tracker's conversion) and is available free to registered users. If you feel like this is what you need, send questions and sugestions to info@smtptracker.com. They charge 35.00 for an enterprise unlimited license for the product, or 500 for the source code. It looks like this might work as an alternative for Those like me, that do not want subject or body modifications. I know this is the MailScanner list, and this technically is now beyond MailScanner. I just wanted to follow up on this incase anyone else was thinking it would be good to put support for this in MailScanner or Spam Assassin. (it looks like the xheader for IMF SCL score is not all that is needed anyhow, I tested today having mail scanner create the SCL header on failed Spam messages before hitting Exchange, IMF just ignored the header and re-processed the messages) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Christian Rasmussen Sent: Wednesday, October 04, 2006 10:54 AM To: MailScanner discussion Subject: RE: Mailscanner/Spam Assassin supportforMicrosoftIMF/SCLSpamscoring? Strange, I tried to send to the list yesterday and it just went *poof* for some reason. Here's my experience with IMF/SCL and MailScanner: I've been using the exchange features to assign a SCL score to any message that has the tag added by the mailscanner server. You can set it up so that all of those tagged messages go automatically to the exchange user's junk email folder. I haven't had any complaints about it and it allows for easier cleanup of those messages later. If anyone is interested, check out the following page http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2 -IMF-v2.html Once you have it enabled, just create a rule in your MSExchange.UceContentFilter.xml with something similar to: To tag it with any score you've set above your junk level (in the above example 8) Cheers, -Christian -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Billy A. Pumphrey Sent: Wednesday, October 04, 2006 8:31 AM To: MailScanner discussion Subject: RE: Mailscanner/Spam Assassin supportforMicrosoftIMF/SCLSpamscoring? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. > Sent: Wednesday, October 04, 2006 11:25 AM > To: MailScanner discussion > Subject: RE: Mailscanner/Spam Assassin support > forMicrosoftIMF/SCLSpamscoring? > > I spoke to soon. I looked through all the MS documentation on IMF and > custom rules and you can only act on Body and Subject line phrases. > > It does not support acting on message headers!? We don't modify subjects > incase there is a false positive. > > So it looks like IMF cannot move MailScanner/Spam Assassin scored messages > to a users Junk Mail folder unless you do modify subject or body. > > I guess I will need to used something 3rd party. > That is good to know, thanks for the research and follow up. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From derek at adcatanzaro.com Wed Oct 4 19:54:32 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Wed Oct 4 19:55:06 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <20061004174227.M95785@robhq.com> References: <4523339F.2050601@adcatanzaro.com> <4523EFD9.8040702@adcatanzaro.com> <20061004174227.M95785@robhq.com> Message-ID: <45240368.9070302@adcatanzaro.com> rob wrote: >>> >> The backup started occurring again this morning, reached about 1500 >> messages waiting. I took Res' suggestion and turned off spamassassin in >> the MailScanner.conf and sure enough it was only a matter of a couple >> minutes until the messages waiting went back down to under 200. That >> will at least help in preventing delayed email (thanks Res) but now >> spamassassin is not running which I would obviously like to have running. >> >> Thanks, >> Derek >> >> > > We ran into something like this a few months ago. Found out the machine was swapping a > ton with only 1 gig of RAM installed. Once we bumped this up to 4 gigs of ram, we have > not had the issue return. > > This is the result of a "top" taken from the machine in question. I don't think the swap file is an issue, but really not well versed in what is "good" or "bad" when referring to swap? 13:48:08 up 2:53, 2 users, load average: 6.43, 6.01, 6.17 112 processes: 109 sleeping, 3 running, 0 zombie, 0 stopped CPU states: cpu user nice system irq softirq iowait idle total 61.6% 0.0% 25.4% 0.0% 0.0% 0.0% 112.6% cpu00 29.3% 0.0% 9.5% 0.0% 0.0% 0.0% 61.1% cpu01 32.3% 0.0% 16.0% 0.0% 0.0% 0.0% 51.5% Mem: 2068504k av, 2026528k used, 41976k free, 0k shrd, 90976k buff 1132356k active, 815024k inactive Swap: 1831912k av, 8304k used, 1823608k free 326936k cached -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Wed Oct 4 20:03:17 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Oct 4 20:03:44 2006 Subject: Logwatch Update References: <200610041738.k94HcUge002250@bkserver.blacknight.ie> <45240047.3010608@stellarcore.net> Message-ID: <001c01c6e7e7$c11f3f70$0705000a@DDF5DW71> ----- Original Message ----- From: "Mike Tremaine" To: Sent: Wednesday, October 04, 2006 2:41 PM Subject: OT: Logwatch Update > > > I'm not sure if this is the cron variable you're speaking of or not, but > > I don't understand where you are suggesting the line should be inserted. > > This job is run from cron.daily on a RH system, using a Perl script that > > sets a lot of variables within that script. There is a line to change > > the logwatch variable "mailto", but that doesn't seem to work. The > > script runs through all of the 4 default directories to set variables as > > described in the man page. > > > > The big problem is that when I set the mailto variable in the script > > using myname@mydomain.com, it indicates a bad variable due to the "@". I > > tried using another form, along with a Perl string, and that doesn't > > work either. I think I'll try the /etc/logwatch/conf files and see where > > I go with that. > > This is obviously off topic so apologies but just to get it all down. > > First from logwatch 7+ the conf layout changed. There is no more > /etc/log.d instead everything lives in /usr/share/logwatch with end user > configs in /etc/logwatch. So for this specific question you should only be > editing /etc/logwatch/conf/logwatch.conf. And yes as Julian pointed out > you need to escape the @ [ <- Perl Arrays ;0 ]. > > For more information then you wanted the default conf are under > /usr/share/logwatch/default.conf and there is another directory called > dist.conf provided for distribution to make there own. > > dist.conf overrides default.conf > /etc/logwatch/conf overrides dist.conf > > The rpm packages should never replace anything in /etc/logwatch/conf. > > Now back to our MailScanner program... > > -Mike > -- Thanks Mike, I was aware of the new directory structure, as mentioned above as the "4 default directories". Although I had tried the local /etc/logwatch/conf/logwatch.conf file earlier, I had the format wrong, as I now have it working with an entry in the local logwatch.conf file. I used the following: MailTo = campbell@cnpapers.com with no escapements or quotation marks and it works fine. Just thought I would let anyone else know. Thanks for all the help from everyone. Steve From matt at coders.co.uk Wed Oct 4 20:13:08 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed Oct 4 20:13:30 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <45240368.9070302@adcatanzaro.com> References: <4523339F.2050601@adcatanzaro.com> <4523EFD9.8040702@adcatanzaro.com> <20061004174227.M95785@robhq.com> <45240368.9070302@adcatanzaro.com> Message-ID: <452407C4.8060203@coders.co.uk> Derek Catanzaro wrote: > This is the result of a "top" taken from the machine in question. I > don't think the swap file is an issue, but really not well versed in > what is "good" or "bad" when referring to swap? > Top doesn't give you a good enough picture vmstat is your friend read the man page and check for the "si" and "so" columns. Does anyone know if MailScanner causes swapping? matt From cplists at princeservices.com Wed Oct 4 20:30:56 2006 From: cplists at princeservices.com (Cameron B. Prince) Date: Wed Oct 4 20:29:09 2006 Subject: Bouncing Specific Addresses With Mailer Table Setup Message-ID: <014b01c6e7eb$9d9f6e40$1901a8c0@PSLAPTOP1> Hey guys, I have a client who is using MailScanner as a front-end for CommuniGate via mailertable. We have old, long since removed addresses that are constantly being spammed. We would like to maintain a list of those bad addresses on the MailScanner side that would cause them to be bounced before even being processed by MailScanner. Could anyway tell me if this is possible? Basically I would like to mimic the behavior of the "error:nouser User Unknown" entry in the virtusertable of a normal configuration. Thanks, Cameron From chen at hhmi.umbc.edu Wed Oct 4 20:35:35 2006 From: chen at hhmi.umbc.edu (Yu Chen) Date: Wed Oct 4 20:35:56 2006 Subject: 4.56.7 having trouble installing perl-Archive-Zip Message-ID: Hi, all Just trying to install a fresh copy of MailScanner 4.56.7 on a newly built RHEL 4 update 4, during the installation from install.sh, the perl-Archive-Zip failed with bad exit from /tmp/rpm-tmp...., but right after that, I used rpmbuild --rebuild the Archive-Zip.src.rpm with no problem and installed fine. Is this normal? And in MailScanner -v outputs, there is a "Missing SAVI" line, is this ok? Thanks, cy =========================================== Yu Chen Howard Hughes Medical Institute Chemistry Building, Rm 182 University of Maryland at Baltimore County 1000 Hilltop Circle Baltimore, MD 21250 phone: (410)455-6347 (primary) (410)455-2718 (secondary) fax: (410)455-1174 email: chen@hhmi.umbc.edu =========================================== From wayne at nightsol.net Wed Oct 4 21:07:22 2006 From: wayne at nightsol.net (Wayne) Date: Wed Oct 4 21:07:30 2006 Subject: Don =?iso-8859-1?q?=B9?= t change message header Message-ID: Hi guys, How can I set up MailScanner so that it makes no changes to the message headers at all? If I commend out the lines #Clean Header Value = Found to be clean #Infected Header Value = Found to be infected #Disinfected Header Value = Disinfected Changes still get made.. If I set them to Clean Header Value = Infected Header Value = Disinfected Header Value = Changes still get made.. Anybody have any ideas? Thanks, Wayne From derek at adcatanzaro.com Wed Oct 4 21:35:44 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Wed Oct 4 21:36:12 2006 Subject: New Batch: found 200 messages waiting, Number keeps increasing In-Reply-To: <452407C4.8060203@coders.co.uk> References: <4523339F.2050601@adcatanzaro.com> <4523EFD9.8040702@adcatanzaro.com> <20061004174227.M95785@robhq.com> <45240368.9070302@adcatanzaro.com> <452407C4.8060203@coders.co.uk> Message-ID: <45241B20.6050402@adcatanzaro.com> Matt Hampton wrote: > Derek Catanzaro wrote: > > >> This is the result of a "top" taken from the machine in question. I >> don't think the swap file is an issue, but really not well versed in >> what is "good" or "bad" when referring to swap? >> >> > > Top doesn't give you a good enough picture > > vmstat is your friend > > read the man page and check for the "si" and "so" columns. > > Does anyone know if MailScanner causes swapping? > > matt > Yes, I agree, this has crossed over into the OT realm. Thanks for the vmstat info, looking into it now. I appreciate the suggestions everyone has given. Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Oct 4 22:30:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 4 22:31:05 2006 Subject: 4.56.7 having trouble installing perl-Archive-Zip In-Reply-To: References: Message-ID: <4524280B.5090008@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I haven't had a chance to test RHEL4u4 yet. The Missing SAVI line is harmless unless you are trying to use the Sophos SAVI module. If you aren't using the "sophossavi" scanner, it's irrelevant. Don't worry. Yu Chen wrote: > Hi, all > Just trying to install a fresh copy of MailScanner 4.56.7 on a newly > built RHEL 4 update 4, during the installation from install.sh, the > perl-Archive-Zip failed with bad exit from /tmp/rpm-tmp...., but right > after that, I used rpmbuild --rebuild the Archive-Zip.src.rpm with no > problem and installed fine. Is this normal? And in MailScanner -v > outputs, there is a "Missing SAVI" line, is this ok? > > Thanks, > > cy > > =========================================== > Yu Chen > Howard Hughes Medical Institute > Chemistry Building, Rm 182 > University of Maryland at Baltimore County > 1000 Hilltop Circle > Baltimore, MD 21250 > > phone: (410)455-6347 (primary) > (410)455-2718 (secondary) > fax: (410)455-1174 > email: chen@hhmi.umbc.edu > =========================================== Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFJCgMEfZZRxQVtlQRAsNpAJ4qaXPoU2oluFzvnk36qQGtT4lkngCdE1nM nfQuayYpC0R69gjGrl8/sOc= =w/rm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Oct 4 22:38:55 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 4 22:39:31 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> Message-ID: Scott Silva spake the following on 10/4/2006 8:43 AM: > Glenn Steen spake the following on 10/4/2006 3:55 AM: >> On 04/10/06, Henry Hollenberg wrote: >>> SOLVED: razor-agent.log file in mailscanner incoming queue directory >>> /var/spool/postfix/hold was hanging mailscanner on automatic >>> restart every 14400 seconds. Synopsis top-posted for your convenience. >>> See reply to Drew as bottom-post below. hgh. >>> >> Somewhat a known issue. Good to know what solved it for you though. >> >>> Drew Marshall wrote: >>>> On Wed, October 4, 2006 01:52, Henry Hollenberg wrote: >> (snip) >>>>> Oh!, like the razor-agent file? : >>>> >>>> Yup, just like that. Never one to say told you so but... :-) >>>> >>>> Having said that, you have fixed the cause so delete that one (Oh I see >>>> from your next message you have. Nice to see you are continuing the >>>> tradition of Postfix users replying to themselves ;-) Keep up the good >>>> work :-> ) >>>> >>>> You shuld now have few (No?) problems and a damn sight less Spam. >>>> >>>> Regards >>>> >>>> Drew >>>> >>> Talk to myself alot too, anyway, that seemed to fix it >>> as my mailbox has 21 general emails in it (non-mailing list >>> mails). Damn sight less than the 100+ I was waking up to. >>> >>> 3 were appropriately labeled as SPAM >>> 17 slipped thru >>> 1 valid email about a dead disk at work >> Were those image type spam? I find ImageInfo >> (http://www.rulesemporium.com/plugins.htm) fixes that well for me... >> Or one could do FuzzyOcr (look at the apache spamassassin site...). >> >>> Thanks for all the help! >> We do what we can:-) > Hey Glenn, > Does the imageinfo plugin load like the old plugins always did, or do you now > have to use a load plugin line in init.pre? > > (Not hijacking the thread as Glenn mentioned the plugin above.) > > Never mind ... I actually RTFM. Will try to remember to do so in the future. Replying to myself ... Hmmmm... Must be running postfix somewhere. Oh yeah... Now I remember ... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From taz at taz-mania.com Wed Oct 4 22:42:56 2006 From: taz at taz-mania.com (Dennis Willson) Date: Wed Oct 4 22:42:59 2006 Subject: Bouncing Specific Addresses With Mailer Table Setup In-Reply-To: <014b01c6e7eb$9d9f6e40$1901a8c0@PSLAPTOP1> Message-ID: I have the setup (sendmail/MailScanner/SpamAssassin/ClamAV/Mailwatch mail hub in front of a CommunigatePro mail server). I use SMF-SAV milter to do the user verification. It uses the mailer table and then asks Communicate if that user exists before accepting the email and if that users doesn't exist, it rejects with a "550 5.1.1 Sorry, no mailbox here with that name" error. It works really well. It can also do Sender Address Verification where it looks up the mx record for the sending email address domain and then goes and asks that mail server if the sending username really exists, if not it rejects the email. Either of those functions can be disabled and there is the ability to enter Whitelists. Hope this helps. On Wed, 4 Oct 2006 14:30:56 -0500 "Cameron B. Prince" wrote: >Hey guys, > >I have a client who is using MailScanner as a front-end for >CommuniGate via >mailertable. We have old, long since removed addresses that are >constantly >being spammed. We would like to maintain a list of those bad >addresses on >the MailScanner side that would cause them to be bounced before even >being >processed by MailScanner. Could anyway tell me if this is possible? > >Basically I would like to mimic the behavior of the "error:nouser >User >Unknown" entry in the virtusertable of a normal configuration. > >Thanks, >Cameron > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------------------------------------------- Dennis Willson taz@taz-mania.com http://www.taz-mania.com Ham: ka6lsw Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, Gas Blender Owner: Kepnet Internet Services Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" From pete at enitech.com.au Wed Oct 4 22:50:27 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Oct 4 22:50:44 2006 Subject: Config for Out of Office in Outlook In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D021F81@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D021F81@hcex.hartwellcorp.com> Message-ID: <45242CA3.7040709@enitech.com.au> Have a look at using Outlook rules. Michael St. Laurent wrote: > This is not directly related to MailScanner but I?m hoping someone on > the list can point me in the right direction. > > > > We have folks here who use Outlook?s Out of Office Assistant and who > wish to ensure that no automatic replies are sent to mailing lists. The > mail server is running Exchange 2003. Do I need to change any settings > or modify the registry to accomplish this? > From Kevin_Miller at ci.juneau.ak.us Wed Oct 4 23:03:39 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Oct 4 23:03:49 2006 Subject: Config for Out of Office in Outlook In-Reply-To: <45242CA3.7040709@enitech.com.au> Message-ID: Peter Russell wrote: > Have a look at using Outlook rules. > > Michael St. Laurent wrote: >> This is not directly related to MailScanner but I'm hoping someone on >> the list can point me in the right direction. >> >> >> >> We have folks here who use Outlook's Out of Office Assistant and who >> wish to ensure that no automatic replies are sent to mailing lists. >> The mail server is running Exchange 2003. Do I need to change any >> settings or modify the registry to accomplish this? No, you want it set in Exchange System Manager. I forget where and am just leaving (all the fun I can handle for the day!), but google for it. If you can't find it holler and I'll dig deeper tomorrow. Somewhere in System manager is where you can set up a number of things that outta be changed, such as turn off RTF format to the internet, turn off Out of Office notifications to the internet, etc. I can set my Out of Office in Outlook, and it works fine internally, but they never leave our system. But it's a server side setting because you don't want to rely on your users to remember (or have to even agree) to turn it off in the client... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From tim at denmantire.com Thu Oct 5 00:14:04 2006 From: tim at denmantire.com (Tim Boyer) Date: Thu Oct 5 00:14:23 2006 Subject: Reject vs. bounce References: <223f97700610030443l50b5c5a0r46c8f886d8cd8eb@mail.gmail.com> <223f97700610040026k412065e9md61050b85ab943b5@mail.gmail.com> Message-ID: On Wed, 4 Oct 2006 09:26:03 +0200, "Glenn Steen" wrote: >On 04/10/06, Tim Boyer wrote: >(snip) >> >> I'm rejecting 2,000 per day for 50 users. If I quarantined and had them go >> through them, it would be as time-consuming as letting them go through. >> >But are all 2000 SA-driven? Could you perhaps use "other measures" >(like rfc strictness, only accepting valid addresses, greet_pause, >graylist, whatever) to slim that down (assuming you don't do all/any >of that already:-)? Might make quarantining a more palatable option. > >-- >-- Glenn Yup; some combination of things will probably work. I'll start checking my filters and see what gets through where. Thanks much! -- tim boyer tim@denmantire.com From glenn.steen at gmail.com Thu Oct 5 08:49:00 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 5 08:49:05 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> Message-ID: <223f97700610050049m4ada99aeh9fc3db5ad3eaf78@mail.gmail.com> On 04/10/06, Scott Silva wrote: (snip) > Never mind ... I actually RTFM. Will try to remember to do so in the future. ... Amazing what that can reveal, eh?:-). > Replying to myself ... Hmmmm... Must be running postfix somewhere. > Oh yeah... Now I remember ... Always knew you were a closet PF user...:-D. Somewhat back on track: I thought I'd need both ImageInfo and FuzzyOcr... But when I implemented ImageInfo (I like to change things (that work:) one small step at a time, when possible... Tweaking, not frobbing;), I fairly quickly realised it got all the image-based spam without hardly any FPs (at least not any _new_ FPs... The ones FP'ing was doing that already due to badly come together .... "marketing systems"... "solicited" spam type of things:-). So I backed off from the ocr bit (have it running on a testbed, but... will probably not introduce it into production use). What amazes me is that some of the more influential merchant banks/financial institutions have really no clue as to how to put mail together that don't look spammy... Instead they annoy us (their "users") with notes about please making exceptions _for their domain names_ ... Really no clue at all. If their communications are that important, why not make the effort to set up SPF and/or Domain Keys... Or just avoid forging senders, HTML mails with a lot of big images, ALL CAPS subjects etc etc etc. Jeez. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at woodmclaw.com Thu Oct 5 14:12:01 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Oct 5 14:12:06 2006 Subject: Config for Out of Office in Outlook In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1501729777@woodenex.woodmaclaw.local> > No, you want it set in Exchange System Manager. I forget where and am > just leaving (all the fun I can handle for the day!), but google for it. > If you can't find it holler and I'll dig deeper tomorrow. > > Somewhere in System manager is where you can set up a number of things > that outta be changed, such as turn off RTF format to the internet, turn > off Out of Office notifications to the internet, etc. > > I can set my Out of Office in Outlook, and it works fine internally, but > they never leave our system. But it's a server side setting because you > don't want to rely on your users to remember (or have to even agree) to > turn it off in the client... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > -- Looks like it might be this: 1. In system manager, go to Global Settings 2. Right click on Internet message Formats, click on properties 3. Go to the Advanced tab There you will see check marks for "Allow out of office responses" Is that the correct setting? From bpumphrey at woodmclaw.com Thu Oct 5 15:00:54 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Oct 5 15:00:59 2006 Subject: Logwatch Update In-Reply-To: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501729778@woodenex.woodmaclaw.local> > ----Original Message---- > From: Mike Tremaine > Sent: Tuesday, October 03, 2006 11:20 PM > To: mailscanner@lists.mailscanner.info > Subject: RE: Logwatch Update (Phil Udel) > > > > > Or you can always get in out of cvs at logwatch.org. Having said > > that I'll see if I can roll your changes into the current version. > > I'd also encourge you [and everyone who uses logwatch] to upgrade > > to the 7.3.1 release it. > > > > -Mike > > If you are running RedHat or CentOS, the Razor's Edge RPM Repository keeps > logwatch fairly up to date.... http://rpm.razorsedge.org/ > > Thanks, > Ryan > I cannot find a good link to download it. Does anyone have a good link for it? From campbell at cnpapers.com Thu Oct 5 15:22:46 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Oct 5 15:23:16 2006 Subject: Logwatch Update References: <04D932B0071FE34FA63EBB1977B48D1501729778@woodenex.woodmaclaw.local> Message-ID: <005b01c6e889$badf5580$0705000a@DDF5DW71> ----- Original Message ----- From: "Billy A. Pumphrey" To: "MailScanner discussion" Sent: Thursday, October 05, 2006 10:00 AM Subject: RE: Logwatch Update >> ----Original Message---- >> From: Mike Tremaine >> Sent: Tuesday, October 03, 2006 11:20 PM >> To: mailscanner@lists.mailscanner.info >> Subject: RE: Logwatch Update (Phil Udel) >> >> >> >> > Or you can always get in out of cvs at logwatch.org. Having said >> > that I'll see if I can roll your changes into the current version. >> > I'd also encourge you [and everyone who uses logwatch] to upgrade >> > to the 7.3.1 release it. >> > >> > -Mike >> >> If you are running RedHat or CentOS, the Razor's Edge RPM Repository > keeps >> logwatch fairly up to date.... http://rpm.razorsedge.org/ >> >> Thanks, >> Ryan >> > > I cannot find a good link to download it. Does anyone have a good link > for it? > -- The link above worked fine for me. Steve From bpumphrey at woodmclaw.com Thu Oct 5 15:51:49 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Oct 5 15:52:00 2006 Subject: Logwatch Update In-Reply-To: <005b01c6e889$badf5580$0705000a@DDF5DW71> Message-ID: <04D932B0071FE34FA63EBB1977B48D150172977A@woodenex.woodmaclaw.local> > > >> ----Original Message---- > >> From: Mike Tremaine > >> Sent: Tuesday, October 03, 2006 11:20 PM > >> To: mailscanner@lists.mailscanner.info > >> Subject: RE: Logwatch Update (Phil Udel) > >> > >> > >> > >> > Or you can always get in out of cvs at logwatch.org. Having said > >> > that I'll see if I can roll your changes into the current version. > >> > I'd also encourge you [and everyone who uses logwatch] to upgrade > >> > to the 7.3.1 release it. > >> > > >> > -Mike > >> > >> If you are running RedHat or CentOS, the Razor's Edge RPM Repository > > keeps > >> logwatch fairly up to date.... http://rpm.razorsedge.org/ > >> > >> Thanks, > >> Ryan > >> > > > > I cannot find a good link to download it. Does anyone have a good link > > for it? > > -- > The link above worked fine for me. > > Steve > > -- Ok, Sorry I missed the link in the thread. I was searching google. The logwatch home page seems to be nonexistent. From campbell at cnpapers.com Thu Oct 5 16:12:10 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Oct 5 16:12:39 2006 Subject: Logwatch Update References: <04D932B0071FE34FA63EBB1977B48D150172977A@woodenex.woodmaclaw.local> Message-ID: <002201c6e890$a181c990$0705000a@DDF5DW71> ----- Original Message ----- From: "Billy A. Pumphrey" To: "MailScanner discussion" Sent: Thursday, October 05, 2006 10:51 AM Subject: RE: Logwatch Update >> >> >> ----Original Message---- >> >> From: Mike Tremaine >> >> Sent: Tuesday, October 03, 2006 11:20 PM >> >> To: mailscanner@lists.mailscanner.info >> >> Subject: RE: Logwatch Update (Phil Udel) >> >> >> >> >> >> >> >> > Or you can always get in out of cvs at logwatch.org. Having said >> >> > that I'll see if I can roll your changes into the current > version. >> >> > I'd also encourge you [and everyone who uses logwatch] to upgrade >> >> > to the 7.3.1 release it. >> >> > >> >> > -Mike >> >> >> >> If you are running RedHat or CentOS, the Razor's Edge RPM > Repository >> > keeps >> >> logwatch fairly up to date.... http://rpm.razorsedge.org/ >> >> >> >> Thanks, >> >> Ryan >> >> >> > >> > I cannot find a good link to download it. Does anyone have a good > link >> > for it? >> > -- >> The link above worked fine for me. >> >> Steve >> >> -- > > Ok, Sorry I missed the link in the thread. I was searching google. The > logwatch home page seems to be nonexistent. > > > -- The logwatch homepage uses a non-standard port (8080 or/and 81) I believe. If you have a firewall, you're probably blocking it there. Steve From cplists at princeservices.com Thu Oct 5 16:25:18 2006 From: cplists at princeservices.com (Cameron B. Prince) Date: Thu Oct 5 16:23:26 2006 Subject: Bouncing Specific Addresses With Mailer Table Setup In-Reply-To: Message-ID: <01c101c6e892$7750a180$1901a8c0@PSLAPTOP1> Hi Dennis, I believe this is exactly what we need. Thanks for the advice. Cameron > I have the setup (sendmail/MailScanner/SpamAssassin/ClamAV/Mailwatch > mail hub in front of a CommunigatePro mail server). I use SMF-SAV > milter to do the user verification. It uses the mailer table and then > asks Communicate if that user exists before accepting the email and if > that users doesn't exist, it rejects with a "550 5.1.1 Sorry, no > mailbox here with that name" error. It works really well. It can also > do Sender Address Verification where it looks up the mx record for the > sending email address domain and then goes and asks that mail server > if the sending username really exists, if not it rejects the email. > Either of those functions can be disabled and there is the ability to > enter Whitelists. > > Hope this helps. > > > On Wed, 4 Oct 2006 14:30:56 -0500 > "Cameron B. Prince" wrote: > >Hey guys, > > > >I have a client who is using MailScanner as a front-end for > >CommuniGate via > >mailertable. We have old, long since removed addresses that are > >constantly > >being spammed. We would like to maintain a list of those bad > >addresses on > >the MailScanner side that would cause them to be bounced before even > >being > >processed by MailScanner. Could anyway tell me if this is possible? > > > >Basically I would like to mimic the behavior of the "error:nouser > >User > >Unknown" entry in the virtusertable of a normal configuration. > > > >Thanks, > >Cameron > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > > -------------------------------------------------- > Dennis Willson > > taz@taz-mania.com > http://www.taz-mania.com > > Ham: ka6lsw > Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, > Gas Blender > > Owner: Kepnet Internet Services > > Life should not be a journey to the grave with the intention of > arriving safely in a nice looking and well preserved body, but rather > to skid in broadside, thoroughly used up, totally worn out, and loudly > proclaiming, "WOW! WHAT A RIDE!" > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Thu Oct 5 16:26:51 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 5 16:40:53 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <223f97700610050049m4ada99aeh9fc3db5ad3eaf78@mail.gmail.com> References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> <223f97700610050049m4ada99aeh9fc3db5ad3eaf78@mail.gmail.com> Message-ID: Glenn Steen spake the following on 10/5/2006 12:49 AM: > On 04/10/06, Scott Silva wrote: > (snip) >> Never mind ... I actually RTFM. Will try to remember to do so in the >> future. > ... Amazing what that can reveal, eh?:-). > >> Replying to myself ... Hmmmm... Must be running postfix somewhere. >> Oh yeah... Now I remember ... > Always knew you were a closet PF user...:-D. > > Somewhat back on track: I thought I'd need both ImageInfo and > FuzzyOcr... But when I implemented ImageInfo (I like to change things > (that work:) one small step at a time, when possible... Tweaking, not > frobbing;), I fairly quickly realised it got all the image-based spam > without hardly any FPs (at least not any _new_ FPs... The ones FP'ing > was doing that already due to badly come together .... "marketing > systems"... "solicited" spam type of things:-). So I backed off from > the ocr bit (have it running on a testbed, but... will probably not > introduce it into production use). > > What amazes me is that some of the more influential merchant > banks/financial institutions have really no clue as to how to put mail > together that don't look spammy... Instead they annoy us (their > "users") with notes about please making exceptions _for their domain > names_ ... Really no clue at all. > If their communications are that important, why not make the effort to > set up SPF and/or Domain Keys... Or just avoid forging senders, HTML > mails with a lot of big images, ALL CAPS subjects etc etc etc. Jeez. > > It is just like the web designers that abbreviate words into their pron-looking equivalents and set off the content filters. I had a V.P. in here wondering why the (tit)anium driver he was trying to look at was classified as objectionable. I just need a TCP/IP enabled lart! Then I could give a clue anywhere in the world! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Kevin_Miller at ci.juneau.ak.us Thu Oct 5 16:42:14 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Oct 5 16:42:21 2006 Subject: Config for Out of Office in Outlook In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501729777@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey wrote: > >> No, you want it set in Exchange System Manager. I forget where and >> am just leaving (all the fun I can handle for the day!), but google >> for it. If you can't find it holler and I'll dig deeper tomorrow. >> >> Somewhere in System manager is where you can set up a number of >> things that outta be changed, such as turn off RTF format to the >> internet, turn off Out of Office notifications to the internet, etc. >> >> I can set my Out of Office in Outlook, and it works fine internally, >> but they never leave our system. But it's a server side setting >> because you don't want to rely on your users to remember (or have to >> even agree) to turn it off in the client... >> >> ...Kevin >> -- >> Kevin Miller Registered Linux User No: 307357 >> CBJ MIS Dept. Network Systems Admin., Mail Admin. >> 155 South Seward Street ph: (907) 586-0242 >> Juneau, Alaska 99801 fax: (907 586-4500 >> -- > > Looks like it might be this: > 1. In system manager, go to Global Settings > 2. Right click on Internet message Formats, click on properties > 3. Go to the Advanced tab > > There you will see check marks for "Allow out of office responses" > > Is that the correct setting? Yup, thanks Billy. Although I had trouble getting there following steps 1-3. I'm probably still waiting for the morning's coffee to kick in. For me, it was: 1. In system manager, go to Global Settings 2. Left click on Internet message Formats, in the right hand pane select the Internet Message Format that talks to the internet. I have several 'formats' as I talk to other Exchange servers, but my default format talks to the internet (via my MailScanner gateways) so that's the one I operate on. Either double click it, or right click and go to properties. 3. Go to the Advanced tab 4. Select Never Use in the Exchange Rich Text Format area. I'm persuaded that RTF sucks. YMMV. Season to taste. 5. Uncheck Allow Out of Office Responses. You're done. Well, mostly. You might also want to check out these pages: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:sa-learn:msexchange (I haven't done this yet but probably will soon.) http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf This references milter-ahead, but I'm using smf-sav. Nonetheless, the concept is the same and running either milter is a righteous thing to do... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From bpumphrey at woodmclaw.com Thu Oct 5 16:52:12 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Oct 5 16:52:17 2006 Subject: Config for Out of Office in Outlook In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D150172977D@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > Sent: Thursday, October 05, 2006 11:42 AM > To: MailScanner discussion > Subject: RE: Config for Out of Office in Outlook > > Billy A. Pumphrey wrote: > > > >> No, you want it set in Exchange System Manager. I forget where and > >> am just leaving (all the fun I can handle for the day!), but google > >> for it. If you can't find it holler and I'll dig deeper tomorrow. > >> > >> Somewhere in System manager is where you can set up a number of > >> things that outta be changed, such as turn off RTF format to the > >> internet, turn off Out of Office notifications to the internet, etc. > >> > >> I can set my Out of Office in Outlook, and it works fine internally, > >> but they never leave our system. But it's a server side setting > >> because you don't want to rely on your users to remember (or have to > >> even agree) to turn it off in the client... > >> > >> ...Kevin > >> -- > >> Kevin Miller Registered Linux User No: 307357 > >> CBJ MIS Dept. Network Systems Admin., Mail Admin. > >> 155 South Seward Street ph: (907) 586-0242 > >> Juneau, Alaska 99801 fax: (907 586-4500 > >> -- > > > > Looks like it might be this: > > 1. In system manager, go to Global Settings > > 2. Right click on Internet message Formats, click on properties > > 3. Go to the Advanced tab > > > > There you will see check marks for "Allow out of office responses" > > > > Is that the correct setting? > > Yup, thanks Billy. Although I had trouble getting there following steps > 1-3. I'm probably still waiting for the morning's coffee to kick in. > For me, it was: > 1. In system manager, go to Global Settings > 2. Left click on Internet message Formats, in the right hand pane select > the Internet Message Format that talks to the internet. I have several > 'formats' as I talk to other Exchange servers, but my default format > talks to the internet (via my MailScanner gateways) so that's the one I > operate on. Either double click it, or right click and go to > properties. > 3. Go to the Advanced tab > 4. Select Never Use in the Exchange Rich Text Format area. I'm > persuaded that RTF sucks. YMMV. Season to taste. > 5. Uncheck Allow Out of Office Responses. > > You're done. Well, mostly. You might also want to check out these > pages: > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass > assin:sa-learn:msexchange (I haven't done this yet but probably will > soon.) > http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf This > references milter-ahead, but I'm using smf-sav. Nonetheless, the > concept is the same and running either milter is a righteous thing to > do... > > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > -- That was me. I should have re-read it, I left out a click or two. So the out of office check box will still allow internal out of office auto replies? From Kevin_Miller at ci.juneau.ak.us Thu Oct 5 17:14:12 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Oct 5 17:14:20 2006 Subject: Config for Out of Office in Outlook In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150172977D@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey wrote: > That was me. I should have re-read it, I left out a click or two. So > the out of office check box will still allow internal out of office > auto replies? Correct. Remember, this is just dealing with the SMTP side of things (internet messaging) so you aren't affecting non-SMTP mail. Within it's only little universe, Exchange follows it's own set of rules - it's just when the message leaves the box that the rules change. Note in my previous message that I had multiple 'formats' though. A couple of them talk to other Exchange servers, but they're outside our forest/domain but still w/in the CBJ umbrella so I communicate via SMTP with them. I explicitly didn't disable out of office on them, as I want them to receive the notices. It's just in the internet 'format' that I wanted to squelch them. I could complain that Microsoft should have turned off internet responses by default, but if they had I'd be complaining that I have to explicitly turn them on for internal messages. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Thu Oct 5 18:28:54 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 5 18:28:58 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: References: <452047C0.7010002@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> <223f97700610050049m4ada99aeh9fc3db5ad3eaf78@mail.gmail.com> Message-ID: <223f97700610051028g3a4335dl3daf9eac535621ab@mail.gmail.com> On 05/10/06, Scott Silva wrote: > Glenn Steen spake the following on 10/5/2006 12:49 AM: > > On 04/10/06, Scott Silva wrote: > > (snip) > >> Never mind ... I actually RTFM. Will try to remember to do so in the > >> future. > > ... Amazing what that can reveal, eh?:-). > > > >> Replying to myself ... Hmmmm... Must be running postfix somewhere. > >> Oh yeah... Now I remember ... > > Always knew you were a closet PF user...:-D. > > > > Somewhat back on track: I thought I'd need both ImageInfo and > > FuzzyOcr... But when I implemented ImageInfo (I like to change things > > (that work:) one small step at a time, when possible... Tweaking, not > > frobbing;), I fairly quickly realised it got all the image-based spam > > without hardly any FPs (at least not any _new_ FPs... The ones FP'ing > > was doing that already due to badly come together .... "marketing > > systems"... "solicited" spam type of things:-). So I backed off from > > the ocr bit (have it running on a testbed, but... will probably not > > introduce it into production use). > > > > What amazes me is that some of the more influential merchant > > banks/financial institutions have really no clue as to how to put mail > > together that don't look spammy... Instead they annoy us (their > > "users") with notes about please making exceptions _for their domain > > names_ ... Really no clue at all. > > If their communications are that important, why not make the effort to > > set up SPF and/or Domain Keys... Or just avoid forging senders, HTML > > mails with a lot of big images, ALL CAPS subjects etc etc etc. Jeez. > > > > > It is just like the web designers that abbreviate words into their > pron-looking equivalents and set off the content filters. > I had a V.P. in here wondering why the (tit)anium driver he was trying to look > at was classified as objectionable. Ah. That problem... Closely related to OOdesign/development... "grope through the objects private parts"... :-) > I just need a TCP/IP enabled lart! Then I could give a clue anywhere in the world! Sounds like a wothwile project... Only trouble is getting the (l)users to install it:-) ... Or were you considering a change to the TCP protocol...?:-D -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu Oct 5 19:12:09 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 5 19:14:13 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <223f97700610051028g3a4335dl3daf9eac535621ab@mail.gmail.com> References: <452047C0.7010002@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> <223f97700610050049m4ada99aeh9fc3db5ad3eaf78@mail.gmail.com> <223f97700610051028g3a4335dl3daf9eac535621ab@mail.gmail.com> Message-ID: Glenn Steen spake the following on 10/5/2006 10:28 AM: > On 05/10/06, Scott Silva wrote: >> Glenn Steen spake the following on 10/5/2006 12:49 AM: >> > On 04/10/06, Scott Silva wrote: >> > (snip) >> >> Never mind ... I actually RTFM. Will try to remember to do so in the >> >> future. >> > ... Amazing what that can reveal, eh?:-). >> > >> >> Replying to myself ... Hmmmm... Must be running postfix somewhere. >> >> Oh yeah... Now I remember ... >> > Always knew you were a closet PF user...:-D. >> > >> > Somewhat back on track: I thought I'd need both ImageInfo and >> > FuzzyOcr... But when I implemented ImageInfo (I like to change things >> > (that work:) one small step at a time, when possible... Tweaking, not >> > frobbing;), I fairly quickly realised it got all the image-based spam >> > without hardly any FPs (at least not any _new_ FPs... The ones FP'ing >> > was doing that already due to badly come together .... "marketing >> > systems"... "solicited" spam type of things:-). So I backed off from >> > the ocr bit (have it running on a testbed, but... will probably not >> > introduce it into production use). >> > >> > What amazes me is that some of the more influential merchant >> > banks/financial institutions have really no clue as to how to put mail >> > together that don't look spammy... Instead they annoy us (their >> > "users") with notes about please making exceptions _for their domain >> > names_ ... Really no clue at all. >> > If their communications are that important, why not make the effort to >> > set up SPF and/or Domain Keys... Or just avoid forging senders, HTML >> > mails with a lot of big images, ALL CAPS subjects etc etc etc. Jeez. >> > >> > >> It is just like the web designers that abbreviate words into their >> pron-looking equivalents and set off the content filters. >> I had a V.P. in here wondering why the (tit)anium driver he was trying >> to look >> at was classified as objectionable. > Ah. That problem... Closely related to OOdesign/development... "grope > through the objects private parts"... :-) > >> I just need a TCP/IP enabled lart! Then I could give a clue anywhere >> in the world! > Sounds like a wothwile project... Only trouble is getting the (l)users > to install it:-) ... Or were you considering a change to the TCP > protocol...?:-D > Should be a default daemon installed in every operating system from now to the end of time. Maybe it could be set to autorun on the extremely challenged. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Oct 5 19:16:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 5 19:16:23 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: References: <452047C0.7010002@rcwm.com> <4522236E.1030005@ecs.soton.ac.uk> <45224478.2030403@rcwm.com> <223f97700610030427t79b7414kd53125d621d9d817@mail.gmail.com> <452305C9.5060703@rcwm.com> <53767.194.70.180.170.1159947741.squirrel@www.technologytiger.net> <45239006.6080905@rcwm.com> <223f97700610040355v5a2fa625ta592c18cc42a814@mail.gmail.com> <223f97700610050049m4ada99aeh9fc3db5ad3eaf78@mail.gmail.com> Message-ID: <45254BE9.5040102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > > I just need a TCP/IP enabled lart! Then I could give a clue anywhere in the world! > Has no-one come up with a LCP/IP (lart control protocol) ? An obvious one for next April 1st surely. Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFJUvqEfZZRxQVtlQRAqbnAKDcv3F6B4OgVeVYvOUU7Ghr2rQQvgCggr8H ycReKB1vuiYUlVWQGm1q4Hw= =V6u6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From martinh at solidstatelogic.com Thu Oct 5 19:33:36 2006 From: martinh at solidstatelogic.com (martinh@solidstatelogic.com) Date: Thu Oct 5 19:33:56 2006 Subject: [Fwd: ANNOUNCE: Apache SpamAssassin 3.1.6 available!] Message-ID: <1278.81.86.146.39.1160073216.squirrel@mail.solidstatelogic.com> ---------------------------- Original Message ---------------------------- Subject: ANNOUNCE: Apache SpamAssassin 3.1.6 available! From: "Daryl C. W. O'Shea" Date: Thu, 5 October, 2006 6:56 pm To: "SpamAssassin Users List" "SpamAssassin Devel List" "SpamAssassin Announcements List" -------------------------------------------------------------------------- Apache SpamAssassin 3.1.6 is now available! This is a maintenance release of the 3.1.x branch. Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200610050918 The release file will also be available via CPAN in the near future. md5sum of archive files: 1cf43cea76e30aec6983cdbfe2e08316 Mail-SpamAssassin-3.1.6.tar.bz2 a0acc5e63a5e3401d039cd05cd189b96 Mail-SpamAssassin-3.1.6.tar.gz aac75c43ef9a74df4c100e8a7e37a5fd Mail-SpamAssassin-3.1.6.zip sha1sum of archive files: 16575633e60177733069c1681d6bf9528c076274 Mail-SpamAssassin-3.1.6.tar.bz2 fbf7e7aac113313da3f7357260d1a295ff275eef Mail-SpamAssassin-3.1.6.tar.gz 779ea2f5174de766405bdaa6d378ed6e7a749526 Mail-SpamAssassin-3.1.6.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.1.6 includes a large number of bug fixes and documentation updates. Here is an abbreviated changelog (since 3.1.5) for major updates (see the Changes file for a complete list): - bug 4940: fixes to bug in date handling affecting DATE_IN_FUTURE_* and DATE_IN_PAST_* rules when more than one Resent-Date header is present - bug 5044: include local site config in sa-update lint checks - bug 5081: fix race condition in spamd preforking code that sometimes left one child process running after SIGHUPing spamd - bug 5076: unescape hash characters in the config - bug 5077: fix false SPF_SOFTFAIL's when SPF queries timeout - bug 5080: update RCVD_ILLEGAL_IP evaltest to properly deal with 127/8 - bug 5089: enable adding headers with single digit zero value - bug 5098: add support for ecelerity Received headers - bug 5101: fix a bug, introduced in 3.1.5, in mbx code - bug 5105: M::SA::Client doesn't always catch failed connection to spamd, fixed ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From matt at coders.co.uk Thu Oct 5 19:41:49 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Oct 5 19:42:12 2006 Subject: [Fwd: ANNOUNCE: Apache SpamAssassin 3.1.6 available!] In-Reply-To: <1278.81.86.146.39.1160073216.squirrel@mail.solidstatelogic.com> References: <1278.81.86.146.39.1160073216.squirrel@mail.solidstatelogic.com> Message-ID: <452551ED.9050408@coders.co.uk> Top posting on purpose: The is a possible bug. It may just be with sa-learn but please wait until it has been confirmed. matt martinh@solidstatelogic.com wrote: > ---------------------------- Original Message ---------------------------- > Subject: ANNOUNCE: Apache SpamAssassin 3.1.6 available! > From: "Daryl C. W. O'Shea" > Date: Thu, 5 October, 2006 6:56 pm > To: "SpamAssassin Users List" > "SpamAssassin Devel List" > "SpamAssassin Announcements List" > -------------------------------------------------------------------------- > > Apache SpamAssassin 3.1.6 is now available! This is a maintenance > release of the 3.1.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200610050918 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > > 1cf43cea76e30aec6983cdbfe2e08316 Mail-SpamAssassin-3.1.6.tar.bz2 > a0acc5e63a5e3401d039cd05cd189b96 Mail-SpamAssassin-3.1.6.tar.gz > aac75c43ef9a74df4c100e8a7e37a5fd Mail-SpamAssassin-3.1.6.zip > > sha1sum of archive files: > 16575633e60177733069c1681d6bf9528c076274 Mail-SpamAssassin-3.1.6.tar.bz2 > fbf7e7aac113313da3f7357260d1a295ff275eef Mail-SpamAssassin-3.1.6.tar.gz > 779ea2f5174de766405bdaa6d378ed6e7a749526 Mail-SpamAssassin-3.1.6.zip > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B > > 3.1.6 includes a large number of bug fixes and documentation updates. > Here is an abbreviated changelog (since 3.1.5) for major updates (see > the Changes file for a complete list): > > - bug 4940: fixes to bug in date handling affecting DATE_IN_FUTURE_* > and DATE_IN_PAST_* rules when more than one Resent-Date header is > present > - bug 5044: include local site config in sa-update lint checks > - bug 5081: fix race condition in spamd preforking code that sometimes > left one child process running after SIGHUPing spamd > - bug 5076: unescape hash characters in the config > - bug 5077: fix false SPF_SOFTFAIL's when SPF queries timeout > - bug 5080: update RCVD_ILLEGAL_IP evaltest to properly deal with 127/8 > - bug 5089: enable adding headers with single digit zero value > - bug 5098: add support for ecelerity Received headers > - bug 5101: fix a bug, introduced in 3.1.5, in mbx code > - bug 5105: M::SA::Client doesn't always catch failed connection to > spamd, fixed > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From matt at coders.co.uk Thu Oct 5 20:41:34 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Oct 5 20:42:02 2006 Subject: [Fwd: ANNOUNCE: Apache SpamAssassin 3.1.6 available!] In-Reply-To: <452551ED.9050408@coders.co.uk> References: <1278.81.86.146.39.1160073216.squirrel@mail.solidstatelogic.com> <452551ED.9050408@coders.co.uk> Message-ID: <45255FEE.9050900@coders.co.uk> Matt Hampton wrote: > Top posting on purpose: > > The is a possible bug. It may just be with sa-learn but please wait > until it has been confirmed. > > matt (I am pretending to be a postfix user*) http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5118 Basically the sa-update doesn't load any network test modules so if you redefine any scores that relate to network tests the lint will fail. Easiest way to get around this is to move the .cf causing the issue to .cf.old and then run sa-update. This means that you are screwed if you use sa-update for any updates as you will need to automate this process matt * replying to my own post! > > martinh@solidstatelogic.com wrote: >> ---------------------------- Original Message ---------------------------- >> Subject: ANNOUNCE: Apache SpamAssassin 3.1.6 available! >> From: "Daryl C. W. O'Shea" >> Date: Thu, 5 October, 2006 6:56 pm >> To: "SpamAssassin Users List" >> "SpamAssassin Devel List" >> "SpamAssassin Announcements List" >> -------------------------------------------------------------------------- >> >> Apache SpamAssassin 3.1.6 is now available! This is a maintenance >> release of the 3.1.x branch. >> >> Downloads are available from: >> http://spamassassin.apache.org/downloads.cgi?update=200610050918 >> >> The release file will also be available via CPAN in the near future. >> >> md5sum of archive files: >> >> 1cf43cea76e30aec6983cdbfe2e08316 Mail-SpamAssassin-3.1.6.tar.bz2 >> a0acc5e63a5e3401d039cd05cd189b96 Mail-SpamAssassin-3.1.6.tar.gz >> aac75c43ef9a74df4c100e8a7e37a5fd Mail-SpamAssassin-3.1.6.zip >> >> sha1sum of archive files: >> 16575633e60177733069c1681d6bf9528c076274 Mail-SpamAssassin-3.1.6.tar.bz2 >> fbf7e7aac113313da3f7357260d1a295ff275eef Mail-SpamAssassin-3.1.6.tar.gz >> 779ea2f5174de766405bdaa6d378ed6e7a749526 Mail-SpamAssassin-3.1.6.zip >> >> The release files also have a .asc accompanying them. The file serves >> as an external GPG signature for the given release file. The signing >> key is available via the wwwkeys.pgp.net key server, as well as >> http://spamassassin.apache.org/released/GPG-SIGNING-KEY >> >> The key information is: >> >> pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key >> >> Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B >> >> 3.1.6 includes a large number of bug fixes and documentation updates. >> Here is an abbreviated changelog (since 3.1.5) for major updates (see >> the Changes file for a complete list): >> >> - bug 4940: fixes to bug in date handling affecting DATE_IN_FUTURE_* >> and DATE_IN_PAST_* rules when more than one Resent-Date header is >> present >> - bug 5044: include local site config in sa-update lint checks >> - bug 5081: fix race condition in spamd preforking code that sometimes >> left one child process running after SIGHUPing spamd >> - bug 5076: unescape hash characters in the config >> - bug 5077: fix false SPF_SOFTFAIL's when SPF queries timeout >> - bug 5080: update RCVD_ILLEGAL_IP evaltest to properly deal with 127/8 >> - bug 5089: enable adding headers with single digit zero value >> - bug 5098: add support for ecelerity Received headers >> - bug 5101: fix a bug, introduced in 3.1.5, in mbx code >> - bug 5105: M::SA::Client doesn't always catch failed connection to >> spamd, fixed >> >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> > From ugob at camo-route.com Fri Oct 6 00:02:36 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Oct 6 00:03:48 2006 Subject: OT: MailScanner-MRTG config In-Reply-To: <45237146.5020600@ecs.soton.ac.uk> References: <45237146.5020600@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I just installed it from RPM and I get the error message: > > You are seeing this message because your apache install is not > configured correctly for MailScanner-MRTG. > Please ensure that mod_include is loaded by apache > > I have a stock RHEL4 install, which appears to have mod_include loaded > by default, so why isn't it working? I never bothered about this error message and always got the output I wanted. I took a look at it and, well, I guess it may be why it is still beta (0.11). Best bet would be to ask Kevin Spicer http://sourceforge.net/users/kevinspicer/ > > Never did understand Apache installs, too damn complicated by half. > > Thanks folks! > > Jules > > - -- From garry at glendown.de Fri Oct 6 05:53:40 2006 From: garry at glendown.de (Garry Glendown) Date: Fri Oct 6 05:53:43 2006 Subject: MS and SA diuffer Message-ID: <4525E154.5040007@glendown.de> Hi, I've just set up FuzzyOCR to take care of the Image spam that has increased recently ... after still receiving untagged stock spam, I've checked into the scores and stuff and noticed on a test message, that MS has a lot less rule hits (and therefore less score points) than when calling spamassassin directly ... Here's what I got originally from MS: X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=3.905, benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) whereas the -t run from SA resulted in: X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no MailScanner.conf points to the right SA directory (/etc/mail/spamassassin), there ARE image spams that get tagged with the OCR-tags, so I don't really get it why the scoring differs this much ... also with the Bayes score ... none on MS, 99 on SA ... !? I'm still running MS 4.50, SA is 3.1.5 ... Any idea where I could look for the cause of this? Tnx! From MailScanner at ecs.soton.ac.uk Fri Oct 6 08:48:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 6 08:49:19 2006 Subject: SOLVED OT: MailScanner-MRTG config In-Reply-To: References: <45237146.5020600@ecs.soton.ac.uk> Message-ID: <45260A6A.1000604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In /etc/httpd/conf.d/mrtg.conf, add this at the end: AllowOverride Options then restart httpd. Ugo Bellavance wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I just installed it from RPM and I get the error message: >> >> You are seeing this message because your apache install is not >> configured correctly for MailScanner-MRTG. >> Please ensure that mod_include is loaded by apache >> >> I have a stock RHEL4 install, which appears to have mod_include >> loaded by default, so why isn't it working? > > I never bothered about this error message and always got the output I > wanted. > > I took a look at it and, well, I guess it may be why it is still beta > (0.11). > > Best bet would be to ask Kevin Spicer > http://sourceforge.net/users/kevinspicer/ > > >> >> Never did understand Apache installs, too damn complicated by half. >> >> Thanks folks! >> >> Jules >> >> - -- > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFJgprEfZZRxQVtlQRAuDgAKDbr37BtD0448+YAHR7shSMo5gW1ACgiTMs rAP493xm36mxc+lfgnaO0aA= =FWIU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From edward.prendergast at netring.co.uk Fri Oct 6 09:11:09 2006 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Fri Oct 6 09:11:17 2006 Subject: OT: Logwatch Update In-Reply-To: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com> Message-ID: <200610060811.k968BFcb017566@bkserver.blacknight.ie> I get These messages repeated hundreds of times in my LogWatch reports: 1GVRKT-0002IV-7z: Logged to MailWatch SQL : 1 Time(s) 1GVSrS-00008K-Ef: Logged to MailWatch SQL : 1 Time(s) 1GVFvt-0003Oj-T1: Logged to MailWatch SQL : 1 Time(s) 1GVV4N-0001DB-Uh: Logged to MailWatch SQL : 1 Time(s) 1GVU8t-0005a5-Bu: Logged to MailWatch SQL : 1 Time(s) 1GVN7O-0003MO-P7: Logged to MailWatch SQL : 1 Time(s) 1GVayX-0000O6-2t: Logged to MailWatch SQL : 1 Time(s) Does anybody else get this problem & know of a resolution? Sorry for the off-topic post - I just thought being as how we all use MailScanner and some of us use MailWatch that you'd be the best people to ask. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. From prandal at herefordshire.gov.uk Fri Oct 6 12:02:29 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 6 12:09:44 2006 Subject: Bug in "Max Spamassassin Size" parameter parsing - MailScanner 4. 56.7-2 Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580FC69943@isabella.herefordshire.gov.uk> I'd set Max Spamassassin Size = 40k and spamassassin was only scoring on headers, and hitting my L_MISSING_BODY rule. # must use 'rawbody' as 'body' also includes Subject: header text # see if message rawbody contains at least -one- non-blank character rawbody __MSG_RAW_EXISTS /\S/ # Nope, declare the message to be missing the body meta L_MISSING_BODY ! __MSG_RAW_EXISTS describe L_MISSING_BODY Message body empty score L_MISSING_BODY 0.5 Changing it to Max Spamassassin Size = 40000 fixes the problem. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From ms-list at alexb.ch Fri Oct 6 12:23:56 2006 From: ms-list at alexb.ch (Alex Broens) Date: Fri Oct 6 12:24:09 2006 Subject: MS and SA diuffer In-Reply-To: <4525E154.5040007@glendown.de> References: <4525E154.5040007@glendown.de> Message-ID: <45263CCC.6050008@alexb.ch> On 10/6/2006 6:53 AM, Garry Glendown wrote: > Hi, > > I've just set up FuzzyOCR to take care of the Image spam that has > increased recently ... after still receiving untagged stock spam, I've > checked into the scores and stuff and noticed on a test message, that MS > has a lot less rule hits (and therefore less score points) than when > calling spamassassin directly ... > > Here's what I got originally from MS: > > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=3.905, > benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, > HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) > > whereas the -t run from SA resulted in: > > X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, > FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, > MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no > > MailScanner.conf points to the right SA directory > (/etc/mail/spamassassin), there ARE image spams that get tagged with the > OCR-tags, so I don't really get it why the scoring differs this much ... > also with the Bayes score ... none on MS, 99 on SA ... !? > > I'm still running MS 4.50, SA is 3.1.5 ... > > Any idea where I could look for the cause of this? I know I'l be tarred & feathered by this comment (once again): I'd bet its because MS only sent part of the whole msg thru SA and cutoff too early & missed the attached images. You may have to increase the value in "Max SpamAssassin Size" to catch them. Alex From a.peacock at chime.ucl.ac.uk Fri Oct 6 12:37:00 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Oct 6 12:37:29 2006 Subject: MS and SA diuffer In-Reply-To: <45263CCC.6050008@alexb.ch> References: <4525E154.5040007@glendown.de> <45263CCC.6050008@alexb.ch> Message-ID: <45263FDC.8060301@chime.ucl.ac.uk> Hi Alex, Alex Broens wrote: > On 10/6/2006 6:53 AM, Garry Glendown wrote: >> Hi, >> >> I've just set up FuzzyOCR to take care of the Image spam that has >> increased recently ... after still receiving untagged stock spam, I've >> checked into the scores and stuff and noticed on a test message, that MS >> has a lot less rule hits (and therefore less score points) than when >> calling spamassassin directly ... >> >> Here's what I got originally from MS: >> >> X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=3.905, >> benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, >> HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) >> >> whereas the -t run from SA resulted in: >> >> X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, >> FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, >> MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no >> >> MailScanner.conf points to the right SA directory >> (/etc/mail/spamassassin), there ARE image spams that get tagged with the >> OCR-tags, so I don't really get it why the scoring differs this much ... >> also with the Bayes score ... none on MS, 99 on SA ... !? >> >> I'm still running MS 4.50, SA is 3.1.5 ... >> >> Any idea where I could look for the cause of this? > > I know I'l be tarred & feathered by this comment (once again): > > I'd bet its because MS only sent part of the whole msg thru SA and > cutoff too early & missed the attached images. > > You may have to increase the value in "Max SpamAssassin Size" to catch > them. > > Alex No tar and feathers, but I do think that you are wrong in your assumption in this case. :-) There are lots of rules different between the two tests that can't be explained by a truncated message being passed to SA. AWL, BAYES, RCVD_ tests for instance. To me this suggests that the SpamAssassin tests were run as a different user than the user that MailScanner runs as. So it picks up the BAYES databases and the AWL databases. It might also be that some tests are being disabled in the MS setup. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From ms-list at alexb.ch Fri Oct 6 14:01:33 2006 From: ms-list at alexb.ch (Alex Broens) Date: Fri Oct 6 14:01:39 2006 Subject: MS and SA diuffer In-Reply-To: <45263FDC.8060301@chime.ucl.ac.uk> References: <4525E154.5040007@glendown.de> <45263CCC.6050008@alexb.ch> <45263FDC.8060301@chime.ucl.ac.uk> Message-ID: <452653AD.8070101@alexb.ch> On 10/6/2006 1:37 PM, Anthony Peacock wrote: > Hi Alex, > > Alex Broens wrote: >> On 10/6/2006 6:53 AM, Garry Glendown wrote: >>> Hi, >>> >>> I've just set up FuzzyOCR to take care of the Image spam that has >>> increased recently ... after still receiving untagged stock spam, I've >>> checked into the scores and stuff and noticed on a test message, that MS >>> has a lot less rule hits (and therefore less score points) than when >>> calling spamassassin directly ... >>> >>> Here's what I got originally from MS: >>> >>> X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=3.905, >>> benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, >>> HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) >>> >>> whereas the -t run from SA resulted in: >>> >>> X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, >>> FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, >>> MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no >>> >>> MailScanner.conf points to the right SA directory >>> (/etc/mail/spamassassin), there ARE image spams that get tagged with the >>> OCR-tags, so I don't really get it why the scoring differs this much ... >>> also with the Bayes score ... none on MS, 99 on SA ... !? >>> >>> I'm still running MS 4.50, SA is 3.1.5 ... >>> >>> Any idea where I could look for the cause of this? >> >> I know I'l be tarred & feathered by this comment (once again): >> >> I'd bet its because MS only sent part of the whole msg thru SA and >> cutoff too early & missed the attached images. >> >> You may have to increase the value in "Max SpamAssassin Size" to catch >> them. >> >> Alex > > No tar and feathers, but I do think that you are wrong in your > assumption in this case. :-) > > > There are lots of rules different between the two tests that can't be > explained by a truncated message being passed to SA. > > AWL, BAYES, RCVD_ tests for instance. > > To me this suggests that the SpamAssassin tests were run as a different > user than the user that MailScanner runs as. So it picks up the BAYES > databases and the AWL databases. It might also be that some tests are > being disabled in the MS setup. yes but: Garry asked about the missing OCR hit. SARE_GIF_ATTACH is a full rule which probably wasn't parsed due to a cutoff and the missing FUZZY_OCR score points in the same direction... and some messages are indeed scored by OCR, while other are... and if he has AWL switched off in MS, passing SA thru the command line without -C filename will ignore that setting and send msg thru AWL or it could also be a bad FUZZY_OCR install, but that I really doubt. Alex From a.peacock at chime.ucl.ac.uk Fri Oct 6 14:09:54 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Oct 6 14:10:12 2006 Subject: MS and SA diuffer In-Reply-To: <452653AD.8070101@alexb.ch> References: <4525E154.5040007@glendown.de> <45263CCC.6050008@alexb.ch> <45263FDC.8060301@chime.ucl.ac.uk> <452653AD.8070101@alexb.ch> Message-ID: <452655A2.4000500@chime.ucl.ac.uk> Alex Broens wrote: > On 10/6/2006 1:37 PM, Anthony Peacock wrote: >> Hi Alex, >> >> Alex Broens wrote: >>> On 10/6/2006 6:53 AM, Garry Glendown wrote: >>>> Hi, >>>> >>>> I've just set up FuzzyOCR to take care of the Image spam that has >>>> increased recently ... after still receiving untagged stock spam, I've >>>> checked into the scores and stuff and noticed on a test message, >>>> that MS >>>> has a lot less rule hits (and therefore less score points) than when >>>> calling spamassassin directly ... >>>> >>>> Here's what I got originally from MS: >>>> >>>> X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin >>>> (Wertung=3.905, >>>> benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, >>>> HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) >>>> >>>> whereas the -t run from SA resulted in: >>>> >>>> X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, >>>> FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, >>>> MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no >>>> >>>> MailScanner.conf points to the right SA directory >>>> (/etc/mail/spamassassin), there ARE image spams that get tagged with >>>> the >>>> OCR-tags, so I don't really get it why the scoring differs this much >>>> ... >>>> also with the Bayes score ... none on MS, 99 on SA ... !? >>>> >>>> I'm still running MS 4.50, SA is 3.1.5 ... >>>> >>>> Any idea where I could look for the cause of this? >>> >>> I know I'l be tarred & feathered by this comment (once again): >>> >>> I'd bet its because MS only sent part of the whole msg thru SA and >>> cutoff too early & missed the attached images. >>> >>> You may have to increase the value in "Max SpamAssassin Size" to >>> catch them. >>> >>> Alex >> >> No tar and feathers, but I do think that you are wrong in your >> assumption in this case. :-) >> >> >> There are lots of rules different between the two tests that can't be >> explained by a truncated message being passed to SA. >> >> AWL, BAYES, RCVD_ tests for instance. >> >> To me this suggests that the SpamAssassin tests were run as a >> different user than the user that MailScanner runs as. So it picks up >> the BAYES databases and the AWL databases. It might also be that some >> tests are being disabled in the MS setup. > > yes but: Garry asked about the missing OCR hit. SARE_GIF_ATTACH is a > full rule which probably wasn't parsed due to a cutoff and the missing > FUZZY_OCR score points in the same direction... > > and some messages are indeed scored by OCR, while other are... > > > and if he has AWL switched off in MS, passing SA thru the command line > without -C filename will ignore that setting and send msg thru AWL > > or it could also be a bad FUZZY_OCR install, but that I really doubt. > > Alex Without more information from the OP both theories are possible. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From prandal at herefordshire.gov.uk Fri Oct 6 14:05:58 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 6 14:17:05 2006 Subject: MS and SA diuffer Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580FC699C7@isabella.herefordshire.gov.uk> It was this sort of problem which led me to find the bug I reported earlier. If you have Max Spamassassin Size = nnk (e.g. 40k) change it to Max Spamassassin Size = nn000 (e.g. 40000) and see if that helps. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: 06 October 2006 12:37 > To: MailScanner discussion > Subject: Re: MS and SA diuffer > > Hi Alex, > > Alex Broens wrote: > > On 10/6/2006 6:53 AM, Garry Glendown wrote: > >> Hi, > >> > >> I've just set up FuzzyOCR to take care of the Image spam that has > >> increased recently ... after still receiving untagged > stock spam, I've > >> checked into the scores and stuff and noticed on a test > message, that MS > >> has a lot less rule hits (and therefore less score points) > than when > >> calling spamassassin directly ... > >> > >> Here's what I got originally from MS: > >> > >> X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin > (Wertung=3.905, > >> benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, > >> HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) > >> > >> whereas the -t run from SA resulted in: > >> > >> X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, > >> > FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, > >> MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH > autolearn=no > >> > >> MailScanner.conf points to the right SA directory > >> (/etc/mail/spamassassin), there ARE image spams that get > tagged with the > >> OCR-tags, so I don't really get it why the scoring differs > this much ... > >> also with the Bayes score ... none on MS, 99 on SA ... !? > >> > >> I'm still running MS 4.50, SA is 3.1.5 ... > >> > >> Any idea where I could look for the cause of this? > > > > I know I'l be tarred & feathered by this comment (once again): > > > > I'd bet its because MS only sent part of the whole msg thru SA and > > cutoff too early & missed the attached images. > > > > You may have to increase the value in "Max SpamAssassin > Size" to catch > > them. > > > > Alex > > No tar and feathers, but I do think that you are wrong in your > assumption in this case. :-) > > > There are lots of rules different between the two tests that can't be > explained by a truncated message being passed to SA. > > AWL, BAYES, RCVD_ tests for instance. > > To me this suggests that the SpamAssassin tests were run as a > different > user than the user that MailScanner runs as. So it picks up > the BAYES > databases and the AWL databases. It might also be that some > tests are > being disabled in the MS setup. > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "If you have an apple and I have an apple and we exchange apples > then you and I will still each have one apple. But if you have an > idea and I have an idea and we exchange these ideas, then each of us > will have two ideas." -- George Bernard Shaw > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From bpumphrey at woodmclaw.com Fri Oct 6 14:28:08 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Fri Oct 6 14:28:12 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501729732@woodenex.woodmaclaw.local> Message-ID: <04D932B0071FE34FA63EBB1977B48D150172978C@woodenex.woodmaclaw.local> Will someone point me in the general direction of what needs to be done to scan outgoing mail? I do not really know what to do. I use MailScanner as a gateway to exchange. I am guessing that I need for exchange to send the email to MailScanner and from MailScanner to the internet? Would MailScanner use the same SMTP sendmail to send out the mail? Thank you Billy Pumphrey IT Manager Wooden & McLaughlin From martinh at solidstatelogic.com Fri Oct 6 14:38:40 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Fri Oct 6 14:38:57 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150172978C@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D150172978C@woodenex.woodmaclaw.local> Message-ID: <45265C60.9040309@solidstatelogic.com> Billy A. Pumphrey wrote: > Will someone point me in the general direction of what needs to be done > to scan outgoing mail? I do not really know what to do. > > I use MailScanner as a gateway to exchange. I am guessing that I need > for exchange to send the email to MailScanner and from MailScanner to > the internet? > > Would MailScanner use the same SMTP sendmail to send out the mail? > Thank you > > Billy Pumphrey > IT Manager > Wooden & McLaughlin Billy yes - assuming on the 'outbound' (post mailScanner) sendmail queue you're forcinng to the MS-exch, but using DNS to route the email. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Fri Oct 6 14:35:54 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 6 14:39:46 2006 Subject: Scanning outgoing mail Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580FC699EF@isabella.herefordshire.gov.uk> Yes, Just forward all emails from exchange to your MailScanner box. Make sure your firewall rulles allow the MailScanner box to talk SMTP to the outside world, and you're all set. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Billy A. Pumphrey > Sent: 06 October 2006 14:28 > To: MailScanner discussion > Subject: OT: Scanning outgoing mail > > Will someone point me in the general direction of what needs > to be done > to scan outgoing mail? I do not really know what to do. > > I use MailScanner as a gateway to exchange. I am guessing that I need > for exchange to send the email to MailScanner and from MailScanner to > the internet? > > Would MailScanner use the same SMTP sendmail to send out the mail? > Thank you > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From bpumphrey at woodmclaw.com Fri Oct 6 16:26:55 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Fri Oct 6 16:26:59 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <45265C60.9040309@solidstatelogic.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501729797@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: Friday, October 06, 2006 9:39 AM > To: MailScanner discussion > Subject: Re: OT: Scanning outgoing mail > > Billy A. Pumphrey wrote: > > Will someone point me in the general direction of what needs to be done > > to scan outgoing mail? I do not really know what to do. > > > > I use MailScanner as a gateway to exchange. I am guessing that I need > > for exchange to send the email to MailScanner and from MailScanner to > > the internet? > > > > Would MailScanner use the same SMTP sendmail to send out the mail? > > Thank you > > > > Billy Pumphrey > > IT Manager > > Wooden & McLaughlin > Billy > > yes - assuming on the 'outbound' (post mailScanner) sendmail queue > you're forcinng to the MS-exch, but using DNS to route the email. > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > Does mailwatch log these messages too? If so how do these entries show up simply as: From To Subject Internal email address External email address outgoing email For you exchange admins: I could research it, but to save time is someone willing to answer this question if you know it quickly. How do you foward exchange emails to the mailscanner machine. What settings on the MailScanner machine do you have to make for it to accept them, any? I am sorry for so many questions, but I have not seen this covered. From martinh at solidstatelogic.com Fri Oct 6 16:35:52 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Fri Oct 6 16:36:03 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501729797@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501729797@woodenex.woodmaclaw.local> Message-ID: <452677D8.9000708@solidstatelogic.com> Billy A. Pumphrey wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth >> Sent: Friday, October 06, 2006 9:39 AM >> To: MailScanner discussion >> Subject: Re: OT: Scanning outgoing mail >> >> Billy A. Pumphrey wrote: >>> Will someone point me in the general direction of what needs to be > done >>> to scan outgoing mail? I do not really know what to do. >>> >>> I use MailScanner as a gateway to exchange. I am guessing that I > need >>> for exchange to send the email to MailScanner and from MailScanner > to >>> the internet? >>> >>> Would MailScanner use the same SMTP sendmail to send out the mail? >>> Thank you >>> >>> Billy Pumphrey >>> IT Manager >>> Wooden & McLaughlin >> Billy >> >> yes - assuming on the 'outbound' (post mailScanner) sendmail queue >> you're forcinng to the MS-exch, but using DNS to route the email. >> >> -- >> Martin Hepworth >> Senior Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> > > Does mailwatch log these messages too? If so how do these entries show > up simply as: > From To > Subject > Internal email address External email address outgoing > email > > For you exchange admins: > I could research it, but to save time is someone willing to answer this > question if you know it quickly. > How do you foward exchange emails to the mailscanner machine. > > What settings on the MailScanner machine do you have to make for it to > accept them, any? > > I am sorry for so many questions, but I have not seen this covered. Why wouldn't it - it's passing through MS so it should get logged to MW. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Kevin_Miller at ci.juneau.ak.us Fri Oct 6 16:40:24 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Oct 6 16:40:28 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501729797@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey wrote: > Does mailwatch log these messages too? If so how do these entries > show up simply as: > From To > Subject > Internal email address External email address outgoing > email > > For you exchange admins: > I could research it, but to save time is someone willing to answer > this question if you know it quickly. > How do you foward exchange emails to the mailscanner machine. > > What settings on the MailScanner machine do you have to make for it to > accept them, any? > > I am sorry for so many questions, but I have not seen this covered. System Manager 1. Admdinistrative group 2. First Administrative group (or which ever one you are dealing with - I only have the one) 3. Routing Group, First Routing Group (again, you may have others), Connectors 4. Pick your connector. Probably called Internet or something like that. 5. Right click, properties 6. Select 'Forward all mail through this connector to the following smart hosts', enter the hostname or IP. If you enter the IP, put it in brackets, ex: [192.168.1.1] All your outbound mail will be sent to your MailScanner box. I didn't have to make any changes on my MailScanner gateway - it treated it like any other email. I'm using sendmail, btw. You will have to have your gateway MTA set to allow relays either from your internal subnet, or at least the Exchange machine. You don't want to open up the box to any relay of course. Logging will look like what you currently have for logging on the gatewway. Mail from Exchange will land in mqueue.in, be scanned (unless you whitelist it which is probably a good idea performance wise), be processed, then moved to mqueue where it will be delivered to the remote address somewhere in internetland... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From matt at coders.co.uk Fri Oct 6 16:44:39 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Oct 6 16:44:59 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501729797@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501729797@woodenex.woodmaclaw.local> Message-ID: <452679E7.4080303@coders.co.uk> > Does mailwatch log these messages too? If so how do these entries show > up simply as: > From To > Subject > Internal email address External email address Sort of - MailWatch doesn't know the difference between internal and externally sourced mail. It will just show up exactly the same as your exisiting mail. > > For you exchange admins: > I could research it, but to save time is someone willing to answer this > question if you know it quickly. > How do you foward exchange emails to the mailscanner machine. Your looking for the SmartHost http://www.amset.info/exchange/smtp-connector.asp gives you a step by step > > What settings on the MailScanner machine do you have to make for it to > accept them, any? In your accessmap you will need to allow your Exchange server to relay. XX.YY.AA.BB RELAY (obviously that assumes you have sendmail) > > I am sorry for so many questions, but I have not seen this covered. matt From ccampbell at brueggers.com Fri Oct 6 16:47:54 2006 From: ccampbell at brueggers.com (Christian Campbell) Date: Fri Oct 6 17:02:34 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501729797@woodenex.woodmaclaw.local> Message-ID: > > Billy A. Pumphrey wrote: > > > Will someone point me in the general direction of what needs to be > done > > > to scan outgoing mail? I do not really know what to do. > > > > > > I use MailScanner as a gateway to exchange. I am guessing that I > need > > > for exchange to send the email to MailScanner and from MailScanner > to > > > the internet? > > > > > > Would MailScanner use the same SMTP sendmail to send out the mail? > > > Thank you > > > > yes - assuming on the 'outbound' (post mailScanner) sendmail queue > > you're forcinng to the MS-exch, but using DNS to route the email. > > For you exchange admins: > I could research it, but to save time is someone willing to > answer this question if you know it quickly. > How do you foward exchange emails to the mailscanner machine. > For Exch 2003 open Exchange System Manger -- > Administrative Groups --> Routing Groups --> (your domain) --> Connectors --> Internet Mail Service Open properties. On general tab, select "Forward all mail through this connector to the following smart hosts" and enter the IP of your mailscanner box there. Do an "OK". Not sure if it requires a service restart or reboot. Christian Christian Campbell Systems Engineer, Sair LCP, A+, Network+, i-Net+ Bruegger's Enterprises Inc. Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "We all know Linux is great... it does infinite loops in 5 seconds." --Linus Torvalds -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3090 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061006/7ab678b5/smime.bin From ssilva at sgvwater.com Fri Oct 6 18:58:07 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 6 18:58:47 2006 Subject: OT: Logwatch Update In-Reply-To: <200610060811.k968BFcb017566@bkserver.blacknight.ie> References: <001901c6e7a5$71e45f90$ed66a8c0@corporate.grantgeo.com> <200610060811.k968BFcb017566@bkserver.blacknight.ie> Message-ID: Edward Prendergast spake the following on 10/6/2006 1:11 AM: > I get These messages repeated hundreds of times in my LogWatch reports: > > 1GVRKT-0002IV-7z: Logged to MailWatch SQL : 1 Time(s) > 1GVSrS-00008K-Ef: Logged to MailWatch SQL : 1 Time(s) > 1GVFvt-0003Oj-T1: Logged to MailWatch SQL : 1 Time(s) > 1GVV4N-0001DB-Uh: Logged to MailWatch SQL : 1 Time(s) > 1GVU8t-0005a5-Bu: Logged to MailWatch SQL : 1 Time(s) > 1GVN7O-0003MO-P7: Logged to MailWatch SQL : 1 Time(s) > 1GVayX-0000O6-2t: Logged to MailWatch SQL : 1 Time(s) > > Does anybody else get this problem & know of a resolution? > > Sorry for the off-topic post - I just thought being as how we all use > MailScanner and some of us use MailWatch that you'd be the best people to > ask. Are you running the latest logwatch? I think it is 7.3.1. It seems that this went away when I upgraded. The logwatch site seems to be down right now, but you can probably find it around. I have an rpm,and maybe source floating around somewhere. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brian.duncan at kattenlaw.com Fri Oct 6 19:17:52 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Fri Oct 6 19:17:57 2006 Subject: MS and SA diuffer Message-ID: <65234743FE1555428435CE39E6AC4078B38A67@CHI-US-EXCH-01.us.kmz.com> If you figure this out, please post back to the list to why it is happening. When I use either Imageinfo.pm or Fuzzyocr.pm with a .cf in the /etc/mail/spamassassin dir MailScanner seems to cause Spam Assasin to ignore these?? I JUST finished installing FuzzyOCR and all the accompanying tools to make it work on 2 different relays here. I never see any hits from test Spam messages I send from outside. For the heck of it I also installed Imageinfo.pm and installed imageinfo.cf into my /etc/mail/spamassassin directory and the same results occurred. (more later on this) Both servers are running: spamassassin-3.1.4 mailscanner-4.54.6-1 A stock spam with inline gif processed through Mailscanner: X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55, required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20, SARE_GIF_ATTACH 4.25) X-MailScanner-SpamScore: sssss Saved and processed locally on the SAME mail sever with - cat test.txt | spamassassin -t Content analysis details: (12.6 hits, 6.5 required) 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org 10 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: "target" in 1 lines "symbol" in 1 lines "stock" in 1 lines "price" in 1 lines "company" in 1 lines "breaking" in 1 lines "banking" in 1 lines "news" in 1 lines (8 word occurrences found) Appropriate output regarding Fuzzy_OCR from spamassassin -D --lint: [30731] dbg: plugin: fixed relative path: /etc/mail/spamassassin/FuzzyOcr.pm [30731] dbg: plugin: loading FuzzyOcr from /etc/mail/spamassassin/FuzzyOcr.pm [30731] dbg: plugin: registered FuzzyOcr=HASH(0xa4200b4) [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements 'parse_config' [30731] dbg: FuzzyOcr: Found scan: $gocr -i $pfile [30731] dbg: FuzzyOcr: Found scan: $gocr -l 180 -d 2 -i $pfile [30731] dbg: FuzzyOcr: Found scan: $gocr -l 140 -d 2 -i $pfile [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements 'finish_parsing_end' [30731] dbg: FuzzyOcr: Using giffix => /usr/bin/giffix [30731] dbg: FuzzyOcr: Using giftext => /usr/bin/giftext [30731] dbg: FuzzyOcr: Using gifinter => /usr/bin/gifinter [30731] dbg: FuzzyOcr: Using giftopnm => /usr/bin/giftopnm [30731] dbg: FuzzyOcr: Using jpegtopnm => /usr/bin/jpegtopnm [30731] dbg: FuzzyOcr: Using pngtopnm => /usr/bin/pngtopnm [30731] dbg: FuzzyOcr: Using bmptopnm => /usr/bin/bmptopnm [30731] dbg: FuzzyOcr: Using ppmhist => /usr/bin/ppmhist [30731] dbg: FuzzyOcr: Using gocr => /usr/bin/gocr [30731] dbg: FuzzyOcr: Loaded <43> words from "/etc/mail/spamassassin/FuzzyOcr.words" [30731] dbg: FuzzyOcr: Using scan: $gocr -i $pfile [30731] dbg: FuzzyOcr: Using scan: $gocr -l 180 -d 2 -i $pfile [30731] dbg: FuzzyOcr: Using scan: $gocr -l 140 -d 2 -i $pfile I do NOT have anything set in Mailscanner.conf specific to SpamAssassin aside from site rules dir. Should I? SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib SpamAssassin Default Rules Dir = Now with a different plugin loaded, ImageInfo.pm - [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from /etc/mail/spamassassin/ImageInfo.pm [2013] dbg: plugin: registered Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc) [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from /etc/mail/spamassassin/ImageInfo.pm [2013] dbg: plugin: registered Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc) A stock spam with inline gif processed through Mailscanner: X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55, required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20, SARE_GIF_ATTACH 4.25) X-MailScanner-SpamScore: sssss Saved and processed locally on the SAME mail sever with - cat test.txt | spamassassin -t Content analysis details: (11.1 hits, 6.5 required) 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message 5.5 DC_IMAGE001_GIF BODY: Contains image named image001.gif 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org 3.0 DC_GIF_UNO_LARGO Message contains a single large inline gif (imageinfo.cf had this specific rule I added JUST for the spam because I already knew the inline GIF was named DDT.gif) # you can match by image name body DC_IMAGE001_GIF eval:image_named('DDT.gif') describe DC_IMAGE001_GIF Contains image named image001.gif score DC_IMAGE001_GIF 5.50 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry Glendown Sent: Thursday, October 05, 2006 11:54 PM To: MailScanner discussion Subject: MS and SA diuffer Hi, I've just set up FuzzyOCR to take care of the Image spam that has increased recently ... after still receiving untagged stock spam, I've checked into the scores and stuff and noticed on a test message, that MS has a lot less rule hits (and therefore less score points) than when calling spamassassin directly ... Here's what I got originally from MS: X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=3.905, benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) whereas the -t run from SA resulted in: X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no MailScanner.conf points to the right SA directory (/etc/mail/spamassassin), there ARE image spams that get tagged with the OCR-tags, so I don't really get it why the scoring differs this much ... also with the Bayes score ... none on MS, 99 on SA ... !? I'm still running MS 4.50, SA is 3.1.5 ... Any idea where I could look for the cause of this? Tnx! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From bpumphrey at woodmclaw.com Fri Oct 6 19:45:11 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Fri Oct 6 19:45:27 2006 Subject: OT: Scanning outgoing mail In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D15017297A0@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > Sent: Friday, October 06, 2006 11:40 AM > To: MailScanner discussion > Subject: RE: OT: Scanning outgoing mail > > Billy A. Pumphrey wrote: > > > Does mailwatch log these messages too? If so how do these entries > > show up simply as: > > From To > > Subject > > Internal email address External email address > outgoing > > email > > > > For you exchange admins: > > I could research it, but to save time is someone willing to answer > > this question if you know it quickly. > > How do you foward exchange emails to the mailscanner machine. > > > > What settings on the MailScanner machine do you have to make for it to > > accept them, any? > > > > I am sorry for so many questions, but I have not seen this covered. > > System Manager > 1. Admdinistrative group > 2. First Administrative group (or which ever one you are dealing with - > I only have the one) > 3. Routing Group, First Routing Group (again, you may have others), > Connectors > 4. Pick your connector. Probably called Internet or something like > that. > 5. Right click, properties > 6. Select 'Forward all mail through this connector to the following > smart hosts', enter the hostname or IP. If you enter the IP, put it in > brackets, ex: [192.168.1.1] > > All your outbound mail will be sent to your MailScanner box. I didn't > have to make any changes on my MailScanner gateway - it treated it like > any other email. I'm using sendmail, btw. You will have to have your > gateway MTA set to allow relays either from your internal subnet, or at > least the Exchange machine. You don't want to open up the box to any > relay of course. > > Logging will look like what you currently have for logging on the > gatewway. Mail from Exchange will land in mqueue.in, be scanned (unless > you whitelist it which is probably a good idea performance wise), be > processed, then moved to mqueue where it will be delivered to the remote > address somewhere in internetland... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > -- You guys are so awesome! I have it set up now. I had to go ahead and edit the access file and add the exchange server as a relay. Also I had no connector there so I had to add a new one. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Oct 6 21:21:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 6 21:21:55 2006 Subject: Bug in "Max Spamassassin Size" parameter parsing - MailScanner 4. 56.7-2 In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580FC69943@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580FC69943@isabella.herefordshire.gov.uk> Message-ID: <4526BAD7.6060906@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have added this to Sendmail. I will add it to other MTA's once someone has tested it for me. I aim to produce another beta this weekend, so please test this and I will then write it for the other MTAs but not before! Randal, Phil wrote: > I'd set > > Max Spamassassin Size = 40k > > and spamassassin was only scoring on headers, and hitting my > L_MISSING_BODY rule. > > # must use 'rawbody' as 'body' also includes Subject: header text > # see if message rawbody contains at least -one- non-blank character > rawbody __MSG_RAW_EXISTS /\S/ > # Nope, declare the message to be missing the body > meta L_MISSING_BODY ! __MSG_RAW_EXISTS > describe L_MISSING_BODY Message body empty > score L_MISSING_BODY 0.5 > > Changing it to > > Max Spamassassin Size = 40000 > > fixes the problem. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFJrrYEfZZRxQVtlQRAl+xAKDG+RSf/Q0TVFZrUt/YDJDGBdDNnACfR18I VAjyQO6MHaS8ercyAc8x7F8= =SYi9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From daniel.maher at ubisoft.com Fri Oct 6 21:34:35 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Fri Oct 6 21:34:39 2006 Subject: version of MS that has "max spamassassin size"? In-Reply-To: <4523366B.9090105@stellarcore.net> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D30F@UBIMAIL1.ubisoft.org> Hello all, A simple question: What version of MailScanner introduced the following configuration option? "Max Spamassassin Size" Thank you. :) -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. From garry at glendown.de Fri Oct 6 21:35:05 2006 From: garry at glendown.de (Garry Glendown) Date: Fri Oct 6 21:35:17 2006 Subject: MS and SA diuffer In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580FC699C7@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580FC699C7@isabella.herefordshire.gov.uk> Message-ID: <4526BDF9.1030609@glendown.de> Randal, Phil wrote: > It was this sort of problem which led me to find the bug I reported > earlier. > > If you have > > Max Spamassassin Size = nnk (e.g. 40k) > > change it to > > Max Spamassassin Size = nn000 (e.g. 40000) > > and see if that helps. Config is set to "90000" ... should have been sufficient for the spam message I tried with, which was <20k ... (and not triggering the possible bug with "k" ...) I'll keep looking into it ... any other ideas? From ssilva at sgvwater.com Fri Oct 6 21:34:41 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 6 21:35:25 2006 Subject: MS and SA diuffer In-Reply-To: <65234743FE1555428435CE39E6AC4078B38A67@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38A67@CHI-US-EXCH-01.us.kmz.com> Message-ID: Duncan, Brian M. spake the following on 10/6/2006 11:17 AM: > If you figure this out, please post back to the list to why it is > happening. > > When I use either Imageinfo.pm or Fuzzyocr.pm with a .cf in the > /etc/mail/spamassassin dir MailScanner seems to cause Spam Assasin to > ignore these?? > > I JUST finished installing FuzzyOCR and all the accompanying tools to > make it work on 2 different relays here. I never see any hits from test > Spam messages I send from outside. > > > For the heck of it I also installed Imageinfo.pm and installed > imageinfo.cf into my /etc/mail/spamassassin directory and the same > results occurred. (more later on this) > > Both servers are running: > > > spamassassin-3.1.4 > mailscanner-4.54.6-1 > > A stock spam with inline gif processed through Mailscanner: > > X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55, > required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20, > SARE_GIF_ATTACH 4.25) > X-MailScanner-SpamScore: sssss > > Saved and processed locally on the SAME mail sever with - cat test.txt | > spamassassin -t > > Content analysis details: (12.6 hits, 6.5 required) > 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.0 HTML_MESSAGE BODY: HTML included in message > 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif > 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in > abuse.rfc-ignorant.org > 10 FUZZY_OCR BODY: Mail contains an image with common > spam text inside > Words found: > "target" in 1 lines > "symbol" in 1 lines > "stock" in 1 lines > "price" in 1 lines > "company" in 1 lines > "breaking" in 1 lines > "banking" in 1 lines > "news" in 1 lines > (8 word occurrences found) > > > > Appropriate output regarding Fuzzy_OCR from spamassassin -D --lint: > > [30731] dbg: plugin: fixed relative path: > /etc/mail/spamassassin/FuzzyOcr.pm > [30731] dbg: plugin: loading FuzzyOcr from > /etc/mail/spamassassin/FuzzyOcr.pm > [30731] dbg: plugin: registered FuzzyOcr=HASH(0xa4200b4) > [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements 'parse_config' > [30731] dbg: FuzzyOcr: Found scan: $gocr -i $pfile > [30731] dbg: FuzzyOcr: Found scan: $gocr -l 180 -d 2 -i $pfile > [30731] dbg: FuzzyOcr: Found scan: $gocr -l 140 -d 2 -i $pfile > [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements > 'finish_parsing_end' > [30731] dbg: FuzzyOcr: Using giffix => /usr/bin/giffix > [30731] dbg: FuzzyOcr: Using giftext => /usr/bin/giftext > [30731] dbg: FuzzyOcr: Using gifinter => /usr/bin/gifinter > [30731] dbg: FuzzyOcr: Using giftopnm => /usr/bin/giftopnm > [30731] dbg: FuzzyOcr: Using jpegtopnm => /usr/bin/jpegtopnm > [30731] dbg: FuzzyOcr: Using pngtopnm => /usr/bin/pngtopnm > [30731] dbg: FuzzyOcr: Using bmptopnm => /usr/bin/bmptopnm > [30731] dbg: FuzzyOcr: Using ppmhist => /usr/bin/ppmhist > [30731] dbg: FuzzyOcr: Using gocr => /usr/bin/gocr > [30731] dbg: FuzzyOcr: Loaded <43> words from > "/etc/mail/spamassassin/FuzzyOcr.words" > [30731] dbg: FuzzyOcr: Using scan: $gocr -i $pfile > [30731] dbg: FuzzyOcr: Using scan: $gocr -l 180 -d 2 -i $pfile > [30731] dbg: FuzzyOcr: Using scan: $gocr -l 140 -d 2 -i $pfile > > I do NOT have anything set in Mailscanner.conf specific to SpamAssassin > aside from site rules dir. Should I? > > SpamAssassin Install Prefix = > > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > SpamAssassin Local Rules Dir = > > SpamAssassin Local State Dir = # /var/lib > > SpamAssassin Default Rules Dir = > > > Now with a different plugin loaded, ImageInfo.pm - > > > [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from > /etc/mail/spamassassin/ImageInfo.pm > [2013] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc) > > [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from > /etc/mail/spamassassin/ImageInfo.pm > [2013] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc) > > > A stock spam with inline gif processed through Mailscanner: > > X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55, > required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20, > SARE_GIF_ATTACH 4.25) > X-MailScanner-SpamScore: sssss > > Saved and processed locally on the SAME mail sever with - cat test.txt | > spamassassin -t > > Content analysis details: (11.1 hits, 6.5 required) > 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.0 HTML_MESSAGE BODY: HTML included in message > 5.5 DC_IMAGE001_GIF BODY: Contains image named image001.gif > 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif > 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in > abuse.rfc-ignorant.org > 3.0 DC_GIF_UNO_LARGO Message contains a single large inline gif > > (imageinfo.cf had this specific rule I added JUST for the spam because I > already knew the inline GIF was named DDT.gif) > # you can match by image name > body DC_IMAGE001_GIF eval:image_named('DDT.gif') > describe DC_IMAGE001_GIF Contains image named > image001.gif > score DC_IMAGE001_GIF 5.50 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry > Glendown > Sent: Thursday, October 05, 2006 11:54 PM > To: MailScanner discussion > Subject: MS and SA diuffer > > Hi, > > I've just set up FuzzyOCR to take care of the Image spam that has > increased recently ... after still receiving untagged stock spam, I've > checked into the scores and stuff and noticed on a test message, that MS > has a lot less rule hits (and therefore less score points) than when > calling spamassassin directly ... > > Here's what I got originally from MS: > > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=3.905, > benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05, > HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50) > > whereas the -t run from SA resulted in: > > X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99, > FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE, > MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no > > MailScanner.conf points to the right SA directory > (/etc/mail/spamassassin), there ARE image spams that get tagged with the > OCR-tags, so I don't really get it why the scoring differs this much ... > also with the Bayes score ... none on MS, 99 on SA ... !? > > I'm still running MS 4.50, SA is 3.1.5 ... > > Any idea where I could look for the cause of this? > > Tnx! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > =========================================================== > CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. > =========================================================== > CONFIDENTIALITY NOTICE: > This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. > =========================================================== > NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). > =========================================================== >From what I have read, you now need a loadplugin line in init.pre (or one of the other .pre files) spamassassin only does global things from the .pre files since about 3.1.0. Read the imageinfo.pm file for better instructions. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Oct 6 21:43:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Oct 6 21:43:31 2006 Subject: MS and SA diuffer In-Reply-To: <65234743FE1555428435CE39E6AC4078B38A67@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38A67@CHI-US-EXCH-01.us.kmz.com> Message-ID: <223f97700610061343o1b27a9b0u2b475c73419a7c76@mail.gmail.com> On 06/10/06, Duncan, Brian M. wrote: > > If you figure this out, please post back to the list to why it is > happening. > > When I use either Imageinfo.pm or Fuzzyocr.pm with a .cf in the > /etc/mail/spamassassin dir MailScanner seems to cause Spam Assasin to > ignore these?? > > I JUST finished installing FuzzyOCR and all the accompanying tools to > make it work on 2 different relays here. I never see any hits from test > Spam messages I send from outside. > > For the heck of it I also installed Imageinfo.pm and installed > imageinfo.cf into my /etc/mail/spamassassin directory and the same > results occurred. (more later on this) > > Both servers are running: > > spamassassin-3.1.4 > mailscanner-4.54.6-1 > > A stock spam with inline gif processed through Mailscanner: > > X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55, > required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20, > SARE_GIF_ATTACH 4.25) > X-MailScanner-SpamScore: sssss > > Saved and processed locally on the SAME mail sever with - cat test.txt | > spamassassin -t > > Content analysis details: (12.6 hits, 6.5 required) > 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.0 HTML_MESSAGE BODY: HTML included in message > 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif > 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in > abuse.rfc-ignorant.org > 10 FUZZY_OCR BODY: Mail contains an image with common > spam text inside > Words found: > "target" in 1 lines > "symbol" in 1 lines > "stock" in 1 lines > "price" in 1 lines > "company" in 1 lines > "breaking" in 1 lines > "banking" in 1 lines > "news" in 1 lines > (8 word occurrences found) > > > Appropriate output regarding Fuzzy_OCR from spamassassin -D --lint: > > [30731] dbg: plugin: fixed relative path: > /etc/mail/spamassassin/FuzzyOcr.pm > [30731] dbg: plugin: loading FuzzyOcr from > /etc/mail/spamassassin/FuzzyOcr.pm > [30731] dbg: plugin: registered FuzzyOcr=HASH(0xa4200b4) > [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements 'parse_config' > [30731] dbg: FuzzyOcr: Found scan: $gocr -i $pfile > [30731] dbg: FuzzyOcr: Found scan: $gocr -l 180 -d 2 -i $pfile > [30731] dbg: FuzzyOcr: Found scan: $gocr -l 140 -d 2 -i $pfile > [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements > 'finish_parsing_end' > [30731] dbg: FuzzyOcr: Using giffix => /usr/bin/giffix > [30731] dbg: FuzzyOcr: Using giftext => /usr/bin/giftext > [30731] dbg: FuzzyOcr: Using gifinter => /usr/bin/gifinter > [30731] dbg: FuzzyOcr: Using giftopnm => /usr/bin/giftopnm > [30731] dbg: FuzzyOcr: Using jpegtopnm => /usr/bin/jpegtopnm > [30731] dbg: FuzzyOcr: Using pngtopnm => /usr/bin/pngtopnm > [30731] dbg: FuzzyOcr: Using bmptopnm => /usr/bin/bmptopnm > [30731] dbg: FuzzyOcr: Using ppmhist => /usr/bin/ppmhist > [30731] dbg: FuzzyOcr: Using gocr => /usr/bin/gocr > [30731] dbg: FuzzyOcr: Loaded <43> words from > "/etc/mail/spamassassin/FuzzyOcr.words" > [30731] dbg: FuzzyOcr: Using scan: $gocr -i $pfile > [30731] dbg: FuzzyOcr: Using scan: $gocr -l 180 -d 2 -i $pfile > [30731] dbg: FuzzyOcr: Using scan: $gocr -l 140 -d 2 -i $pfile > > I do NOT have anything set in Mailscanner.conf specific to SpamAssassin > aside from site rules dir. Should I? > > SpamAssassin Install Prefix = > > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > SpamAssassin Local Rules Dir = > > SpamAssassin Local State Dir = # /var/lib > > SpamAssassin Default Rules Dir = > > > Now with a different plugin loaded, ImageInfo.pm - > > [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from > /etc/mail/spamassassin/ImageInfo.pm > [2013] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc) > > [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from > /etc/mail/spamassassin/ImageInfo.pm > [2013] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc) > > > A stock spam with inline gif processed through Mailscanner: > > X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55, > required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20, > SARE_GIF_ATTACH 4.25) > X-MailScanner-SpamScore: sssss > > Saved and processed locally on the SAME mail sever with - cat test.txt | > spamassassin -t > > Content analysis details: (11.1 hits, 6.5 required) > 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.0 HTML_MESSAGE BODY: HTML included in message > 5.5 DC_IMAGE001_GIF BODY: Contains image named image001.gif > 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif > 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in > abuse.rfc-ignorant.org > 3.0 DC_GIF_UNO_LARGO Message contains a single large inline gif > > (imageinfo.cf had this specific rule I added JUST for the spam because I > already knew the inline GIF was named DDT.gif) > # you can match by image name > body DC_IMAGE001_GIF eval:image_named('DDT.gif') > describe DC_IMAGE001_GIF Contains image named > image001.gif > score DC_IMAGE001_GIF 5.50 > > > Good info, but you haven't addressed Anthony (or Alex') questions. Please tell us more about your setup, or we will likely not be able to help you... What MTA, OS/version etc etc. The more details the better:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Fri Oct 6 22:42:41 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 6 22:43:14 2006 Subject: version of MS that has "max spamassassin size"? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D30F@UBIMAIL1.ubisoft.org> References: <4523366B.9090105@stellarcore.net> <1E293D3FF63A3740B10AD5AAD88535D20226D30F@UBIMAIL1.ubisoft.org> Message-ID: Daniel Maher spake the following on 10/6/2006 1:34 PM: > Hello all, > > A simple question: > > What version of MailScanner introduced the following configuration option? > > "Max Spamassassin Size" > > Thank you. :) > It seems to have been there since I started using it, so it is way back to the 3.xx's -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mgt at stellarcore.net Fri Oct 6 23:24:55 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Fri Oct 6 23:25:04 2006 Subject: OT: Logwatch Update In-Reply-To: <200610062049.k96KnO8g002655@bkserver.blacknight.ie> References: <200610062049.k96KnO8g002655@bkserver.blacknight.ie> Message-ID: <4526D7B7.7030607@stellarcore.net> Edward Prendergast spake the following on 10/6/2006 1:11 AM: > > I get These messages repeated hundreds of times in my LogWatch reports: > > > > 1GVRKT-0002IV-7z: Logged to MailWatch SQL : 1 Time(s) > > 1GVSrS-00008K-Ef: Logged to MailWatch SQL : 1 Time(s) > > 1GVFvt-0003Oj-T1: Logged to MailWatch SQL : 1 Time(s) > > 1GVV4N-0001DB-Uh: Logged to MailWatch SQL : 1 Time(s) > > 1GVU8t-0005a5-Bu: Logged to MailWatch SQL : 1 Time(s) > > 1GVN7O-0003MO-P7: Logged to MailWatch SQL : 1 Time(s) > > 1GVayX-0000O6-2t: Logged to MailWatch SQL : 1 Time(s) > > > > Does anybody else get this problem & know of a resolution? > > > > Sorry for the off-topic post - I just thought being as how we all use > > MailScanner and some of us use MailWatch that you'd be the best people to > > ask. >Are you running the latest logwatch? I think it is 7.3.1. It seems that this >went away when I upgraded. The logwatch site seems to be down right now, but >you can probably find it around. I have an rpm,and maybe source floating >around somewhere. We keep a mirror here http://logwatch.vanderkooij.org/ No idea what is going on with logwatch.org site seems down [so is cvs access so I suspect somthing bad ;) ] -Mike From lshaw at emitinc.com Sat Oct 7 00:01:33 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Sat Oct 7 00:01:44 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15017297A0@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15017297A0@woodenex.woodmaclaw.local> Message-ID: On Fri, 6 Oct 2006, Billy A. Pumphrey wrote: > You guys are so awesome! I have it set up now. I had to go ahead and > edit the access file and add the exchange server as a relay. > > Also I had no connector there so I had to add a new one. One thing I don't think anyone else has mentioned is that you probably want to look at your set of trusted hosts/networks (the "trusted_networks" setting for SpamAssassin) and think about whether your Exchange server is in that set and whether you want it to be in the set. It might already be trusted if it's on the same subnet with trusted clients. Or not, depending on how you have it set up. How it should be set up is probably a judgement call, but it'd probably be worthwhile to be intentional about whatever you choose. Including the Exchange server in the trusted_networks set will mean it won't be checked against RBLs and stuff like that. And I believe messages coming from it and going through your MailScanner machine will also get an extra negative score for ALL_TRUSTED. (Though whether any outside parties care about how you score messages as they leave your server is another question.) - Logan From brian.duncan at kattenlaw.com Sat Oct 7 01:36:53 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Sat Oct 7 01:37:03 2006 Subject: MS and SA diuffer Message-ID: <65234743FE1555428435CE39E6AC4078B38A6C@CHI-US-EXCH-01.us.kmz.com> >Good info, but you haven't addressed Anthony (or Alex') questions. >Please tell us more about your setup, or we will likely not be able to help you... What MTA, OS/version etc etc. The more details the >>> better:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se Sorry - I was not the original poster. I just happen to have the same exact problem. I am using sendmail. Linux, one box is Fedora FC3 one box is Fedora FC4. FC4 box is sendmail-8.13.8-1. FC3 box is sendmail-8.13.6-0. As far as loading the plugins for FuzzyOCR and ImageInfo.pm, I was loading them out of the init.pre file. The debug from SpamAssassin showed them loading successfully that I included before. When piping a test message through Spam Assassin locally the FuzzyOCR rules kick in and are scored, same with ImageInfo.pm. When Relayed through MailScanner, they do not. I also just realized that bayes is also not functioning through MailScanner + SpamAssasin. When I pipe the message through SpamAssassin locally it includes bayes scoring, through MailScanner, that is absent. Yet all my other .cf rules that are in my /etc/mail/spamassassin dir are applied with MailScanner. I emailed the original poster about his problem and he said his worked when he changed his max spamassassin message size from something Like 60K to 60000. I tried as high as 500000 with no effect. =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From brian.duncan at kattenlaw.com Sat Oct 7 04:52:21 2006 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Sat Oct 7 04:52:30 2006 Subject: MS and SA diuffer Message-ID: <65234743FE1555428435CE39E6AC4078B38A70@CHI-US-EXCH-01.us.kmz.com> I got my plugins working now with MailScanner. Bayes came back also. I had used a Spam Assassin FC SRPM, removed it and re-installed the newest SpamAssassin version manually with Perl and all started working. Weird though.. -D --lint showed ALL being loaded fine, all plugins and bayes. Spam Assassin locally would tag properly, just not through MailScanner. I even compared all the install dirs between the RPM SpamAssassin and the manual Perl install and they all looked the same. Thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. Sent: Friday, October 06, 2006 7:37 PM To: MailScanner discussion Subject: RE: MS and SA diuffer >Good info, but you haven't addressed Anthony (or Alex') questions. >Please tell us more about your setup, or we will likely not be able to help you... What MTA, OS/version etc etc. The more details the >>> better:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se Sorry - I was not the original poster. I just happen to have the same exact problem. I am using sendmail. Linux, one box is Fedora FC3 one box is Fedora FC4. FC4 box is sendmail-8.13.8-1. FC3 box is sendmail-8.13.6-0. As far as loading the plugins for FuzzyOCR and ImageInfo.pm, I was loading them out of the init.pre file. The debug from SpamAssassin showed them loading successfully that I included before. When piping a test message through Spam Assassin locally the FuzzyOCR rules kick in and are scored, same with ImageInfo.pm. When Relayed through MailScanner, they do not. I also just realized that bayes is also not functioning through MailScanner + SpamAssasin. When I pipe the message through SpamAssassin locally it includes bayes scoring, through MailScanner, that is absent. Yet all my other .cf rules that are in my /etc/mail/spamassassin dir are applied with MailScanner. I emailed the original poster about his problem and he said his worked when he changed his max spamassassin message size from something Like 60K to 60000. I tried as high as 500000 with no effect. =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From admin at thenamegame.com Sat Oct 7 05:02:27 2006 From: admin at thenamegame.com (Michael S.) Date: Sat Oct 7 04:56:47 2006 Subject: FW: Missing /rules files from MailScanner installation from ports Message-ID: <200610070356.k973uj26008382@bkserver.blacknight.ie> There is a problem with installing MailScanner 4.55.10-3 via ports. I reported this many months ago, still the same old problem. If you install MS on a server that has never had MS it starts complaining about the following files that it can't find. About 4 or so months ago when I reported this, the port maintainer tried to tell me my port system on my Freebsd box had a problem. Since then, we have purchased 4 additional Freebsd boxes that all exhibit the same installation issue, missing files after the install. If you don't believe me, try installing MS on a Freebsd server that has never had MS installed. The following list of files will be missing from your installation; /rules/bounce.rule /rules/max.message.size.rule /mcp/mcp.spam.assassin.prefs.conf If you look at the package list, you will find the following files missing from this list, the only one there is mcp.spam.assassin.prefs.conf.sample but unless you rename it after installing MS to mcp.spam.assassin.prefs.conf your installation chokes. Shouldn't MS rename this to mcp.spam.assassin.prefs.conf like it does to all the others when you type the config command? The pgk-list tells the truth. It shows all the files that were installed. As per the partial list below, you will note there is no bounce.rule max.message.size.rule and the third one is installed as a sample so unless you know what to do you will be stuck with a failed installation unless your rename the file from a sample to a conf. So Mr port maintainer, why don't you listen to constructive criticism and take action to fix this problem when it's reported instead of being rude about it. See previous messages regarding this! I would hope that you all would want to know instead of telling me im crazy or that my installation is jacked. And last but certainly not least there are no symlinks created except for one and that is to mailscanner.cf. Freebsd does not have a cron.hourly or crond.d therefore you need to create cronjobs if you expect to run hourly crons. Nothing about this is mentioned in the DOCS or README. Maybe this should be revamped so a total idiot knows what to do. But that's just a suggestion, take it or leave it. @comment $FreeBSD: ports/mail/mailscanner/pkg-plist,v 1.31 2006/08/11 20:10:29 pav Exp $ etc/MailScanner/country.domains.conf.sample etc/MailScanner/MailScanner.conf.sample etc/MailScanner/filename.rules.conf.sample etc/MailScanner/filetype.rules.conf.sample etc/MailScanner/mcp/10_example.cf.sample etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf.sample etc/MailScanner/rules/EXAMPLES etc/MailScanner/rules/README etc/MailScanner/rules/spam.whitelist.rules.sample etc/MailScanner/phishing.safe.sites.conf.sample etc/MailScanner/spam.assassin.prefs.conf.sample Also, the follow files ARE NOT copied to /usr/local/etc/rc.d. According to the docs; The port installs two start/stop scripts in /usr/local/etc/rc.d: mailscanner.sh mta.sh But this never happens. You have to go back to the port collections file directory and copy the shell script into the proper directory. Can you have the port maintainer correct this problem? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061007/70646a83/attachment.html From lday at txk.k12.ar.us Sat Oct 7 05:43:59 2006 From: lday at txk.k12.ar.us (James L. Day) Date: Sat Oct 7 05:44:08 2006 Subject: FW: Missing /rules files from MailScanner installation from ports In-Reply-To: <200610070356.k973uj26008382@bkserver.blacknight.ie> References: <200610070356.k973uj26008382@bkserver.blacknight.ie> Message-ID: <4527308F.2060609@txk.k12.ar.us> I just did a clean install on my FreeBSD 5.5-STABLE machine. My comments are within.. Michael S. wrote: > > There is a problem with installing MailScanner 4.55.10-3 via ports. I > reported this many months ago, still the same old problem. > > If you install MS on a server that has never had MS it starts > complaining about the following files that it can?t find. > > About 4 or so months ago when I reported this, the port maintainer > tried to tell me my port system on my Freebsd box had a problem. Since > then, we have purchased 4 additional Freebsd boxes that all exhibit > the same installation issue, missing files after the install. If you > don?t believe me, try installing MS on a Freebsd server that has never > had MS installed. The following list of files will be missing from > your installation; > > /rules/bounce.rule > > /rules/max.message.size.rule > > /mcp/mcp.spam.assassin.prefs.conf > I agree.. Oct 6 23:23:16 alms MailScanner[30703]: MailScanner E-Mail Virus Scanner version 4.55.10 starting... Oct 6 23:23:16 alms MailScanner[30703]: Could not read file /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf Oct 6 23:23:16 alms MailScanner[30703]: Error in line 2027, file "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" for mcpspamassassinprefsfile does not exist (or can not be read) Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file /usr/local/etc/MailScanner/rules/bounce.rules, No such file or directory Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file /usr/local/etc/MailScanner/rules/max.message.size.rules, No such file or directory --- snip -- > > Also, the follow files ARE NOT copied to /usr/local/etc/rc.d. > According to the docs; > > The port installs two start/stop scripts in /usr/local/etc/rc.d: > > mailscanner.sh > > mta.sh > I disagree. They were created for me... -r-xr-xr-x 1 root wheel 1017 Oct 6 23:19 mailscanner.sh -r-xr-xr-x 1 root wheel 4412 Oct 6 23:19 mta.sh > But this never happens. You have to go back to the port collections > file directory and copy the shell script into the proper directory. > > Can you have the port maintainer correct this problem? > From admin at thenamegame.com Sat Oct 7 06:03:34 2006 From: admin at thenamegame.com (Michael S.) Date: Sat Oct 7 05:57:39 2006 Subject: FW: Missing /rules files from MailScanner installation fromports In-Reply-To: <4527308F.2060609@txk.k12.ar.us> Message-ID: <200610070457.k974vb0H009264@bkserver.blacknight.ie> Finally somebody who has a clue!! Thanks James for verifying this. Maybe the port Maintainer can finally do something about this after telling me I was crazy. See all the NOT SO NICE messages in past threads regarding this issue. Thank you. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James L. Day Sent: Saturday, October 07, 2006 12:44 AM To: MailScanner discussion Subject: Re: FW: Missing /rules files from MailScanner installation fromports I just did a clean install on my FreeBSD 5.5-STABLE machine. My comments are within.. Michael S. wrote: > > There is a problem with installing MailScanner 4.55.10-3 via ports. I > reported this many months ago, still the same old problem. > > If you install MS on a server that has never had MS it starts > complaining about the following files that it can't find. > > About 4 or so months ago when I reported this, the port maintainer > tried to tell me my port system on my Freebsd box had a problem. Since > then, we have purchased 4 additional Freebsd boxes that all exhibit > the same installation issue, missing files after the install. If you > don't believe me, try installing MS on a Freebsd server that has never > had MS installed. The following list of files will be missing from > your installation; > > /rules/bounce.rule > > /rules/max.message.size.rule > > /mcp/mcp.spam.assassin.prefs.conf > I agree.. Oct 6 23:23:16 alms MailScanner[30703]: MailScanner E-Mail Virus Scanner version 4.55.10 starting... Oct 6 23:23:16 alms MailScanner[30703]: Could not read file /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf Oct 6 23:23:16 alms MailScanner[30703]: Error in line 2027, file "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" for mcpspamassassinprefsfile does not exist (or can not be read) Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file /usr/local/etc/MailScanner/rules/bounce.rules, No such file or directory Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file /usr/local/etc/MailScanner/rules/max.message.size.rules, No such file or directory --- snip -- > > Also, the follow files ARE NOT copied to /usr/local/etc/rc.d. > According to the docs; > > The port installs two start/stop scripts in /usr/local/etc/rc.d: > > mailscanner.sh > > mta.sh > I disagree. They were created for me... -r-xr-xr-x 1 root wheel 1017 Oct 6 23:19 mailscanner.sh -r-xr-xr-x 1 root wheel 4412 Oct 6 23:19 mta.sh > But this never happens. You have to go back to the port collections > file directory and copy the shell script into the proper directory. > > Can you have the port maintainer correct this problem? > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From admin at thenamegame.com Sat Oct 7 06:20:26 2006 From: admin at thenamegame.com (Michael S.) Date: Sat Oct 7 06:14:27 2006 Subject: FW: Missing /rules files from MailScanner installation fromports In-Reply-To: <4527308F.2060609@txk.k12.ar.us> Message-ID: <200610070514.k975EPu6009580@bkserver.blacknight.ie> > I disagree. They were created for me... -r-xr-xr-x 1 root wheel 1017 Oct 6 23:19 mailscanner.sh -r-xr-xr-x 1 root wheel 4412 Oct 6 23:19 mta.sh > But this never happens. You have to go back to the port collections > file directory and copy the shell script into the proper directory. > > Can you have the port maintainer correct this problem? > That's strange; because on 3 servers thus far mailscanner.sh and mta.sh were not copied to /usr/local/etc/rc.d/ where they are suppose to end up after the port installation. I had to copy them from /ports/files/mailscanner.in and mta.in to /usr/local/etc/rc.d manually. Also, what has everyone done with files such as clean.quarantine and update_virus_scanners? Since one is supposed to run hourly and the other daily did you copy them somewhere and symlink them back to /usr/local/libexec/MailScanner where all the cron jobs are or did you simply create a root cronjob? Seems like this step is missing as well. Unless you are well aware of what the setup should look like you wouldn't even know about it. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lday at txk.k12.ar.us Sat Oct 7 07:31:37 2006 From: lday at txk.k12.ar.us (James L. Day) Date: Sat Oct 7 07:31:42 2006 Subject: FW: Missing /rules files from MailScanner installation fromports In-Reply-To: <200610070514.k975EPu6009580@bkserver.blacknight.ie> References: <200610070514.k975EPu6009580@bkserver.blacknight.ie> Message-ID: <452749C9.10108@txk.k12.ar.us> I use ClamAV and it's updated by "/usr/local/etc/rc.d/clamav-freshclam.sh". Since I have MailWatch installed, I have these in my "/etc/crontab" file: */5 * * * * root /usr/local/sbin/mailq.php 0 0 * * * root /usr/local/sbin/quarantine_maint.php --clean 0 0 * * * root /usr/local/sbin/quarantine_report.php 0 0 * * * root /usr/local/sbin/db_clean.php I've never had "clean.quarantine" and "update_virus_scanners" in root's crontab. They were definitely not put there for me during a MailScanner install. I ran McAfee's command line scanner for quite some time before switching to ClamAV. If I remember correctly, I had to manually add a line to root's crontab to update the McAfee definitions. Before MailWatch, I cleaned "/var/spool/MailScanner/quarantine" manually. I didn't know it was supposed to be done auto-magically.. ;-) BTW - I've installed MailScanner/SpamAssassin/ClamAV on at least 6 servers over the past 3 years and have updated or reinstalled them many times. The FreeBSD MailScanner port needs fixing.. Lynn Michael S. wrote: > That's strange; because on 3 servers thus far mailscanner.sh and mta.sh were > not copied to /usr/local/etc/rc.d/ where they are suppose to end up after > the port installation. I had to copy them from /ports/files/mailscanner.in > and mta.in to /usr/local/etc/rc.d manually. > > Also, what has everyone done with files such as clean.quarantine and > update_virus_scanners? Since one is supposed to run hourly and the other > daily did you copy them somewhere and symlink them back to > /usr/local/libexec/MailScanner where all the cron jobs are or did you simply > create a root cronjob? Seems like this step is missing as well. Unless you > are well aware of what the setup should look like you wouldn't even know > about it. > > From drew at technologytiger.net Sat Oct 7 13:07:18 2006 From: drew at technologytiger.net (Drew Marshall) Date: Sat Oct 7 13:07:35 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: <200610070457.k974vb0H009264@bkserver.blacknight.ie> References: <200610070457.k974vb0H009264@bkserver.blacknight.ie> Message-ID: <1A950111-642F-4238-8761-28AC6C51C7AF@technologytiger.net> On 7 Oct 2006, at 06:03, Michael S. wrote: > Finally somebody who has a clue!! I think that is a little harsh and along with the tone in your original e-mail you are about as likely to walk to the moon as to get this fixed. > > Thanks James for verifying this. Maybe the port Maintainer can > finally do > something about this after telling me I was crazy. See all the NOT > SO NICE > messages in past threads regarding this issue. I participated in the previous thread and I seem to remember that there were more people who had no problem than there were who had and although there was some attempt to help, you reacted with the same tone as you are now. No one owes you a working port. If you can't make it work or feel that Jan-Peter is doing a bad job then come forward and offer to help. I am sure he won't mind at all. He is a busy guy and this is open source. If you pay for it, expect it to work (I am sure you have many Microsoft products that do just that :-) ). If you are that concerned, drop Julian an e-mail and pay him to install it for you. > > Thank you. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > James L. > Day > Sent: Saturday, October 07, 2006 12:44 AM > To: MailScanner discussion > Subject: Re: FW: Missing /rules files from MailScanner installation > fromports > > I just did a clean install on my FreeBSD 5.5-STABLE machine. My > comments > are within.. > > Michael S. wrote: >> >> There is a problem with installing MailScanner 4.55.10-3 via ports. I >> reported this many months ago, still the same old problem. >> >> If you install MS on a server that has never had MS it starts >> complaining about the following files that it can't find. >> >> About 4 or so months ago when I reported this, the port maintainer >> tried to tell me my port system on my Freebsd box had a problem. >> Since >> then, we have purchased 4 additional Freebsd boxes that all exhibit >> the same installation issue, missing files after the install. If you >> don't believe me, try installing MS on a Freebsd server that has >> never >> had MS installed. The following list of files will be missing from >> your installation; >> >> /rules/bounce.rule >> >> /rules/max.message.size.rule >> >> /mcp/mcp.spam.assassin.prefs.conf >> > I agree.. > > Oct 6 23:23:16 alms MailScanner[30703]: MailScanner E-Mail Virus > Scanner > version 4.55.10 starting... > Oct 6 23:23:16 alms MailScanner[30703]: Could not read file > /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf > Oct 6 23:23:16 alms MailScanner[30703]: Error in line 2027, file > "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" for > mcpspamassassinprefsfile does not exist (or can not be read) > Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file > /usr/local/etc/MailScanner/rules/bounce.rules, No such file or > directory > Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file > /usr/local/etc/MailScanner/rules/max.message.size.rules, No such > file or > directory > > --- snip -- Because I have run the port for several years, mine are upgrades so the original are always there so I have never noticed them missing. Are the files there as .sample files? I assume you ran the scripts at the end of the install to move the .sample files? >> >> Also, the follow files ARE NOT copied to /usr/local/etc/rc.d. >> According to the docs; >> >> The port installs two start/stop scripts in /usr/local/etc/rc.d: >> >> mailscanner.sh >> >> mta.sh >> > I disagree. They were created for me... > > -r-xr-xr-x 1 root wheel 1017 Oct 6 23:19 mailscanner.sh > -r-xr-xr-x 1 root wheel 4412 Oct 6 23:19 mta.sh And me every time I upgrade. > >> But this never happens. You have to go back to the port collections >> file directory and copy the shell script into the proper directory. >> >> Can you have the port maintainer correct this problem? The FreeBSD port is not maintained by Julian. You would be better asking (Nicely) Jan-Peter, who's e-mail address is in the Makefile in the ports tree or indeed as I have suggested else where do it yourself and offer to help him improve the current port. Regards Drew From lday at txk.k12.ar.us Sat Oct 7 16:15:47 2006 From: lday at txk.k12.ar.us (James L. Day) Date: Sat Oct 7 16:15:55 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: <1A950111-642F-4238-8761-28AC6C51C7AF@technologytiger.net> References: <200610070457.k974vb0H009264@bkserver.blacknight.ie> <1A950111-642F-4238-8761-28AC6C51C7AF@technologytiger.net> Message-ID: <4527C4A3.4010706@txk.k12.ar.us> Drew, The FreeBSD MailScanner port puts .sample files all over the place, but I've never seen anything in the port to remove them... The attached Makefile patch I whipped up should make the port install and run with fewer errors... >From /usr/ports/mail/mailscanner, type: patch < /path/to/Makefile.diff And yes, after running "make install" you must run "make initial-config". It would be nice if during a first-time install, the port would perform "initial-config" automatically. It could be triggered by the lack of a "/usr/local/etc/MailScanner" directory or the "MailScanner.conf" file, etc. If I were the creator of a cool application such as MailScanner and a port maintainer was causing public outcry, I'd be inclined to show him the light. I'm quite capable of making myself look bad; I don't need any help... As always, YMMV.. ;-) Lynn Drew Marshall wrote: > On 7 Oct 2006, at 06:03, Michael S. wrote: > >> Finally somebody who has a clue!! > > I think that is a little harsh and along with the tone in your > original e-mail you are about as likely to walk to the moon as to get > this fixed. > >> >> Thanks James for verifying this. Maybe the port Maintainer can >> finally do >> something about this after telling me I was crazy. See all the NOT SO >> NICE >> messages in past threads regarding this issue. > > I participated in the previous thread and I seem to remember that > there were more people who had no problem than there were who had and > although there was some attempt to help, you reacted with the same > tone as you are now. No one owes you a working port. If you can't make > it work or feel that Jan-Peter is doing a bad job then come forward > and offer to help. I am sure he won't mind at all. He is a busy guy > and this is open source. If you pay for it, expect it to work (I am > sure you have many Microsoft products that do just that :-) ). If you > are that concerned, drop Julian an e-mail and pay him to install it > for you. > >> >> Thank you. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> James L. >> Day >> Sent: Saturday, October 07, 2006 12:44 AM >> To: MailScanner discussion >> Subject: Re: FW: Missing /rules files from MailScanner installation >> fromports >> >> I just did a clean install on my FreeBSD 5.5-STABLE machine. My comments >> are within.. >> >> Michael S. wrote: >>> >>> There is a problem with installing MailScanner 4.55.10-3 via ports. I >>> reported this many months ago, still the same old problem. >>> >>> If you install MS on a server that has never had MS it starts >>> complaining about the following files that it can't find. >>> >>> About 4 or so months ago when I reported this, the port maintainer >>> tried to tell me my port system on my Freebsd box had a problem. Since >>> then, we have purchased 4 additional Freebsd boxes that all exhibit >>> the same installation issue, missing files after the install. If you >>> don't believe me, try installing MS on a Freebsd server that has never >>> had MS installed. The following list of files will be missing from >>> your installation; >>> >>> /rules/bounce.rule >>> >>> /rules/max.message.size.rule >>> >>> /mcp/mcp.spam.assassin.prefs.conf >>> >> I agree.. >> >> Oct 6 23:23:16 alms MailScanner[30703]: MailScanner E-Mail Virus Scanner >> version 4.55.10 starting... >> Oct 6 23:23:16 alms MailScanner[30703]: Could not read file >> /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf >> Oct 6 23:23:16 alms MailScanner[30703]: Error in line 2027, file >> "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" for >> mcpspamassassinprefsfile does not exist (or can not be read) >> Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file >> /usr/local/etc/MailScanner/rules/bounce.rules, No such file or directory >> Oct 6 23:23:16 alms MailScanner[30703]: Cannot open ruleset file >> /usr/local/etc/MailScanner/rules/max.message.size.rules, No such file or >> directory >> >> --- snip -- > > Because I have run the port for several years, mine are upgrades so > the original are always there so I have never noticed them missing. > Are the files there as .sample files? I assume you ran the scripts at > the end of the install to move the .sample files? > >>> >>> Also, the follow files ARE NOT copied to /usr/local/etc/rc.d. >>> According to the docs; >>> >>> The port installs two start/stop scripts in /usr/local/etc/rc.d: >>> >>> mailscanner.sh >>> >>> mta.sh >>> >> I disagree. They were created for me... >> >> -r-xr-xr-x 1 root wheel 1017 Oct 6 23:19 mailscanner.sh >> -r-xr-xr-x 1 root wheel 4412 Oct 6 23:19 mta.sh > > And me every time I upgrade. > >> >>> But this never happens. You have to go back to the port collections >>> file directory and copy the shell script into the proper directory. >>> >>> Can you have the port maintainer correct this problem? > > The FreeBSD port is not maintained by Julian. You would be better > asking (Nicely) Jan-Peter, who's e-mail address is in the Makefile in > the ports tree or indeed as I have suggested else where do it yourself > and offer to help him improve the current port. > > Regards > > Drew > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- --- Makefile Sat Oct 7 08:52:32 2006 +++ Makefile.jld Sat Oct 7 09:25:28 2006 @@ -112,6 +112,8 @@ spam.lists.conf virus.scanners.conf \ phishing.safe.sites.conf \ country.domains.conf +RULES_FILES= EXAMPLES README bounce.rules \ + max.message.size.rules spam.whitelist.rules MCP_FILES= mcp.spam.assassin.prefs.conf \ 10_example.cf USRLOCAL_FILES_LIB= \ @@ -236,10 +238,11 @@ ${PREFIX}/etc/MailScanner/${FILE}.sample .endfor ${MKDIR} ${PREFIX}/etc/MailScanner/rules - cd ${WRKSRC}/etc/rules && \ - ${INSTALL_DATA} EXAMPLES README ${PREFIX}/etc/MailScanner/rules - ${INSTALL_DATA} ${WRKSRC}/etc/rules/spam.whitelist.rules \ - ${PREFIX}/etc/MailScanner/rules/spam.whitelist.rules.sample + ${CHMOD} ${BINMODE} ${PREFIX}/etc/MailScanner/rules +.for FILE in ${RULES_FILES} + ${INSTALL_DATA} ${WRKSRC}/etc/rules/${FILE} \ + ${PREFIX}/etc/MailScanner/rules/${FILE}.sample +.endfor ${MKDIR} ${PREFIX}/etc/MailScanner/mcp ${CHMOD} ${BINMODE} ${PREFIX}/etc/MailScanner/mcp .for FILE in ${MCP_FILES} @@ -351,8 +354,10 @@ initial-config: renew-wrapper renew-autoupdate renew-reports cd ${WRKSRC}/etc && ${INSTALL_DATA} ${ETC_FILES} \ ${PREFIX}/etc/MailScanner - ${INSTALL_DATA} ${WRKSRC}/etc/rules/spam.whitelist.rules \ - ${PREFIX}/etc/MailScanner/rules/spam.whitelist.rules + cd ${WRKSRC}/etc/rules && ${INSTALL_DATA} ${RULES_FILES} \ + ${PREFIX}/etc/MailScanner/rules + cd ${WRKSRC}/etc/mcp && ${INSTALL_DATA} ${MCP_FILES} \ + ${PREFIX}/etc/MailScanner/mcp @${ECHO} "******************************************************************************" @${ECHO} "The provided default configuration requires several directories to be created:" @${ECHO} "/var/spool/MailScanner/incoming" From res at ausics.net Sun Oct 8 02:09:21 2006 From: res at ausics.net (Res) Date: Sun Oct 8 02:09:29 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: <1A950111-642F-4238-8761-28AC6C51C7AF@technologytiger.net> References: <200610070457.k974vb0H009264@bkserver.blacknight.ie> <1A950111-642F-4238-8761-28AC6C51C7AF@technologytiger.net> Message-ID: On Sat, 7 Oct 2006, Drew Marshall wrote: > On 7 Oct 2006, at 06:03, Michael S. wrote: > >> Finally somebody who has a clue!! > > I think that is a little harsh and along with the tone in your original > e-mail you are about as likely to walk to the moon as to get this fixed. > heh, agreed, and if he's that concerned why not do a tarball install? It also takes 2 mins to write a quick bash file to copy custom files into new MS, ill save him time and give it to him so it takes 2 seconds... #cd /opt/MailScanner-New_Version/etc # and paste all this in one hit mv MailScanner.conf MailScanner.conf.default ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf \ MailScanner.conf.default > MailScanner.conf diff /opt/MailScanner/etc/MailScanner.conf MailScanner.conf cp /opt/MailScanner/etc/filename.rules.conf . cp /opt/MailScanner/etc/filetype.rules.conf . cp /opt/MailScanner/etc/mailscanner-mrtg.conf . cp /opt/MailScanner/etc/spam.assassin.prefs.conf . cp /opt/MailScanner/etc/phishing.safe.sites.conf . cd rules/ cp /opt/MailScanner/etc/rules/bounce.rules . cp /opt/MailScanner/etc/rules/police.rules . cp /opt/MailScanner/etc/rules/reject.msg.rules . cp /opt/MailScanner/etc/rules/contentscan.rules . cp /opt/MailScanner/etc/rules/spam.whitelist.rules . cd ../reports/en cp /opt/MailScanner/etc/reports/en/sender.content.report.txt . cp /opt/MailScanner/etc/reports/en/rejection.report.txt . cp /opt/MailScanner/etc/reports/en/sender.filename.report.txt . # end thats it, all customisations in place,it might be risky copying some of the prefs files, but ive beeing doing it for a while without problem. -- Cheers Res "Just a world that we all must share, it's not enough just to stand and stare, is it only a dream that there'll be no more turning away" - Floyd From Jan-Peter.Koopmann at seceidos.de Sun Oct 8 12:55:56 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun Oct 8 12:56:02 2006 Subject: FW: Missing /rules files from MailScanner installation fromports In-Reply-To: <200610070457.k974vb0H009264@bkserver.blacknight.ie> Message-ID: On Saturday, October 07, 2006 7:04 AM Michael S. wrote: > Finally somebody who has a clue!! Obviously the rest of the world does not. > Thanks James for verifying this. Maybe the port Maintainer can > finally do something about this after telling me I was crazy. I told you that you are crazy? I do not recall this. > See all > the NOT SO NICE messages in past threads regarding this issue. The only "NOT SO NICE" messages with a rude tone I recall came from you to be honest. And this message is no exception. If therre is a problem with the port then please by all means bring it to my attention. If (!) I can reproduce and/or understand the problem and agree with the fact that it needs some certain fix I will of course do this. However as Drew mentioned, my time is very limited and I am not earning any money with maintaining this port. Therefore if you are trying to "finally" get me to do something you might as well try it in an educated nice way. It would raise the chances of your case being heard enourmously... > Thank you. Your welcome. Kind regards, JP From Jan-Peter.Koopmann at seceidos.de Sun Oct 8 13:00:55 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun Oct 8 13:00:58 2006 Subject: FW: Missing /rules files from MailScanner installation fromports In-Reply-To: <4527308F.2060609@txk.k12.ar.us> Message-ID: On Saturday, October 07, 2006 6:44 AM James L. Day wrote: >> /rules/bounce.rule >> >> /rules/max.message.size.rule Agreed. I have not been aware of these two files. Please remember that Julian too has better things to do than telling me about every file or installation change he is doing. Therefore these things are bound to happen. I do not use bounce.rule and max.message.size.rule in my installations therefore I have never came across this. I will put it on the todo list for the next release. >> /mcp/mcp.spam.assassin.prefs.conf This should be there as .sample file. Can you please recheck? Maybe for some reason it is not copied during "initial-config" phase which it should be. >> Also, the follow files ARE NOT copied to /usr/local/etc/rc.d. >> According to the docs; >> >> The port installs two start/stop scripts in /usr/local/etc/rc.d: >> >> mailscanner.sh >> >> mta.sh >> > I disagree. They were created for me... > > -r-xr-xr-x 1 root wheel 1017 Oct 6 23:19 mailscanner.sh -r-xr-xr-x 1 > root wheel 4412 Oct 6 23:19 mta.sh Can someone please recheck? I will setup mailscanner on FreeBSD6 boxes during the next two weeks and check for myself. The creation of those files however is part of the FreeBSD port system and not necessarily my port. That and the fact that noone else has ever complained about this was the reason for suspecting something wrong in "somebodies" port system. Regards, JP From Jan-Peter.Koopmann at seceidos.de Sun Oct 8 13:05:32 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun Oct 8 13:05:38 2006 Subject: FW: Missing /rules files from MailScanner installation fromports In-Reply-To: <200610070514.k975EPu6009580@bkserver.blacknight.ie> Message-ID: On Saturday, October 07, 2006 7:20 AM Michael S. wrote: > That's strange; because on 3 servers thus far mailscanner.sh and > mta.sh were not copied to /usr/local/etc/rc.d/ where they are suppose > to end up after the port installation. I had to copy them from > /ports/files/mailscanner.in and mta.in to /usr/local/etc/rc.d > manually. As I said in a previous post this is strange since it was working. Maybe some change in the port-magic results in a problem here but I need to have this verified and try it out myself. Since I am on the road next week it will probably take some time. > Also, what has everyone done with files such as clean.quarantine and > update_virus_scanners? Since one is supposed to run hourly and the > other daily did you copy them somewhere and symlink them back to > /usr/local/libexec/MailScanner where all the cron jobs are or did you > simply create a root cronjob? The latter. > Seems like this step is missing as > well. On purpose. If you guys tell me how "the majority" wants it I might be able to automatically do this. I personally prefer to do this step manually and put a remark in install instructions. > Unless you are well aware of what the setup should look like > you wouldn't even know about it. If you do not read the install instructions: Probably. Maybe it is missing there. I would very much like to improve that and am eager to hear your suggestions. But please: Specific suggestion and not "do it differently; fix it" or my personal favourite "finally fix it!". :-) As I pointed out many times: My time for this port is limited! A simple "make this better" will not help me and therefore will not help you. Regards, JP From Jan-Peter.Koopmann at seceidos.de Sun Oct 8 13:17:38 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun Oct 8 13:17:46 2006 Subject: Missing /rules files from MailScanner installation from ports In-Reply-To: <200610070356.k973uj26008382@bkserver.blacknight.ie> Message-ID: On Samstag, 7. Oktober 2006 6:02 Michael S. wrote: > About 4 or so months ago when I reported this, the port maintainer > tried to tell me my port system on my Freebsd box had a problem. I was not able to reproduce your problem, others did not have it, I suggested (!) your system might have a problem and have not heard from you since. > If you look at the package list, you will find the following files > missing from this list, the only one there is > mcp.spam.assassin.prefs.conf.sample but unless you rename it after > installing MS to mcp.spam.assassin.prefs.conf your installation > chokes. Shouldn't MS rename this to mcp.spam.assassin.prefs.conf like > it does to all the others when you type the config command? It should be copied during "initial-config". If it is not (which I need to check) then this definatly is a bug. > So Mr port maintainer, why don't you listen to constructive criticism > and take action to fix this problem when it's reported instead of > being rude about it. Well Mr. S I am very open to constructive criticism as many people here will hopefully verify. And I fail to see where I am rude. You on the other hand... > See previous messages regarding this! I would > hope that you all would want to know instead of telling me im crazy > or that my installation is jacked. Just try to image how many complaints port maintainers get about their port not working. Then try to image what the percentage of real port problems is and how many installations are jacked. This is a valid assumption if only one person is complaining about something specific and if you are not able to reproduce the problem (which I was not able to!). > And last but certainly not least there are no symlinks created except > for one and that is to mailscanner.cf. Freebsd does not have a > cron.hourly or crond.d therefore you need to create cronjobs if you > expect to run hourly crons. Nothing about this is mentioned in the > DOCS or README. Maybe this should be revamped so a total idiot knows > what to do. But that's just a suggestion, take it or leave it. Wounderful. Since I do not have the time to revamp the DOCs/README: Please if someone is able to write suitable idiot-proof instructions do so and share them with me to put them in the port! > Can you have the port maintainer correct this problem? Nobody can "have" me to correct the problem. You can bring this to my attention (which you did) and I can try to fix it. If I am not able or not willing to: What do you expect this mailing list or Julian to do about it other than asking me? Sue me? Get real: The port is not a product I sell. It is something I do in my spare time. There is no legal obligation. So please stop acting like there was some. And one more hint: My time currently is so limited that I do not read the mailscanner list thouroughly. So if you need help or fixes for the port better write to me directly or at least cc me. Thanks a lot! Kind regards, JP From Jan-Peter.Koopmann at seceidos.de Sun Oct 8 13:33:12 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun Oct 8 13:33:21 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: <4527C4A3.4010706@txk.k12.ar.us> Message-ID: On Saturday, October 07, 2006 5:16 PM James L. Day wrote: > The FreeBSD MailScanner port puts .sample files all over the place, > but I've never seen anything in the port to remove them... Since they are listed in pkg-plist they will get removed during make deinstall automatically. > The attached Makefile patch I whipped up should make the port install > and run with fewer errors... Thanks for the patch. I will have a look at it and integrate it in the next version if you don't mind. That is the sort of constructive criticism that really helps everybody. Sincere thanks. > And yes, after running "make install" you must run "make > initial-config". It would be nice if during a first-time install, > the port would perform "initial-config" automatically. It could be > triggered by the lack of a "/usr/local/etc/MailScanner" directory or > the "MailScanner.conf" file, etc. Up to this point the commen consensus was that a fresh MailScanner installation needs manual tweaking before you first fire up the system (due to the complexity, several supported MTAs etc. etc.). Hence the need for a manual "initial-config". If this consensus changes now I can of course try to implement this step to be automatic. I would go for the lack of "MailScanner.conf" file ${LOCALBASE}/etc/ though. > If I were the creator of a cool application such as MailScanner and a > port maintainer was causing public outcry, Public outcry? Have I been missing something? Up to this message (which was brought to my attention via e-mail) I cannot find any real complaints. And even these complaints do not qualify as "public outcry" at least not in my view of the world. That is very subjective of course. Did I just not see the irony tags or are you guys possibly exaggerating just a tiny bit? > I'd be inclined to show him the light. Meaning? Please. Enlighten me. How is Julian going to "show me the light"? These kinds of messages really are an interesting way of saying "Thank you for creating and maintaining a free port for this system". I developed this port strictly for my self and decided to share it with the FreeBSD community. I do not expect thousands of "Thank you" mails. I honestly do not expect to be "shown the light" either though. Kind regards, JP From lday at txk.k12.ar.us Sun Oct 8 17:55:45 2006 From: lday at txk.k12.ar.us (James L. Day) Date: Sun Oct 8 17:55:53 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: References: Message-ID: <45292D91.6010401@txk.k12.ar.us> Comments within.. > Since they are listed in pkg-plist they will get removed during make > deinstall automatically. > I don't want to deinstall the whole port; I just don't want the thing to install two copies of everything. I searched my system for .sample files and found a total of 633, of which 477 were put there by your port. That leaves 156 for the other 176 ports installed on my system. Yes, I know, you didn't want to wipe out any customized files. However, a "make --remove-samples" or something to that effect would be nice. > Thanks for the patch. I will have a look at it and integrate it in the > next version if you don't mind. That is the sort of constructive > criticism that really helps everybody. Sincere thanks. > That's actually the first patch I've ever created and I've been playing with Linux/FreeBSD since 1994. Yeah, like you, I've been busy doing other things... ;-) > Up to this point the commen consensus was that a fresh MailScanner > installation needs manual tweaking before you first fire up the system > (due to the complexity, several supported MTAs etc. etc.). Hence the > need for a manual "initial-config". If this consensus changes now I can > of course try to implement this step to be automatic. I would go for the > lack of "MailScanner.conf" file ${LOCALBASE}/etc/ though. > The part of your "pkg-message.in" file that talks about the need to do "make --initial-config" scrolls off the top of my screen during "make install" (and I have a big screen). This is apparently due to the later addition of the "rcwarning.txt" file. Perhaps this causes some folks to miss that step. How about adding a pause after "@${CAT} ${PKGMESSAGE}"? > Did I just not see the irony tags or are you guys possibly exaggerating > just a tiny bit? > Exaggerate? Me? No way! ;-) > > Meaning? Please. Enlighten me. How is Julian going to "show me the > light"? > I'm sure Julian is nicer than I am... ;-) > These kinds of messages really are an interesting way of saying "Thank > you for creating and maintaining a free port for this system". > I never said I didn't appreciate the port. It's the bugs that are the problem. You know what they say, one "'Oh S#$%!" wipes out all your attaboys... ;-) Use the patch as you wish; just don't give me credit for it. I can give criticism, but I can't take it.. ;-P Thanks, Lynn From admin at thenamegame.com Sun Oct 8 18:20:20 2006 From: admin at thenamegame.com (Michael S.) Date: Sun Oct 8 18:14:06 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: Message-ID: <200610081714.k98HE4v9025168@bkserver.blacknight.ie> Obviously you're not running Freebsd because the questions you asked don't pertain to Freebsd and its file structure. But, I've already finished up a FreeBSD installer and uninstaller script that one can run immediately after installing MS from ports. It setups up MS completely. All one has to do is run it. It sets up everything including updating your MS installation if you upgrade MS from ports since there is no complete update process. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Saturday, October 07, 2006 9:09 PM To: MailScanner discussion Subject: Re: Missing /rules files from MailScanner installation fromports On Sat, 7 Oct 2006, Drew Marshall wrote: > On 7 Oct 2006, at 06:03, Michael S. wrote: > >> Finally somebody who has a clue!! > > I think that is a little harsh and along with the tone in your original > e-mail you are about as likely to walk to the moon as to get this fixed. > heh, agreed, and if he's that concerned why not do a tarball install? It also takes 2 mins to write a quick bash file to copy custom files into new MS, ill save him time and give it to him so it takes 2 seconds... #cd /opt/MailScanner-New_Version/etc # and paste all this in one hit mv MailScanner.conf MailScanner.conf.default ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf \ MailScanner.conf.default > MailScanner.conf diff /opt/MailScanner/etc/MailScanner.conf MailScanner.conf cp /opt/MailScanner/etc/filename.rules.conf . cp /opt/MailScanner/etc/filetype.rules.conf . cp /opt/MailScanner/etc/mailscanner-mrtg.conf . cp /opt/MailScanner/etc/spam.assassin.prefs.conf . cp /opt/MailScanner/etc/phishing.safe.sites.conf . cd rules/ cp /opt/MailScanner/etc/rules/bounce.rules . cp /opt/MailScanner/etc/rules/police.rules . cp /opt/MailScanner/etc/rules/reject.msg.rules . cp /opt/MailScanner/etc/rules/contentscan.rules . cp /opt/MailScanner/etc/rules/spam.whitelist.rules . cd ../reports/en cp /opt/MailScanner/etc/reports/en/sender.content.report.txt . cp /opt/MailScanner/etc/reports/en/rejection.report.txt . cp /opt/MailScanner/etc/reports/en/sender.filename.report.txt . # end thats it, all customisations in place,it might be risky copying some of the prefs files, but ive beeing doing it for a while without problem. -- Cheers Res "Just a world that we all must share, it's not enough just to stand and stare, is it only a dream that there'll be no more turning away" - Floyd -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Oct 8 18:18:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 8 18:20:28 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: References: Message-ID: <45293302.8020707@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 289 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061008/65c4da26/PGP.bin From Jan-Peter.Koopmann at seceidos.de Sun Oct 8 18:53:49 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sun Oct 8 18:54:04 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: <45292D91.6010401@txk.k12.ar.us> Message-ID: On Sunday, October 08, 2006 6:56 PM James L. Day wrote: > I don't want to deinstall the whole port; I misunderstood. > I just don't want the thing > to install two copies of everything. I searched my system for > .sample files and found a total of 633, of which 477 were put there > by your port. That leaves 156 for the other 176 ports installed on > my system. > Yes, I know, you didn't want to wipe out any customized files. > However, a "make --remove-samples" or something to that effect would > be nice. It honestly never occured to me. This might be a problem though. If you deinstall the samples and later deinstall the port it will try to deinstall everything in pkg-plist again and will through errors/warnings. The other possibility would be to not install the .samples in the first place but creating a "make --create-samples" just like "initial-config". To be honest: I am not sure how much work this would be and when I have the time for it. > playing with Linux/FreeBSD since 1994. Yeah, like you, I've been > busy doing > other things... ;-) I hopefully did not suggest otherwise. :-) > The part of your "pkg-message.in" file that talks about the need to > do "make --initial-config" scrolls off the top of my screen during > "make install" (and I have a big screen). This is apparently due to > the later addition of the "rcwarning.txt" file. Perhaps this causes > some folks to miss that step. How about adding a pause after > "@${CAT} ${PKGMESSAGE}"? Yepp. Sounds like an idea. And I might get rid of rcwarning.txt now that it has been in there for quite a while. > I'm sure Julian is nicer than I am... ;-) I am not sure if he is nicer than you but he sure is very nice! *g* > I never said I didn't appreciate the port. Well. It came across like this or to be more exact Micheal did/does. > Use the patch as you wish; just don't give me credit for it. I can > give criticism, but I can't take it.. ;-P All the more reason to mention your support. :-) Regards, JP From alex at nkpanama.com Sun Oct 8 20:11:35 2006 From: alex at nkpanama.com (alex) Date: Sun Oct 8 20:14:05 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? In-Reply-To: <45236837.20409@ecs.soton.ac.uk> References: <45236837.20409@ecs.soton.ac.uk> Message-ID: On Wed, 04 Oct 2006 08:52:23 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Duncan, Brian M. wrote: >> Just the capability of being able to add a generic header to all Spam >> detected messages would be a great start: >> >> X-MS-Exchange-Organization-SCL: 6.5 > Read the docs. Check out "Spam Actions" and the "header" action. >> Could it be done by changing Spam Score Header from: X-%org-name%-MailScanner-SpamScore: to: X-MS-Exchange-Organization-SCL: and then adding Spam Score Number Format = %d and SpamScore Number Instead Of Stars = yes ? From wjohns at balita.ph Sun Oct 8 20:24:11 2006 From: wjohns at balita.ph (Wayne) Date: Sun Oct 8 20:40:07 2006 Subject: Header message suddenly appeared In-Reply-To: References: <45292D91.6010401@txk.k12.ar.us> Message-ID: <200610081924.k98JOCHO014923@balita.ph> For no reason (I had not edited the conf file) {Scanned} suddenly has started to appear in the headers. I have checked the two line that control this and this is what is there. Scanned Modify Subject = no Scanned Subject Text = I have done a full restart but still it is appearing at random. I am editing or looking at mailscanner.conf at /etc/mailscanner which I presume is correct. Hopefully this message will contain the {Scanned} tag :-) Wayne -- This message has been scanned for viruses and dangerous content by Balita MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Oct 8 21:02:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 8 21:02:50 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCL Spamscoring? In-Reply-To: References: <45236837.20409@ecs.soton.ac.uk> Message-ID: <4529595F.20606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 alex wrote: > On Wed, 04 Oct 2006 08:52:23 +0100, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Duncan, Brian M. wrote: >> >>> Just the capability of being able to add a generic header to all Spam >>> detected messages would be a great start: >>> >>> X-MS-Exchange-Organization-SCL: 6.5 >>> >> Read the docs. Check out "Spam Actions" and the "header" action. >> > > Could it be done by changing Spam Score Header from: > X-%org-name%-MailScanner-SpamScore: > to: > X-MS-Exchange-Organization-SCL: > and then adding > Spam Score Number Format = %d > and > SpamScore Number Instead Of Stars = yes > > ? > Let me know if this works. And if it doesn't, why it doesn't. Compatibility would be good. Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: UTF-8 wj8DBQFFKVlgEfZZRxQVtlQRAtzxAJ9lb/ElsqvtsPpzwQX8HY/KS7UrbgCeIAzy WzXmGFlraeuw8nNRGc4xWkI= =BaqC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From res at ausics.net Sun Oct 8 23:44:33 2006 From: res at ausics.net (Res) Date: Sun Oct 8 23:44:41 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: References: Message-ID: On Sun, 8 Oct 2006, Koopmann, Jan-Peter wrote: > On Saturday, October 07, 2006 5:16 PM James L. Day wrote: >> I'd be inclined to show him the light. > > Meaning? Please. Enlighten me. How is Julian going to "show me the > light"? > Maybe you can show them the light, and cease to do the port, then they will really have somthing to have there over exagerated dummy spits about wont they :P completely unappreciative jerks, if tehy dont like your way, let them do it there way. In fact most would not even bother to read anything more they said, letalone grace these morons with a reply -- Cheers Res "Just a world that we all must share, it's not enough just to stand and stare, is it only a dream that there'll be no more turning away" - Floyd From glenn.steen at gmail.com Mon Oct 9 00:06:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 00:06:56 2006 Subject: Header message suddenly appeared In-Reply-To: <200610081924.k98JOCHO014923@balita.ph> References: <45292D91.6010401@txk.k12.ar.us> <200610081924.k98JOCHO014923@balita.ph> Message-ID: <223f97700610081606s112a11f0ofa3470363996aa70@mail.gmail.com> On 08/10/06, Wayne wrote: > For no reason (I had not edited the conf file) {Scanned} suddenly has > started to appear in the headers. I have checked the two line that > control this and this is what is there. > > Scanned Modify Subject = no > Scanned Subject Text = > > I have done a full restart but still it is appearing at random. > > I am editing or looking at mailscanner.conf at /etc/mailscanner which > I presume is correct. > > Hopefully this message will contain the {Scanned} tag :-) > > Wayne > Are you sure it is *your* MailScanner adding the tag? Look at the headers... Might have passed through some other MS first:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From wjohns at balita.ph Mon Oct 9 00:21:33 2006 From: wjohns at balita.ph (wjohns@balita.ph) Date: Mon Oct 9 00:21:39 2006 Subject: Header message suddenly appeared Message-ID: <1160349693.3814@balita.ph> Glenn Steen wrote .. I have been test mailing myself with test messages - and they contain {Scanned} however, if I send a second message with the same subject title the tag does not appear. If I send another with subject test - 100 that arrives with {Scanned} in the subject. Seems to be occuring with messages in and out ... I have even sent tests from my mac.com account all of which arrive with {Scanned} in the subject line. Many thanks - Wayne - > > > Are you sure it is *your* MailScanner adding the tag? Look at the > headers... Might have passed through some other MS first:-). > > -- > -- Glenn -- This message has been scanned for viruses and dangerous content by Balita MailScanner, and is believed to be clean. From gmane at tippingmar.com Mon Oct 9 01:23:43 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Oct 9 01:23:50 2006 Subject: OT reassemble df qf pair Message-ID: Every once in a while, in order to troubleshoot a particular delivery problem, it would be nice if I could reassemble a sendmail (qf df) pair into the original message. If someone could tell me how to do that, I would greatly appreciate it. Thanks, Mark From r.berber at computer.org Mon Oct 9 02:11:43 2006 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Mon Oct 9 02:11:51 2006 Subject: OT reassemble df qf pair In-Reply-To: References: Message-ID: Mark Nienberg wrote: > Every once in a while, in order to troubleshoot a particular delivery > problem, it would be nice if I could reassemble a sendmail (qf df) pair > into the original message. If someone could tell me how to do that, I > would greatly appreciate it. In MailScanner's bin directory there is a utility called df2mbox, it may be what you are looking for. -- Ren? Berber From gmane at tippingmar.com Mon Oct 9 03:54:37 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Oct 9 03:54:44 2006 Subject: OT reassemble df qf pair In-Reply-To: References: Message-ID: Ren? Berber wrote: > Mark Nienberg wrote: > >> Every once in a while, in order to troubleshoot a particular delivery >> problem, it would be nice if I could reassemble a sendmail (qf df) pair >> into the original message. If someone could tell me how to do that, I >> would greatly appreciate it. > > In MailScanner's bin directory there is a utility called df2mbox, it may be what you are looking for. I don't think that is quite the ticket. The resulting headers are incomplete, not the same as the original message. Thanks for the suggestion though. Mark From admin at thenamegame.com Mon Oct 9 05:11:08 2006 From: admin at thenamegame.com (Michael S.) Date: Mon Oct 9 05:05:54 2006 Subject: Missing /rules files from MailScanner installation fromports In-Reply-To: Message-ID: <200610090405.k9945p9R005316@bkserver.blacknight.ie> Thanks for all you replies JP. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter Sent: Sunday, October 08, 2006 8:33 AM To: James L. Day; MailScanner discussion Subject: RE: Missing /rules files from MailScanner installation fromports On Saturday, October 07, 2006 5:16 PM James L. Day wrote: > The FreeBSD MailScanner port puts .sample files all over the place, > but I've never seen anything in the port to remove them... Since they are listed in pkg-plist they will get removed during make deinstall automatically. > The attached Makefile patch I whipped up should make the port install > and run with fewer errors... Thanks for the patch. I will have a look at it and integrate it in the next version if you don't mind. That is the sort of constructive criticism that really helps everybody. Sincere thanks. > And yes, after running "make install" you must run "make > initial-config". It would be nice if during a first-time install, > the port would perform "initial-config" automatically. It could be > triggered by the lack of a "/usr/local/etc/MailScanner" directory or > the "MailScanner.conf" file, etc. Up to this point the commen consensus was that a fresh MailScanner installation needs manual tweaking before you first fire up the system (due to the complexity, several supported MTAs etc. etc.). Hence the need for a manual "initial-config". If this consensus changes now I can of course try to implement this step to be automatic. I would go for the lack of "MailScanner.conf" file ${LOCALBASE}/etc/ though. > If I were the creator of a cool application such as MailScanner and a > port maintainer was causing public outcry, Public outcry? Have I been missing something? Up to this message (which was brought to my attention via e-mail) I cannot find any real complaints. And even these complaints do not qualify as "public outcry" at least not in my view of the world. That is very subjective of course. Did I just not see the irony tags or are you guys possibly exaggerating just a tiny bit? > I'd be inclined to show him the light. Meaning? Please. Enlighten me. How is Julian going to "show me the light"? These kinds of messages really are an interesting way of saying "Thank you for creating and maintaining a free port for this system". I developed this port strictly for my self and decided to share it with the FreeBSD community. I do not expect thousands of "Thank you" mails. I honestly do not expect to be "shown the light" either though. Kind regards, JP -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Oct 9 08:11:18 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 08:11:21 2006 Subject: Header message suddenly appeared In-Reply-To: <1160349693.3814@balita.ph> References: <1160349693.3814@balita.ph> Message-ID: <223f97700610090011m95c51d2if74475404f68ea47@mail.gmail.com> On 09/10/06, wjohns@balita.ph wrote: > Glenn Steen wrote .. > > I have been test mailing myself with test messages - and they contain {Scanned} however, if I send a second message with the same subject title the tag does not appear. If I send another with subject test - 100 that arrives with {Scanned} in the subject. Seems to be occuring with messages in and out ... I have even sent tests from my mac.com account all of which arrive with {Scanned} in the subject line. > > Many thanks > > - Wayne - Hm. Are those messages passed through "NewsBalita" too? If so, one might note that _these_ messages aren't tagged. Is it possible that you have more than one server handling this? Looking at the DNS for balita.ph it doesn't look that way, but better to ask one question too many:-). While we're at it, why not add some more info... Like version of MS and method of install (perhaps OS too)... > > > > > Are you sure it is *your* MailScanner adding the tag? Look at the > > headers... Might have passed through some other MS first:-). > > > > -- > > -- Glenn > > -- > This message has been scanned for viruses and > dangerous content by Balita MailScanner, and is > believed to be clean. > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From DawsonA at chesterfield.ac.uk Mon Oct 9 10:06:04 2006 From: DawsonA at chesterfield.ac.uk (Dawson, Alan) Date: Mon Oct 9 10:07:36 2006 Subject: Debian Sarge, MailScanner, Exim, Spamassassin Message-ID: Hi, I'm in the process of setting up a MailScanning gateway using Debian Sarge, MailScanner, Exim, ClamAV and Spamassassin. Exim runs as user Debian-exim and group Debian-exim so I altered the Run As Group and Run as User to those also. Should I alter the SpamAssassin User State Dir = To be /home/Debian-exim/ ( or similar writeable location by Debian-exim )so that SpamAssassin can place its bayesian and auto whitelist stuff etc somewhere ? Thanks -- Alan Dawson From martinh at solidstatelogic.com Mon Oct 9 10:21:07 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Mon Oct 9 10:21:17 2006 Subject: Debian Sarge, MailScanner, Exim, Spamassassin In-Reply-To: References: Message-ID: <452A1483.8080200@solidstatelogic.com> Dawson, Alan wrote: > Hi, I'm in the process of setting up a MailScanning gateway using Debian Sarge, MailScanner, Exim, ClamAV and Spamassassin. > > Exim runs as user Debian-exim and group Debian-exim so I altered the Run As Group and Run as User to those also. > > Should I alter the > > SpamAssassin User State Dir = > To be /home/Debian-exim/ ( or similar writeable location by Debian-exim )so that SpamAssassin can place its bayesian and auto whitelist stuff etc somewhere ? > > Thanks > -- > Alan Dawson > > > > > > > > > > > Alan in a word yes, also make sure you're running eximv4 and not the default V3 (you'll need to find this in the testing repository I think). There's an entire debian-exim maillist that you might to get onto in order to help you get the eximv4 working before you pop anything else into the mix. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Mon Oct 9 11:19:12 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 9 11:21:04 2006 Subject: MS and SA diuffer Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580FC69B85@isabella.herefordshire.gov.uk> Brian Duncan said: > I emailed the original poster about his problem and he said his worked > when he changed his max spamassassin message size from something > Like 60K to 60000. That's a bug which I reported here last week: http://article.gmane.org/gmane.mail.virus.mailscanner/44811/match= Any chance of a fix, Jules? I'd guess that there's more than just two of us who have been bitten by this. Cheers, Phil From prandal at herefordshire.gov.uk Mon Oct 9 11:22:49 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 9 11:30:13 2006 Subject: version of MS that has "max spamassassin size"? Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580FC69B89@isabella.herefordshire.gov.uk> There's a parsing bug in the latest version. Use Max Spamassassin Size = 40000 in preference to MaxSpamassassin Size = 40k The latter truncates rather drastically. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Daniel Maher > Sent: 06 October 2006 21:35 > To: MailScanner discussion > Subject: version of MS that has "max spamassassin size"? > > Hello all, > > A simple question: > > What version of MailScanner introduced the following > configuration option? > > "Max Spamassassin Size" > > Thank you. :) > > > -- > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > Sentio aliquos togatos contra me conspirare. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Mon Oct 9 12:17:28 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Oct 9 12:17:32 2006 Subject: DoS lack of logs Message-ID: <625385e30610090417t65abb526i7635764bc8d50c84@mail.gmail.com> I have been hit with some archive that uses all the resources and slows mail thruput to the point that the incoming queue only grows and grows. When the virus scanner times out that is logged and MailScanner records a denial of service attempt but only the MS process in shown in the syslogs. I would like the message id's of that batch in the logs, or better yet the offending message id if it's possible. It's now hard to find the message that causes this or do you guys have a good way of finding it? -- /peter From mailscanner at mango.zw Mon Oct 9 13:18:20 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Oct 9 13:15:17 2006 Subject: DoS lack of logs In-Reply-To: <625385e30610090417t65abb526i7635764bc8d50c84@mail.gmail.com> Message-ID: On Mon, 9 Oct 2006, shuttlebox wrote: > Date: Mon, 9 Oct 2006 13:17:28 +0200 > From: shuttlebox > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: DoS lack of logs > > I have been hit with some archive that uses all the resources and > slows mail thruput to the point that the incoming queue only grows and > grows. > > When the virus scanner times out that is logged and MailScanner > records a denial of service attempt but only the MS process in shown > in the syslogs. I would like the message id's of that batch in the > logs, or better yet the offending message id if it's possible. > > It's now hard to find the message that causes this or do you guys have > a good way of finding it? I am pretty sure that this is only a problem on older versions of MailScanner and that if you update to the current version the problem will disappear. Not only does the current version minimise the chances of a denial of service problem occurring, but if it does occur it will also report more helpfully: Virus Scanning: Denial Of Service attack is in message k7GDK0Nb020871 so that you know where the problem is. The problem message will then be quarantined so that it can be dealt with manually if required and the rest of the system will carry on without interference. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From shuttlebox at gmail.com Mon Oct 9 13:22:27 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Oct 9 13:22:34 2006 Subject: DoS lack of logs In-Reply-To: References: <625385e30610090417t65abb526i7635764bc8d50c84@mail.gmail.com> Message-ID: <625385e30610090522y1fb63c4an8d5f1f45a67aa978@mail.gmail.com> On 10/9/06, Jim Holland wrote: > I am pretty sure that this is only a problem on older versions of > MailScanner and that if you update to the current version the problem will > disappear. Not only does the current version minimise the chances of a > denial of service problem occurring, but if it does occur it will also > report more helpfully: > > Virus Scanning: Denial Of Service attack is in message k7GDK0Nb020871 > > so that you know where the problem is. The problem message will then be > quarantined so that it can be dealt with manually if required and the rest > of the system will carry on without interference. That's exactly what I'm looking for. I'm still running 4.50 on those systems, I will upgrade them ASAP then. Thanks! -- /peter From mailscanner at mango.zw Mon Oct 9 14:21:15 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Oct 9 14:18:10 2006 Subject: OT reassemble df qf pair In-Reply-To: Message-ID: On Sun, 8 Oct 2006, Mark Nienberg wrote: > Date: Sun, 08 Oct 2006 19:54:37 -0700 > From: Mark Nienberg > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Re: OT reassemble df qf pair > > Ren? Berber wrote: > > Mark Nienberg wrote: > > > >> Every once in a while, in order to troubleshoot a particular delivery > >> problem, it would be nice if I could reassemble a sendmail (qf df) pair > >> into the original message. If someone could tell me how to do that, I > >> would greatly appreciate it. > > > > In MailScanner's bin directory there is a utility called df2mbox, it may be what you are looking for. > > I don't think that is quite the ticket. The resulting headers are > incomplete, not the same as the original message. > Thanks for the suggestion though. I append a quick mod to Julian's script that seems to do what you want but for a single queue file pair. It recreates the original headers correctly as far as I can see. The major change is the addition of a match for header lines that start with a space as well as those that start with a tab. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service #!/bin/bash # q2msg # Converts sendmail df and qf queue file pair to RFC 822 msg format # Run this as: # q2msg [[dfile] | [qfile]] # Output is $qid.msg infile=$1 qid=`echo $infile | sed 's/^[qd]f//'` outfile=$qid.msg from=`grep '^S' qf$qid | sed 's/^S//' | tr -d '<>'` ( echo "From $from `date -R`" # Note that the long gap in the next line is a tab character! egrep '(^H\?[^\?]*\?)|(^ )|(^ )' qf$qid | sed 's/^H?[^?]*?//' \ | grep -v "Return-Path: <.g>" egrep '^R[A-Z]*:' qf$qid | sed 's/^R[A-Z]*:/X-MailScanner-Recipient: /' \ | tr -d '<>' echo cat df$qid echo ) > $outfile From MailScanner at ecs.soton.ac.uk Mon Oct 9 14:32:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Oct 9 14:32:32 2006 Subject: OT reassemble df qf pair In-Reply-To: References: Message-ID: <452A4F57.1010005@ecs.soton.ac.uk> Script attached, just wrote it for you. Usage: RawSendmailToCompleteMessage qf-name df-name Or: RawSendmailToCompleteMessage df-name qf-name Or: RawSendmailToCompleteMessage message-queue-id So basically just chuck it any bits of filenames you have to hand, it will work out what you meant. It outputs the RFC-822 message on standard output, which you will probably want to redirect to a file. Example: RawSendmailToCompleteMessage g4DDWlR20454 > message.txt which will process qfg4DDWIR20454 and dfg4DDWIR20454 and put the formatted message into "message.txt". or RawSendmailToCompleteMessage *00368 | less which will process the message whose filenames end in 00368 and show you the result with "less". So hopefully it is as easy to drive as possible. Script should be attached to this message, gzipped (because that stops anything trying to put a signature on the end of the script by mistake. These damn email systems.... :-) It has taken me an hour to get right for you, so a reasonable contribution from my Amazon wish list would be much appreciated! (Or just cash in Paypal would be fine too :-) Regards, Jules. Mark Nienberg wrote: > Ren? Berber wrote: >> Mark Nienberg wrote: >> >>> Every once in a while, in order to troubleshoot a particular delivery >>> problem, it would be nice if I could reassemble a sendmail (qf df) pair >>> into the original message. If someone could tell me how to do that, I >>> would greatly appreciate it. >> >> In MailScanner's bin directory there is a utility called df2mbox, it >> may be what you are looking for. > > I don't think that is quite the ticket. The resulting headers are > incomplete, not the same as the original message. > Thanks for the suggestion though. > Mark > Jules -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- A non-text attachment was scrubbed... Name: RawSendmailToCompleteMessage.gz Type: application/x-gzip Size: 543 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061009/f68853bb/RawSendmailToCompleteMessage.gz From MailScanner at ecs.soton.ac.uk Mon Oct 9 14:55:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Oct 9 14:56:00 2006 Subject: MS and SA diuffer In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580FC69B85@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580FC69B85@isabella.herefordshire.gov.uk> Message-ID: <452A54D6.5090405@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > Brian Duncan said: > > >> I emailed the original poster about his problem and he said his worked >> when he changed his max spamassassin message size from something >> Like 60K to 60000. >> > > That's a bug which I reported here last week: > > http://article.gmane.org/gmane.mail.virus.mailscanner/44811/match= > > Any chance of a fix, Jules? > Done. Will be in the next release. > I'd guess that there's more than just two of us who have been bitten by > this. > > Cheers, > > Phil > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFKlTXEfZZRxQVtlQRApzFAKCreX/lgZ9G93syzRh+iGb8B4cFtQCfVNUx E36zH6/FTCc1vwaPJTeRdn8= =74pR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Oct 9 15:09:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Oct 9 15:09:41 2006 Subject: version of MS that has "max spamassassin size"? In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580FC69B89@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580FC69B89@isabella.herefordshire.gov.uk> Message-ID: <452A5808.3040900@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just done a fresh release with this problem fixed. Sorry :-( Wasn't having a good time then, was I? Randal, Phil wrote: > There's a parsing bug in the latest version. > > Use > > Max Spamassassin Size = 40000 > > in preference to > > MaxSpamassassin Size = 40k > > The latter truncates rather drastically. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Daniel Maher >> Sent: 06 October 2006 21:35 >> To: MailScanner discussion >> Subject: version of MS that has "max spamassassin size"? >> >> Hello all, >> >> A simple question: >> >> What version of MailScanner introduced the following >> configuration option? >> >> "Max Spamassassin Size" >> >> Thank you. :) >> >> >> -- >> _ >> ?v? Daniel Maher >> /(_)\ Administrateur Syst?me Unix >> ^ ^ Unix System Administrator >> >> Sentio aliquos togatos contra me conspirare. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFKlgIEfZZRxQVtlQRAmrKAJ48KwAPcY37EpAVP+EU0sOSbS1GagCcCEFd N2gh9ML8loSzgBHB4X095Rs= =7hym -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From bpumphrey at woodmclaw.com Mon Oct 9 15:39:24 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Oct 9 15:39:40 2006 Subject: OT: Reverse Lookup Records for Mail Server In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F1E@woodenex.woodmaclaw.local> In the WIKI http://wiki.mailscanner.info/doku.php?id=best_practices&s=trusted The below is written. I have known this to be a good practice for sometime, but DNS gets a little confusing for me sometimes. I apologize for all of the OT that I do, but just searching the internet does not give suggestions. Have a reverse lookup that matches your HELO/EHLO. Many of these policies stem from the fact that spammers will forge addresses. When you send mail to a system that doesn't know you, you've become a potential spammer. You must show that you can be trusted before you will be trusted, and one way of doing that is to have a reverse lookup that matches what your system says it is. Unfortunately, this may be a problem in virtual hosting situations. At the very least make sure that your MX is listed in DNS as the name that will respond to the HELO. See RFC 2821 for more information on the SMTP command HELO. If the MailScanner machine is on the internal network, as in not in a DMZ, and host name ends not in the domain name, how does one set it up? Host names ends in host.domain.local. Does the host name just need to be changed to host.domaain.com? That would seemingly cause problems communicating with the internal machines, or would it? So if the host name is mailscanner.domain.com, Then the reverse dns should be mailscanner.domain.com right? Sounds right to me. What happens when the reverse DNS is mailscanner.domain.com but the actual host name is mailscanner.domain.local? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From derek at adcatanzaro.com Mon Oct 9 15:42:30 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Mon Oct 9 15:43:19 2006 Subject: Mail Backing up while SpamAssassin is in Use Message-ID: <452A5FD6.80604@adcatanzaro.com> ***I posted this thread in the spamassassin mailing list and was advised by another MailScanner user to post here for tuning tips with MS/SA*** I have been having issues with mail backing up on and off over the past week. I am using MailScanner with SpamAssassin. This morning for example, I had roughly 500 messages waiting in /var/spool/mqueue.in and that number had increased to about 2200 in less than an hour. I then tell MailScanner to stop using SpamAssassin to try and identify if the problem is with SpamAssassin or not and now I'm back down to less than 50 messages waiting in the queue in less than a matter of 10 -15 minutes. So obviously this tells me something is going on with SpamAssassin. I ran "spamassassin --lint -D" and I did not notice any problems with the output other than a dcc timeout. Then again, spamassassin has always worked well for me so I may be missing something in the output because I have really never had to troubleshoot this kind of issue with spamassassin. The recent changes I have made to try and combat the problem is to disable bayes and I turned off the auto expire for the bayes tokens just to make sure that wasn't slowing things down. I am running a local caching name server so I do not believe this to be a DNS timing issue. I can provide my spamassassin --lint -D output if anyone is interested. Fedora Core 1 SpamAssassin 3.1.0 MailScanner 4.49.7 sendmail 8.13.5 Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Oct 9 16:06:28 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 16:06:33 2006 Subject: OT: Reverse Lookup Records for Mail Server In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F1E@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501C13F1E@woodenex.woodmaclaw.local> Message-ID: <223f97700610090806y724ec79aq12cf532050dc0dd0@mail.gmail.com> On 09/10/06, Billy A. Pumphrey wrote: > In the WIKI > http://wiki.mailscanner.info/doku.php?id=best_practices&s=trusted > > The below is written. I have known this to be a good practice for > sometime, but DNS gets a little confusing for me sometimes. I apologize > for all of the OT that I do, but just searching the internet does not > give suggestions. > > Have a reverse lookup that matches your HELO/EHLO. > Many of these policies stem from the fact that spammers will forge > addresses. When you send mail to a system that doesn't know you, you've > become a potential spammer. You must show that you can be trusted before > you will be trusted, and one way of doing that is to have a reverse > lookup that matches what your system says it is. Unfortunately, this may > be a problem in virtual hosting situations. At the very least make sure > that your MX is listed in DNS as the name that will respond to the HELO. > See RFC 2821 for more information on the SMTP command HELO. What this means is that if your host says it is host.example.net, looking up the IP address you are connecting as should lead to that name (and if that's not possible, for some unknowable reason... The MX pointed to for example.net should be the hostnme you helo as...). > If the MailScanner machine is on the internal network, as in not in a > DMZ, and host name ends not in the domain name, how does one set it up? > Host names ends in host.domain.local. Thing is that .local isn't a top level domain that you should "spread" to the internet. If one were to try reach your host from the internet, one would look up the MX for your domain, and go to that address... What that host "thinks" it is named is pretty irrelevant, as long as it answers in accordance to the _public_ DNS settings. So in your case, you have a _private_ DNS setup that is geared toward a (broken IMO) AD setup (the gospel according to M$... Sigh), and a _public_ DNS entry for your MX gateway. This type of "split view" is rather common. One might opt for not confusing oneself by not having two separate naming spaces, but rather the same names, but different views instead (much better:-). > Does the host name just need to be changed to host.domaain.com? That > would seemingly cause problems communicating with the internal machines, > or would it? Not really, no. It all depends on how you do things:-). As long as you can find your way to MS-exchange.example.local (and the other way around) and you have setup trusts etc, you should be fine. > So if the host name is mailscanner.domain.com, Then the reverse dns > should be mailscanner.domain.com right? Sounds right to me. > > What happens when the reverse DNS is mailscanner.domain.com but the > actual host name is mailscanner.domain.local? As long as you set it up to accept for the domains involved, I see no real problem. Handling a true split view DNS setup is rather more easy than the .local idiocy... At least to my eyes:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at woodmclaw.com Mon Oct 9 16:09:24 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Oct 9 16:09:37 2006 Subject: OT: Scanning outgoing mail In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F1F@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Logan Shaw > Sent: Friday, October 06, 2006 7:02 PM > To: MailScanner discussion > Subject: RE: OT: Scanning outgoing mail > > On Fri, 6 Oct 2006, Billy A. Pumphrey wrote: > > You guys are so awesome! I have it set up now. I had to go ahead and > > edit the access file and add the exchange server as a relay. > > > > Also I had no connector there so I had to add a new one. > > One thing I don't think anyone else has mentioned is that you > probably want to look at your set of trusted hosts/networks > (the "trusted_networks" setting for SpamAssassin) and think > about whether your Exchange server is in that set and whether > you want it to be in the set. It might already be trusted > if it's on the same subnet with trusted clients. Or not, > depending on how you have it set up. > > How it should be set up is probably a judgement call, > but it'd probably be worthwhile to be intentional about > whatever you choose. Including the Exchange server in the > trusted_networks set will mean it won't be checked against RBLs > and stuff like that. And I believe messages coming from it and > going through your MailScanner machine will also get an extra > negative score for ALL_TRUSTED. (Though whether any outside > parties care about how you score messages as they leave your > server is another question.) > > - Logan > -- Looks like it might be trusted already. I know I remember looking into this before, but I cannot find the config that the settings go into. I checked the spam.assassin.prefs.conf but not in there. Where is this setting at again? SpamAssassin Score: -2.62 Spam Report: Score Matching Rule Description cached not score=-2.625 5 required spam autolearn=not -1.80 ALL_TRUSTED Passed through trusted hosts only via SMTP -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.00 HTML_MESSAGE HTML included in message 1.27 INFO_TLD Contains an URL in the INFO top-level domain 0.50 TJ_EMPTY_SUBJECT Empty subject. Could be a MyDoom bounce. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Oct 9 16:11:16 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 16:11:19 2006 Subject: version of MS that has "max spamassassin size"? In-Reply-To: <452A5808.3040900@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580FC69B89@isabella.herefordshire.gov.uk> <452A5808.3040900@ecs.soton.ac.uk> Message-ID: <223f97700610090811m3d115e3ay2d7a71c20dba64af@mail.gmail.com> On 09/10/06, Julian Field wrote: (snip) > Wasn't having a good time then, was I? ... or perhaps you were.... Will implement first thing tomorrow. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Richard.Frovarp at sendit.nodak.edu Mon Oct 9 16:41:13 2006 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Oct 9 16:41:17 2006 Subject: Mail Backing up while SpamAssassin is in Use In-Reply-To: <452A5FD6.80604@adcatanzaro.com> References: <452A5FD6.80604@adcatanzaro.com> Message-ID: <452A6D99.5030005@sendit.nodak.edu> Derek Catanzaro wrote: > ***I posted this thread in the spamassassin mailing list and was > advised by another MailScanner user to post here for tuning tips with > MS/SA*** > > I have been having issues with mail backing up on and off over the > past week. I am using MailScanner with SpamAssassin. This morning > for example, I had roughly 500 messages waiting in > /var/spool/mqueue.in and that number had increased to about 2200 in > less than an hour. I then tell MailScanner to stop using SpamAssassin > to try and identify if the problem is with SpamAssassin or not and now > I'm back down to less than 50 messages waiting in the queue in less > than a matter of 10 -15 minutes. So obviously this tells me something > is going on with SpamAssassin. > > I ran "spamassassin --lint -D" and I did not notice any problems with > the output other than a dcc timeout. Then again, spamassassin has > always worked well for me so I may be missing something in the output > because I have really never had to troubleshoot this kind of issue > with spamassassin. The recent changes I have made to try and combat > the problem is to disable bayes and I turned off the auto expire for > the bayes tokens just to make sure that wasn't slowing things down. > > I am running a local caching name server so I do not believe this to > be a DNS timing issue. I can provide my spamassassin --lint -D output > if anyone is interested. > > Fedora Core 1 > SpamAssassin 3.1.0 > MailScanner 4.49.7 > sendmail 8.13.5 > > Thanks, > Derek > How long is the dcc timeout? 10 seconds? 500 messages times 10 seconds is about 83 minutes of extra processing time, since that timeout would count for each check. It would seem that you have found your problem. Richard From derek at adcatanzaro.com Mon Oct 9 17:21:15 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Mon Oct 9 17:21:34 2006 Subject: OT - Re: Mail Backing up while SpamAssassin is in Use In-Reply-To: <452A6D99.5030005@sendit.nodak.edu> References: <452A5FD6.80604@adcatanzaro.com> <452A6D99.5030005@sendit.nodak.edu> Message-ID: <452A76FB.200@adcatanzaro.com> Richard Frovarp wrote: > Derek Catanzaro wrote: >> ***I posted this thread in the spamassassin mailing list and was >> advised by another MailScanner user to post here for tuning tips with >> MS/SA*** >> >> I have been having issues with mail backing up on and off over the >> past week. I am using MailScanner with SpamAssassin. This morning >> for example, I had roughly 500 messages waiting in >> /var/spool/mqueue.in and that number had increased to about 2200 in >> less than an hour. I then tell MailScanner to stop using >> SpamAssassin to try and identify if the problem is with SpamAssassin >> or not and now I'm back down to less than 50 messages waiting in the >> queue in less than a matter of 10 -15 minutes. So obviously this >> tells me something is going on with SpamAssassin. >> >> I ran "spamassassin --lint -D" and I did not notice any problems with >> the output other than a dcc timeout. Then again, spamassassin has >> always worked well for me so I may be missing something in the output >> because I have really never had to troubleshoot this kind of issue >> with spamassassin. The recent changes I have made to try and combat >> the problem is to disable bayes and I turned off the auto expire for >> the bayes tokens just to make sure that wasn't slowing things down. >> >> I am running a local caching name server so I do not believe this to >> be a DNS timing issue. I can provide my spamassassin --lint -D >> output if anyone is interested. >> >> Fedora Core 1 >> SpamAssassin 3.1.0 >> MailScanner 4.49.7 >> sendmail 8.13.5 >> >> Thanks, >> Derek >> > How long is the dcc timeout? 10 seconds? 500 messages times 10 seconds > is about 83 minutes of extra processing time, since that timeout would > count for each check. It would seem that you have found your problem. > > Richard Where is the dcc timeout set? According to my "spamassassin --lint -D" results it is timing out after 5 seconds, so I'm assuming that is the timeout setting. dcc: check timed out after 5 seconds I have 2 MailScanner servers with the same setup, and one is able to use dcc and the other is timing out. I'm not sure why one would be timing out and the other not? They are on the same network both using local caching name server and both using the same DNS servers if it is not cached. Is there a .conf I can check to find out what IP or dns name dcc tries to connect to? Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wjohns at balita.ph Mon Oct 9 18:02:06 2006 From: wjohns at balita.ph (Wayne) Date: Mon Oct 9 18:02:11 2006 Subject: Header message suddenly appeared In-Reply-To: <223f97700610090011m95c51d2if74475404f68ea47@mail.gmail.com > References: <1160349693.3814@balita.ph> <223f97700610090011m95c51d2if74475404f68ea47@mail.gmail.com> Message-ID: <200610091702.k99H27Wj023598@balita.ph> At 08:11 09/10/2006, you wrote: Glenn We only have one sendmail install on the server (it is Balita's own server not shared). Our MS version is MailScanner-4.55.10-3 installed from a tar file using ./install.sh OS is Red Hat Enterprise Server 3. I have noted from the daily LogWatch the following error: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. : 18 Time(s) Enabling SpamAssassin auto-whitelist functionality... : 12 Time(s) >>> Unrecognised keyword "spamassassinprefsfile" at line 2205 : 9 Time(s) It is to be noted the error on line >>> says spamassassinprefsfile line 2205 is as follows: Line 2205 is # unsupported - code may be completely untested, a contributed dirty hack, # anything, really. # alpha - code is pretty well untested. Don't assume it will work. # beta - code is tested a bit. It should work. # supported - code *should* be reliable. # # Don't even *think* about setting this to anything other than "beta" or # "supported" on a system that receives real mail until you have tested it # yourself and are happy that it is all working as you expect it to. # Don't set it to anything other than "supported" on a system that could # ever receive important mail. # # READ and UNDERSTAND the above text BEFORE changing this. # Minimum Code Status = supported Envelope From Header = X-MailScanner-From: Envelope To Header = X-MailScanner-To: Line 2223 is reads ... SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf I have listed line 2205 to 2223 as 2223 is the only one I can see that relate to the error in my LogWatch. Whether the two problems are related I do not know. Hopefully someone can help with both. Regards Wayne >Hm. Are those messages passed through "NewsBalita" too? If so, one >might note that _these_ messages aren't tagged. >Is it possible that you have more than one server handling this? >Looking at the DNS for balita.ph it doesn't look that way, but better >to ask one question too many:-). >While we're at it, why not add some more info... Like version of MS >and method of install (perhaps OS too)... -- This message has been scanned for viruses and dangerous content by Balita MailScanner, and is believed to be clean. From derek at adcatanzaro.com Mon Oct 9 18:20:08 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Mon Oct 9 18:20:33 2006 Subject: OT - Mail Backing up while SpamAssassin is in Use In-Reply-To: <452A76FB.200@adcatanzaro.com> References: <452A5FD6.80604@adcatanzaro.com> <452A6D99.5030005@sendit.nodak.edu> <452A76FB.200@adcatanzaro.com> Message-ID: <452A84C8.6030902@adcatanzaro.com> Derek Catanzaro wrote: > Richard Frovarp wrote: >> Derek Catanzaro wrote: >>> ***I posted this thread in the spamassassin mailing list and was >>> advised by another MailScanner user to post here for tuning tips >>> with MS/SA*** >>> >>> I have been having issues with mail backing up on and off over the >>> past week. I am using MailScanner with SpamAssassin. This morning >>> for example, I had roughly 500 messages waiting in >>> /var/spool/mqueue.in and that number had increased to about 2200 in >>> less than an hour. I then tell MailScanner to stop using >>> SpamAssassin to try and identify if the problem is with SpamAssassin >>> or not and now I'm back down to less than 50 messages waiting in the >>> queue in less than a matter of 10 -15 minutes. So obviously this >>> tells me something is going on with SpamAssassin. >>> >>> I ran "spamassassin --lint -D" and I did not notice any problems >>> with the output other than a dcc timeout. Then again, spamassassin >>> has always worked well for me so I may be missing something in the >>> output because I have really never had to troubleshoot this kind of >>> issue with spamassassin. The recent changes I have made to try and >>> combat the problem is to disable bayes and I turned off the auto >>> expire for the bayes tokens just to make sure that wasn't slowing >>> things down. >>> >>> I am running a local caching name server so I do not believe this to >>> be a DNS timing issue. I can provide my spamassassin --lint -D >>> output if anyone is interested. >>> >>> Fedora Core 1 >>> SpamAssassin 3.1.0 >>> MailScanner 4.49.7 >>> sendmail 8.13.5 >>> >>> Thanks, >>> Derek >>> >> How long is the dcc timeout? 10 seconds? 500 messages times 10 >> seconds is about 83 minutes of extra processing time, since that >> timeout would count for each check. It would seem that you have found >> your problem. >> >> Richard > Where is the dcc timeout set? According to my "spamassassin --lint > -D" results it is timing out after 5 seconds, so I'm assuming that is > the timeout setting. > dcc: check timed out after 5 seconds > > I have 2 MailScanner servers with the same setup, and one is able to > use dcc and the other is timing out. I'm not sure why one would be > timing out and the other not? They are on the same network both using > local caching name server and both using the same DNS servers if it is > not cached. Is there a .conf I can check to find out what IP or dns > name dcc tries to connect to? > Derek > Well, I decided to disable the dcc checks in /etc/mail/spamassassin/mailscanner.cf and that seems to have fixed my mail backup for now. I was reading in the dcc faq's that if you are processing over 100,000 messages per day that you may run into timeout issues. I really don't think I am processing that many messages, possibly around 80,000. I do not have anything like mailscanner-MRTG or mailwatch running so I'm not certain on the exact number of messages processed per day. Is there any way for me to find out how many messages have been processed by MailScanner without implementing mailscanner-MRTG or mailwatch? Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmane at tippingmar.com Mon Oct 9 18:19:10 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Oct 9 18:23:42 2006 Subject: OT reassemble df qf pair In-Reply-To: <452A4F57.1010005@ecs.soton.ac.uk> References: <452A4F57.1010005@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Script attached, just wrote it for you. > > Usage: RawSendmailToCompleteMessage qf-name df-name > Or: RawSendmailToCompleteMessage df-name qf-name > Or: RawSendmailToCompleteMessage message-queue-id > > So basically just chuck it any bits of filenames you have to hand, it > will work out what you meant. > > It outputs the RFC-822 message on standard output, which you will > probably want to redirect to a file. > Example: > > RawSendmailToCompleteMessage g4DDWlR20454 > message.txt > which will process qfg4DDWIR20454 and dfg4DDWIR20454 and put the > formatted message into "message.txt". > > or > > RawSendmailToCompleteMessage *00368 | less > which will process the message whose filenames end in 00368 and show you > the result with "less". > > So hopefully it is as easy to drive as possible. > > > Script should be attached to this message, gzipped (because that stops > anything trying to put a signature on the end of the script by mistake. > These damn email systems.... :-) > > > It has taken me an hour to get right for you, so a reasonable > contribution from my Amazon wish list would be much appreciated! (Or > just cash in Paypal would be fine too :-) > > Regards, > Jules. It works beautifully. Thanks very much. Mark From rgreen at trayerproducts.com Mon Oct 9 18:54:34 2006 From: rgreen at trayerproducts.com (Green, Rodney) Date: Mon Oct 9 18:55:45 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org Message-ID: <452A8CDA.8030005@trayerproducts.com> http://blogs.securiteam.com/index.php/archives/662 I haven't seen this mentioned here on the MS list. If this were to happen, how much of an effect do you think it will have on us anti-spam people using MS/SpamAssassin? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmane at tippingmar.com Mon Oct 9 18:51:43 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Oct 9 18:56:59 2006 Subject: OT - Mail Backing up while SpamAssassin is in Use In-Reply-To: <452A84C8.6030902@adcatanzaro.com> References: <452A5FD6.80604@adcatanzaro.com> <452A6D99.5030005@sendit.nodak.edu> <452A76FB.200@adcatanzaro.com> <452A84C8.6030902@adcatanzaro.com> Message-ID: Derek Catanzaro wrote: > processed per day. Is there any way for me to find out how many > messages have been processed by MailScanner without implementing > mailscanner-MRTG or mailwatch? [root@tesla etc]# logwatch --service mailscanner --range yesterday --print ################### Logwatch 7.3.1 (09/15/06) #################### Processing Initiated: Mon Oct 9 10:48:32 2006 Date Range Processed: yesterday ( 2006-Oct-08 ) Period is day. Detail Level of Output: 10 Type of Output: unformatted Logfiles for Host: tesla.tippingmar.com ################################################################## --------------------- MailScanner Begin ------------------------ MailScanner Status: 328 messages Scanned by MailScanner 8.1 Total MB 265 Spam messages detected by MailScanner 229 Spam messages with action(s) delete 36 Spam messages with action(s) deliver 1 hits from MailScanner SpamAssassin cache 6 Content Problems found by MailScanner 91 Messages delivered by MailScanner I can't recall which version of logwatch came with Fedora Core 1, but you'll want to upgrade to the latest version available at logwatch.org. From michele at blacknight.ie Mon Oct 9 19:01:57 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Mon Oct 9 19:02:10 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org In-Reply-To: <452A8CDA.8030005@trayerproducts.com> References: <452A8CDA.8030005@trayerproducts.com> Message-ID: <452A8E95.2070008@blacknight.ie> Green, Rodney wrote: > http://blogs.securiteam.com/index.php/archives/662 > > I haven't seen this mentioned here on the MS list. If this were to > happen, how much of an effect do you think it will have on us anti-spam > people using MS/SpamAssassin? The logical move would be to set it up using a non-ICANN controlled TLD.... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From gmane at tippingmar.com Mon Oct 9 19:00:16 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Oct 9 19:05:12 2006 Subject: OT reassemble df qf pair In-Reply-To: <452A4F57.1010005@ecs.soton.ac.uk> References: <452A4F57.1010005@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > It has taken me an hour to get right for you, so a reasonable > contribution from my Amazon wish list would be much appreciated! (Or > just cash in Paypal would be fine too :-) Ordered a MailScanner book this morning! Thanks again, Mark From bpumphrey at woodmclaw.com Mon Oct 9 19:35:06 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Oct 9 19:35:22 2006 Subject: OT: Reverse Lookup Records for Mail Server In-Reply-To: <223f97700610090806y724ec79aq12cf532050dc0dd0@mail.gmail.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F22@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: Monday, October 09, 2006 11:06 AM > To: MailScanner discussion > Subject: Re: OT: Reverse Lookup Records for Mail Server > > On 09/10/06, Billy A. Pumphrey wrote: > > In the WIKI > > http://wiki.mailscanner.info/doku.php?id=best_practices&s=trusted > > > > The below is written. I have known this to be a good practice for > > sometime, but DNS gets a little confusing for me sometimes. I apologize > > for all of the OT that I do, but just searching the internet does not > > give suggestions. > > > > Have a reverse lookup that matches your HELO/EHLO. > > Many of these policies stem from the fact that spammers will forge > > addresses. When you send mail to a system that doesn't know you, you've > > become a potential spammer. You must show that you can be trusted before > > you will be trusted, and one way of doing that is to have a reverse > > lookup that matches what your system says it is. Unfortunately, this may > > be a problem in virtual hosting situations. At the very least make sure > > that your MX is listed in DNS as the name that will respond to the HELO. > > See RFC 2821 for more information on the SMTP command HELO. > > What this means is that if your host says it is host.example.net, > looking up the IP address you are connecting as should lead to that > name (and if that's not possible, for some unknowable reason... The MX > pointed to for example.net should be the hostnme you helo as...). > > > If the MailScanner machine is on the internal network, as in not in a > > DMZ, and host name ends not in the domain name, how does one set it up? > > Host names ends in host.domain.local. > > Thing is that .local isn't a top level domain that you should > "spread" to the internet. If one were to try reach your host from the > internet, one would look up the MX for your domain, and go to that > address... What that host "thinks" it is named is pretty irrelevant, > as long as it answers in accordance to the _public_ DNS settings. So > in your case, you have a _private_ DNS setup that is geared toward a > (broken IMO) AD setup (the gospel according to M$... Sigh), and a > _public_ DNS entry for your MX gateway. This type of "split view" is > rather common. One might opt for not confusing oneself by not having > two separate naming spaces, but rather the same names, but different > views instead (much better:-). > > > Does the host name just need to be changed to host.domaain.com? That > > would seemingly cause problems communicating with the internal machines, > > or would it? > > Not really, no. It all depends on how you do things:-). As long as you > can find your way to MS-exchange.example.local (and the other way > around) and you have setup trusts etc, you should be fine. > > > So if the host name is mailscanner.domain.com, Then the reverse dns > > should be mailscanner.domain.com right? Sounds right to me. > > > > What happens when the reverse DNS is mailscanner.domain.com but the > > actual host name is mailscanner.domain.local? > > As long as you set it up to accept for the domains involved, I see no > real problem. Handling a true split view DNS setup is rather more easy > than the .local idiocy... At least to my eyes:-). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Ok, thank you for the answer. One more thing and it will be clear to me I believe. Is it best practice then to have all internal host that is behind the firewall to be something like: XPclient1.domain.com XPclient2.domain.com Etc. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikea at mikea.ath.cx Mon Oct 9 20:06:02 2006 From: mikea at mikea.ath.cx (mikea) Date: Mon Oct 9 20:06:10 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org In-Reply-To: <452A8E95.2070008@blacknight.ie>; from michele@blacknight.ie on Mon, Oct 09, 2006 at 07:01:57PM +0100 References: <452A8CDA.8030005@trayerproducts.com> <452A8E95.2070008@blacknight.ie> Message-ID: <20061009140602.A98427@mikea.ath.cx> On Mon, Oct 09, 2006 at 07:01:57PM +0100, Michele Neylon :: Blacknight.ie wrote: > Green, Rodney wrote: > > http://blogs.securiteam.com/index.php/archives/662 > > > > I haven't seen this mentioned here on the MS list. If this were to > > happen, how much of an effect do you think it will have on us anti-spam > > people using MS/SpamAssassin? > > The logical move would be to set it up using a non-ICANN controlled TLD.... And make sure that all parts of the apparatus supporting it (e.g., DNS, registrars for the TLD and for the IP space) are non-US. Better still, in the long run, is for Spamhaus to appear in the federal court[1], to defend itself vigorously, for various major ISPs to submit _amicus curiae_ briefs outlining: o their experiences with Atriks/e360 spam; o the measures they've had to take; o how Spamhaus has helped; o and what would happen if Spamhaus were to be shut down. At the moment the judge's order states (IIRC) only that ICANN is to place a suspension or client hold on www.spamhaus.org: : 3. Until such time as defendant demonstrates : to this Court why should not be held in contempt for : its failure to comply with the order for permanent : injunction, a suspension, or client hold, shall be : placed on defendants website, which can be found at : www.Spamhaus.org. : 4. The suspension, or client hold, of : www.Spamhaus.org shall commence immediately. The Internet : Corporation for Assigned Names and Numbers (ICANN), which : was created through a Memorandum of Understanding between : the U.S. Department of Commerce and ICANN to transition : management of the Domain Name System (DNS) from the : U.S. government to the global community, and/or Tucows, : Inc., ICANN's accredited registrar for www.spamhaus.org, : is hereby ordered to suspend or place a client hold on : www.Spamhaus.org until such time as they receive a further : order from this Court that such suspension or client hold be : lifted. I strongly suspect that the judge phrased this order with *extreme* care. [1] Apparently their solicitor/barrister advised them not to, but rather to let the suit go to a default judgment; that happened, with disastrous implicaitons. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From ka at pacific.net Mon Oct 9 20:58:01 2006 From: ka at pacific.net (Ken A) Date: Mon Oct 9 20:56:17 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org In-Reply-To: <20061009140602.A98427@mikea.ath.cx> References: <452A8CDA.8030005@trayerproducts.com> <452A8E95.2070008@blacknight.ie> <20061009140602.A98427@mikea.ath.cx> Message-ID: <452AA9C9.4060002@pacific.net> mikea wrote: > On Mon, Oct 09, 2006 at 07:01:57PM +0100, Michele Neylon :: Blacknight.ie wrote: >> Green, Rodney wrote: >>> http://blogs.securiteam.com/index.php/archives/662 >>> >>> I haven't seen this mentioned here on the MS list. If this were to >>> happen, how much of an effect do you think it will have on us anti-spam >>> people using MS/SpamAssassin? >> The logical move would be to set it up using a non-ICANN controlled TLD.... > And make sure that all parts of the apparatus supporting it (e.g., DNS, > registrars for the TLD and for the IP space) are non-US. > > Better still, in the long run, is for Spamhaus to appear in the federal > court[1], to defend itself vigorously, for various major ISPs to submit > _amicus curiae_ briefs outlining: > o their experiences with Atriks/e360 spam; > o the measures they've had to take; > o how Spamhaus has helped; > o and what would happen if Spamhaus were to be shut down. > > At the moment the judge's order states (IIRC) only that ICANN is to > place a suspension or client hold on www.spamhaus.org: Note this is not a signed order, just a 'proposed' order prepared BY the spammer's lawyer for the judge to sign, which probably won't happen. This is just FUD that spammers like to get the media to spread. spamhaus.org isn't going anywhere. Some district court judge in some farm field in Illinois can't order ICANN or Tucows (in Canada) to do anything. Ken A. Pacific.Net > : 3. Until such time as defendant demonstrates > : to this Court why should not be held in contempt for > : its failure to comply with the order for permanent > : injunction, a suspension, or client hold, shall be > : placed on defendants website, which can be found at > : www.Spamhaus.org. > > : 4. The suspension, or client hold, of > : www.Spamhaus.org shall commence immediately. The Internet > : Corporation for Assigned Names and Numbers (ICANN), which > : was created through a Memorandum of Understanding between > : the U.S. Department of Commerce and ICANN to transition > : management of the Domain Name System (DNS) from the > : U.S. government to the global community, and/or Tucows, > : Inc., ICANN's accredited registrar for www.spamhaus.org, > : is hereby ordered to suspend or place a client hold on > : www.Spamhaus.org until such time as they receive a further > : order from this Court that such suspension or client hold be > : lifted. > > I strongly suspect that the judge phrased this order with *extreme* > care. > > [1] Apparently their solicitor/barrister advised them not to, but > rather to let the suit go to a default judgment; that happened, > with disastrous implicaitons. > From edwardbruce at sbcglobal.net Mon Oct 9 21:13:05 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Mon Oct 9 21:13:08 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org In-Reply-To: <452AA9C9.4060002@pacific.net> References: <452A8CDA.8030005@trayerproducts.com> <452A8E95.2070008@blacknight.ie> <20061009140602.A98427@mikea.ath.cx> <452AA9C9.4060002@pacific.net> Message-ID: <452AAD51.3080201@sbcglobal.net> Ken A wrote: > > Note this is not a signed order, just a 'proposed' order prepared BY > the spammer's lawyer for the judge to sign, which probably won't > happen. This is just FUD that spammers like to get the media to > spread. spamhaus.org isn't going anywhere. Some district court judge > in some farm field in Illinois can't order ICANN or Tucows (in Canada) > to do anything. The standard disclaimer about not being a lawyer, but this is a proposed order to be issued from a US District Court. I'm fairly sure this court can order ICANN to comply. Also Tucows is publically traded on the American Stock Exchange (AMEX:TCX), so I'm guessing a federal court has some clout. Further they have offices in Starkville, Mississippi. So I'm guessing somebody better act to get this resolved more in our favor then the Spammer's. From ka at pacific.net Mon Oct 9 22:04:10 2006 From: ka at pacific.net (Ken A) Date: Mon Oct 9 22:02:29 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org In-Reply-To: <452AAD51.3080201@sbcglobal.net> References: <452A8CDA.8030005@trayerproducts.com> <452A8E95.2070008@blacknight.ie> <20061009140602.A98427@mikea.ath.cx> <452AA9C9.4060002@pacific.net> <452AAD51.3080201@sbcglobal.net> Message-ID: <452AB94A.2010706@pacific.net> Ed Bruce wrote: > Ken A wrote: >> Note this is not a signed order, just a 'proposed' order prepared BY >> the spammer's lawyer for the judge to sign, which probably won't >> happen. This is just FUD that spammers like to get the media to >> spread. spamhaus.org isn't going anywhere. Some district court judge >> in some farm field in Illinois can't order ICANN or Tucows (in Canada) >> to do anything. > The standard disclaimer about not being a lawyer, but this is a proposed > order to be issued from a US District Court. I'm fairly sure this court > can order ICANN to comply. Also Tucows is publically traded on the > American Stock Exchange (AMEX:TCX), so I'm guessing a federal court has > some clout. Further they have offices in Starkville, Mississippi. So I'm > guessing somebody better act to get this resolved more in our favor then > the Spammer's. So, why did the US govt retain control of ICANN again? ... in other O.T. news, google just bought 1.65 billion worth of legal troubles. ..Now back to your regularly scheduled programming (in perl). Ken A Pacific.Net From brose at med.wayne.edu Mon Oct 9 22:07:59 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Oct 9 22:08:05 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org In-Reply-To: <452AB94A.2010706@pacific.net> Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B023A1739@MED-CORE03-MS1.med.wayne.edu> I would considered RBLs to be similar to the FTC's Do Not Call list which was considered to be legal. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Monday, October 09, 2006 5:04 PM To: MailScanner discussion Subject: Re: OT: ICANN ordered by Illinois court to suspend spamhaus.org Ed Bruce wrote: > Ken A wrote: >> Note this is not a signed order, just a 'proposed' order prepared BY >> the spammer's lawyer for the judge to sign, which probably won't >> happen. This is just FUD that spammers like to get the media to >> spread. spamhaus.org isn't going anywhere. Some district court judge >> in some farm field in Illinois can't order ICANN or Tucows (in >> Canada) to do anything. > The standard disclaimer about not being a lawyer, but this is a > proposed order to be issued from a US District Court. I'm fairly sure > this court can order ICANN to comply. Also Tucows is publically traded > on the American Stock Exchange (AMEX:TCX), so I'm guessing a federal > court has some clout. Further they have offices in Starkville, > Mississippi. So I'm guessing somebody better act to get this resolved > more in our favor then the Spammer's. So, why did the US govt retain control of ICANN again? ... in other O.T. news, google just bought 1.65 billion worth of legal troubles. ..Now back to your regularly scheduled programming (in perl). Ken A Pacific.Net -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Oct 9 22:39:51 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 22:39:54 2006 Subject: OT: Reverse Lookup Records for Mail Server In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F22@woodenex.woodmaclaw.local> References: <223f97700610090806y724ec79aq12cf532050dc0dd0@mail.gmail.com> <04D932B0071FE34FA63EBB1977B48D1501C13F22@woodenex.woodmaclaw.local> Message-ID: <223f97700610091439u67c192e8mf1323612bc2ce8f1@mail.gmail.com> On 09/10/06, Billy A. Pumphrey wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > > Sent: Monday, October 09, 2006 11:06 AM > > To: MailScanner discussion > > Subject: Re: OT: Reverse Lookup Records for Mail Server > > > > On 09/10/06, Billy A. Pumphrey wrote: > > > In the WIKI > > > http://wiki.mailscanner.info/doku.php?id=best_practices&s=trusted > > > > > > The below is written. I have known this to be a good practice for > > > sometime, but DNS gets a little confusing for me sometimes. I > apologize > > > for all of the OT that I do, but just searching the internet does > not > > > give suggestions. > > > > > > Have a reverse lookup that matches your HELO/EHLO. > > > Many of these policies stem from the fact that spammers will forge > > > addresses. When you send mail to a system that doesn't know you, > you've > > > become a potential spammer. You must show that you can be trusted > before > > > you will be trusted, and one way of doing that is to have a reverse > > > lookup that matches what your system says it is. Unfortunately, this > may > > > be a problem in virtual hosting situations. At the very least make > sure > > > that your MX is listed in DNS as the name that will respond to the > HELO. > > > See RFC 2821 for more information on the SMTP command HELO. > > > > What this means is that if your host says it is host.example.net, > > looking up the IP address you are connecting as should lead to that > > name (and if that's not possible, for some unknowable reason... The MX > > pointed to for example.net should be the hostnme you helo as...). > > > > > If the MailScanner machine is on the internal network, as in not in > a > > > DMZ, and host name ends not in the domain name, how does one set it > up? > > > Host names ends in host.domain.local. > > > > Thing is that .local isn't a top level domain that you should > > "spread" to the internet. If one were to try reach your host from the > > internet, one would look up the MX for your domain, and go to that > > address... What that host "thinks" it is named is pretty irrelevant, > > as long as it answers in accordance to the _public_ DNS settings. So > > in your case, you have a _private_ DNS setup that is geared toward a > > (broken IMO) AD setup (the gospel according to M$... Sigh), and a > > _public_ DNS entry for your MX gateway. This type of "split view" is > > rather common. One might opt for not confusing oneself by not having > > two separate naming spaces, but rather the same names, but different > > views instead (much better:-). > > > > > Does the host name just need to be changed to host.domaain.com? > That > > > would seemingly cause problems communicating with the internal > machines, > > > or would it? > > > > Not really, no. It all depends on how you do things:-). As long as you > > can find your way to MS-exchange.example.local (and the other way > > around) and you have setup trusts etc, you should be fine. > > > > > So if the host name is mailscanner.domain.com, Then the reverse dns > > > should be mailscanner.domain.com right? Sounds right to me. > > > > > > What happens when the reverse DNS is mailscanner.domain.com but the > > > actual host name is mailscanner.domain.local? > > > > As long as you set it up to accept for the domains involved, I see no > > real problem. Handling a true split view DNS setup is rather more easy > > than the .local idiocy... At least to my eyes:-). > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > Ok, thank you for the answer. One more thing and it will be clear to me > I believe. Is it best practice then to have all internal host that is > behind the firewall to be something like: > XPclient1.domain.com > XPclient2.domain.com > Etc. > Yes, that is exactlty what we have. Obviously, this is something one has to set up when one creates (or recreates:-) the AD. Only thing you need keep in mind after that are resources that have different "presences" depending on if the view is from the outside (public DNS for webserver(s), MX etc might lead to one set of (public) IP addresses), or from the inside (private DNS leading to perheps other addresses... or the same. Your choice is... well, not endless, but at least up to you;-). If the inside view of example.net (for example:-) use private adresses, lets say 172.16.0.0/16 (mask 255.255.0.0), and your users need be able to reach www.example.net (with a public address like 123.123.123.123), you'll just need keep an entry in example.net (locally) to that effect (since the internal machines will be seeing the local view of the example.net domain). For stuff that need differ (for example local MX might not be exactly the same as the public MX;-), you simply have different entries locally and publicly... And for most things (that need a local, private view entry, but not a public one) you only have them locally. There just has to be loads written about this on the net... I'm just too lazy to find it for you:-). Anyway... That rather simple "problem" is what prompted a certain company (that shall not be named, but has been know to figure as the primary search result when googling for "more evil than satan himself"...:-) to invent the .local idiocy. As if that would make it any easier to live with? Just another set of problems... and perhaps a bit more onerous to cope with. Anyway, if your MX (MS) gateway is living in the DMZ, you likely have already set a public address for it, and perhaps N(P)AT to that in the firewall, so to solve your immediate problem (without rebuilding the AD:) you could just make it handle the public domain by way of naming (of the host), and the .local thing as an added domain (how to do this differ somewhat between MTAs, but IIRC (Some real Sendmail guru will correct this:-) you just need Cw for the relevant domain names... If you feel up to it/can make it so (perhaps you have a smallish AD, with friendly users:-), making it a normal sane split view thing would probably be best though. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Oct 9 22:46:23 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 22:46:26 2006 Subject: OT: Scanning outgoing mail In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F1F@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501C13F1F@woodenex.woodmaclaw.local> Message-ID: <223f97700610091446j6064e54eq5f67121e0fe8a6f6@mail.gmail.com> On 09/10/06, Billy A. Pumphrey wrote: (snip) > > Looks like it might be trusted already. I know I remember looking into > this before, but I cannot find the config that the settings go into. I > checked the spam.assassin.prefs.conf but not in there. Where is this > setting at again? You might have set it in your local.cf ... perhaps in /etc/mail/spamassassin/ ... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Oct 9 22:50:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 22:50:46 2006 Subject: OT - Re: Mail Backing up while SpamAssassin is in Use In-Reply-To: <452A76FB.200@adcatanzaro.com> References: <452A5FD6.80604@adcatanzaro.com> <452A6D99.5030005@sendit.nodak.edu> <452A76FB.200@adcatanzaro.com> Message-ID: <223f97700610091450u4af7ae41o9ef7cddd36309cdd@mail.gmail.com> On 09/10/06, Derek Catanzaro wrote: > Richard Frovarp wrote: (snip) > > How long is the dcc timeout? 10 seconds? 500 messages times 10 seconds > > is about 83 minutes of extra processing time, since that timeout would > > count for each check. It would seem that you have found your problem. > > > > Richard > Where is the dcc timeout set? According to my "spamassassin --lint -D" > results it is timing out after 5 seconds, so I'm assuming that is the > timeout setting. > dcc: check timed out after 5 seconds > > I have 2 MailScanner servers with the same setup, and one is able to use > dcc and the other is timing out. I'm not sure why one would be timing > out and the other not? They are on the same network both using local > caching name server and both using the same DNS servers if it is not > cached. Is there a .conf I can check to find out what IP or dns name > dcc tries to connect to? > > Derek I'd start looking at your firewall rules... perhaps you only allow dcc for the one host? Then I'd try rebuilding dcc, to see if there is something up there... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Mon Oct 9 22:56:34 2006 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Oct 9 22:56:57 2006 Subject: OT: ICANN ordered by Illinois court to suspend spamhaus.org In-Reply-To: <452A8CDA.8030005@trayerproducts.com> References: <452A8CDA.8030005@trayerproducts.com> Message-ID: <452AC592.2080608@fsl.com> Green, Rodney wrote: > http://blogs.securiteam.com/index.php/archives/662 > > I haven't seen this mentioned here on the MS list. If this were to > happen, how much of an effect do you think it will have on us anti-spam > people using MS/SpamAssassin? I've seen a message on another list from Spamhaus saying that should ICANN suspend their .org domain they will be able to quickly put up the SBL+XBL using their .org.uk domain instead. As an aside -- for those of us with servers in the UK who would like to help out in this case can do the following (this was written by Steve Linford of Spamhaus on another list): --- The best help would be to dig in your spam archive for samples of spam with the text string "Box 1132" and "60035". If any of these were sent to users in the UK (many were but we need hard copies) then we have a much stronger position. --- Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. From glenn.steen at gmail.com Mon Oct 9 23:09:01 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 9 23:09:08 2006 Subject: Header message suddenly appeared In-Reply-To: <200610091702.k99H27Wj023598@balita.ph> References: <1160349693.3814@balita.ph> <223f97700610090011m95c51d2if74475404f68ea47@mail.gmail.com> <200610091702.k99H27Wj023598@balita.ph> Message-ID: <223f97700610091509m5dcd3daehe8da76a3ea5ddfe9@mail.gmail.com> On 09/10/06, Wayne wrote: > At 08:11 09/10/2006, you wrote: > > Glenn > > We only have one sendmail install on the server (it is Balita's own > server not shared). > Our MS version is MailScanner-4.55.10-3 installed from a tar file > using ./install.sh > OS is Red Hat Enterprise Server 3. Thanks for the info. Eh, the tarball would be the rpm tarball then... (confusing, isn't it:-)... The one that installs all the needed RPMs:-)? Oh, I see you cite the version with the telltale -3, so that's probably it. Good. > I have noted from the daily LogWatch the following error: > > Aborting due to syntax errors in > /etc/MailScanner/MailScanner.conf. : 18 Time(s) > Enabling SpamAssassin auto-whitelist functionality... : 12 Time(s) > >>> Unrecognised keyword "spamassassinprefsfile" at line 2205 : 9 Time(s) > > It is to be noted the error on line >>> says spamassassinprefsfile > line 2205 is as follows: > > Line 2205 is # unsupported - code may be completely untested, a > contributed dirty hack, > # anything, really. > # alpha - code is pretty well untested. Don't assume it will work. > # beta - code is tested a bit. It should work. > # supported - code *should* be reliable. > # > # Don't even *think* about setting this to anything other than "beta" or > # "supported" on a system that receives real mail until you have tested it > # yourself and are happy that it is all working as you expect it to. > # Don't set it to anything other than "supported" on a system that could > # ever receive important mail. > # > # READ and UNDERSTAND the above text BEFORE changing this. > # > Minimum Code Status = supported > > Envelope From Header = X-MailScanner-From: > Envelope To Header = X-MailScanner-To: > Line 2223 is reads ... SpamAssassin Prefs File = > /etc/MailScanner/spam.assassin.prefs.conf > > I have listed line 2205 to 2223 as 2223 is the only one I can see > that relate to the error in my LogWatch. I have a vague recollection of this error, from a fresh install some (perhaps a lot:-) versions back (prior to 4.55.10, I think). You might find something about this if you search the archives... Just did... Seems you can probably just comment it out (line 2223). Perhaps you did an upgrade and didn't do upgrade_MailScanner_conf? > Whether the two problems are related I do not know. Don't know. Lets hope so:-). > Hopefully someone can help with both. > > Regards > > Wayne > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Tue Oct 10 01:34:32 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Oct 10 01:36:25 2006 Subject: Double sendmail processes Message-ID: <009401c6ec03$dac5c910$3701a8c0@lapxp> Hello, On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. Every time the server is restarted, I see double sendmail processes, i.e. 2 of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. After I manually restart Mailscanner, it starts only one pair. Q1: why are double processes started? Q2: how could I fix this? Thanks! Best, -- Arthur Sherman +972-52-4878851 CPTeam From jon.bates at summitmotors.com.au Tue Oct 10 02:22:18 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Tue Oct 10 02:22:41 2006 Subject: File Type Checking - Excepting users to the rules Message-ID: <200610100122.k9A1MJKt003458@summitmotors.com.au> I've got filtering in place to quarantine emails with attachments of specific types (eg. videos). I need a list of users to be allowed as exceptions to these rules. _______________________________ I've tried adding this to the top of the filename.rules.conf: "FromOrTo: user@domain.com allow" ...but i'm getting syntax errors when starting MailScanner. _______________________________ I've also tried creating a ruleset for the users under "Dangerous Content Scanning", and this does work, but this is less than desirable as it obviously opens up a security hole for the exception users! Can anyone give me some guidance on how I can do this? Thanks very much for your time. - Jon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061010/31c4a8ce/attachment.html From shuttlebox at gmail.com Tue Oct 10 09:02:53 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Oct 10 09:02:57 2006 Subject: File Type Checking - Excepting users to the rules In-Reply-To: <200610100122.k9A1MJKt003458@summitmotors.com.au> References: <200610100122.k9A1MJKt003458@summitmotors.com.au> Message-ID: <625385e30610100102h6e26f415id0ae49462a1cfdc8@mail.gmail.com> On 10/10/06, Jon Bates wrote: > > I've got filtering in place to quarantine emails with attachments of > specific types (eg. videos). I need a list of users to be allowed as > exceptions to these rules. > _______________________________ > > I've tried adding this to the top of the filename.rules.conf: > > "FromOrTo: user@domain.com allow" > > ...but i'm getting syntax errors when starting MailScanner. You can't mix rulesets into the filename rules. Copy your filename.rules.conf into another file (e.g. filename.rules.video.conf) and edit the video settings in the copy. Make a ruleset pointing to the copy for some users and the original file for default (all others). FromOrTo: user@domain.com %rules-dir%/filename.rules.video.conf FromOrTo: default %rules-dir%/filename.rules.conf -- /peter From a.peacock at chime.ucl.ac.uk Tue Oct 10 09:04:44 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Oct 10 09:05:28 2006 Subject: Double sendmail processes In-Reply-To: <009401c6ec03$dac5c910$3701a8c0@lapxp> References: <009401c6ec03$dac5c910$3701a8c0@lapxp> Message-ID: <452B541C.5070300@chime.ucl.ac.uk> Hi Arthur, Check all of the files on the init directory to see if any of the others start sendmail as well. Do you have a mailscanner script in there? Arthur Sherman wrote: > Hello, > > On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. > Every time the server is restarted, I see double sendmail processes, i.e. 2 > of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. > After I manually restart Mailscanner, it starts only one pair. > > Q1: why are double processes started? > Q2: how could I fix this? > > Thanks! > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From MailScanner at ecs.soton.ac.uk Tue Oct 10 09:23:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 10 09:24:10 2006 Subject: Double sendmail processes In-Reply-To: <009401c6ec03$dac5c910$3701a8c0@lapxp> References: <009401c6ec03$dac5c910$3701a8c0@lapxp> Message-ID: <452B5888.4010207@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 service sendmail stop service MailScanner stop chkconfig sendmail off chkconfig MailScanner on service MailScanner start That will sort you out. Arthur Sherman wrote: > Hello, > > On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. > Every time the server is restarted, I see double sendmail processes, i.e. 2 > of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. > After I manually restart Mailscanner, it starts only one pair. > > Q1: why are double processes started? > Q2: how could I fix this? > > Thanks! > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFK1iJEfZZRxQVtlQRAk5LAKD+PwltAb/cxQwXO9LZ+n4q0mwWRQCfX9NF ztKAmhWqrE+FHKHJr9oiweQ= =Ripc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Oct 10 09:25:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 10 09:26:13 2006 Subject: File Type Checking - Excepting users to the rules In-Reply-To: <200610100122.k9A1MJKt003458@summitmotors.com.au> References: <200610100122.k9A1MJKt003458@summitmotors.com.au> Message-ID: <452B590A.5010108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is all documented on the wiki and in the book. Read this: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading Jon Bates wrote: > > I've got filtering in place to quarantine emails with attachments of > specific types (eg. videos). I need a list of users to be allowed as > exceptions to these rules. > _______________________________ > > I've tried adding this to the top of the filename.rules.conf: > > "FromOrTo: user@domain.com allow" > > ...but i'm getting syntax errors when starting MailScanner. > > _______________________________ > > I've also tried creating a ruleset for the users under "Dangerous > Content Scanning", and this *does* work, but this is less than > desirable as it obviously opens up a security hole for the exception > users! > > > Can anyone give me some guidance on how I can do this? > > Thanks very much for your time. > > - Jon Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFK1kKEfZZRxQVtlQRApEWAJ0V0frIVX8TfK5Fd8n+7uFmM77IbwCgvvS8 tuSGSwA3IxlTy4Uiud/wq20= =Ja5q -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From support-lists at petdoctors.co.uk Tue Oct 10 10:05:34 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Tue Oct 10 10:06:00 2006 Subject: spam forwarding not working Message-ID: <008601c6ec4b$401ef1f0$04000100@support01> Hi guys, I have setup a spam mailbox on our local mail server that users can submit their unwanted stuff to - it's called 'spam@[snipped]' The 'spam' mailbox is submitted to spamassassin every night via a cron job. This works with no problems for mail that people manually forward, but I also have this line in MailScanner.conf: High Scoring Spam Actions = delete forward spam@[snipped] Unfortunately, this triggers the following emails to me (at root): ++++++++++ This is the Postfix program at ... I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. [Snip] : User unknown in virtual alias table ++++++++++ I have also tried local delivery by putting the forward address as 'spam@servername' - am I hitting problems because spam is being resubmitted to MailScanner before being forwarded, but even then why a 'user unknown' message? MailScanner is 4.55.10, PostFix is 2:2.2.10-1.RHEL4.2 on CentOS 4.4 Thanks Nigel Kendrick From tony.johansson at svenskakyrkan.se Tue Oct 10 10:08:33 2006 From: tony.johansson at svenskakyrkan.se (Tony Johansson) Date: Tue Oct 10 10:20:19 2006 Subject: Periodic (5min) SpamAssassin timeouts Message-ID: We're having problems with periodic SpamAssassin timeouts. We have 3 Centos 4.2 servers, running MailScanner 4.54.6 and SpamAssassin 3.1.5 The timeouts seem to hit servers individually, with numerous timeouts all coming in 5 minute (roughly) intervalls. No 5 minute cronjobs exists, timeouts seem to occur and stop for no apparent reason. Loads, network connectivity etc are the same for all 3 servers, yet timeouts aren't evenly distributed among the servers when they occur - always 1 or rarely 2 servers get hit. dcc and pyzor are disabled in spam.assassin.prefs.conf SpamAssassin Timeout = 180 in MailScanner.conf I've set ut a swatch-job that execs spamassassin --lint -D, iostat, top -b -n 1, vmstat, netstat -p whenever the timeouts occur. So far I havent been able to spot something that sticks out. Heres a cut from tonights log: Oct 10 03:12:29 mx3 MailScanner[31635]: SpamAssassin timed out and was killed (pid 6174), failure 0 of 20 Oct 10 03:17:30 mx3 MailScanner[31959]: SpamAssassin timed out and was killed (pid 8844), failure 0 of 20 Oct 10 03:22:33 mx3 MailScanner[32069]: SpamAssassin timed out and was killed (pid 11596), failure 0 of 20 Oct 10 03:30:11 mx3 MailScanner[32069]: SpamAssassin timed out and was killed (pid 15825), failure 0 of 20 Oct 10 03:35:15 mx3 MailScanner[32421]: SpamAssassin timed out and was killed (pid 18582), failure 0 of 20 Oct 10 03:40:16 mx3 MailScanner[31679]: SpamAssassin timed out and was killed (pid 21353), failure 0 of 20 Oct 10 03:45:20 mx3 MailScanner[32171]: SpamAssassin timed out and was killed (pid 24035), failure 0 of 20 Oct 10 03:50:23 mx3 MailScanner[31959]: SpamAssassin timed out and was killed (pid 26559), failure 0 of 20 Oct 10 03:55:23 mx3 MailScanner[31885]: SpamAssassin timed out and was killed (pid 28997), failure 0 of 20 Oct 10 04:00:29 mx3 MailScanner[31215]: SpamAssassin timed out and was killed (pid 31610), failure 1 of 20 Oct 10 04:05:31 mx3 MailScanner[30786]: SpamAssassin timed out and was killed (pid 1662), failure 1 of 20 No timeouts after 04:05. (pid info added to aid debugging) Any ideas on whats going on here? Any tips on how to further debug this? Regards, Tony From martinh at solidstatelogic.com Tue Oct 10 10:27:03 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Tue Oct 10 10:27:16 2006 Subject: Periodic (5min) SpamAssassin timeouts In-Reply-To: References: Message-ID: <452B6767.4020405@solidstatelogic.com> Tony Johansson wrote: > We're having problems with periodic SpamAssassin timeouts. > We have 3 Centos 4.2 servers, running MailScanner 4.54.6 and SpamAssassin 3.1.5 > > The timeouts seem to hit servers individually, with numerous timeouts all > coming in 5 minute (roughly) intervalls. > > No 5 minute cronjobs exists, timeouts seem to occur and stop for no apparent > reason. Loads, network connectivity etc are the same for all 3 servers, yet > timeouts aren't evenly distributed among the servers when they occur - always > 1 or rarely 2 servers get hit. > > dcc and pyzor are disabled in spam.assassin.prefs.conf > SpamAssassin Timeout = 180 in MailScanner.conf > > I've set ut a swatch-job that execs spamassassin --lint -D, iostat, top -b -n > 1, vmstat, netstat -p whenever the timeouts occur. So far I havent been able > to spot something that sticks out. > > Heres a cut from tonights log: > Oct 10 03:12:29 mx3 MailScanner[31635]: SpamAssassin timed out and was killed > (pid 6174), failure 0 of 20 > Oct 10 03:17:30 mx3 MailScanner[31959]: SpamAssassin timed out and was killed > (pid 8844), failure 0 of 20 > Oct 10 03:22:33 mx3 MailScanner[32069]: SpamAssassin timed out and was killed > (pid 11596), failure 0 of 20 > Oct 10 03:30:11 mx3 MailScanner[32069]: SpamAssassin timed out and was killed > (pid 15825), failure 0 of 20 > Oct 10 03:35:15 mx3 MailScanner[32421]: SpamAssassin timed out and was killed > (pid 18582), failure 0 of 20 > Oct 10 03:40:16 mx3 MailScanner[31679]: SpamAssassin timed out and was killed > (pid 21353), failure 0 of 20 > Oct 10 03:45:20 mx3 MailScanner[32171]: SpamAssassin timed out and was killed > (pid 24035), failure 0 of 20 > Oct 10 03:50:23 mx3 MailScanner[31959]: SpamAssassin timed out and was killed > (pid 26559), failure 0 of 20 > Oct 10 03:55:23 mx3 MailScanner[31885]: SpamAssassin timed out and was killed > (pid 28997), failure 0 of 20 > Oct 10 04:00:29 mx3 MailScanner[31215]: SpamAssassin timed out and was killed > (pid 31610), failure 1 of 20 > Oct 10 04:05:31 mx3 MailScanner[30786]: SpamAssassin timed out and was killed > (pid 1662), failure 1 of 20 > > No timeouts after 04:05. (pid info added to aid debugging) > > Any ideas on whats going on here? > > Any tips on how to further debug this? > > Regards, Tony > > > > > > Tony I'd check 1) DNS (are you running a local caching nameserver on the servers?) 2) more likely bayes issues. How are you cleaning the bayes system? Are you letting mailScanner do it (via the spam.assassin.prefs.conf/mailScanner.conf) settings, or are you doing this manually via a cron job? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Tue Oct 10 10:31:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 10 10:31:40 2006 Subject: spam forwarding not working In-Reply-To: <008601c6ec4b$401ef1f0$04000100@support01> References: <008601c6ec4b$401ef1f0$04000100@support01> Message-ID: <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> On 10/10/06, Nigel Kendrick wrote: > Hi guys, > > I have setup a spam mailbox on our local mail server that users can submit > their unwanted stuff to - it's called 'spam@[snipped]' > > The 'spam' mailbox is submitted to spamassassin every night via a cron job. > This works with no problems for mail that people manually forward, but I > also have this line in MailScanner.conf: > > High Scoring Spam Actions = delete forward spam@[snipped] > > Unfortunately, this triggers the following emails to me (at root): > > ++++++++++ > > This is the Postfix program at ... > > I'm sorry to have to inform you that your message could not be delivered to > one or more recipients. It's attached below. > > [Snip] > > : User unknown in virtual alias table > > ++++++++++ > > I have also tried local delivery by putting the forward address as > 'spam@servername' - am I hitting problems because spam is being resubmitted > to MailScanner before being forwarded, but even then why a 'user unknown' > message? > > MailScanner is 4.55.10, PostFix is 2:2.2.10-1.RHEL4.2 on CentOS 4.4 > > Thanks > > Nigel Kendrick > > Nigel, Virtual aliases are expanded _after_ MailScanner, so you cannot use a virtual alias in a rule like that (for addressing). Simply change it to the real address and things should work out OK:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From arturs at netvision.net.il Tue Oct 10 10:46:07 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Oct 10 10:48:00 2006 Subject: Double sendmail processes In-Reply-To: <452B541C.5070300@chime.ucl.ac.uk> Message-ID: <00c401c6ec50$e8f77c70$3701a8c0@lapxp> Hi Anthony, I didn't find anything. Here are starting services: --- [root@ns1 init.d]# chkconfig --list | grep on autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off poprelayd 0:off 1:off 2:on 3:on 4:on 5:on 6:off readahead 0:off 1:off 2:off 3:off 4:off 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off DCC 0:off 1:off 2:on 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off dbrecover 0:off 1:on 2:on 3:on 4:on 5:on 6:off bluequartz 0:off 1:off 2:on 3:on 4:on 5:on 6:off microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off clamav-milter 0:off 1:off 2:on 3:on 4:on 5:on 6:off lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off admserv 0:off 1:off 2:on 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off named 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off dovecot 0:off 1:off 2:on 3:on 4:on 5:on 6:off clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off readahead_early 0:off 1:off 2:off 3:off 4:off 5:on 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off mdchk 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off cced.init 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off --- Then I grepped for sendmail pattern: --- [root@ns1 init.d]# grep sendmail * clamav-milter:# description: clamav-milter is a daemon which hooks into sendmail \ DCC:# dccm must be started before sendmail and stopped after sendmail to avoid DCC:# complaints from sendmail DCC:# can be added to /etc/rc just before sendmail is started and a line like diskdump:SENDMAIL="/usr/sbin/sendmail" poprelayd:# the pop-log-scrubber and sendmail relay db population tool. sendmail:# MailScanner, and its associated copies of sendmail. sendmail:# If you are using sendmail, Exim or Postfix, please try to avoid editing sendmail:MTA=sendmail sendmail:INPID=/var/run/sendmail.in.pid sendmail:OUTPID=/var/run/sendmail.out.pid sendmail:SENDMAIL=/usr/sbin/sendmail sendmail:# Start both the sendmail processes sendmail: elif [ $MTA = 'sendmail' ]; then sendmail: elif [ $MTA = 'sendmail' ]; then sendmail: # Start just incoming sendmail sendmail: # Start just outgoing sendmail sendmail: elif [ $MTA = "sendmail" ]; then sendmail: #killproc sendmail 2>/dev/null sendmail: elif [ $MTA = "sendmail" ]; then sendmail: #killproc /usr/sbin/sendmail 2>/dev/null sendmail: if [ $MTA = "sendmail" ]; then sendmail: # Now the incoming sendmail sendmail: echo -n ' incoming sendmail: ' sendmail: #pid=`ps ax | egrep '\[sendmail\]|sendmai[l]: accepting connections'` sendmail: # Now the outgoing sendmail sendmail: echo -n ' outgoing sendmail: ' sendmail: #pid=`ps ax | egrep '\[sendmail\]|sendmai[l] -q[0-9]*[mhd]|sendmail: Queue runner' | grep -v grep` --- Did I miss something? Thanks! Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: Tuesday, October 10, 2006 10:05 AM > To: MailScanner discussion > Subject: Re: Double sendmail processes > > Hi Arthur, > > Check all of the files on the init directory to see if any of > the others > start sendmail as well. Do you have a mailscanner script in there? > > Arthur Sherman wrote: > > Hello, > > > > On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. > > Every time the server is restarted, I see double sendmail > processes, i.e. 2 > > of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. > > After I manually restart Mailscanner, it starts only one pair. > > > > Q1: why are double processes started? > > Q2: how could I fix this? > > > > Thanks! > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "If you have an apple and I have an apple and we exchange apples > then you and I will still each have one apple. But if you have an > idea and I have an idea and we exchange these ideas, then each of us > will have two ideas." -- George Bernard Shaw > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From arturs at netvision.net.il Tue Oct 10 10:47:54 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Oct 10 10:49:49 2006 Subject: Double sendmail processes In-Reply-To: <452B5888.4010207@ecs.soton.ac.uk> Message-ID: <00c801c6ec51$28ebb580$3701a8c0@lapxp> Hi Jules, Sendmail is actually MailScanner. It was renamed for compatibility with other apps - old trick from some forum, which used to work before. Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Tuesday, October 10, 2006 10:24 AM > To: MailScanner discussion > Subject: Re: Double sendmail processes > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > service sendmail stop > service MailScanner stop > chkconfig sendmail off > chkconfig MailScanner on > service MailScanner start > > That will sort you out. > > Arthur Sherman wrote: > > Hello, > > > > On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. > > Every time the server is restarted, I see double sendmail > processes, i.e. 2 > > of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. > > After I manually restart Mailscanner, it starts only one pair. > > > > Q1: why are double processes started? > > Q2: how could I fix this? > > > > Thanks! > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > > > > Jules > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.0 (Build 1112) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFFK1iJEfZZRxQVtlQRAk5LAKD+PwltAb/cxQwXO9LZ+n4q0mwWRQCfX9NF > ztKAmhWqrE+FHKHJr9oiweQ= > =Ripc > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From a.peacock at chime.ucl.ac.uk Tue Oct 10 10:54:47 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Oct 10 10:55:00 2006 Subject: Double sendmail processes In-Reply-To: <00c401c6ec50$e8f77c70$3701a8c0@lapxp> References: <00c401c6ec50$e8f77c70$3701a8c0@lapxp> Message-ID: <452B6DE7.5090705@chime.ucl.ac.uk> Hi Arthur, Someone who knows your OS better than I will probably be able to help more. The standard mailscanner install creates a startup script for mailscanner that also starts sendmail. In this instance you would need to stop sendmail starting as well. It looks like you are doing in the other way round, ie the sendmail script starts mailscanner. Arthur Sherman wrote: > Hi Anthony, > > I didn't find anything. > > Here are starting services: > --- > [root@ns1 init.d]# chkconfig --list | grep on > autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off > haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off > poprelayd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > readahead 0:off 1:off 2:off 3:off 4:off 5:on 6:off > syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off > xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > DCC 0:off 1:off 2:on 3:on 4:on 5:on 6:off > netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off > sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off > mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off > dbrecover 0:off 1:on 2:on 3:on 4:on 5:on 6:off > bluequartz 0:off 1:off 2:on 3:on 4:on 5:on 6:off > microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off > saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > clamav-milter 0:off 1:off 2:on 3:on 4:on 5:on 6:off > lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off > admserv 0:off 1:off 2:on 3:on 4:on 5:on 6:off > network 0:off 1:off 2:on 3:on 4:on 5:on 6:off > kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off > iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off > irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off > named 0:off 1:off 2:on 3:on 4:on 5:on 6:off > mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off > crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off > httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > dovecot 0:off 1:off 2:on 3:on 4:on 5:on 6:off > clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off > readahead_early 0:off 1:off 2:off 3:off 4:off 5:on 6:off > cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off > messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off > mdchk 0:off 1:off 2:on 3:on 4:on 5:on 6:off > sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off > cced.init 0:off 1:off 2:on 3:on 4:on 5:on 6:off > rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off > --- > > Then I grepped for sendmail pattern: > --- > [root@ns1 init.d]# grep sendmail * > clamav-milter:# description: clamav-milter is a daemon which hooks into > sendmail \ > DCC:# dccm must be started before sendmail and stopped after sendmail to > avoid > DCC:# complaints from sendmail > DCC:# can be added to /etc/rc just before sendmail is started and a line > like > diskdump:SENDMAIL="/usr/sbin/sendmail" > poprelayd:# the pop-log-scrubber and sendmail relay db > population tool. > sendmail:# MailScanner, and its associated copies of sendmail. > sendmail:# If you are using sendmail, Exim or Postfix, please try to avoid > editing > sendmail:MTA=sendmail > sendmail:INPID=/var/run/sendmail.in.pid > sendmail:OUTPID=/var/run/sendmail.out.pid > sendmail:SENDMAIL=/usr/sbin/sendmail > sendmail:# Start both the sendmail processes > sendmail: elif [ $MTA = 'sendmail' ]; then > sendmail: elif [ $MTA = 'sendmail' ]; then > sendmail: # Start just incoming sendmail > sendmail: # Start just outgoing sendmail > sendmail: elif [ $MTA = "sendmail" ]; then > sendmail: #killproc sendmail 2>/dev/null > sendmail: elif [ $MTA = "sendmail" ]; then > sendmail: #killproc /usr/sbin/sendmail 2>/dev/null > sendmail: if [ $MTA = "sendmail" ]; then > sendmail: # Now the incoming sendmail > sendmail: echo -n ' incoming sendmail: ' > sendmail: #pid=`ps ax | egrep '\[sendmail\]|sendmai[l]: accepting > connections'` > sendmail: # Now the outgoing sendmail > sendmail: echo -n ' outgoing sendmail: ' > sendmail: #pid=`ps ax | egrep '\[sendmail\]|sendmai[l] > -q[0-9]*[mhd]|sendmail: Queue runner' | grep -v grep` > --- > > Did I miss something? > > Thanks! > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Anthony Peacock >> Sent: Tuesday, October 10, 2006 10:05 AM >> To: MailScanner discussion >> Subject: Re: Double sendmail processes >> >> Hi Arthur, >> >> Check all of the files on the init directory to see if any of >> the others >> start sendmail as well. Do you have a mailscanner script in there? >> >> Arthur Sherman wrote: >>> Hello, >>> >>> On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. >>> Every time the server is restarted, I see double sendmail >> processes, i.e. 2 >>> of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. >>> After I manually restart Mailscanner, it starts only one pair. >>> >>> Q1: why are double processes started? >>> Q2: how could I fix this? >>> >>> Thanks! >>> >>> >>> Best, >>> >>> -- >>> Arthur Sherman >>> >>> +972-52-4878851 >>> CPTeam >>> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "If you have an apple and I have an apple and we exchange apples >> then you and I will still each have one apple. But if you have an >> idea and I have an idea and we exchange these ideas, then each of us >> will have two ideas." -- George Bernard Shaw >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From tony.johansson at svenskakyrkan.se Tue Oct 10 10:54:25 2006 From: tony.johansson at svenskakyrkan.se (Tony Johansson) Date: Tue Oct 10 10:55:38 2006 Subject: Periodic (5min) SpamAssassin timeouts References: <452B6767.4020405@solidstatelogic.com> Message-ID: > I'd check > > 1) DNS (are you running a local caching nameserver on the servers?) 1: We're running named as caching nameservers on all machines with rbldnsd for certain zones. rbldnsd zones are rsynced hourly from the sources. >From named.conf: zone "list.dsbl.org" IN { type forward; forward first; forwarders { 127.0.0.1 port 530; }; }; And from /etc/sysconfig/rbldnsd: RBLDNSD="dsbl -l/var/log/rbldnsd -r/var/lib/rbldns/data -t 21600 -q -f -c 60 \ -p /var/run/rbldnsd.pid -b127.0.0.1/530 \ list.dsbl.org:ip4set:rbldns-list.dsbl.org \ dnsbl.sorbs.net:combined:dnsbl.sorbs.net \ bulk.rhs.mailpolice.com:dnset:bulk.rhs.mailpolice.com \ fraud.rhs.mailpolice.com:dnset:fraud.rhs.mailpolice.com \ multi.surbl.org:dnset:multi.surbl.org.rbldnsd" Know of any good ways of debugging dns-lookups? Something I could add to whatever debugging i do whenever a timeout occurs? > 2) more likely bayes issues. How are you cleaning the bayes system? Are > you letting mailScanner do it (via the > spam.assassin.prefs.conf/mailScanner.conf) settings, or are you doing > this manually via a cron job? > 2: We have "Rebuild Bayes Every = 0" in MailScanner.conf 04:04 cron runs "clean.and.sa-learn": #!/bin/bash cd /root/.spamassassin rm -f /root/.spamassassin/bayes_toks.expire* /usr/bin/sa-learn --force-expire Heres the bayes dir: ls -lh in /root/.spamassassin: -rw------- 1 root root 6 Aug 12 2005 auto-whitelist.mutex -rw-rw---- 1 root root 83K Oct 10 11:47 bayes_journal -rw------- 1 root root 31K Oct 10 11:47 bayes.mutex -rw------- 1 root root 313M Oct 10 11:46 bayes_seen -rw-rw---- 1 root root 20M Oct 10 11:47 bayes_toks -rw-rw---- 1 root root 12K Jun 22 03:22 __db.bayes_toks.expire15788. -rw-rw---- 1 root root 12K Aug 15 01:40 __db.bayes_toks.expire16514. -rw-rw---- 1 root root 12K Sep 16 01:25 __db.bayes_toks.expire16812. -rw-rw---- 1 root root 12K Aug 9 01:37 __db.bayes_toks.expire17653. -rw-rw---- 1 root root 12K Aug 30 20:31 __db.bayes_toks.expire19732. -rw-rw---- 1 root root 12K Aug 28 19:24 __db.bayes_toks.expire20943. -rw-rw---- 1 root root 12K Jun 21 20:54 __db.bayes_toks.expire21074. -rw-rw---- 1 root root 12K May 17 01:00 __db.bayes_toks.expire22028. -rw-rw---- 1 root root 12K Sep 20 22:38 __db.bayes_toks.expire24240. -rw-rw---- 1 root root 12K Aug 28 23:27 __db.bayes_toks.expire29445. -rw-rw---- 1 root root 12K May 31 23:25 __db.bayes_toks.expire30243. -rw-rw---- 1 root root 12K Jun 8 03:07 __db.bayes_toks.expire3378. -rw-rw---- 1 root root 12K Jul 19 04:43 __db.bayes_toks.expire4537. -rw-r--r-- 1 root root 1.1K Jan 2 2004 user_prefs Timing seems spot on with when the last timeouts stopped but why the 5 min timeouts? Should we let MailScanner manage the rebuilds and at what settings? Regards, Tony From Andreas.Doerfler at kempten.de Tue Oct 10 11:01:42 2006 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Tue Oct 10 11:01:50 2006 Subject: whitelist problem Message-ID: hey there, i have here problems to whitelist two newsletters. think the problem is because of the special signs ( * ) at the from adress: owner-computersl*REMOVED**REMOVED*-de@ablist.about.com owner-delphi*REMOVED**REMOVED*-de@mclist.about.com whitelist entry: From: *@ablist.about.com and To: REMOVED yes From: *@mclist.about.com and To: REMOVED yes atm that way the whistelist for the lists does not work, anyone has workaround for it avaliable ? greetings andy ASCII ribbon campaign ( ) - against HTML email X & vCards / \ From martinh at solidstatelogic.com Tue Oct 10 11:02:43 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Tue Oct 10 11:02:58 2006 Subject: Periodic (5min) SpamAssassin timeouts In-Reply-To: References: <452B6767.4020405@solidstatelogic.com> Message-ID: <452B6FC3.8040204@solidstatelogic.com> Tony Johansson wrote: >> I'd check >> >> 1) DNS (are you running a local caching nameserver on the servers?) > > 1: We're running named as caching nameservers on all machines with rbldnsd for > certain zones. rbldnsd zones are rsynced hourly from the sources. > >>From named.conf: > zone "list.dsbl.org" IN { > type forward; > forward first; > forwarders { > 127.0.0.1 port 530; > }; > > }; > > And from /etc/sysconfig/rbldnsd: > > RBLDNSD="dsbl -l/var/log/rbldnsd -r/var/lib/rbldns/data -t 21600 -q -f -c 60 \ > -p /var/run/rbldnsd.pid -b127.0.0.1/530 \ > list.dsbl.org:ip4set:rbldns-list.dsbl.org \ > dnsbl.sorbs.net:combined:dnsbl.sorbs.net \ > bulk.rhs.mailpolice.com:dnset:bulk.rhs.mailpolice.com \ > fraud.rhs.mailpolice.com:dnset:fraud.rhs.mailpolice.com \ > multi.surbl.org:dnset:multi.surbl.org.rbldnsd" > > Know of any good ways of debugging dns-lookups? Something I could add to > whatever debugging i do whenever a timeout occurs? > >> 2) more likely bayes issues. How are you cleaning the bayes system? Are >> you letting mailScanner do it (via the >> spam.assassin.prefs.conf/mailScanner.conf) settings, or are you doing >> this manually via a cron job? >> > > 2: We have "Rebuild Bayes Every = 0" in MailScanner.conf > 04:04 cron runs "clean.and.sa-learn": > #!/bin/bash > cd /root/.spamassassin > rm -f /root/.spamassassin/bayes_toks.expire* > /usr/bin/sa-learn --force-expire > > Heres the bayes dir: > > ls -lh in /root/.spamassassin: > -rw------- 1 root root 6 Aug 12 2005 auto-whitelist.mutex > -rw-rw---- 1 root root 83K Oct 10 11:47 bayes_journal > -rw------- 1 root root 31K Oct 10 11:47 bayes.mutex > -rw------- 1 root root 313M Oct 10 11:46 bayes_seen > -rw-rw---- 1 root root 20M Oct 10 11:47 bayes_toks > -rw-rw---- 1 root root 12K Jun 22 03:22 > __db.bayes_toks.expire15788. > -rw-rw---- 1 root root 12K Aug 15 01:40 > __db.bayes_toks.expire16514. > -rw-rw---- 1 root root 12K Sep 16 01:25 > __db.bayes_toks.expire16812. > -rw-rw---- 1 root root 12K Aug 9 01:37 > __db.bayes_toks.expire17653. > -rw-rw---- 1 root root 12K Aug 30 20:31 > __db.bayes_toks.expire19732. > -rw-rw---- 1 root root 12K Aug 28 19:24 > __db.bayes_toks.expire20943. > -rw-rw---- 1 root root 12K Jun 21 20:54 > __db.bayes_toks.expire21074. > -rw-rw---- 1 root root 12K May 17 01:00 > __db.bayes_toks.expire22028. > -rw-rw---- 1 root root 12K Sep 20 22:38 > __db.bayes_toks.expire24240. > -rw-rw---- 1 root root 12K Aug 28 23:27 > __db.bayes_toks.expire29445. > -rw-rw---- 1 root root 12K May 31 23:25 > __db.bayes_toks.expire30243. > -rw-rw---- 1 root root 12K Jun 8 03:07 > __db.bayes_toks.expire3378. > -rw-rw---- 1 root root 12K Jul 19 04:43 > __db.bayes_toks.expire4537. > -rw-r--r-- 1 root root 1.1K Jan 2 2004 user_prefs > > > > > Timing seems spot on with when the last timeouts stopped but why the 5 min > timeouts? Should we let MailScanner manage the rebuilds and at what settings? > > Regards, Tony > > > > > > > > > Tony Thought it might bayes related - it's a common issue with MS/SA.. I have.... Rebuild Bayes Every = 86400 and more importantly Wait During Bayes Rebuild = yes -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From arturs at netvision.net.il Tue Oct 10 11:42:25 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Oct 10 11:44:23 2006 Subject: Double sendmail processes In-Reply-To: <452B6DE7.5090705@chime.ucl.ac.uk> Message-ID: <00d001c6ec58$c6f61110$3701a8c0@lapxp> Hi Anthony, It is the Mailscanner script that starts from rc.d. It has been renamed to 'sendmail' - several apps needed this, since it is CentOS based BlueQuartz appliance. So it is just what you say it should be. I am still wondering what would cause double sendmail processes... Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: Tuesday, October 10, 2006 11:55 AM > To: MailScanner discussion > Subject: Re: Double sendmail processes > > Hi Arthur, > > Someone who knows your OS better than I will probably be able > to help more. > > The standard mailscanner install creates a startup script for > mailscanner that also starts sendmail. In this instance you > would need > to stop sendmail starting as well. > > It looks like you are doing in the other way round, ie the sendmail > script starts mailscanner. > > Arthur Sherman wrote: > > Hi Anthony, > > > > I didn't find anything. > > > > Here are starting services: > > --- > > [root@ns1 init.d]# chkconfig --list | grep on > > autofs 0:off 1:off 2:off 3:on 4:on > 5:on 6:off > > haldaemon 0:off 1:off 2:off 3:on 4:on > 5:on 6:off > > poprelayd 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > readahead 0:off 1:off 2:off 3:off 4:off > 5:on 6:off > > syslog 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > xinetd 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > DCC 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > netfs 0:off 1:off 2:off 3:on 4:on > 5:on 6:off > > sendmail 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > mysqld 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > dbrecover 0:off 1:on 2:on 3:on 4:on > 5:on 6:off > > bluequartz 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > microcode_ctl 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > saslauthd 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > clamav-milter 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > lm_sensors 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > admserv 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > network 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > kudzu 0:off 1:off 2:off 3:on 4:on > 5:on 6:off > > iptables 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > irqbalance 0:off 1:off 2:off 3:on 4:on > 5:on 6:off > > named 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > mdmonitor 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > crond 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > httpd 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > dovecot 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > clamd 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > gpm 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > readahead_early 0:off 1:off 2:off 3:off 4:off > 5:on 6:off > > cpuspeed 0:off 1:on 2:on 3:on 4:on > 5:on 6:off > > messagebus 0:off 1:off 2:off 3:on 4:on > 5:on 6:off > > mdchk 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > sshd 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > smartd 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > cced.init 0:off 1:off 2:on 3:on 4:on > 5:on 6:off > > rawdevices 0:off 1:off 2:off 3:on 4:on > 5:on 6:off > > --- > > > > Then I grepped for sendmail pattern: > > --- > > [root@ns1 init.d]# grep sendmail * > > clamav-milter:# description: clamav-milter is a daemon > which hooks into > > sendmail \ > > DCC:# dccm must be started before sendmail and stopped > after sendmail to > > avoid > > DCC:# complaints from sendmail > > DCC:# can be added to /etc/rc just before sendmail is > started and a line > > like > > diskdump:SENDMAIL="/usr/sbin/sendmail" > > poprelayd:# the pop-log-scrubber and sendmail relay db > > population tool. > > sendmail:# MailScanner, and its associated > copies of sendmail. > > sendmail:# If you are using sendmail, Exim or Postfix, > please try to avoid > > editing > > sendmail:MTA=sendmail > > sendmail:INPID=/var/run/sendmail.in.pid > > sendmail:OUTPID=/var/run/sendmail.out.pid > > sendmail:SENDMAIL=/usr/sbin/sendmail > > sendmail:# Start both the sendmail processes > > sendmail: elif [ $MTA = 'sendmail' ]; then > > sendmail: elif [ $MTA = 'sendmail' ]; then > > sendmail: # Start just incoming sendmail > > sendmail: # Start just outgoing sendmail > > sendmail: elif [ $MTA = "sendmail" ]; then > > sendmail: #killproc sendmail 2>/dev/null > > sendmail: elif [ $MTA = "sendmail" ]; then > > sendmail: #killproc /usr/sbin/sendmail 2>/dev/null > > sendmail: if [ $MTA = "sendmail" ]; then > > sendmail: # Now the incoming sendmail > > sendmail: echo -n ' incoming sendmail: ' > > sendmail: #pid=`ps ax | egrep > '\[sendmail\]|sendmai[l]: accepting > > connections'` > > sendmail: # Now the outgoing sendmail > > sendmail: echo -n ' outgoing sendmail: ' > > sendmail: #pid=`ps ax | egrep '\[sendmail\]|sendmai[l] > > -q[0-9]*[mhd]|sendmail: Queue runner' | grep -v grep` > > --- > > > > Did I miss something? > > > > Thanks! > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Anthony Peacock > >> Sent: Tuesday, October 10, 2006 10:05 AM > >> To: MailScanner discussion > >> Subject: Re: Double sendmail processes > >> > >> Hi Arthur, > >> > >> Check all of the files on the init directory to see if any of > >> the others > >> start sendmail as well. Do you have a mailscanner script in there? > >> > >> Arthur Sherman wrote: > >>> Hello, > >>> > >>> On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. > >>> Every time the server is restarted, I see double sendmail > >> processes, i.e. 2 > >>> of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. > >>> After I manually restart Mailscanner, it starts only one pair. > >>> > >>> Q1: why are double processes started? > >>> Q2: how could I fix this? > >>> > >>> Thanks! > >>> > >>> > >>> Best, > >>> > >>> -- > >>> Arthur Sherman > >>> > >>> +972-52-4878851 > >>> CPTeam > >>> > >> > >> -- > >> Anthony Peacock > >> CHIME, Royal Free & University College Medical School > >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > >> "If you have an apple and I have an apple and we exchange apples > >> then you and I will still each have one apple. But if you have an > >> idea and I have an idea and we exchange these ideas, then > each of us > >> will have two ideas." -- George Bernard Shaw > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "If you have an apple and I have an apple and we exchange apples > then you and I will still each have one apple. But if you have an > idea and I have an idea and we exchange these ideas, then each of us > will have two ideas." -- George Bernard Shaw > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Tue Oct 10 11:47:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 10 11:47:25 2006 Subject: spam forwarding not working In-Reply-To: <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> References: <008601c6ec4b$401ef1f0$04000100@support01> <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> Message-ID: <223f97700610100347r3bcddab5t9376b0875c2c5ab3@mail.gmail.com> On 10/10/06, Glenn Steen wrote: > On 10/10/06, Nigel Kendrick wrote: > > Hi guys, > > (snip) > > I have also tried local delivery by putting the forward address as > > 'spam@servername' - am I hitting problems because spam is being resubmitted > > to MailScanner before being forwarded, but even then why a 'user unknown' > > message? (snip) > Virtual aliases are expanded _after_ MailScanner, so you cannot use a > virtual alias in a rule like that (for addressing). > Simply change it to the real address and things should work out OK:-). (still a PF user....:) Just thought I'd add that you are probably not whitelisting local deliveries (release from quarantine etc type of thing, that one might need if using SMTP to release messages), and that is why your messages get rescanned. Either whitelist 127.0.0.1 or do something more clever... (there is some "clever" writings of mine tangenting the subject in the wiki... split mails per recipient in the howto;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Tue Oct 10 11:50:58 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Oct 10 11:52:02 2006 Subject: Double sendmail processes In-Reply-To: <00d001c6ec58$c6f61110$3701a8c0@lapxp> References: <00d001c6ec58$c6f61110$3701a8c0@lapxp> Message-ID: <452B7B12.3020601@chime.ucl.ac.uk> Hi Arthur, Yes, after I sent my message I saw your reply to Jules. Sorry, I don't have detailed experience with your OS, so I am out of ideas now. I am sure someone else on this list will pop up sooner or later... Arthur Sherman wrote: > Hi Anthony, > > It is the Mailscanner script that starts from rc.d. It has been renamed to > 'sendmail' - several apps needed this, since it is CentOS based BlueQuartz > appliance. > So it is just what you say it should be. > > I am still wondering what would cause double sendmail processes... > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Anthony Peacock >> Sent: Tuesday, October 10, 2006 11:55 AM >> To: MailScanner discussion >> Subject: Re: Double sendmail processes >> >> Hi Arthur, >> >> Someone who knows your OS better than I will probably be able >> to help more. >> >> The standard mailscanner install creates a startup script for >> mailscanner that also starts sendmail. In this instance you >> would need >> to stop sendmail starting as well. >> >> It looks like you are doing in the other way round, ie the sendmail >> script starts mailscanner. >> >> Arthur Sherman wrote: >>> Hi Anthony, >>> >>> I didn't find anything. >>> >>> Here are starting services: >>> --- >>> [root@ns1 init.d]# chkconfig --list | grep on >>> autofs 0:off 1:off 2:off 3:on 4:on >> 5:on 6:off >>> haldaemon 0:off 1:off 2:off 3:on 4:on >> 5:on 6:off >>> poprelayd 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> readahead 0:off 1:off 2:off 3:off 4:off >> 5:on 6:off >>> syslog 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> xinetd 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> DCC 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> netfs 0:off 1:off 2:off 3:on 4:on >> 5:on 6:off >>> sendmail 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> mysqld 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> dbrecover 0:off 1:on 2:on 3:on 4:on >> 5:on 6:off >>> bluequartz 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> microcode_ctl 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> saslauthd 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> clamav-milter 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> lm_sensors 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> admserv 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> network 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> kudzu 0:off 1:off 2:off 3:on 4:on >> 5:on 6:off >>> iptables 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> irqbalance 0:off 1:off 2:off 3:on 4:on >> 5:on 6:off >>> named 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> mdmonitor 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> crond 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> httpd 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> dovecot 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> clamd 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> gpm 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> readahead_early 0:off 1:off 2:off 3:off 4:off >> 5:on 6:off >>> cpuspeed 0:off 1:on 2:on 3:on 4:on >> 5:on 6:off >>> messagebus 0:off 1:off 2:off 3:on 4:on >> 5:on 6:off >>> mdchk 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> sshd 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> smartd 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> cced.init 0:off 1:off 2:on 3:on 4:on >> 5:on 6:off >>> rawdevices 0:off 1:off 2:off 3:on 4:on >> 5:on 6:off >>> --- >>> >>> Then I grepped for sendmail pattern: >>> --- >>> [root@ns1 init.d]# grep sendmail * >>> clamav-milter:# description: clamav-milter is a daemon >> which hooks into >>> sendmail \ >>> DCC:# dccm must be started before sendmail and stopped >> after sendmail to >>> avoid >>> DCC:# complaints from sendmail >>> DCC:# can be added to /etc/rc just before sendmail is >> started and a line >>> like >>> diskdump:SENDMAIL="/usr/sbin/sendmail" >>> poprelayd:# the pop-log-scrubber and sendmail relay db >>> population tool. >>> sendmail:# MailScanner, and its associated >> copies of sendmail. >>> sendmail:# If you are using sendmail, Exim or Postfix, >> please try to avoid >>> editing >>> sendmail:MTA=sendmail >>> sendmail:INPID=/var/run/sendmail.in.pid >>> sendmail:OUTPID=/var/run/sendmail.out.pid >>> sendmail:SENDMAIL=/usr/sbin/sendmail >>> sendmail:# Start both the sendmail processes >>> sendmail: elif [ $MTA = 'sendmail' ]; then >>> sendmail: elif [ $MTA = 'sendmail' ]; then >>> sendmail: # Start just incoming sendmail >>> sendmail: # Start just outgoing sendmail >>> sendmail: elif [ $MTA = "sendmail" ]; then >>> sendmail: #killproc sendmail 2>/dev/null >>> sendmail: elif [ $MTA = "sendmail" ]; then >>> sendmail: #killproc /usr/sbin/sendmail 2>/dev/null >>> sendmail: if [ $MTA = "sendmail" ]; then >>> sendmail: # Now the incoming sendmail >>> sendmail: echo -n ' incoming sendmail: ' >>> sendmail: #pid=`ps ax | egrep >> '\[sendmail\]|sendmai[l]: accepting >>> connections'` >>> sendmail: # Now the outgoing sendmail >>> sendmail: echo -n ' outgoing sendmail: ' >>> sendmail: #pid=`ps ax | egrep '\[sendmail\]|sendmai[l] >>> -q[0-9]*[mhd]|sendmail: Queue runner' | grep -v grep` >>> --- >>> >>> Did I miss something? >>> >>> Thanks! >>> >>> >>> Best, >>> >>> -- >>> Arthur Sherman >>> >>> +972-52-4878851 >>> CPTeam >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Anthony Peacock >>>> Sent: Tuesday, October 10, 2006 10:05 AM >>>> To: MailScanner discussion >>>> Subject: Re: Double sendmail processes >>>> >>>> Hi Arthur, >>>> >>>> Check all of the files on the init directory to see if any of >>>> the others >>>> start sendmail as well. Do you have a mailscanner script in there? >>>> >>>> Arthur Sherman wrote: >>>>> Hello, >>>>> >>>>> On my server, Mailscanner is started as /etc/rc.d/init.d/sendmail. >>>>> Every time the server is restarted, I see double sendmail >>>> processes, i.e. 2 >>>>> of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. >>>>> After I manually restart Mailscanner, it starts only one pair. >>>>> >>>>> Q1: why are double processes started? >>>>> Q2: how could I fix this? >>>>> >>>>> Thanks! >>>>> >>>>> >>>>> Best, >>>>> >>>>> -- >>>>> Arthur Sherman >>>>> >>>>> +972-52-4878851 >>>>> CPTeam >>>>> >>>> -- >>>> Anthony Peacock >>>> CHIME, Royal Free & University College Medical School >>>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>>> "If you have an apple and I have an apple and we exchange apples >>>> then you and I will still each have one apple. But if you have an >>>> idea and I have an idea and we exchange these ideas, then >> each of us >>>> will have two ideas." -- George Bernard Shaw >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "If you have an apple and I have an apple and we exchange apples >> then you and I will still each have one apple. But if you have an >> idea and I have an idea and we exchange these ideas, then each of us >> will have two ideas." -- George Bernard Shaw >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From martinh at solidstatelogic.com Tue Oct 10 12:06:44 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Tue Oct 10 12:07:01 2006 Subject: [Fwd: ANNOUNCE: Apache SpamAssassin 3.1.7 available!] Message-ID: <452B7EC4.7070308@solidstatelogic.com> Fix for sa-update is now in... -------- Original Message -------- Subject: ANNOUNCE: Apache SpamAssassin 3.1.7 available! Date: Tue, 10 Oct 2006 11:57:38 +0100 From: jm@jmason.org (Justin Mason) To: users@SpamAssassin.apache.org, dev@SpamAssassin.apache.org, announce@SpamAssassin.apache.org Apache SpamAssassin 3.1.7 is now available! This is a maintenance release of the 3.1.x branch. Downloads will be available from: http://spamassassin.apache.org/downloads.cgi?update=200610100328 Note that it may take a hour or two for mirrors to update. The release files will also be available via CPAN in the near future. md5sum of archive files: 77242e45baa7e2b418e4d3f22a86a69e Mail-SpamAssassin-3.1.7.tar.bz2 4b342c63949d47f3ce56b3fc1c8881c1 Mail-SpamAssassin-3.1.7.tar.gz b62794d50e0921dbb9f5211a65e4dc0e Mail-SpamAssassin-3.1.7.zip sha1sum of archive files: 6660dd3aa87f4ddd3ba9b19cf232dd006c6e8219 Mail-SpamAssassin-3.1.7.tar.bz2 3d31eff0eb9a158fab308958d65cdca81b8944bc Mail-SpamAssassin-3.1.7.tar.gz 7a882fcf4e253c9c020278f126b783ab41fe31d5 Mail-SpamAssassin-3.1.7.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.1.7 is a "quick-fix" release; it contains only a fix for one bug, introduced accidentally in 3.1.6: - bug 5119: if admins had set rule scores in the site configuration in /etc, sa-update would fail. Back out this change -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Tue Oct 10 12:08:00 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 10 12:08:04 2006 Subject: Periodic (5min) SpamAssassin timeouts In-Reply-To: References: <452B6767.4020405@solidstatelogic.com> Message-ID: <223f97700610100408r5c0a3ba8j53e88eff929f36a5@mail.gmail.com> Hej Tony, On 10/10/06, Tony Johansson wrote: > > I'd check > > (snip) > > 2) more likely bayes issues. How are you cleaning the bayes system? Are > > you letting mailScanner do it (via the > > spam.assassin.prefs.conf/mailScanner.conf) settings, or are you doing > > this manually via a cron job? > > > > 2: We have "Rebuild Bayes Every = 0" in MailScanner.conf > 04:04 cron runs "clean.and.sa-learn": > #!/bin/bash > cd /root/.spamassassin > rm -f /root/.spamassassin/bayes_toks.expire* > /usr/bin/sa-learn --force-expire > That script is run from /etc/cron.daily, right? Explains why the timeouts stop at 4:05, since those scripts are likely started at 04:00 (look in /etc/crontabs). (snip) > > Timing seems spot on with when the last timeouts stopped but why the 5 min > timeouts? Should we let MailScanner manage the rebuilds and at what settings? > Can't say for sure. Matt probably knows:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hgh at rcwm.com Tue Oct 10 13:04:39 2006 From: hgh at rcwm.com (Henry Hollenberg) Date: Tue Oct 10 13:00:50 2006 Subject: spam after mailscanner what next? {Scanned} Message-ID: <452B8C57.1030207@rcwm.com> Hey gang, My mailscanner install is working very well, thanks to all on the list. I have noticed a couple of categories of remaining SPAM(ie looks_like_spam_to_me) that are getting thru: 1) probably valid companys that would honor a request for removal from their mailing lists. 2) dictionary attacks designed to beat the baysian engine/db. Number 1: I plan on cautiously contacting the lists I identify in #1 after manually screening them for controlling DNS authority and double checking them on the SPAM lists. Does this sound reasonable? Does anyone have a better way to handle these? Number 2: Have no idea how to attack these other than submitting them to spamcop or some such. Here is an example of this stuff: was the bass heavy style of Bob Marley?s new age reggae that allowed him the access to the people. He abandoned the classic stylewas the bass heavy style of Bob Marley?s new age reggae that allowed him the access to the people. He abandoned the classic style while living, Bob Marley continues to influence people 25 years after his death (African Service News). His music and lyrics worked ?If you know your history/ Then you would know where you coming from/ Then you wouldn't have to ask me/ Who the 'eck do I thinkThere are hundreds of thousands of people screaming for you on stage. The Prime Minister and leader of the opposition sit in the This stuff seems to do a pretty good job of defeating baysian, but it's funny it's instantly reconizible to me as SPAM. Maybe I need to set up a CRAY in my garage with some AI software to catch this stuff. hgh. -- Henry Hollenberg hgh@rcwm.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martelm at quark.vsc.edu Tue Oct 10 13:01:02 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Oct 10 13:01:12 2006 Subject: version of MS that has "max spamassassin size"? In-Reply-To: <452A5808.3040900@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580FC69B89@isabella.herefordshire.gov.uk> <452A5808.3040900@ecs.soton.ac.uk> Message-ID: --On October 9, 2006 3:09:12 PM +0100 Julian Field wrote: > I have just done a fresh release with this problem fixed. > Sorry :-( > Wasn't having a good time then, was I? Julian, the upgrade_MailScanner_conf file is missing the execute bit in the latest distribution. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From martinh at solidstatelogic.com Tue Oct 10 13:09:21 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Tue Oct 10 13:09:28 2006 Subject: spam after mailscanner what next? {Scanned} In-Reply-To: <452B8C57.1030207@rcwm.com> References: <452B8C57.1030207@rcwm.com> Message-ID: <452B8D71.6030901@solidstatelogic.com> Henry Hollenberg wrote: > Hey gang, > > > My mailscanner install is working very well, thanks to all on the list. > > I have noticed a couple of categories of remaining SPAM(ie > looks_like_spam_to_me) that are getting thru: > > 1) probably valid companys that would honor a request for removal from > their mailing lists. > > 2) dictionary attacks designed to beat the baysian engine/db. > > > > Number 1: > I plan on cautiously contacting the lists I identify in #1 after > manually screening them > for controlling DNS authority and double checking them on the SPAM > lists. Does this > sound reasonable? Does anyone have a better way to handle these? > > Number 2: > Have no idea how to attack these other than submitting them to spamcop > or some such. > > > Here is an example of this stuff: > > was the bass heavy style of Bob Marley?s new age reggae that allowed him > the access to the people. He abandoned the classic stylewas the bass > heavy style of Bob Marley?s new age reggae that allowed him the access > to the people. He abandoned the classic style > while living, Bob Marley continues to influence people 25 years after > his death (African Service News). His music and lyrics worked > ?If you know your history/ Then you would know where you coming from/ > Then you wouldn't have to ask me/ Who the 'eck do I thinkThere are > hundreds of thousands of people screaming for you on stage. The Prime > Minister and leader of the opposition sit in the > > > This stuff seems to do a pretty good job of defeating baysian, but it's > funny it's instantly reconizible to me as SPAM. > Maybe I need to set up a CRAY in my garage with some AI software to > catch this stuff. > > hgh. Hi have you installed any of the rules in www.rulesemporium.com ? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Tue Oct 10 13:48:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 10 13:48:38 2006 Subject: spam after mailscanner what next? {Scanned} In-Reply-To: <452B8C57.1030207@rcwm.com> References: <452B8C57.1030207@rcwm.com> Message-ID: <223f97700610100548j1cbd8c17qa8f871e500f85709@mail.gmail.com> On 10/10/06, Henry Hollenberg wrote: > Hey gang, > > > My mailscanner install is working very well, thanks to all on the list. > > I have noticed a couple of categories of remaining SPAM(ie looks_like_spam_to_me) that are getting thru: > > 1) probably valid companys that would honor a request for removal from their mailing lists. > > 2) dictionary attacks designed to beat the baysian engine/db. > > > > Number 1: > I plan on cautiously contacting the lists I identify in #1 after manually screening them > for controlling DNS authority and double checking them on the SPAM lists. Does this > sound reasonable? Does anyone have a better way to handle these? > > Number 2: > Have no idea how to attack these other than submitting them to spamcop or some such. > > > Here is an example of this stuff: > > was the bass heavy style of Bob Marley's new age reggae that allowed him the access to the people. He abandoned the classic stylewas the bass heavy style of Bob Marley's new age reggae that allowed > him the access to the people. He abandoned the classic style > while living, Bob Marley continues to influence people 25 years after his death (African Service News). His music and lyrics worked > "If you know your history/ Then you would know where you coming from/ Then you wouldn't have to ask me/ Who the 'eck do I thinkThere are hundreds of thousands of people screaming for you on stage. The > Prime Minister and leader of the opposition sit in the > > > This stuff seems to do a pretty good job of defeating baysian, but it's funny it's instantly reconizible to me as SPAM. Usually there is some kind of image (or similar unwanted content) involved with these... They are pointless by themselves (as you've noted:-). Did you setup ImageInfo or FuzzyOcr (SA plugins)? Also, if someone has "washed away" the offending image/attached file, you get this type of .... crap. And then there are the broken spams... where the payload is simply missing due to spammers being klutzes:). I'm sure there are some nice rules out there to detect those... Look at www.rulesemporium.com ... > Maybe I need to set up a CRAY in my garage with some AI software to catch this stuff. Crays are overrated... Made a good sofa once upon a time though:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Oct 10 14:35:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 10 14:36:30 2006 Subject: [Fwd: ANNOUNCE: Apache SpamAssassin 3.1.7 available!] In-Reply-To: <452B7EC4.7070308@solidstatelogic.com> References: <452B7EC4.7070308@solidstatelogic.com> Message-ID: <452BA1BC.5050300@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My ClamAV+SpamAssassin package containing 3.1.7 is up for download from www.mailscanner.info. Martin Hepworth wrote: > Fix for sa-update is now in... > > -------- Original Message -------- > Subject: ANNOUNCE: Apache SpamAssassin 3.1.7 available! > Date: Tue, 10 Oct 2006 11:57:38 +0100 > From: jm@jmason.org (Justin Mason) > To: users@SpamAssassin.apache.org, dev@SpamAssassin.apache.org, > announce@SpamAssassin.apache.org > > Apache SpamAssassin 3.1.7 is now available! This is a maintenance > release of the 3.1.x branch. > > Downloads will be available from: > http://spamassassin.apache.org/downloads.cgi?update=200610100328 > > Note that it may take a hour or two for mirrors to update. > The release files will also be available via CPAN in the near future. > > md5sum of archive files: > 77242e45baa7e2b418e4d3f22a86a69e Mail-SpamAssassin-3.1.7.tar.bz2 > 4b342c63949d47f3ce56b3fc1c8881c1 Mail-SpamAssassin-3.1.7.tar.gz > b62794d50e0921dbb9f5211a65e4dc0e Mail-SpamAssassin-3.1.7.zip > > sha1sum of archive files: > 6660dd3aa87f4ddd3ba9b19cf232dd006c6e8219 > Mail-SpamAssassin-3.1.7.tar.bz2 > 3d31eff0eb9a158fab308958d65cdca81b8944bc > Mail-SpamAssassin-3.1.7.tar.gz > 7a882fcf4e253c9c020278f126b783ab41fe31d5 Mail-SpamAssassin-3.1.7.zip > > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F > A05B > > 3.1.7 is a "quick-fix" release; it contains only a fix for one bug, > introduced accidentally in 3.1.6: > > - bug 5119: if admins had set rule scores in the site configuration in > /etc, sa-update would fail. Back out this change > > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFK6G8EfZZRxQVtlQRAvEGAJ4mFjC2p1CrhVC4Atw+Z3/5p3AI4ACfVvSY T4LZhLlj1eJI4YVcPKBQAYc= =Nrkf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From edwardbruce at sbcglobal.net Tue Oct 10 14:36:31 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Tue Oct 10 14:36:35 2006 Subject: spam forwarding not working In-Reply-To: <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> References: <008601c6ec4b$401ef1f0$04000100@support01> <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> Message-ID: <452BA1DF.7070407@sbcglobal.net> Glenn Steen wrote: > > Virtual aliases are expanded _after_ MailScanner, so you cannot use a > virtual alias in a rule like that (for addressing). > Simply change it to the real address and things should work out OK:-). > I'm confused, do you mean _before_ MailScanner? Wouldn't after work? From root at doctor.nl2k.ab.ca Tue Oct 10 14:41:57 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Oct 10 14:42:58 2006 Subject: MailScanner 4.58 Message-ID: <20061010134157.GG27733@doctor.nl2k.ab.ca> Any Betas available Julian? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Oct 10 14:44:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 10 14:45:42 2006 Subject: version of MS that has "max spamassassin size"? In-Reply-To: References: <86144ED6CE5B004DA23E1EAC0B569B580FC69B89@isabella.herefordshire.gov.uk> <452A5808.3040900@ecs.soton.ac.uk> Message-ID: <452BA3AF.8080801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael H. Martel wrote: > --On October 9, 2006 3:09:12 PM +0100 Julian Field > wrote: > >> I have just done a fresh release with this problem fixed. >> Sorry :-( >> Wasn't having a good time then, was I? > > Julian, the upgrade_MailScanner_conf file is missing the execute bit > in the latest distribution. :-( I can't be bothered to keep fixing that version now. I have just put out a new one. > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFK6OvEfZZRxQVtlQRAkZzAKCPPNh+RdlTTCsh/379L7PWBSNIMgCgltjp NLwlIL7UVO4GyBv17lr0TJQ= =2OnS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Tue Oct 10 14:57:38 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 10 14:57:40 2006 Subject: spam forwarding not working In-Reply-To: <452BA1DF.7070407@sbcglobal.net> References: <008601c6ec4b$401ef1f0$04000100@support01> <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> <452BA1DF.7070407@sbcglobal.net> Message-ID: <223f97700610100657w71feea1bw505884d261f4e6b1@mail.gmail.com> On 10/10/06, Ed Bruce wrote: > Glenn Steen wrote: > > > > Virtual aliases are expanded _after_ MailScanner, so you cannot use a > > virtual alias in a rule like that (for addressing). > > Simply change it to the real address and things should work out OK:-). > > > I'm confused, do you mean _before_ MailScanner? Wouldn't after work? No, you aren't confused, I am:-). Of course you are correct. Bottom line: you cannot use virtual aliases in rules like that (unless they were expanded in a separate PF thingy after MS:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From binaryflow at gmail.com Tue Oct 10 14:57:41 2006 From: binaryflow at gmail.com (Douglas Ward) Date: Tue Oct 10 14:57:44 2006 Subject: Bayesian database not learning Message-ID: I trained my bayesian database about four weeks ago with about 600 or so ham and spam messages. Spamassassin should be autolearning based on the following defaults: bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 In the four weeks since I trained the database it does not look like it has learned anything. When I run the sa-learn command the spam/ham count is the same as the day I trained it. Are these defaults to high/low? Should they be changed? From MailScanner at ecs.soton.ac.uk Tue Oct 10 14:59:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 10 15:00:04 2006 Subject: spam after mailscanner what next? {Scanned} In-Reply-To: <452B8C57.1030207@rcwm.com> References: <452B8C57.1030207@rcwm.com> Message-ID: <452BA747.3000905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a very common type of question: "What else can I do to reduce our incoming spam?". We should come up with a simple definitive list, not necessarily in any order other than alphabetical. Note these are not performance improvements, they are spam detection rate improvements. Shall I start the ball rolling? These are in no particular order: MailScanner phishing net ClamAV for phishing detection (most effective in US, it appears) DCC Razor Pyzor (? I don't use it and don't trust it for arbitrary reasons) SpamAssassin SARE Rules Emporium Rules_Du_Jour Bayes starter database from www.fsl.com Greylisting (stops spam zombies) Milter-null (stops joe-jobs) Milter-ahead (stops dictionary attacks) Reject unknown users in Exchange 2003 All other SA plugins mentioned in /etc/mail/spamassassin/*.pre RBLs in MailScanner (maybe advise against?) Trusted Networks setting in SA What else have I forgotten? Those are the basic ones I run on my own systems, and we get virtually no spam at all now. Note that none of them require any manual maintenance, life is too short to manually maintain blacklists (which is what Microsoft do on their own corporate setup :-) Henry Hollenberg wrote: > Hey gang, > > > My mailscanner install is working very well, thanks to all on the list. > > I have noticed a couple of categories of remaining SPAM(ie > looks_like_spam_to_me) that are getting thru: > > 1) probably valid companys that would honor a request for removal from > their mailing lists. > > 2) dictionary attacks designed to beat the baysian engine/db. > > > > Number 1: > I plan on cautiously contacting the lists I identify in #1 after > manually screening them > for controlling DNS authority and double checking them on the SPAM > lists. Does this > sound reasonable? Does anyone have a better way to handle these? > > Number 2: > Have no idea how to attack these other than submitting them to spamcop > or some such. > > > Here is an example of this stuff: > > was the bass heavy style of Bob Marley?s new age reggae that allowed > him the access to the people. He abandoned the classic stylewas the > bass heavy style of Bob Marley?s new age reggae that allowed him the > access to the people. He abandoned the classic style > while living, Bob Marley continues to influence people 25 years after > his death (African Service News). His music and lyrics worked > ?If you know your history/ Then you would know where you coming from/ > Then you wouldn't have to ask me/ Who the 'eck do I thinkThere are > hundreds of thousands of people screaming for you on stage. The Prime > Minister and leader of the opposition sit in the > > > This stuff seems to do a pretty good job of defeating baysian, but > it's funny it's instantly reconizible to me as SPAM. > Maybe I need to set up a CRAY in my garage with some AI software to > catch this stuff. > > hgh. Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: windows-1252 wj8DBQFFK6dHEfZZRxQVtlQRAtglAJ98aHHFhL3p9NKg66gZVun8RmGMmACfYeVh GaLfv8nKKj/t9r8QDQ6luxQ= =VFv1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Oct 10 15:07:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 10 15:07:44 2006 Subject: MailScanner 4.58 In-Reply-To: <20061010134157.GG27733@doctor.nl2k.ab.ca> References: <20061010134157.GG27733@doctor.nl2k.ab.ca> Message-ID: <452BA914.2050006@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 4.57.1-1 is up on the web site now. Has a new setting "Max Spam Check Size". Messages bigger than this are assumed to not be spam. This significantly speeds up spam checking. Spammers cannot afford to send huge messages, they want to use their bandwidth sending more smaller messages as it pays better. Default limit is 150k, which apparently is a very safe figure for this test. Please can you let me know your experience with this. It should make testing large messages a lot faster, as large messages take a long time to process with SpamAssassin. I am about to upgrade my test server to see what happens to the load average on it (currently about 8 - 10 with pretty small message batches). It doesn't start to sweat until the load average gets over 16 as it has roughly that many threads in the CPUs (quad-CPU, dual-core, hyperthreading). Regards, Jules. Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Any Betas available Julian? > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFK6kUEfZZRxQVtlQRAlBKAJ9mmsdDlJJL+ho7ZKCELg4/ePg3agCglktg PtnbffeoipK1c5c3gjRWryc= =6heE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From bpumphrey at woodmclaw.com Tue Oct 10 15:13:34 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Oct 10 15:13:48 2006 Subject: spam.assassin.prefs.conf.rpmnew file In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F30@woodenex.woodmaclaw.local> I just noticed this file in my /etc/MailScanner directory. I do not know whether it came from MailScanner or spamassassin. I believe MailScanner. I do not remember this file being in the upgrades before. Do you renew this file is the same manner that you do with the MailScanner.conf file? Where I was looking on the WIKI on the last upgrade procedures: http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:u pgrade:rpm Billy Pumphrey IT Manager Wooden & McLaughlin -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpumphrey at woodmclaw.com Tue Oct 10 15:16:38 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Oct 10 15:16:57 2006 Subject: Bayesian database not learning In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F31@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Douglas Ward > Sent: Tuesday, October 10, 2006 9:58 AM > To: MailScanner discussion > Subject: Bayesian database not learning > > I trained my bayesian database about four weeks ago with about 600 or > so ham and spam messages. Spamassassin should be autolearning based > on the following defaults: > > bayes_auto_learn_threshold_nonspam 0.1 > bayes_auto_learn_threshold_spam 12.0 > > In the four weeks since I trained the database it does not look like > it has learned anything. When I run the sa-learn command the spam/ham > count is the same as the day I trained it. Are these defaults to > high/low? Should they be changed? > -- Make sure that you are training and looking at the correct bayes database. See the spam.assassin.prefs.conf file for the bayes database location. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ylacan at teicam.com Tue Oct 10 15:19:43 2006 From: ylacan at teicam.com (Youri LACAN-BARTLEY) Date: Tue Oct 10 15:20:01 2006 Subject: Bayesian database not learning In-Reply-To: References: Message-ID: <452BABFF.4000507@teicam.com> Douglas Ward wrote: > bayes_auto_learn_threshold_nonspam 0.1 > bayes_auto_learn_threshold_spam 12.0 I'd say that 12.0 is a little too high a threshold ... But I guess that depends on the rule sets you use with SA ... But that's just my non enlightened insight to your request :) -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From dward at nccumc.org Tue Oct 10 15:20:34 2006 From: dward at nccumc.org (Douglas Ward) Date: Tue Oct 10 15:20:35 2006 Subject: Bayesian database not learning In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F31@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501C13F31@woodenex.woodmaclaw.local> Message-ID: I did check that. Wouldn't sa-learn know which database it was using to learn? On 10/10/06, Billy A. Pumphrey wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Douglas Ward > > Sent: Tuesday, October 10, 2006 9:58 AM > > To: MailScanner discussion > > Subject: Bayesian database not learning > > > > I trained my bayesian database about four weeks ago with about 600 or > > so ham and spam messages. Spamassassin should be autolearning based > > on the following defaults: > > > > bayes_auto_learn_threshold_nonspam 0.1 > > bayes_auto_learn_threshold_spam 12.0 > > > > In the four weeks since I trained the database it does not look like > > it has learned anything. When I run the sa-learn command the spam/ham > > count is the same as the day I trained it. Are these defaults to > > high/low? Should they be changed? > > -- > > Make sure that you are training and looking at the correct bayes > database. See the spam.assassin.prefs.conf file for the bayes database > location. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From bpumphrey at woodmclaw.com Tue Oct 10 15:43:13 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Oct 10 15:43:33 2006 Subject: Bayesian database not learning In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F33@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Douglas Ward > Sent: Tuesday, October 10, 2006 10:21 AM > To: MailScanner discussion > Subject: Re: Bayesian database not learning > > I did check that. Wouldn't sa-learn know which database it was using to > learn? > By default it will use a different database, /root/.spamassassin/ I believe. From my experience, you have to specify the -p for the conf file. I tested this by doing a sa-learn without it and then checked the bayes database with the dump command and there were no new updates. I added the -p command and the bayes was updated. Looks like you may not have to add the -p to the sa-learn dump command though, although you may want to make sure yourself. Here are my notes from when I set my learning up: sa-learn --dump magic This will show you how many emails bayes has learned http://www.annodex.net/cgi-bin/man/man2html?sa-learn+1 Good link HERE IS WHAT TO USE for the spam from exchange to linux learn: As the spam user: For spam 1. fetchmail --folder spam --all (logged in as spam) 2. Log in as root 3. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf--mbox ---no-sync --showdots --spam /var/spool/mail/spam 4. rm -f /var/spool/mail/spam 5. touch /var/spool/mail/spam 6. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --sync For ham 1. fetchmail--folder ham --all (logged in as spam) 2. Log in as root 3. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --mbox --no-sync --showdots --ham /var/spool/mail/spam 4. rm -f /var/spool/mail/spam 5. touch /var/spool/mail/spam 6. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --sync -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lodder at delodder.be Tue Oct 10 16:07:04 2006 From: lodder at delodder.be (Philippe Delodder) Date: Tue Oct 10 16:07:32 2006 Subject: dcc problem Message-ID: <452BB718.2030400@delodder.be> Hi, when i run spamassassin --lint -D i'm getting the following error: warn: config: failed to parse line, skipping: dcc_path /usr/bin/dccproc how can i solve this i installed it and i checked the config file i'm running gentoo with SpamAssassin version 3.1.3 running on Perl version 5.8.8 MailScanner E-Mail Virus Scanner version 4.54.6 postfix version 2.2.10 -- Philippe Delodder lodder@delodder.be http://www.delodder.be -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061010/933d62e6/signature.bin From martinh at solidstatelogic.com Tue Oct 10 16:15:34 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Tue Oct 10 16:15:45 2006 Subject: dcc problem In-Reply-To: <452BB718.2030400@delodder.be> References: <452BB718.2030400@delodder.be> Message-ID: <452BB916.9050500@solidstatelogic.com> Philippe Delodder wrote: > Hi, > > when i run spamassassin --lint -D i'm getting the following error: > warn: config: failed to parse line, skipping: dcc_path /usr/bin/dccproc > > how can i solve this i installed it and i checked the config file > > i'm running gentoo with > SpamAssassin version 3.1.3 > running on Perl version 5.8.8 > MailScanner E-Mail Virus Scanner version 4.54.6 > postfix version 2.2.10 > > Philippe is the dcc pluging installed in on of the /etc/mail/spamassassin/**.pre files? By default its commented out due to DCC licencing restrictions. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From bpumphrey at woodmclaw.com Tue Oct 10 16:17:02 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Oct 10 16:17:15 2006 Subject: dcc problem In-Reply-To: <452BB718.2030400@delodder.be> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F34@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Philippe Delodder > Sent: Tuesday, October 10, 2006 11:07 AM > To: MailScanner discussion > Subject: dcc problem > > Hi, > > when i run spamassassin --lint -D i'm getting the following error: > warn: config: failed to parse line, skipping: dcc_path /usr/bin/dccproc > > how can i solve this i installed it and i checked the config file > > i'm running gentoo with > SpamAssassin version 3.1.3 > running on Perl version 5.8.8 > MailScanner E-Mail Virus Scanner version 4.54.6 > postfix version 2.2.10 > > -- > Philippe Delodder > lodder@delodder.be > http://www.delodder.be > You have to specify the config file. Assuming you are logged in as root, try: spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf If you are doing the lint in mailwatch, it is using a different user name. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Tue Oct 10 16:28:44 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Oct 10 16:28:57 2006 Subject: dcc problem In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F34@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501C13F34@woodenex.woodmaclaw.local> Message-ID: <452BBC2C.90101@evi-inc.com> Billy A. Pumphrey wrote: >> -----Original Message----- > > You have to specify the config file. Assuming you are logged in as > root, try: > > spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf That's generally not needed anymore. spam.assassin.prefs.conf should be a symlink to /etc/mail/spamassassin/mailscanner.cf on any reasonably recent version of MailScanner. adding the -p is redundant, and wouldn't fix this problem anyway. Martin probably nailed it, you need to load the DCC plugin in order to use DCC options. Otherwise you'll get parse failures. > If you are doing the lint in mailwatch, it is using a different user > name. From glenn.steen at gmail.com Tue Oct 10 16:51:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 10 16:51:25 2006 Subject: spam.assassin.prefs.conf.rpmnew file In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F30@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501C13F30@woodenex.woodmaclaw.local> Message-ID: <223f97700610100851p26d7c494ic996e8a1f35d89e8@mail.gmail.com> On 10/10/06, Billy A. Pumphrey wrote: > I just noticed this file in my /etc/MailScanner directory. I do not > know whether it came from MailScanner or spamassassin. I believe > MailScanner. I do not remember this file being in the upgrades before. > Do you renew this file is the same manner that you do with the > MailScanner.conf file? > > Where I was looking on the WIKI on the last upgrade procedures: > http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:u > pgrade:rpm > It is an effect of the RPM install of mailscanner, yes. Since this one is bound to differ a bit (if it gets created:-), between setups/organizations, and not being that huge... you get to manage that one by yourself;-). Just diff it (or manually compare) and merge in the settings you like into/out from spam.assassin.prefs.conf ... then remove the rpmnew file. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From eneal at dfi-intl.com Tue Oct 10 16:57:24 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Oct 10 16:57:30 2006 Subject: Calling All Network Administrators in the DC AREA Message-ID: My company is looking to hire a network admin. Windows, Cisco, Unix. If you have the following, want employment 60K+ let me know. __________________________________________ Errol Uriel Neal Jr. Sr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com From derek at adcatanzaro.com Tue Oct 10 17:02:47 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Tue Oct 10 17:03:11 2006 Subject: OT - Mail Backing up while SpamAssassin is in Use In-Reply-To: References: <452A5FD6.80604@adcatanzaro.com> <452A6D99.5030005@sendit.nodak.edu> <452A76FB.200@adcatanzaro.com> <452A84C8.6030902@adcatanzaro.com> Message-ID: <452BC427.6010201@adcatanzaro.com> Mark Nienberg wrote: > Derek Catanzaro wrote: >> processed per day. Is there any way for me to find out how many >> messages have been processed by MailScanner without implementing >> mailscanner-MRTG or mailwatch? > > [root@tesla etc]# logwatch --service mailscanner --range yesterday > --print > > I can't recall which version of logwatch came with Fedora Core 1, but > you'll want to upgrade to the latest version available at logwatch.org. > Thanks for the info Mark. Worked great once I upgraded logwatch. Quick and easy way to get a snapshot of the stats without putting any extra load on the server. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dward at nccumc.org Tue Oct 10 17:09:41 2006 From: dward at nccumc.org (Douglas Ward) Date: Tue Oct 10 17:09:44 2006 Subject: Bayesian database not learning In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F33@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1501C13F33@woodenex.woodmaclaw.local> Message-ID: Thank you for this information. I checked /root/.spamassassin and saw a 1 kb bayes database. I assume this is the blank database created by spamassassin upon installation. My real bayes database is over 2.5 mb. Since I am not using the blank bayes db I deleted it. I then ran the following commands: sa-learn --dump magic sa-learn --dump magic -p /etc/MailScanner/spam.assassin.prefs.conf Both returned the same number of spam/ham tokens. I think the problem spam wise is that my learn value (12.0) is too high. I am curious about the low end value (0.1). Does this catch negative scores? Most of our ham scores less than zero but it is not learned either. The message that I received this morning with a score of 16.5 surely should have trained the tokens. Time for the potentially silly question: What value should bayes_auto_learn have (0 or 1)? How about bayes_auto_expire? On 10/10/06, Billy A. Pumphrey wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Douglas Ward > > Sent: Tuesday, October 10, 2006 10:21 AM > > To: MailScanner discussion > > Subject: Re: Bayesian database not learning > > > > I did check that. Wouldn't sa-learn know which database it was using > to > > learn? > > > > By default it will use a different database, /root/.spamassassin/ I > believe. From my experience, you have to specify the -p for the conf > file. I tested this by doing a sa-learn without it and then checked the > bayes database with the dump command and there were no new updates. I > added the -p command and the bayes was updated. Looks like you may not > have to add the -p to the sa-learn dump command though, although you may > want to make sure yourself. > > Here are my notes from when I set my learning up: > > sa-learn --dump magic > This will show you how many emails bayes has learned > http://www.annodex.net/cgi-bin/man/man2html?sa-learn+1 > Good link > > HERE IS WHAT TO USE for the spam from exchange to linux learn: > As the spam user: > For spam > 1. fetchmail --folder spam --all (logged in as spam) > 2. Log in as root > 3. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf--mbox > ---no-sync --showdots --spam /var/spool/mail/spam > 4. rm -f /var/spool/mail/spam > 5. touch /var/spool/mail/spam > 6. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --sync > > For ham > 1. fetchmail--folder ham --all (logged in as spam) > 2. Log in as root > 3. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --mbox > --no-sync --showdots --ham /var/spool/mail/spam > 4. rm -f /var/spool/mail/spam > 5. touch /var/spool/mail/spam > 6. sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --sync > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ylacan at teicam.com Tue Oct 10 17:31:57 2006 From: ylacan at teicam.com (Youri LACAN-BARTLEY) Date: Tue Oct 10 17:32:19 2006 Subject: Bayesian database not learning In-Reply-To: References: <04D932B0071FE34FA63EBB1977B48D1501C13F33@woodenex.woodmaclaw.local> Message-ID: <452BCAFD.5050704@teicam.com> Douglas Ward wrote: > Time for the potentially silly question: What value should > bayes_auto_learn have (0 or 1)? How about bayes_auto_expire? Well I can answer for sure, that you would be interested in setting bayes_auto_learn to 1 in order to avoid manually teaching spam through sa-learn. However, I guess that in the meantime you should check that your bayes system is fully operational before switching auto-learning on. But then again, I've never had any problems with running bayes and I'm afraid I can't help you much on the issue here. Good luck ! -- Cordialement, Youri LACAN-BARTLEY PCAM Espace HERVANN 641 Chemin des terriers 06600 ANTIBES Tel: 04.93.33.26.25 Fax: 04.93.33.73.45 -- Ce message a ?t? v?rifi? par MailScanner pour des virus ou des polluriels et rien de suspect n'a ?t? trouv?. From lisa.wu at syntricity.com Tue Oct 10 18:21:24 2006 From: lisa.wu at syntricity.com (Lisa Wu) Date: Tue Oct 10 18:21:29 2006 Subject: Sophos/MailScanner Message-ID: <008f01c6ec90$83220b50$9908a8c0@syntricity.com> Hi, My server: Postfix 2.2.10 Dovecot 1.0 beta 8 Mailscanner 4.51.5 SpamAssassin 3.1.1 Once in a while the server will fail to download its updates from Sophos. (The cause being that our T1 line went down). Then the mail log starts posting MailScanner error messages every 10 seconds until a successful update occurs: Sep 6 14:06:50 mail MailScanner[30864]: None of the files matched by the "Monitors For Sophos Updates" patterns exist! Because of this error the queue starts placing all messages on hold. My solution (probably the wrong way to do this) was to create a script that runs every 10 minutes to manually release all held messages and flush the queue. I've searched Google, I've searched the MailScanner archives, and I've contacted Sophos. I went over the different configurations options in attempts to figure out a way of working around this behavior. Would I have to temporarily comment out the Mailscanner portion of my Postfix config to allow for normal internal mail flow? I know I risk the chance of viruses if I do this, which is why I was hoping there's a way of using the old Sophos IDES. Any help regarding this problem would be helpful. Thanks, Lisa Wu From taz at taz-mania.com Tue Oct 10 18:58:05 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Oct 10 18:58:10 2006 Subject: Calling All Network Administrators in the DC AREA In-Reply-To: Message-ID: I don't know about anyone else, but I find this a little too off topic. Also, I don't know about in DC, but here in the SF bay area, the Microsoft Jr admins make that much... Real network admins get twice that (and some make even more than that). On Tue, 10 Oct 2006 11:57:24 -0400 "Errol Neal" wrote: >My company is looking to hire a network admin. Windows, Cisco, Unix. >If >you have the following, want employment 60K+ let me know. > > > >__________________________________________ >Errol Uriel Neal Jr. >Sr. Network Administrator >DFI International, Inc. >1717 Pennsylvania Ave NW, Suite 1300 >Washington, DC 20006 >Tel (202)452-6955 >Fax (202)452-6910 >eneal@dfi-intl.com >www.dfi-intl.com > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------------------------------------------- Dennis Willson taz@taz-mania.com http://www.taz-mania.com Ham: ka6lsw Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, Gas Blender Owner: Kepnet Internet Services Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" From mailscanner at PDSCC.COM Tue Oct 10 19:03:24 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Oct 10 19:03:34 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: <43E77D59.1030007@ecs.soton.ac.uk> References: <200507021155.EAA08363@sheridan.sibble.net>, <200602100349.TAA26624@sheridan.sibble.net>, <43E77D59.1030007@ecs.soton.ac.uk> Message-ID: <200610101803.k9AI3Ox7008337@sinclaire.sibble.net> Julian, did this ever get released? I just checked the wiki again and don't see anything much different than last I looked On 6 Feb 2006 at 16:46, Julian Field wrote: > It's finally in beta-testing. The guy who wrote it rather tailored it to > our site unfortunately. I'll let you know when there is something > presentable for you. > > Harondel J. Sibble wrote: > > Julian, did this ever get implemented? I don't see anything in the wiki about > > this... > > > > On 30 Jun 2005 at 11:48, Julian Field wrote: > > > > > >> What may be some use is a system we are working on here that will > >> allow users to retrieve files from the quarantine, with a sysadmin > >> approving or denying each case given the relevant log entries to look > >> at. > >> > >> This may be the solution for you. The guys working on it are busy > >> with other things today, but I would hope this system will be up and > >> running within the next couple of weeks or so. So version 1 will be > >> out then, and we will develop and improve the system once we start > >> using it in production. > >> > >> This will be available free from www.mailscanner.info. > >> > >> On 30 Jun 2005, at 07:28, Harondel J. Sibble wrote: > >> > >> > >>> Forgot to mention, this is a mail relay box/frontend for the > >>> internal Samsung > >>> Contact machine that hosts all the mail and mail accounts. > >>> > >>> On 29 Jun 2005 at 23:21, Harondel J. Sibble wrote: > >>> > >>> > >>> > >>>> Have a mail relay box running an older version of MS, 4.25-14 to > >>>> be exact, > >>>> plans are to upgrade it in the next few weeks to the latest > >>>> version, however, > >>>> one small problem, wondering how other folks solved this, had a > >>>> look at the > >>>> maq's and faq's but didn't see anything specific to this: > >>>> -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From bpumphrey at woodmclaw.com Tue Oct 10 19:30:15 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue Oct 10 19:30:40 2006 Subject: spam.assassin.prefs.conf.rpmnew file In-Reply-To: <223f97700610100851p26d7c494ic996e8a1f35d89e8@mail.gmail.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F36@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: Tuesday, October 10, 2006 11:51 AM > To: MailScanner discussion > Subject: Re: spam.assassin.prefs.conf.rpmnew file > > On 10/10/06, Billy A. Pumphrey wrote: > > I just noticed this file in my /etc/MailScanner directory. I do not > > know whether it came from MailScanner or spamassassin. I believe > > MailScanner. I do not remember this file being in the upgrades before. > > Do you renew this file is the same manner that you do with the > > MailScanner.conf file? > > > > Where I was looking on the WIKI on the last upgrade procedures: > > http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:u > > pgrade:rpm > > > It is an effect of the RPM install of mailscanner, yes. Since this one > is bound to differ a bit (if it gets created:-), between > setups/organizations, and not being that huge... you get to manage > that one by yourself;-). > Just diff it (or manually compare) and merge in the settings you like > into/out from spam.assassin.prefs.conf ... then remove the rpmnew > file. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Ok, thank you -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dward at nccumc.org Tue Oct 10 19:34:54 2006 From: dward at nccumc.org (Douglas Ward) Date: Tue Oct 10 19:34:56 2006 Subject: Bayesian database not learning In-Reply-To: <452BCAFD.5050704@teicam.com> References: <04D932B0071FE34FA63EBB1977B48D1501C13F33@woodenex.woodmaclaw.local> <452BCAFD.5050704@teicam.com> Message-ID: I ran spamassassin -D --lint with no errors. The bayes_auto_learn flag is set to 1. Maybe I need to adjust the upper value down. How about the lower value? Should it stay at 0.1? On 10/10/06, Youri LACAN-BARTLEY wrote: > Douglas Ward wrote: > > Time for the potentially silly question: What value should > > bayes_auto_learn have (0 or 1)? How about bayes_auto_expire? > Well I can answer for sure, that you would be interested in setting > bayes_auto_learn to 1 in order to avoid manually teaching spam through > sa-learn. > However, I guess that in the meantime you should check that your bayes > system is fully operational before switching auto-learning on. > > But then again, I've never had any problems with running bayes and I'm > afraid I can't help you much on the issue here. > > Good luck ! > > -- > Cordialement, > > Youri LACAN-BARTLEY > > PCAM > Espace HERVANN > 641 Chemin des terriers > 06600 ANTIBES > Tel: 04.93.33.26.25 > Fax: 04.93.33.73.45 > > > -- > Ce message a ?t? v?rifi? par MailScanner > pour des virus ou des polluriels et rien de > suspect n'a ?t? trouv?. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From eneal at dfi-intl.com Tue Oct 10 19:59:32 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Tue Oct 10 19:59:38 2006 Subject: Calling All Network Administrators in the DC AREA Message-ID: Of course it was off topic. This isn't a recruiting list... Listen, I like this list. I've been subscribed to it for a number of years, I was 'trying' to help someone out who might be job searching. I aint a recruiter, I don't make money off of it. It's really just trying to do someone a favor. So if you want to start a fire storm to get my head chopped off, go right ahead. My intentions are to help a fella out... I'm sure if you weren't in SF making 120K, but in DC and trying to feed your family, you'd appreciate a bit of a lead... >> I don't know about anyone else, but I find this a little too off topic. >> Also, I don't know about in DC, but here in the SF bay area, the Microsoft Jr admins make that much... Real network >> admins get twice that (and some make even more than that). From mwilson at cobasys.com Tue Oct 10 19:57:26 2006 From: mwilson at cobasys.com (Mike Wilson) Date: Tue Oct 10 21:39:09 2006 Subject: Calling All Network Administrators in the DC AREA Message-ID: <2C7100720056A2408E0DC6795A5CDF0A01B1DA13@COBS-EXCH-01.texaco.ovonic> Not worth it, cost of living requires more than than. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dennis Willson Sent: Tuesday, October 10, 2006 1:58 PM To: MailScanner discussion Subject: Re: Calling All Network Administrators in the DC AREA I don't know about anyone else, but I find this a little too off topic. Also, I don't know about in DC, but here in the SF bay area, the Microsoft Jr admins make that much... Real network admins get twice that (and some make even more than that). On Tue, 10 Oct 2006 11:57:24 -0400 "Errol Neal" wrote: >My company is looking to hire a network admin. Windows, Cisco, Unix. >If >you have the following, want employment 60K+ let me know. > > > >__________________________________________ >Errol Uriel Neal Jr. >Sr. Network Administrator >DFI International, Inc. >1717 Pennsylvania Ave NW, Suite 1300 >Washington, DC 20006 >Tel (202)452-6955 >Fax (202)452-6910 >eneal@dfi-intl.com >www.dfi-intl.com > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------------------------------------------- Dennis Willson taz@taz-mania.com http://www.taz-mania.com Ham: ka6lsw Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, Gas Blender Owner: Kepnet Internet Services Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------------------- This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. Readers of this message who are not the intended recipients, or the employees or agents responsible for delivering the message to the intended recipients, are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. --------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------- This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. Readers of this message who are not the intended recipients, or the employees or agents responsible for delivering the message to the intended recipients, are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. --------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at berger.nl Tue Oct 10 21:49:21 2006 From: mailscanner at berger.nl (mailscanner@berger.nl) Date: Tue Oct 10 21:49:45 2006 Subject: idea for next version Message-ID: <1160513361.3522@bsd4.nedport.net> Well, I am happily using mailscanner for a while now and it still works great. So I was checking mailwatch this evening and I found out that the spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. This is quiet logical because at daytime everybody is working and at night (well here in europe) only spammers are working. This can be used for the spamfiltering. I think if it is possible to f.e. do, "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more highscoring spam at night. Offcourse it will also hit ham, but as there is much less ham at night the possibility is less. Then, most off the overnight ham is mailinglist which are often whitelisted. Any ideas? Roger From campbell at cnpapers.com Tue Oct 10 22:06:40 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Oct 10 22:06:50 2006 Subject: idea for next version References: <1160513361.3522@bsd4.nedport.net> Message-ID: <001701c6ecaf$fb659bd0$0705000a@DDF5DW71> ----- Original Message ----- From: To: Sent: Tuesday, October 10, 2006 4:49 PM Subject: idea for next version > Well, I am happily using mailscanner for a while now and it still works > great. > > So I was checking mailwatch this evening and I found out that the spam / > ham percentage is 60% / 40% at daytime and 95% / 5% at night. This is > quiet logical because at daytime everybody is working and at night (well > here in europe) only spammers are working. This can be used for the > spamfiltering. I think if it is possible to f.e. do, "spamscore * 1.2" > between 11:00 pm and 7:00 am, it will hit more highscoring spam at night. > Offcourse it will also hit ham, but as there is much less ham at night the > possibility is less. Then, most off the overnight ham is mailinglist which > are often whitelisted. > > Any ideas? > > Roger > I tend to look at this in a different light. Spam is spam, and should be caught by rules, etc regardless of the time it arrives. Ham is the same also regardless of it's arrival time. A good set of rules should work fine any time of the day. The percentages only indicate when people are sending mail, so this is a useless figure for comparing day/night averages. For instance, if the same message that came in at night were resent during the day, how should the mail be treated? Different score and action? Steve From evan at espphotography.com Tue Oct 10 22:20:13 2006 From: evan at espphotography.com (Evan Platt) Date: Tue Oct 10 22:20:31 2006 Subject: idea for next version In-Reply-To: <1160513361.3522@bsd4.nedport.net> References: <1160513361.3522@bsd4.nedport.net> Message-ID: <200610102105.OAA20689@partners7.yack.com> At 01:49 PM 10/10/2006, you wrote: >Well, I am happily using mailscanner for a while now and it still works great. > >So I was checking mailwatch this evening and I found out that the >spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. >This is quiet logical because at daytime everybody is working and at >night (well here in europe) only spammers are working. This can be >used for the spamfiltering. I think if it is possible to f.e. do, >"spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more >highscoring spam at night. Offcourse it will also hit ham, but as >there is much less ham at night the possibility is less. Then, most >off the overnight ham is mailinglist which are often whitelisted. Day / night where? My timezone? Your timezone? Sending domain timezone? Even in the same country, this can be an issue - here in California at 10 PM at night, it's 1 AM east coast time. Likewise, at 6 AM on the east coast, it's 3 AM here. Then the problem is what about delays just because of whatever? Say someone tries to e-mail me at 5 PM, but my server is down. So their mail server tries again at 2 AM. Should that message be given a higher score because it came in at 2 AM? Just some points to ponder.... Evan From micoots at yahoo.com Tue Oct 10 22:42:34 2006 From: micoots at yahoo.com (Michael Mansour) Date: Tue Oct 10 22:42:38 2006 Subject: Virus detected: deleted store Message-ID: <20061010214234.16624.qmail@web33312.mail.mud.yahoo.com> Hi, I want to auto-delete a virus detected email but still store it in MailWatch. Do I just do this in this file: spam.actions.rules with the following statement: Virus: *@domain.com delete store ?? Thanks. Michael. ____________________________________________________ On Yahoo!7 Caller tones: Replace your ring tone with your favourite sound clip! http://callertones.yahoo7.mnetcorporation.com/ctonesmailtag From lshaw at emitinc.com Tue Oct 10 23:12:16 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Tue Oct 10 23:12:32 2006 Subject: idea for next version In-Reply-To: <001701c6ecaf$fb659bd0$0705000a@DDF5DW71> References: <1160513361.3522@bsd4.nedport.net> <001701c6ecaf$fb659bd0$0705000a@DDF5DW71> Message-ID: Roger wrote: >> So I was checking mailwatch this evening and I found out that the spam / >> ham percentage is 60% / 40% at daytime and 95% / 5% at night. This is quiet >> logical because at daytime everybody is working and at night (well here in >> europe) only spammers are working. This can be used for the spamfiltering. >> I think if it is possible to f.e. do, "spamscore * 1.2" between 11:00 pm >> and 7:00 am, it will hit more highscoring spam at night. Offcourse it will >> also hit ham, but as there is much less ham at night the possibility is >> less. On Tue, 10 Oct 2006, Steve Campbell wrote: > I tend to look at this in a different light. Spam is spam, and should be > caught by rules, etc regardless of the time it arrives. Ham is the same also > regardless of it's arrival time. A good set of rules should work fine any > time of the day. The percentages only indicate when people are sending mail, > so this is a useless figure for comparing day/night averages. True enough, but every other rule that SpamAssassin uses is a heuristic as well. They're all based on particular characteristics of the messages (or servers that send them) and some kind of statistical correlation between those characteristics and spamminess. > For instance, if the same message that came in at night were resent during > the day, how should the mail be treated? Different score and action? While I share the feeling that it is a little bit odd that the time a message arrives could sway its score, this is already true to some extent: real-time blacklists change over time (otherwise they wouldn't be real-time), and the score a message gets can be different one hour from what it is at the next hour. Overall, I think time of arrival could be safely used as yet another heuristic for determining if something is spam. The key thing is that the scores would need to be right, which I suspect means they'd need to be fairly low, something like 0.5 or so. SpamAssassin already handles setting scores by running a genetic algorithm (or whatever it is that it uses that replaced the GA in 3.x), but since this varies so much by site (what time zone the site is located in, what type of usage patterns it sees, etc.), there would need to be a reliable method of determining site-specific scores for this. To go in a different direction, as long as we're talking about time, another possibility is to apply time other places. For instance, you might have a time-dependent greylist. Make the greylist's delay much longer at night and shorter during the day. You'd get a lot of the effectiveness of greylisting but without as much delay during the active periods. Overall, though, I think although looking at time does give you additional information, it is not clear at all that the positives of going with it will outweigh the negatives. Time is a trait of a message (or message delivery) that has a strong correlation with spamminess, but there is also a steady stream of exceptions. So getting value out of looking at the time is likely to be that much harder because of that. - Logan From mkettler at evi-inc.com Tue Oct 10 23:19:07 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Oct 10 23:19:29 2006 Subject: idea for next version In-Reply-To: <1160513361.3522@bsd4.nedport.net> References: <1160513361.3522@bsd4.nedport.net> Message-ID: <452C1C5B.7010708@evi-inc.com> mailscanner@berger.nl wrote: > Well, I am happily using mailscanner for a while now and it still works great. > > So I was checking mailwatch this evening and I found out that the spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. This is quiet logical because at daytime everybody is working and at night (well here in europe) only spammers are working. This can be used for the spamfiltering. Actually, this suggestion isn't very new. It's been made dozens of times over on the SpamAssassin list. It really doesn't work out in the general case. Unfortunately, for most folks it's not as dramatic as 95/5.. and even for those it is, that's still a relatively poor spam rule. The problem being that rule scores can't be viewed in terms spam percentage. That's not how rule scoring in SA works. SA assigns rules by "fitting" the rule scores against a real-world test. In the event of overlapping hits on the same messages, this fitting winds up giving very little, if any, score to the worst-performing rule in an overlapping group. Rules with mediocre performance, like a mere 95% accuracy, often wind up finding themselves with no score because there are better rules to give the points to that cause fewer FPs. My numbers are more like 80/20, even for the "dead of night" hours: "Oct 9 00:" 81.2% spam "Oct 9 01:" 86.6% spam "Oct 9 02:" 83.5% spam ... "Oct 9 13:" 48.5% spam ... "Oct 9 21:" 72.6% spam "Oct 9 22:" 70.7% spam "Oct 9 23:" 78.3% spam A lot of what ratio you see depends highly on how "localized" your mail is. If you belong to a lot of globally-used mailing lists, your numbers at night will be little different than your numbers at noon. Ditto if you have lots of international contacts. I think if it is possible to f.e. do, "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more highscoring spam at night. Offcourse it will also hit ham, but as there is much less ham at night the possibility is less. Then, most off the overnight ham is mailinglist which are often whitelisted. You whitelist mailing lists? Regularly? Wow.. I don't. I only do such things for spam discussion lists. > > Any ideas? Quite frankly, geographic origin is a whole lot more accurate, and even that pretty well sucks. You might consider taking advantage of the RelayCountry plugin, and adding some rules like these (adjust scores, etc for your own geography:) # informational, mostly for checking how much these hit header RELAY_ES X-Relay-Countries=~/\bES\b/ describe RELAY_ES Relayed through Spain score RELAY_ES 0.01 header RELAY_UK X-Relay-Countries=~/\bGB\b/ describe RELAY_UK Relayed through Brittan score RELAY_UK 0.01 header RELAY_FR X-Relay-Countries=~/\bFR\b/ describe RELAY_FR Relayed through France score RELAY_FR 0.01 header RELAY_DE X-Relay-Countries=~/\bDE\b/ describe RELAY_DE Relayed through Germany score RELAY_DE 0.01 header RELAY_AT X-Relay-Countries=~/\bAT\b/ describe RELAY_AT Relayed through Austria score RELAY_AT 0.01 # these have VERY high spam volume and little legit mail # however, don't go over 3.0 or so with these. header RELAY_CN X-Relay-Countries=~/\bCN\b/ describe RELAY_CN Relayed through china score RELAY_CN 1.5 header RELAY_KR X-Relay-Countries=~/\bKR\b/ describe RELAY_KR Relayed through Korea score RELAY_KR 1.5 header RELAY_KP X-Relay-Countries=~/\bKP\b/ describe RELAY_KP Relayed through North Korea score RELAY_KP 1.5 #countries prone to abuse and low legit mail volume # can't score high due to some legit mail # however score bias of 0.1 to 1.5 is reasonable here # depending on the country in question header RELAY_AP X-Relay-Countries=~/\bAP\b/ describe RELAY_AP Relayed through generic AP score RELAY_AP 0.5 header RELAY_TW X-Relay-Countries=~/\bTW\b/ describe RELAY_TW Relayed through Taiwan score RELAY_TW 1.0 header RELAY_SK X-Relay-Countries=~/\bSK\b/ describe RELAY_SK Relayed through Slovakia score RELAY_TW 1.0 header RELAY_JP X-Relay-Countries=~/\bJP\b/ describe RELAY_JP Relayed through Japan score RELAY_JP 1.0 header RELAY_AR X-Relay-Countries=~/\bAR\b/ describe RELAY_AR Relayed through Argentina score RELAY_AR 1.0 header RELAY_BR X-Relay-Countries=~/\bBR\b/ describe RELAY_BR Relayed through Brazil score RELAY_BR 1.0 header RELAY_RU X-Relay-Countries=~/\bRU\b/ describe RELAY_RU Relayed through Russia score RELAY_RU 1.0 header RELAY_RO X-Relay-Countries=~/\bRO\b/ describe RELAY_RO Relayed through Romania score RELAY_RO 1.0 header RELAY_PS X-Relay-Countries=~/\bPS\b/ describe RELAY_PS Relayed through occupied Palestine score RELAY_PS 1.0 header RELAY_PL X-Relay-Countries=~/\bPL\b/ describe RELAY_PL Relayed through Poland score RELAY_PL 1.0 header RELAY_IL X-Relay-Countries=~/\bIL\b/ describe RELAY_IL Relayed through Israel score RELAY_IL 1.0 header RELAY_HU X-Relay-Countries=~/\bHU\b/ describe RELAY_HU Relayed through Hungary score RELAY_HU 1.0 header RELAY_NG X-Relay-Countries=~/\bNG\b/ describe RELAY_NG Relayed through Nigeria score RELAY_NG 1.0 header RELAY_PK X-Relay-Countries=~/\bPK\b/ describe RELAY_PK Relayed through Pakistan score RELAY_PK 1.0 header RELAY_GT X-Relay-Countries=~/\bGT\b/ describe RELAY_GT Relayed through Guatemala score RELAY_GT 1.0 From jon.bates at summitmotors.com.au Tue Oct 10 23:41:24 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Tue Oct 10 23:41:38 2006 Subject: File Type Checking - Excepting users to the rules In-Reply-To: <200610101009.k9AA8aI7010612@bkserver.blacknight.ie> Message-ID: <200610102241.k9AMfRuZ000426@summitmotors.com.au> Julian Field Wrote: > This is all documented on the wiki and in the book. Read this: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:ruleset s:overloading Eek! I have your book right in front of me.. I didn't look hard enough obviously! RTFMCloser! :P Thanks for the responses guys. Jon. From steve.swaney at fsl.com Tue Oct 10 23:43:06 2006 From: steve.swaney at fsl.com (Steve Swaney) Date: Tue Oct 10 23:43:09 2006 Subject: off-topic spamassassin Message-ID: <452C21FA.60403@fsl.com> This is a SpamAssassin question but I'm not on the SA list (to many lists as it is :() so if anybody can help I'd appreciate it. The spamassassin lint test issues this warning: 2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i [27341] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i [27341] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i [27341] warn: config: failed to parse line, skipping: : The "warn" message is not that helpful but in fairness to SA - most are very helpful. Sorry for the off topic post but any help appreciated. Thanks, Steve steve@fsl.com From mkettler at evi-inc.com Wed Oct 11 00:00:03 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Oct 11 00:00:27 2006 Subject: off-topic spamassassin In-Reply-To: <452C21FA.60403@fsl.com> References: <452C21FA.60403@fsl.com> Message-ID: <452C25F3.8040903@evi-inc.com> Steve Swaney wrote: > This is a SpamAssassin question but I'm not on the SA list (to many > lists as it is :() so if anybody can help I'd appreciate it. > > The spamassassin lint test issues this warning: > [27341] warn: config: failed to parse line, skipping: : > > The "warn" message is not that helpful but in fairness to SA - most are > very helpful. > > Sorry for the off topic post but any help appreciated. >From the looks of that, you have a line in somewhere in one of your config files that contains a single colon character. Personally, I'd start with checking all your /etc/mail/spamassassin/*.cf files. From ssilva at sgvwater.com Wed Oct 11 00:39:39 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 11 00:40:10 2006 Subject: idea for next version In-Reply-To: References: <1160513361.3522@bsd4.nedport.net> <001701c6ecaf$fb659bd0$0705000a@DDF5DW71> Message-ID: Logan Shaw spake the following on 10/10/2006 3:12 PM: > Roger wrote: >>> So I was checking mailwatch this evening and I found out that the >>> spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. >>> This is quiet logical because at daytime everybody is working and at >>> night (well here in europe) only spammers are working. This can be >>> used for the spamfiltering. I think if it is possible to f.e. do, >>> "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more >>> highscoring spam at night. Offcourse it will also hit ham, but as >>> there is much less ham at night the possibility is less. > > On Tue, 10 Oct 2006, Steve Campbell wrote: >> I tend to look at this in a different light. Spam is spam, and should >> be caught by rules, etc regardless of the time it arrives. Ham is the >> same also regardless of it's arrival time. A good set of rules should >> work fine any time of the day. The percentages only indicate when >> people are sending mail, so this is a useless figure for comparing >> day/night averages. > > True enough, but every other rule that SpamAssassin uses > is a heuristic as well. They're all based on particular > characteristics of the messages (or servers that send them) > and some kind of statistical correlation between those > characteristics and spamminess. > >> For instance, if the same message that came in at night were resent >> during the day, how should the mail be treated? Different score and >> action? > > While I share the feeling that it is a little bit odd that the > time a message arrives could sway its score, this is already > true to some extent: real-time blacklists change over time > (otherwise they wouldn't be real-time), and the score a message > gets can be different one hour from what it is at the next hour. > > Overall, I think time of arrival could be safely used as > yet another heuristic for determining if something is spam. > The key thing is that the scores would need to be right, which > I suspect means they'd need to be fairly low, something like > 0.5 or so. SpamAssassin already handles setting scores by > running a genetic algorithm (or whatever it is that it uses > that replaced the GA in 3.x), but since this varies so much > by site (what time zone the site is located in, what type > of usage patterns it sees, etc.), there would need to be a > reliable method of determining site-specific scores for this. > > To go in a different direction, as long as we're talking about > time, another possibility is to apply time other places. > For instance, you might have a time-dependent greylist. > Make the greylist's delay much longer at night and shorter > during the day. You'd get a lot of the effectiveness of > greylisting but without as much delay during the active periods. > > Overall, though, I think although looking at time does give > you additional information, it is not clear at all that > the positives of going with it will outweigh the negatives. > Time is a trait of a message (or message delivery) that has a > strong correlation with spamminess, but there is also a steady > stream of exceptions. So getting value out of looking at the > time is likely to be that much harder because of that. > > - Logan But many companies regularly have exec's and others working late, or from home. So you will be placing these people in the spammer class just because they work late? Or how about someone in Hawaii mailing something to New York at 5:00 Pm Hawaii time. That would be in the wee hours in New York, but not necessarily spam. Or if Julian sent me a message at 8:00AM in the UK, it would be about midnight here in the west coast of the US. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Wed Oct 11 01:24:33 2006 From: steve.swaney at fsl.com (Steve Swaney) Date: Wed Oct 11 01:24:35 2006 Subject: off-topic spamassassin In-Reply-To: <452C25F3.8040903@evi-inc.com> References: <452C21FA.60403@fsl.com> <452C25F3.8040903@evi-inc.com> Message-ID: <452C39C1.8040102@fsl.com> Matt Kettler wrote: > Steve Swaney wrote: > >> This is a SpamAssassin question but I'm not on the SA list (to many >> lists as it is :() so if anybody can help I'd appreciate it. >> >> The spamassassin lint test issues this warning: >> > > >> [27341] warn: config: failed to parse line, skipping: : >> >> The "warn" message is not that helpful but in fairness to SA - most are >> very helpful. >> >> Sorry for the off topic post but any help appreciated. >> > > >From the looks of that, you have a line in somewhere in one of your config files > that contains a single colon character. > > > Personally, I'd start with checking all your /etc/mail/spamassassin/*.cf files. > > > Matt, > > Thats why I posted to this list :) > > grep -l "^:" > > Showed up the offending line : > > mail:/etc/mail/spamassassin # grep -l "^:" * > > 70_sare_adult.cf > > There was a line that started with ":#" > > The error message was absolutely accurate! I just didn't parse it correctly. > > Many thanks - problem solved > > > Steve > > > From support-lists at petdoctors.co.uk Wed Oct 11 01:35:47 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Wed Oct 11 01:34:59 2006 Subject: spam forwarding not working In-Reply-To: <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> Message-ID: <001b01c6eccd$32bfcfc0$04000100@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Tuesday, October 10, 2006 10:32 AM To: MailScanner discussion Subject: Re: spam forwarding not working On 10/10/06, Nigel Kendrick wrote: > Hi guys, > > I have setup a spam mailbox on our local mail server that users can > submit their unwanted stuff to - it's called 'spam@[snipped]' > > The 'spam' mailbox is submitted to spamassassin every night via a cron job. > This works with no problems for mail that people manually forward, but > I also have this line in MailScanner.conf: > > High Scoring Spam Actions = delete forward spam@[snipped] > > Unfortunately, this triggers the following emails to me (at root): > > ++++++++++ > > This is the Postfix program at ... > > I'm sorry to have to inform you that your message could not be > delivered to one or more recipients. It's attached below. > > [Snip] > > : User unknown in virtual alias table > > ++++++++++ > > I have also tried local delivery by putting the forward address as > 'spam@servername' - am I hitting problems because spam is being > resubmitted to MailScanner before being forwarded, but even then why a 'user unknown' > message? > > MailScanner is 4.55.10, PostFix is 2:2.2.10-1.RHEL4.2 on CentOS 4.4 > > Thanks > > Nigel Kendrick > > Nigel, Virtual aliases are expanded _after_ MailScanner, so you cannot use a virtual alias in a rule like that (for addressing). Simply change it to the real address and things should work out OK:-). Sorry Glen - me being thick here - all our addresses are setup in a virtual alias list so what constitutes a 'real address' in this respect. From campbell at cnpapers.com Wed Oct 11 03:17:52 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Oct 11 03:18:20 2006 Subject: idea for next version In-Reply-To: References: <1160513361.3522@bsd4.nedport.net> <001701c6ecaf$fb659bd0$0705000a@DDF5DW71> Message-ID: <1160533072.452c5450da9c7@perdition.cnpapers.net> Quoting Scott Silva : > Logan Shaw spake the following on 10/10/2006 3:12 PM: > > Roger wrote: > >>> So I was checking mailwatch this evening and I found out that the > >>> spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. > >>> This is quiet logical because at daytime everybody is working and at > >>> night (well here in europe) only spammers are working. This can be > >>> used for the spamfiltering. I think if it is possible to f.e. do, > >>> "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more > >>> highscoring spam at night. Offcourse it will also hit ham, but as > >>> there is much less ham at night the possibility is less. > > > > On Tue, 10 Oct 2006, Steve Campbell wrote: > >> I tend to look at this in a different light. Spam is spam, and should > >> be caught by rules, etc regardless of the time it arrives. Ham is the > >> same also regardless of it's arrival time. A good set of rules should > >> work fine any time of the day. The percentages only indicate when > >> people are sending mail, so this is a useless figure for comparing > >> day/night averages. > > > My point here was that using percentages is only dependent on spam received. If you receive no spam, you're going to see 100% good mail. If you receive floods of spam, your percentage ratio changes. Now one or the other needs to change for the ratio to change. A good rule that blocks spam will block spam at either noon or 3:00 a.m. My reported ratio changed drastically by installing MimeDefang. My MTA still received the spam, but blocked a lot of it from MS/SA. The amount of mail reaching the MTA did not change. Percentages have always been a bad indicator of everything (except for 100% or 0%), Anything in between is relative. Would you rather receive 80% of $1.00 or 20% of $1,000.00? You have to apply the percentages in the proper context. > >> For instance, if the same message that came in at night were resent > >> during the day, how should the mail be treated? Different score and > >> action? > > > > While I share the feeling that it is a little bit odd that the > > time a message arrives could sway its score, this is already > > true to some extent: real-time blacklists change over time > > (otherwise they wouldn't be real-time), and the score a message > > gets can be different one hour from what it is at the next hour. But these lists are changing due to actual mail and the content of that mail, not because of the time of day that is current. If I were a spammer, and I discovered the fact that you are basing your score value on the time of day (or night), I would just change the time I send out my spam. This would adversely affect your system in a negative way. As a matter of fact, I am seeing more and more spam showing up during daytime hours. Nightly spam is still the more dominant norm though. I don't mind seeing that my ratio of spam to ham is high because it means I am stopping it. On the other hand, if total messages are low, the reverse ratio is OK. I'm just using CPU cycles to block all of that junk. If the total message count is high, and the spam to ham ratio is low, then I have to assume I can do better at some rules. But then, what will the ratio be whenever I have the perfect system using perfect rules? Zero spam to 100% ham!! But that won't happen, so the best I can do is try for something in between. Ultimately, you have to stop spam before it gets to the MS/SA before percentages mean anything, or accept high spam ratio. I think that is what I mean. Steve ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From glenn.steen at gmail.com Wed Oct 11 07:31:47 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 07:31:51 2006 Subject: spam forwarding not working In-Reply-To: <001b01c6eccd$32bfcfc0$04000100@support01> References: <223f97700610100231u162922a5l4f2fcced174ccf22@mail.gmail.com> <001b01c6eccd$32bfcfc0$04000100@support01> Message-ID: <223f97700610102331k12260ba3v7be3e68911a250fd@mail.gmail.com> On 11/10/06, Nigel Kendrick wrote: > (snip) > Sorry Glen - me being thick here - all our addresses are setup in a virtual > alias list so what constitutes a 'real address' in this respect. > Well, if your virtual users are really defined as virtual _aliases_ they do have a real destination (the righthand side in the virtual alias map file (as detailed here: http://www.postfix.org/VIRTUAL_README.html#virtual_alias). If specifying one of those borks out you might need whitelist locally submitted mails. virtual _mailboxes_ are quite something else:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at technologytiger.net Wed Oct 11 07:56:56 2006 From: drew at technologytiger.net (Drew Marshall) Date: Wed Oct 11 07:57:09 2006 Subject: spam forwarding not working In-Reply-To: <001b01c6eccd$32bfcfc0$04000100@support01> References: <001b01c6eccd$32bfcfc0$04000100@support01> Message-ID: <4AE9EE8E-CF87-4234-9E73-3819AC1C6B90@technologytiger.net> On 11 Oct 2006, at 01:35, Nigel Kendrick wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Glenn Steen > Sent: Tuesday, October 10, 2006 10:32 AM > To: MailScanner discussion > Subject: Re: spam forwarding not working > > On 10/10/06, Nigel Kendrick wrote: >> Hi guys, >> >> I have setup a spam mailbox on our local mail server that users can >> submit their unwanted stuff to - it's called 'spam@[snipped]' >> >> The 'spam' mailbox is submitted to spamassassin every night via a >> cron > job. >> This works with no problems for mail that people manually forward, >> but >> I also have this line in MailScanner.conf: >> >> High Scoring Spam Actions = delete forward spam@[snipped] >> >> Unfortunately, this triggers the following emails to me (at root): >> >> ++++++++++ >> >> This is the Postfix program at ... >> >> I'm sorry to have to inform you that your message could not be >> delivered to one or more recipients. It's attached below. >> >> [Snip] >> >> : User unknown in virtual alias table >> >> ++++++++++ >> >> I have also tried local delivery by putting the forward address as >> 'spam@servername' - am I hitting problems because spam is being >> resubmitted to MailScanner before being forwarded, but even then >> why a > 'user unknown' >> message? >> >> MailScanner is 4.55.10, PostFix is 2:2.2.10-1.RHEL4.2 on CentOS 4.4 >> >> Thanks >> >> Nigel Kendrick >> >> > Nigel, > > Virtual aliases are expanded _after_ MailScanner, so you cannot use a > virtual alias in a rule like that (for addressing). > Simply change it to the real address and things should work out OK:-). > > > > Sorry Glen - me being thick here - all our addresses are setup in a > virtual > alias list so what constitutes a 'real address' in this respect. In this instance i would suggest you need to forward the spam to spam@.[snipped] which makes it local. Make sure you have listed your host name in main.cf under myhostname and list $myhostname under mydestination. If you have multiple servers using a central database (Such as MySQL) you can play other tricks using NFS mounts and localhost but that's for another 'lesson' :-) Drew From martinh at solidstatelogic.com Wed Oct 11 09:05:26 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Wed Oct 11 09:05:42 2006 Subject: idea for next version In-Reply-To: <1160513361.3522@bsd4.nedport.net> References: <1160513361.3522@bsd4.nedport.net> Message-ID: <452CA5C6.4040809@solidstatelogic.com> mailscanner@berger.nl wrote: > Well, I am happily using mailscanner for a while now and it still works great. > > So I was checking mailwatch this evening and I found out that the spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. This is quiet logical because at daytime everybody is working and at night (well here in europe) only spammers are working. This can be used for the spamfiltering. I think if it is possible to f.e. do, "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more highscoring spam at night. Offcourse it will also hit ham, but as there is much less ham at night the possibility is less. Then, most off the overnight ham is mailinglist which are often whitelisted. > > Any ideas? > > Roger > Depends, we run Tokyo->Paris->UK->New York->LA offices through our MailScanner......not to mention all the international email lists we're all on.. I tend to find spam rises around 9am EST (Eest coast US) and dies off when the US goes home for the night .... can't think of why that could be ;-) -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at berger.nl Wed Oct 11 09:35:51 2006 From: mailscanner at berger.nl (mailscanner@berger.nl) Date: Wed Oct 11 09:36:23 2006 Subject: idea for next version In-Reply-To: Message-ID: <1160555750.41090@bsd4.nedport.net> Scott Silva wrote .. > Logan Shaw spake the following on 10/10/2006 3:12 PM: > > Roger wrote: > >>> So I was checking mailwatch this evening and I found out that the > >>> spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. > >>> This is quiet logical because at daytime everybody is working and at > >>> night (well here in europe) only spammers are working. This can be > >>> used for the spamfiltering. I think if it is possible to f.e. do, > >>> "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more > >>> highscoring spam at night. Offcourse it will also hit ham, but as > >>> there is much less ham at night the possibility is less. > > > > On Tue, 10 Oct 2006, Steve Campbell wrote: > >> I tend to look at this in a different light. Spam is spam, and should > >> be caught by rules, etc regardless of the time it arrives. Ham is the > >> same also regardless of it's arrival time. A good set of rules should > >> work fine any time of the day. The percentages only indicate when > >> people are sending mail, so this is a useless figure for comparing > >> day/night averages. > > > > True enough, but every other rule that SpamAssassin uses > > is a heuristic as well. They're all based on particular > > characteristics of the messages (or servers that send them) > > and some kind of statistical correlation between those > > characteristics and spamminess. > > > >> For instance, if the same message that came in at night were resent > >> during the day, how should the mail be treated? Different score and > >> action? > > > > While I share the feeling that it is a little bit odd that the > > time a message arrives could sway its score, this is already > > true to some extent: real-time blacklists change over time > > (otherwise they wouldn't be real-time), and the score a message > > gets can be different one hour from what it is at the next hour. > > > > Overall, I think time of arrival could be safely used as > > yet another heuristic for determining if something is spam. > > The key thing is that the scores would need to be right, which > > I suspect means they'd need to be fairly low, something like > > 0.5 or so. SpamAssassin already handles setting scores by > > running a genetic algorithm (or whatever it is that it uses > > that replaced the GA in 3.x), but since this varies so much > > by site (what time zone the site is located in, what type > > of usage patterns it sees, etc.), there would need to be a > > reliable method of determining site-specific scores for this. > > > > To go in a different direction, as long as we're talking about > > time, another possibility is to apply time other places. > > For instance, you might have a time-dependent greylist. > > Make the greylist's delay much longer at night and shorter > > during the day. You'd get a lot of the effectiveness of > > greylisting but without as much delay during the active periods. > > > > Overall, though, I think although looking at time does give > > you additional information, it is not clear at all that > > the positives of going with it will outweigh the negatives. > > Time is a trait of a message (or message delivery) that has a > > strong correlation with spamminess, but there is also a steady > > stream of exceptions. So getting value out of looking at the > > time is likely to be that much harder because of that. > > > > - Logan > But many companies regularly have exec's and others working late, or from > home. So you will be placing these people in the spammer class just because > they work late? > Or how about someone in Hawaii mailing something to New York at 5:00 Pm > Hawaii > time. That would be in the wee hours in New York, but not necessarily spam. > Or if Julian sent me a message at 8:00AM in the UK, it would be about midnight > here in the west coast of the US. > > -- > Well, as long as you can change the time. If you set 11:00Pm till 7:00 am I think you won't hit many people working late and even companies 5 hours away will be mainly closed at 6 pm. The idea is based on what I see for myself. This morning I had 51 spam mails which hit between 4(low) and 9(high). These were all real spam. Beside that I had 2 normal emails which had a score of -2,50 and whitelisted. The problem is that I had still 51 messages tagged as {Spam?} which I had to check manually. I checked a few of them and they mostly hit a score about 7 or 8. If I could multiply the spam score with f.e. 1.2 between 11pm an 7am it would 'upgrade' about 20 messages to highscoring which means I receive about 40% less spam in the morning. I won't try this at daytime because the chance of hitting ham is too big. Offcourse these are my findings. Maybe, the real thought behind it is that I have a very different ratio of spam/ham at night and at daytime, and this can be used to filter spam somehow. Or maybe, mailscanner spoiled me so far that I want too much ;-) Roger From dean.plant at roke.co.uk Wed Oct 11 09:45:08 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Wed Oct 11 09:45:14 2006 Subject: Mailscanner/Spam Assassin support for Microsoft IMF/SCLSpamscoring? Message-ID: <2181C5F19DD0254692452BFF3EAF1D6802671A6D@rsys005a.comm.ad.roke.co.uk> alex wrote: >> >> Duncan, Brian M. wrote: >>> Just the capability of being able to add a generic header to all >>> Spam detected messages would be a great start: >>> >>> X-MS-Exchange-Organization-SCL: 6.5 >> Read the docs. Check out "Spam Actions" and the "header" action. >>> > > Could it be done by changing Spam Score Header from: > X-%org-name%-MailScanner-SpamScore: > to: > X-MS-Exchange-Organization-SCL: > and then adding > Spam Score Number Format = %d > and > SpamScore Number Instead Of Stars = yes > > ? I'm not an exchange person and I am thinking out loud here but would the "X-MS-Exchange-Organization-SCL:" header be ignored if it is added from another relay, how would it make sure that the header is genuine? I do agree that this would be a great feature to get working though, as it seems the only other way to achieve this is to use commercial software called IMF tune that allows exchange to set the SCL score from the "X-Spam-Status: Yes" header. Dean. From uxbod at splatnix.net Wed Oct 11 12:31:22 2006 From: uxbod at splatnix.net (uxbod) Date: Wed Oct 11 12:31:39 2006 Subject: Mailscanner/Spam Assassin support for MicrosoftIMF/SCLSpamscoring? In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6802671A6D@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D6802671A6D@rsys005a.comm.ad.roke.co.uk> Message-ID: <8994aa0873480557ef1d632db434458e@localhost> How would Exchange know that it had been added by another relay ? It changes the headers inline when the email is received so as far as Exchange it concered the header is genuine. On Wed, 11 Oct 2006 09:45:08 +0100, "Plant, Dean" wrote: > alex wrote: >>> >>> Duncan, Brian M. wrote: >>>> Just the capability of being able to add a generic header to all >>>> Spam detected messages would be a great start: >>>> >>>> X-MS-Exchange-Organization-SCL: 6.5 >>> Read the docs. Check out "Spam Actions" and the "header" action. >>>> >> >> Could it be done by changing Spam Score Header from: >> X-%org-name%-MailScanner-SpamScore: >> to: >> X-MS-Exchange-Organization-SCL: >> and then adding >> Spam Score Number Format = %d >> and >> SpamScore Number Instead Of Stars = yes >> >> ? > > I'm not an exchange person and I am thinking out loud here but would the > "X-MS-Exchange-Organization-SCL:" header be ignored if it is added from > another relay, how would it make sure that the header is genuine? > > I do agree that this would be a great feature to get working though, as > it seems the only other way to achieve this is to use commercial > software called IMF tune that allows exchange to set the SCL score from > the "X-Spam-Status: Yes" header. > > Dean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From arturs at netvision.net.il Wed Oct 11 12:55:35 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Oct 11 12:57:31 2006 Subject: Double sendmail processes In-Reply-To: <452B7B12.3020601@chime.ucl.ac.uk> Message-ID: <015201c6ed2c$29a54a00$3701a8c0@lapxp> Hope so. Thanks, Anthony! Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: Tuesday, October 10, 2006 12:51 PM > To: MailScanner discussion > Subject: Re: Double sendmail processes > > Hi Arthur, > > Yes, after I sent my message I saw your reply to Jules. > > Sorry, I don't have detailed experience with your OS, so I am out of > ideas now. I am sure someone else on this list will pop up sooner or > later... > > Arthur Sherman wrote: > > Hi Anthony, > > > > It is the Mailscanner script that starts from rc.d. It has > been renamed to > > 'sendmail' - several apps needed this, since it is CentOS > based BlueQuartz > > appliance. > > So it is just what you say it should be. > > > > I am still wondering what would cause double sendmail processes... > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Anthony Peacock > >> Sent: Tuesday, October 10, 2006 11:55 AM > >> To: MailScanner discussion > >> Subject: Re: Double sendmail processes > >> > >> Hi Arthur, > >> > >> Someone who knows your OS better than I will probably be able > >> to help more. > >> > >> The standard mailscanner install creates a startup script for > >> mailscanner that also starts sendmail. In this instance you > >> would need > >> to stop sendmail starting as well. > >> > >> It looks like you are doing in the other way round, ie the > sendmail > >> script starts mailscanner. > >> > >> Arthur Sherman wrote: > >>> Hi Anthony, > >>> > >>> I didn't find anything. > >>> > >>> Here are starting services: > >>> --- > >>> [root@ns1 init.d]# chkconfig --list | grep on > >>> autofs 0:off 1:off 2:off 3:on 4:on > >> 5:on 6:off > >>> haldaemon 0:off 1:off 2:off 3:on 4:on > >> 5:on 6:off > >>> poprelayd 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> readahead 0:off 1:off 2:off 3:off 4:off > >> 5:on 6:off > >>> syslog 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> xinetd 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> DCC 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> netfs 0:off 1:off 2:off 3:on 4:on > >> 5:on 6:off > >>> sendmail 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> mysqld 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> dbrecover 0:off 1:on 2:on 3:on 4:on > >> 5:on 6:off > >>> bluequartz 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> microcode_ctl 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> saslauthd 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> clamav-milter 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> lm_sensors 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> admserv 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> network 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> kudzu 0:off 1:off 2:off 3:on 4:on > >> 5:on 6:off > >>> iptables 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> irqbalance 0:off 1:off 2:off 3:on 4:on > >> 5:on 6:off > >>> named 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> mdmonitor 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> crond 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> httpd 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> dovecot 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> clamd 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> gpm 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> readahead_early 0:off 1:off 2:off 3:off 4:off > >> 5:on 6:off > >>> cpuspeed 0:off 1:on 2:on 3:on 4:on > >> 5:on 6:off > >>> messagebus 0:off 1:off 2:off 3:on 4:on > >> 5:on 6:off > >>> mdchk 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> sshd 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> smartd 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> cced.init 0:off 1:off 2:on 3:on 4:on > >> 5:on 6:off > >>> rawdevices 0:off 1:off 2:off 3:on 4:on > >> 5:on 6:off > >>> --- > >>> > >>> Then I grepped for sendmail pattern: > >>> --- > >>> [root@ns1 init.d]# grep sendmail * > >>> clamav-milter:# description: clamav-milter is a daemon > >> which hooks into > >>> sendmail \ > >>> DCC:# dccm must be started before sendmail and stopped > >> after sendmail to > >>> avoid > >>> DCC:# complaints from sendmail > >>> DCC:# can be added to /etc/rc just before sendmail is > >> started and a line > >>> like > >>> diskdump:SENDMAIL="/usr/sbin/sendmail" > >>> poprelayd:# the pop-log-scrubber and sendmail relay db > >>> population tool. > >>> sendmail:# MailScanner, and its associated > >> copies of sendmail. > >>> sendmail:# If you are using sendmail, Exim or Postfix, > >> please try to avoid > >>> editing > >>> sendmail:MTA=sendmail > >>> sendmail:INPID=/var/run/sendmail.in.pid > >>> sendmail:OUTPID=/var/run/sendmail.out.pid > >>> sendmail:SENDMAIL=/usr/sbin/sendmail > >>> sendmail:# Start both the sendmail processes > >>> sendmail: elif [ $MTA = 'sendmail' ]; then > >>> sendmail: elif [ $MTA = 'sendmail' ]; then > >>> sendmail: # Start just incoming sendmail > >>> sendmail: # Start just outgoing sendmail > >>> sendmail: elif [ $MTA = "sendmail" ]; then > >>> sendmail: #killproc sendmail 2>/dev/null > >>> sendmail: elif [ $MTA = "sendmail" ]; then > >>> sendmail: #killproc /usr/sbin/sendmail 2>/dev/null > >>> sendmail: if [ $MTA = "sendmail" ]; then > >>> sendmail: # Now the incoming sendmail > >>> sendmail: echo -n ' incoming sendmail: ' > >>> sendmail: #pid=`ps ax | egrep > >> '\[sendmail\]|sendmai[l]: accepting > >>> connections'` > >>> sendmail: # Now the outgoing sendmail > >>> sendmail: echo -n ' outgoing sendmail: ' > >>> sendmail: #pid=`ps ax | egrep '\[sendmail\]|sendmai[l] > >>> -q[0-9]*[mhd]|sendmail: Queue runner' | grep -v grep` > >>> --- > >>> > >>> Did I miss something? > >>> > >>> Thanks! > >>> > >>> > >>> Best, > >>> > >>> -- > >>> Arthur Sherman > >>> > >>> +972-52-4878851 > >>> CPTeam > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >>>> Of Anthony Peacock > >>>> Sent: Tuesday, October 10, 2006 10:05 AM > >>>> To: MailScanner discussion > >>>> Subject: Re: Double sendmail processes > >>>> > >>>> Hi Arthur, > >>>> > >>>> Check all of the files on the init directory to see if any of > >>>> the others > >>>> start sendmail as well. Do you have a mailscanner > script in there? > >>>> > >>>> Arthur Sherman wrote: > >>>>> Hello, > >>>>> > >>>>> On my server, Mailscanner is started as > /etc/rc.d/init.d/sendmail. > >>>>> Every time the server is restarted, I see double sendmail > >>>> processes, i.e. 2 > >>>>> of /var/spool/clientmqueue, and 2 of /var/spool/mqueue. > >>>>> After I manually restart Mailscanner, it starts only one pair. > >>>>> > >>>>> Q1: why are double processes started? > >>>>> Q2: how could I fix this? > >>>>> > >>>>> Thanks! > >>>>> > >>>>> > >>>>> Best, > >>>>> > >>>>> -- > >>>>> Arthur Sherman > >>>>> > >>>>> +972-52-4878851 > >>>>> CPTeam > >>>>> > >>>> -- > >>>> Anthony Peacock > >>>> CHIME, Royal Free & University College Medical School > >>>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > >>>> "If you have an apple and I have an apple and we > exchange apples > >>>> then you and I will still each have one apple. But if > you have an > >>>> idea and I have an idea and we exchange these ideas, then > >> each of us > >>>> will have two ideas." -- George Bernard Shaw > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Anthony Peacock > >> CHIME, Royal Free & University College Medical School > >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > >> "If you have an apple and I have an apple and we exchange apples > >> then you and I will still each have one apple. But if you have an > >> idea and I have an idea and we exchange these ideas, then > each of us > >> will have two ideas." -- George Bernard Shaw > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "If you have an apple and I have an apple and we exchange apples > then you and I will still each have one apple. But if you have an > idea and I have an idea and we exchange these ideas, then each of us > will have two ideas." -- George Bernard Shaw > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Wed Oct 11 13:37:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 13:37:26 2006 Subject: Double sendmail processes In-Reply-To: <00c801c6ec51$28ebb580$3701a8c0@lapxp> References: <452B5888.4010207@ecs.soton.ac.uk> <00c801c6ec51$28ebb580$3701a8c0@lapxp> Message-ID: <223f97700610110537i2ac2d998v826bc8931d5d3589@mail.gmail.com> On 10/10/06, Arthur Sherman wrote: > Hi Jules, > > Sendmail is actually MailScanner. It was renamed for compatibility with > other apps - old trick from some forum, which used to work before. > Did the trick include checking that you don't get multiple start and kill script "pointers" to the actual script (nor "dangling symlinks") from the actual runlevel-specific rc-script directories? Check ls -l /etc/rc?.d/*|grep -i mail or possibly ls -l /etc/rc.d/r*/*|grep -i mail might be that you are simply ruunning the same start script twice (although one would hope that starting the second one would simply fail... subsys lock or somesuch...), perhaps with different names... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at woodmclaw.com Wed Oct 11 14:05:46 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Oct 11 14:15:50 2006 Subject: off-topic spamassassin In-Reply-To: <452C21FA.60403@fsl.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F3D@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steve Swaney > Sent: Tuesday, October 10, 2006 6:43 PM > To: mailscanner@lists.mailscanner.info > Subject: off-topic spamassassin > > This is a SpamAssassin question but I'm not on the SA list (to many > lists as it is :() so if anybody can help I'd appreciate it. > > The spamassassin lint test issues this warning: > > 2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|% 20 > |[\s+&#])'i > [27341] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]* ?( > ?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i > [27341] dbg: config: adding redirector regex: > m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(. *? > )(?:$|[&#])'i > [27341] warn: config: failed to parse line, skipping: : > > The "warn" message is not that helpful but in fairness to SA - most are > very helpful. > > Sorry for the off topic post but any help appreciated. > > Thanks, > > Steve > steve@fsl.com > -- I am getting this as well, or similar: [16355] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i 0.14354 [16355] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i 0.00022 [16355] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i 0.00024 [16355] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i 0.00022 [16355] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i 0.00024 [16355] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i 0.00025 [16355] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 0.00024 [16355] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i 0.0003 [16355] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?: $|[&#])'i 0.00038 [16355] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]* ?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i 0.00036 [16355] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]* ?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i 0.00042 [16355] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(. *?)(?:$|[&#])'i -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at dido.ca Wed Oct 11 14:33:38 2006 From: rob at dido.ca (Rob Morin) Date: Wed Oct 11 14:33:45 2006 Subject: Bayse problem? Message-ID: <452CF2B2.7050606@dido.ca> Just wondering why i would have this as an output.... I am not really familiar with Bayes... can someone point me to some docs on how to set it up or make sure it works fine... MS version 4.53.3(installed with Julian's scripty thingy), SA version 3.11 on Debian with Postfix Thanks here is an output peter:/opt/MailScanner/etc# sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 0 0 non-token data: nspam 0.000 0 0 0 non-token data: nham 0.000 0 0 0 non-token data: ntokens 0.000 0 0 0 non-token data: oldest atime 0.000 0 0 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From bpumphrey at woodmclaw.com Wed Oct 11 14:33:50 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Oct 11 14:33:57 2006 Subject: OT: Mail::SpamAssassin::Plugin::ReplaceTags In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F3D@woodenex.woodmaclaw.local> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F40@woodenex.woodmaclaw.local> In my lint test it takes 1.62 seconds for the line of: [20030] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xade3c24) implements 'finish_parsing_end' Do you use this plugin? I do not recall enabling it manually so seems to be on by default. I looked up what it does and searched the web site: http://wiki.apache.org/spamassassin/ReplaceTags Could only come up with descriptions and such. Thank you Billy Pumphrey IT Manager Wooden & McLaughlin -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From daniel.maher at ubisoft.com Wed Oct 11 14:34:10 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Wed Oct 11 14:34:14 2006 Subject: idea for next version In-Reply-To: <452C1C5B.7010708@evi-inc.com> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D323@UBIMAIL1.ubisoft.org> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > Sent: October 10, 2006 6:19 PM > To: MailScanner discussion > Subject: Re: idea for next version > > Actually, this suggestion isn't very new. It's been made dozens of times > over on > the SpamAssassin list. It really doesn't work out in the general case. > > Unfortunately, for most folks it's not as dramatic as 95/5.. and even for > those > it is, that's still a relatively poor spam rule.> > Quite frankly, geographic origin is a whole lot more accurate, and even > that > pretty well sucks. You might consider taking advantage of the RelayCountry > plugin, and adding some rules like these (adjust scores, etc for your own > geography:) I sometimes envy those of you out there that can filter based on time, origin, relay, language, and other such features. I'm sure it cuts down on your spam quite a bit. Unfortunately for me, my incoming mail servers handle mail for time zones ranging from +10 to -8; including major offices in China and Eastern Europe. Suffice it to say that we process /a lot/ of legitimate mail that would probably otherwise be blocked by many mail servers which are English-speaking North American centric. -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. From arturs at netvision.net.il Wed Oct 11 14:46:24 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Oct 11 14:48:22 2006 Subject: Double sendmail processes In-Reply-To: <223f97700610110537i2ac2d998v826bc8931d5d3589@mail.gmail.com> Message-ID: <016401c6ed3b$a49c06e0$3701a8c0@lapxp> Bingo! Output shows: [root@ns1 log]# ls -l /etc/rc?.d/*|grep -i mail lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc0.d/K30sendmail -> ../init.d/sendmail lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc1.d/K30sendmail -> ../init.d/sendmail lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc2.d/S80sendmail -> ../init.d/sendmail lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc3.d/S80sendmail -> ../init.d/sendmail lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc4.d/S80sendmail -> ../init.d/sendmail lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc5.d/S80sendmail -> ../init.d/sendmail lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc6.d/K30sendmail -> ../init.d/sendmail Shall I remove them? Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Wednesday, October 11, 2006 2:37 PM > To: MailScanner discussion > Subject: Re: Double sendmail processes > > On 10/10/06, Arthur Sherman wrote: > > Hi Jules, > > > > Sendmail is actually MailScanner. It was renamed for > compatibility with > > other apps - old trick from some forum, which used to work before. > > > Did the trick include checking that you don't get multiple start and > kill script "pointers" to the actual script (nor "dangling symlinks") > from the actual runlevel-specific rc-script directories? > > Check > ls -l /etc/rc?.d/*|grep -i mail > or possibly > ls -l /etc/rc.d/r*/*|grep -i mail > > might be that you are simply ruunning the same start script twice > (although one would hope that starting the second one would simply > fail... subsys lock or somesuch...), perhaps with different names... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From bpumphrey at woodmclaw.com Wed Oct 11 15:06:09 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed Oct 11 15:06:25 2006 Subject: Adding to the WIKI In-Reply-To: <452CF2B2.7050606@dido.ca> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F44@woodenex.woodmaclaw.local> I want to add a section under http://wiki.mailscanner.info/doku.php?id=&idx=documentation:related_soft ware:management:mailwatch:tips For reports. I will start putting examples of report searches/syntax in there. I tried and tried to figure out how to add a page but failed. I created a login. I read the namespace link. I tried putting the page name in the URL. Will someone please answer my newb question? Billy Pumphrey IT Manager Wooden & McLaughlin -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Wed Oct 11 15:14:02 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Oct 11 15:14:18 2006 Subject: idea for next version In-Reply-To: <452CA5C6.4040809@solidstatelogic.com> References: <1160513361.3522@bsd4.nedport.net> <452CA5C6.4040809@solidstatelogic.com> Message-ID: <7.0.1.0.0.20061011101150.0dd9e018@1bigthink.com> At 04:05 AM 10/11/2006, you wrote: >I tend to find spam rises around 9am EST (Eest coast US) and dies >off when the US goes home for the night .... can't think of why that >could be ;-) Uh, duh, maybe all our bot infected C&C machines on Spamcast, Ver-botspam? I block 20-30 each per day. From dnsadmin at 1bigthink.com Wed Oct 11 15:18:23 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Oct 11 15:18:38 2006 Subject: idea for next version In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D323@UBIMAIL1.ubisoft. org> References: <452C1C5B.7010708@evi-inc.com> <1E293D3FF63A3740B10AD5AAD88535D20226D323@UBIMAIL1.ubisoft.org> Message-ID: <7.0.1.0.0.20061011101523.0dda0158@1bigthink.com> At 09:34 AM 10/11/2006, you wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > > Sent: October 10, 2006 6:19 PM > > To: MailScanner discussion > > Subject: Re: idea for next version > > > > > Actually, this suggestion isn't very new. It's been made dozens of times > > over on > > the SpamAssassin list. It really doesn't work out in the general case. > > > > Unfortunately, for most folks it's not as dramatic as 95/5.. and even for > > those > > it is, that's still a relatively poor spam rule.> > > > Quite frankly, geographic origin is a whole lot more accurate, and even > > that > > pretty well sucks. You might consider taking advantage of the RelayCountry > > plugin, and adding some rules like these (adjust scores, etc for your own > > geography:) > >I sometimes envy those of you out there that can filter based on >time, origin, relay, language, and other such features. I'm sure it >cuts down on your spam quite a bit. > >Unfortunately for me, my incoming mail servers handle mail for time >zones ranging from +10 to -8; including major offices in China and >Eastern Europe. > >Suffice it to say that we process /a lot/ of legitimate mail that >would probably otherwise be blocked by many mail servers which are >English-speaking North American centric. > I tend to agree. Our firm could have utilized that sort of filtering two to three years ago. But now, not at all. Notice that a lot of what us North Americans used to receive in spam from hosts in China are now arriving from Botnets on North American and Mexican machines. That has changed the arrival time of the spam as well as the origin. Cheers! From glenn.steen at gmail.com Wed Oct 11 15:38:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 15:38:57 2006 Subject: Bayse problem? In-Reply-To: <452CF2B2.7050606@dido.ca> References: <452CF2B2.7050606@dido.ca> Message-ID: <223f97700610110738g1df42eafy49754a22a5c198a0@mail.gmail.com> On 11/10/06, Rob Morin wrote: > Just wondering why i would have this as an output.... > > I am not really familiar with Bayes... > can someone point me to some docs on how to set it up or make sure it > works fine... > > MS version 4.53.3(installed with Julian's scripty thingy), SA version > 3.11 on Debian with Postfix > > Thanks > > here is an output > peter:/opt/MailScanner/etc# sa-learn --dump magic Hi Rob, Since you are using postfix, chances are great that you are using a non-priviledged user (likely postfix, perhaps with the group postfix) to run MailScanner. So SpamAssassin (with bayes) isn't run as root, but rather as that user. If you make sure you have a proper bayes_path (detailing your actual "active" bays db) and perhaps a proper bayes_filemode specification in one of local.cf or mailscanner.cf (a.k.a. spam.assassin.prefs.conf ... Think that symlink was present in version 4.53.3 too) in /etc/mail/spamassassin, everything should work OK for any user with read permission on the files (make sure the postfix user has that explicitly, by making it the owner). Test things by way of becoming the postfix user and running things...: su - postfix -s /bin/bash sa-learn --dump magic spamassassin --lint -D 2>&1 | less -e Look through the above to see that SA can bind/tie to the "database", and that it seems to contain enough ham/spam. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Oct 11 15:48:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 15:48:35 2006 Subject: Double sendmail processes In-Reply-To: <016401c6ed3b$a49c06e0$3701a8c0@lapxp> References: <223f97700610110537i2ac2d998v826bc8931d5d3589@mail.gmail.com> <016401c6ed3b$a49c06e0$3701a8c0@lapxp> Message-ID: <223f97700610110748q6e0c08a7u250b58cdba679103@mail.gmail.com> On 11/10/06, Arthur Sherman wrote: > Bingo! Sad to be dampening your enthusiasm Arther.... Look below. > > Output shows: > [root@ns1 log]# ls -l /etc/rc?.d/*|grep -i mail > lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc0.d/K30sendmail -> > ../init.d/sendmail > lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc1.d/K30sendmail -> > ../init.d/sendmail > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc2.d/S80sendmail -> > ../init.d/sendmail > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc3.d/S80sendmail -> > ../init.d/sendmail > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc4.d/S80sendmail -> > ../init.d/sendmail > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc5.d/S80sendmail -> > ../init.d/sendmail > lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc6.d/K30sendmail -> > ../init.d/sendmail > > Shall I remove them? > No, that would not be that great:-). Those look quite normal to me, and removing them would make them not "respond correctly" to runleve changes... What I was hoping for would've been more of the form: lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc5.d/S80sendmail -> ../init.d/sendmail lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc5.d/S85sendmail -> ../init.d/sendmail ... That is, more than one symlink to the same script. No luck with that:-(. What you have above shouldn't be touched manually (you manage it via chkconfig). A "tangenting idea" is that you should look through the other bootup rc-scripts, like /etc/rc.local (grep through /etc/rc.* for sendmail perhaps). Since the "doubles" happen upon reboot, it kind of must be something related to those:-). ... Or perhaps some opportunistic cron-job? Not that likely... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From edwardbruce at sbcglobal.net Wed Oct 11 15:50:11 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Oct 11 15:50:17 2006 Subject: MCP Issue Message-ID: <452D04A3.3050107@sbcglobal.net> I'm running MS v 4.56.6 and just noticed a strange error today. I have MCP setup to catch a few derogotary terms. More for testing purposes then actually use. It rarely gets any hits. But today it is consistently hitting one person. The funny thing it is matching on rules in the spam rules and not the MCP rules. The last message had the following from MailWatch for Spam: cached not score=0.22 5.6 required -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 1.10 FM_MULTI_ODD2 0.00 FORGED_OUTLOOK_HTML Outlook can't send HTML message only 0.00 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format 0.50 HTML_40_50 Message is 40% to 50% HTML 0.00 HTML_MESSAGE HTML included in message 0.22 MIME_BASE64_NO_NAME base64 attachment does not have a file name 0.00 MIME_HTML_ONLY Message only has text/html MIME parts 1.00 SUBJ_ALL_CAPS Subject is all capitals In the MCP section: MCP Score: 4.61 MCP Report: Score Matching Rule Description ALL_TRUSTED FORGED_OUTLOOK_HTML FORGED_OUTLOOK_TAGS HTML_MESSAGE MIME_HTML_ONLY SUBJ_ALL_CAPS I'm confused how the MCP section is suddenly matching my SA rules instead of the ones I created for MCP? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061011/696db771/attachment.html From glenn.steen at gmail.com Wed Oct 11 15:59:31 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 15:59:36 2006 Subject: Adding to the WIKI In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F44@woodenex.woodmaclaw.local> References: <452CF2B2.7050606@dido.ca> <04D932B0071FE34FA63EBB1977B48D1501C13F44@woodenex.woodmaclaw.local> Message-ID: <223f97700610110759s6dc6131alfa427cd441c2466e@mail.gmail.com> On 11/10/06, Billy A. Pumphrey wrote: > I want to add a section under > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:related_soft > ware:management:mailwatch:tips > > For reports. I will start putting examples of report searches/syntax in > there. I tried and tried to figure out how to add a page but failed. I > created a login. I read the namespace link. I tried putting the page > name in the URL. > > Will someone please answer my newb question? Yes. You can "create" any page (and "needed directory structure") by doing one of: 1) accessing the nonexistant entry directly through a manually entered URL 2) entering the "page path" in the search box ... and then creating the page by clicking the create page button. Note that creating documentation:related_software:management:mailwatch:tips will create a page... if you want the subdirectory created, create documentation:related_software:management:mailwatch:tips:whatever instead. Since the only way to remove directory structure is via shell access to the webserver, one should be a tad restrictive with that:-). One might also add that these tips likely would fit better in the mailwatch wiki than the mailscanner one;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From andy at tireswing.net Wed Oct 11 16:22:53 2006 From: andy at tireswing.net (Andy Norris) Date: Wed Oct 11 16:34:32 2006 Subject: LOTS of sendmail processes Message-ID: <6.2.3.4.2.20061011102214.0259fab8@mail.finedaycoming.com> When I issue a service sendmail restart command, I get nine pids immediately, and it goes up from there. Way up most of the time. I have lots of email that is not being scanned by MailScanner at all, and it's just the last few days this has been happening. sendmail v8.12.11 RHEL ES v3 (Taroon update 4) Avg load somewhere around 0.25 (goes to 0.60 and higher depending on time of day) Perl v5.8.0 Using spamassassin v3.1.0 This is on a machine running Ensim Pro 4.0.3-22.rhel.3ES I'm tempted a bit to "uninstall" MailScanner and SpamAssassin -- if that's possible -- and start all over again. I know it's got to be something that was duplicated somewhere... my fault, of course. Thanks, Andy From rob at dido.ca Wed Oct 11 16:47:48 2006 From: rob at dido.ca (Rob Morin) Date: Wed Oct 11 16:47:58 2006 Subject: Bayse problem? In-Reply-To: <223f97700610110738g1df42eafy49754a22a5c198a0@mail.gmail.com> References: <452CF2B2.7050606@dido.ca> <223f97700610110738g1df42eafy49754a22a5c198a0@mail.gmail.com> Message-ID: <452D1224.4000400@dido.ca> interesting... :) postfix@peter:~$ sa-learn --dump magic bayes: cannot open bayes databases /opt/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied bayes: cannot open bayes databases /opt/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied ERROR: Bayes dump returned an error, please re-run with -D for more information after making postfix the owner postfix@peter:~$ sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 0 0 non-token data: nspam 0.000 0 0 0 non-token data: nham 0.000 0 0 0 non-token data: ntokens 0.000 0 0 0 non-token data: oldest atime 0.000 0 0 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count After a few minutes.... peter:/opt/MailScanner/bayes# sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 10 0 non-token data: nspam 0.000 0 1 0 non-token data: nham 0.000 0 1974 0 non-token data: ntokens 0.000 0 1160581441 0 non-token data: oldest atime 0.000 0 1160581687 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count So should bayes learn now? or do i need to check somethign else... thanks for the quick reply! :) sorry for the long output...... postfix@peter:~$ spamassassin --lint -D 2>&1 | less -e [3673] dbg: logger: adding facilities: all [3673] dbg: logger: logging level is DBG [3673] dbg: generic: SpamAssassin version 3.1.1 [3673] dbg: config: score set 0 chosen. [3673] dbg: util: running in taint mode? yes [3673] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [3673] dbg: util: PATH included '/usr/local/bin', keeping [3673] dbg: util: PATH included '/usr/bin', keeping [3673] dbg: util: PATH included '/bin', keeping [3673] dbg: util: PATH included '/usr/bin/X11', keeping [3673] dbg: util: PATH included '/usr/games', keeping [3673] dbg: util: final PATH set to: /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games [3673] dbg: dns: is Net::DNS::Resolver available? yes [3673] dbg: dns: Net::DNS version: 0.57 [3673] dbg: diag: perl platform: 5.008004 linux [3673] dbg: diag: module installed: Digest::SHA1, version 2.10 [3673] dbg: diag: module installed: Getopt::Long, version 2.34 [3673] dbg: diag: module installed: LWP::UserAgent, version 2.033 [3673] dbg: diag: module installed: HTTP::Date, version 1.46 [3673] dbg: diag: module installed: Archive::Tar, version 1.26 [3673] dbg: diag: module installed: IO::Zlib, version 1.04 [3673] dbg: diag: module installed: DB_File, version 1.808 [3673] dbg: diag: module installed: HTML::Parser, version 3.48 [3673] dbg: diag: module installed: MIME::Base64, version 3.04 [3673] dbg: diag: module installed: Net::DNS, version 0.57 [3673] dbg: diag: module installed: Net::SMTP, version 2.26 [3673] dbg: diag: module installed: Mail::SPF::Query, version 1.997 [3673] dbg: diag: module installed: IP::Country::Fast, version 309.002 [3673] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed) [3673] dbg: diag: module not installed: Net::Ident ('require' failed) [3673] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [3673] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) [3673] dbg: diag: module installed: Time::HiRes, version 1.59 [3673] dbg: diag: module installed: DBI, version 1.50 [3673] dbg: ignore: using a test message to lint rules [3673] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [3673] dbg: config: read file /etc/mail/spamassassin/init.pre [3673] dbg: config: read file /etc/mail/spamassassin/v310.pre [3673] dbg: config: using "/usr/local/share/spamassassin" for sys rules pre files [3673] dbg: config: using "/usr/local/share/spamassassin" for default rules dir [3673] dbg: config: read file /usr/local/share/spamassassin/10_misc.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_advance_fee.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_anti_ratware.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_body_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_compensate.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_drugs.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_head_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_html_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_meta_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_net_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_phrases.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_porn.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_ratware.cf [3673] dbg: config: read file /usr/local/share/spamassassin/20_uri_tests.cf [3673] dbg: config: read file /usr/local/share/spamassassin/23_bayes.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_accessdb.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_antivirus.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_body_tests_es.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_body_tests_pl.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_dcc.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_domainkeys.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_hashcash.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_pyzor.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_razor2.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_replace.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_spf.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_textcat.cf [3673] dbg: config: read file /usr/local/share/spamassassin/25_uribl.cf [3673] dbg: config: read file /usr/local/share/spamassassin/30_text_de.cf [3673] dbg: config: read file /usr/local/share/spamassassin/30_text_fr.cf [3673] dbg: config: read file /usr/local/share/spamassassin/30_text_it.cf [3673] dbg: config: read file /usr/local/share/spamassassin/30_text_nl.cf [3673] dbg: config: read file /usr/local/share/spamassassin/30_text_pl.cf [3673] dbg: config: read file /usr/local/share/spamassassin/30_text_pt_br.cf [3673] dbg: config: read file /usr/local/share/spamassassin/50_scores.cf [3673] dbg: config: read file /usr/local/share/spamassassin/60_awl.cf [3673] dbg: config: read file /usr/local/share/spamassassin/60_whitelist.cf [3673] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_spf.cf [3673] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_subject.cf [3673] dbg: config: using "/etc/mail/spamassassin" for site rules dir [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_header.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_header0.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_header2.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu2.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu3.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_stocks.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_unsub.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_uri0.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_uri1.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_uri3.cf [3673] dbg: config: read file /etc/mail/spamassassin/70_sare_uri_eng.cf [3673] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf [3673] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf [3673] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf [3673] dbg: config: read file /etc/mail/spamassassin/88_FVGT_headers.cf [3673] dbg: config: read file /etc/mail/spamassassin/88_FVGT_rawbody.cf [3673] dbg: config: read file /etc/mail/spamassassin/88_FVGT_subject.cf [3673] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf [3673] dbg: config: read file /etc/mail/spamassassin/99_FVGT_meta.cf [3673] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [3673] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [3673] dbg: config: read file /etc/mail/spamassassin/imageinfo.cf [3673] dbg: config: read file /etc/mail/spamassassin/local.cf [3673] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [3673] dbg: config: read file /etc/mail/spamassassin/random.cf [3673] dbg: config: read file /etc/mail/spamassassin/tripwire.cf [3673] dbg: config: using "/var/spool/postfix/.spamassassin" for user state dir [3673] dbg: config: using "/var/spool/postfix/.spamassassin" for user state dir [3673] warn: config: cannot write to /var/spool/postfix/.spamassassin/user_prefs: Permission denied [3673] warn: config: failed to create default user preference file /var/spool/postfix/.spamassassin/user_prefs [3673] dbg: config: using "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x910aa44) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90e3ecc) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9141b54) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9148554) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [3673] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF=HASH(0x91485b4), already registered [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [3673] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9345bd8), already registered [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from /etc/mail/spamassassin/plugins/ImageInfo.pm [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x9125174) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [3673] dbg: dcc: network tests on, registering DCC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x91d18a0) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [3673] dbg: pyzor: network tests on, attempting Pyzor [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91ac8f8) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [3673] dbg: razor2: razor2 is not available [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x915dcec) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [3673] dbg: reporter: network tests on, attempting SpamCop [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9179798) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x9195ef8) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9196eb8) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9197944) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9198640) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [3673] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91996e4) [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [3673] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x91993a8), already registered [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [3673] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c), already registered [3673] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [3673] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x91486f8), already registered [3673] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [3673] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [3673] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [3673] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [3673] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [3673] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [3673] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [3673] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i [3673] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i [3673] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20 |[\s+&\#])'i [3673] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$ |%22|["\s+&\#])'i [3673] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&\#])'i [3673] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91996e4) implements 'finish_parsing_end' [3673] dbg: replacetags: replacing tags [3673] dbg: replacetags: done replacing tags [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_toks [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_seen [3673] dbg: bayes: found bayes db version 3 [3673] dbg: bayes: DB journal sync: last sync: 0 [3673] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 [3673] dbg: bayes: untie-ing [3673] dbg: bayes: untie-ing db_toks [3673] dbg: bayes: untie-ing db_seen [3673] dbg: config: score set 1 chosen. [3673] dbg: message: ---- MIME PARSER START ---- [3673] dbg: message: main message type: text/plain [3673] dbg: message: parsing normal part [3673] dbg: message: added part, type: text/plain [3673] dbg: message: ---- MIME PARSER END ---- [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_toks [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_seen [3673] dbg: bayes: found bayes db version 3 [3673] dbg: bayes: DB journal sync: last sync: 0 [3673] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 [3673] dbg: bayes: untie-ing [3673] dbg: bayes: untie-ing db_toks [3673] dbg: bayes: untie-ing db_seen [3673] dbg: dns: dns_available set to yes in config file, skipping test [3673] dbg: metadata: X-Spam-Relays-Trusted: [3673] dbg: metadata: X-Spam-Relays-Untrusted: [3673] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x9148554) implements 'extract_metadata' [3673] dbg: metadata: X-Relay-Countries: [3673] dbg: message: no encoding detected [3673] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x910aa44) implements 'parsed_metadata' [3673] dbg: uridnsbl: domains to query: [3673] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-lastexternal [3673] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [3673] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl [3673] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [3673] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal [3673] dbg: dns: checking RBL combined.njabl.org., set njabl [3673] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois [3673] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal [3673] dbg: dns: checking RBL bl.spamcop.net., set spamcop [3673] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [3673] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal [3673] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal [3673] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs [3673] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [3673] dbg: check: running tests for priority: 0 [3673] dbg: rules: running header regexp tests; score so far=0 [3673] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [3673] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1160581460@lint_rules> [3673] dbg: rules: " [3673] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [3673] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [3673] dbg: rules: " [3673] dbg: rules: ran header rule __FM_NO_FROM ======> got hit: "i" [3673] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1160581460" [3673] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90e3ecc)) [3673] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks [3673] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check [3673] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [3673] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9197944)) [3673] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90e3ecc)) [3673] dbg: eval: all '*To' addrs: [3673] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: spf: no suitable relay for spf use found, skipping SPF check [3673] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: rules: ran eval rule NO_RELAYS ======> got hit [3673] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: spf: cannot get Envelope-From, cannot use SPF [3673] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [3673] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [3673] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9197944)) [3673] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit [3673] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x919888c)) [3673] dbg: spf: spf_whitelist_from: could not find useable envelope sender [3673] dbg: rules: running body-text per-line regexp tests; score so far=0.738 [3673] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [3673] dbg: uri: running uri tests; score so far=0.738 [3673] dbg: plugin: registering glue method for image_size_exact (Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x9125174)) [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_toks [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_seen [3673] dbg: bayes: found bayes db version 3 [3673] dbg: bayes: DB journal sync: last sync: 0 [3673] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 [3673] dbg: bayes: not scoring message, returning undef [3673] dbg: bayes: DB journal sync: last sync: 0 [3673] dbg: bayes: untie-ing [3673] dbg: bayes: untie-ing db_toks [3673] dbg: bayes: untie-ing db_seen [3673] dbg: plugin: registering glue method for image_to_text_ratio (Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x9125174)) [3673] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x91486f8)) [3673] dbg: plugin: registering glue method for image_count (Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x9125174)) [3673] dbg: plugin: registering glue method for pixel_coverage (Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x9125174)) [3673] dbg: plugin: registering glue method for image_named (Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x9125174)) [3673] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 [3673] dbg: rules: running full-text regexp tests; score so far=0.738 [3673] dbg: plugin: registering glue method for check_razor2_range (Mail::SpamAssassin::Plugin::Razor2=HASH(0x915dcec)) [3673] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Plugin::Razor2=HASH(0x915dcec)) [3673] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91ac8f8)) [3673] dbg: pyzor: pyzor is available: /usr/bin/pyzor [3673] dbg: info: entering helper-app run mode [3673] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin3673vQHtjGtmp [3792] dbg: util: setuid: ruid=103 euid=103 [3673] dbg: pyzor: [3792] finished: exit=0x0100 [3673] dbg: pyzor: got response: Traceback (most recent call last):\n File "/usr/bin/pyzor", line 12, in ?\n pyzor.client.run()\n File "/usr/lib/pyt hon2.3/site-packages/pyzor/client.py", line 973, in run\n ExecCall().run()\n File "/usr/lib/python2.3/site-packages/pyzor/client.py", line 174, in ru n\n os.mkdir(homedir)\nOSError: [Errno 13] Permission denied: '/var/spool/postfix/.pyzor' [3673] dbg: info: leaving helper-app run mode [3673] warn: pyzor: check failed: internal error [3673] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x91d18a0)) [3673] dbg: dcc: dccifd is not available: no r/w dccifd socket found [3673] dbg: dcc: dccproc is available: /usr/local/bin/dccproc [3673] dbg: info: entering helper-app run mode [3673] dbg: dcc: opening pipe: /usr/local/bin/dccproc -H -R < /tmp/.spamassassin3673vQHtjGtmp [3796] dbg: util: setuid: ruid=103 euid=103 [3673] dbg: dcc: killed stale helper [3796] [3673] dbg: dcc: [3796] terminated: exit=0xf100 [3673] dbg: info: leaving helper-app run mode [3673] dbg: dcc: check timed out after 5 seconds [3673] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x910aa44) implements 'check_tick' [3673] dbg: check: running tests for priority: 500 [3673] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x910aa44) implements 'check_post_dnsbl' [3673] dbg: rules: running meta tests; score so far=0.738 [3673] dbg: rules: running header regexp tests; score so far=2.716 [3673] dbg: rules: running body-text per-line regexp tests; score so far=2.716 [3673] dbg: uri: running uri tests; score so far=2.716 [3673] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.716 [3673] dbg: rules: running full-text regexp tests; score so far=2.716 [3673] dbg: check: running tests for priority: 1000 [3673] dbg: rules: running meta tests; score so far=2.716 [3673] dbg: rules: running header regexp tests; score so far=2.716 [3673] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x9195ef8)) [3673] dbg: rules: running body-text per-line regexp tests; score so far=2.716 [3673] dbg: uri: running uri tests; score so far=2.716 [3673] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.716 [3673] dbg: rules: running full-text regexp tests; score so far=2.716 [3673] dbg: check: is spam? score=2.716 required=5 [3673] dbg: check: tests=FM_NO_TO,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [3673] dbg: check: subtests=__FM_NO_FROM,__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Glenn Steen wrote: > On 11/10/06, Rob Morin wrote: >> Just wondering why i would have this as an output.... >> >> I am not really familiar with Bayes... >> can someone point me to some docs on how to set it up or make sure it >> works fine... >> >> MS version 4.53.3(installed with Julian's scripty thingy), SA version >> 3.11 on Debian with Postfix >> >> Thanks >> >> here is an output >> peter:/opt/MailScanner/etc# sa-learn --dump magic > Hi Rob, > > Since you are using postfix, chances are great that you are using a > non-priviledged user (likely postfix, perhaps with the group postfix) > to run MailScanner. So SpamAssassin (with bayes) isn't run as root, > but rather as that user. > > If you make sure you have a proper bayes_path (detailing your actual > "active" bays db) and perhaps a proper bayes_filemode specification in > one of local.cf or mailscanner.cf (a.k.a. spam.assassin.prefs.conf ... > Think that symlink was present in version 4.53.3 too) in > /etc/mail/spamassassin, everything should work OK for any user with > read permission on the files (make sure the postfix user has that > explicitly, by making it the owner). > > Test things by way of becoming the postfix user and running things...: > su - postfix -s /bin/bash > sa-learn --dump magic > spamassassin --lint -D 2>&1 | less -e > > > Look through the above to see that SA can bind/tie to the "database", > and that it seems to contain enough ham/spam. > From martinh at solidstatelogic.com Wed Oct 11 16:54:25 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Wed Oct 11 16:54:44 2006 Subject: Sophos/MailScanner In-Reply-To: <008f01c6ec90$83220b50$9908a8c0@syntricity.com> References: <008f01c6ec90$83220b50$9908a8c0@syntricity.com> Message-ID: <452D13B1.6000402@solidstatelogic.com> Lisa Wu wrote: > Hi, > > My server: > Postfix 2.2.10 > Dovecot 1.0 beta 8 > Mailscanner 4.51.5 > SpamAssassin 3.1.1 > > Once in a while the server will fail to download its updates from Sophos. > (The cause being that our T1 line went down). Then the mail log starts > posting MailScanner error messages every 10 seconds until a successful > update occurs: > > Sep 6 14:06:50 mail MailScanner[30864]: None of the files matched by the > "Monitors For Sophos Updates" patterns exist! > > Because of this error the queue starts placing all messages on hold. > > My solution (probably the wrong way to do this) was to create a script that > runs every 10 minutes to manually release all held messages and flush the > queue. > > I've searched Google, I've searched the MailScanner archives, and I've > contacted Sophos. I went over the different configurations options in > attempts to figure out a way of working around this behavior. Would I have > to temporarily comment out the Mailscanner portion of my Postfix config to > allow for normal internal mail flow? I know I risk the chance of viruses if > I do this, which is why I was hoping there's a way of using the old Sophos > IDES. > > Any help regarding this problem would be helpful. > > Thanks, > > Lisa Wu > Lisa how are you updating the virus defs for Sophos? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at mango.zw Wed Oct 11 16:58:44 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Oct 11 16:55:12 2006 Subject: LOTS of sendmail processes In-Reply-To: <6.2.3.4.2.20061011102214.0259fab8@mail.finedaycoming.com> Message-ID: On Wed, 11 Oct 2006, Andy Norris wrote: > When I issue a service sendmail restart command, I get nine pids > immediately, and it goes up from there. Way up most of the time. Why not show us the results of "ps ax | grep sendmail" before and after the restart so we can see what is happening? > I have lots of email that is not being scanned by MailScanner at all, > and it's just the last few days this has been happening. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From vanhorn at whidbey.com Wed Oct 11 16:59:18 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Wed Oct 11 16:59:23 2006 Subject: Postfix conversion In-Reply-To: <223f97700610110759s6dc6131alfa427cd441c2466e@mail.gmail.com> References: <452CF2B2.7050606@dido.ca> <04D932B0071FE34FA63EBB1977B48D1501C13F44@woodenex.woodmaclaw.local> <223f97700610110759s6dc6131alfa427cd441c2466e@mail.gmail.com> Message-ID: <452D14D6.4080002@whidbey.com> Help! For some reason my message last night hasn't gone out to the list, or at least it didn't get here, so this is a repeat - just a little more desparate. I decided to switch to Postfix and I believe I have it running, and I made the mods to the MailScanner.conf and the two postfix .cf files as per the docs on the wiki. But it doesn't look like things are working yet, and mail from outside is still not getting delivered. When I run "service MailScanner start" it still tries to launch two copies of Sendmail instead of the one copy of Postfix. I'm not sure, but I think this is my main problem. Is there a replacement startup script for MailScanner when used with Postfix? Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From Kevin_Miller at ci.juneau.ak.us Wed Oct 11 17:11:42 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Oct 11 17:11:52 2006 Subject: LOTS of sendmail processes In-Reply-To: <6.2.3.4.2.20061011102214.0259fab8@mail.finedaycoming.com> Message-ID: Andy Norris wrote: > When I issue a service sendmail restart command, I get nine pids > immediately, and it goes up from there. Way up most of the time. > > I have lots of email that is not being scanned by MailScanner at all, > and it's just the last few days this has been happening. > > sendmail v8.12.11 > RHEL ES v3 (Taroon update 4) > Avg load somewhere around 0.25 (goes to 0.60 and higher depending on > time of day) > Perl v5.8.0 > Using spamassassin v3.1.0 > This is on a machine running Ensim Pro 4.0.3-22.rhel.3ES Are you using any milters? The restart option shuts down sendmail and MailScanner, pauses for some time - probably around 10 seconds - then starts them again. If there are any lingering sendmail processes it can cause, um, what's that phrase? Oh yeah, "unpredicable results". Instead of a restart, do a stop, then issue: ps aux | grep sendmail Got any running sendmail processes? Wait a few seconds and reissue the above ps command and see if they're persisting... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From lisa.wu at syntricity.com Wed Oct 11 17:55:12 2006 From: lisa.wu at syntricity.com (Lisa Wu) Date: Wed Oct 11 17:55:19 2006 Subject: Sophos/MailScanner In-Reply-To: <452D13B1.6000402@solidstatelogic.com> Message-ID: <011201c6ed56$046dc170$9908a8c0@syntricity.com> Lisa Wu wrote: >> Once in a while the server will fail to download its updates from Sophos. >> (The cause being that our T1 line went down). Then the mail log starts >> posting MailScanner error messages every 10 seconds until a successful >> update occurs: >> >> Sep 6 14:06:50 mail MailScanner[30864]: None of the files matched by the >> "Monitors For Sophos Updates" patterns exist! >> >> Because of this error the queue starts placing all messages on hold. Martin Hepworth wrote: >Lisa > >how are you updating the virus defs for Sophos? Martin, There is a cron job that runs the Sophos update script running once every hour. Thanks, Lisa From ssilva at sgvwater.com Wed Oct 11 18:14:02 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 11 18:16:28 2006 Subject: idea for next version In-Reply-To: <1160555750.41090@bsd4.nedport.net> References: <1160555750.41090@bsd4.nedport.net> Message-ID: mailscanner@berger.nl spake the following on 10/11/2006 1:35 AM: > Scott Silva wrote .. >> Logan Shaw spake the following on 10/10/2006 3:12 PM: >>> Roger wrote: >>>>> So I was checking mailwatch this evening and I found out that the >>>>> spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. >>>>> This is quiet logical because at daytime everybody is working and at >>>>> night (well here in europe) only spammers are working. This can be >>>>> used for the spamfiltering. I think if it is possible to f.e. do, >>>>> "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more >>>>> highscoring spam at night. Offcourse it will also hit ham, but as >>>>> there is much less ham at night the possibility is less. >>> On Tue, 10 Oct 2006, Steve Campbell wrote: >>>> I tend to look at this in a different light. Spam is spam, and should >>>> be caught by rules, etc regardless of the time it arrives. Ham is the >>>> same also regardless of it's arrival time. A good set of rules should >>>> work fine any time of the day. The percentages only indicate when >>>> people are sending mail, so this is a useless figure for comparing >>>> day/night averages. >>> True enough, but every other rule that SpamAssassin uses >>> is a heuristic as well. They're all based on particular >>> characteristics of the messages (or servers that send them) >>> and some kind of statistical correlation between those >>> characteristics and spamminess. >>> >>>> For instance, if the same message that came in at night were resent >>>> during the day, how should the mail be treated? Different score and >>>> action? >>> While I share the feeling that it is a little bit odd that the >>> time a message arrives could sway its score, this is already >>> true to some extent: real-time blacklists change over time >>> (otherwise they wouldn't be real-time), and the score a message >>> gets can be different one hour from what it is at the next hour. >>> >>> Overall, I think time of arrival could be safely used as >>> yet another heuristic for determining if something is spam. >>> The key thing is that the scores would need to be right, which >>> I suspect means they'd need to be fairly low, something like >>> 0.5 or so. SpamAssassin already handles setting scores by >>> running a genetic algorithm (or whatever it is that it uses >>> that replaced the GA in 3.x), but since this varies so much >>> by site (what time zone the site is located in, what type >>> of usage patterns it sees, etc.), there would need to be a >>> reliable method of determining site-specific scores for this. >>> >>> To go in a different direction, as long as we're talking about >>> time, another possibility is to apply time other places. >>> For instance, you might have a time-dependent greylist. >>> Make the greylist's delay much longer at night and shorter >>> during the day. You'd get a lot of the effectiveness of >>> greylisting but without as much delay during the active periods. >>> >>> Overall, though, I think although looking at time does give >>> you additional information, it is not clear at all that >>> the positives of going with it will outweigh the negatives. >>> Time is a trait of a message (or message delivery) that has a >>> strong correlation with spamminess, but there is also a steady >>> stream of exceptions. So getting value out of looking at the >>> time is likely to be that much harder because of that. >>> >>> - Logan >> But many companies regularly have exec's and others working late, or from >> home. So you will be placing these people in the spammer class just because >> they work late? >> Or how about someone in Hawaii mailing something to New York at 5:00 Pm >> Hawaii >> time. That would be in the wee hours in New York, but not necessarily spam. >> Or if Julian sent me a message at 8:00AM in the UK, it would be about midnight >> here in the west coast of the US. >> >> -- >> > Well, as long as you can change the time. If you set 11:00Pm till 7:00 am I think you won't hit many people working late and even companies 5 hours away will be mainly closed at 6 pm. > The idea is based on what I see for myself. This morning I had 51 spam mails which hit between 4(low) and 9(high). These were all real spam. Beside that I had 2 normal emails which had a score of -2,50 and whitelisted. The problem is that I had still 51 messages tagged as {Spam?} which I had to check manually. I checked a few of them and they mostly hit a score about 7 or 8. > If I could multiply the spam score with f.e. 1.2 between 11pm an 7am it would 'upgrade' about 20 messages to highscoring which means I receive about 40% less spam in the morning. > I won't try this at daytime because the chance of hitting ham is too big. > Offcourse these are my findings. > > Maybe, the real thought behind it is that I have a very different ratio of spam/ham at night and at daytime, and this can be used to filter spam somehow. > > Or maybe, mailscanner spoiled me so far that I want too much ;-) > > Roger > My setup is just so different. Maybe it is the rules I have, or the use of razor - DCC - pyzor, but I have a very small percentage of mail in the normal spam range. Most is either high scoring on ham. Looking at the current stats, I have 38.1% clean, 58.8% High scoring spam, and only 3.1% spam. I have only had one false positive in the last 2 weeks, and that was only a technicality. The sender was forwarding a joke from a yahoo mail account. I said spam, the receiver didn't care either way, and the sender probably didn't think it was spam. But I win, 'cause I'm root! Between Razor, the uribl's and the sare rules, It is pretty close to making me happy, and my bosses are happy, so I still tweak things, but not as often as I used to. I even got a message that scored 114. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Oct 11 18:26:47 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 11 18:29:00 2006 Subject: idea for next version In-Reply-To: <452CA5C6.4040809@solidstatelogic.com> References: <1160513361.3522@bsd4.nedport.net> <452CA5C6.4040809@solidstatelogic.com> Message-ID: Martin Hepworth spake the following on 10/11/2006 1:05 AM: > mailscanner@berger.nl wrote: >> Well, I am happily using mailscanner for a while now and it still >> works great. >> >> So I was checking mailwatch this evening and I found out that the spam >> / ham percentage is 60% / 40% at daytime and 95% / 5% at night. This >> is quiet logical because at daytime everybody is working and at night >> (well here in europe) only spammers are working. This can be used for >> the spamfiltering. I think if it is possible to f.e. do, "spamscore * >> 1.2" between 11:00 pm and 7:00 am, it will hit more highscoring spam >> at night. Offcourse it will also hit ham, but as there is much less >> ham at night the possibility is less. Then, most off the overnight ham >> is mailinglist which are often whitelisted. >> >> Any ideas? >> >> Roger > > Depends, we run Tokyo->Paris->UK->New York->LA offices through our > MailScanner......not to mention all the international email lists we're > all on.. > > I tend to find spam rises around 9am EST (Eest coast US) and dies off > when the US goes home for the night .... can't think of why that could > be ;-) > Maybe because there are more computers per capita in the US. And more stupid computer users that buy crap from spam mails. Spam is a game of spray as much as you can and hope you hit something. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Oct 11 18:35:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 11 18:36:40 2006 Subject: Bayse problem? In-Reply-To: <452D1224.4000400@dido.ca> References: <452CF2B2.7050606@dido.ca> <223f97700610110738g1df42eafy49754a22a5c198a0@mail.gmail.com> <452D1224.4000400@dido.ca> Message-ID: Rob Morin spake the following on 10/11/2006 8:47 AM: > interesting... :) > > postfix@peter:~$ sa-learn --dump magic > bayes: cannot open bayes databases /opt/MailScanner/bayes/bayes_* R/O: > tie failed: Permission denied > bayes: cannot open bayes databases /opt/MailScanner/bayes/bayes_* R/O: > tie failed: Permission denied > ERROR: Bayes dump returned an error, please re-run with -D for more > information > > after making postfix the owner > postfix@peter:~$ sa-learn --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 0 0 non-token data: nspam > 0.000 0 0 0 non-token data: nham > 0.000 0 0 0 non-token data: ntokens > 0.000 0 0 0 non-token data: oldest atime > 0.000 0 0 0 non-token data: newest atime > 0.000 0 0 0 non-token data: last journal > sync atime > 0.000 0 0 0 non-token data: last expiry atime > 0.000 0 0 0 non-token data: last expire > atime delta > 0.000 0 0 0 non-token data: last expire > reduction count > > After a few minutes.... > > peter:/opt/MailScanner/bayes# sa-learn --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 10 0 non-token data: nspam > 0.000 0 1 0 non-token data: nham > 0.000 0 1974 0 non-token data: ntokens > 0.000 0 1160581441 0 non-token data: oldest atime > 0.000 0 1160581687 0 non-token data: newest atime > 0.000 0 0 0 non-token data: last journal > sync atime > 0.000 0 0 0 non-token data: last expiry atime > 0.000 0 0 0 non-token data: last expire > atime delta > 0.000 0 0 0 non-token data: last expire > reduction count > > > So should bayes learn now? or do i need to check somethign else... > thanks for the quick reply! > :) > As you can see in the nham and nspam counts above, bayes is now learning. It won't start scoring with bayes until you have 200 of each. You will either have to wait, or get a starter database from the Fortress site.. www.fsl.com/support.html It could train itself in a week or so, maybe less depending on your traffic. You can help the process by manually training things it misses. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Wed Oct 11 19:13:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 19:13:10 2006 Subject: Bayse problem? In-Reply-To: <452D1224.4000400@dido.ca> References: <452CF2B2.7050606@dido.ca> <223f97700610110738g1df42eafy49754a22a5c198a0@mail.gmail.com> <452D1224.4000400@dido.ca> Message-ID: <223f97700610111113m4c5a1a8fv5a100d523404df9c@mail.gmail.com> On 11/10/06, Rob Morin wrote: > interesting... :) > > postfix@peter:~$ sa-learn --dump magic > bayes: cannot open bayes databases /opt/MailScanner/bayes/bayes_* R/O: > tie failed: Permission denied > bayes: cannot open bayes databases /opt/MailScanner/bayes/bayes_* R/O: > tie failed: Permission denied > ERROR: Bayes dump returned an error, please re-run with -D for more > information > > after making postfix the owner Good move;-) The difference between > 0.000 0 0 0 non-token data: nspam > 0.000 0 0 0 non-token data: nham and > 0.000 0 10 0 non-token data: nspam > 0.000 0 1 0 non-token data: nham show that it already is accumulating information automatically. When both reach 200 (or whatever the limit has been set to... if changed from the defaults), It'll start scoring too. You will notice that this affects a lot of rules:). > > So should bayes learn now? or do i need to check somethign else... > thanks for the quick reply! > :) It already is:). (snip) > [3673] dbg: config: using "/var/spool/postfix/.spamassassin" for user > state dir > [3673] dbg: config: using "/var/spool/postfix/.spamassassin" for user > state dir Set this in MailScanner.conf (SpamAssassin User State Dir or similar (not at work ATM:)), and/or in your local.cf (or mailscanner.cf) (I suppose one could well do this... No docs at home and my broadband imitating a 9600 modem... You look it up:-) These are further indicators that it cannot write to the standard ~postfix/.spamassassin directory (I usually "cure" this by creating this directory and chowning it to postfix:postfix ... along with .pyzor and .razor directories) > [3673] warn: config: cannot write to > /var/spool/postfix/.spamassassin/user_prefs: Permission denied > [3673] warn: config: failed to create default user preference file > /var/spool/postfix/.spamassassin/user_prefs > [3673] dbg: config: using "/var/spool/postfix/.spamassassin/user_prefs" > for user prefs file (snip) > [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_toks > [3673] dbg: bayes: tie-ing to DB file R/O /opt/MailScanner/bayes/bayes_seen > [3673] dbg: bayes: found bayes db version 3 > [3673] dbg: bayes: DB journal sync: last sync: 0 > [3673] dbg: bayes: not available for scanning, only 1 spam(s) in bayes > DB < 200 > [3673] dbg: bayes: untie-ing > [3673] dbg: bayes: untie-ing db_toks > [3673] dbg: bayes: untie-ing db_seen These, although "sinister looking" are actually a good indicator that it'll eventually start using it:-)... So... Looking good;) (snip) > [3673] dbg: plugin: registering glue method for check_pyzor > (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91ac8f8)) > [3673] dbg: pyzor: pyzor is available: /usr/bin/pyzor > [3673] dbg: info: entering helper-app run mode > [3673] dbg: pyzor: opening pipe: /usr/bin/pyzor check < > /tmp/.spamassassin3673vQHtjGtmp > [3792] dbg: util: setuid: ruid=103 euid=103 > [3673] dbg: pyzor: [3792] finished: exit=0x0100 > [3673] dbg: pyzor: got response: Traceback (most recent call last):\n > File "/usr/bin/pyzor", line 12, in ?\n pyzor.client.run()\n File > "/usr/lib/pyt > hon2.3/site-packages/pyzor/client.py", line 973, in run\n > ExecCall().run()\n File > "/usr/lib/python2.3/site-packages/pyzor/client.py", line 174, in ru > n\n os.mkdir(homedir)\nOSError: [Errno 13] Permission denied: > '/var/spool/postfix/.pyzor' > [3673] dbg: info: leaving helper-app run mode > [3673] warn: pyzor: check failed: internal error Yep, you need create ~postfix/.pyzor too... and make postfix own it. > [3673] dbg: plugin: registering glue method for check_dcc > (Mail::SpamAssassin::Plugin::DCC=HASH(0x91d18a0)) > [3673] dbg: dcc: dccifd is not available: no r/w dccifd socket found > [3673] dbg: dcc: dccproc is available: /usr/local/bin/dccproc > [3673] dbg: info: entering helper-app run mode > [3673] dbg: dcc: opening pipe: /usr/local/bin/dccproc -H -R < > /tmp/.spamassassin3673vQHtjGtmp > [3796] dbg: util: setuid: ruid=103 euid=103 > [3673] dbg: dcc: killed stale helper [3796] > [3673] dbg: dcc: [3796] terminated: exit=0xf100 > [3673] dbg: info: leaving helper-app run mode > [3673] dbg: dcc: check timed out after 5 seconds Hm, somethings bad with dccproc too... Needs some TLC too, it seems:-). If I get the VPN to actually accept my credentials, I'll look at that later tonight. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Oct 11 19:25:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 19:25:36 2006 Subject: Postfix conversion In-Reply-To: <452D14D6.4080002@whidbey.com> References: <452CF2B2.7050606@dido.ca> <04D932B0071FE34FA63EBB1977B48D1501C13F44@woodenex.woodmaclaw.local> <223f97700610110759s6dc6131alfa427cd441c2466e@mail.gmail.com> <452D14D6.4080002@whidbey.com> Message-ID: <223f97700610111125l2b835fat4530631f9496d38f@mail.gmail.com> On 11/10/06, G. Armour Van Horn wrote: > Help! For some reason my message last night hasn't gone out to the list, > or at least it didn't get here, so this is a repeat - just a little more > desparate. > > I decided to switch to Postfix and I believe I have it running, and I > made the mods to the MailScanner.conf and the two postfix .cf files as > per the docs on the wiki. But it doesn't look like things are working > yet, and mail from outside is still not getting delivered. > > When I run "service MailScanner start" it still tries to launch two > copies of Sendmail instead of the one copy of Postfix. I'm not sure, but > I think this is my main problem. Is there a replacement startup script > for MailScanner when used with Postfix? > > Van Did you remember to change the MTA setting in MailScanner.conf (http://www.mailscanner.info/MailScanner.conf.index.html#MTA)? What version of MailScanner are we talking about? What platform/OS/whatnot...? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Oct 11 19:41:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 11 19:41:55 2006 Subject: idea for next version In-Reply-To: References: <1160513361.3522@bsd4.nedport.net> <452CA5C6.4040809@solidstatelogic.com> Message-ID: <223f97700610111141p13b2a0e3jbe44461264ccfacd@mail.gmail.com> On 11/10/06, Scott Silva wrote: > Martin Hepworth spake the following on 10/11/2006 1:05 AM: > > mailscanner@berger.nl wrote: > >> Well, I am happily using mailscanner for a while now and it still > >> works great. > >> > >> So I was checking mailwatch this evening and I found out that the spam > >> / ham percentage is 60% / 40% at daytime and 95% / 5% at night. This > >> is quiet logical because at daytime everybody is working and at night > >> (well here in europe) only spammers are working. This can be used for > >> the spamfiltering. I think if it is possible to f.e. do, "spamscore * > >> 1.2" between 11:00 pm and 7:00 am, it will hit more highscoring spam > >> at night. Offcourse it will also hit ham, but as there is much less > >> ham at night the possibility is less. Then, most off the overnight ham > >> is mailinglist which are often whitelisted. > >> > >> Any ideas? > >> > >> Roger > > > > Depends, we run Tokyo->Paris->UK->New York->LA offices through our > > MailScanner......not to mention all the international email lists we're > > all on.. > > > > I tend to find spam rises around 9am EST (Eest coast US) and dies off > > when the US goes home for the night .... can't think of why that could > > be ;-) > > > Maybe because there are more computers per capita in the US. And more stupid > computer users that buy crap from spam mails. > Spam is a game of spray as much as you can and hope you hit something. The US usually don't "score that high" in a "computers per capita" competition (has something to do with a very large population _not_ having computers:-)... Having said that, that same rather large, moderately computer-endowed population still makes for quite a few hackable computers:-):-). (My figures *may* be a bit dated... Not the kind of trivia one needs to lug around in ones head:-) And I guess a lot of ISPs still don't block port 25 for DUL type things (Things really quited down around here in Sweden when they did:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Wed Oct 11 20:08:37 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Oct 11 20:27:21 2006 Subject: idea for next version In-Reply-To: <223f97700610111141p13b2a0e3jbe44461264ccfacd@mail.gmail.co m> References: <1160513361.3522@bsd4.nedport.net> <452CA5C6.4040809@solidstatelogic.com> <223f97700610111141p13b2a0e3jbe44461264ccfacd@mail.gmail.com> Message-ID: <7.0.1.0.0.20061011145958.060bed40@1bigthink.com> At 02:41 PM 10/11/2006, you wrote: >On 11/10/06, Scott Silva wrote: >>Martin Hepworth spake the following on 10/11/2006 1:05 AM: >> > mailscanner@berger.nl wrote: >> >> Well, I am happily using mailscanner for a while now and it still >> >> works great. >> >> >> >> So I was checking mailwatch this evening and I found out that the spam >> >> / ham percentage is 60% / 40% at daytime and 95% / 5% at night. This >> >> is quiet logical because at daytime everybody is working and at night >> >> (well here in europe) only spammers are working. This can be used for >> >> the spamfiltering. I think if it is possible to f.e. do, "spamscore * >> >> 1.2" between 11:00 pm and 7:00 am, it will hit more highscoring spam >> >> at night. Offcourse it will also hit ham, but as there is much less >> >> ham at night the possibility is less. Then, most off the overnight ham >> >> is mailinglist which are often whitelisted. >> >> >> >> Any ideas? >> >> >> >> Roger >> > >> > Depends, we run Tokyo->Paris->UK->New York->LA offices through our >> > MailScanner......not to mention all the international email lists we're >> > all on.. >> > >> > I tend to find spam rises around 9am EST (Eest coast US) and dies off >> > when the US goes home for the night .... can't think of why that could >> > be ;-) >> > >>Maybe because there are more computers per capita in the US. And more stupid >>computer users that buy crap from spam mails. >>Spam is a game of spray as much as you can and hope you hit something. >The US usually don't "score that high" in a "computers per capita" >competition (has something to do with a very large population _not_ >having computers:-)... Having said that, that same rather large, >moderately computer-endowed population still makes for quite a few >hackable computers:-):-). (My figures *may* be a bit dated... Not the >kind of trivia one needs to lug around in ones head:-) > >And I guess a lot of ISPs still don't block port 25 for DUL type >things (Things really quited down around here in Sweden when they >did:). There is a HUGE difference in the amount of spam recorded from, say Cox.net and Earthlink.net versus Comcast.net and Verizon .net here in the US due to port 25 authentication and blocks on outgoing port 25. Unfortunately Comcast and Verizon are huge and will dictate as they wish.. in fact they are paying millions of dollars to influence our legislators (via third-party; called lobbyists, here). My boss has frequently had difficulty using port 25 when in hotels across the country. I've set up port 587 in sendmail to handle the slack. From MailScanner at ecs.soton.ac.uk Wed Oct 11 19:57:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 11 20:49:54 2006 Subject: Virus detected: deleted store In-Reply-To: <20061010214234.16624.qmail@web33312.mail.mud.yahoo.com> References: <20061010214234.16624.qmail@web33312.mail.mud.yahoo.com> Message-ID: <452D3EAD.4060501@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Mansour wrote: > Hi, > > I want to auto-delete a virus detected email but still > store it in MailWatch. > > Do I just do this in this file: > > spam.actions.rules > > with the following statement: > > Virus: *@domain.com delete store > You mean From: *@domain.com delete store > ?? > > Thanks. > > Michael. > > > > > ____________________________________________________ > On Yahoo!7 > Caller tones: Replace your ring tone with your favourite sound clip! > http://callertones.yahoo7.mnetcorporation.com/ctonesmailtag > > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFLT6wEfZZRxQVtlQRAmt0AJ0WDB2z/QJjo7Qrfb73RgLvSws2TgCgyx6C QrCbebEU5RYh1eNZiMBx0g4= =5Hv0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 11 20:05:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 11 20:56:37 2006 Subject: LOTS of sendmail processes In-Reply-To: <6.2.3.4.2.20061011102214.0259fab8@mail.finedaycoming.com> References: <6.2.3.4.2.20061011102214.0259fab8@mail.finedaycoming.com> Message-ID: <452D405D.3070503@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why are you doing a service sendmail restart on a box running MailScanner? That would explain why your mail is not being MailScanned, you are bypassing it. service sendmail stop chkconfig sendmail off chkconfig MailScanner on service MailScanner start You should *never* start the sendmail service with MailScanner on the system, as MailScanner starts up sendmail in the way that it needs to, so that the messages are queued up, then MailScanned, then delivered. service sendmail start will totally bypass this. Andy Norris wrote: > > When I issue a service sendmail restart command, I get nine pids > immediately, and it goes up from there. Way up most of the time. > > I have lots of email that is not being scanned by MailScanner at all, > and it's just the last few days this has been happening. > > sendmail v8.12.11 > RHEL ES v3 (Taroon update 4) > Avg load somewhere around 0.25 (goes to 0.60 and higher depending on > time of day) > Perl v5.8.0 > Using spamassassin v3.1.0 > This is on a machine running Ensim Pro 4.0.3-22.rhel.3ES > > I'm tempted a bit to "uninstall" MailScanner and SpamAssassin -- if > that's possible -- and start all over again. I know it's got to be > something that was duplicated somewhere... my fault, of course. > > Thanks, > > Andy > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFLUBeEfZZRxQVtlQRArEGAKDMjmdTL1KnuZumu4s7LSWWr8yYLgCgkYE/ k/l9ZcNsYIF4n8LUDQSBxRE= =PRs0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 11 19:55:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 11 20:56:39 2006 Subject: idea for next version In-Reply-To: <1160513361.3522@bsd4.nedport.net> References: <1160513361.3522@bsd4.nedport.net> Message-ID: <452D3E3D.3050606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You could do this with a simple Custom Function that adjusted the Required SpamAssassin Score depending on the hour of the day. Pay me, and I'll write it for you. Sorry, but I have to charge for my time writing custom code for people, I've got bills to pay like everyone else :-( Otherwise it shouldn't take long to work out the hour number and look that up in an array, so you can specify a different threshold for each hour of the day. mailscanner@berger.nl wrote: > Well, I am happily using mailscanner for a while now and it still works great. > > So I was checking mailwatch this evening and I found out that the spam / ham percentage is 60% / 40% at daytime and 95% / 5% at night. This is quiet logical because at daytime everybody is working and at night (well here in europe) only spammers are working. This can be used for the spamfiltering. I think if it is possible to f.e. do, "spamscore * 1.2" between 11:00 pm and 7:00 am, it will hit more highscoring spam at night. Offcourse it will also hit ham, but as there is much less ham at night the possibility is less. Then, most off the overnight ham is mailinglist which are often whitelisted. > > Any ideas? > > Roger > Jules - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1112) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFLT5BEfZZRxQVtlQRAhsZAKClN2o2neB7saafTgj1OYqC+13BxACgxD4D NKyWpNkkYqzU4ciMM9Wy2LE= =PBcH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From paul at welshfamily.com Wed Oct 11 22:15:19 2006 From: paul at welshfamily.com (Paul Welsh) Date: Wed Oct 11 22:15:33 2006 Subject: Whitelisting In-Reply-To: <2BD3058086A2A44896622E7CB3720BC2AFBB70@DRIFTWOOD.corporate.paccoast.com> Message-ID: <200610112115.k9BLFWYF031987@bkserver.blacknight.ie> I made some changes to the mailscanner.conf yesterday in order to help me establish why more spam is getting through. I discovered that because my spam.whitelist.rules file contains domains hosted on my server, spam from spoofed addresses that use one of my server's domains are getting through so I've stopped MailScanner checking the spam.whitelist.rules file. I can see why this might lead to problems (if my customers send a message that gets wrongly tagged as spam). What are others doing? From arturs at netvision.net.il Wed Oct 11 21:59:11 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Oct 11 22:19:52 2006 Subject: OT: SA -d --lint says 'dns: is DNS available? 0' Message-ID: <018c01c6ed78$1a63e2d0$3701a8c0@lapxp> Hi, When I run 'spamassassin -D --lint' I get 'dbg: dns: is DNS available? 0' Prefs file has a setting: 'dns_available test: 192.115.106.35 194.90.1.5 62.219.186.7 212.143.212.143' The version is 3.1.6 Anyone has met this before? If so how to deal with it? Dns servers work fine for me. Thanks! Best, -- Arthur Sherman +972-52-4878851 CPTeam From vanhorn at whidbey.com Wed Oct 11 21:16:35 2006 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Wed Oct 11 22:24:46 2006 Subject: Postfix conversion In-Reply-To: <223f97700610111125l2b835fat4530631f9496d38f@mail.gmail.com> References: <452CF2B2.7050606@dido.ca> <04D932B0071FE34FA63EBB1977B48D1501C13F44@woodenex.woodmaclaw.local> <223f97700610110759s6dc6131alfa427cd441c2466e@mail.gmail.com> <452D14D6.4080002@whidbey.com> <223f97700610111125l2b835fat4530631f9496d38f@mail.gmail.com> Message-ID: <452D5123.7060406@whidbey.com> Thanks! The docs I was using didn't included that, although I see on closer reading that the ones on the wiki do. Also, I had changed the queue directories from the sendmail defaults to the correct postfix ones, but somehow managed to exit MailScanner.conf without saving those. Those two things make for a lot more activity in the log! Van Glenn Steen wrote: > On 11/10/06, G. Armour Van Horn wrote: > >> Help! For some reason my message last night hasn't gone out to the list, >> or at least it didn't get here, so this is a repeat - just a little more >> desparate. >> >> I decided to switch to Postfix and I believe I have it running, and I >> made the mods to the MailScanner.conf and the two postfix .cf files as >> per the docs on the wiki. But it doesn't look like things are working >> yet, and mail from outside is still not getting delivered. >> >> When I run "service MailScanner start" it still tries to launch two >> copies of Sendmail instead of the one copy of Postfix. I'm not sure, but >> I think this is my main problem. Is there a replacement startup script >> for MailScanner when used with Postfix? >> >> Van > > > Did you remember to change the MTA setting in MailScanner.conf > (http://www.mailscanner.info/MailScanner.conf.index.html#MTA)? > > What version of MailScanner are we talking about? What > platform/OS/whatnot...? > -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From andy at tireswing.net Wed Oct 11 22:40:38 2006 From: andy at tireswing.net (Andy Norris) Date: Wed Oct 11 22:41:59 2006 Subject: LOTS of sendmail processes In-Reply-To: <452D405D.3070503@ecs.soton.ac.uk> References: <6.2.3.4.2.20061011102214.0259fab8@mail.finedaycoming.com> <452D405D.3070503@ecs.soton.ac.uk> Message-ID: <6.2.3.4.2.20061011163803.02400648@mail.tireswing.net> Thanks Julian. The mail was not going through at all. For an hour it was pooling up in the queue, and status for MailScanner was OK. I'm on a box running Ensim, so I've got layers of complexity here, and it's not always clear what services / modules Ensim loads. Thanks for your continued help. Andy At 02:05 pm 2006-10-11, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Why are you doing a service sendmail restart on a box running >MailScanner? That would explain why your mail is not being MailScanned, >you are bypassing it. >service sendmail stop >chkconfig sendmail off >chkconfig MailScanner on >service MailScanner start > >You should *never* start the sendmail service with MailScanner on the >system, as MailScanner starts up sendmail in the way that it needs to, >so that the messages are queued up, then MailScanned, then delivered. > >service sendmail start will totally bypass this. > >Andy Norris wrote: > > > > When I issue a service sendmail restart command, I get nine pids > > immediately, and it goes up from there. Way up most of the time. > > > > I have lots of email that is not being scanned by MailScanner at all, > > and it's just the last few days this has been happening. > > > > sendmail v8.12.11 > > RHEL ES v3 (Taroon update 4) > > Avg load somewhere around 0.25 (goes to 0.60 and higher depending on > > time of day) > > Perl v5.8.0 > > Using spamassassin v3.1.0 > > This is on a machine running Ensim Pro 4.0.3-22.rhel.3ES > > > > I'm tempted a bit to "uninstall" MailScanner and SpamAssassin -- if > > that's possible -- and start all over again. I know it's got to be > > something that was duplicated somewhere... my fault, of course. > > > > Thanks, > > > > Andy > > > >Jules > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >MailScanner customisation, or any advanced system administration help? >Contact me at Jules@Jules.FM > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >For all your IT requirements visit www.transtec.co.uk > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.5.0 (Build 1112) >Comment: Fetch my public key foot-print from www.mailscanner.info >Charset: ISO-8859-1 > >wj8DBQFFLUBeEfZZRxQVtlQRArEGAKDMjmdTL1KnuZumu4s7LSWWr8yYLgCgkYE/ >k/l9ZcNsYIF4n8LUDQSBxRE= >=PRs0 >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >For all your IT requirements visit www.transtec.co.uk > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Oct 11 22:43:25 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 11 22:47:10 2006 Subject: Whitelisting In-Reply-To: <200610112115.k9BLFWYF031987@bkserver.blacknight.ie> References: <2BD3058086A2A44896622E7CB3720BC2AFBB70@DRIFTWOOD.corporate.paccoast.com> <200610112115.k9BLFWYF031987@bkserver.blacknight.ie> Message-ID: Paul Welsh spake the following on 10/11/2006 2:15 PM: > I made some changes to the mailscanner.conf yesterday in order to help me > establish why more spam is getting through. > > I discovered that because my spam.whitelist.rules file contains domains > hosted on my server, spam from spoofed addresses that use one of my server's > domains are getting through so I've stopped MailScanner checking the > spam.whitelist.rules file. > > I can see why this might lead to problems (if my customers send a message > that gets wrongly tagged as spam). > > What are others doing? > Use the IP address(es) of your server. That is much harder to spoof. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Wed Oct 11 22:49:52 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Oct 11 22:50:17 2006 Subject: OT: SA -d --lint says 'dns: is DNS available? 0' In-Reply-To: <018c01c6ed78$1a63e2d0$3701a8c0@lapxp> References: <018c01c6ed78$1a63e2d0$3701a8c0@lapxp> Message-ID: <452D6700.8070908@evi-inc.com> Arthur Sherman wrote: > Hi, > > When I run 'spamassassin -D --lint' I get 'dbg: dns: is DNS available? 0' > > Prefs file has a setting: 'dns_available test: 192.115.106.35 194.90.1.5 > 62.219.186.7 212.143.212.143' > > The version is 3.1.6 In SA 3.1.6 and higher the network tests are enabled when you're running --lint, as they aren't relevant. The purpose of lint is to check your config files, not your network connectivity. From andy at tireswing.net Wed Oct 11 22:51:38 2006 From: andy at tireswing.net (Andy Norris) Date: Wed Oct 11 22:53:56 2006 Subject: LOTS of sendmail processes In-Reply-To: <452D405D.3070503@ecs.soton.ac.uk> References: <6.2.3.4.2.20061011102214.0259fab8@mail.finedaycoming.com> <452D405D.3070503@ecs.soton.ac.uk> Message-ID: <6.2.3.4.2.20061011164752.021b4d48@mail.tireswing.net> Well, I apologize if I'm bothering this list with my problem. It looks like I need to look for help with MailScanner on an Ensim box, as when I stop sendmail, I cannot send email from my mail client through the server. The SMTP connection is not happening when I stop the sendmail service. Does anyone else on this list successfully run MailScanner on a box running Ensim? Thanks, Andy At 02:05 pm 2006-10-11, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Why are you doing a service sendmail restart on a box running >MailScanner? That would explain why your mail is not being MailScanned, >you are bypassing it. >service sendmail stop >chkconfig sendmail off >chkconfig MailScanner on >service MailScanner start > >You should *never* start the sendmail service with MailScanner on the >system, as MailScanner starts up sendmail in the way that it needs to, >so that the messages are queued up, then MailScanned, then delivered. > >service sendmail start will totally bypass this. > >Andy Norris wrote: > > > > When I issue a service sendmail restart command, I get nine pids > > immediately, and it goes up from there. Way up most of the time. > > > > I have lots of email that is not being scanned by MailScanner at all, > > and it's just the last few days this has been happening. > > > > sendmail v8.12.11 > > RHEL ES v3 (Taroon update 4) > > Avg load somewhere around 0.25 (goes to 0.60 and higher depending on > > time of day) > > Perl v5.8.0 > > Using spamassassin v3.1.0 > > This is on a machine running Ensim Pro 4.0.3-22.rhel.3ES > > > > I'm tempted a bit to "uninstall" MailScanner and SpamAssassin -- if > > that's possible -- and start all over again. I know it's got to be > > something that was duplicated somewhere... my fault, of course. > > > > Thanks, > > > > Andy > > > >Jules > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >MailScanner customisation, or any advanced system administration help? >Contact me at Jules@Jules.FM > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >For all your IT requirements visit www.transtec.co.uk > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.5.0 (Build 1112) >Comment: Fetch my public key foot-print from www.mailscanner.info >Charset: ISO-8859-1 > >wj8DBQFFLUBeEfZZRxQVtlQRArEGAKDMjmdTL1KnuZumu4s7LSWWr8yYLgCgkYE/ >k/l9ZcNsYIF4n8LUDQSBxRE= >=PRs0 >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >For all your IT requirements visit www.transtec.co.uk > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Oct 11 23:24:13 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Oct 11 23:24:22 2006 Subject: OT: SA -d --lint says 'dns: is DNS available? 0' In-Reply-To: <452D6700.8070908@evi-inc.com> Message-ID: <0b1e01c6ed83$fb557be0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > Sent: Wednesday, October 11, 2006 5:50 PM > To: MailScanner discussion > Subject: Re: OT: SA -d --lint says 'dns: is DNS available? 0' > > Arthur Sherman wrote: > > Hi, > > > > When I run 'spamassassin -D --lint' I get 'dbg: dns: is DNS available? > 0' > > > > Prefs file has a setting: 'dns_available test: 192.115.106.35 194.90.1.5 > > 62.219.186.7 212.143.212.143' > > > > The version is 3.1.6 > > In SA 3.1.6 and higher the network tests are enabled when you're running - > -lint, > as they aren't relevant. The purpose of lint is to check your config > files, not > your network connectivity. > > Did you mean? In SA 3.1.6 and higher the network tests are >NOT< enabled when you're running --lint, as they aren't relevant. The purpose of lint is to check your config files, not your network connectivity. Which would explain why I was going crazy today trying to find out why only the local checks (spamassassin -L) were running ! Still would be nice to have a flag to enable network checks when you need to. spamassassin -N --lint :) Thanks for the info. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From arturs at netvision.net.il Wed Oct 11 23:31:16 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Oct 11 23:33:16 2006 Subject: OT: SA -d --lint says 'dns: is DNS available? 0' In-Reply-To: <452D6700.8070908@evi-inc.com> Message-ID: <019001c6ed84$f83c5f90$3701a8c0@lapxp> Thanks! Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Matt Kettler > Sent: Wednesday, October 11, 2006 11:50 PM > To: MailScanner discussion > Subject: Re: OT: SA -d --lint says 'dns: is DNS available? 0' > > Arthur Sherman wrote: > > Hi, > > > > When I run 'spamassassin -D --lint' I get 'dbg: dns: is DNS > available? 0' > > > > Prefs file has a setting: 'dns_available test: > 192.115.106.35 194.90.1.5 > > 62.219.186.7 212.143.212.143' > > > > The version is 3.1.6 > > In SA 3.1.6 and higher the network tests are enabled when > you're running --lint, > as they aren't relevant. The purpose of lint is to check your > config files, not > your network connectivity. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Wed Oct 11 23:38:15 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Oct 11 23:38:32 2006 Subject: OT: SA -d --lint says 'dns: is DNS available? 0' In-Reply-To: <0b1e01c6ed83$fb557be0$287ba8c0@office.fsl> References: <0b1e01c6ed83$fb557be0$287ba8c0@office.fsl> Message-ID: <452D7257.7010104@evi-inc.com> Stephen Swaney wrote: > Did you mean? > > In SA 3.1.6 and higher the network tests are >NOT< enabled when you're > running --lint, as they aren't relevant. The purpose of lint is to check > your config files, not your network connectivity. > > Which would explain why I was going crazy today trying to find out why only > the local checks (spamassassin -L) were running ! > > Still would be nice to have a flag to enable network checks when you need > to. > > spamassassin -N --lint :) Why? enabling network checks on the --lint is pointless, the headers of the dummy lint message are not complete enough to be a useful test. For example, the message used by lint doesn't even have *ANY* Received: headers, so no RBL tests will even try to run. If SA supported -N --lint you'd just be fooling yourself into thinking you're testing something that's enabled, but not really being tested in any useful way. I suggest not using lint for this purpose at all, and instead use a message file and redirect it into SA. ie: spamassassin Message-ID: <0b2601c6ed8a$074b6850$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > Sent: Wednesday, October 11, 2006 6:38 PM > To: MailScanner discussion > Subject: Re: OT: SA -d --lint says 'dns: is DNS available? 0' > > Stephen Swaney wrote: > > > Did you mean? > > > > In SA 3.1.6 and higher the network tests are >NOT< enabled when you're > > running --lint, as they aren't relevant. The purpose of lint is to check > > your config files, not your network connectivity. > > > > Which would explain why I was going crazy today trying to find out why > only > > the local checks (spamassassin -L) were running ! > > > > Still would be nice to have a flag to enable network checks when you > need > > to. > > > > spamassassin -N --lint :) > > > Why? enabling network checks on the --lint is pointless, the headers of > the > dummy lint message are not complete enough to be a useful test. > > For example, the message used by lint doesn't even have *ANY* Received: > headers, > so no RBL tests will even try to run. If SA supported -N --lint you'd just > be > fooling yourself into thinking you're testing something that's enabled, > but not > really being tested in any useful way. > > I suggest not using lint for this purpose at all, and instead use a > message file > and redirect it into SA. ie: spamassassin Actually it did show whether Pyzor, Razor, DCC were working or timing out but your suggestion should do the same thing. Thanks, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From arturs at netvision.net.il Thu Oct 12 01:02:27 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Oct 12 01:04:28 2006 Subject: Double sendmail processes In-Reply-To: <223f97700610110748q6e0c08a7u250b58cdba679103@mail.gmail.com> Message-ID: <01a101c6ed91$b6a89460$3701a8c0@lapxp> Oh, I see. Grepping through /etc/rc.* provided nothing. I continue to investigate this issue - will post here if I find anything. Thanks again! Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Wednesday, October 11, 2006 4:49 PM > To: MailScanner discussion > Subject: Re: Double sendmail processes > > On 11/10/06, Arthur Sherman wrote: > > Bingo! > > Sad to be dampening your enthusiasm Arther.... Look below. > > > > Output shows: > > [root@ns1 log]# ls -l /etc/rc?.d/*|grep -i mail > > lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc0.d/K30sendmail -> > > ../init.d/sendmail > > lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc1.d/K30sendmail -> > > ../init.d/sendmail > > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc2.d/S80sendmail -> > > ../init.d/sendmail > > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc3.d/S80sendmail -> > > ../init.d/sendmail > > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc4.d/S80sendmail -> > > ../init.d/sendmail > > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc5.d/S80sendmail -> > > ../init.d/sendmail > > lrwxrwxrwx 1 root root 18 May 25 23:10 /etc/rc6.d/K30sendmail -> > > ../init.d/sendmail > > > > Shall I remove them? > > > No, that would not be that great:-). Those look quite normal to me, > and removing them would make them not "respond correctly" to runleve > changes... What I was hoping for would've been more of the form: > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc5.d/S80sendmail -> > ../init.d/sendmail > lrwxrwxrwx 1 root root 18 Oct 10 02:56 /etc/rc5.d/S85sendmail -> > ../init.d/sendmail > ... That is, more than one symlink to the same script. No > luck with that:-(. > What you have above shouldn't be touched manually (you manage > it via chkconfig). > > A "tangenting idea" is that you should look through the other bootup > rc-scripts, like /etc/rc.local (grep through /etc/rc.* for sendmail > perhaps). > Since the "doubles" happen upon reboot, it kind of must be something > related to those:-). ... Or perhaps some opportunistic cron-job? Not > that likely... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From febrianto at sioenasia.com Thu Oct 12 04:08:52 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Thu Oct 12 04:04:29 2006 Subject: OT: Mail::SpamAssassin::Plugin::ReplaceTags In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1501C13F40@woodenex.woodmaclaw.local> Message-ID: mailscanner-bounces@lists.mailscanner.info wrote on 10/11/2006 08:33:50 PM: > In my lint test it takes 1.62 seconds for the line of: > > [20030] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xade3c24) implements > 'finish_parsing_end' > > Do you use this plugin? I do not recall enabling it manually so seems > to be on by default. I looked up what it does and searched the web > site: > http://wiki.apache.org/spamassassin/ReplaceTags > > Could only come up with descriptions and such. > > Thank you > > > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > > > -- I have similiar problem. In my lint test they are 2 test that take more than 1 second. They are: [4938] dbg: diag: perl platform: 5.008005 linux 1.04575 [4938] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb0ba6d8) implements 'finish_parsing_end' 2.64879 But I run MailScanner in Celeron 2.66 processor with 512 MB Ram, maybe that the problem :). But my emails are less than 10k /day. Best Regards From martinh at solidstatelogic.com Thu Oct 12 09:08:00 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Thu Oct 12 09:08:19 2006 Subject: Sophos/MailScanner In-Reply-To: <011201c6ed56$046dc170$9908a8c0@syntricity.com> References: <011201c6ed56$046dc170$9908a8c0@syntricity.com> Message-ID: <452DF7E0.5040706@solidstatelogic.com> Lisa Wu wrote: > Lisa Wu wrote: > >>> Once in a while the server will fail to download its updates from Sophos. >>> (The cause being that our T1 line went down). Then the mail log starts >>> posting MailScanner error messages every 10 seconds until a successful >>> update occurs: >>> >>> Sep 6 14:06:50 mail MailScanner[30864]: None of the files matched by the >>> "Monitors For Sophos Updates" patterns exist! >>> >>> Because of this error the queue starts placing all messages on hold. > > Martin Hepworth wrote: > >> Lisa >> >> how are you updating the virus defs for Sophos? > > > Martin, > > There is a cron job that runs the Sophos update script running once every > hour. > > Thanks, > Lisa > > Lisa Can you give a bit more info. Which cron job? is should be update_virus_scanners which will do all the scanners you've defined in MailScanner.conf. This script is reasonbly failure proof as it downloads the updates into a separate folder and only on success does it move the 'new' to 'live' folders as it were. Also i presume your using the MailScanner Sophos.Install script to install your Sophos as well..?? AS mailScanner expects Sophos V4 to be in a non-default Sophos Directory. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From support-lists at petdoctors.co.uk Thu Oct 12 13:38:00 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Oct 12 13:38:40 2006 Subject: spam forwarding not working In-Reply-To: <4AE9EE8E-CF87-4234-9E73-3819AC1C6B90@technologytiger.net> Message-ID: <008901c6edfb$40cd2c00$0202fea9@support01> > >In this instance i would suggest you need to forward the spam to spam@.[snipped] which makes it local. Make sure you have listed your host name in >main.cf under myhostname and list $myhostname under mydestination. If you have multiple servers using a central database (Such as MySQL) you can play >other tricks using NFS mounts and localhost but that's for another 'lesson' :-) > >Drew Hi Drew, I did already think of that, but when I tried it I got pretty much the same type of error - I'll revisit this and see whether the name's in mydestination though. Nigel From colin at mainline.co.uk Thu Oct 12 14:11:37 2006 From: colin at mainline.co.uk (Colin Jack) Date: Thu Oct 12 14:10:49 2006 Subject: Whitelist rules Message-ID: Please could someone give me a pointer I want to allow all mail for particular domain through without being scanned. Am I right in saying that I cannot use wildcards in the spam.whitelist.rules like FromOrTo: *@domain.com yes If so, how do I do it? Many thanks Colin From Mailscanner at mailing.kaufland-informationssysteme.com Thu Oct 12 14:19:04 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Thu Oct 12 14:19:06 2006 Subject: Exim with Mailscanner and retry problem Message-ID: <452E40C8.6000007@mailing.kaufland-informationssysteme.com> Hello, I use Mailscanner with Exim and now we get some problems with graylisting. Is it correct that the Mailscanner start the exim outgouing deamon? Because I set in the initscritp / sysconfig /Mailscaner the option -q10m but we do not see an retry attemp ... Can sombody help me how give teh exim the retry option ? Thanks a lot Matthias Sutter From joost at waversveld.nl Thu Oct 12 15:06:45 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Oct 12 15:07:06 2006 Subject: Whitelist rules In-Reply-To: References: Message-ID: <452E4BF5.20007@waversveld.nl> No, you're wrong... ;-) You can use wildcards just the way you said. Keep in mind that the mail will get scanned, but will be delivered as normal, regardless of the score the message get. Regards, Joost Waversveld Colin Jack wrote: > Please could someone give me a pointer > > I want to allow all mail for particular domain through without being > scanned. > Am I right in saying that I cannot use wildcards in the > spam.whitelist.rules like > > FromOrTo: *@domain.com yes > > If so, how do I do it? > > Many thanks > > Colin > From martinh at solidstatelogic.com Thu Oct 12 15:05:49 2006 From: martinh at solidstatelogic.com (Martin Hepworth) Date: Thu Oct 12 15:07:25 2006 Subject: Exim with Mailscanner and retry problem In-Reply-To: <452E40C8.6000007@mailing.kaufland-informationssysteme.com> References: <452E40C8.6000007@mailing.kaufland-informationssysteme.com> Message-ID: <452E4BBD.7070500@solidstatelogic.com> Matthias Sutter wrote: > Hello, > > I use Mailscanner with Exim and now we get some problems with graylisting. > Is it correct that the Mailscanner start the exim outgouing deamon? > Because I set in the initscritp / sysconfig /Mailscaner the option -q10m > but we do not see an retry attemp ... > > Can sombody help me how give teh exim the retry option ? > > Thanks a lot > > Matthias Sutter > > > Matthias Depends on how you installed MailScanner, from the rpm, the tarball???? Normally editting the MTA startup script is up to you I think?? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From bpumphrey at woodmclaw.com Thu Oct 12 15:29:25 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Oct 12 15:29:44 2006 Subject: OT: Mail::SpamAssassin::Plugin::ReplaceTags In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F4A@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Budi Febrianto > Sent: Wednesday, October 11, 2006 11:09 PM > To: MailScanner discussion > Subject: Re: OT: Mail::SpamAssassin::Plugin::ReplaceTags > > > > mailscanner-bounces@lists.mailscanner.info wrote on 10/11/2006 08:33:50 > PM: > > > In my lint test it takes 1.62 seconds for the line of: > > > > [20030] dbg: plugin: > > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xade3c24) implements > > 'finish_parsing_end' > > > > Do you use this plugin? I do not recall enabling it manually so seems > > to be on by default. I looked up what it does and searched the web > > site: > > http://wiki.apache.org/spamassassin/ReplaceTags > > > > Could only come up with descriptions and such. > > > > Thank you > > > > > > > > Billy Pumphrey > > IT Manager > > Wooden & McLaughlin > > > > > > -- > > I have similiar problem. In my lint test they are 2 test that take more > than 1 second. They are: > [4938] dbg: diag: perl platform: 5.008005 linux > 1.04575 > [4938] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb0ba6d8) > implements 'finish_parsing_end' 2.64879 > > But I run MailScanner in Celeron 2.66 processor with 512 MB Ram, maybe > that > the problem :). But my emails are less than 10k /day. > > Best Regards > > -- Here is the time on the other one you mentioned for me: [21790] dbg: diag: perl platform: 5.008005 linux 0.23816 I have a dual Xeon 2.8, 2gig RAM machine. My load is only about 5,000 or less per day. That increase because I scan outgoing mail too. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From colin at mainline.co.uk Thu Oct 12 18:44:47 2006 From: colin at mainline.co.uk (Colin Jack) Date: Thu Oct 12 18:44:07 2006 Subject: Whitelist rules Message-ID: Thanks ... well that makes life easier :) They are particularly keen that their mail shouldn't be {disarmed} ... will this work this way? Colin > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Joost Waversveld > Sent: Thursday, October 12, 2006 3:07 PM > To: MailScanner discussion > Subject: Re: Whitelist rules > > No, you're wrong... ;-) You can use wildcards just the way you said. > > Keep in mind that the mail will get scanned, but will be > delivered as normal, regardless of the score the message get. > > Regards, > > Joost Waversveld > > Colin Jack wrote: > > Please could someone give me a pointer > > > > I want to allow all mail for particular domain through > without being > > scanned. > > Am I right in saying that I cannot use wildcards in the > > spam.whitelist.rules like > > > > FromOrTo: *@domain.com yes > > > > If so, how do I do it? > > > > Many thanks > > > > Colin > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikea at mikea.ath.cx Thu Oct 12 19:52:53 2006 From: mikea at mikea.ath.cx (mikea) Date: Thu Oct 12 19:52:58 2006 Subject: Whitelist rules In-Reply-To: ; from colin@mainline.co.uk on Thu, Oct 12, 2006 at 06:44:47PM +0100 References: Message-ID: <20061012135253.B16530@mikea.ath.cx> On Thu, Oct 12, 2006 at 06:44:47PM +0100, Colin Jack wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Joost Waversveld > > Sent: Thursday, October 12, 2006 3:07 PM > > To: MailScanner discussion > > Subject: Re: Whitelist rules > > > > No, you're wrong... ;-) You can use wildcards just the way you said. > > > > Keep in mind that the mail will get scanned, but will be > > delivered as normal, regardless of the score the message get. > > > > Regards, > > > > Joost Waversveld > > > > Colin Jack wrote: > > > Please could someone give me a pointer > > > > > > I want to allow all mail for particular domain through > > without being > > > scanned. > > > Am I right in saying that I cannot use wildcards in the > > > spam.whitelist.rules like > > > > > > FromOrTo: *@domain.com yes > > > > > > If so, how do I do it? > > > > > > Many thanks > > > > > > Colin > Thanks ... well that makes life easier :) > > They are particularly keen that their mail shouldn't be {disarmed} ... > will this work this way? That's what I see here: whitelisted mail gets scanned, but there are no changes made to the mail, possibly excepting an additional header. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From itdept at fractalweb.com Thu Oct 12 20:04:16 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Oct 12 20:15:33 2006 Subject: spam getting through without even being checked Message-ID: <452E91B0.7090205@fractalweb.com> Hi Everyone, We're now having a problem where (blatant!) spam is getting through our server, apparently without even being checked by MailScanner. Our custom headers haven't been added and this is VERY spammy. That said, a lot of spam is being blocked by MailScanner. I'm not sure how to troubleshoot this. Help! Thanks, Chris From Denis.Beauchemin at USherbrooke.ca Thu Oct 12 20:16:18 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Oct 12 20:19:07 2006 Subject: OT: Preferred MTA? Message-ID: <452E9482.6050307@USherbrooke.ca> Hello all, I have been asked to evaluate what would be needed to turn our internal mail hubs into secured ones. Since I always had trouble with sendmail's documentation, I was thinking about switching to another MTA. We currently use many sendmail features such as greet_pause, conncontrol, ratecontrol and milter-greylist. We have multiple domains and use LDAP for final delivery address resolution. And of course, MS must blend just fine with the MTA. What other MTA would give me those features with less headaches whenever I need to change things? Exim? Postfix? others? I couldn't find a greylisting for Exim that shares its state table between multiple MX... but I think PF could use my existing milter-greylist as is... As for ease of configuration and quality of documentation, which do you recommend? Do you recommend using a HW load balancer (and SSL accelerator) in front of my servers? How about Cisco's? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061012/c82667dc/smime.bin From dstraka at caspercollege.edu Thu Oct 12 20:32:07 2006 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Oct 12 20:32:49 2006 Subject: MS/SA Installed - How is it working? References: <452E91B0.7090205@fractalweb.com> Message-ID: <452E43D7.61A4.0000.0@caspercollege.edu> This kind of goes along with Chris Yuzik's post "spam getting through without even being checked" (see below). So I've got MS running with SA. It seems to be doing OK, but how do I know? Yes, I bought the book. I would like to know... How to tell if MS is running well? How to tell if SA running well? What maintenance is required? When should I tweak MS? When should I tweak SA? What are essential SA tweaks? How do I tweak SA? How about a MS/SA crash course (tips) from the experts? >>> Chris Yuzik 10/12/2006 1:04 PM >>> Hi Everyone, We're now having a problem where (blatant!) spam is getting through our server, apparently without even being checked by MailScanner. Our custom headers haven't been added and this is VERY spammy. That said, a lot of spam is being blocked by MailScanner. I'm not sure how to troubleshoot this. Help! Thanks, Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner at caspercollege.edu and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner at caspercollege.edu and is believed to be clean. From bpumphrey at woodmclaw.com Thu Oct 12 20:44:52 2006 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Thu Oct 12 20:45:06 2006 Subject: MS/SA Installed - How is it working? In-Reply-To: <452E43D7.61A4.0000.0@caspercollege.edu> Message-ID: <04D932B0071FE34FA63EBB1977B48D1501C13F54@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Daniel Straka > Sent: Thursday, October 12, 2006 3:32 PM > To: mailscanner@lists.mailscanner.info > Subject: MS/SA Installed - How is it working? > > This kind of goes along with Chris Yuzik's post "spam getting through > without even being checked" (see below). > > So I've got MS running with SA. It seems to be doing OK, but how do I > know? > Yes, I bought the book. > I would like to know... > How to tell if MS is running well? The main goal is to stop viruses and spam. Use mailwatch to monitor it to see how many are getting blocked and are not getting blocked. If it is not satisfactory, use more rules and stuff. > How to tell if SA running well? Same answer as above. Lint tests show if any errors are there. > What maintenance is required? You can let it sit there if you want. Recommended to update what ever you have on it. Some things update automatically. Update MailScanner itself, spamassassin <--it has a auto update now too but not sure what all it does, update your virus scanner programs themselves - virus definitions update automatically > When should I tweak MS? All the time if you ask me, but you can leave it sat until the spam starts getting through or you just want to change the behavior. > When should I tweak SA? To add more rules or updates > What are essential SA tweaks? Rules. Decide whether to use pyzor, dcc -- more on the wiki > How do I tweak SA? Conf files. There are read me for the installs somewhere, either in MailScanner or Spamassassin read me's. > How about a MS/SA crash course (tips) from the experts? > That is a lot of information. Hopefully you will get some good feedback. I do not think that you will find the answer to all of those questions as they are talked about all of the time. I will try and answer some of it specifically probably tomorrow but until then... Make sure that you do some reading also instead of relying on everyone to answer it all. Make sure you go through the WIKI if you have not already: http://wiki.mailscanner.info/doku.php Stay subscribed to this list and you will learn a lot about those questions. If you have the book, it tells you a lot. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Thu Oct 12 20:47:14 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Oct 12 20:47:19 2006 Subject: SOLVED: Re: mailscanner hangs on automatic restart {Scanned} In-Reply-To: <223f97700610050049m4ada99aeh9fc3db5ad3eaf78@mail.gmail.com> Message-ID: Glenn Steen wrote: > On 04/10/06, Scott Silva wrote: > (snip) >> Never mind ... I actually RTFM. Will try to remember to do so in the >> future. > ... Amazing what that can reveal, eh?:-). > >> Replying to myself ... Hmmmm... Must be running postfix somewhere. >> Oh yeah... Now I remember ... > Always knew you were a closet PF user...:-D. > > Somewhat back on track: I thought I'd need both ImageInfo and > FuzzyOcr... But when I implemented ImageInfo (I like to change things > (that work:) one small step at a time, when possible... Tweaking, not > frobbing;), I fairly quickly realised it got all the image-based spam > without hardly any FPs (at least not any _new_ FPs... The ones FP'ing > was doing that already due to badly come together .... "marketing > systems"... "solicited" spam type of things:-). So I backed off from > the ocr bit (have it running on a testbed, but... will probably not > introduce it into production use). > > What amazes me is that some of the more influential merchant > banks/financial institutions have really no clue as to how to put mail > together that don't look spammy... Instead they annoy us (their > "users") with notes about please making exceptions _for their domain > names_ ... Really no clue at all. > If their communications are that important, why not make the effort to > set up SPF and/or Domain Keys... Or just avoid forging senders, HTML > mails with a lot of big images, ALL CAPS subjects etc etc etc. Jeez. > Well, you probably just saved me a whole bunch of work Glenn. Was poking around getting ready to install all the dependencies for FuzzyOCR and stumbled across this post about ImageInfo. It looks much easier! I like easier. Couple of quick questions though. Did you have to make any tweaks to it, or just run it out of the box? The install instructions in ImageInfo.pm are slightly spartan - it says: # 3) add to init.pre (or v310.pre) the following line # loadplugin Mail::SpamAssassin::Plugin::ImageInfo # or if not in plugin dir.. # loadplugin Mail::SpamAssassin::Plugin::ImageInfo /path/to/plugin I didn't have a plugin directory, so just made one. For that line, should I append the filename on it too, like this: loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/plugin/ImageInfo.pm or just loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/plugin (watch the line wrap) I'm thinking the latter, but a reality check is always good. Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From mike at vesol.com Thu Oct 12 20:47:55 2006 From: mike at vesol.com (Mike Kercher) Date: Thu Oct 12 20:48:10 2006 Subject: MS/SA Installed - How is it working? In-Reply-To: <452E43D7.61A4.0000.0@caspercollege.edu> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Daniel Straka > Sent: Thursday, October 12, 2006 2:32 PM > To: mailscanner@lists.mailscanner.info > Subject: MS/SA Installed - How is it working? > > This kind of goes along with Chris Yuzik's post "spam getting > through without even being checked" (see below). > > So I've got MS running with SA. It seems to be doing OK, but > how do I know? > Yes, I bought the book. > I would like to know... > How to tell if MS is running well? > How to tell if SA running well? > What maintenance is required? > When should I tweak MS? > When should I tweak SA? > What are essential SA tweaks? > How do I tweak SA? > How about a MS/SA crash course (tips) from the experts? > > > >>> Chris Yuzik 10/12/2006 1:04 PM >>> > Hi Everyone, > > We're now having a problem where (blatant!) spam is getting > through our > > server, apparently without even being checked by MailScanner. > Our custom headers haven't been added and this is VERY > spammy. That said, a lot of > > spam is being blocked by MailScanner. > > I'm not sure how to troubleshoot this. Help! > > Thanks, > Chris > -- tail -f /var/log/maillog Mike From daniel.maher at ubisoft.com Thu Oct 12 20:49:38 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu Oct 12 20:49:45 2006 Subject: Preferred MTA? In-Reply-To: <452E9482.6050307@USherbrooke.ca> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D33F@UBIMAIL1.ubisoft.org> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin > Sent: October 12, 2006 3:16 PM > To: MailScanner > Subject: OT: Preferred MTA? > > Hello all, > > I have been asked to evaluate what would be needed to turn our internal > mail hubs into secured ones. Since I always had trouble with sendmail's > documentation, I was thinking about switching to another MTA. > > We currently use many sendmail features such as greet_pause, > conncontrol, ratecontrol and milter-greylist. We have multiple domains > and use LDAP for final delivery address resolution. And of course, MS > must blend just fine with the MTA. > > What other MTA would give me those features with less headaches whenever > I need to change things? Exim? Postfix? others? > > I couldn't find a greylisting for Exim that shares its state table > between multiple MX... but I think PF could use my existing > milter-greylist as is... > > As for ease of configuration and quality of documentation, which do you > recommend? > > Do you recommend using a HW load balancer (and SSL accelerator) in front > of my servers? How about Cisco's? > > Thanks! > > Denis For my money, qmail is the way to go. That said, MailScanner doesn't officially support qmail, so even though it's arguably the best MTA out there right now, you'll likely have to pass it by if you want to continue leveraging MailScanner as a platform. One might be able to infer from my previous statement that I'm somewhat anti-sendmail. I don't deny it. :) What I will say, however, is that one of the advantages that sendmail /does/ have over qmail is that there is an absolute tonne of 3rd party add-ons, support modules, and so forth out there for it. This, in fact, is why lean towards Postfix for MailScanner-enabled environments. Postfix balances the extensibility of sendmail with the ease of use of qmail, and even manages to be popular enough to have a good support base (though some might tell you that the lead developer can be a bit of a cranky-pants at times ;) ). Anyhoo, that's just my 2 cents... > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 p.s. c't'un jolie 'tit pingouin dans ton .sig, la. ;) -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. From ka at pacific.net Thu Oct 12 20:55:46 2006 From: ka at pacific.net (Ken A) Date: Thu Oct 12 20:53:58 2006 Subject: spam getting through without even being checked In-Reply-To: <452E91B0.7090205@fractalweb.com> References: <452E91B0.7090205@fractalweb.com> Message-ID: <452E9DC2.8040608@pacific.net> Chris Yuzik wrote: > Hi Everyone, > > We're now having a problem where (blatant!) spam is getting through our > server, apparently without even being checked by MailScanner. Our custom > headers haven't been added and this is VERY spammy. That said, a lot of > spam is being blocked by MailScanner. > > I'm not sure how to troubleshoot this. Help! did you disable sendmail? chkconfig sendmail off service sendmail stop Ken A. Pacific.Net > Thanks, > Chris From clacroix at cegep-ste-foy.qc.ca Thu Oct 12 21:04:11 2006 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Thu Oct 12 21:04:16 2006 Subject: Preferred MTA? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D33F@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D33F@UBIMAIL1.ubisoft.org> Message-ID: <200610121604.12194.clacroix@cegep-ste-foy.qc.ca> I like postfix because it's just plain simple to configure and you aren't limited as you can call external programs to to whatever postfix doesn't do outa the box. On Thursday 12 October 2006 15:49, Daniel Maher wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin > > Sent: October 12, 2006 3:16 PM > > To: MailScanner > > Subject: OT: Preferred MTA? > > > > Hello all, > > > > I have been asked to evaluate what would be needed to turn our internal > > mail hubs into secured ones. Since I always had trouble with sendmail's > > documentation, I was thinking about switching to another MTA. > > > > We currently use many sendmail features such as greet_pause, > > conncontrol, ratecontrol and milter-greylist. We have multiple domains > > and use LDAP for final delivery address resolution. And of course, MS > > must blend just fine with the MTA. > > > > What other MTA would give me those features with less headaches whenever > > I need to change things? Exim? Postfix? others? > > > > I couldn't find a greylisting for Exim that shares its state table > > between multiple MX... but I think PF could use my existing > > milter-greylist as is... > > > > As for ease of configuration and quality of documentation, which do you > > recommend? > > > > Do you recommend using a HW load balancer (and SSL accelerator) in front > > of my servers? How about Cisco's? > > > > Thanks! > > > > Denis > > For my money, qmail is the way to go. That said, MailScanner doesn't > officially support qmail, so even though it's arguably the best MTA out > there right now, you'll likely have to pass it by if you want to continue > leveraging MailScanner as a platform. > > One might be able to infer from my previous statement that I'm somewhat > anti-sendmail. I don't deny it. :) What I will say, however, is that one > of the advantages that sendmail /does/ have over qmail is that there is an > absolute tonne of 3rd party add-ons, support modules, and so forth out > there for it. > > This, in fact, is why lean towards Postfix for MailScanner-enabled > environments. Postfix balances the extensibility of sendmail with the ease > of use of qmail, and even manages to be popular enough to have a good > support base (though some might tell you that the lead developer can be a > bit of a cranky-pants at times ;) ). > > Anyhoo, that's just my 2 cents... > > > -- > > _ > > ?v? Denis Beauchemin, analyste > > /(_)\ Universit? de Sherbrooke, S.T.I. > > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > p.s. c't'un jolie 'tit pingouin dans ton .sig, la. ;) > > > -- > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > Sentio aliquos togatos contra me conspirare. -- Charles Lacroix, Administrateur UNIX. Service des t?l?communications et des technologies C?gep de Sainte-Foy (418) 659-6600 # 4266 From gborders at jlewiscooper.com Thu Oct 12 21:14:06 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Oct 12 21:15:00 2006 Subject: MS/SA Installed - How is it working? In-Reply-To: <452E43D7.61A4.0000.0@caspercollege.edu> References: <452E91B0.7090205@fractalweb.com> <452E43D7.61A4.0000.0@caspercollege.edu> Message-ID: <452EA20E.40307@jlewiscooper.com> Daniel Straka wrote: > This kind of goes along with Chris Yuzik's post "spam getting through > without even being checked" (see below). > > So I've got MS running with SA. It seems to be doing OK, but how do I > know? > Yes, I bought the book. > I would like to know... > How to tell if MS is running well? > How to tell if SA running well? > What maintenance is required? > When should I tweak MS? > When should I tweak SA? > What are essential SA tweaks? > How do I tweak SA? > How about a MS/SA crash course (tips) from the experts? > > > >>>> Chris Yuzik 10/12/2006 1:04 PM >>> >>>> > Hi Everyone, > > We're now having a problem where (blatant!) spam is getting through our > > server, apparently without even being checked by MailScanner. Our > custom > headers haven't been added and this is VERY spammy. That said, a lot of > > spam is being blocked by MailScanner. > > I'm not sure how to troubleshoot this. Help! > > Thanks, > Chris > I too had a sudden rash of excessive spam, but I soon discovered it was related to the "k" "000" bug, in Std release 4.56.7. The MailScanner.conf line Max SpamAssassin Size needs to have the zeroes. Or patch it with Jules update. Fixed the sudden sneaking thru spams really quick. Greg. Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Thu Oct 12 21:17:49 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Oct 12 21:18:07 2006 Subject: MS/SA Installed - How is it working? In-Reply-To: <452E43D7.61A4.0000.0@caspercollege.edu> References: <452E91B0.7090205@fractalweb.com> <452E43D7.61A4.0000.0@caspercollege.edu> Message-ID: <452EA2ED.8020503@evi-inc.com> Daniel Straka wrote: > This kind of goes along with Chris Yuzik's post "spam getting through > without even being checked" (see below). > > So I've got MS running with SA. It seems to be doing OK, but how do I > know? > Yes, I bought the book. > I would like to know... Well, you've got a lot of questions I could write a book about each one. However, I'll try to give you a little bit of wisdom on each. Hopefully others do the same and you'll get a lot of good advice. > How to tell if MS is running well? My suggestion: use mailscanner-mrtg, or something similar that monitors a lot of mailscanner and graphs it. Watch the inbound queue, if it starts growing, and keeps growing, somethings not working well. This also lets you watch virus and spam hit rates. After a while you'll get a feel for what's "normal". From there you'll be able to see if something is worth investigation. ie: if you normally get 10-50 viruses a day, and suddenly there's none for 2 days in a row, your virus scanning is probably broken. You can also test it periodically by emailing yourself an eicar test virus, or have a website do it for you (ie: http://www.aleph-tec.com/eicar/index.php) > How to tell if SA running well? This is a bit harder. You can watch the spam catch rate with mrtg. Spam rates are normally fairly linear, so if your SA starts missing a lot the normal triangular graph will start looking like a shallow staircase. Also keep an eye out for ".expire" files in the directory where your bayes DB lives (look for bayes_toks on your machine). These are a sign that your MailScanner is timing out SA instances during bayes database expiry. Extend your spamassassin timeout in MailScanner.conf if it crops up. > What maintenance is required? Generally speaking, little. Keep your AV updated regularly (MS will generally do this for you with most AV packages. However, some need manual updating, ie: command av, which uses passworded FTP downloads). Update SA periodically (unless there's a security hole you don't have to jump to the latest release every time, but it's advisable to keep relatively recent) > When should I tweak MS? > When should I tweak SA? When you start having problems of mis-tagging. > What are essential SA tweaks? make sure your trusted_networks is set properly. see http://wiki.apache.org/spamassassin/TrustPath Browse the /etc/mail/spamassassin/*.pre files to see if there are any plugins you want to use. Note that some of these require 3rd party software to run. (ie: SPF, DCC, Razor, pyzor), but you can find that in the manpage for the plugin. See the plugin docs at: http://spamassassin.apache.org/full/3.1.x/dist/doc/ Named Mail_SpamAssassin_Plugin_* consider using sa-update. Cautiously consider using add-on rulesets. (DO NOT use sa-blacklist or sa-blacklist-uri unless you consider 1GB a small amount of RAM) http://wiki.apache.org/spamassassin/CustomRulesets Note: don't go hog-wild with the add-ons. I'd really suggest adding no more than 3 at a time. A very common problem is someone who just downloaded SA, installed every add-on ruleset that exists, fires it up and wonders why their server is grinding to a halt. There is such a thing as too much, but you can probably safely add 10-20 files that are under 128k. The "too much" line depends a lot on how much RAM you have to spare. Each added rule takes a little extra ram. A lot of added rules take a lot of extra ram. For what it's worth I use: 53868 Apr 21 10:44 70_sare_adult.cf 24298 Oct 5 2005 70_sare_evilnum0.cf 1574 Sep 16 2005 70_sare_evilnum1.cf 45933 Dec 30 2005 70_sare_genlsubj0.cf 28066 Jun 4 01:00 70_sare_html0.cf 51886 Oct 12 2005 70_sare_obfu0.cf 18190 Dec 15 2005 70_sare_random.cf 97820 May 27 23:00 70_sare_specific.cf 52048 Apr 10 2006 70_sare_stocks.cf 17879 Oct 12 2005 70_sare_uri0.cf 1467 Apr 21 10:44 71_sare_adult_rescore.cf 57580 Sep 16 2005 99_FVGT_Tripwire.cf 10147 Jun 1 2005 99_sare_fraud_post25x.cf Along with 30-some odd custom rulesets of my own design for local needs. Most of these are very small (ie: under 1k) > How do I tweak SA? There's a million ways, from simple tweaks like the above to writing your own add-on rules and plugins. That said your common simple tweaks are: -adjusting required_score -making use of whitelist_from_rcvd -making use of sa-learn for bayes training, this helps correct spam that's getting low BAYES_xx scores, or nonspam that's getting high ones. > How about a MS/SA crash course (tips) from the experts? See above. From sconway at wlnet.com Thu Oct 12 21:21:26 2006 From: sconway at wlnet.com (Stephen Conway) Date: Thu Oct 12 21:21:31 2006 Subject: Strange Sendmail Sessions Message-ID: <01da01c6ee3b$fef6dbf0$b000a8c0@skyhawk> Hello All: I have a couple systems with the following: Intel based systems 1 GB RAM running Slackware Linux Sendmail 8.13.8 MailScanner-4.55.10 SpamAssassin version 3.1.0 Perl 5.6.1 I have a problem where I am getting a lot of sendmail sessions opening up similar to below: 0:00 sendmail: k9CJgJRU012733 c647683-42.impsat.com.co [64.76.83.42] (may be forged): DATA 0:00 sendmail: k9CJlhwE014949 movaris-nxds1-89.hicap.alink.net [67.131.237.89]: DATA A bunch of these keep coming in from various different networks, but they all stay around and eventually my MAX Daemon Children vaule is reached. The question is, can this be a network issue where these sessions are not completing? Also, how can I get sendmail to kill these old sessions after X minutes or something? Any assistance is appreciated. Thanks, Steve -- ShipMail Now 30% Faster From mikej at rogers.com Thu Oct 12 21:31:17 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Oct 12 21:44:30 2006 Subject: OT: Preferred MTA? In-Reply-To: <452E9482.6050307@USherbrooke.ca> References: <452E9482.6050307@USherbrooke.ca> Message-ID: <452EA615.1070507@rogers.com> Denis Beauchemin wrote: > Hello all, > > I have been asked to evaluate what would be needed to turn our > internal mail hubs into secured ones. Since I always had trouble with > sendmail's documentation, I was thinking about switching to another MTA. > > We currently use many sendmail features such as greet_pause, > conncontrol, ratecontrol and milter-greylist. We have multiple > domains and use LDAP for final delivery address resolution. And of > course, MS must blend just fine with the MTA. > > What other MTA would give me those features with less headaches > whenever I need to change things? Exim? Postfix? others? > > I couldn't find a greylisting for Exim that shares its state table > between multiple MX... but I think PF could use my existing > milter-greylist as is... I would recommend postfix, its feature rich, very easy to configure, and has a great security record. It is also designed to be a compatible replacement for sendmail, and since version 2.3 it supports sendmail milters. From mikej at rogers.com Thu Oct 12 21:32:32 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Oct 12 21:44:46 2006 Subject: Preferred MTA? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D33F@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D33F@UBIMAIL1.ubisoft.org> Message-ID: <452EA660.80001@rogers.com> Daniel Maher wrote: > For my money, qmail is the way to go. That said, MailScanner doesn't officially support qmail, so even though it's arguably the best MTA out there right now, you'll likely have to pass it by if you want to continue leveraging MailScanner as a platform. > > One might be able to infer from my previous statement that I'm somewhat anti-sendmail. I don't deny it. :) What I will say, however, is that one of the advantages that sendmail /does/ have over qmail is that there is an absolute tonne of 3rd party add-ons, support modules, and so forth out there for it. > Thats because qmail is an obsolete and unmaintained (what, 8 years old now?) POS MTA. From daniel.maher at ubisoft.com Thu Oct 12 21:58:42 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu Oct 12 21:58:46 2006 Subject: Preferred MTA? In-Reply-To: <452EA660.80001@rogers.com> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D342@UBIMAIL1.ubisoft.org> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mike Jakubik > Sent: October 12, 2006 4:33 PM > To: MailScanner discussion > Subject: Re: Preferred MTA? > > > Thats because qmail is an obsolete and unmaintained (what, 8 years old > now?) POS MTA. > When something is designed properly in the first place, it doesn't need to be patched constantly. Of course, we don't need to start any flame wars here. To each their own opinion... -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. From Denis.Beauchemin at USherbrooke.ca Thu Oct 12 21:58:54 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Oct 12 21:59:22 2006 Subject: Strange Sendmail Sessions In-Reply-To: <01da01c6ee3b$fef6dbf0$b000a8c0@skyhawk> References: <01da01c6ee3b$fef6dbf0$b000a8c0@skyhawk> Message-ID: <452EAC8E.808@USherbrooke.ca> Stephen Conway a ?crit : > Hello All: > > I have a couple systems with the following: > > Intel based systems 1 GB RAM running Slackware Linux > Sendmail 8.13.8 > MailScanner-4.55.10 > SpamAssassin version 3.1.0 > Perl 5.6.1 > > I have a problem where I am getting a lot of sendmail sessions opening up > similar to below: > > 0:00 sendmail: k9CJgJRU012733 c647683-42.impsat.com.co [64.76.83.42] (may be > forged): DATA > 0:00 sendmail: k9CJlhwE014949 movaris-nxds1-89.hicap.alink.net > [67.131.237.89]: DATA > > A bunch of these keep coming in from various different networks, but they > all stay around and eventually my MAX Daemon Children vaule is reached. The > question is, can this be a network issue where these sessions are not > completing? Also, how can I get sendmail to kill these old sessions after X > minutes or something? > > Any assistance is appreciated. > > Thanks, > > Steve > > > Steve, I use the following in my sendmail.mc: define(`confTO_ACONNECT', `5m')dnl define(`confTO_CONNECT', `1m')dnl define(`confTO_ICONNECT', `20s')dnl define(`confTO_COMMAND', `5m')dnl define(`confTO_AUTH', `1m')dnl define(`confTO_DATABLOCK', `5m')dnl define(`confTO_DATAFINAL', `10m')dnl define(`confTO_MAIL', `5m')dnl define(`confTO_RCPT', `5m')dnl define(`confTO_RESOLVER_RETRANS_FIRST', `2s')dnl define(`confTO_RESOLVER_RETRANS_NORMAL', `10s')dnl define(`confTO_RESOLVER_RETRY_FIRST', `2')dnl define(`confTO_RESOLVER_RETRY_NORMAL', `5')dnl define(`confTO_STARTTLS', `5m')dnl I was also seeing connections that would not close, shutting my server down. Haven't seen any since I configured all the TO_ listed above. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061012/98197d2b/smime.bin From mikej at rogers.com Thu Oct 12 22:10:04 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Oct 12 22:10:10 2006 Subject: Preferred MTA? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D342@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D342@UBIMAIL1.ubisoft.org> Message-ID: <452EAF2C.10304@rogers.com> Daniel Maher wrote: > When something is designed properly in the first place, it doesn't need to be patched constantly. > > Right, because when qmail was written, the programmer saw the future and already integrated all the features that modern MTAs like postfix or sendmail have. How many patches and addons are there for qmail to get functionality that current MTAs already have? > Of course, we don't need to start any flame wars here. To each their own opinion... > Of course. From ka at pacific.net Thu Oct 12 22:18:30 2006 From: ka at pacific.net (Ken A) Date: Thu Oct 12 22:16:45 2006 Subject: Preferred MTA? In-Reply-To: <452EAF2C.10304@rogers.com> References: <1E293D3FF63A3740B10AD5AAD88535D20226D342@UBIMAIL1.ubisoft.org> <452EAF2C.10304@rogers.com> Message-ID: <452EB126.1090300@pacific.net> Mike Jakubik wrote: > Daniel Maher wrote: >> When something is designed properly in the first place, it doesn't >> need to be patched constantly. >> >> > > Right, because when qmail was written, the programmer saw the future > and already integrated all the features that modern MTAs like postfix or > sendmail have. How many patches and addons are there for qmail to get > functionality that current MTAs already have? If qmail had milter-ahead, it would know the future! :-P Hey, I like sendmail, but I wasn't about to say that in a thread with _this_ subject, since my asbestos suit is at the cleaners. Ken A. > > >> Of course, we don't need to start any flame wars here. To each their >> own opinion... >> > > Of course. > > From richard.siddall at elirion.net Thu Oct 12 22:16:24 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Oct 12 22:17:24 2006 Subject: Preferred MTA? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D342@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D342@UBIMAIL1.ubisoft.org> Message-ID: <452EB0A8.7050703@elirion.net> Daniel Maher wrote: > When something is designed properly in the first place, it doesn't > need to be patched constantly. > > Of course, we don't need to start any flame wars here. To each their > own opinion... > So, Daniel, are you running an unpatched copy of qmail? (You need to patch it to support alternative queue delivery programs like you need for MailScanner, correct?) Regards, Richard Siddall From axisml at gmail.com Thu Oct 12 22:21:01 2006 From: axisml at gmail.com (Chris Stone) Date: Thu Oct 12 22:21:39 2006 Subject: Strange Sendmail Sessions In-Reply-To: <01da01c6ee3b$fef6dbf0$b000a8c0@skyhawk> References: <01da01c6ee3b$fef6dbf0$b000a8c0@skyhawk> Message-ID: <1160688061.5191.8.camel@cs.axint.net> On Thu, 2006-10-12 at 16:21 -0400, Stephen Conway wrote: > I have a problem where I am getting a lot of sendmail sessions opening up > similar to below: > > 0:00 sendmail: k9CJgJRU012733 c647683-42.impsat.com.co [64.76.83.42] (may be > forged): DATA > 0:00 sendmail: k9CJlhwE014949 movaris-nxds1-89.hicap.alink.net > [67.131.237.89]: DATA > > A bunch of these keep coming in from various different networks, but they > all stay around and eventually my MAX Daemon Children vaule is reached. The > question is, can this be a network issue where these sessions are not > completing? Also, how can I get sendmail to kill these old sessions after X > minutes or something? Started seeing this myself on my MailScanner servers (3 of them) yesterday. What I've done to mitigate the 'damage' is adding the following in my sendmail_in.mc file: FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(delay_checks)dnl FEATURE(`blacklist_recipients')dnl FEATURE(`ratecontrol',`nodelay',`terminate')dnl FEATURE(`conncontrol',`nodelay',`terminate')dnl And then in my access file: # connections control and throttling ClientConn: 5 ClientRate: 15 Has helped a lot. Chris -- Chris Stone AxisInternet, Inc. From lisa.wu at syntricity.com Thu Oct 12 23:10:18 2006 From: lisa.wu at syntricity.com (Lisa Wu) Date: Thu Oct 12 23:11:08 2006 Subject: Sophos/MailScanner In-Reply-To: <452DF7E0.5040706@solidstatelogic.com> Message-ID: <006501c6ee4b$33801df0$9908a8c0@syntricity.com> Martin Hepworth wrote: > >>> Once in a while the server will fail to download its updates from > Sophos. > >>> (The cause being that our T1 line went down). Then the mail log starts > >>> posting MailScanner error messages every 10 seconds until a successful > >>> update occurs: > >>> > >>> Sep 6 14:06:50 mail MailScanner[30864]: None of the files matched by > the > >>> "Monitors For Sophos Updates" patterns exist! > >>> > >>> Because of this error the queue starts placing all messages on hold. > > > > > >> Lisa > >> > >> how are you updating the virus defs for Sophos? > > > > > > Martin, > > > > There is a cron job that runs the Sophos update script running once > every > > hour. > > > > Thanks, > > Lisa > > > > > > Lisa > > Can you give a bit more info. Which cron job? is should be > update_virus_scanners which will do all the scanners you've defined in > MailScanner.conf. > > This script is reasonbly failure proof as it downloads the updates into > a separate folder and only on success does it move the 'new' to 'live' > folders as it were. > > Also i presume your using the MailScanner Sophos.Install script to > install your Sophos as well..?? AS mailScanner expects Sophos V4 to be > in a non-default Sophos Directory. > Hi Martin, Here is the cron job that is running. 21 0-23/2 * * * /usr/local/updates/Sophos/savupd/savupd.sh > /dev/null I've attached a copy of the script that is being run. I did not set-up this server, so I don't know if the previous admin used the MailScanner Sophos.Install script to install Sophos. From how it looks it doesn't seem so. >From what you stated in your last e-mail, should I be setting up a cronjob that uses a preconfigured update_virus_scanners script that was part of the MailScanner Sophos install? In my MailScanner.conf file Virus Scanners = sophossavi In my virus.scanners.conf file this is the entry for sophossavi sophossavi /bin/false /tmp Let me know if there's any other info you need from me. Thanks, Lisa -------------- next part -------------- #!/bin/sh # savupd.sh - automated updating for UNIX / Linux / FreeBSD # savupd.sh shell script (savupd.sh) # email: support@sophos.com # Phone (UK): +44 (0)1235 559933 # Phone (US): +1 888 767 4679 ############################################################### ## DO NOT EDIT THIS FILE ## ############################################################### version='1.3 {20030528}' PATH=$PATH:/bin:/sbin:/opt/sfw/bin:/usr/u