From micoots at yahoo.com Sat Dec 1 03:18:23 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sat Dec 1 03:18:28 2007 Subject: slightly OT: (WAS: Re: MailScanner --lint doesn't check Eicar virus - OK here!) In-Reply-To: <47501AE0.1040502@nerc.ac.uk> Message-ID: <981852.88678.qm@web33307.mail.mud.yahoo.com> Hi Greg, Greg Matthews wrote: Michael, I dont mean to be rude but could you please sort out quoting on your mail client. It makes reading threads much harder when your contribution is indistinguishable from other peoples. I don't know what to say mate. I'm using Yahoo's freemail service, I think it's hopeless personally, but it holds various mailing lists I'm a member of. It used to be good before they did all these "required" Ajax upgrades. I'll see what I can do to make this less html and ajax aware. Michael. GREG Michael Mansour wrote: > Hi Phil, > > "Randal, Phil" wrote: Michael, > > Which version of RedHat are you running? > I'm running Scientific Linux 4.5 (RHEL4 U5), and I see the problem on 6 MailScanner servers, which I'm pretty sure happened after the perl update. > > I see the problem on CentOS 5.0. > > It may a side effect of force-installing the perl update. > I didn't force install the update, I just removed two RPM's which were clashing with the pre-built MailScanner ones (because the perl errata already had those perl modules in it) and then did the "rpm -Uvh", it went through cleanly. > > It would be nice to know what's actually happening and what the fix is, though. I'm not a perl guru so it's beyond me. > Yes, I may re-install MS 4.65.3 tomorrow on one of the MailScanner servers and see if it fixes that problem. > > Michael. > Cheers, > > Phil -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Make the switch to the world's best email. Get the new Yahoo!7 Mail now. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071201/468e8ef9/attachment.html From ugob at lubik.ca Sat Dec 1 03:28:15 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Dec 1 03:28:38 2007 Subject: Accent In-Reply-To: <4513E40A.5020002@USherbrooke.ca> References: <4513DA4D.1000200@multitech.qc.ca> <4513E40A.5020002@USherbrooke.ca> Message-ID: Denis Beauchemin wrote: > Claude Gagn? a ?crit : >> Hi, >> >> Sometimes when our MailScanner apply the inline.sig.html or the >> inline.sig.txt the accent (like ?) appears as a "i" or chinese symbol. >> Anyone know how can I get rid of this issues ? >> > > Claude, > > I don't think you can avoid this as the message encoding is defined in > the email headers and it is put there by the email clients, not MS. So > it changes from one email to the other. > > Denis > Julian, would it be possible to fix that in some way? Forcing UTF-8 maybe? Regards, Ugo From ugob at lubik.ca Sat Dec 1 04:24:14 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Dec 1 04:24:39 2007 Subject: language strings Message-ID: Hi, This is MailScanner version 4.61.7 In MailScanner.conf: Language Strings = %rules-dir%/language.strings.rules in language.strings.rules To: *@lubik.ca /etc/MailScanner/reports/fr/languages.conf In /etc/MailScanner/reports/fr/languages.conf PossibleFraudStart = MailScanner soupçonne le lien suivant d'être une tentative de fraude de la part de PossibleFraudEnd = NumericLinkWarning = Avertissement : Liens avec des adresses IP sont souvent malicieuses: I send a phishing fraud to ugob@lubik.ca, and I get the english phishing errors. Any ideas? Ugo From ugob at lubik.ca Sat Dec 1 04:29:46 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Dec 1 04:30:16 2007 Subject: Error in 4.66.1 beta In-Reply-To: <47501A5A.8090302@slackadelic.com> References: <7EF0EE5CB3B263488C8C18823239BEBA023EAAFD@HC-MBX02.herefordshire.gov.uk> <47501A5A.8090302@slackadelic.com> Message-ID: Matt Hayes wrote: > Randal, Phil wrote: >> I've install the beta 4.66.1 on my test box, updated the conf files, and >> restarted. >> >> And get this logged: >> >> Nov 30 14:02:53 mx2 MailScanner[21514]: Syntax error(s) in configuration >> file: >> Nov 30 14:02:53 mx2 MailScanner[21514]: Unrecognised keyword >> "syslogsockettype" at line 2545 >> Nov 30 14:02:53 mx2 MailScanner[21514]: Warning: syntax errors in >> /etc/MailScanner/MailScanner.conf. >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK > > > I have the same error message, however, it doesn't seem to affect the > way MailScanner operates so I just tended to ignore it :) > > -Matt have you done your upgrade_language_conf ? From hvdkooij at vanderkooij.org Sat Dec 1 07:23:26 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Dec 1 07:23:47 2007 Subject: install-Clam-SA and clamd In-Reply-To: References: Message-ID: <47510BEE.5030905@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Scott Silva wrote: >> on 11/29/2007 4:17 PM Mark Nienberg spake the following: >>> A buddy of mine is doing a fresh install of MailScanner on a Centos 5 >>> box and he reported to me that when he ran the install-Clam-SA script >>> and it gave him the option to install Dag's rpms instead he did so. >>> But then when he reran the install script and told it that clam was >>> already installed, it tried to build Mail::ClamAV in addition to all >>> the SA stuff. >>> >>> The build of Mail::ClamAV failed, I assume because he did not install >>> Dag's clamav-devel rpm. The script only says to install clamav, >>> clamav-db, and clamd from Dag. >>> >>> I think it would be best to skip the build of Mail::ClamAV if the >>> user says that clamav is already installed. Or else tell the user to >>> install the devel package too. >>> >>> Mark >>> >> You should have him look at the message with subject; >> Experimental repository for RHEL 5 / Centos 5 >> http://thread.gmane.org/gmane.mail.virus.mailscanner/58545 >> > > I thought that the experimental yum repository only installed the > minimum MS package and dependencies. If so, that doesn't really answer > the question about installing Clam and SA does it? SA is considered a minimum requirement. I am preparing a test setup to document other packages in there that can be obtained through rpmforge. Something like: ClamAV: yum install clamav MailScanner.conf lines: ...... Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHUQvqBvzDRVjxmYERAsZ2AKCtV6Rb/603TztCTevxf7F3dhyGGgCgmfsi GTFQtqHRtkUnDzKNe3UNhac= =03bB -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Dec 1 07:26:28 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Dec 1 07:26:46 2007 Subject: install-Clam-SA and clamd In-Reply-To: References: Message-ID: <47510CA4.5000007@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Scott Silva wrote: >> on 11/29/2007 4:17 PM Mark Nienberg spake the following: >>> A buddy of mine is doing a fresh install of MailScanner on a Centos 5 >>> box and he reported to me that when he ran the install-Clam-SA script >>> and it gave him the option to install Dag's rpms instead he did so. >>> But then when he reran the install script and told it that clam was >>> already installed, it tried to build Mail::ClamAV in addition to all >>> the SA stuff. >>> >>> The build of Mail::ClamAV failed, I assume because he did not install >>> Dag's clamav-devel rpm. The script only says to install clamav, >>> clamav-db, and clamd from Dag. >>> >>> I think it would be best to skip the build of Mail::ClamAV if the >>> user says that clamav is already installed. Or else tell the user to >>> install the devel package too. >>> >>> Mark >>> >> You should have him look at the message with subject; >> Experimental repository for RHEL 5 / Centos 5 >> http://thread.gmane.org/gmane.mail.virus.mailscanner/58545 >> > > I thought that the experimental yum repository only installed the > minimum MS package and dependencies. If so, that doesn't really answer > the question about installing Clam and SA does it? I have enabled a lot of extra features and have still only used centos + rpmforge to install the software. Except for the actual AV software. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHUQyiBvzDRVjxmYERAkKWAKC2lmvfpe4nIras2rHZz7smQi21tQCgmSSR 6KbyRTlaATE2robgy4//IUY= =2YWi -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Dec 1 07:29:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Dec 1 07:30:02 2007 Subject: CentOS5, MS 4.65.3-1, perl Math modules In-Reply-To: <298547.59820.qm@web33309.mail.mud.yahoo.com> References: <298547.59820.qm@web33309.mail.mud.yahoo.com> Message-ID: <47510D67.609@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Mansour wrote: > Hi Hugo, > > */Hugo van der Kooij /* wrote: > > David Lee wrote: >> I have just been installing MailScanner-4.65.3-1 on a freshly > installed >> CentOS-5 (32-bit) system. > > As this is a fresh system. you might want to add rpmforge to your > repository and then test my experimental wrapper. If it passes Jules QA > checks it will become part of the mainstream site. > > For now: http://yum.vanderkooij.org/ > > That will allow for a clean rollout as some of the testers have > confirmed. > >> Does this wrapper also work for RHEL4-based distributions? or just RHEL5? It hase been tested by me and others for: Centos 4 i386 Centos 4 x86_64 Centos 5 i386 Centos 5 x86_64 Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHUQ1iBvzDRVjxmYERAuOGAJ9c0EyaVOrKxrjyAlIxc4Jw0XD8kQCeM7X/ Gmkir+gck/h8rNWNuKJGUr0= =N3ok -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Dec 1 07:54:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Dec 1 07:55:32 2007 Subject: CentOS5, MS 4.65.3-1, perl Math modules In-Reply-To: <47510D67.609@vanderkooij.org> References: <298547.59820.qm@web33309.mail.mud.yahoo.com> <47510D67.609@vanderkooij.org> Message-ID: <4751134A.4060909@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > It hase been tested by me and others for: > Centos 4 i386 > Centos 4 x86_64 > Centos 5 i386 > Centos 5 x86_64 The current requirements for the wrapper: Requires: mailscanner = 4.65.3 Requires: perl >= 5.008 Requires: perl-Archive-Zip Requires: perl-Convert-BinHex Requires: perl-DBD-SQLite Requires: perl-DBI Requires: perl-Filesys-Df >= 0.9 Requires: perl-IO-stringy Requires: perl-MailTools Requires: perl-MIME-tools >= 5.412 Requires: perl-Net-CIDR Requires: perl-Sys-Hostname-Long Requires: perl-TimeDate Requires: spamassassin >= 3.2 Requires: tnef >= 1.1.1 Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHURNHBvzDRVjxmYERArfaAKCovtTuk/hGF3VZREwPwQNzoI4K8ACeLWk1 JPA7gEpgqKXYYv7a9EZK4Rg= =AV76 -----END PGP SIGNATURE----- From ugob at lubik.ca Sat Dec 1 12:34:25 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Dec 1 12:34:51 2007 Subject: Weird phishing attempt In-Reply-To: <47503D46.2070602@USherbrooke.ca> References: <47503D46.2070602@USherbrooke.ca> Message-ID: Denis Beauchemin wrote: > Hello all, > > I just received the attached email. No HTML, no image, just plain text. > Funny thing is I don't know anything about them... > > I looked on their web site ( > http://www.sunwestfcu.org/site/contact_locations.html#phone ) and > couldn't find the toll-free phone number. Could someone have hacked into > someone else's PBX and used it for phishing? They don't need to... They just bought themselves a toll-free number. I don't know how, but this should be reported so that the phone number is shut down it if is some kind of social engineering scam. Ugo > > It's the first time I see something like this! > > Denis > > > ------------------------------------------------------------------------ > > Subject: > New message from Customer Service > From: > "SunWest Federal Credit Union" > Date: > Fri, 30 Nov 2007 07:03:20 -0800 > > Return-Path: > > Received: > from courriel-fe1.usherbrooke.ca (courriel.USherbrooke.ca > [132.210.244.146]) by courriel4.usherbrooke.ca (Cyrus > v2.2.12-UdeS-RPM-2.2.12-3.RHEL4.1_udes_f) with LMTPA; Fri, 30 Nov 2007 > 10:05:16 -0500 > X-Sieve: > CMU Sieve 2.2 > Received: > from courriel-fe1.usherbrooke.ca ([unix socket]) by > courriel-fe1.usherbrooke.ca (Cyrus v2.1.18) with LMTP; Fri, 30 Nov 2007 > 10:05:16 -0500 > Received: > from smtpe3.usherbrooke.ca (smtpe3.USherbrooke.ca [132.210.244.89]) by > courriel-fe1.usherbrooke.ca (8.12.11.20060308/8.12.11) with ESMTP id > lAUF5FjY000849 for ; Fri, 30 Nov 2007 > 10:05:15 -0500 > Received: > from atlngroup.com (mail.atlngroup.com [192.117.140.85]) by > smtpe3.usherbrooke.ca (8.13.8/8.13.8) with ESMTP id lAUF4wju022298 for > ; Fri, 30 Nov 2007 10:05:09 -0500 > Received: > from User ([64.193.95.50]) by atlngroup.com with Microsoft > SMTPSVC(6.0.3790.3959); Fri, 30 Nov 2007 17:03:20 +0200 > MIME-Version: > 1.0 > Content-Type: > text/plain; charset="Windows-1251" > X-Priority: > 3 > X-MSMail-Priority: > Normal > X-Mailer: > Microsoft Outlook Express 6.00.2600.0000 > X-MimeOLE: > Produced By Microsoft MimeOLE V6.00.2600.0000 > Message-ID: > > X-OriginalArrivalTime: > 30 Nov 2007 15:03:20.0872 (UTC) FILETIME=[257B7A80:01C83362] > X-UdeS-MailScanner-Information: > Veuillez consulter le http://www.usherbrooke.ca/vers/virus-courriel > X-UdeS-MailScanner: > Aucun code suspect d?tect? > X-MailScanner-SpamCheck: > n'est pas un polluriel, SpamAssassin (not cached, score=4.409, requis > 4.5, BAYES_50 0.00, FORGED_MUA_OUTLOOK 3.12, MISSING_HEADERS 1.29) > X-UdeS-MailScanner-SpamScore: > ==== > X-UdeS-MailScanner-From: > info@sunwestfcu.org > X-Spam-Status: > No > Content-Transfer-Encoding: > quoted-printable > X-MIME-Autoconverted: > from 8bit to quoted-printable by safir.blacknight.ie id lAUGgaGw023594 > > > This communication was sent to safeguard your account against any > unauthorized activity. > > SunWest Federal Credit Union is aware of new phishing e-mails > that are circulating. These e-mails request consumers to click > a link due to a compromise of a credit card account. > > You should not respond to this message. > > For your security we have deactivated your card. > > How to activate your card > > Call (877) 300-6167 > > Our automated system allows you to quickly activate your card > > What to expect when activating online > > Card activation will take approximately one minute to complete. > > ? SunWest Federal Credit Union - All Rights Reserved > > From uxbod at splatnix.net Sat Dec 1 15:41:30 2007 From: uxbod at splatnix.net (UxBoD) Date: Sat Dec 1 15:41:46 2007 Subject: CentOS5, MS 4.65.3-1, perl Math modules In-Reply-To: Message-ID: <8283042.9891196523690957.JavaMail.root@office.splatnix.net> Due to being away a lot I shall be wiping my Gentoo server and installing with Centos5 X86_64 soon, so you will have another tester here aswell :) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "David Lee" To: "MailScanner discussion" Sent: Friday, November 30, 2007 4:54:01 PM (GMT) Europe/London Subject: CentOS5, MS 4.65.3-1, perl Math modules I have just been installing MailScanner-4.65.3-1 on a freshly installed CentOS-5 (32-bit) system. Executive summary: Math::BigInt, Math::BigRat and bignum installation problems. Detail: I realise that the MS installation says: # Do not worry too much about errors from the next command. # It is quite likely that some of the Perl modules are # already installed on your system. # # The important ones are HTML-Parser and MIME-tools. BUT... ... I saw the following: # Attempting to build and install perl-Math-BigInt-1.86-1 # ... # ********************************************************************** # Attention: After installing this package, you also need to update: # # Math::BigRat to at least v0.19 (you have v0.15) # bignum to at least v0.21 (you have v0.17) Afterwards, "MailScanner -V" showed Math::BigInt still to be an earlier (pre-installed?) version. And the "MailScanner -V" optional modules still included the old (those "you have ...") version numbers. # [Math::BigRat] # # t/big_ap......ok # t/bigfltrt....ok # t/bigrat......ok 132/193Can't locate object method "_as_oct" via package "Math::BigInt::Calc" at ../lib/Math/BigRat.pm line 1317. # t/bigrat......dubious # Test returned status 255 (wstat 65280, 0xff00) # DIED. FAILED tests 172-193 # Failed 22/193 tests, 88.60% okay # [bignum] # ... lots of errors in test beginning... # Failed test '(1-$ev) is approx. 0' # in t/bigexp.t at line 23. # got: '1.00000' # expected: '0.00000' # Looks like you failed 1 test of 4. # t/bigexp......dubious # Test returned status 1 (wstat 256, 0x100) # DIED. FAILED test 2 # Failed 1/4 tests, 75.00% okay # t/bigint......Can't locate object method "from_oct" via package "Math::BigInt" at ../lib/bigint.pm line 70. # t/bigint......dubious # Test returned status 255 (wstat 65280, 0xff00) # DIED. FAILED tests 18-36 # Failed 19/36 tests, 47.22% okay Does anyone else see failures with MS 4.65.3-1 doing these modules on a clean CentOS-5/ia32 machine? Any thoughts? Alas my CentOS-5 (which is actually a virtual (VMware) machine at present) is running liked a blocked drain. So substantial experimentation on it isn't really possible. (I hope to have that rectified by mid-week next week.) When I went to CPAN, those various modules then installed consistently and cleanly. So it looks like an issue with the MS packaging of them. (Overall: I'm looking to do a substantial, roll-out of such systems, across our existing service, so I'm looking to get it all as clean as possible.) -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From waytotheweb at googlemail.com Sat Dec 1 15:44:54 2007 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Sat Dec 1 15:44:58 2007 Subject: Strange problem on new install Message-ID: We're getting the following error on a new installation where MailScanner refused to start: root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. The server is running CentOS 4.5, exim 4.68, perl 5.8.8, MailScanner 4.65.3-1 Any ideas? -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From ugob at lubik.ca Sat Dec 1 16:06:48 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Dec 1 16:15:45 2007 Subject: Strange problem on new install In-Reply-To: References: Message-ID: Sarah Michaelson wrote: > We're getting the following error on a new installation where > MailScanner refused to start: > > root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. > > The server is running CentOS 4.5, exim 4.68, perl 5.8.8, MailScanner 4.65.3-1 > > Any ideas? > What is the output of MailScanner -v? Any missing modules? Did you configure it for exim? Ugo From waytotheweb at googlemail.com Sat Dec 1 16:27:02 2007 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Sat Dec 1 16:27:06 2007 Subject: Strange problem on new install In-Reply-To: References: Message-ID: On 01/12/2007, Ugo Bellavance wrote: > Sarah Michaelson wrote: > > We're getting the following error on a new installation where > > MailScanner refused to start: > > > > root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug > > Variable "$FIELD_NAME" is not imported at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > > Variable "$FIELD_NAME" is not imported at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > > Global symbol "$FIELD_NAME" requires explicit package name at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > > Global symbol "$FIELD_NAME" requires explicit package name at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > > Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. > > BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. > > > > The server is running CentOS 4.5, exim 4.68, perl 5.8.8, MailScanner 4.65.3-1 > > > > Any ideas? > > > > What is the output of MailScanner -v? Any missing modules? Exactly the same error as above. > Did you configure it for exim? Yes. -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From ugob at lubik.ca Sat Dec 1 16:40:14 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Dec 1 16:40:54 2007 Subject: Strange problem on new install In-Reply-To: References: Message-ID: Sarah Michaelson wrote: > On 01/12/2007, Ugo Bellavance wrote: >> Sarah Michaelson wrote: >>> We're getting the following error on a new installation where >>> MailScanner refused to start: >>> >>> root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug >>> Variable "$FIELD_NAME" is not imported at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6907. >>> Variable "$FIELD_NAME" is not imported at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6910. >>> Global symbol "$FIELD_NAME" requires explicit package name at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6907. >>> Global symbol "$FIELD_NAME" requires explicit package name at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6910. >>> Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. >>> BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. >>> >>> The server is running CentOS 4.5, exim 4.68, perl 5.8.8, MailScanner 4.65.3-1 >>> >>> Any ideas? >>> >> What is the output of MailScanner -v? Any missing modules? > > Exactly the same error as above. > >> Did you configure it for exim? > > Yes. > How was it installed? Is is the first time you install MailScanner? Regards, Ugo From uxbod at splatnix.net Sat Dec 1 17:09:49 2007 From: uxbod at splatnix.net (UxBoD) Date: Sat Dec 1 17:10:01 2007 Subject: slightly OT: (WAS: Re: MailScanner --lint doesn't check Eicar virus - OK here!) In-Reply-To: <981852.88678.qm@web33307.mail.mud.yahoo.com> Message-ID: <9343752.9921196528989207.JavaMail.root@office.splatnix.net> As Yahoo! now own Zimbra you could always ask on their forums especially as it is part of the the Zimbra code ;) http://www.zimbra.com Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Michael Mansour" To: "MailScanner discussion" Sent: Saturday, December 1, 2007 3:18:23 AM (GMT) Europe/London Subject: Re: slightly OT: (WAS: Re: MailScanner --lint doesn't check Eicar virus - OK here!) Hi Greg, Greg Matthews wrote: Michael, I dont mean to be rude but could you please sort out quoting on your mail client. It makes reading threads much harder when your contribution is indistinguishable from other peoples. I don't know what to say mate. I'm using Yahoo's freemail service, I think it's hopeless personally, but it holds various mailing lists I'm a member of. It used to be good before they did all these "required" Ajax upgrades. I'll see what I can do to make this less html and ajax aware. Michael. GREG Michael Mansour wrote: > Hi Phil, > > "Randal, Phil" wrote: Michael, > > Which version of RedHat are you running? > I'm running Scientific Linux 4.5 (RHEL4 U5), and I see the problem on 6 MailScanner servers, which I'm pretty sure happened after the perl update. > > I see the problem on CentOS 5.0. > > It may a side effect of force-installing the perl update. > I didn't force install the update, I just removed two RPM's which were clashing with the pre-built MailScanner ones (because the perl errata already had those perl modules in it) and then did the "rpm -Uvh", it went through cleanly. > > It would be nice to know what's actually happening and what the fix is, though. I'm not a perl guru so it's beyond me. > Yes, I may re-install MS 4.65.3 tomorrow on one of the MailScanner servers and see if it fixes that problem. > > Michael. > Cheers, > > Phil -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Make the switch to the world's best email. Get the new Yahoo!7 Mail now . -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Sat Dec 1 17:31:29 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Dec 1 17:31:49 2007 Subject: install-Clam-SA and clamd In-Reply-To: <47510BEE.5030905@vanderkooij.org> References: <47510BEE.5030905@vanderkooij.org> Message-ID: on 11/30/2007 11:23 PM Hugo van der Kooij spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mark Nienberg wrote: >> Scott Silva wrote: >>> on 11/29/2007 4:17 PM Mark Nienberg spake the following: >>>> A buddy of mine is doing a fresh install of MailScanner on a Centos 5 >>>> box and he reported to me that when he ran the install-Clam-SA script >>>> and it gave him the option to install Dag's rpms instead he did so. >>>> But then when he reran the install script and told it that clam was >>>> already installed, it tried to build Mail::ClamAV in addition to all >>>> the SA stuff. >>>> >>>> The build of Mail::ClamAV failed, I assume because he did not install >>>> Dag's clamav-devel rpm. The script only says to install clamav, >>>> clamav-db, and clamd from Dag. >>>> >>>> I think it would be best to skip the build of Mail::ClamAV if the >>>> user says that clamav is already installed. Or else tell the user to >>>> install the devel package too. >>>> >>>> Mark >>>> >>> You should have him look at the message with subject; >>> Experimental repository for RHEL 5 / Centos 5 >>> http://thread.gmane.org/gmane.mail.virus.mailscanner/58545 >>> >> I thought that the experimental yum repository only installed the >> minimum MS package and dependencies. If so, that doesn't really answer >> the question about installing Clam and SA does it? > > SA is considered a minimum requirement. I am preparing a test setup to > document other packages in there that can be obtained through rpmforge. > > Something like: > > ClamAV: > yum install clamav > MailScanner.conf lines: ...... > I would possibly add clamd and perl-mail-clamav to give the enduser all possibilities of clam use. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sat Dec 1 17:46:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Dec 1 17:47:02 2007 Subject: language strings In-Reply-To: References: Message-ID: on 11/30/2007 8:24 PM Ugo Bellavance spake the following: > Hi, > > This is MailScanner version 4.61.7 > > > In MailScanner.conf: > > Language Strings = %rules-dir%/language.strings.rules > > in language.strings.rules > > To: *@lubik.ca /etc/MailScanner/reports/fr/languages.conf > > In /etc/MailScanner/reports/fr/languages.conf > > PossibleFraudStart = MailScanner soupçonne > le lien suivant d'être une tentative de fraude de la part de > PossibleFraudEnd = > NumericLinkWarning = Avertissement : Liens avec des > adresses IP sont souvent malicieuses: > > I send a phishing fraud to ugob@lubik.ca, and I get the english phishing > errors. > > Any ideas? > > Ugo > Could the "%report-dir% = " setting be affecting this? Maybe a ruleset here will work. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sat Dec 1 17:48:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Dec 1 17:50:14 2007 Subject: Strange problem on new install In-Reply-To: References: Message-ID: on 12/1/2007 7:44 AM Sarah Michaelson spake the following: > We're getting the following error on a new installation where > MailScanner refused to start: > > root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. > > The server is running CentOS 4.5, exim 4.68, perl 5.8.8, MailScanner 4.65.3-1 > > Any ideas? > That install directory looks strange. Did you perhaps install with the source package when the redhat rpm version might have been a better fit? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ugob at lubik.ca Sat Dec 1 18:04:18 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Dec 1 18:04:48 2007 Subject: language strings In-Reply-To: References: Message-ID: Scott Silva wrote: > on 11/30/2007 8:24 PM Ugo Bellavance spake the following: >> Hi, >> >> This is MailScanner version 4.61.7 >> >> >> In MailScanner.conf: >> >> Language Strings = %rules-dir%/language.strings.rules >> >> in language.strings.rules >> >> To: *@lubik.ca >> /etc/MailScanner/reports/fr/languages.conf >> >> In /etc/MailScanner/reports/fr/languages.conf >> >> PossibleFraudStart = MailScanner soupçonne >> le lien suivant d'être une tentative de fraude de la part de >> PossibleFraudEnd = >> NumericLinkWarning = Avertissement : Liens avec >> des adresses IP sont souvent malicieuses: >> >> I send a phishing fraud to ugob@lubik.ca, and I get the english >> phishing errors. >> >> Any ideas? >> >> Ugo >> > Could the "%report-dir% = " setting be affecting this? Maybe, but we can't change it. > Maybe a ruleset here will work. > Ugo From waytotheweb at googlemail.com Sat Dec 1 21:43:26 2007 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Sat Dec 1 21:43:30 2007 Subject: Strange problem on new install In-Reply-To: References: Message-ID: On 01/12/2007, Scott Silva wrote: > on 12/1/2007 7:44 AM Sarah Michaelson spake the following: > > We're getting the following error on a new installation where > > MailScanner refused to start: > > > > root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug > > Variable "$FIELD_NAME" is not imported at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > > Variable "$FIELD_NAME" is not imported at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > > Global symbol "$FIELD_NAME" requires explicit package name at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > > Global symbol "$FIELD_NAME" requires explicit package name at > > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > > Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. > > BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. > > > > The server is running CentOS 4.5, exim 4.68, perl 5.8.8, MailScanner 4.65.3-1 > > > > Any ideas? > > > That install directory looks strange. Did you perhaps install with the source > package when the redhat rpm version might have been a better fit? That is where we always install it and have had no problems before. We use our own install package for cPanel/exim servers. Nothing has recently changed in that package and we've installed MailScanner on other servers today and in the last few days with no problems. -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From waytotheweb at googlemail.com Sat Dec 1 21:44:24 2007 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Sat Dec 1 21:44:27 2007 Subject: Strange problem on new install In-Reply-To: References: Message-ID: On 01/12/2007, Ugo Bellavance wrote: > Sarah Michaelson wrote: > > On 01/12/2007, Ugo Bellavance wrote: > >> Sarah Michaelson wrote: > >>> We're getting the following error on a new installation where > >>> MailScanner refused to start: > >>> > >>> root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug > >>> Variable "$FIELD_NAME" is not imported at > >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > >>> Variable "$FIELD_NAME" is not imported at > >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > >>> Global symbol "$FIELD_NAME" requires explicit package name at > >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > >>> Global symbol "$FIELD_NAME" requires explicit package name at > >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > >>> Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. > >>> BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. > >>> > >>> The server is running CentOS 4.5, exim 4.68, perl 5.8.8, MailScanner 4.65.3-1 > >>> > >>> Any ideas? > >>> > >> What is the output of MailScanner -v? Any missing modules? > > > > Exactly the same error as above. > > > >> Did you configure it for exim? > > > > Yes. > > > > How was it installed? Using our own install package for cPanel servers. > Is is the first time you install MailScanner? No, I have installed MailScanner many times. The same issue was reported to us on a server where a client upgraded MailScanner (it was working before), but have not yet been able to access that server to check out what else might have changed on that server. -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From jkf at ecs.soton.ac.uk Sun Dec 2 02:33:34 2007 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Sun Dec 2 02:34:09 2007 Subject: Strange problem on new install In-Reply-To: References: Message-ID: <7BC27C92-2AAB-40C8-9F40-A7389CCDEE64@ecs.soton.ac.uk> When I get home I will take a look at this one for you. I have never seen this error before. Am currently very bored in Dulles (dull by nature too) airport in Washington DC, tapping on my shiny new iPhone. It is remarkably usable and I can type a lot faster than on a normal mobile phone or stylus +PDA, particularly once you learn a few tricks of the spelling corrector. -- Jules On 1 Dec 2007, at 13:43, "Sarah Michaelson" wrote: > On 01/12/2007, Scott Silva wrote: >> on 12/1/2007 7:44 AM Sarah Michaelson spake the following: >>> We're getting the following error on a new installation where >>> MailScanner refused to start: >>> >>> root@server1 [~]# /usr/mailscanner/bin/MailScanner --debug >>> Variable "$FIELD_NAME" is not imported at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6907. >>> Variable "$FIELD_NAME" is not imported at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6910. >>> Global symbol "$FIELD_NAME" requires explicit package name at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6907. >>> Global symbol "$FIELD_NAME" requires explicit package name at >>> /usr/mailscanner/lib/MailScanner/Message.pm line 6910. >>> Compilation failed in require at /usr/mailscanner/bin/MailScanner >>> line 79. >>> BEGIN failed--compilation aborted at /usr/mailscanner/bin/ >>> MailScanner line 79. >>> >>> The server is running CentOS 4.5, exim 4.68, perl 5.8.8, >>> MailScanner 4.65.3-1 >>> >>> Any ideas? >>> >> That install directory looks strange. Did you perhaps install with >> the source >> package when the redhat rpm version might have been a better fit? > > That is where we always install it and have had no problems before. We > use our own install package for cPanel/exim servers. Nothing has > recently changed in that package and we've installed MailScanner on > other servers today and in the last few days with no problems. > > -- > Regards, > Sarah Michaelson > > Way to the Web Ltd > Server Management Services: > http://www.configserver.com > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Sun Dec 2 04:10:15 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Dec 2 04:10:19 2007 Subject: Can't block wmv files In-Reply-To: <605084.78809.qm@web33313.mail.mud.yahoo.com> Message-ID: <397891.16154.qm@web33304.mail.mud.yahoo.com> Hi, --- Michael Mansour wrote: > Hi Peter, > > shuttlebox wrote: On Nov 29, > 2007 1:31 AM, Michael Mansour wrote: > > I also have the tnef installed but because I have > tried different extensions > > (wmv, lnk, swf) from different freemail providers, > it wouldn't be because of > > tnef. > > Turn on archiving for your own address so you can > study the messages > as they enter MailScanner, you can unpack the > attachments there and > run the file command on them and see what it says. > This was something I didn't think of trying, so I > have taken your advice and ran an archive of mail. > > I emailed myself a wmv from my gmail account, and > got this: > > dflATBKPHb018211 > > I then ran: > > # uudeview dflATBKPHb018211 > Loaded from dflATBKPHb018211: '' > (Don_tjudgetooquickly3.wmv): > Don_tjudgetooquickly3.wmv part 1 Base64 > > Found 'Don_tjudgetooquickly3.wmv' State 16 Base64 > Parts 1 OK > > -rw-r--r-- Don_tjudgetooquickly3.wmv is OK [d] > (?=help) d > File successfully written to > /home/MailScanner/archive/20071129/Don_tjudgetooquickly3.wmv > 1 file decoded from 1 input file, 0 failed > > which produced: > > # ll > total 1534 > -rw-rw---- 1 root root 889559 Nov 29 22:24 > dflATBKPHb018211 > -rw-r--r-- 1 root root 658299 Nov 29 22:31 > Don_tjudgetooquickly3.wmv > > and we see this: > > # file Don_tjudgetooquickly3.wmv > Don_tjudgetooquickly3.wmv: Microsoft ASF > > yet I have this denied here: > > deny ASF No Windows media No > Windows media files allowed > > I'm really stumped why this is just let through. I've just spent another 5 hours on this problem and am now giving up and putting this down as a broken feature of MailScanner. What I've done this time is: * re-installed MailScanner, choosing 4.66 (which ended up breaking with another smtp socket error which I emailed the beta list) * re-installed MailScanner 4.65.3 with the ./install.sh script so it went through and re-installed various perl modules * configured the options "Deny Filenames" and "Deny Filetypes" in MailScanner.conf to deny postscript, script, PDF etc * configured a "test" domain (live on the internet but one of mine I don't use for email) with filename.rules and filetype.rules files to deny PDF, postscript, etc * downgraded perl to what it was prior to November 2 when Red Hat released 5.8.5-36.2, so I'm now running 5.8.5-36 * ran MailScanner in debug modes with full logging for non-spam, filename and filetype logging * ran in archive mail mode so I could run the "file" command on the message to see what it is, and also use uudeview to see what it is. and much more, all to no avail. I simply haven't been able to get MailScanner blocking/denying anything at all, and I know this used to work months ago but since then I haven't received requests for more blocks to be put into place until now, only to realise I can't block anymore. I've spent days on this one problem now and have exhausted all my options, if any one else has ideas as to why this wouldn't work or what else I can try, please let me know. Michael. > Michael. > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > > > > --------------------------------- > Make the switch to the world's best email. Get the > new Yahoo!7 Mail now.> -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From waytotheweb at googlemail.com Sun Dec 2 08:13:59 2007 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Sun Dec 2 08:14:02 2007 Subject: Strange problem on new install In-Reply-To: <7BC27C92-2AAB-40C8-9F40-A7389CCDEE64@ecs.soton.ac.uk> References: <7BC27C92-2AAB-40C8-9F40-A7389CCDEE64@ecs.soton.ac.uk> Message-ID: On 02/12/2007, Julian Field wrote: > When I get home I will take a look at this one for you. I have never > seen this error before. Thanks, Julian. Another server with the same problem, running CentOS 5, has just been reported. -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From waytotheweb at googlemail.com Sun Dec 2 09:33:21 2007 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Sun Dec 2 09:33:24 2007 Subject: Strange problem on new install In-Reply-To: <7BC27C92-2AAB-40C8-9F40-A7389CCDEE64@ecs.soton.ac.uk> References: <7BC27C92-2AAB-40C8-9F40-A7389CCDEE64@ecs.soton.ac.uk> Message-ID: On 02/12/2007, Julian Field wrote: > When I get home I will take a look at this one for you. I have never > seen this error before. My partner was able to find the problem. Using the latest version of MailTools v2.002 (released 30 Nov 2007) breaks MailScanner resulting in: /usr/mailscanner/bin/MailScanner -v Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. If you downgrade to MailTools 1.77 MailScanner works again. -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From hvdkooij at vanderkooij.org Sun Dec 2 11:08:21 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Dec 2 11:08:58 2007 Subject: Can't block wmv files In-Reply-To: <392617.38195.qm@web33306.mail.mud.yahoo.com> References: <392617.38195.qm@web33306.mail.mud.yahoo.com> Message-ID: <47529225.9060500@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Mansour wrote: > Hi, > > I'm using: > > mailscanner-4.65.3-1.noarch > > and trying to block various movie files for a domain. > > I have done this sort of setup numerous times for other domains and it > all works fine, but for this one particular domain I cannot get it to > work. wmv's, avi's, mpg's, etc all pass through. First off. You never told us the difference with the other domains. While it may seem irrelevant to you the exact samples wil propably be very relevant. Can you packup the whole set of files and make it available? It will definitly beat the snippets you post in the messages as important information might get lost. At one time I have been staring months on some odd behaviour. I finaly removed a set of lines and retyped as they appeared and to problems was gone. I did a diff to a backup file and there was a literal backspace character in the config file which I never noticed before. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD4DBQFHUpIiBvzDRVjxmYERAr69AKCYGqL6sqpG27XAHt5+BzcTxWYQJwCXYlxb 0GRqmoZ58GLqbIWClavLWg== =pQ+n -----END PGP SIGNATURE----- From doublet21 at gmail.com Sun Dec 2 11:20:35 2007 From: doublet21 at gmail.com (double T) Date: Sun Dec 2 11:20:40 2007 Subject: MailScanner on CPanel Message-ID: <9b6823b30712020320l7db5c2acx198786d022547c92@mail.gmail.com> Hi ! Following instructions from http://www.configserver.com/free/mailscanner.html i just installed mailscanner on a new CPanel server. In fact i wouldn't see it much complicated :), the problem is that I'm new with CPanel and MailScanner, coz i was workling untill now with Plesk and Qmail. Always wanted to try MailScanner! The point is that when MailScanner script (install.sh) finished, i had this error: ----------- Copying MailScanner/cPanel scripts... mkdir: created directory `/usr/mscpanel' `mscheck.pl' -> `/usr/mscpanel/./mscheck.pl' `mscpanel.pl' -> `/usr/mscpanel/./mscpanel.pl' `msswitch.pl' -> `/usr/mscpanel/./msswitch.pl' `version.txt' -> `/usr/mscpanel/./version.txt' `exim.init' -> `/usr/mscpanel/./exim.init' mode of `/usr/mscpanel/mscpanel.pl' changed to 0700 (rwx------) mode of `/usr/mscpanel/mscheck.pl' changed to 0700 (rwx------) mode of `/usr/mscpanel/msswitch.pl' changed to 0700 (rwx------) Shutting down exim: [ OK ] Shutting down antirelayd: [ OK ] Shutting down spamd: [ OK ] Starting exim: [ OK ] Starting exim-outgoing: [ OK ] Starting exim-smtps: [ OK ] Starting antirelayd: [ OK ] Starting spamd: [22397] info: config: dcc_path "/usr/local/bin/dccproc" isn't an executable [22397] info: config: SpamAssassin failed to parse line, "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: dcc_path /usr/local/bin/dccproc [ OK ] Stopping chkservd: [ OK ] Starting chkservd: [ OK ] Removing old scripts if they exist... ----------- This is the output of MailScanner -v [root@testsrv msinstall]# /usr/mailscanner/bin/MailScanner -v Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. Can somebosy help me please? Thanks in advance and sorry for my english, is not perfect =) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071202/a8fb972e/attachment.html From jcals at kls.es Sun Dec 2 12:05:16 2007 From: jcals at kls.es (:: KLS :: Jordi Cals) Date: Sun Dec 2 12:05:24 2007 Subject: MailScanner on CPanel In-Reply-To: <9b6823b30712020320l7db5c2acx198786d022547c92@mail.gmail.com> References: <9b6823b30712020320l7db5c2acx198786d022547c92@mail.gmail.com> Message-ID: <04ee01c834db$9bcaa3d0$d35feb70$@es> Double T, I guess you have the answer on last Sarah posts . maybe u didn't see them coz u just subscribed. Check on the list story =) De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de double T Enviado el: domingo, 02 de diciembre de 2007 12:21 Para: mailscanner@lists.mailscanner.info Asunto: MailScanner on CPanel Hi ! Following instructions from http://www.configserver.com/free/mailscanner.html i just installed mailscanner on a new CPanel server. In fact i wouldn't see it much complicated :), the problem is that I'm new with CPanel and MailScanner, coz i was workling untill now with Plesk and Qmail. Always wanted to try MailScanner! The point is that when MailScanner script (install.sh) finished, i had this error: ----------- Copying MailScanner/cPanel scripts... mkdir: created directory `/usr/mscpanel' `mscheck.pl' -> `/usr/mscpanel/./mscheck.pl' `mscpanel.pl' -> `/usr/mscpanel/./mscpanel.pl' `msswitch.pl' -> `/usr/mscpanel/./msswitch.pl' `version.txt' -> `/usr/mscpanel/./version.txt' `exim.init' -> `/usr/mscpanel/./exim.init' mode of `/usr/mscpanel/mscpanel.pl' changed to 0700 (rwx------) mode of `/usr/mscpanel/mscheck.pl' changed to 0700 (rwx------) mode of `/usr/mscpanel/msswitch.pl' changed to 0700 (rwx------) Shutting down exim: [ OK ] Shutting down antirelayd: [ OK ] Shutting down spamd: [ OK ] Starting exim: [ OK ] Starting exim-outgoing: [ OK ] Starting exim-smtps: [ OK ] Starting antirelayd: [ OK ] Starting spamd: [22397] info: config: dcc_path "/usr/local/bin/dccproc" isn't an executable [22397] info: config: SpamAssassin failed to parse line, "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: dcc_path /usr/local/bin/dccproc [ OK ] Stopping chkservd: [ OK ] Starting chkservd: [ OK ] Removing old scripts if they exist... ----------- This is the output of MailScanner -v [root@testsrv msinstall]# /usr/mailscanner/bin/MailScanner -v Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line 79. Can somebosy help me please? Thanks in advance and sorry for my english, is not perfect =) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071202/558c3cd9/attachment.html From glenn.steen at gmail.com Sun Dec 2 12:11:03 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 2 12:11:06 2007 Subject: Can't block wmv files In-Reply-To: <47529225.9060500@vanderkooij.org> References: <392617.38195.qm@web33306.mail.mud.yahoo.com> <47529225.9060500@vanderkooij.org> Message-ID: <223f97700712020411p315084c0o7342facedad9f162@mail.gmail.com> On 02/12/2007, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michael Mansour wrote: > > Hi, > > > > I'm using: > > > > mailscanner-4.65.3-1.noarch > > > > and trying to block various movie files for a domain. > > > > I have done this sort of setup numerous times for other domains and it > > all works fine, but for this one particular domain I cannot get it to > > work. wmv's, avi's, mpg's, etc all pass through. > > First off. You never told us the difference with the other domains. > While it may seem irrelevant to you the exact samples wil propably be > very relevant. Can you packup the whole set of files and make it > available? It will definitly beat the snippets you post in the messages > as important information might get lost. > > At one time I have been staring months on some odd behaviour. > > I finaly removed a set of lines and retyped as they appeared and to > problems was gone. I did a diff to a backup file and there was a literal > backspace character in the config file which I never noticed before. > > Hugo. > Haven't we all done more or less the same at some time...?:-):-) One thing Michael, ISTR you saying you used vi to edit the files... in some quirky set of circumstance vi may miss such a thing as a non-printable... "od" is your friend;-). If it works on some hosts (that seem to be identical) and not on this one... Either they aren't as similar as you think, or there is a difference (that matters...) in the config files. Don't give up.... yet!-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Sun Dec 2 12:14:04 2007 From: uxbod at splatnix.net (UxBoD) Date: Sun Dec 2 12:14:16 2007 Subject: OT: Mirrored or RAID5 Message-ID: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> Hi, I am just about to reinstall my home server with Centos5 and not sure the best configuration for the disks. I have a 3Ware 9550SX Hardware RAID card with four 200GB drives in hot swap bays. Currently I have two 200GB mirrored RAID sets, one for O/S and the other for data. I am thinking about recreating the RAID set as one big RAID5 so that I can maximize the data area as only 10% is used in the O/S area. How does this approach sound ? The server is a dual Opteron 250 with 6GB RAM. Any help appreciated. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Dec 2 12:57:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 2 12:57:24 2007 Subject: OT: Mirrored or RAID5 In-Reply-To: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> References: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> Message-ID: <223f97700712020457u7c9c0806u897f150fb0bdbd72@mail.gmail.com> On 02/12/2007, UxBoD wrote: > Hi, > > I am just about to reinstall my home server with Centos5 and not sure the best configuration for the disks. I have a 3Ware 9550SX Hardware RAID card with four 200GB drives in hot swap bays. Currently I have two 200GB mirrored RAID sets, one for O/S and the other for data. I am thinking about recreating the RAID set as one big RAID5 so that I can maximize the data area as only 10% is used in the O/S area. > > How does this approach sound ? The server is a dual Opteron 250 with 6GB RAM. Any help appreciated. > > Regards, > >From a performance perspective striping (without checksum) is fastest, but since you have no "security" you will make the likelihood of a failure much larger. R1 gives better performance than R5, for both writes and reads. Combining striping (sometimes called R0) with mirroring (called R1+0) will give you the best performance. As a stopgap, you can have a large cache on your Raid controller, in which case small I/O loads will never really depend on the disks, so then an R5 can be acceptable. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From cleveland at winnefox.org Sun Dec 2 14:07:17 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Sun Dec 2 14:07:21 2007 Subject: Mail queue is about an hour behind In-Reply-To: <474C6364.60107@fsl.com> Message-ID: Hello, Thank you so much for your help! On 11/27/07 12:35 PM, "Steve Freegard" wrote: > 1) run MailScanner *and* SpamAssassin in debug mode as it will give you > more clues than just the above output (MailScanner --debug --debug-sa). > > Look for timeouts in Razor/Pyzor/DCC/RBL/URIBLs and Bayes. I didn't see any timeouts for those, but I did get several errors, including these: [7149] dbg: bayes: no dbs present, cannot tie DB R/O: /var/spool/postfix/.spamassassin/bayes_toks [7201] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [7201] dbg: razor2: razor2 is not available > 2) I would guess from the above output that you are using MCP? - if so, > consider moving all your MCP rules into the main SpamAssassin run > instead as MCP really is a performance killer as MailScanner has to > reload SpamAssassin for each message (slow...) Yes, I am. Where is the main SpamAssassin run/what directory do I move them to? > 3) Check your primary nameserver listed in /etc/resolv.conf and make > sure the 1st server in the list is responding quickly (and consider > using a local caching nameserver if you aren't already). Ah, I just spoke with the network admin, and he changed the ip address. I just changed it to what he had, so hopefully that will make a difference. > 4) Make sure that you haven't been blocked by Spamhaus - run: > > host 2.0.0.127.zen.spamhaus.org > > And make sure you don't get a timeout. Nope. No timeout. Thanks again to everyone helping me with this problem! - jody From micoots at yahoo.com Sun Dec 2 14:56:33 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Dec 2 14:56:36 2007 Subject: Can't block wmv files In-Reply-To: <47529225.9060500@vanderkooij.org> Message-ID: <122566.5188.qm@web33308.mail.mud.yahoo.com> Hi Hugo, --- Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michael Mansour wrote: > > Hi, > > > > I'm using: > > > > mailscanner-4.65.3-1.noarch > > > > and trying to block various movie files for a > domain. > > > > I have done this sort of setup numerous times for > other domains and it > > all works fine, but for this one particular domain > I cannot get it to > > work. wmv's, avi's, mpg's, etc all pass through. > > First off. You never told us the difference with the > other domains. The email above was the "initial" look at this problem, since then I have determined that it's not domain specific but site-wide ie. I can't block ANY files at this point. What I did to confirm this was copy: filename.rules.conf to filename.rules.allowall.conf and filetype.rules.conf to filetype.rules.allowall.conf which guarantees all domains will have some sort of filtering of attachments in place, but files that are meant to be denied are still let through. I also remove any of the 127.0.0.1 entries I had in place for some of the rules files like dangerous.content.scanning etc and these removals also made no difference. Basically, this is now a very serious problem as all email domains we host for don't get any denied attachments. I find it hard to believe I'm the only one suffering from this problem as I've been running MailScanner for many years, I know it very well, and these filename and filetype rules have worked for many years, and the server environment I run (Red Hat 4 based) is not uncommon. I only noticed this problem when a client requested that more blocks be put into place for his domain. I wonder if others have tested it themselves to see if it's still working for them? > While it may seem irrelevant to you the exact > samples wil propably be > very relevant. Can you packup the whole set of > files and make it I'm happy to make it available to you Hugo, I'll pack my configs on one of the servers up for you and email you directly. > available? It will definitly beat the snippets you > post in the messages > as important information might get lost. > > At one time I have been staring months on some odd > behaviour. > > I finaly removed a set of lines and retyped as they > appeared and to > problems was gone. I did a diff to a backup file and > there was a literal > backspace character in the config file which I never > noticed before. I've spent a week on this already and well over 24 hours (cumulative) trouble-shooting it, and I'm still no closer to solving the problem. I even downgraded tonight one of the mail servers to 4.64.3 and deny's are still ignored. I'll email you shortly. Michael. > Hugo. > > - -- > hvdkooij@vanderkooij.org > http://hugo.vanderkooij.org/ > PGP/GPG? Use: > http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of > conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those > images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD4DBQFHUpIiBvzDRVjxmYERAr69AKCYGqL6sqpG27XAHt5+BzcTxWYQJwCXYlxb > 0GRqmoZ58GLqbIWClavLWg== > =pQ+n > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From micoots at yahoo.com Sun Dec 2 15:00:14 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Dec 2 15:00:19 2007 Subject: Can't block wmv files In-Reply-To: <223f97700712020411p315084c0o7342facedad9f162@mail.gmail.com> Message-ID: <619299.52107.qm@web33313.mail.mud.yahoo.com> Hi Glenn, --- Glenn Steen wrote: > On 02/12/2007, Hugo van der Kooij > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Michael Mansour wrote: > > > Hi, > > > > > > I'm using: > > > > > > mailscanner-4.65.3-1.noarch > > > > > > and trying to block various movie files for a > domain. > > > > > > I have done this sort of setup numerous times > for other domains and it > > > all works fine, but for this one particular > domain I cannot get it to > > > work. wmv's, avi's, mpg's, etc all pass through. > > > > First off. You never told us the difference with > the other domains. > > While it may seem irrelevant to you the exact > samples wil propably be > > very relevant. Can you packup the whole set of > files and make it > > available? It will definitly beat the snippets you > post in the messages > > as important information might get lost. > > > > At one time I have been staring months on some odd > behaviour. > > > > I finaly removed a set of lines and retyped as > they appeared and to > > problems was gone. I did a diff to a backup file > and there was a literal > > backspace character in the config file which I > never noticed before. > > > > Hugo. > > > Haven't we all done more or less the same at some > time...?:-):-) Well, if this is the case for me (I doubt it as I copy config files from prior setups) it'll be the first time :) > One thing Michael, ISTR you saying you used vi to > edit the files... in > some quirky set of circumstance vi may miss such a > thing as a > non-printable... "od" is your friend;-). I'll send you and Hugo my config files privately so you can take a look. > If it works on some hosts (that seem to be > identical) and not on this > one... Either they aren't as similar as you think, > or there is a > difference (that matters...) in the config files. > Don't give up.... yet!-):-) Originally I never said hosts, only one domain. But since then I have discovered that the deny rules don't work for any domains that are hosted. The priority in solving this urgently has just gone up a notch for me. Regards, Michael. > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From jan-peter at koopmann.eu Sun Dec 2 16:11:14 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sun Dec 2 16:09:51 2007 Subject: OT: Mirrored or RAID5 In-Reply-To: <223f97700712020457u7c9c0806u897f150fb0bdbd72@mail.gmail.com> References: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> <223f97700712020457u7c9c0806u897f150fb0bdbd72@mail.gmail.com> Message-ID: <5F9EB2B0731E5B4D88FC20780DFD1610089172@DE-SEXB01RZ.intern.seceidos.de> > R1 gives better performance than R5, for both > writes and reads. Combining striping (sometimes called R0) with > mirroring (called R1+0) will give you the best performance. > As a stopgap, you can have a large cache on your Raid controller, in > which case small I/O loads will never really depend on the disks, so > then an R5 can be acceptable. I do not think this is true in all cases. It really depends on your hardware and what kind of data is read. If you have a really good RAID controller it will do the RAID5 checksums wire-speed. In that case having many hard disks can and will give you better performance than "just" two disks and a RAID-1 set, depending on the discs etc. Reading from 10 disks will give you quite a throughput. :-) Moreover RAID-5 is quite good in reading chunks of data in multi-user environments. I agree though: A 10 disk RAID-10 will probably outperform a 10 disk RAID-5 in most cases. From ssilva at sgvwater.com Sun Dec 2 20:50:18 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Dec 2 20:51:48 2007 Subject: Can't block wmv files In-Reply-To: <612855.55241.qm@web33315.mail.mud.yahoo.com> References: <474C4532.5040600@ecs.soton.ac.uk> <612855.55241.qm@web33315.mail.mud.yahoo.com> Message-ID: on 11/27/2007 7:56 PM Michael Mansour spake the following: > Hi Julian, > > */Julian Field /* wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > shuttlebox wrote: > > On Nov 27, 2007 3:08 PM, Michael Mansour wrote: > > > >> %etc-dir%/example.com.filename.rules: > >> > >> and %etc-dir%/example.com.filetype.rules: > >> > > > > Those filenames don't match what you have in your rulesets, note the > > missing .conf at the end: > > > >> FromOrTo: *@example.com > >> /etc/MailScanner/example.com.filename.rules.conf > >> FromOrTo: default /etc/MailScanner/filename.rules .conf > >> > >> FromOrTo: *@example.com > >> /etc/MailScanner/example.com.filetype.rules.conf > >> FromOrTo: default /etc/MailScanner/filetype.rules.conf > >> > > > > Also, you do have tabs as whitespace in both files and no strange > > end-of-lines, common if you edit the files in Windows? > > > The only places you need tabs instead of spaces are in the > example.com.filetype/name.rules.conf and filetype/name.rules.conf files. > You can use any whitespace in *.rules files. > > Any ideas why the movie files still get through? > > Is there some sort of MailScanner command I could use in debug mode or > similar which I can input an email or attachment and see why MailScanner > let the message or file through? > > This setup works for so many other domains I host for, just not this > particular one? > > Michael. > > Jules Does mailscanner.conf have the correct path to file command? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sun Dec 2 20:58:13 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Dec 2 20:59:03 2007 Subject: OT: Mirrored or RAID5 In-Reply-To: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> References: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> Message-ID: on 12/2/2007 4:14 AM UxBoD spake the following: > Hi, > > I am just about to reinstall my home server with Centos5 and not sure the best configuration for the disks. I have a 3Ware 9550SX Hardware RAID card with four 200GB drives in hot swap bays. Currently I have two 200GB mirrored RAID sets, one for O/S and the other for data. I am thinking about recreating the RAID set as one big RAID5 so that I can maximize the data area as only 10% is used in the O/S area. > > How does this approach sound ? The server is a dual Opteron 250 with 6GB RAM. Any help appreciated. > > Regards, > If you want to keep the raid 1 and maximize the data set, you can always use LVM over the raid arrays. That way you can use the space however you want to. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ajos1 at onion.demon.co.uk Sun Dec 2 21:11:03 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Dec 2 21:11:06 2007 Subject: MailTools Error... Message-ID: - I have sent a short report to the the MailTool's maintainer... in case it is his/her error... Below are some simple tests/updates I did... ================================= 1.77 works okay... 2.01 installed - MailScanner has errors 2.02 installed - Mailscanner still has errors... ================================= [root@onion perl_ext]# perl modtest.pl Mail::Mailer Module: Mail::Mailer - 1.77 (0) [root@onion perl_ext]# MailScanner -v | head -20 Running on Linux onion.demon.co.uk 2.6.20-2931.fc7xen #1 SMP Mon Aug 13 10:12:37 EDT 2007 i686 athlon i386 GNU/Linux This is Fedora release 7 (Moonshine) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.65.3 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path ================================== [root@onion perl_ext]# perl modtest.pl Mail::Mailer Module: Mail::Mailer - 2.01 (0) [root@onion perl_ext]# MailScanner -v | head -20 Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. ================================== [root@onion perl_ext]# perl modtest.pl Mail::Mailer Module: Mail::Mailer - 2.02 (0) [root@onion perl_ext]# MailScanner -v | head -20 Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. ================================== From glenn.steen at gmail.com Sun Dec 2 21:18:41 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 2 21:18:47 2007 Subject: Mail queue is about an hour behind In-Reply-To: References: <474C6364.60107@fsl.com> Message-ID: <223f97700712021318j6dddf787s50108d5345dd06a7@mail.gmail.com> On 02/12/2007, Jody Cleveland wrote: > Hello, > > Thank you so much for your help! > > > On 11/27/07 12:35 PM, "Steve Freegard" wrote: > > > 1) run MailScanner *and* SpamAssassin in debug mode as it will give you > > more clues than just the above output (MailScanner --debug --debug-sa). > > > > Look for timeouts in Razor/Pyzor/DCC/RBL/URIBLs and Bayes. > > I didn't see any timeouts for those, but I did get several errors, including > these: > > [7149] dbg: bayes: no dbs present, cannot tie DB R/O: > /var/spool/postfix/.spamassassin/bayes_toks Hm, this is because the postfix user can't write to its home dir---- Either make the necessary directores (and make them writable) or make the necessary changes to mailscanner.cf/spam.assasin.prefs.conf so that SA/the plugins know where to put 'em. > [7201] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [7201] dbg: razor2: razor2 is not available Same here.... > > 2) I would guess from the above output that you are using MCP? - if so, > > consider moving all your MCP rules into the main SpamAssassin run > > instead as MCP really is a performance killer as MailScanner has to > > reload SpamAssassin for each message (slow...) > > Yes, I am. Where is the main SpamAssassin run/what directory do I move them > to? You can always put your own .cf files in /etc/mail/spamassassin ... even if it pulls everything else from an sa-update dir, it'll read/use that. > > 3) Check your primary nameserver listed in /etc/resolv.conf and make > > sure the 1st server in the list is responding quickly (and consider > > using a local caching nameserver if you aren't already). > > Ah, I just spoke with the network admin, and he changed the ip address. I > just changed it to what he had, so hopefully that will make a difference. > > > 4) Make sure that you haven't been blocked by Spamhaus - run: > > > > host 2.0.0.127.zen.spamhaus.org > > > > And make sure you don't get a timeout. > > Nope. No timeout. > > Thanks again to everyone helping me with this problem! > > - jody > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Dec 2 21:35:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 2 21:36:00 2007 Subject: OT: Mirrored or RAID5 In-Reply-To: <5F9EB2B0731E5B4D88FC20780DFD1610089172@DE-SEXB01RZ.intern.seceidos.de> References: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> <223f97700712020457u7c9c0806u897f150fb0bdbd72@mail.gmail.com> <5F9EB2B0731E5B4D88FC20780DFD1610089172@DE-SEXB01RZ.intern.seceidos.de> Message-ID: <223f97700712021335h21ebcdbcr35a1c4dd00bb92be@mail.gmail.com> On 02/12/2007, Koopmann, Jan-Peter wrote: > > R1 gives better performance than R5, for both > > writes and reads. Combining striping (sometimes called R0) with > > mirroring (called R1+0) will give you the best performance. > > As a stopgap, you can have a large cache on your Raid controller, in > > which case small I/O loads will never really depend on the disks, so > > then an R5 can be acceptable. > > I do not think this is true in all cases. It really depends on your > hardware and what kind of data is read. If you have a really good RAID > controller it will do the RAID5 checksums wire-speed. In that case > having many hard disks can and will give you better performance than > "just" two disks and a RAID-1 set, depending on the discs etc. Reading > from 10 disks will give you quite a throughput. :-) Moreover RAID-5 is > quite good in reading chunks of data in multi-user environments. > > I agree though: A 10 disk RAID-10 will probably outperform a 10 disk > RAID-5 in most cases. > I have only confirmed this with EMC storage/controllers, so true, you might be right that _some_ configurations of R5 <> R1 will differ a bit on reads. On writes though, R5 will likely lose. And R1+0 will win the day any time. All depending on the amount of spindles, of course. For MS use, this is highly hypothetical, since MS hardly puts much load on the disks.... Not like a very active DB;-). As a rule of thumb, the "avoid R5, if you can" isn't far of the mark though. But in Phils case, he has a situation where utilisation on one R1 is really low, and then he might want to make it all one big happy R1+0 (speedy, but costly) or ane slightly slower R5.... Which might bd just fine... I'm just sharing my views here:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Dec 2 21:40:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 2 21:40:56 2007 Subject: OT: Mirrored or RAID5 In-Reply-To: References: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> Message-ID: <223f97700712021340s3212d8b7mdf2804a8e0d62854@mail.gmail.com> On 02/12/2007, Scott Silva wrote: > on 12/2/2007 4:14 AM UxBoD spake the following: > > Hi, > > > > I am just about to reinstall my home server with Centos5 and not sure the best configuration for the disks. I have a 3Ware 9550SX Hardware RAID card with four 200GB drives in hot swap bays. Currently I have two 200GB mirrored RAID sets, one for O/S and the other for data. I am thinking about recreating the RAID set as one big RAID5 so that I can maximize the data area as only 10% is used in the O/S area. > > > > How does this approach sound ? The server is a dual Opteron 250 with 6GB RAM. Any help appreciated. > > > > Regards, > > > If you want to keep the raid 1 and maximize the data set, you can always use > LVM over the raid arrays. That way you can use the space however you want to. > Software Rsomething or plain striping or .... Ok, sure, you can do that.... In fact, I do so to improve read performance on some DBs... HW R1s doing SW R1... costly, but really good read performance:-):-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jaearick at colby.edu Sun Dec 2 21:45:00 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun Dec 2 21:45:10 2007 Subject: OT: cut off by spamhaus free use? Message-ID: Gang, Has anybody ever had SpamHaus cut off the free use of DNSBL for your site? All of our inbound email started getting this: reject=451 4.4.3 Temporary lookup failure of [IP number] at zen.spamhaus.org on Saturday morning. I removed Zen usage from my sendmail config and my email started flowing in again. I looked at their usage page (http://www.spamhaus.org/organization/dnsblusage.html) and believe I meet their qualifications (I use caching DNS on our sendmail box too). But maybe they disagree; I haven't heard back. Anybody else ever had the rug pulled out from under their email? BTW, MailScanner and SpamAssassin are doing a great job of killing spam, even without any DNSBL in the mix. Today's numbers so far: Total messages scanned: 23070 Total spams tagged: 12240 Total spams delivered: 715 Total spams deleted: 11612 Way to go Julian! We hope you get your new liver for Christmas too. Jeff Earickson Colby College From ajos1 at onion.demon.co.uk Sun Dec 2 21:47:34 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Dec 2 21:47:39 2007 Subject: MailTools and MailScanner... Message-ID: - The reply back is: ============================ From: mark@zzzzzzzz to ajos1@zzzzzzzz Date: Sun, 2 Dec 2007 22:35:59 +0100 Subject: ajos1 - Re: MailTools and MailScanner... CC/Multi-To: (none) Attachments: (none) * ajos1@zzzzzzzz (ajos1@zzzzzzzz) [071202 21:07]: > Not sure if you use MailScanner or not... No, never heard of it. Don't know where it is kept (not on CPAN). > Since MailTools 2.01 - We have an error... and we are not sure if it > is a MailTools problem or a MailScanner problem... See the message at > the end... The MailTools 2.xx code is a massive clean-up. One of the things which changed, is a stricter use of clean coding techniques. > [root@onion perl_ext]# MailScanner -v | head -20 > Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Understandable. Yes an effect of my cleanups. > package Mail::Header; > $arr->[1] =~ /\A$FIELD_NAME/o; Something very bad is happening here: code is added to an existing module. This code should either be added in the core Mail::Header package OR should be added using the OO extension mechanism. The author of the mailscanner has to clean-up his code, IMO. I could export the $FIELD_NAME, but preferrably not. -- Regards, MarkOv ============================ From prandal at herefordshire.gov.uk Sun Dec 2 22:03:34 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Sun Dec 2 22:03:43 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF3C@HC-MBX02.herefordshire.gov.uk> Replace zen.spamhaus.org with cbl.abuseat.org at the sendmail level. and in /etc/MailScanner/spam.assassin.prefs.conf add: score __RCVD_IN_ZEN 0.0 score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 score RCVD_IN_PBL 0.0 score URIBL_SBL 0.0 Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson Sent: 02 December 2007 21:45 To: mailscanner mailing list Subject: OT: cut off by spamhaus free use? Gang, Has anybody ever had SpamHaus cut off the free use of DNSBL for your site? All of our inbound email started getting this: reject=451 4.4.3 Temporary lookup failure of [IP number] at zen.spamhaus.org on Saturday morning. I removed Zen usage from my sendmail config and my email started flowing in again. I looked at their usage page (http://www.spamhaus.org/organization/dnsblusage.html) and believe I meet their qualifications (I use caching DNS on our sendmail box too). But maybe they disagree; I haven't heard back. Anybody else ever had the rug pulled out from under their email? BTW, MailScanner and SpamAssassin are doing a great job of killing spam, even without any DNSBL in the mix. Today's numbers so far: Total messages scanned: 23070 Total spams tagged: 12240 Total spams delivered: 715 Total spams deleted: 11612 Way to go Julian! We hope you get your new liver for Christmas too. Jeff Earickson Colby College -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Dec 2 22:04:09 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 2 22:04:16 2007 Subject: OT: cut off by spamhaus free use? In-Reply-To: References: Message-ID: <223f97700712021404r7f181a1di26923e10d3d2d759@mail.gmail.com> On 02/12/2007, Jeff A. Earickson wrote: > Gang, > > Has anybody ever had SpamHaus cut off the free use of DNSBL > for your site? All of our inbound email started getting this: > > reject=451 4.4.3 Temporary lookup failure of [IP number] at zen.spamhaus.org > > on Saturday morning. I removed Zen usage from my sendmail > config and my email started flowing in again. I looked at their > usage page (http://www.spamhaus.org/organization/dnsblusage.html) > and believe I meet their qualifications (I use caching DNS on our > sendmail box too). But maybe they disagree; I haven't heard back. > > Anybody else ever had the rug pulled out from under their email? > > BTW, MailScanner and SpamAssassin are doing a great job of killing > spam, even without any DNSBL in the mix. Today's numbers so far: > > Total messages scanned: 23070 > Total spams tagged: 12240 > Total spams delivered: 715 > Total spams deleted: 11612 > > Way to go Julian! We hope you get your new liver for Christmas too. > > Jeff Earickson > Colby College Several have reported this. Some have been able to pinpoint this to the use of forwarders (that is, their ISP got blocked), some haven't.... In which case they seem to be doing excessive lookups to the volume they have, or.... Spamhaus simply is mistaken... And where are you supposed to complain then...?:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mike at tc3net.com Sun Dec 2 22:20:07 2007 From: mike at tc3net.com (Michael Baird) Date: Sun Dec 2 22:06:10 2007 Subject: OT: cut off by spamhaus free use? In-Reply-To: References: Message-ID: <1196634008.9978.18.camel@drwho-desktop> Yes, don't sign up for the free trial, they will shut your whole netblock off after the trial period. Regards Michael Baird On Sun, 2007-12-02 at 16:45 -0500, Jeff A. Earickson wrote: > Gang, > > Has anybody ever had SpamHaus cut off the free use of DNSBL > for your site? All of our inbound email started getting this: > > reject=451 4.4.3 Temporary lookup failure of [IP number] at zen.spamhaus.org > > on Saturday morning. I removed Zen usage from my sendmail > config and my email started flowing in again. I looked at their > usage page (http://www.spamhaus.org/organization/dnsblusage.html) > and believe I meet their qualifications (I use caching DNS on our > sendmail box too). But maybe they disagree; I haven't heard back. > > Anybody else ever had the rug pulled out from under their email? > > BTW, MailScanner and SpamAssassin are doing a great job of killing > spam, even without any DNSBL in the mix. Today's numbers so far: > > Total messages scanned: 23070 > Total spams tagged: 12240 > Total spams delivered: 715 > Total spams deleted: 11612 > > Way to go Julian! We hope you get your new liver for Christmas too. > > Jeff Earickson > Colby College From Jeff.Mills at versacold.com.au Sun Dec 2 22:07:43 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Sun Dec 2 22:08:13 2007 Subject: cut off by spamhaus free use? Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff A. Earickson > Sent: Monday, 3 December 2007 8:45 AM > To: mailscanner mailing list > Subject: OT: cut off by spamhaus free use? > > Gang, > > Has anybody ever had SpamHaus cut off the free use of DNSBL > for your site? All of our inbound email started getting this: > > reject=451 4.4.3 Temporary lookup failure of [IP number] at > zen.spamhaus.org > > on Saturday morning. I removed Zen usage from my sendmail > config and my email started flowing in again. I looked at > their usage page > (http://www.spamhaus.org/organization/dnsblusage.html) > and believe I meet their qualifications (I use caching DNS on > our sendmail box too). But maybe they disagree; I haven't heard back. > > Anybody else ever had the rug pulled out from under their email? Yes it happened to one of my installs. Unfortunately, somebody had used their domain name in a spam attack, so the server got thousands of extra inbound emails. It was enough for spamhaus to block the servers. From ssilva at sgvwater.com Mon Dec 3 00:32:13 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 3 00:32:26 2007 Subject: OT: cut off by spamhaus free use? In-Reply-To: References: Message-ID: on 12/2/2007 1:45 PM Jeff A. Earickson spake the following: > Gang, > > Has anybody ever had SpamHaus cut off the free use of DNSBL > for your site? All of our inbound email started getting this: > > reject=451 4.4.3 Temporary lookup failure of [IP number] at > zen.spamhaus.org > > on Saturday morning. I removed Zen usage from my sendmail config and my > email started flowing in again. I looked at their usage page > (http://www.spamhaus.org/organization/dnsblusage.html) > and believe I meet their qualifications (I use caching DNS on our > sendmail box too). But maybe they disagree; I haven't heard back. > > Anybody else ever had the rug pulled out from under their email? > > BTW, MailScanner and SpamAssassin are doing a great job of killing > spam, even without any DNSBL in the mix. Today's numbers so far: > > Total messages scanned: 23070 > Total spams tagged: 12240 > Total spams delivered: 715 > Total spams deleted: 11612 > > Way to go Julian! We hope you get your new liver for Christmas too. > > Jeff Earickson > Colby College I got cut off in october, but I didn't have fails, just weird mail problems with some senders. I also look like I am below the threshold, but I had a spam storm about then that must have thrown me over. Plus, spamassasssin by default does multiple lookups to the base lists, and I am assuming that every lookup counts. I have since added 4 or 5 other rbl's to get about the same removal rate. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Dec 3 00:33:43 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 3 00:35:08 2007 Subject: OT: cut off by spamhaus free use? In-Reply-To: <223f97700712021404r7f181a1di26923e10d3d2d759@mail.gmail.com> References: <223f97700712021404r7f181a1di26923e10d3d2d759@mail.gmail.com> Message-ID: on 12/2/2007 2:04 PM Glenn Steen spake the following: > On 02/12/2007, Jeff A. Earickson wrote: >> Gang, >> >> Has anybody ever had SpamHaus cut off the free use of DNSBL >> for your site? All of our inbound email started getting this: >> >> reject=451 4.4.3 Temporary lookup failure of [IP number] at zen.spamhaus.org >> >> on Saturday morning. I removed Zen usage from my sendmail >> config and my email started flowing in again. I looked at their >> usage page (http://www.spamhaus.org/organization/dnsblusage.html) >> and believe I meet their qualifications (I use caching DNS on our >> sendmail box too). But maybe they disagree; I haven't heard back. >> >> Anybody else ever had the rug pulled out from under their email? >> >> BTW, MailScanner and SpamAssassin are doing a great job of killing >> spam, even without any DNSBL in the mix. Today's numbers so far: >> >> Total messages scanned: 23070 >> Total spams tagged: 12240 >> Total spams delivered: 715 >> Total spams deleted: 11612 >> >> Way to go Julian! We hope you get your new liver for Christmas too. >> >> Jeff Earickson >> Colby College > > Several have reported this. Some have been able to pinpoint this to > the use of forwarders (that is, their ISP got blocked), some > haven't.... In which case they seem to be doing excessive lookups to > the volume they have, or.... Spamhaus simply is mistaken... And where > are you supposed to complain then...?:-) > > Cheers I complained to their e-mail address, but I am not holding my breath. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Dec 3 00:36:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 3 00:40:25 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: on 12/2/2007 2:07 PM Jeff Mills spake the following: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Jeff A. Earickson >> Sent: Monday, 3 December 2007 8:45 AM >> To: mailscanner mailing list >> Subject: OT: cut off by spamhaus free use? >> >> Gang, >> >> Has anybody ever had SpamHaus cut off the free use of DNSBL >> for your site? All of our inbound email started getting this: >> >> reject=451 4.4.3 Temporary lookup failure of [IP number] at >> zen.spamhaus.org >> >> on Saturday morning. I removed Zen usage from my sendmail >> config and my email started flowing in again. I looked at >> their usage page >> (http://www.spamhaus.org/organization/dnsblusage.html) >> and believe I meet their qualifications (I use caching DNS on >> our sendmail box too). But maybe they disagree; I haven't heard back. >> >> Anybody else ever had the rug pulled out from under their email? > > Yes it happened to one of my installs. Unfortunately, somebody had used > their domain name in a spam attack, so the server got thousands of extra > inbound emails. It was enough for spamhaus to block the servers. > And it appears that it is an automated process to be blocked, but only a manual unblock. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From peter at farrows.org Mon Dec 3 01:51:46 2007 From: peter at farrows.org (Peter Farrow) Date: Mon Dec 3 01:51:59 2007 Subject: Problem with MailScanner looping and cliaming spamassassin cache hits on every message Message-ID: <47536132.8020907@farrows.org> Hi There, Out of the blue my MailScanner stopped working, queuing mail on the in queue and looping over and over again adding each message to the spamassassin cache it would seem. ps aux | grep MailScanner gives a list of defunct mailscanners that constantly changes. no mail is ever delivered out of the in queue which just grows, and a check_mailscanner ends with this error: Can't call method "bodyhandle" on an undefined value at /usr/lib/MailScanner/MailScanner/TNEF.pm line 82. MailScanner -v gives: This is CentOS release 4.5 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.54.6 I cannot seem to get around this problem , can't seem to fix it, it just appeared last night and the machine quit delivering mail, MailScanner loops and the in queue grows. Any help would be appreciated... Pete From bfebrian.mailscanner at indomino.net Mon Dec 3 02:25:09 2007 From: bfebrian.mailscanner at indomino.net (Budi Febrianto) Date: Mon Dec 3 02:25:26 2007 Subject: Spamhaus replacement Message-ID: <47536905.8040903@indomino.net> Right now we only use zen.spamhaus.org and happy so far, but because spamhaus is not free anymore, now I want some recommendation for others dnsbl. Temporarily I plan to move it to others dnsbl while I do some administrative task to explain to our management that spamhaus is not free anymore. Some search I found that I can use these dnsbls cbl.abuseat.org bl.spamcop.net dialups.mail-abuse.org I'm looking for dnsbl that know to be safe, because I want to place it in our sendmail, and the rest of spam will be taken care with mailscanner. TIA. --- Budi Febrianto From ugob at lubik.ca Mon Dec 3 02:34:39 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Dec 3 02:35:06 2007 Subject: Problem with MailScanner looping and cliaming spamassassin cache hits on every message In-Reply-To: <47536132.8020907@farrows.org> References: <47536132.8020907@farrows.org> Message-ID: Peter Farrow wrote: > Hi There, > > Out of the blue my MailScanner stopped working, queuing mail on the in > queue and looping over and over again adding each message to the > spamassassin cache it would seem. > > ps aux | grep MailScanner gives a list of defunct mailscanners that > constantly changes. > > no mail is ever delivered out of the in queue which just grows, > > and a check_mailscanner ends with this error: > > Can't call method "bodyhandle" on an undefined value at > /usr/lib/MailScanner/MailScanner/TNEF.pm line 82. > > MailScanner -v gives: > > This is CentOS release 4.5 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.54.6 > > > I cannot seem to get around this problem , can't seem to fix it, it just > appeared last night and the machine quit delivering mail, MailScanner > loops and the in queue grows. > > Any help would be appreciated... > > Pete Was TNEF updated recently on your system? What do you have for TNEF Expander = ? Have you tried the internal one? If you don't want to create too much delays, you could use "Expand TNEF = no" until a real solution come in. Ugo From Jeff.Mills at versacold.com.au Mon Dec 3 03:22:00 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Mon Dec 3 03:22:16 2007 Subject: cut off by spamhaus free use? Message-ID: > > > > Yes it happened to one of my installs. Unfortunately, somebody had > > used their domain name in a spam attack, so the server got > thousands > > of extra inbound emails. It was enough for spamhaus to > block the servers. > > > And it appears that it is an automated process to be blocked, > but only a manual unblock. Yes! One of the things I have done in my servers is move the spamhaus list to the bottom of my list of RBL's. That way, spamhaus is only queried when none of the others match. I find that spamcop gets more than the others. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From peter at farrows.org Mon Dec 3 07:45:11 2007 From: peter at farrows.org (Peter Farrow) Date: Mon Dec 3 07:45:18 2007 Subject: Problem with MailScanner looping and cliaming spamassassin cache hits on every message In-Reply-To: References: <47536132.8020907@farrows.org> Message-ID: <4753B407.1000900@farrows.org> HiThere, if I put Expand TNEF=no the mailscanner debug now fails with: Can't call method "head" on an undefined value at /usr/lib/MailScanner/MailScanner/Message.pm line 1621. P Ugo Bellavance wrote: > Peter Farrow wrote: >> Hi There, >> >> Out of the blue my MailScanner stopped working, queuing mail on the >> in queue and looping over and over again adding each message to the >> spamassassin cache it would seem. >> >> ps aux | grep MailScanner gives a list of defunct mailscanners that >> constantly changes. >> >> no mail is ever delivered out of the in queue which just grows, >> >> and a check_mailscanner ends with this error: >> >> Can't call method "bodyhandle" on an undefined value at >> /usr/lib/MailScanner/MailScanner/TNEF.pm line 82. >> >> MailScanner -v gives: >> >> This is CentOS release 4.5 (Final) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.54.6 >> >> >> I cannot seem to get around this problem , can't seem to fix it, it >> just appeared last night and the machine quit delivering mail, >> MailScanner loops and the in queue grows. >> >> Any help would be appreciated... >> >> Pete > > Was TNEF updated recently on your system? > > What do you have for > > TNEF Expander = > > ? > > Have you tried the internal one? > > If you don't want to create too much delays, you could use "Expand > TNEF = no" until a real solution come in. > > Ugo > From glenn.steen at gmail.com Mon Dec 3 08:35:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Dec 3 08:35:44 2007 Subject: Can't block wmv files In-Reply-To: <122566.5188.qm@web33308.mail.mud.yahoo.com> References: <47529225.9060500@vanderkooij.org> <122566.5188.qm@web33308.mail.mud.yahoo.com> Message-ID: <223f97700712030035g466d75faqd089fb01a89f5e04@mail.gmail.com> On 02/12/2007, Michael Mansour wrote: > Hi Hugo, > > --- Hugo van der Kooij > wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Michael Mansour wrote: > > > Hi, > > > > > > I'm using: > > > > > > mailscanner-4.65.3-1.noarch > > > > > > and trying to block various movie files for a > > domain. > > > > > > I have done this sort of setup numerous times for > > other domains and it > > > all works fine, but for this one particular domain > > I cannot get it to > > > work. wmv's, avi's, mpg's, etc all pass through. > > > > First off. You never told us the difference with the > > other domains. > > The email above was the "initial" look at this > problem, since then I have determined that it's not > domain specific but site-wide ie. I can't block ANY > files at this point. > > What I did to confirm this was copy: > > filename.rules.conf to filename.rules.allowall.conf > > and > > filetype.rules.conf to filetype.rules.allowall.conf > > which guarantees all domains will have some sort of > filtering of attachments in place, but files that are > meant to be denied are still let through. > > I also remove any of the 127.0.0.1 entries I had in > place for some of the rules files like > dangerous.content.scanning etc and these removals also > made no difference. > > Basically, this is now a very serious problem as all > email domains we host for don't get any denied > attachments. > > I find it hard to believe I'm the only one suffering > from this problem as I've been running MailScanner for > many years, I know it very well, and these filename > and filetype rules have worked for many years, and the > server environment I run (Red Hat 4 based) is not > uncommon. > > I only noticed this problem when a client requested > that more blocks be put into place for his domain. > > I wonder if others have tested it themselves to see if > it's still working for them? > > > While it may seem irrelevant to you the exact > > samples wil propably be > > very relevant. Can you packup the whole set of > > files and make it > > I'm happy to make it available to you Hugo, I'll pack > my configs on one of the servers up for you and email > you directly. > > > available? It will definitly beat the snippets you > > post in the messages > > as important information might get lost. > > > > At one time I have been staring months on some odd > > behaviour. > > > > I finaly removed a set of lines and retyped as they > > appeared and to > > problems was gone. I did a diff to a backup file and > > there was a literal > > backspace character in the config file which I never > > noticed before. > > I've spent a week on this already and well over 24 > hours (cumulative) trouble-shooting it, and I'm still > no closer to solving the problem. > > I even downgraded tonight one of the mail servers to > 4.64.3 and deny's are still ignored. > > I'll email you shortly. > > Michael. > Hi Mic, i got the files fine (finally:-), but haven't looked at them yet. One thing though... Might this actually be the "don't scan already scanned" thing kicking in? Something you said in the private mail with the configs kind of lead me in that direction.... As I understand it, the "outward facing bastions" (mail2 and mail3) don't do the filetype/name scanning, just the mailstore...? Will go look at your setup now... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Dec 3 08:52:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Dec 3 08:52:48 2007 Subject: Problem with MailScanner looping and cliaming spamassassin cache hits on every message In-Reply-To: <4753B407.1000900@farrows.org> References: <47536132.8020907@farrows.org> <4753B407.1000900@farrows.org> Message-ID: <223f97700712030052yccd6638k4b8d17e344397279@mail.gmail.com> On 03/12/2007, Peter Farrow wrote: > HiThere, > > if I put Expand TNEF=no > > the mailscanner debug now fails with: > > Can't call method "head" on an undefined value at > /usr/lib/MailScanner/MailScanner/Message.pm line 1621. > > P I don't think your version of MS had the Expand TNEF setting...? It's not the same as TNEF Expander (which should be either "internal", the full path to an external command... or empty). You might try look through the inbound queue to find the message that is blocking and move that aside. Then I'd recommend that you upgrade MailScanner (a lot has happened to the TNEF code, IIRC), and perhaps get the latest tnef command as well. While you're at it, check the "sanity" of your SA cache with the "analyze_SpamAssassin_cache" command... If that errors out, simply stop MS (if running), remove the cache database and restart MS. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jflowers at ezo.net Mon Dec 3 08:54:58 2007 From: jflowers at ezo.net (Jim Flowers) Date: Mon Dec 3 08:54:29 2007 Subject: cut off by spamhaus free use? Message-ID: <20071203064958.M47016@ezo.net> FWIW, I have used spamhaus for quite some time now. One of my systems tops out at about 50,000 messages per day. So far they haven't given me any grief although they are the primary front-end dnsbl. Here's some grist for the mill: I am testing a sendmail front end configured with all of the spam/reject capabilities (including the zen.spamhaus dnsbl), however, it follows several milters (one of which uses the cbl.abuseat.net dnsbl). The load on zen.spamhaus is reduced considerably and the setup produces almost no false positives. Because this multi-domain server includes a particular domain that is the target of a distributed zombie PC spam/ddos attack, I have added some extra features to deal with the problem. The spammer is able to launch several hundreds of PCs at a time, throwing connections at this server at the rate of hundreds per second. The server logs are monitored by an IDS that tracks the frequency of blocking events. When a sendmail reject occurs or MailScanner determines that a message from a particular relay is high scoring spam they are counted and when a threshold is exceeded a firewall rule is added to either tarpit the relay or block it outright for a period of from one hour to 5 days. The IDS also monitors the tarpit server and if the attacker isn't stuck in the mod for at least a minute for each connection then it's converted into an outright block. The amount of time from the start of an attack to full blocking varies but is on the order of 11 to 40 seconds. Sounds complicated but not so difficult to achieve as it sounds. There are really great open-source tools around. And this domain has been a thorn in my side for a long time. Time will tell. For the moment, I'm happy that the messages handled by the processes running on this server have gone down from about 46,000/day to less than 6,000/day (40,000 die at the firewall or get discouraged and go away) and the server is loafing along with an average load of 0.15 (2 GHz AND/FreeBSD6.3) Certainly not for everybody but if you have large volume servers there may be some ideas here that you can use. Unfortunately, these attacks are increasing at an alarming rate. -- Jim Flowers Internet/USA, LLC MXGuardian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From goetz.reinicke at filmakademie.de Mon Dec 3 09:04:38 2007 From: goetz.reinicke at filmakademie.de (=?UTF-8?B?R8O2dHogUmVpbmlja2U=?=) Date: Mon Dec 3 09:04:46 2007 Subject: OT: Mirrored or RAID5 In-Reply-To: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> References: <12123285.9951196597644335.JavaMail.root@office.splatnix.net> Message-ID: <4753C6A6.10209@filmakademie.de> UxBoD schrieb: > Hi, > > I am just about to reinstall my home server with Centos5 and not sure the best configuration for the disks. I have a 3Ware 9550SX Hardware RAID card with four 200GB drives in hot swap bays. Currently I have two 200GB mirrored RAID sets, one for O/S and the other for data. I am thinking about recreating the RAID set as one big RAID5 so that I can maximize the data area as only 10% is used in the O/S area. > > How does this approach sound ? The server is a dual Opteron 250 with 6GB RAM. Any help appreciated. Hi, we have two 3Ware 9550SX (4 and 8 Disk-Version) used in a mail/lamp- and a fileserver. I use R5 and LVM to handle the partitionsize. The fact is, that the performance depends on a lot of situations and configration options; eg. 5 minutes ago I did a rw-test with bonnie++ on both systems while users are using the servers: The mailserver had a rw-performance in the first run from about 49MB read and 42MB write; in the second run (10 seconds after) 49MB read, 41MB write. (RH EL 5, Sendmail, Mailscanner, SA, MySQL, httpd for webmail, dovecot for imap/pop3 for 600 users - 10.000 Messages/day) The fileserver had 37MB write, 67MB read in the first run and 60MB write, 67MB read in the second. The controllers do have a lot of options to set, the cache could be different, the harddrives have different specs. So, if you need a realy fast setup, you will have to test a lot of configurations - if you want a simple, "avarage" setup, use R5 with LVM. BTW: How many mails / MBs / users will be expected? What services will run on the server? Regards G?tz Reinicke -- G?tz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Gesch?ftsf?hrer: Prof. Thomas Schadt From martinh at solidstatelogic.com Mon Dec 3 09:11:03 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Dec 3 09:11:16 2007 Subject: MailScanner on CPanel In-Reply-To: <9b6823b30712020320l7db5c2acx198786d022547c92@mail.gmail.com> Message-ID: Hi The Configserver setup is very specific to their environment. They change quite a few things (including version numbers!) within MailScanner to make it fit in their setup. Ask them as we don't know how they change the setup.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of double T > Sent: 02 December 2007 11:21 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner on CPanel > > Hi ! > > Following instructions from > http://www.configserver.com/free/mailscanner.html i just installed > mailscanner on a new CPanel server. In fact i wouldn't see it much > complicated :), the problem is that I'm new with CPanel and MailScanner, > coz i was workling untill now with Plesk and Qmail. Always wanted to try > MailScanner! > > The point is that when MailScanner script (install.sh) finished, i had > this error: > > ----------- > > Copying MailScanner/cPanel scripts... > > mkdir: created directory `/usr/mscpanel' > `mscheck.pl' -> `/usr/mscpanel/./mscheck.pl' > `mscpanel.pl' -> `/usr/mscpanel/./mscpanel.pl' > `msswitch.pl' -> `/usr/mscpanel/./msswitch.pl' > `version.txt' -> `/usr/mscpanel/./version.txt' > `exim.init' -> `/usr/mscpanel/./exim.init' > mode of `/usr/mscpanel/mscpanel.pl' changed to 0700 (rwx------) > mode of `/usr/mscpanel/mscheck.pl' changed to 0700 (rwx------) > mode of `/usr/mscpanel/msswitch.pl' changed to 0700 (rwx------) > > Shutting down exim: [ OK ] > Shutting down antirelayd: [ OK ] > Shutting down spamd: [ OK ] > Starting exim: [ OK ] > Starting exim-outgoing: [ OK ] > Starting exim-smtps: [ OK ] > Starting antirelayd: [ OK ] > Starting spamd: [22397] info: config: dcc_path "/usr/local/bin/dccproc" > isn't an executable > [22397] info: config: SpamAssassin failed to parse line, > "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: dcc_path > /usr/local/bin/dccproc > [ OK ] > Stopping chkservd: [ OK ] > Starting chkservd: [ OK ] > > Removing old scripts if they exist... > > ----------- > > > This is the output of MailScanner -v > > [root@testsrv msinstall]# /usr/mailscanner/bin/MailScanner -v > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/mailscanner/bin/MailScanner line > 79. > > Can somebosy help me please? > > Thanks in advance and sorry for my english, is not perfect =) > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From peter at farrows.org Mon Dec 3 09:11:38 2007 From: peter at farrows.org (Peter Farrow) Date: Mon Dec 3 09:11:53 2007 Subject: Problem with MailScanner looping and cliaming spamassassin cache hits on every message In-Reply-To: <223f97700712030052yccd6638k4b8d17e344397279@mail.gmail.com> References: <47536132.8020907@farrows.org> <4753B407.1000900@farrows.org> <223f97700712030052yccd6638k4b8d17e344397279@mail.gmail.com> Message-ID: <4753C84A.4040600@farrows.org> Hi There, I finally got round this.... I upgraded to the latest mailscanner, updated all the PERL libraries and everything and it works again (phew...) What concerns me is what broke it in the first place.... Thanks for the help! Pete Glenn Steen wrote: > On 03/12/2007, Peter Farrow wrote: > >> HiThere, >> >> if I put Expand TNEF=no >> >> the mailscanner debug now fails with: >> >> Can't call method "head" on an undefined value at >> /usr/lib/MailScanner/MailScanner/Message.pm line 1621. >> >> P >> > I don't think your version of MS had the Expand TNEF setting...? > It's not the same as TNEF Expander (which should be either "internal", > the full path to an external command... or empty). > > You might try look through the inbound queue to find the message that > is blocking and move that aside. > Then I'd recommend that you upgrade MailScanner (a lot has happened to > the TNEF code, IIRC), and perhaps get the latest tnef command as well. > > While you're at it, check the "sanity" of your SA cache with the > "analyze_SpamAssassin_cache" command... If that errors out, simply > stop MS (if running), remove the cache database and restart MS. > > Cheers > -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From goetz.reinicke at filmakademie.de Mon Dec 3 09:15:46 2007 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke?=) Date: Mon Dec 3 09:15:51 2007 Subject: Spamhaus replacement In-Reply-To: <47536905.8040903@indomino.net> References: <47536905.8040903@indomino.net> Message-ID: <4753C942.9060809@filmakademie.de> Budi Febrianto schrieb: > Right now we only use zen.spamhaus.org and happy so far, but because > spamhaus is not free anymore, now I want some recommendation for others > dnsbl. > Temporarily I plan to move it to others dnsbl while I do some > administrative task to explain to our management that spamhaus is not > free anymore. > > Some search I found that I can use these dnsbls > cbl.abuseat.org > bl.spamcop.net > dialups.mail-abuse.org > > I'm looking for dnsbl that know to be safe, because I want to place it > in our sendmail, and the rest of spam will be taken care with mailscanner. Maybe this sites are usefull too: Blacklists Compared 24 November 2007 http://www.sdsc.edu/~jeff/spam/cbc.html http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists /G?tz -- G?tz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Gesch?ftsf?hrer: Prof. Thomas Schadt From uxbod at splatnix.net Mon Dec 3 05:27:53 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Dec 3 09:55:14 2007 Subject: OT: Mirrored or RAID5 In-Reply-To: <4753C6A6.10209@filmakademie.de> Message-ID: <15366006.161196659673365.JavaMail.root@office.splatnix.net> Well after a very long night I have finished the reinstall and now on Centos5. Ended up sticking with RAID1 so I get the best performance and resilience for the sacrifice of some space. Thanks all :) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "G?tz Reinicke" To: "MailScanner discussion" Sent: Monday, December 3, 2007 9:04:38 AM (GMT) Europe/London Subject: Re: OT: Mirrored or RAID5 UxBoD schrieb: > Hi, > > I am just about to reinstall my home server with Centos5 and not sure the best configuration for the disks. I have a 3Ware 9550SX Hardware RAID card with four 200GB drives in hot swap bays. Currently I have two 200GB mirrored RAID sets, one for O/S and the other for data. I am thinking about recreating the RAID set as one big RAID5 so that I can maximize the data area as only 10% is used in the O/S area. > > How does this approach sound ? The server is a dual Opteron 250 with 6GB RAM. Any help appreciated. Hi, we have two 3Ware 9550SX (4 and 8 Disk-Version) used in a mail/lamp- and a fileserver. I use R5 and LVM to handle the partitionsize. The fact is, that the performance depends on a lot of situations and configration options; eg. 5 minutes ago I did a rw-test with bonnie++ on both systems while users are using the servers: The mailserver had a rw-performance in the first run from about 49MB read and 42MB write; in the second run (10 seconds after) 49MB read, 41MB write. (RH EL 5, Sendmail, Mailscanner, SA, MySQL, httpd for webmail, dovecot for imap/pop3 for 600 users - 10.000 Messages/day) The fileserver had 37MB write, 67MB read in the first run and 60MB write, 67MB read in the second. The controllers do have a lot of options to set, the cache could be different, the harddrives have different specs. So, if you need a realy fast setup, you will have to test a lot of configurations - if you want a simple, "avarage" setup, use R5 with LVM. BTW: How many mails / MBs / users will be expected? What services will run on the server? Regards G?tz Reinicke -- G?tz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Gesch?ftsf?hrer: Prof. Thomas Schadt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Dec 3 09:58:24 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Dec 3 09:58:27 2007 Subject: Problem with MailScanner looping and cliaming spamassassin cache hits on every message In-Reply-To: <4753C84A.4040600@farrows.org> References: <47536132.8020907@farrows.org> <4753B407.1000900@farrows.org> <223f97700712030052yccd6638k4b8d17e344397279@mail.gmail.com> <4753C84A.4040600@farrows.org> Message-ID: <223f97700712030158n2d3f8708j578163e63f8d4527@mail.gmail.com> On 03/12/2007, Peter Farrow wrote: > Hi There, > > I finally got round this.... > > I upgraded to the latest mailscanner, updated all the PERL libraries and > everything and it works again (phew...) > > What concerns me is what broke it in the first place.... Likely a message containing TNEF that your prior install simply couldn't grok:-). After the update... it can... > Thanks for the help! > > Pete > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From micoots at yahoo.com Mon Dec 3 10:05:53 2007 From: micoots at yahoo.com (Michael Mansour) Date: Mon Dec 3 10:05:56 2007 Subject: Can't block wmv files In-Reply-To: Message-ID: <484851.84938.qm@web33311.mail.mud.yahoo.com> Hi Scott, --- Scott Silva wrote: > on 11/27/2007 7:56 PM Michael Mansour spake the > following: > > Hi Julian, > > > > */Julian Field /* > wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > shuttlebox wrote: > > > On Nov 27, 2007 3:08 PM, Michael Mansour > wrote: > > > > > >> %etc-dir%/example.com.filename.rules: > > >> > > >> and %etc-dir%/example.com.filetype.rules: > > >> > > > > > > Those filenames don't match what you have > in your rulesets, note the > > > missing .conf at the end: > > > > > >> FromOrTo: *@example.com > > >> > /etc/MailScanner/example.com.filename.rules.conf > > >> FromOrTo: default > /etc/MailScanner/filename.rules .conf > > >> > > >> FromOrTo: *@example.com > > >> > /etc/MailScanner/example.com.filetype.rules.conf > > >> FromOrTo: default > /etc/MailScanner/filetype.rules.conf > > >> > > > > > > Also, you do have tabs as whitespace in > both files and no strange > > > end-of-lines, common if you edit the files > in Windows? > > > > > The only places you need tabs instead of > spaces are in the > > example.com.filetype/name.rules.conf and > filetype/name.rules.conf files. > > You can use any whitespace in *.rules files. > > > > Any ideas why the movie files still get through? > > > > Is there some sort of MailScanner command I could > use in debug mode or > > similar which I can input an email or attachment > and see why MailScanner > > let the message or file through? > > > > This setup works for so many other domains I host > for, just not this > > particular one? > > > > Michael. > > > > Jules > Does mailscanner.conf have the correct path to file > command? Yes, all servers have: File Command = /usr/bin/file and: # which file /usr/bin/file In MailScanner debug mode it also shows: Dec 3 01:15:34 server MailScanner[17504]: Completed checking by /usr/bin/file Dec 3 01:15:34 server MailScanner[17504]: Virus Scanning completed at 5014 bytes per second Dec 3 01:15:34 server MailScanner[17504]: About to deliver 1 messages Dec 3 01:15:34 server MailScanner[17504]: Uninfected: Delivered 1 messages Dec 3 01:15:34 server MailScanner[17504]: Virus Processing completed at 743464 bytes per second Dec 3 01:15:34 server MailScanner[17504]: Batch completed at 2200 bytes per second (117672 / 53) Dec 3 01:15:34 server MailScanner[17504]: Batch (1 message) processed in 53.47 seconds Dec 3 01:15:35 server MailScanner[17504]: Logging message lB2EEVPw017610 to SQL Dec 3 01:15:35 server MailScanner[17504]: "Always Looked Up Last" took 0.06 seconds Dec 3 01:15:35 server MailScanner[17504]: Config: calling custom end function SQLSpamScores Dec 3 01:15:35 server MailScanner[17504]: Closing down SQL Spam Scores Dec 3 01:15:35 server MailScanner[17504]: Config: calling custom end function SQLBlacklist Dec 3 01:15:35 server MailScanner[17504]: Closing down by-domain spam blacklist Dec 3 01:15:35 server MailScanner[17504]: Config: calling custom end function MailWatchLogging Dec 3 01:15:35 server MailScanner[17504]: Config: calling custom end function SQLHighSpamScores Dec 3 01:15:35 server MailScanner[17504]: Closing down SQL High Spam Scores Dec 3 01:15:35 server MailScanner[17504]: Config: calling custom end function SQLWhitelist Dec 3 01:15:35 server MailScanner[17504]: Closing down by-domain spam whitelist Dec 3 01:15:35 server MailScanner[17507]: lB2EEVPw017610: Logged to MailWatch SQL Dec 3 01:15:35 server MailScanner[17504]: MailScanner child dying of old age So it is using the command, just not doing anything with the attachment. Michael. Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From uxbod at splatnix.net Mon Dec 3 05:36:36 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Dec 3 10:08:23 2007 Subject: cut off by spamhaus free use? In-Reply-To: <20071203064958.M47016@ezo.net> Message-ID: <19739814.281196660196491.JavaMail.root@office.splatnix.net> Hi Jim, care to share what OSS tools you are using ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jim Flowers" To: "MailScanner discussion" Sent: Monday, December 3, 2007 8:54:58 AM (GMT) Europe/London Subject: Re: cut off by spamhaus free use? FWIW, I have used spamhaus for quite some time now. One of my systems tops out at about 50,000 messages per day. So far they haven't given me any grief although they are the primary front-end dnsbl. Here's some grist for the mill: I am testing a sendmail front end configured with all of the spam/reject capabilities (including the zen.spamhaus dnsbl), however, it follows several milters (one of which uses the cbl.abuseat.net dnsbl). The load on zen.spamhaus is reduced considerably and the setup produces almost no false positives. Because this multi-domain server includes a particular domain that is the target of a distributed zombie PC spam/ddos attack, I have added some extra features to deal with the problem. The spammer is able to launch several hundreds of PCs at a time, throwing connections at this server at the rate of hundreds per second. The server logs are monitored by an IDS that tracks the frequency of blocking events. When a sendmail reject occurs or MailScanner determines that a message from a particular relay is high scoring spam they are counted and when a threshold is exceeded a firewall rule is added to either tarpit the relay or block it outright for a period of from one hour to 5 days. The IDS also monitors the tarpit server and if the attacker isn't stuck in the mod for at least a minute for each connection then it's converted into an outright block. The amount of time from the start of an attack to full blocking varies but is on the order of 11 to 40 seconds. Sounds complicated but not so difficult to achieve as it sounds. There are really great open-source tools around. And this domain has been a thorn in my side for a long time. Time will tell. For the moment, I'm happy that the messages handled by the processes running on this server have gone down from about 46,000/day to less than 6,000/day (40,000 die at the firewall or get discouraged and go away) and the server is loafing along with an average load of 0.15 (2 GHz AND/FreeBSD6.3) Certainly not for everybody but if you have large volume servers there may be some ideas here that you can use. Unfortunately, these attacks are increasing at an alarming rate. -- Jim Flowers Internet/USA, LLC MXGuardian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Mon Dec 3 05:55:18 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Dec 3 10:49:23 2007 Subject: NOD32 Message-ID: <15474287.371196661318879.JavaMail.root@office.splatnix.net> Downloaded the latest LFS version last night and it would appear that the previous binary applications name nod32cli etc have now been changed to esets_. I have hacked a wrapper and update script together but need to do some more testing. Has anybody else seen this yet ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Mon Dec 3 06:55:28 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Dec 3 12:40:16 2007 Subject: WOT: But a good way to start the week and remind a lot of us why we are SAs! Message-ID: <31457736.691196664928548.JavaMail.root@office.splatnix.net> http://www.sysadminday.com/time.html Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ram at netcore.co.in Mon Dec 3 13:14:00 2007 From: ram at netcore.co.in (ram) Date: Mon Dec 3 13:14:22 2007 Subject: mailscanner caching and the cache cecksum Message-ID: <1196687640.32341.73.camel@localhost.localdomain> MailScanner implements caching of Mails ( and does that very well ) How are these caches compared ? Is there a checksum it generates?. If yes can that checksum also be a extra header added in the mail ? Suppose I have a Spamassassin FN which gets detected after the mail has been delivered , what I could do is look for all mails with the same cache checksum header and delete them from all users mailbox immediately ( before they have seen the mail :-) and get another chance to complain ) Thanks Ram From jaearick at colby.edu Mon Dec 3 15:00:53 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Dec 3 15:01:07 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: On Mon, 3 Dec 2007, Jeff Mills wrote: > Date: Mon, 3 Dec 2007 14:22:00 +1100 > From: Jeff Mills > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: cut off by spamhaus free use? > > >>> >>> Yes it happened to one of my installs. Unfortunately, somebody had >>> used their domain name in a spam attack, so the server got >> thousands >>> of extra inbound emails. It was enough for spamhaus to >> block the servers. >>> >> And it appears that it is an automated process to be blocked, >> but only a manual unblock. > > > Yes! > One of the things I have done in my servers is move the spamhaus list to > the bottom of my list of RBL's. > That way, spamhaus is only queried when none of the others match. I find > that spamcop gets more than the others. I've had false positive problems with spamcop in the past. I put dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. I had contact with a human at spamhaus, but they aren't very forthcoming as to why I got cut off. It would be nice if they had sent postmaster@colby.edu a warning, maybe with some numbers attached. Jeff Earickson Colby College From mailscanner at slackadelic.com Mon Dec 3 15:04:27 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Mon Dec 3 15:04:31 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: <47541AFB.6060103@slackadelic.com> Jeff A. Earickson wrote: > On Mon, 3 Dec 2007, Jeff Mills wrote: > >> Date: Mon, 3 Dec 2007 14:22:00 +1100 >> From: Jeff Mills >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: RE: cut off by spamhaus free use? >> >> >>>> >>>> Yes it happened to one of my installs. Unfortunately, somebody had >>>> used their domain name in a spam attack, so the server got >>> thousands >>>> of extra inbound emails. It was enough for spamhaus to >>> block the servers. >>>> >>> And it appears that it is an automated process to be blocked, >>> but only a manual unblock. >> >> >> Yes! >> One of the things I have done in my servers is move the spamhaus list to >> the bottom of my list of RBL's. >> That way, spamhaus is only queried when none of the others match. I find >> that spamcop gets more than the others. > > I've had false positive problems with spamcop in the past. I put > dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. > > I had contact with a human at spamhaus, but they aren't very forthcoming > as to why I got cut off. It would be nice if they had sent > postmaster@colby.edu > a warning, maybe with some numbers attached. > > Jeff Earickson > Colby College What indications did you all receive that you had been "cut off" other than timeouts to their servers? Any other tell-tale signs? -Matt From jaearick at colby.edu Mon Dec 3 15:30:50 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Dec 3 15:31:01 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47541AFB.6060103@slackadelic.com> References: <47541AFB.6060103@slackadelic.com> Message-ID: On Mon, 3 Dec 2007, Matt Hayes wrote: > Date: Mon, 03 Dec 2007 10:04:27 -0500 > From: Matt Hayes > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: cut off by spamhaus free use? > > Jeff A. Earickson wrote: >> On Mon, 3 Dec 2007, Jeff Mills wrote: >> >>> Date: Mon, 3 Dec 2007 14:22:00 +1100 >>> From: Jeff Mills >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: RE: cut off by spamhaus free use? >>> >>> >>>>> >>>>> Yes it happened to one of my installs. Unfortunately, somebody had >>>>> used their domain name in a spam attack, so the server got >>>> thousands >>>>> of extra inbound emails. It was enough for spamhaus to >>>> block the servers. >>>>> >>>> And it appears that it is an automated process to be blocked, >>>> but only a manual unblock. >>> >>> >>> Yes! >>> One of the things I have done in my servers is move the spamhaus list to >>> the bottom of my list of RBL's. >>> That way, spamhaus is only queried when none of the others match. I find >>> that spamcop gets more than the others. >> >> I've had false positive problems with spamcop in the past. I put >> dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. >> >> I had contact with a human at spamhaus, but they aren't very forthcoming >> as to why I got cut off. It would be nice if they had sent >> postmaster@colby.edu >> a warning, maybe with some numbers attached. >> >> Jeff Earickson >> Colby College > > What indications did you all receive that you had been "cut off" other > than timeouts to their servers? Any other tell-tale signs? The fact that ALL of my inbound email from the Internet was getting tempfailed (400 "try again later" to the sending email servers) for nearly 12 hours. The fact that my system's sar output showed 2% usage instead of its normal 20 to 40% range. After 12 hours of tempfails, I had a tsunami of inbound email for a while once I got the problem fixed. Jeff Earickson Colby College From waytotheweb at googlemail.com Mon Dec 3 15:35:28 2007 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Mon Dec 3 15:35:33 2007 Subject: MailScanner on CPanel In-Reply-To: <9b6823b30712020320l7db5c2acx198786d022547c92@mail.gmail.com> References: <9b6823b30712020320l7db5c2acx198786d022547c92@mail.gmail.com> Message-ID: On 02/12/2007, double T wrote: > Hi ! > > Following instructions from > http://www.configserver.com/free/mailscanner.html i just > installed mailscanner on a new CPanel server. In fact i wouldn't see it much > complicated :), the problem is that I'm new with CPanel and MailScanner, coz > i was workling untill now with Plesk and Qmail. Always wanted to try > MailScanner! > > The point is that when MailScanner script (install.sh) finished, i had this > error: > > ----------- > > Copying MailScanner/cPanel scripts... > > mkdir: created directory `/usr/mscpanel' > `mscheck.pl' -> `/usr/mscpanel/./mscheck.pl' > `mscpanel.pl' -> `/usr/mscpanel/./mscpanel.pl' > `msswitch.pl' -> `/usr/mscpanel/./msswitch.pl' > `version.txt' -> `/usr/mscpanel/./version.txt' > `exim.init' -> `/usr/mscpanel/./exim.init' > mode of `/usr/mscpanel/mscpanel.pl' changed to 0700 (rwx------) > mode of `/usr/mscpanel/mscheck.pl' changed to 0700 (rwx------) > mode of `/usr/mscpanel/msswitch.pl' changed to 0700 (rwx------) > > Shutting down exim: [ OK ] > Shutting down antirelayd: [ OK ] > Shutting down spamd: [ OK ] > Starting exim: [ OK ] > Starting exim-outgoing: [ OK ] > Starting exim-smtps: [ OK ] > Starting antirelayd: [ OK ] > Starting spamd: [22397] info: config: dcc_path "/usr/local/bin/dccproc" > isn't an executable > [22397] info: config: SpamAssassin failed to parse line, > "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: dcc_path > /usr/local/bin/dccproc > [ OK ] > Stopping chkservd: [ OK ] > Starting chkservd: [ OK ] This is most likely because DCC is not installed on your server. If you do not wish to install DCC, you should edit the file /etc/mail/spamassassin/mailscanner.conf and comment out the line: dcc_path /usr/local/bin/dccproc > > This is the output of MailScanner -v > > [root@testsrv msinstall]# /usr/mailscanner/bin/MailScanner > -v > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Variable "$FIELD_NAME" is not imported at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6907. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/mailscanner/lib/MailScanner/Message.pm line 6910. > Compilation failed in require at > /usr/mailscanner/bin/MailScanner line 79. > BEGIN failed--compilation aborted at > /usr/mailscanner/bin/MailScanner line 79. > > Can somebosy help me please? We've posted an entry on our blog regarding this problem and how to work around it until it is fixed in MailScanner: http://www.configserver.com/blog/index.php?itemid=245 -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From rpoe at plattesheriff.org Mon Dec 3 16:44:27 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Dec 3 16:44:51 2007 Subject: Your recommendation please: big volume mail solution In-Reply-To: References: <00cf01c820ab$5fe3a4f0$6402a8c0@dell> Message-ID: <4753DE07.65ED.00A2.0@plattesheriff.org> Whoa ... sounds interestingly like the same discussion from the ISP-Linux discussion list .. >>> Scott Silva 11/6/2007 1:46 PM >>> on 11/6/2007 11:29 AM Arthur Sherman spake the following: > Hi, > > A client asked me to build for him a mail solution, capable of sending up to > 1 milllion emails a day, while each email doesn't exceed 50KB in size. > > How do I calculate: > 1) how many servers > 2) how do I calculate the above > 3) is there any max emails a day from IP/domain, which triggers black and > blocklists > 4) what is your recommended software solution > > On this stage, most distribution would be in single country. > > Thanks in advance > > Arthur > > Sounds suspiciously like a spammer! Give us his domain so we can blacklist him before he starts ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve.freegard at fsl.com Mon Dec 3 16:51:40 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Dec 3 16:50:05 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: <4754341C.7070701@fsl.com> Jeff A. Earickson wrote: > I've had false positive problems with spamcop in the past. How recent was this? They have apparently changed the way they build the blacklist at the beginning of the year (see http://www.dnsbl.com/2007/05/spamcop-bl-another-look-its-accurate.html) and I've used it several times since and had no problems. > I put dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. Yikes - personally I wouldn't touch SORBS, see http://www.dnsbl.com/2007/07/sorbs-on-accuracy-rates-and-false.html and http://dnsblresourcedata.googlepages.com/criticismfromsorbs Note that you also aren't using the recommended zone (according to the SORBS admin) even though the SORBS site shows you the configuration for what you have entered, apparently safe.dnsbl.sorbs.net is the zone to use... Cheers, Steve. From mkettler at evi-inc.com Mon Dec 3 18:21:07 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Dec 3 18:21:23 2007 Subject: Spamhaus replacement In-Reply-To: <47536905.8040903@indomino.net> References: <47536905.8040903@indomino.net> Message-ID: <47544913.6050901@evi-inc.com> Budi Febrianto wrote: > Right now we only use zen.spamhaus.org and happy so far, but because > spamhaus is not free anymore, now I want some recommendation for others > dnsbl. > Temporarily I plan to move it to others dnsbl while I do some > administrative task to explain to our management that spamhaus is not > free anymore. > > Some search I found that I can use these dnsbls > cbl.abuseat.org > bl.spamcop.net > dialups.mail-abuse.org > Note: cbl.abuseat.org is a feed to xbl.spamhaus.org. If you dig around on abuseat's site, they have a policy prohibiting using cbl directly if you'd need a datafeed to use xbl. The other feed into xbl is the open proxy list from njabl, and they have no such restrictions. bl.spamcop.net works pretty well, but does have some significant FPs now that they list backscatter sites (in the SpamAssassin 3.2 mass-checks, the hits on spamcop were 87.1% spam, and therefore 12.9% nonspam) mail-abuse.org isn't free, and hasn't been for years. It's now a part of Trend's "Email Reputation Services", which is a for-pay service. In general you might want to look at the STATISTICS file that comes with SA and see what the SpamAssassin mass-checks came up with. A "perfect" spam rule will have a S/O of 1.0 (for 100% of matches being spam, 0% nonspam), so look for RBL tests (RCVD_IN_*) with S/O's above 0.95 (95% spam, 5% nonspam). Also look for ones that match a decent amount of mail, because a perfectly accurate list with really low hit-rate isn't helpful. I'd look for at least 5% in the spam% column. http://svn.apache.org/repos/asf/spamassassin/branches/3.2/rules/STATISTICS-set3.txt From jaearick at colby.edu Mon Dec 3 19:36:12 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Dec 3 19:36:23 2007 Subject: cut off by spamhaus free use? In-Reply-To: <4754341C.7070701@fsl.com> References: <4754341C.7070701@fsl.com> Message-ID: Steve, Thanks for the advice, more adjustments made.... Jeff Earickson On Mon, 3 Dec 2007, Steve Freegard wrote: > Date: Mon, 03 Dec 2007 16:51:40 +0000 > From: Steve Freegard > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: cut off by spamhaus free use? > > Jeff A. Earickson wrote: > >> I've had false positive problems with spamcop in the past. > > How recent was this? They have apparently changed the way they build the > blacklist at the beginning of the year (see > http://www.dnsbl.com/2007/05/spamcop-bl-another-look-its-accurate.html) and > I've used it several times since and had no problems. > >> I put dnsbl.sorbs.net into action in sendmail this morning, appears to be >> ok. > > Yikes - personally I wouldn't touch SORBS, see > http://www.dnsbl.com/2007/07/sorbs-on-accuracy-rates-and-false.html and > http://dnsblresourcedata.googlepages.com/criticismfromsorbs > > Note that you also aren't using the recommended zone (according to the SORBS > admin) even though the SORBS site shows you the configuration for what you > have entered, apparently safe.dnsbl.sorbs.net is the zone to use... > > Cheers, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Mon Dec 3 19:35:38 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Dec 3 19:36:40 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: <47545A8A.5090509@USherbrooke.ca> Jeff A. Earickson a ?crit : > On Mon, 3 Dec 2007, Jeff Mills wrote: > >> >> >> Yes! >> One of the things I have done in my servers is move the spamhaus list to >> the bottom of my list of RBL's. >> That way, spamhaus is only queried when none of the others match. I find >> that spamcop gets more than the others. I did the same and so far it is still working: cbl.abuseat.org dul.dnsbl.sorbs.net web.dnsbl.sorbs.net relays.dnsbl.sorbs.net rhsbl.dnsbl.sorbs.net bl.spamcop.net list.dsbl.org zen.spamhaus.org So far today, they blocked: bl.spamcop.net : 13188 ( 5 %) cbl.abuseat.org : 131946 ( 57 %) dul.dnsbl.sorbs.net : 57306 ( 25 %) list.dsbl.org : 1320 ( 0 %) relays.dnsbl.sorbs.net : 42 ( 0 %) web.dnsbl.sorbs.net : 1225 ( 0 %) zen.spamhaus.org : 24122 ( 10 %) Even though Zen is called last it still blocks 10% of all connections... Maybe they are more lenient if you don't query addresses that can be found in CBL? I also run a caching nameserver. Some of my sorbs lists don't seem to block much... but using safe.dnsbl.sorbs.net was blocking too many legit servers... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ssilva at sgvwater.com Mon Dec 3 19:39:55 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 3 19:40:40 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: on 12/3/2007 7:00 AM Jeff A. Earickson spake the following: > On Mon, 3 Dec 2007, Jeff Mills wrote: > >> Date: Mon, 3 Dec 2007 14:22:00 +1100 >> From: Jeff Mills >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: RE: cut off by spamhaus free use? >> >> >>>> >>>> Yes it happened to one of my installs. Unfortunately, somebody had >>>> used their domain name in a spam attack, so the server got >>> thousands >>>> of extra inbound emails. It was enough for spamhaus to >>> block the servers. >>>> >>> And it appears that it is an automated process to be blocked, >>> but only a manual unblock. >> >> >> Yes! >> One of the things I have done in my servers is move the spamhaus list to >> the bottom of my list of RBL's. >> That way, spamhaus is only queried when none of the others match. I find >> that spamcop gets more than the others. > > I've had false positive problems with spamcop in the past. I put > dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. Spamcop has supposedly fixed this problem. I am not having problems with it right now. > > I had contact with a human at spamhaus, but they aren't very forthcoming > as to why I got cut off. It would be nice if they had sent > postmaster@colby.edu > a warning, maybe with some numbers attached. > > Jeff Earickson > Colby College -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dave.list at pixelhammer.com Mon Dec 3 19:56:23 2007 From: dave.list at pixelhammer.com (DAve) Date: Mon Dec 3 19:56:33 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: <47541AFB.6060103@slackadelic.com> Message-ID: <47545F67.70800@pixelhammer.com> Jeff A. Earickson wrote: > On Mon, 3 Dec 2007, Matt Hayes wrote: > >> Date: Mon, 03 Dec 2007 10:04:27 -0500 >> From: Matt Hayes >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: cut off by spamhaus free use? >> >> Jeff A. Earickson wrote: >>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>> >>>> Date: Mon, 3 Dec 2007 14:22:00 +1100 >>>> From: Jeff Mills >>>> Reply-To: MailScanner discussion >>>> To: MailScanner discussion >>>> Subject: RE: cut off by spamhaus free use? >>>> >>>> >>>>>> >>>>>> Yes it happened to one of my installs. Unfortunately, somebody had >>>>>> used their domain name in a spam attack, so the server got >>>>> thousands >>>>>> of extra inbound emails. It was enough for spamhaus to >>>>> block the servers. >>>>>> >>>>> And it appears that it is an automated process to be blocked, >>>>> but only a manual unblock. >>>> >>>> >>>> Yes! >>>> One of the things I have done in my servers is move the spamhaus >>>> list to >>>> the bottom of my list of RBL's. >>>> That way, spamhaus is only queried when none of the others match. I >>>> find >>>> that spamcop gets more than the others. >>> >>> I've had false positive problems with spamcop in the past. I put >>> dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. >>> >>> I had contact with a human at spamhaus, but they aren't very forthcoming >>> as to why I got cut off. It would be nice if they had sent >>> postmaster@colby.edu >>> a warning, maybe with some numbers attached. >>> >>> Jeff Earickson >>> Colby College >> >> What indications did you all receive that you had been "cut off" other >> than timeouts to their servers? Any other tell-tale signs? > > The fact that ALL of my inbound email from the Internet was getting > tempfailed (400 "try again later" to the sending email servers) for > nearly 12 hours. The fact that my system's sar output showed 2% usage > instead of its normal 20 to 40% range. After 12 hours of tempfails, > I had a tsunami of inbound email for a while once I got the problem > fixed. > > Jeff Earickson > Colby College Do you cache all your responses? Running a simple DNS cache on your mail server will greatly reduce your load on RBLs and speed up queries. DAve -- I've been asking Google for a Veteran's Day logo since 2000, maybe 1999. I was told they finally did a Veteran's Day logo, but none of the links I was given return anything but a normal Google logo. Sad, very sad. Maybe the Chinese Government didn't like it? From mailscanner at slackadelic.com Mon Dec 3 20:00:24 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Mon Dec 3 20:00:29 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47545F67.70800@pixelhammer.com> References: <47541AFB.6060103@slackadelic.com> <47545F67.70800@pixelhammer.com> Message-ID: <47546058.20508@slackadelic.com> DAve wrote: > Jeff A. Earickson wrote: >> On Mon, 3 Dec 2007, Matt Hayes wrote: >> >>> Date: Mon, 03 Dec 2007 10:04:27 -0500 >>> From: Matt Hayes >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: cut off by spamhaus free use? >>> >>> Jeff A. Earickson wrote: >>>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>>> >>>>> Date: Mon, 3 Dec 2007 14:22:00 +1100 >>>>> From: Jeff Mills >>>>> Reply-To: MailScanner discussion >>>>> To: MailScanner discussion >>>>> Subject: RE: cut off by spamhaus free use? >>>>> >>>>> >>>>>>> Yes it happened to one of my installs. Unfortunately, somebody had >>>>>>> used their domain name in a spam attack, so the server got >>>>>> thousands >>>>>>> of extra inbound emails. It was enough for spamhaus to >>>>>> block the servers. >>>>>> And it appears that it is an automated process to be blocked, >>>>>> but only a manual unblock. >>>>> >>>>> Yes! >>>>> One of the things I have done in my servers is move the spamhaus >>>>> list to >>>>> the bottom of my list of RBL's. >>>>> That way, spamhaus is only queried when none of the others match. I >>>>> find >>>>> that spamcop gets more than the others. >>>> I've had false positive problems with spamcop in the past. I put >>>> dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. >>>> >>>> I had contact with a human at spamhaus, but they aren't very forthcoming >>>> as to why I got cut off. It would be nice if they had sent >>>> postmaster@colby.edu >>>> a warning, maybe with some numbers attached. >>>> >>>> Jeff Earickson >>>> Colby College >>> What indications did you all receive that you had been "cut off" other >>> than timeouts to their servers? Any other tell-tale signs? >> The fact that ALL of my inbound email from the Internet was getting >> tempfailed (400 "try again later" to the sending email servers) for >> nearly 12 hours. The fact that my system's sar output showed 2% usage >> instead of its normal 20 to 40% range. After 12 hours of tempfails, >> I had a tsunami of inbound email for a while once I got the problem >> fixed. >> >> Jeff Earickson >> Colby College > > Do you cache all your responses? Running a simple DNS cache on your mail > server will greatly reduce your load on RBLs and speed up queries. > > DAve > I can concur with that. I use BIND for SOA and dnscache for local DNS caching. Works great. Sped up queries nearly 100% and I'm not hitting outside DNS servers as much. -Matt From jaearick at colby.edu Mon Dec 3 20:14:01 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Dec 3 20:14:13 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47545F67.70800@pixelhammer.com> References: <47541AFB.6060103@slackadelic.com> <47545F67.70800@pixelhammer.com> Message-ID: On Mon, 3 Dec 2007, DAve wrote: > Date: Mon, 03 Dec 2007 14:56:23 -0500 > From: DAve > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: cut off by spamhaus free use? > > Jeff A. Earickson wrote: >> On Mon, 3 Dec 2007, Matt Hayes wrote: >> >>> Date: Mon, 03 Dec 2007 10:04:27 -0500 >>> From: Matt Hayes >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: cut off by spamhaus free use? >>> >>> Jeff A. Earickson wrote: >>>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>>> >>>>> Date: Mon, 3 Dec 2007 14:22:00 +1100 >>>>> From: Jeff Mills >>>>> Reply-To: MailScanner discussion >>>>> To: MailScanner discussion >>>>> Subject: RE: cut off by spamhaus free use? >>>>> >>>>> >>>>>>> >>>>>>> Yes it happened to one of my installs. Unfortunately, somebody had >>>>>>> used their domain name in a spam attack, so the server got >>>>>> thousands >>>>>>> of extra inbound emails. It was enough for spamhaus to >>>>>> block the servers. >>>>>>> >>>>>> And it appears that it is an automated process to be blocked, >>>>>> but only a manual unblock. >>>>> >>>>> >>>>> Yes! >>>>> One of the things I have done in my servers is move the spamhaus >>>>> list to >>>>> the bottom of my list of RBL's. >>>>> That way, spamhaus is only queried when none of the others match. I >>>>> find >>>>> that spamcop gets more than the others. >>>> >>>> I've had false positive problems with spamcop in the past. I put >>>> dnsbl.sorbs.net into action in sendmail this morning, appears to be ok. >>>> >>>> I had contact with a human at spamhaus, but they aren't very forthcoming >>>> as to why I got cut off. It would be nice if they had sent >>>> postmaster@colby.edu >>>> a warning, maybe with some numbers attached. >>>> >>>> Jeff Earickson >>>> Colby College >>> >>> What indications did you all receive that you had been "cut off" other >>> than timeouts to their servers? Any other tell-tale signs? >> >> The fact that ALL of my inbound email from the Internet was getting >> tempfailed (400 "try again later" to the sending email servers) for >> nearly 12 hours. The fact that my system's sar output showed 2% usage >> instead of its normal 20 to 40% range. After 12 hours of tempfails, >> I had a tsunami of inbound email for a while once I got the problem >> fixed. >> >> Jeff Earickson >> Colby College > > Do you cache all your responses? Running a simple DNS cache on your mail > server will greatly reduce your load on RBLs and speed up queries. Oh yes. I run a bind on the box as a stealth secondary, with /etc/resolv pointing to the box as the first place to look for DNS. Jeff Earickson Colby College From ssilva at sgvwater.com Mon Dec 3 20:28:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 3 20:29:07 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: <4754341C.7070701@fsl.com> Message-ID: on 12/3/2007 11:36 AM Jeff A. Earickson spake the following: > Steve, > > Thanks for the advice, more adjustments made.... > > Jeff Earickson To get near the same catch rate I had to enable njabl.org, list.dsbl.org, bl.spamcop.net and cbl.abuseat.org. I had njabl already but before zen.spamhaus.org, but it catches very little, and I have the cbl list at the end to hopefully lower my query rate. You will want to make sure that if you add cbl to your MTA, you remove it from spamassassin, because this is what I think made my lookups go over the allowed rate. Spamassassin doesn't query the zen list, but queries the sublists sbl, xbl, and cbl. That would probably triple your lookups on each message. There is chatter on the spamassassin lists that they will be disabling the spamhaus lookups by default in a future version. If you want to add others, or see how these perform, you can look at your hitrates in spamassassin. The above had better than 99% spam rates in my system with very little ham, and the ham was actually spam that scored too low to be caught that way. But as with anything YMMV. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Dec 3 22:13:58 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 3 22:20:11 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47545A8A.5090509@USherbrooke.ca> References: <47545A8A.5090509@USherbrooke.ca> Message-ID: on 12/3/2007 11:35 AM Denis Beauchemin spake the following: > Jeff A. Earickson a ?crit : >> On Mon, 3 Dec 2007, Jeff Mills wrote: >> >>> >>> >>> Yes! >>> One of the things I have done in my servers is move the spamhaus list to >>> the bottom of my list of RBL's. >>> That way, spamhaus is only queried when none of the others match. I find >>> that spamcop gets more than the others. > I did the same and so far it is still working: > cbl.abuseat.org > dul.dnsbl.sorbs.net > web.dnsbl.sorbs.net > relays.dnsbl.sorbs.net > rhsbl.dnsbl.sorbs.net > bl.spamcop.net > list.dsbl.org > zen.spamhaus.org I would move cbl right above zen, as they also have a usage limit. > > So far today, they blocked: > bl.spamcop.net : 13188 ( 5 %) > cbl.abuseat.org : 131946 ( 57 %) > dul.dnsbl.sorbs.net : 57306 ( 25 %) > list.dsbl.org : 1320 ( 0 %) > relays.dnsbl.sorbs.net : 42 ( 0 %) > web.dnsbl.sorbs.net : 1225 ( 0 %) > zen.spamhaus.org : 24122 ( 10 %) What do you run to get this info? Or was it hand compiled? I have been looking for something I could get some good stats with. > > Even though Zen is called last it still blocks 10% of all connections... > > Maybe they are more lenient if you don't query addresses that can be > found in CBL? I also run a caching nameserver. > > Some of my sorbs lists don't seem to block much... but using > safe.dnsbl.sorbs.net was blocking too many legit servers... > > Denis > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From admin at lctn.org Tue Dec 4 03:54:22 2007 From: admin at lctn.org (admin@lctn.org) Date: Tue Dec 4 03:55:45 2007 Subject: header info showing up in body Message-ID: <53425.66.103.176.15.1196740462.squirrel@lctn.org> Not sure what I clicked on, but info that would normally be in the header is showing up at the top of the body of email now. This occurred after installing the webmin module, so I could remove the default mailscanner tag at the bottom of each message. I'm sure I'm blind here:) From ram at netcore.co.in Tue Dec 4 05:45:40 2007 From: ram at netcore.co.in (ram) Date: Tue Dec 4 05:45:55 2007 Subject: header info showing up in body In-Reply-To: <53425.66.103.176.15.1196740462.squirrel@lctn.org> References: <53425.66.103.176.15.1196740462.squirrel@lctn.org> Message-ID: <1196747140.6843.30.camel@localhost.localdomain> On Mon, 2007-12-03 at 21:54 -0600, admin@lctn.org wrote: > Not sure what I clicked on, but info that would normally be in the header > is showing up at the top of the body of email now. This occurred after > installing the webmin module, so I could remove the default mailscanner > tag at the bottom of each message. I'm sure I'm blind here:) If header information is in the body the email server is attaching some headers with extra newlines Just read the email source and see which header has more than 1 newline ... that should be easy From martinh at solidstatelogic.com Tue Dec 4 09:02:25 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Dec 4 09:02:32 2007 Subject: header info showing up in body In-Reply-To: <53425.66.103.176.15.1196740462.squirrel@lctn.org> Message-ID: <4c5976fdfa09cc4ea60ea8370218cc07@solidstatelogic.com> Hi Make sure there's no spaces/newlines line the mailscanner headers you're adding in to the mix. Esp the %org-name% ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of admin@lctn.org > Sent: 04 December 2007 03:54 > To: mailscanner@lists.mailscanner.info > Subject: header info showing up in body > > Not sure what I clicked on, but info that would normally be in the header > is showing up at the top of the body of email now. This occurred after > installing the webmin module, so I could remove the default mailscanner > tag at the bottom of each message. I'm sure I'm blind here:) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ram at netcore.co.in Tue Dec 4 14:09:41 2007 From: ram at netcore.co.in (ram) Date: Tue Dec 4 14:09:58 2007 Subject: Spamhaus replacement In-Reply-To: <47536905.8040903@indomino.net> References: <47536905.8040903@indomino.net> Message-ID: <1196777381.3249.24.camel@localhost.localdomain> On Mon, 2007-12-03 at 09:25 +0700, Budi Febrianto wrote: > Right now we only use zen.spamhaus.org and happy so far, but because > spamhaus is not free anymore, now I want some recommendation for others > dnsbl. But spamhaus offers free data sync AFAIK if you are using it for your own domain and not selling antispam solution You just need to sign up with them > Temporarily I plan to move it to others dnsbl while I do some > administrative task to explain to our management that spamhaus is not > free anymore. > > Some search I found that I can use these dnsbls > cbl.abuseat.org > bl.spamcop.net > dialups.mail-abuse.org > > I'm looking for dnsbl that know to be safe, because I want to place it > in our sendmail, and the rest of spam will be taken care with mailscanner. > > TIA. > > --- > Budi Febrianto > > > From prandal at herefordshire.gov.uk Tue Dec 4 14:36:08 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Dec 4 14:36:20 2007 Subject: Spamhaus replacement In-Reply-To: <1196777381.3249.24.camel@localhost.localdomain> References: <47536905.8040903@indomino.net> <1196777381.3249.24.camel@localhost.localdomain> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA023EAEBD@HC-MBX02.herefordshire.gov.uk> ram wrote: > > On Mon, 2007-12-03 at 09:25 +0700, Budi Febrianto wrote: > > Right now we only use zen.spamhaus.org and happy so far, > but because > > spamhaus is not free anymore, now I want some > recommendation for others > > dnsbl. > > But spamhaus offers free data sync AFAIK if you are using it for your > own domain and not selling antispam solution > > > You just need to sign up with them http://www.spamhaus.org/organization/dnsblusage.html "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL servers is free of charge if you meet all three of the following criteria: 1. Your use of the Spamhaus DNSBLs is non-commercial*, and 2. Your email traffic is less than 80,000 SMTP connections per day, and 3. Your DNSBL query volume is less than 320,000 queries per day. If you do not fit all three of these criteria then please do not use our public DNSBL servers, instead see 'Professional Use' (below) which delivers our DNSBL data to your servers. If you are in any doubt as to whether you fit within our free use criteria, or think you may be likely to soon exceed our free use criteria, please switch to 'Professional Use'." "Professional Use Use of the Spamhaus DNSBLs by ISPs, organizations and networks with email traffic higher than 100,000 SMTP connections per day or making over 400,000 DNSBL queries per day, or by commercial spam filter services, requires a subscription to the Spamhaus DNSBL Data Feed Service, a service designed for users with professional DNSBL query requirements." "*Definition: "non-commercial use" is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services. A company that uses our DNSBLs solely to filter their own email qualifies as a non-commercial user and may use our free public DNSBLs if that company's email volume and DNSBL query volume is below the free use limits. The same is true for any non-profit organization, school, religious organization, or private individual who operates their own mail server." Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From Denis.Beauchemin at USherbrooke.ca Tue Dec 4 15:55:17 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Dec 4 16:00:09 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: <47545A8A.5090509@USherbrooke.ca> Message-ID: <47557865.3030600@USherbrooke.ca> Scott Silva a ?crit : > on 12/3/2007 11:35 AM Denis Beauchemin spake the following: >> Jeff A. Earickson a ?crit : >>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>> >>>> >>>> >>>> Yes! >>>> One of the things I have done in my servers is move the spamhaus >>>> list to >>>> the bottom of my list of RBL's. >>>> That way, spamhaus is only queried when none of the others match. I >>>> find >>>> that spamcop gets more than the others. >> I did the same and so far it is still working: >> cbl.abuseat.org >> dul.dnsbl.sorbs.net >> web.dnsbl.sorbs.net >> relays.dnsbl.sorbs.net >> rhsbl.dnsbl.sorbs.net >> bl.spamcop.net >> list.dsbl.org >> zen.spamhaus.org > I would move cbl right above zen, as they also have a usage limit. I didn't see any on their web site... >> >> So far today, they blocked: >> bl.spamcop.net : 13188 ( 5 %) >> cbl.abuseat.org : 131946 ( 57 %) >> dul.dnsbl.sorbs.net : 57306 ( 25 %) >> list.dsbl.org : 1320 ( 0 %) >> relays.dnsbl.sorbs.net : 42 ( 0 %) >> web.dnsbl.sorbs.net : 1225 ( 0 %) >> zen.spamhaus.org : 24122 ( 10 %) > What do you run to get this info? Or was it hand compiled? I have been > looking for something I could get some good stats with. I run the attached Bash/Perl script. It parses my maillog looking for sendmail rejection messages. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- #!/bin/bash # # $Id: listeRBL,v 1.2 2007/12/03 20:00:04 bead2306 Exp $ # # This script goes through sendmail's maillog to find lines about # blocked incoming connexions. # # DB # Is a file name supplied^ if [[ -n "$1" ]]; then # Yes, use it file="$1" else # No, use default maillog file="/var/log/maillog" fi # Is file compressed? if [[ $file == ${file%.gz} ]]; then # No, just list it cmd="cat $file" else # Yes, uncompress it cmd="zcat $file" fi # Now search the log $cmd | LANG=C fgrep reject=554 |perl -ne ' next unless /found in (.*?)\s*$/; $h{$1}++; END{ for $i (sort keys %h){ $t += $h{$i}; } for $i (sort keys %h){ printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t; } printf "%25s : %d\n", "*** Total blocked conns", $t; }' From mailscanner at slackadelic.com Tue Dec 4 16:07:45 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Tue Dec 4 16:07:50 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47557865.3030600@USherbrooke.ca> References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> Message-ID: <47557B51.2090604@slackadelic.com> Denis Beauchemin wrote: > Scott Silva a ?crit : >> on 12/3/2007 11:35 AM Denis Beauchemin spake the following: >>> Jeff A. Earickson a ?crit : >>>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>>> >>>>> >>>>> >>>>> Yes! >>>>> One of the things I have done in my servers is move the spamhaus >>>>> list to >>>>> the bottom of my list of RBL's. >>>>> That way, spamhaus is only queried when none of the others match. I >>>>> find >>>>> that spamcop gets more than the others. >>> I did the same and so far it is still working: >>> cbl.abuseat.org >>> dul.dnsbl.sorbs.net >>> web.dnsbl.sorbs.net >>> relays.dnsbl.sorbs.net >>> rhsbl.dnsbl.sorbs.net >>> bl.spamcop.net >>> list.dsbl.org >>> zen.spamhaus.org >> I would move cbl right above zen, as they also have a usage limit. > > I didn't see any on their web site... >>> >>> So far today, they blocked: >>> bl.spamcop.net : 13188 ( 5 %) >>> cbl.abuseat.org : 131946 ( 57 %) >>> dul.dnsbl.sorbs.net : 57306 ( 25 %) >>> list.dsbl.org : 1320 ( 0 %) >>> relays.dnsbl.sorbs.net : 42 ( 0 %) >>> web.dnsbl.sorbs.net : 1225 ( 0 %) >>> zen.spamhaus.org : 24122 ( 10 %) >> What do you run to get this info? Or was it hand compiled? I have been >> looking for something I could get some good stats with. > > I run the attached Bash/Perl script. It parses my maillog looking for > sendmail rejection messages. > > Denis > Nice script.. too bad it doesn't seem to work with postfix :( -Matt From stork at openenterprise.ca Tue Dec 4 16:17:31 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Tue Dec 4 16:17:36 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? Message-ID: <47557D9B.5090801@openenterprise.ca> With the ongoing changes to various RBL's and the recent threads on spamhaus, can someone recommend or share a good/current spam.lists file along with a recommended "Spam List =" line? and/or sendmail.mc dnsbl settings? I used to have Spam List = spamhaus-ZEN spamhaus.org spamcop.net Also, from what I understand, adding the DNSBL to sendmail will block mail without passing into MS, and setting/using them in MS and NOT sendmail will score and tag offending mail. Can someone suggest an optimal combination of sendmail dnsbl and MS "Spam List=" settings? Should I use both? or just one based on whether I want to block/tag SPAM? This is what I currently have in sendmail.mc FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " $&{client_addr} " found in bl.spamcop.net"')dnl FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " $&{client_addr} " found in chinanet.blackholes.us"')dnl -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From glenn.steen at gmail.com Tue Dec 4 18:00:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Dec 4 18:01:03 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47557B51.2090604@slackadelic.com> References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> Message-ID: <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> On 04/12/2007, Matt Hayes wrote: > Denis Beauchemin wrote: > > Scott Silva a ?crit : > >> on 12/3/2007 11:35 AM Denis Beauchemin spake the following: > >>> Jeff A. Earickson a ?crit : > >>>> On Mon, 3 Dec 2007, Jeff Mills wrote: > >>>> > >>>>> > >>>>> > >>>>> Yes! > >>>>> One of the things I have done in my servers is move the spamhaus > >>>>> list to > >>>>> the bottom of my list of RBL's. > >>>>> That way, spamhaus is only queried when none of the others match. I > >>>>> find > >>>>> that spamcop gets more than the others. > >>> I did the same and so far it is still working: > >>> cbl.abuseat.org > >>> dul.dnsbl.sorbs.net > >>> web.dnsbl.sorbs.net > >>> relays.dnsbl.sorbs.net > >>> rhsbl.dnsbl.sorbs.net > >>> bl.spamcop.net > >>> list.dsbl.org > >>> zen.spamhaus.org > >> I would move cbl right above zen, as they also have a usage limit. > > > > I didn't see any on their web site... > >>> > >>> So far today, they blocked: > >>> bl.spamcop.net : 13188 ( 5 %) > >>> cbl.abuseat.org : 131946 ( 57 %) > >>> dul.dnsbl.sorbs.net : 57306 ( 25 %) > >>> list.dsbl.org : 1320 ( 0 %) > >>> relays.dnsbl.sorbs.net : 42 ( 0 %) > >>> web.dnsbl.sorbs.net : 1225 ( 0 %) > >>> zen.spamhaus.org : 24122 ( 10 %) > >> What do you run to get this info? Or was it hand compiled? I have been > >> looking for something I could get some good stats with. > > > > I run the attached Bash/Perl script. It parses my maillog looking for > > sendmail rejection messages. > > > > Denis > > > > > Nice script.. too bad it doesn't seem to work with postfix :( > > -Matt pflogsumm isn't good enough for you?:-) One should be able to modify it (the above script...) rather easily though... Might look at it this weekend, if you don't beat meto it;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Tue Dec 4 18:59:28 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 19:05:46 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47557865.3030600@USherbrooke.ca> References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> Message-ID: on 12/4/2007 7:55 AM Denis Beauchemin spake the following: > Scott Silva a ?crit : >> on 12/3/2007 11:35 AM Denis Beauchemin spake the following: >>> Jeff A. Earickson a ?crit : >>>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>>> >>>>> >>>>> >>>>> Yes! >>>>> One of the things I have done in my servers is move the spamhaus >>>>> list to >>>>> the bottom of my list of RBL's. >>>>> That way, spamhaus is only queried when none of the others match. I >>>>> find >>>>> that spamcop gets more than the others. >>> I did the same and so far it is still working: >>> cbl.abuseat.org >>> dul.dnsbl.sorbs.net >>> web.dnsbl.sorbs.net >>> relays.dnsbl.sorbs.net >>> rhsbl.dnsbl.sorbs.net >>> bl.spamcop.net >>> list.dsbl.org >>> zen.spamhaus.org >> I would move cbl right above zen, as they also have a usage limit. > > I didn't see any on their web site... I swear I saw something implying that if you needed a feed from spamhaus, you probably needed a feed from them, but I sure can't find it... MUST....GET....COFFEE..... ;-P Going to have a look at the script, as I get 0 every time. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bbdokken at dokkenengineering.com Tue Dec 4 19:12:02 2007 From: bbdokken at dokkenengineering.com (Brad Dokken) Date: Tue Dec 4 19:09:57 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47546058.20508@slackadelic.com> References: <47541AFB.6060103@slackadelic.com> <47545F67.70800@pixelhammer.com> <47546058.20508@slackadelic.com> Message-ID: <5A3FEF92FC07F34B9EE30C0D139571647AC006@monarchs.dokkenengineering.com> > > I can concur with that. I use BIND for SOA and dnscache for local DNS > caching. Works great. Sped up queries nearly 100% and I'm > not hitting > outside DNS servers as much. > > -Matt Does anyone have a how-to writeup on how to set this up? Thanks, Brad From shuttlebox at gmail.com Tue Dec 4 19:19:17 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Dec 4 19:19:27 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <47557D9B.5090801@openenterprise.ca> References: <47557D9B.5090801@openenterprise.ca> Message-ID: <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com> On Dec 4, 2007 5:17 PM, Johnny Stork wrote: > I used to have > > Spam List = spamhaus-ZEN spamhaus.org spamcop.net > > Also, from what I understand, adding the DNSBL to sendmail will block > mail without passing into MS, and setting/using them in MS and NOT > sendmail will score and tag offending mail. If you use RBL:s in MS you will not score mail, that can only be done in SA, there's however this option: "Spam Lists To Be Spam". If you use several RBL:s like above you can set how many are needed for a message to be blocked, note that MS RBL:s will always override the SA score. > Can someone suggest an optimal combination of sendmail dnsbl and MS > "Spam List=" settings? Should I use both? or just one based on whether I > want to block/tag SPAM? Use RBL:s only in SA if you want the most accurate spam protection. If you have performance problems you can block with Sendmail too. -- /peter From ssilva at sgvwater.com Tue Dec 4 19:49:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 19:50:47 2007 Subject: cut off by spamhaus free use? In-Reply-To: <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> Message-ID: on 12/4/2007 10:00 AM Glenn Steen spake the following: > On 04/12/2007, Matt Hayes wrote: >> Denis Beauchemin wrote: >>> Scott Silva a ?crit : >>>> on 12/3/2007 11:35 AM Denis Beauchemin spake the following: >>>>> Jeff A. Earickson a ?crit : >>>>>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>>>>> >>>>>>> >>>>>>> Yes! >>>>>>> One of the things I have done in my servers is move the spamhaus >>>>>>> list to >>>>>>> the bottom of my list of RBL's. >>>>>>> That way, spamhaus is only queried when none of the others match. I >>>>>>> find >>>>>>> that spamcop gets more than the others. >>>>> I did the same and so far it is still working: >>>>> cbl.abuseat.org >>>>> dul.dnsbl.sorbs.net >>>>> web.dnsbl.sorbs.net >>>>> relays.dnsbl.sorbs.net >>>>> rhsbl.dnsbl.sorbs.net >>>>> bl.spamcop.net >>>>> list.dsbl.org >>>>> zen.spamhaus.org >>>> I would move cbl right above zen, as they also have a usage limit. >>> I didn't see any on their web site... >>>>> So far today, they blocked: >>>>> bl.spamcop.net : 13188 ( 5 %) >>>>> cbl.abuseat.org : 131946 ( 57 %) >>>>> dul.dnsbl.sorbs.net : 57306 ( 25 %) >>>>> list.dsbl.org : 1320 ( 0 %) >>>>> relays.dnsbl.sorbs.net : 42 ( 0 %) >>>>> web.dnsbl.sorbs.net : 1225 ( 0 %) >>>>> zen.spamhaus.org : 24122 ( 10 %) >>>> What do you run to get this info? Or was it hand compiled? I have been >>>> looking for something I could get some good stats with. >>> I run the attached Bash/Perl script. It parses my maillog looking for >>> sendmail rejection messages. >>> >>> Denis >>> >> >> Nice script.. too bad it doesn't seem to work with postfix :( >> >> -Matt > pflogsumm isn't good enough for you?:-) > > One should be able to modify it (the above script...) rather easily > though... Might look at it this weekend, if you don't beat meto it;-) > > Cheers My perl is worse than my Svenska! I couldn't order a drink in either one to save my life. ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From clacroix at cegep-ste-foy.qc.ca Tue Dec 4 19:54:30 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Tue Dec 4 19:54:34 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> Message-ID: <4755B076.4040409@cegep-ste-foy.qc.ca> Scott Silva a ?crit : > on 12/4/2007 10:00 AM Glenn Steen spake the following: >> On 04/12/2007, Matt Hayes wrote: >>> Denis Beauchemin wrote: >>>> Scott Silva a ?crit : >>>>> on 12/3/2007 11:35 AM Denis Beauchemin spake the following: >>>>>> Jeff A. Earickson a ?crit : >>>>>>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>>>>>> >>>>>>>> >>>>>>>> Yes! >>>>>>>> One of the things I have done in my servers is move the spamhaus >>>>>>>> list to >>>>>>>> the bottom of my list of RBL's. >>>>>>>> That way, spamhaus is only queried when none of the others >>>>>>>> match. I >>>>>>>> find >>>>>>>> that spamcop gets more than the others. >>>>>> I did the same and so far it is still working: >>>>>> cbl.abuseat.org >>>>>> dul.dnsbl.sorbs.net >>>>>> web.dnsbl.sorbs.net >>>>>> relays.dnsbl.sorbs.net >>>>>> rhsbl.dnsbl.sorbs.net >>>>>> bl.spamcop.net >>>>>> list.dsbl.org >>>>>> zen.spamhaus.org >>>>> I would move cbl right above zen, as they also have a usage limit. >>>> I didn't see any on their web site... >>>>>> So far today, they blocked: >>>>>> bl.spamcop.net : 13188 ( 5 %) >>>>>> cbl.abuseat.org : 131946 ( 57 %) >>>>>> dul.dnsbl.sorbs.net : 57306 ( 25 %) >>>>>> list.dsbl.org : 1320 ( 0 %) >>>>>> relays.dnsbl.sorbs.net : 42 ( 0 %) >>>>>> web.dnsbl.sorbs.net : 1225 ( 0 %) >>>>>> zen.spamhaus.org : 24122 ( 10 %) >>>>> What do you run to get this info? Or was it hand compiled? I have >>>>> been >>>>> looking for something I could get some good stats with. >>>> I run the attached Bash/Perl script. It parses my maillog looking for >>>> sendmail rejection messages. >>>> >>>> Denis >>>> >>> >>> Nice script.. too bad it doesn't seem to work with postfix :( >>> >>> -Matt >> pflogsumm isn't good enough for you?:-) >> >> One should be able to modify it (the above script...) rather easily >> though... Might look at it this weekend, if you don't beat meto it;-) >> >> Cheers > My perl is worse than my Svenska! I couldn't order a drink in either > one to save my life. ;-D > > All you need is basic shell skills for that ... just like the t-shirt says: cd /pub more beer From dnsadmin at 1bigthink.com Tue Dec 4 20:05:51 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue Dec 4 20:06:09 2007 Subject: Caching Name Server WAS: cut off by spamhaus free use? Message-ID: <200712042006.lB4K66CY030659@mxt.1bigthink.com> Hello All, I can attest from recent experience that this has helped immensely. I just performed a http://clusty.com (er, Google) for 'BIND cachingnameserver' Here are some good results: http://wiki.apache.org/spamassassin/CachingNameserver http://www.redhat.com/magazine/025nov06/features/dns/ I could send config files if you want. You really only need to modify: /etc/named.config and /var/named/chroot/var/named/named.local ..and minimal modification at that! Cheers, Glenn > > > > I can concur with that. I use BIND for SOA and dnscache for local DNS > > caching. Works great. Sped up queries nearly 100% and I'm > > not hitting > > outside DNS servers as much. > > > > -Matt > >Does anyone have a how-to writeup on how to set this up? >Thanks, >Brad >-- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From philip at zeiglers.net Tue Dec 4 20:06:36 2007 From: philip at zeiglers.net (Philip Zeigler) Date: Tue Dec 4 20:09:21 2007 Subject: MailTools and MailScanner... In-Reply-To: References: Message-ID: <4755B34C.1050608@zeiglers.net> ajos1@onion.demon.co.uk wrote: > - > > The reply back is: > > ============================ > > From: mark@zzzzzzzz to ajos1@zzzzzzzz > Date: Sun, 2 Dec 2007 22:35:59 +0100 > Subject: ajos1 - Re: MailTools and MailScanner... > CC/Multi-To: (none) > Attachments: (none) > > * ajos1@zzzzzzzz (ajos1@zzzzzzzz) [071202 21:07]: > >> Not sure if you use MailScanner or not... >> > > No, never heard of it. Don't know where it is kept (not on CPAN). > > >> Since MailTools 2.01 - We have an error... and we are not sure if it >> is a MailTools problem or a MailScanner problem... See the message at >> the end... >> > > The MailTools 2.xx code is a massive clean-up. One of the things which > changed, is a stricter use of clean coding techniques. > > >> [root@onion perl_ext]# MailScanner -v | head -20 >> Variable "$FIELD_NAME" is not imported at >> /usr/lib/MailScanner/MailScanner/Message.pm line 6907. >> > > Understandable. Yes an effect of my cleanups. > > >> package Mail::Header; >> $arr->[1] =~ /\A$FIELD_NAME/o; >> > > Something very bad is happening here: code is added to an existing > module. This code should either be added in the core Mail::Header > package OR should be added using the OO extension mechanism. > > The author of the mailscanner has to clean-up his code, IMO. I could > export the $FIELD_NAME, but preferrably not. > Just did a yum update on my Centos 5 system and it installed MailTools-2.02. Is there a fix planned for this any time soon or should I downgrade to 1.7.7 and exclude the update? Philip From ssilva at sgvwater.com Tue Dec 4 20:11:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 20:15:09 2007 Subject: Spamhaus replacement In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA023EAEBD@HC-MBX02.herefordshire.gov.uk> References: <47536905.8040903@indomino.net> <1196777381.3249.24.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA023EAEBD@HC-MBX02.herefordshire.gov.uk> Message-ID: on 12/4/2007 6:36 AM Randal, Phil spake the following: > ram wrote: >> On Mon, 2007-12-03 at 09:25 +0700, Budi Febrianto wrote: >>> Right now we only use zen.spamhaus.org and happy so far, >> but because >>> spamhaus is not free anymore, now I want some >> recommendation for others >>> dnsbl. >> But spamhaus offers free data sync AFAIK if you are using it for your >> own domain and not selling antispam solution >> >> >> You just need to sign up with them > > http://www.spamhaus.org/organization/dnsblusage.html > > "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL servers > is free of charge if you meet all three of the following criteria: > > 1. Your use of the Spamhaus DNSBLs is non-commercial*, and > 2. Your email traffic is less than 80,000 SMTP connections per day, > and > 3. Your DNSBL query volume is less than 320,000 queries per day. > > If you do not fit all three of these criteria then please do not use our > public DNSBL servers, instead see 'Professional Use' (below) which > delivers our DNSBL data to your servers. If you are in any doubt as to > whether you fit within our free use criteria, or think you may be likely > to soon exceed our free use criteria, please switch to 'Professional > Use'." > > "Professional Use > > Use of the Spamhaus DNSBLs by ISPs, organizations and networks with > email traffic higher than 100,000 SMTP connections per day or making > over 400,000 DNSBL queries per day, or by commercial spam filter > services, requires a subscription to the Spamhaus DNSBL Data Feed > Service, a service designed for users with professional DNSBL query > requirements." Don't believe this one, as my server gets less than 10,000 messages a day -- usually a lot less -- and I am currently blacklisted. I even thought about setting caching nameservers on some unused ip addresses and turning it back on, but stopped myself. For now! ;-P > > "*Definition: "non-commercial use" is use for any purpose other than as > part or all of a product or service that is resold, or for use of which > a fee is charged. For example, using our DNSBLs in a commercial spam > filtering appliance that is then sold to others requires a data feed, > regardless of use volume. The same is true of commercial spam filtering > software and commercial spam filtering services. > > A company that uses our DNSBLs solely to filter their own email > qualifies as a non-commercial user and may use our free public DNSBLs if > that company's email volume and DNSBL query volume is below the free use > limits. The same is true for any non-profit organization, school, > religious organization, or private individual who operates their own > mail server." > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brian.duncan at kattenlaw.com Tue Dec 4 20:27:03 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Tue Dec 4 20:27:22 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com> References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com> Message-ID: <65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> Can someone explain how to get Mailscanner to NOT check any other RBL's listed in "Spam List =" directive after it hits at least 1? I have these mailscanner config items set currently: Spam Lists To Be Spam = 1 Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL (we pay for use of the maps-all RBL which is now owned by Trend Micro) As it stands here is an example message that was logged: to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL Which suggests to me it is testing against ALL RBL's I have in the Spam List directive, and NOT stopping after it hits 1. I read in another email about changing the order of the RBL's in the Spam List but as it stands now for me it looks like it would have no impact because It looks like it's checking them all every time. If anyone could please tell me how you get this working with Mailscanner that would be great. Thanks > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of shuttlebox > Sent: Tuesday, December 04, 2007 1:19 PM > To: MailScanner discussion > Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings? > > On Dec 4, 2007 5:17 PM, Johnny Stork wrote: > > I used to have > > > > Spam List = spamhaus-ZEN spamhaus.org spamcop.net > > > > Also, from what I understand, adding the DNSBL to sendmail > will block > > mail without passing into MS, and setting/using them in MS and NOT > > sendmail will score and tag offending mail. > > If you use RBL:s in MS you will not score mail, that can only > be done in SA, there's however this option: "Spam Lists To Be > Spam". If you use several RBL:s like above you can set how > many are needed for a message to be blocked, note that MS > RBL:s will always override the SA score. > > > Can someone suggest an optimal combination of sendmail dnsbl and MS > > "Spam List=" settings? Should I use both? or just one based > on whether > > I want to block/tag SPAM? > > Use RBL:s only in SA if you want the most accurate spam > protection. If you have performance problems you can block > with Sendmail too. > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From shuttlebox at gmail.com Tue Dec 4 20:34:21 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Dec 4 20:34:22 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com> <65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> Message-ID: <625385e30712041234q6168eces388e6aff85cc60c8@mail.gmail.com> On Dec 4, 2007 9:27 PM, Duncan, Brian M. wrote: > I read in another email about changing the order of the RBL's in the > Spam List but as it stands now for me it looks like it would have no > impact because > It looks like it's checking them all every time. I think they were talking about Sendmail but I agree that it would be good if it worked like that in MS as well. Less traffic to the already busy RBL:s and our servers would run faster too. -- /peter From ssilva at sgvwater.com Tue Dec 4 20:48:18 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 21:05:07 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <47557D9B.5090801@openenterprise.ca> References: <47557D9B.5090801@openenterprise.ca> Message-ID: on 12/4/2007 8:17 AM Johnny Stork spake the following: > With the ongoing changes to various RBL's and the recent threads on > spamhaus, can someone recommend or share a good/current spam.lists file > along with a recommended "Spam List =" line? and/or sendmail.mc dnsbl > settings? > > I used to have > > Spam List = spamhaus-ZEN spamhaus.org spamcop.net > > Also, from what I understand, adding the DNSBL to sendmail will block > mail without passing into MS, and setting/using them in MS and NOT > sendmail will score and tag offending mail. > > Can someone suggest an optimal combination of sendmail dnsbl and MS > "Spam List=" settings? Should I use both? or just one based on whether I > want to block/tag SPAM? > > > This is what I currently have in sendmail.mc > > FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " $&{client_addr} > " - see http://www.spamhaus.org/SBL/"')dnl > FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr} " - > see http://dnsbl.njabl.org/method.html"')dnl > FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " > $&{client_addr} " found in bl.spamcop.net"')dnl > FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " > $&{client_addr} " found in chinanet.blackholes.us"')dnl > > > If you put your spamhaus lookups at the bottom, you will generate less traffic to them. The sendmail RBL lookups are serial and stop on the first positive. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Dec 4 20:54:13 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 21:08:20 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com> <65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> Message-ID: on 12/4/2007 12:27 PM Duncan, Brian M. spake the following: > > Can someone explain how to get Mailscanner to NOT check any other RBL's > listed in "Spam List =" directive after it hits at least 1? > > I have these mailscanner config items set currently: > > Spam Lists To Be Spam = 1 > Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL > > (we pay for use of the maps-all RBL which is now owned by Trend Micro) > > > As it stands here is an example message that was logged: > > to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL > > Which suggests to me it is testing against ALL RBL's I have in the Spam > List directive, and NOT stopping after it hits 1. > > I read in another email about changing the order of the RBL's in the > Spam List but as it stands now for me it looks like it would have no > impact because > It looks like it's checking them all every time. > > If anyone could please tell me how you get this working with Mailscanner > that would be great. > > Thanks > MailScanner does lookups in parallel, so you can't. Sendmail does the lookups serialized, and stops at the first match. If you are going to delete these, do so in sendmail (or other MTA). If you are going to score and pass or quarantine, then do them later in mailscanner or with spamassassin. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Dec 4 21:32:49 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 21:35:16 2007 Subject: MailTools and MailScanner... In-Reply-To: <4755B34C.1050608@zeiglers.net> References: <4755B34C.1050608@zeiglers.net> Message-ID: on 12/4/2007 12:06 PM Philip Zeigler spake the following: > ajos1@onion.demon.co.uk wrote: >> - >> >> The reply back is: >> >> ============================ >> >> From: mark@zzzzzzzz to ajos1@zzzzzzzz Date: Sun, 2 Dec >> 2007 22:35:59 +0100 Subject: ajos1 - Re: MailTools and >> MailScanner... CC/Multi-To: (none) Attachments: >> (none) >> * ajos1@zzzzzzzz (ajos1@zzzzzzzz) [071202 21:07]: >> >>> Not sure if you use MailScanner or not... >>> >> >> No, never heard of it. Don't know where it is kept (not on CPAN). >> >> >>> Since MailTools 2.01 - We have an error... and we are not sure if it >>> is a MailTools problem or a MailScanner problem... See the message at >>> the end... >>> >> >> The MailTools 2.xx code is a massive clean-up. One of the things which >> changed, is a stricter use of clean coding techniques. >> >> >>> [root@onion perl_ext]# MailScanner -v | head -20 >>> Variable "$FIELD_NAME" is not imported at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 6907. >>> >> >> Understandable. Yes an effect of my cleanups. >> >> >>> package Mail::Header; >>> $arr->[1] =~ /\A$FIELD_NAME/o; >>> >> >> Something very bad is happening here: code is added to an existing >> module. This code should either be added in the core Mail::Header >> package OR should be added using the OO extension mechanism. >> >> The author of the mailscanner has to clean-up his code, IMO. I could >> export the $FIELD_NAME, but preferrably not. >> > Just did a yum update on my Centos 5 system and it installed > MailTools-2.02. Is there a fix planned for this any time soon or should > I downgrade to 1.7.7 and exclude the update? > > Philip Which repo did you get this from? I only see it in Fedora. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dnsadmin at 1bigthink.com Tue Dec 4 21:56:32 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue Dec 4 21:56:54 2007 Subject: MailTools and MailScanner... In-Reply-To: References: <4755B34C.1050608@zeiglers.net> Message-ID: <200712042156.lB4LuoKv012903@mxt.1bigthink.com> At 04:32 PM 12/4/2007, you wrote: >on 12/4/2007 12:06 PM Philip Zeigler spake the following: >>ajos1@onion.demon.co.uk wrote: >>>- >>> >>>The reply back is: >>> >>>============================ >>> >>> From: mark@zzzzzzzz to ajos1@zzzzzzzz Date: Sun, 2 >>> Dec 2007 22:35:59 +0100 Subject: ajos1 - Re: MailTools >>> and MailScanner... CC/Multi-To: (none) Attachments: >>>(none) >>>* ajos1@zzzzzzzz (ajos1@zzzzzzzz) [071202 21:07]: >>> >>>>Not sure if you use MailScanner or not... >>>> >>> >>>No, never heard of it. Don't know where it is kept (not on CPAN). >>> >>> >>>>Since MailTools 2.01 - We have an error... and we are not sure if it >>>>is a MailTools problem or a MailScanner problem... See the message at >>>>the end... >>>> >>> >>>The MailTools 2.xx code is a massive clean-up. One of the things which >>>changed, is a stricter use of clean coding techniques. >>> >>> >>>>[root@onion perl_ext]# MailScanner -v | head -20 >>>>Variable "$FIELD_NAME" is not imported at >>>> /usr/lib/MailScanner/MailScanner/Message.pm line 6907. >>>> >>> >>>Understandable. Yes an effect of my cleanups. >>> >>> >>>>package Mail::Header; >>>> $arr->[1] =~ /\A$FIELD_NAME/o; >>>> >>> >>>Something very bad is happening here: code is added to an existing >>>module. This code should either be added in the core Mail::Header >>>package OR should be added using the OO extension mechanism. >>> >>>The author of the mailscanner has to clean-up his code, IMO. I could >>>export the $FIELD_NAME, but preferrably not. >>> >>Just did a yum update on my Centos 5 system and it installed >>MailTools-2.02. Is there a fix planned for this any time soon or >>should I downgrade to 1.7.7 and exclude the update? >>Philip >Which repo did you get this from? I only see it in Fedora. Yep. I'm confirming. CentOS 5. rpm -qa |grep MailTools perl-MailTools-1.71-1 And the update is waiting in the yum repository. >-- >MailScanner is like deodorant... >You hope everybody uses it, and >you notice quickly if they don't!!!! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From philip at zeiglers.net Tue Dec 4 21:58:49 2007 From: philip at zeiglers.net (Philip Zeigler) Date: Tue Dec 4 21:59:50 2007 Subject: MailTools and MailScanner... In-Reply-To: References: <4755B34C.1050608@zeiglers.net> Message-ID: <4755CD99.604@zeiglers.net> Scott Silva wrote: > on 12/4/2007 12:06 PM Philip Zeigler spake the following: >> ajos1@onion.demon.co.uk wrote: >>> - >>> >>> The reply back is: >>> >>> ============================ >>> >>> From: mark@zzzzzzzz to ajos1@zzzzzzzz Date: Sun, 2 >>> Dec 2007 22:35:59 +0100 Subject: ajos1 - Re: MailTools and >>> MailScanner... CC/Multi-To: (none) Attachments: >>> (none) * ajos1@zzzzzzzz (ajos1@zzzzzzzz) [071202 21:07]: >>> >>>> Not sure if you use MailScanner or not... >>>> >>> >>> No, never heard of it. Don't know where it is kept (not on CPAN). >>> >>> >>>> Since MailTools 2.01 - We have an error... and we are not sure if it >>>> is a MailTools problem or a MailScanner problem... See the message at >>>> the end... >>>> >>> >>> The MailTools 2.xx code is a massive clean-up. One of the things which >>> changed, is a stricter use of clean coding techniques. >>> >>> >>>> [root@onion perl_ext]# MailScanner -v | head -20 >>>> Variable "$FIELD_NAME" is not imported at >>>> /usr/lib/MailScanner/MailScanner/Message.pm line 6907. >>>> >>> >>> Understandable. Yes an effect of my cleanups. >>> >>> >>>> package Mail::Header; >>>> $arr->[1] =~ /\A$FIELD_NAME/o; >>>> >>> >>> Something very bad is happening here: code is added to an existing >>> module. This code should either be added in the core Mail::Header >>> package OR should be added using the OO extension mechanism. >>> >>> The author of the mailscanner has to clean-up his code, IMO. I could >>> export the $FIELD_NAME, but preferrably not. >>> >> Just did a yum update on my Centos 5 system and it installed >> MailTools-2.02. Is there a fix planned for this any time soon or >> should I downgrade to 1.7.7 and exclude the update? >> >> Philip > Which repo did you get this from? I only see it in Fedora. > It updated today from the rpmforge repo. Philip From Denis.Beauchemin at USherbrooke.ca Tue Dec 4 22:05:10 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Dec 4 22:08:06 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47557B51.2090604@slackadelic.com> References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> Message-ID: <4755CF16.1060901@USherbrooke.ca> Matt Hayes a ?crit : > Denis Beauchemin wrote: > >> Scott Silva a ?crit : >> >>> on 12/3/2007 11:35 AM Denis Beauchemin spake the following: >>> >>>> Jeff A. Earickson a ?crit : >>>> >>>>> On Mon, 3 Dec 2007, Jeff Mills wrote: >>>>> >>>>> >>>>>> Yes! >>>>>> One of the things I have done in my servers is move the spamhaus >>>>>> list to >>>>>> the bottom of my list of RBL's. >>>>>> That way, spamhaus is only queried when none of the others match. I >>>>>> find >>>>>> that spamcop gets more than the others. >>>>>> >>>> I did the same and so far it is still working: >>>> cbl.abuseat.org >>>> dul.dnsbl.sorbs.net >>>> web.dnsbl.sorbs.net >>>> relays.dnsbl.sorbs.net >>>> rhsbl.dnsbl.sorbs.net >>>> bl.spamcop.net >>>> list.dsbl.org >>>> zen.spamhaus.org >>>> >>> I would move cbl right above zen, as they also have a usage limit. >>> >> I didn't see any on their web site... >> >>>> So far today, they blocked: >>>> bl.spamcop.net : 13188 ( 5 %) >>>> cbl.abuseat.org : 131946 ( 57 %) >>>> dul.dnsbl.sorbs.net : 57306 ( 25 %) >>>> list.dsbl.org : 1320 ( 0 %) >>>> relays.dnsbl.sorbs.net : 42 ( 0 %) >>>> web.dnsbl.sorbs.net : 1225 ( 0 %) >>>> zen.spamhaus.org : 24122 ( 10 %) >>>> >>> What do you run to get this info? Or was it hand compiled? I have been >>> looking for something I could get some good stats with. >>> >> I run the attached Bash/Perl script. It parses my maillog looking for >> sendmail rejection messages. >> >> Denis >> >> > > > Nice script.. too bad it doesn't seem to work with postfix :( > > -Matt > Matt, It really is just a matter of parsing the maillog. For my script to work, it must be paired with config lines like this one in sendmail.mc: FEATURE(`dnsbl',`dul.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in dul.dnsbl.sorbs.net"')dnl This gives me log lines like this one: Dec 4 00:13:47 132.210.244.13 sendmail[15936]: ruleset=check_relay, arg1=68-185-139-62.dhcp.jcsn.tn.charter.com, arg2=127.0.0.10, relay=68-185-139-62.dhcp.jcsn.tn.charter.com [68.185.139.62], reject=554 5.7.1 Rejected 68.185.139.62 found in dul.dnsbl.sorbs.net If you can provide me with sample RBL blocks in Postfix, I'm sure I could make it work for you in no time. Same for Exim if I get log entries. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ssilva at sgvwater.com Tue Dec 4 22:18:18 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 22:19:33 2007 Subject: MailTools and MailScanner... In-Reply-To: <4755CD99.604@zeiglers.net> References: <4755B34C.1050608@zeiglers.net> <4755CD99.604@zeiglers.net> Message-ID: on 12/4/2007 1:58 PM Philip Zeigler spake the following: > Scott Silva wrote: >> on 12/4/2007 12:06 PM Philip Zeigler spake the following: >>> ajos1@onion.demon.co.uk wrote: >>>> - >>>> >>>> The reply back is: >>>> >>>> ============================ >>>> >>>> From: mark@zzzzzzzz to ajos1@zzzzzzzz Date: Sun, 2 >>>> Dec 2007 22:35:59 +0100 Subject: ajos1 - Re: MailTools and >>>> MailScanner... CC/Multi-To: (none) Attachments: >>>> (none) * ajos1@zzzzzzzz (ajos1@zzzzzzzz) [071202 21:07]: >>>> >>>>> Not sure if you use MailScanner or not... >>>>> >>>> >>>> No, never heard of it. Don't know where it is kept (not on CPAN). >>>> >>>> >>>>> Since MailTools 2.01 - We have an error... and we are not sure if it >>>>> is a MailTools problem or a MailScanner problem... See the message at >>>>> the end... >>>>> >>>> >>>> The MailTools 2.xx code is a massive clean-up. One of the things which >>>> changed, is a stricter use of clean coding techniques. >>>> >>>> >>>>> [root@onion perl_ext]# MailScanner -v | head -20 >>>>> Variable "$FIELD_NAME" is not imported at >>>>> /usr/lib/MailScanner/MailScanner/Message.pm line 6907. >>>>> >>>> >>>> Understandable. Yes an effect of my cleanups. >>>> >>>> >>>>> package Mail::Header; >>>>> $arr->[1] =~ /\A$FIELD_NAME/o; >>>>> >>>> >>>> Something very bad is happening here: code is added to an existing >>>> module. This code should either be added in the core Mail::Header >>>> package OR should be added using the OO extension mechanism. >>>> >>>> The author of the mailscanner has to clean-up his code, IMO. I could >>>> export the $FIELD_NAME, but preferrably not. >>>> >>> Just did a yum update on my Centos 5 system and it installed >>> MailTools-2.02. Is there a fix planned for this any time soon or >>> should I downgrade to 1.7.7 and exclude the update? >>> >>> Philip >> Which repo did you get this from? I only see it in Fedora. >> > It updated today from the rpmforge repo. > > Philip Now I see it. My mirror must have been a little slow. The only fix so far is to downgrade to 1.7x MailTools. Who knows if or when Julian might work on this. Just because the MailTools coder says he is using clean coding techniques doesn't mean it is 100% proper coding. We will have to see what else breaks. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Tue Dec 4 23:11:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Dec 4 23:12:16 2007 Subject: Spamhaus replacement In-Reply-To: References: <47536905.8040903@indomino.net> <1196777381.3249.24.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA023EAEBD@HC-MBX02.herefordshire.gov.uk> Message-ID: <4755DEB6.1030604@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 12/4/2007 6:36 AM Randal, Phil spake the following: >> ram wrote: >>> On Mon, 2007-12-03 at 09:25 +0700, Budi Febrianto wrote: >>>> Right now we only use zen.spamhaus.org and happy so far, >>> but because >>>> spamhaus is not free anymore, now I want some >>> recommendation for others >>>> dnsbl. >>> But spamhaus offers free data sync AFAIK if you are using it for your >>> own domain and not selling antispam solution >>> >>> >>> You just need to sign up with them >> >> http://www.spamhaus.org/organization/dnsblusage.html >> >> "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL servers >> is free of charge if you meet all three of the following criteria: >> >> 1. Your use of the Spamhaus DNSBLs is non-commercial*, and >> 2. Your email traffic is less than 80,000 SMTP connections per day, >> and >> 3. Your DNSBL query volume is less than 320,000 queries per day. >> >> If you do not fit all three of these criteria then please do not use our >> public DNSBL servers, instead see 'Professional Use' (below) which >> delivers our DNSBL data to your servers. If you are in any doubt as to >> whether you fit within our free use criteria, or think you may be likely >> to soon exceed our free use criteria, please switch to 'Professional >> Use'." >> >> "Professional Use >> >> Use of the Spamhaus DNSBLs by ISPs, organizations and networks with >> email traffic higher than 100,000 SMTP connections per day or making >> over 400,000 DNSBL queries per day, or by commercial spam filter >> services, requires a subscription to the Spamhaus DNSBL Data Feed >> Service, a service designed for users with professional DNSBL query >> requirements." > Don't believe this one, as my server gets less than 10,000 messages a > day -- usually a lot less -- and I am currently blacklisted. > I even thought about setting caching nameservers on some unused ip > addresses and turning it back on, but stopped myself. For now! ;-P I think a lot of people forget requirement 1! I would say that any bunch of requests from an IP adres where the WHOIS info points to 'business' could be considered a disqualifier. You may not like their policy but anyone not using spamhaus at home but in the office without a feed is in fact a disqualified user. But I have to admit I have still not yet conviced that Barracuda networks they should NOT setup spamhaus as default RBL on their equipment. I would guess that their abundant usage of a free personal service for business purposes may be one of the important reasons why spamhaus started to be though on users. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHVd60BvzDRVjxmYERAiw0AKCANDCNP8i9krb5Rk7I4c34q4U1WACgghLh rf6HEF3DYr68/CbJkI4P76U= =mKQa -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Dec 4 23:19:19 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Dec 4 23:19:39 2007 Subject: MailTools and MailScanner... In-Reply-To: <200712042156.lB4LuoKv012903@mxt.1bigthink.com> References: <4755B34C.1050608@zeiglers.net> <200712042156.lB4LuoKv012903@mxt.1bigthink.com> Message-ID: <4755E077.3070003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dnsadmin 1bigthink.com wrote: > Yep. I'm confirming. CentOS 5. > > rpm -qa |grep MailTools > perl-MailTools-1.71-1 > > And the update is waiting in the yum repository. I have run a full update and use Centos 5.0 (which just became 5.1) with rpmforge and am still on perl-MailTools-1.77-1.el5.rf So which repositories do you use? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHVeB1BvzDRVjxmYERAtwzAJ4qoXD5wo35/i3kYvhAwkESLUSTIQCfcRoo HTFLGD8U0WMT7aXzmLAuMew= =DOc4 -----END PGP SIGNATURE----- From Jeff.Mills at versacold.com.au Tue Dec 4 23:21:23 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Tue Dec 4 23:21:52 2007 Subject: cut off by spamhaus free use? Message-ID: > > If you can provide me with sample RBL blocks in Postfix, I'm > sure I could make it work for you in no time. Same for Exim > if I get log entries. > > Denis > Debnis, Here are a couple of examples. If you need more, I can send. Dec 5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from= to= proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br> Dec 5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from= to= proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br> > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ajos1 at onion.demon.co.uk Tue Dec 4 23:30:15 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Tue Dec 4 23:30:21 2007 Subject: Mailtools and Mailscanner Message-ID: - > Just did a yum update on my Centos 5 system and it installed > MailTools-2.02. Is there a fix planned for this any time soon or should > I downgrade to 1.7.7 and exclude the update? The only solution is go to back to 1.77 because with 2.01/2.02 MailScanner just does not work... and your /var/spool/mqueue.in will just get bigger and bigger. == ===================================================================== = = "I should have listened to myself earlier..." = ===================================================================== = Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From ssilva at sgvwater.com Tue Dec 4 23:55:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 4 23:56:30 2007 Subject: Spamhaus replacement In-Reply-To: <4755DEB6.1030604@vanderkooij.org> References: <47536905.8040903@indomino.net> <1196777381.3249.24.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA023EAEBD@HC-MBX02.herefordshire.gov.uk> <4755DEB6.1030604@vanderkooij.org> Message-ID: on 12/4/2007 3:11 PM Hugo van der Kooij spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Scott Silva wrote: >> on 12/4/2007 6:36 AM Randal, Phil spake the following: >>> ram wrote: >>>> On Mon, 2007-12-03 at 09:25 +0700, Budi Febrianto wrote: >>>>> Right now we only use zen.spamhaus.org and happy so far, >>>> but because >>>>> spamhaus is not free anymore, now I want some >>>> recommendation for others >>>>> dnsbl. >>>> But spamhaus offers free data sync AFAIK if you are using it for your >>>> own domain and not selling antispam solution >>>> >>>> >>>> You just need to sign up with them >>> http://www.spamhaus.org/organization/dnsblusage.html >>> >>> "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL servers >>> is free of charge if you meet all three of the following criteria: >>> >>> 1. Your use of the Spamhaus DNSBLs is non-commercial*, and >>> 2. Your email traffic is less than 80,000 SMTP connections per day, >>> and >>> 3. Your DNSBL query volume is less than 320,000 queries per day. >>> >>> If you do not fit all three of these criteria then please do not use our >>> public DNSBL servers, instead see 'Professional Use' (below) which >>> delivers our DNSBL data to your servers. If you are in any doubt as to >>> whether you fit within our free use criteria, or think you may be likely >>> to soon exceed our free use criteria, please switch to 'Professional >>> Use'." >>> >>> "Professional Use >>> >>> Use of the Spamhaus DNSBLs by ISPs, organizations and networks with >>> email traffic higher than 100,000 SMTP connections per day or making >>> over 400,000 DNSBL queries per day, or by commercial spam filter >>> services, requires a subscription to the Spamhaus DNSBL Data Feed >>> Service, a service designed for users with professional DNSBL query >>> requirements." >> Don't believe this one, as my server gets less than 10,000 messages a >> day -- usually a lot less -- and I am currently blacklisted. >> I even thought about setting caching nameservers on some unused ip >> addresses and turning it back on, but stopped myself. For now! ;-P > > I think a lot of people forget requirement 1! > But their definition of #1 is; *Definition: "non-commercial use" is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services. So a business that only uses the list to filter incoming mail is not considered commercial by their own rules. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Dec 4 23:58:07 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 00:00:29 2007 Subject: Spamhaus replacement In-Reply-To: <4755DEB6.1030604@vanderkooij.org> References: <47536905.8040903@indomino.net> <1196777381.3249.24.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA023EAEBD@HC-MBX02.herefordshire.gov.uk> <4755DEB6.1030604@vanderkooij.org> Message-ID: on 12/4/2007 3:11 PM Hugo van der Kooij spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Scott Silva wrote: >> on 12/4/2007 6:36 AM Randal, Phil spake the following: >>> ram wrote: >>>> On Mon, 2007-12-03 at 09:25 +0700, Budi Febrianto wrote: >>>>> Right now we only use zen.spamhaus.org and happy so far, >>>> but because >>>>> spamhaus is not free anymore, now I want some >>>> recommendation for others >>>>> dnsbl. >>>> But spamhaus offers free data sync AFAIK if you are using it for your >>>> own domain and not selling antispam solution >>>> >>>> >>>> You just need to sign up with them >>> http://www.spamhaus.org/organization/dnsblusage.html >>> >>> "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL servers >>> is free of charge if you meet all three of the following criteria: >>> >>> 1. Your use of the Spamhaus DNSBLs is non-commercial*, and >>> 2. Your email traffic is less than 80,000 SMTP connections per day, >>> and >>> 3. Your DNSBL query volume is less than 320,000 queries per day. >>> >>> If you do not fit all three of these criteria then please do not use our >>> public DNSBL servers, instead see 'Professional Use' (below) which >>> delivers our DNSBL data to your servers. If you are in any doubt as to >>> whether you fit within our free use criteria, or think you may be likely >>> to soon exceed our free use criteria, please switch to 'Professional >>> Use'." >>> >>> "Professional Use >>> >>> Use of the Spamhaus DNSBLs by ISPs, organizations and networks with >>> email traffic higher than 100,000 SMTP connections per day or making >>> over 400,000 DNSBL queries per day, or by commercial spam filter >>> services, requires a subscription to the Spamhaus DNSBL Data Feed >>> Service, a service designed for users with professional DNSBL query >>> requirements." >> Don't believe this one, as my server gets less than 10,000 messages a >> day -- usually a lot less -- and I am currently blacklisted. >> I even thought about setting caching nameservers on some unused ip >> addresses and turning it back on, but stopped myself. For now! ;-P > > I think a lot of people forget requirement 1! > > I would say that any bunch of requests from an IP adres where the WHOIS > info points to 'business' could be considered a disqualifier. > > You may not like their policy but anyone not using spamhaus at home but > in the office without a feed is in fact a disqualified user. > > But I have to admit I have still not yet conviced that Barracuda > networks they should NOT setup spamhaus as default RBL on their equipment. > Then barracuda users will feel spamhaus's wrath when their "nifty spamblocking thingamajiggy" suddenly blocks either everything or nothing. Anybody who would spend the money on a barracuda probably has the volume that would trigger the firewalling. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 00:03:05 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 00:05:21 2007 Subject: MailTools and MailScanner... In-Reply-To: <4755E077.3070003@vanderkooij.org> References: <4755B34C.1050608@zeiglers.net> <200712042156.lB4LuoKv012903@mxt.1bigthink.com> <4755E077.3070003@vanderkooij.org> Message-ID: on 12/4/2007 3:19 PM Hugo van der Kooij spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > dnsadmin 1bigthink.com wrote: > >> Yep. I'm confirming. CentOS 5. >> >> rpm -qa |grep MailTools >> perl-MailTools-1.71-1 >> >> And the update is waiting in the yum repository. > > I have run a full update and use Centos 5.0 (which just became 5.1) with > rpmforge and am still on perl-MailTools-1.77-1.el5.rf > > So which repositories do you use? > This just came down on rpmforge today. Your mirror might have been behind like mine was -- right before I put my foot in my mouth. Try another yum search and see if yours has caught up. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Denis.Beauchemin at USherbrooke.ca Wed Dec 5 01:26:35 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Dec 5 01:26:38 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: Message-ID: <4755FE4B.60107@USherbrooke.ca> Jeff Mills a ?crit : > > >> If you can provide me with sample RBL blocks in Postfix, I'm >> sure I could make it work for you in no time. Same for Exim >> if I get log entries. >> >> Denis >> >> > > Debnis, > > Here are a couple of examples. > If you need more, I can send. > > > Dec 5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from= to= proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br> > > Dec 5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from= to= proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br> > Jeff, The included version can catch your log lines AND my sendmail ones. Denis #!/bin/bash # # Script qui liste toutes les sources des RBL qui ont bloque au moins # un message dans le fichier de log parcouru. # # DB if [[ -n "$1" ]]; then file="$1" else file="/var/log/maillog" fi if [[ $file == ${file%.gz} ]]; then cmd="cat $file" else cmd="zcat $file" fi # Postfix: Client host [200.181.195.102] blocked using cbl.abuseat.org; # Sendmail: reject=554 $cmd | LANG=C egrep "reject=554| blocked using " | perl -ne ' $h{$1}++ if /found in (.*?)\s*$/; $h{$1}++ if /Client host .*? blocked using (.*?);/; END{ for $i (sort keys %h){ $t += $h{$i}; } for $i (sort keys %h){ printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t; } printf "%25s : %d\n", "*** Total blocked conns", $t; }' From edward at tdcs.com.au Wed Dec 5 01:32:23 2007 From: edward at tdcs.com.au (Edward Dekkers) Date: Wed Dec 5 01:33:57 2007 Subject: cut off by spamhaus free use? In-Reply-To: <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> Message-ID: > > One should be able to modify it (the above script...) rather easily > though... Might look at it this weekend, if you don't beat meto it;-) > > Cheers > -- > -- Glenn Glenn, if it really is only modified "rather easily" for you - I would like the postfix version of that script also. I just had a half hour look at it, and played with it a bit, but my knowledge of scripting is not good enough. Or anyone else on this list to whom modifying scripts seems trivial :) If it's going to take a long time - don't waste your time on it - I just think it's very cool stats and will earn me bonus shoulder claps with the management. Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From system at goodmark.com.cn Wed Dec 5 01:34:09 2007 From: system at goodmark.com.cn (Patrick) Date: Wed Dec 5 01:38:36 2007 Subject: MailScanner install problem Message-ID: <010d01c836de$eeed0710$f105010a@pc> Hi, I am facing MailScanner installation problem. I am using Fedora 8 and planning to install MailScanner latest version 4.65.3-1 However, install error occurs: # install.sh (skipped) + /usr/lib/rpm/find-debuginfo.sh /usr/src/redhat/BUILD/ExtUtils-MakeMaker-6.32 find: debug: No such file or directory + /usr/lib/rpm/check-buildroot /var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root/usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod:C Found '/var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root' in installed files; aborting error: Bad exit status from /var/tmp/rpm-tmp.4906 (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.4906 (%install) (skipped) + /usr/lib/rpm/find-debuginfo.sh /usr/src/redhat/BUILD/IO-stringy-2.108 find: debug: No such file or directory + /usr/lib/rpm/check-buildroot /var/tmp/perl-IO-stringy-root/usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod:C Found '/var/tmp/perl-IO-stringy-root' in installed files; aborting error: Bad exit status from /var/tmp/rpm-tmp.22440 (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.22440 (%install) Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.108-1.noarch.rpm. Maybe it did not build correctly? (skipped) Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.65.3-1.noarch -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071205/866d8689/attachment.html From craigwhite at azapple.com Wed Dec 5 01:44:41 2007 From: craigwhite at azapple.com (Craig White) Date: Wed Dec 5 01:46:11 2007 Subject: ****Re: cut off by spamhaus free use? In-Reply-To: <4755FE4B.60107@USherbrooke.ca> References: <4755FE4B.60107@USherbrooke.ca> Message-ID: <1196819081.31259.15.camel@lin-workstation.azapple.com> On Tue, 2007-12-04 at 20:26 -0500, Denis Beauchemin wrote: > Jeff Mills a ?crit : > > > > > >> If you can provide me with sample RBL blocks in Postfix, I'm > >> sure I could make it work for you in no time. Same for Exim > >> if I get log entries. > >> > >> Denis > >> > >> > > > > Debnis, > > > > Here are a couple of examples. > > If you need more, I can send. > > > > > > Dec 5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from= to= proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br> > > > > Dec 5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from= to= proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br> > > > Jeff, > > The included version can catch your log lines AND my sendmail ones. > > Denis > > #!/bin/bash > # > # Script qui liste toutes les sources des RBL qui ont bloque au moins > # un message dans le fichier de log parcouru. > # > # DB > > if [[ -n "$1" ]]; then > file="$1" > else > file="/var/log/maillog" > fi > if [[ $file == ${file%.gz} ]]; then > cmd="cat $file" > else > cmd="zcat $file" > fi > # Postfix: Client host [200.181.195.102] blocked using cbl.abuseat.org; > # Sendmail: reject=554 > $cmd | LANG=C egrep "reject=554| blocked using " | perl -ne ' > $h{$1}++ if /found in (.*?)\s*$/; > $h{$1}++ if /Client host .*? blocked using (.*?);/; > END{ > for $i (sort keys %h){ > $t += $h{$i}; > } > for $i (sort keys %h){ > printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t; > } > printf "%25s : %d\n", "*** Total blocked conns", $t; > }' ---- yup - that worked for me (postfix) cbl.abuseat.org : 2241 ( 53 %) list.dsbl.org : 84 ( 1 %) pbl.spamhaus.org : 1880 ( 44 %) sbl.spamhaus.org : 4 ( 0 %) *** Total blocked conns : 4209 This whole thread has been useful, I'm obviously going to take another look at rbl's now. Thanks Craig From naolson at gmail.com Wed Dec 5 01:56:15 2007 From: naolson at gmail.com (Nathan Olson) Date: Wed Dec 5 01:56:17 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> Message-ID: <8f54b4330712041756y3cd95ef2me08311836375221c@mail.gmail.com> I don't know if this helps anyone, but here is a collection of regexes for sendmail (in Perl). Nate -------------- next part -------------- A non-text attachment was scrubbed... Name: smre2 Type: application/octet-stream Size: 4663 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071204/4e937993/smre2.obj From Denis.Beauchemin at USherbrooke.ca Wed Dec 5 01:57:03 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Dec 5 01:57:07 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> Message-ID: <4756056F.4050501@USherbrooke.ca> Edward Dekkers a ?crit : >> One should be able to modify it (the above script...) rather easily >> though... Might look at it this weekend, if you don't beat meto it;-) >> >> Cheers >> -- >> -- Glenn >> > > Glenn, if it really is only modified "rather easily" for you - I would like > the postfix version of that script also. > > I just had a half hour look at it, and played with it a bit, but my > knowledge of scripting is not good enough. > > Or anyone else on this list to whom modifying scripts seems trivial :) > > If it's going to take a long time - don't waste your time on it - I just > think it's very cool stats and will earn me bonus shoulder claps with the > management. > > Regards, > Ed. > > > > Ed, Look at my other post a very short while ago. If your postfix logs look like the ones Jeff Mills posted, my modified script should work for you! If not, post some log entries and I will make the required changes. Denis From bfebrian.mailscanner at indomino.net Wed Dec 5 01:57:28 2007 From: bfebrian.mailscanner at indomino.net (Budi Febrianto) Date: Wed Dec 5 01:57:51 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: References: <47557D9B.5090801@openenterprise.ca> Message-ID: <47560588.2020102@indomino.net> Scott Silva wrote: >> This is what I currently have in sendmail.mc >> >> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " >> $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl >> FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr} >> " - see http://dnsbl.njabl.org/method.html"')dnl >> FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " >> $&{client_addr} " found in bl.spamcop.net"')dnl >> FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " >> $&{client_addr} " found in chinanet.blackholes.us"')dnl >> >> >> > If you put your spamhaus lookups at the bottom, you will generate less > traffic to them. The sendmail RBL lookups are serial and stop on the > first positive. ah, so if I put zen.spamhaus.org at the bottom of the list, it will reduce a lot of query to spamhaus, so I should be safe ( I hope so). I will put bl.spamcop.net at first, and two or three others before zen.spamhaus.org. -- Budi Febrianto www.indomino.net/blog From edward at tdcs.com.au Wed Dec 5 02:00:19 2007 From: edward at tdcs.com.au (Edward Dekkers) Date: Wed Dec 5 02:01:52 2007 Subject: cut off by spamhaus free use? In-Reply-To: References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> Message-ID: Cancel this, after I hit send, Denis's script showed up on this list and it works a treat. Sorry about the waste of bandwidth. Regards, Ed. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Edward Dekkers > Sent: Wednesday, 5 December 2007 10:32 AM > To: 'MailScanner discussion' > Subject: RE: cut off by spamhaus free use? > > > > > > One should be able to modify it (the above script...) rather easily > > though... Might look at it this weekend, if you don't beat meto it;-) > > > > Cheers > > -- > > -- Glenn > > Glenn, if it really is only modified "rather easily" for you - I would > like > the postfix version of that script also. > > I just had a half hour look at it, and played with it a bit, but my > knowledge of scripting is not good enough. > > Or anyone else on this list to whom modifying scripts seems trivial :) > > If it's going to take a long time - don't waste your time on it - I > just > think it's very cool stats and will earn me bonus shoulder claps with > the > management. > > Regards, > Ed. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Wed Dec 5 02:11:32 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Dec 5 02:11:47 2007 Subject: ****Re: cut off by spamhaus free use? In-Reply-To: <1196819081.31259.15.camel@lin-workstation.azapple.com> References: <4755FE4B.60107@USherbrooke.ca> <1196819081.31259.15.camel@lin-workstation.azapple.com> Message-ID: <475608D4.1010107@USherbrooke.ca> Craig White a ?crit : > On Tue, 2007-12-04 at 20:26 -0500, Denis Beauchemin wrote: > >> Jeff Mills a ?crit : >> >>> >>> >>> >>>> If you can provide me with sample RBL blocks in Postfix, I'm >>>> sure I could make it work for you in no time. Same for Exim >>>> if I get log entries. >>>> >>>> Denis >>>> >>>> >>>> >>> Debnis, >>> >>> Here are a couple of examples. >>> If you need more, I can send. >>> >>> >>> Dec 5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from= to= proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br> >>> >>> Dec 5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from= to= proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br> >>> >>> >> Jeff, >> >> The included version can catch your log lines AND my sendmail ones. >> >> Denis >> >> #!/bin/bash >> # >> # Script qui liste toutes les sources des RBL qui ont bloque au moins >> # un message dans le fichier de log parcouru. >> # >> # DB >> >> if [[ -n "$1" ]]; then >> file="$1" >> else >> file="/var/log/maillog" >> fi >> if [[ $file == ${file%.gz} ]]; then >> cmd="cat $file" >> else >> cmd="zcat $file" >> fi >> # Postfix: Client host [200.181.195.102] blocked using cbl.abuseat.org; >> # Sendmail: reject=554 >> $cmd | LANG=C egrep "reject=554| blocked using " | perl -ne ' >> $h{$1}++ if /found in (.*?)\s*$/; >> $h{$1}++ if /Client host .*? blocked using (.*?);/; >> END{ >> for $i (sort keys %h){ >> $t += $h{$i}; >> } >> for $i (sort keys %h){ >> printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t; >> } >> printf "%25s : %d\n", "*** Total blocked conns", $t; >> }' >> > ---- > yup - that worked for me (postfix) > > cbl.abuseat.org : 2241 ( 53 %) > list.dsbl.org : 84 ( 1 %) > pbl.spamhaus.org : 1880 ( 44 %) > sbl.spamhaus.org : 4 ( 0 %) > *** Total blocked conns : 4209 > > This whole thread has been useful, I'm obviously going to take another > look at rbl's now. > > Thanks > > Craig > > Glad I could help others. If you want a nicer output, change the last printf for: printf "%25s : %6d\n", "*** Total blocked conns", $t; And if you happen to have numbers in tens of millions, change both %6d to %7d or %8d to accomodate bigger numbers. Denis From brian.duncan at kattenlaw.com Wed Dec 5 02:22:35 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Dec 5 02:22:58 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> Thanks for confirming that for me. So is this not a feature that would benefit many users? The capability to have MailScanner NOT check ALL RBL's but in an order based on how many the admin wants till it equals a failure? It seems kind of inefficient to check ALL RBL's listed if an admin trusts results from specific RBL's. Like in my case I could avoid probably 80% of my queries to zen with this capability. "The Spam Lists To Be Spam" directive could still be set, but MailScanner could quit RBL checks after meeting that condition. It could even increase performance couldn't it for heavily loaded mail servers? In my organization we rely on MailScanner to do the RBL checks and pass ALL mail through to end users (We need to, they can never afford to miss a message) RBL failed messages are considered high scoring spam and get a slightly different identifier to quickly identify an RBL'ed messages from one that failed do to message content. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: Tuesday, December 04, 2007 2:54 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings? > > on 12/4/2007 12:27 PM Duncan, Brian M. spake the following: > > > > Can someone explain how to get Mailscanner to NOT check any other > > RBL's listed in "Spam List =" directive after it hits at least 1? > > > > I have these mailscanner config items set currently: > > > > Spam Lists To Be Spam = 1 > > Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL > > > > (we pay for use of the maps-all RBL which is now owned by > Trend Micro) > > > > > > As it stands here is an example message that was logged: > > > > to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL > > > > Which suggests to me it is testing against ALL RBL's I have in the > > Spam List directive, and NOT stopping after it hits 1. > > > > I read in another email about changing the order of the > RBL's in the > > Spam List but as it stands now for me it looks like it > would have no > > impact because It looks like it's checking them all every time. > > > > If anyone could please tell me how you get this working with > > Mailscanner that would be great. > > > > Thanks > > > MailScanner does lookups in parallel, so you can't. Sendmail > does the lookups serialized, and stops at the first match. If > you are going to delete these, do > so in sendmail (or other MTA). If you are going to score > and pass or quarantine, then do them later in mailscanner or > with spamassassin. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From craigwhite at azapple.com Wed Dec 5 02:30:23 2007 From: craigwhite at azapple.com (Craig White) Date: Wed Dec 5 02:31:55 2007 Subject: ****Re: ****Re: cut off by spamhaus free use? In-Reply-To: <475608D4.1010107@USherbrooke.ca> References: <4755FE4B.60107@USherbrooke.ca> <1196819081.31259.15.camel@lin-workstation.azapple.com> <475608D4.1010107@USherbrooke.ca> Message-ID: <1196821823.31259.36.camel@lin-workstation.azapple.com> On Tue, 2007-12-04 at 21:11 -0500, Denis Beauchemin wrote: > Craig White a ?crit : > > On Tue, 2007-12-04 at 20:26 -0500, Denis Beauchemin wrote: > > > >> Jeff Mills a ?crit : > >> > >>> > >>> > >>> > >>>> If you can provide me with sample RBL blocks in Postfix, I'm > >>>> sure I could make it work for you in no time. Same for Exim > >>>> if I get log entries. > >>>> > >>>> Denis > >>>> > >>>> > >>>> > >>> Debnis, > >>> > >>> Here are a couple of examples. > >>> If you need more, I can send. > >>> > >>> > >>> Dec 5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from= to= proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br> > >>> > >>> Dec 5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from= to= proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br> > >>> > >>> > >> Jeff, > >> > >> The included version can catch your log lines AND my sendmail ones. > >> > >> Denis > >> > >> #!/bin/bash > >> # > >> # Script qui liste toutes les sources des RBL qui ont bloque au moins > >> # un message dans le fichier de log parcouru. > >> # > >> # DB > >> > >> if [[ -n "$1" ]]; then > >> file="$1" > >> else > >> file="/var/log/maillog" > >> fi > >> if [[ $file == ${file%.gz} ]]; then > >> cmd="cat $file" > >> else > >> cmd="zcat $file" > >> fi > >> # Postfix: Client host [200.181.195.102] blocked using cbl.abuseat.org; > >> # Sendmail: reject=554 > >> $cmd | LANG=C egrep "reject=554| blocked using " | perl -ne ' > >> $h{$1}++ if /found in (.*?)\s*$/; > >> $h{$1}++ if /Client host .*? blocked using (.*?);/; > >> END{ > >> for $i (sort keys %h){ > >> $t += $h{$i}; > >> } > >> for $i (sort keys %h){ > >> printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t; > >> } > >> printf "%25s : %d\n", "*** Total blocked conns", $t; > >> }' > >> > > ---- > > yup - that worked for me (postfix) > > > > cbl.abuseat.org : 2241 ( 53 %) > > list.dsbl.org : 84 ( 1 %) > > pbl.spamhaus.org : 1880 ( 44 %) > > sbl.spamhaus.org : 4 ( 0 %) > > *** Total blocked conns : 4209 > > > > This whole thread has been useful, I'm obviously going to take another > > look at rbl's now. > > > > Thanks > > > > Craig > > > > > Glad I could help others. > > If you want a nicer output, change the last printf for: > > printf "%25s : %6d\n", "*** Total blocked conns", $t; > > And if you happen to have numbers in tens of millions, change both %6d > to %7d or %8d to accomodate bigger numbers. ---- of course by the time you need %8d, you're already cut-off by zenhaus ;-) Craig From craigwhite at azapple.com Wed Dec 5 02:32:30 2007 From: craigwhite at azapple.com (Craig White) Date: Wed Dec 5 02:32:48 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com> <65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> Message-ID: <1196821950.31259.39.camel@lin-workstation.azapple.com> I think that the issue is to implement in your MTA so you 'reject' the e-mail prior to subjecting it to MailScanner and thereby reducing the load. Craig On Tue, 2007-12-04 at 20:22 -0600, Duncan, Brian M. wrote: > Thanks for confirming that for me. > > So is this not a feature that would benefit many users? > > The capability to have MailScanner NOT check ALL RBL's but in an order > based on how many the admin wants till it equals a failure? > > It seems kind of inefficient to check ALL RBL's listed if an admin > trusts results from specific RBL's. > > Like in my case I could avoid probably 80% of my queries to zen with > this capability. > > "The Spam Lists To Be Spam" directive could still be set, but > MailScanner could quit RBL checks after meeting that condition. > > It could even increase performance couldn't it for heavily loaded mail > servers? > > In my organization we rely on MailScanner to do the RBL checks and pass > ALL mail through to end users (We need to, they can never afford to miss > a message) RBL failed messages are considered high scoring spam and get > a slightly different identifier to quickly identify an RBL'ed messages > from one that failed do to message content. > > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Scott Silva > > Sent: Tuesday, December 04, 2007 2:54 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings? > > > > on 12/4/2007 12:27 PM Duncan, Brian M. spake the following: > > > > > > Can someone explain how to get Mailscanner to NOT check any other > > > RBL's listed in "Spam List =" directive after it hits at least 1? > > > > > > I have these mailscanner config items set currently: > > > > > > Spam Lists To Be Spam = 1 > > > Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL > > > > > > (we pay for use of the maps-all RBL which is now owned by > > Trend Micro) > > > > > > > > > As it stands here is an example message that was logged: > > > > > > to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL > > > > > > Which suggests to me it is testing against ALL RBL's I have in the > > > Spam List directive, and NOT stopping after it hits 1. > > > > > > I read in another email about changing the order of the > > RBL's in the > > > Spam List but as it stands now for me it looks like it > > would have no > > > impact because It looks like it's checking them all every time. > > > > > > If anyone could please tell me how you get this working with > > > Mailscanner that would be great. > > > > > > Thanks > > > > > MailScanner does lookups in parallel, so you can't. Sendmail > > does the lookups serialized, and stops at the first match. If > > you are going to delete these, do > > so in sendmail (or other MTA). If you are going to score > > and pass or quarantine, then do them later in mailscanner or > > with spamassassin. > > > > -- > > MailScanner is like deodorant... > > You hope everybody uses it, and > > you notice quickly if they don't!!!! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > =========================================================== > CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. > =========================================================== > CONFIDENTIALITY NOTICE: > This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. > =========================================================== > NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). > =========================================================== From naolson at gmail.com Wed Dec 5 02:38:52 2007 From: naolson at gmail.com (Nathan Olson) Date: Wed Dec 5 02:38:54 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com> <65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> Message-ID: <8f54b4330712041838u1037d9t54ce2c354dd73566@mail.gmail.com> There is a 'short circuit' feature in the newest versions of SpamAssassin that I believe does what you are talking about (in SpamAssassin). Nate From brian.duncan at kattenlaw.com Wed Dec 5 02:56:09 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Dec 5 02:56:15 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <1196821950.31259.39.camel@lin-workstation.azapple.com> References: <47557D9B.5090801@openenterprise.ca><625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> <1196821950.31259.39.camel@lin-workstation.azapple.com> Message-ID: <65234743FE1555428435CE39E6AC407801D7ED97@CHI-US-EXCH-01.us.kmz.com> I guess it is the case that everyone has different needs. We never reject messages at the MTA level. (Well actually messages that are destined to users that do not have valid MS Exchange SMTP records are rejected, so I guess never is not correct, but that is the only case we reject at the edge) RBL's tend to be a love/hate thing. We love them, based on the fact that we still deliver every failed RBL message to the users Junk Mail folder. (Giving them the option to "white list" in outlook RBL'ed sources. Given that Mailscanner allows "high scoring treatment" on RBL checked messages, and then the capability to set the intended actions (including delivery) I would think the extra control over RBL behavior could allow even finer tuning in some environments. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Craig White > Sent: Tuesday, December 04, 2007 8:33 PM > To: MailScanner discussion > Subject: RE: Recommended spam.lists and/or sendmail dnsbl settings? > > I think that the issue is to implement in your MTA so you > 'reject' the e-mail prior to subjecting it to MailScanner and > thereby reducing the load. > > Craig > > On Tue, 2007-12-04 at 20:22 -0600, Duncan, Brian M. wrote: > > Thanks for confirming that for me. > > > > So is this not a feature that would benefit many users? > > > > The capability to have MailScanner NOT check ALL RBL's but > in an order > > based on how many the admin wants till it equals a failure? > > > > It seems kind of inefficient to check ALL RBL's listed if an admin > > trusts results from specific RBL's. > > > > Like in my case I could avoid probably 80% of my queries to > zen with > > this capability. > > > > "The Spam Lists To Be Spam" directive could still be set, but > > MailScanner could quit RBL checks after meeting that condition. > > > > It could even increase performance couldn't it for heavily > loaded mail > > servers? > > > > In my organization we rely on MailScanner to do the RBL checks and > > pass ALL mail through to end users (We need to, they can > never afford > > to miss a message) RBL failed messages are considered high scoring > > spam and get a slightly different identifier to quickly identify an > > RBL'ed messages from one that failed do to message content. > > > > > > > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Scott Silva > > > Sent: Tuesday, December 04, 2007 2:54 PM > > > To: mailscanner@lists.mailscanner.info > > > Subject: Re: Recommended spam.lists and/or sendmail dnsbl > settings? > > > > > > on 12/4/2007 12:27 PM Duncan, Brian M. spake the following: > > > > > > > > Can someone explain how to get Mailscanner to NOT check > any other > > > > RBL's listed in "Spam List =" directive after it hits > at least 1? > > > > > > > > I have these mailscanner config items set currently: > > > > > > > > Spam Lists To Be Spam = 1 > > > > Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL > > > > > > > > (we pay for use of the maps-all RBL which is now owned by > > > Trend Micro) > > > > > > > > > > > > As it stands here is an example message that was logged: > > > > > > > > to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL > > > > > > > > Which suggests to me it is testing against ALL RBL's I > have in the > > > > Spam List directive, and NOT stopping after it hits 1. > > > > > > > > I read in another email about changing the order of the > > > RBL's in the > > > > Spam List but as it stands now for me it looks like it > > > would have no > > > > impact because It looks like it's checking them all every time. > > > > > > > > If anyone could please tell me how you get this working with > > > > Mailscanner that would be great. > > > > > > > > Thanks > > > > > > > MailScanner does lookups in parallel, so you can't. Sendmail does > > > the lookups serialized, and stops at the first match. If you are > > > going to delete these, do > > > so in sendmail (or other MTA). If you are going to > score and pass > > > or quarantine, then do them later in mailscanner or with > > > spamassassin. > > > > > > -- > > > MailScanner is like deodorant... > > > You hope everybody uses it, and > > > you notice quickly if they don't!!!! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > =========================================================== > > CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing > Practice Before the Internal Revenue Service, any tax advice > contained herein is not intended or written to be used and > cannot be used by a taxpayer for the purpose of avoiding tax > penalties that may be imposed on the taxpayer. > > =========================================================== > > CONFIDENTIALITY NOTICE: > > This electronic mail message and any attached files contain > information intended for the exclusive use of the individual > or entity to whom it is addressed and may contain information > that is proprietary, privileged, confidential and/or exempt > from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any viewing, > copying, disclosure or distribution of this information may > be subject to legal restriction or sanction. Please notify > the sender, by electronic mail or telephone, of any > unintended recipients and delete the original message without > making any copies. > > =========================================================== > > NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois > limited liability partnership that has elected to be governed > by the Illinois Uniform Partnership Act (1997). > > =========================================================== > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Jeff.Mills at versacold.com.au Wed Dec 5 02:59:52 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Dec 5 03:00:08 2007 Subject: cut off by spamhaus free use? Message-ID: > > > > > Dec 5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: > reject: RCPT from > > unknown[200.181.195.102]: 554 5.7.1 Service unavailable; > Client host > > [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see > > http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; > > from= to= > > proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br> > > > > Dec 5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: > reject: RCPT from > > 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service > > unavailable; Client host [201.42.168.44] blocked using > list.dsbl.org; > > http://dsbl.org/listing?201.42.168.44; from= > > to= proto=SMTP > > helo=<201-42-168-44.dsl.telesp.net.br> > > > Jeff, > > The included version can catch your log lines AND my sendmail ones. > > Denis Thanks Denis, that works a treat! From brian.duncan at kattenlaw.com Wed Dec 5 03:00:39 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Dec 5 03:00:46 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <8f54b4330712041838u1037d9t54ce2c354dd73566@mail.gmail.com> References: <47557D9B.5090801@openenterprise.ca><625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> <8f54b4330712041838u1037d9t54ce2c354dd73566@mail.gmail.com> Message-ID: <65234743FE1555428435CE39E6AC407801D7ED98@CHI-US-EXCH-01.us.kmz.com> Thanks I will look into that, we really like MailScanner (and have donated) for the fine program, since we have handled RBL for years with MailScanner it would be nice to continue to do it that way.. It just seems odd that there is not more control over RBL checking in the Mailscanner product. That is why I initially figured I must be missing something and there must be a way to control how many RBL's it checks instead of all or nothing type logic. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Nathan Olson > Sent: Tuesday, December 04, 2007 8:39 PM > To: MailScanner discussion > Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings? > > There is a 'short circuit' feature in the newest versions of > SpamAssassin that I believe does what you are talking about > (in SpamAssassin). > > Nate > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From stork at openenterprise.ca Wed Dec 5 03:26:28 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Wed Dec 5 03:26:34 2007 Subject: Whitelists not working properly Message-ID: <47561A64.9030803@openenterprise.ca> I have noticed for the past few months, not sure when it started, but not all whitelist entries are getting picked up. For instance, I just added >From To *@www.pixologic.com *@* Yet maillog shows a message from that domain tagged as SPAM? Dec 4 18:23:16 gateway sendmail[5523]: lB52N3Be005523: from=, size=8671, class=0, nrcpts=1, msgid=<200712050223.lB52N2EH063776@www.pixologic.com>, proto=ESMTP, daemon=Daemon1, relay=mydomain.ca [11.111.11.111] Dec 4 18:23:45 gateway MailScanner[29537]: Message lB52N3Be005523 from 11.111.11.111 (www@www.pixologic.com) to myotherdomain.ca is spam, SpamAssassin (not cached, score=17.851, required 5, BAYES_99 15.00, HTML_FONT_FACE_BAD 0.88, HTML_IMAGE_RATIO_04 0.17, HTML_MESSAGE 0.00, MIME_BASE64_BLANKS 0.04, MIME_BASE64_TEXT 1.75) Dec 4 18:41:32 gateway sendmail[6513]: lB52fLFj006513: from=, size=8072, class=0, nrcpts=1, msgid=<200712050241.lB52fL6p064657@www.pixologic.com>, proto=ESMTP, daemon=Daemon1, relay=www.pixologic.com [209.132.96.162] (may be forged) Dec 4 18:41:57 gateway MailScanner[29589]: Message lB52fLFj006513 from 209.132.96.162 (www@www.pixologic.com) to myotherdomain.ca is spam, SpamAssassin (not cached, score=17.851, required 5, BAYES_99 15.00, HTML_FONT_FACE_BAD 0.88, HTML_IMAGE_RATIO_04 0.17, HTML_MESSAGE 0.00, MIME_BASE64_BLANKS 0.04, MIME_BASE64_TEXT 1.75) -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From stork at openenterprise.ca Wed Dec 5 03:29:23 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Wed Dec 5 03:29:27 2007 Subject: cut off by spamhaus free use? In-Reply-To: <8f54b4330712041756y3cd95ef2me08311836375221c@mail.gmail.com> References: <47545A8A.5090509@USherbrooke.ca> <47557865.3030600@USherbrooke.ca> <47557B51.2090604@slackadelic.com> <223f97700712041000t4d0836c5ne32ceb82571af25b@mail.gmail.com> <8f54b4330712041756y3cd95ef2me08311836375221c@mail.gmail.com> Message-ID: <47561B13.8000706@openenterprise.ca> How do I/we use these? And thanks!! Nathan Olson wrote: > I don't know if this helps anyone, but here is a collection of regexes for > sendmail (in Perl). > > Nate > > -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From mkgetz at shentel.net Wed Dec 5 03:32:26 2007 From: mkgetz at shentel.net (Mark Getz) Date: Wed Dec 5 03:35:12 2007 Subject: AW: SpamAssassin Rule Actions References: <4D1CD0994309F84BA83DF998BF0075AF2BC3E9900A@ts-dc2.TS-Webarts.local> Message-ID: SpamAssassin Rule Actions = SpamScore>25=>not-forward spam localhost delivers the spam message to the spam user twice. Any thoughts anyone??? Mark From steve.freegard at fsl.com Wed Dec 5 11:37:22 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Dec 5 11:35:39 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7ED97@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca><625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> <1196821950.31259.39.camel@lin-workstation.azapple.com> <65234743FE1555428435CE39E6AC407801D7ED97@CHI-US-EXCH-01.us.kmz.com> Message-ID: <47568D72.4040807@fsl.com> Duncan, Brian M. wrote: > I guess it is the case that everyone has different needs. Yup - most definitely. > We never reject messages at the MTA level. (Well actually messages that > are destined to users that do not have valid MS Exchange SMTP records > are rejected, so I guess never is not correct, but that is the only case > we reject at the edge) Count yourself very lucky then - I've worked with many companies in the past that had similar policies. They got so much junk they were adding extra MailScanner servers or upgrading existing machines every 6 months or so to attempt to keep up with the load that this imposed on them. > RBL's tend to be a love/hate thing. We love them, based on the fact > that we still deliver every failed RBL message to the users Junk Mail > folder. (Giving them the option to "white list" in outlook RBL'ed > sources. Yes - but in the case of Spamhaus (which is why people like them) if you do some analysis you'll find that unless you've got horsepower, disk space (and the associated money) to burn it isn't worth delivering these messages. From the last SpamAssassin mass-check network tests run: xbl.spamhaus.org hit on 68.7% of spam messages and 0.0033% non-spam messages (3 out of 90160 non-spam messages) pbl.spamhaus.org hit on 61% of spam messages and 0.43% non-spam (390 out of 90160 non-spam messages) sbl.spamhaus.org hit on 1.26% of spam message and 0.0388% non-spam (35 out of 90160 non-spam messages) Based on those stats - I love RBLs too as that tells me that I could potentially gain 70% efficiency by rejecting them before they get to MailScanner. > Given that Mailscanner allows "high scoring treatment" on RBL checked > messages, and then the capability to set the intended actions (including > delivery) I would think the extra control over RBL behavior could allow > even finer tuning in some environments. I agree - everyone has different requirements and I think checking the Spam Lists in order and stopping at the first hit would make sense from an efficiency point of view. Cheers, Steve. From steve.freegard at fsl.com Wed Dec 5 11:52:29 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Dec 5 11:50:45 2007 Subject: Spamhaus replacement In-Reply-To: <47544913.6050901@evi-inc.com> References: <47536905.8040903@indomino.net> <47544913.6050901@evi-inc.com> Message-ID: <475690FD.9070806@fsl.com> Hi Matt, Matt Kettler wrote: > bl.spamcop.net works pretty well, but does have some significant FPs now > that they list backscatter sites (in the SpamAssassin 3.2 mass-checks, > the hits on spamcop were 87.1% spam, and therefore 12.9% nonspam) The last network mass-check on ruleqa.spamassassin.org for Spamcop shows: 62.71% spam, 0.10% non-spam (97msgs out of 90160), 0.998 S/O Which has a better S/O than the Spamhaus PBL? What would account for the difference? - I guess the STATISTICS file was generated before SA 3.2 was officially released back in May and the last network mass-check was 5 days ago. This would seem to back up the notion that SC have changed their listing process and made it much more accurate - or - the mass-checks used to generate the two sets of results were different? Cheers, Steve. From peter at farrows.org Wed Dec 5 12:39:57 2007 From: peter at farrows.org (Peter Farrow) Date: Wed Dec 5 12:40:15 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <47568D72.4040807@fsl.com> References: <47557D9B.5090801@openenterprise.ca><625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> <1196821950.31259.39.camel@lin-workstation.azapple.com> <65234743FE1555428435CE39E6AC407801D7ED97@CHI-US-EXCH-01.us.kmz.com> <47568D72.4040807@fsl.com> Message-ID: <47569C1D.8090204@farrows.org> Steve Freegard wrote: > Duncan, Brian M. wrote: >> I guess it is the case that everyone has different needs. > > Yup - most definitely. > >> We never reject messages at the MTA level. (Well actually messages that >> are destined to users that do not have valid MS Exchange SMTP records >> are rejected, so I guess never is not correct, but that is the only case >> we reject at the edge) > > Count yourself very lucky then - I've worked with many companies in > the past that had similar policies. They got so much junk they were > adding extra MailScanner servers or upgrading existing machines every > 6 months or so to attempt to keep up with the load that this imposed > on them. > >> RBL's tend to be a love/hate thing. We love them, based on the fact >> that we still deliver every failed RBL message to the users Junk Mail >> folder. (Giving them the option to "white list" in outlook RBL'ed >> sources. > > Yes - but in the case of Spamhaus (which is why people like them) if > you do some analysis you'll find that unless you've got horsepower, > disk space (and the associated money) to burn it isn't worth > delivering these messages. > > From the last SpamAssassin mass-check network tests run: > > xbl.spamhaus.org hit on 68.7% of spam messages and 0.0033% non-spam > messages (3 out of 90160 non-spam messages) > > pbl.spamhaus.org hit on 61% of spam messages and 0.43% non-spam (390 > out of 90160 non-spam messages) > > sbl.spamhaus.org hit on 1.26% of spam message and 0.0388% non-spam (35 > out of 90160 non-spam messages) > > Based on those stats - I love RBLs too as that tells me that I could > potentially gain 70% efficiency by rejecting them before they get to > MailScanner. > >> Given that Mailscanner allows "high scoring treatment" on RBL checked >> messages, and then the capability to set the intended actions (including >> delivery) I would think the extra control over RBL behavior could allow >> even finer tuning in some environments. > > I agree - everyone has different requirements and I think checking the > Spam Lists in order and stopping at the first hit would make sense > from an efficiency point of view. > > Cheers, > Steve. For me, If a sender/relay is listed on an RBL I reject it before it gets to MailScanner. The sender knows they've been rejected so they can talk to their ISP or IT dept to fix the problem. Personally I see no need to even consider email from somebody who relayed through a blacklisted server. This has not caused any complaints from my clients. Regards Pete -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From prandal at herefordshire.gov.uk Wed Dec 5 12:48:13 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Dec 5 12:48:21 2007 Subject: MailTools and MailScanner... In-Reply-To: References: <4755B34C.1050608@zeiglers.net> <200712042156.lB4LuoKv012903@mxt.1bigthink.com><4755E077.3070003@vanderkooij.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA023EB025@HC-MBX02.herefordshire.gov.uk> I've just tested MailScanner-4.66.2-1 on CentOS 5 with the latest perl-MailTools-2.02 (from rpmforge) and it appears to work fine. Thanks Jules. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: 05 December 2007 00:03 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailTools and MailScanner... > > on 12/4/2007 3:19 PM Hugo van der Kooij spake the following: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > dnsadmin 1bigthink.com wrote: > > > >> Yep. I'm confirming. CentOS 5. > >> > >> rpm -qa |grep MailTools > >> perl-MailTools-1.71-1 > >> > >> And the update is waiting in the yum repository. > > > > I have run a full update and use Centos 5.0 (which just > became 5.1) with > > rpmforge and am still on perl-MailTools-1.77-1.el5.rf > > > > So which repositories do you use? > > > This just came down on rpmforge today. Your mirror might have > been behind like > mine was -- right before I put my foot in my mouth. > Try another yum search and see if yours has caught up. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From steve.freegard at fsl.com Wed Dec 5 13:42:39 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Dec 5 13:40:56 2007 Subject: Whitelists not working properly In-Reply-To: <47561A64.9030803@openenterprise.ca> References: <47561A64.9030803@openenterprise.ca> Message-ID: <4756AACF.8010703@fsl.com> Johnny Stork wrote: > I have noticed for the past few months, not sure when it started, but > not all whitelist entries are getting picked up. For instance, I just added > >> From To > *@www.pixologic.com *@* > > Yet maillog shows a message from that domain tagged as SPAM? > This is because if you are talking about the MailScanner whitelist ruleset you have the syntax totally wrong.... here is an example of what it should look like: From:*@www.pixologic.com yes From:smf@fsl.com and To: stork@openenterprise.ca yes FromOrTo:default no If you are talking about the MailWatch whitelist - it's still wrong, MW doesn't support wildcards, so you would just enter 'www.pixologic.com' in the From field and leave the 'To' field blank (default). Regards, Steve. From maillists at conactive.com Wed Dec 5 14:36:44 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Dec 5 14:36:51 2007 Subject: Whitelists not working properly In-Reply-To: <47561A64.9030803@openenterprise.ca> References: <47561A64.9030803@openenterprise.ca> Message-ID: Johnny Stork wrote on Tue, 04 Dec 2007 19:26:28 -0800: > >From To > *@www.pixologic.com *@* Assuming you talk about spam.whitelist.rules: From: *@www.pixologic.com yes Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Dec 5 14:48:21 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 5 14:48:36 2007 Subject: Accent In-Reply-To: References: <4513DA4D.1000200@multitech.qc.ca> <4513E40A.5020002@USherbrooke.ca> Message-ID: <4756BA35.9040603@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ugo Bellavance wrote: > Denis Beauchemin wrote: >> Claude Gagn? a ?crit : >>> Hi, >>> >>> Sometimes when our MailScanner apply the inline.sig.html or the >>> inline.sig.txt the accent (like ?) appears as a "i" or chinese symbol. >>> Anyone know how can I get rid of this issues ? >>> >> >> Claude, >> >> I don't think you can avoid this as the message encoding is defined >> in the email headers and it is put there by the email clients, not >> MS. So it changes from one email to the other. >> >> Denis >> > > Julian, would it be possible to fix that in some way? Forcing UTF-8 > maybe? > > Regards, > > Ugo > I don't want to change the encoding used in a message, as I don't have any control over how a message is written, and trying to translate the whole thing into UTF8 would surely be a murderously difficult problem. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHVro1EfZZRxQVtlQRAhXIAJ9XoewRKlyY7Ol6nnLUluLaL6XpUACggEDt C17xmr3Lyf66bhsRFUYBgvw= =DvC0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Wed Dec 5 14:55:46 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Dec 5 14:56:03 2007 Subject: Spamhaus replacement In-Reply-To: <475690FD.9070806@fsl.com> References: <47536905.8040903@indomino.net> <47544913.6050901@evi-inc.com> <475690FD.9070806@fsl.com> Message-ID: <4756BBF2.6060107@evi-inc.com> Steve Freegard wrote: > Hi Matt, > > Matt Kettler wrote: >> bl.spamcop.net works pretty well, but does have some significant FPs >> now that they list backscatter sites (in the SpamAssassin 3.2 >> mass-checks, the hits on spamcop were 87.1% spam, and therefore 12.9% >> nonspam) > > The last network mass-check on ruleqa.spamassassin.org for Spamcop shows: > > 62.71% spam, 0.10% non-spam (97msgs out of 90160), 0.998 S/O Yeah, but ruleqa isn't as large or diverse a sample as a full release mass-check. For example, the details for the last net check you quoted above are (see the tiny "source details" clicky on the right side near the top of the list): OVERALL SPAM% HAM% S/O RANK SCORE NAME 0 521287 90160 0.853 0.00 0.00 (all messages) 0.00000 85.2547 14.7453 0.853 0.00 0.00 (all messages as %) However, the 3.2.x set1 stet was: OVERALL SPAM% HAM% S/O RANK SCORE NAME 0 953545 540903 0.638 0.00 0.00 (all messages) 0.00000 63.8058 36.1942 0.638 0.00 0.00 (all messages as %) Note that there's 6 times more nonspam, and a substantially lower S/O for the overall set in the release mass-check. For a rule to go from a S/O of 0.871 to a S/O of 0.998 (14.5% higher) is easy when the corpus itself goes from 0.638 to 0.853 (33% higher). Be wary of reading too much into S/O's from ruleqa, particularly the net runs. It's a good "quick read" but you've got to be aware that the numbers can be significantly biased by the makeup of the corpus. From brose at med.wayne.edu Wed Dec 5 16:05:15 2007 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Dec 5 16:05:28 2007 Subject: OT: Sendmail question Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> Does anyone have a local rule that would be similar to check_compat that would allow one to use the access file for a relay to sender combo. I'm looking for a way to only allow transactions involving a specific sender domain from specific relay. Check_compat allows sender to recipient combos so I'm looking for something similar to do IP and sender combos. -=Bobby Rose -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071205/3293c44a/attachment.html From m.anderlini at database.it Wed Dec 5 16:23:37 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Dec 5 16:23:50 2007 Subject: error after perl module upgrade In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> Message-ID: <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> hello, I've just upgrade some perl module from dag repository : perl-MailTools noarch 2.02-1.el4.rf dag 98 k perl-Time-HiRes i386 1.9711-1.el4.rf dag 70 k after service mailscanner restart now I get this error msg, ============== MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. ============== I'm using mailscanner-4.58.9-1 on centos CentOS release 4.5 (Final) with 2.6.9-55.0.12.EL. Could someone help me ? thanks a lot No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071205/44d08332/attachment.html From shuttlebox at gmail.com Wed Dec 5 16:32:40 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Dec 5 16:32:48 2007 Subject: error after perl module upgrade In-Reply-To: <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> Message-ID: <625385e30712050832q5829560p5b3fcb9b76a459cc@mail.gmail.com> On Dec 5, 2007 5:23 PM, Marcello Anderlini wrote: > hello, > > I've just upgrade some perl module from dag repository : > > perl-MailTools noarch 2.02-1.el4.rf dag 98 k > perl-Time-HiRes i386 1.9711-1.el4.rf dag 70 k > > after service mailscanner restart now I get this error msg, > ============== > MailScanner: Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > > ============== > I'm using mailscanner-4.58.9-1 on centos CentOS release 4.5 (Final) with > 2.6.9-55.0.12.EL. There's been several threads about this lately. Either upgrade MailScanner to the 4.66 beta or downgrade MailTools. -- /peter From prandal at herefordshire.gov.uk Wed Dec 5 16:39:56 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Dec 5 16:40:02 2007 Subject: error after perl module upgrade In-Reply-To: <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> Upgrade MailScanner to 4.66.2 beta. Works a treat here with that combo. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini Sent: 05 December 2007 16:24 To: 'MailScanner discussion' Subject: error after perl module upgrade hello, I've just upgrade some perl module from dag repository : perl-MailTools noarch 2.02-1.el4.rf dag 98 k perl-Time-HiRes i386 1.9711-1.el4.rf dag 70 k after service mailscanner restart now I get this error msg, ============== MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. ============== I'm using mailscanner-4.58.9-1 on centos CentOS release 4.5 (Final) with 2.6.9-55.0.12.EL. Could someone help me ? thanks a lot -- Messaggio verificato dal servizio antivirus di Database Informatica . No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071205/fc55bbf8/attachment.html From m.anderlini at database.it Wed Dec 5 16:47:02 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Dec 5 16:47:13 2007 Subject: R: error after perl module upgrade In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu><011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> Message-ID: <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> Thanks to all for your quick answer but this is a test system so I prefer to wait the stable 4.66.2. Does anyone know when it will be released ? thanks again _____ Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Randal, Phil Inviato: mercoled? 5 dicembre 2007 17.40 A: MailScanner discussion Oggetto: RE: error after perl module upgrade Upgrade MailScanner to 4.66.2 beta. Works a treat here with that combo. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini Sent: 05 December 2007 16:24 To: 'MailScanner discussion' Subject: error after perl module upgrade hello, I've just upgrade some perl module from dag repository : perl-MailTools noarch 2.02-1.el4.rf dag 98 k perl-Time-HiRes i386 1.9711-1.el4.rf dag 70 k after service mailscanner restart now I get this error msg, ============== MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. ============== I'm using mailscanner-4.58.9-1 on centos CentOS release 4.5 (Final) with 2.6.9-55.0.12.EL. Could someone help me ? thanks a lot -- Messaggio verificato dal servizio antivirus di HYPERLINK "http://www.database.it/"Database Informatica. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 -- Messaggio verificato dal servizio antivirus di HYPERLINK "http://www.database.it/"Database Informatica. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071205/37bf0f5e/attachment.html From prandal at herefordshire.gov.uk Wed Dec 5 17:08:56 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Dec 5 17:09:18 2007 Subject: error after perl module upgrade In-Reply-To: <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu><011601c8375b$3053d090$2301a8c0@dbdomain.database.it><7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA023EB0E9@HC-MBX02.herefordshire.gov.uk> It's perfectly stable here. It has been running on our production servers all afternoon without any problems. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini Sent: 05 December 2007 16:47 To: 'MailScanner discussion' Subject: R: error after perl module upgrade Thanks to all for your quick answer but this is a test system so I prefer to wait the stable 4.66.2. Does anyone know when it will be released ? thanks again ________________________________ Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Randal, Phil Inviato: mercoled? 5 dicembre 2007 17.40 A: MailScanner discussion Oggetto: RE: error after perl module upgrade Upgrade MailScanner to 4.66.2 beta. Works a treat here with that combo. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini Sent: 05 December 2007 16:24 To: 'MailScanner discussion' Subject: error after perl module upgrade hello, I've just upgrade some perl module from dag repository : perl-MailTools noarch 2.02-1.el4.rf dag 98 k perl-Time-HiRes i386 1.9711-1.el4.rf dag 70 k after service mailscanner restart now I get this error msg, ============== MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. ============== I'm using mailscanner-4.58.9-1 on centos CentOS release 4.5 (Final) with 2.6.9-55.0.12.EL. Could someone help me ? thanks a lot -- Messaggio verificato dal servizio antivirus di Database Informatica . No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 -- Messaggio verificato dal servizio antivirus di Database Informatica . No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 -- Messaggio verificato dal servizio antivirus di Database Informatica . No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19.31 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071205/043695b9/attachment.html From eaperezh at gmail.com Wed Dec 5 18:35:06 2007 From: eaperezh at gmail.com (Erick Perez) Date: Wed Dec 5 18:35:09 2007 Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO Message-ID: Just a quick help to the comunity, we started to see many errors in our systems after a perl upgrade. So here's how to spot it and fix it (temporary fix of course) These instructions are for Centos 4.x / 5.x only, modify according to your system MailScanner version 4.65.3 perl-MailTools-2.02-1.el4.rf equals the following errors: # MailScanner -v | head -20 Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. Fix : #rpm -e perl-MailTools-2.02-1.el4.rf ?nodeps #wget http://dag.wieers.com/rpm/packages/perl-MailTools/perl-MailTools-1.77-1.el4.rf.noarch.rpm #rpm -ivh perl-MailTools-1.77-1.el4.rf.noarch.rpm Now check your system with #MailScanner -v | head -20 Running on Linux xxxxxxxxxxxxxxx 2.6.9-55.0.12.ELsmp #1 SMP Fri Nov 2 11:19:08 EDT 2007 i686 i686 i386 GNU/Linux This is CentOS release 4.5 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.65.3 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 0.92 Filesys::Df Cheers, -- ------------------------------------------------------------ Erick Perez ------------------------------------------------------------ From ssilva at sgvwater.com Wed Dec 5 17:41:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 19:07:03 2007 Subject: MailTools and MailScanner... In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA023EB025@HC-MBX02.herefordshire.gov.uk> References: <4755B34C.1050608@zeiglers.net> <200712042156.lB4LuoKv012903@mxt.1bigthink.com><4755E077.3070003@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA023EB025@HC-MBX02.herefordshire.gov.uk> Message-ID: on 12/5/2007 4:48 AM Randal, Phil spake the following: > I've just tested MailScanner-4.66.2-1 on CentOS 5 with the latest > perl-MailTools-2.02 (from rpmforge) and it appears to work fine. > > Thanks Jules. > > Cheers, > Yes, it is in the changelog; 5/12/2007 New in Version 4.66.2-1 ================================= * New Features and Improvements * 1 New optional configuration setting "Syslog Socket Type". By default this is left blank, as it will work it out according to the operating system you are using. Some Solaris users may want to set this to "native". 1 Addition of new message property for use by MailWatch 2. 1 Update of Sophos.install for Sophos version 6. 2 Updated to handle new MailTools 2.02. This includes the use of several new Perl modules, so you'll have to use the install.sh to install all the requirements of the new MailTools code (unless you are doing clever things with yum repositories). Julian might be too busy to hit the list yet. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ugob at lubik.ca Wed Dec 5 18:43:16 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Dec 5 19:33:35 2007 Subject: cut off by spamhaus free use? In-Reply-To: <5A3FEF92FC07F34B9EE30C0D139571647AC006@monarchs.dokkenengineering.com> References: <47541AFB.6060103@slackadelic.com> <47545F67.70800@pixelhammer.com> <47546058.20508@slackadelic.com> <5A3FEF92FC07F34B9EE30C0D139571647AC006@monarchs.dokkenengineering.com> Message-ID: Brad Dokken wrote: >> I can concur with that. I use BIND for SOA and dnscache for local DNS >> caching. Works great. Sped up queries nearly 100% and I'm >> not hitting >> outside DNS servers as much. >> >> -Matt > > Does anyone have a how-to writeup on how to set this up? > Thanks, > Brad What OS? Under most redhat verson, installing 'caching-nameserver' does it. Ugo From dyioulos at firstbhph.com Wed Dec 5 19:52:51 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Dec 5 19:53:11 2007 Subject: cut off by spamhaus free use? In-Reply-To: <47561B13.8000706@openenterprise.ca> References: <8f54b4330712041756y3cd95ef2me08311836375221c@mail.gmail.com> <47561B13.8000706@openenterprise.ca> Message-ID: <200712051452.51819.dyioulos@firstbhph.com> On Tuesday 04 December 2007 10:29 pm, Johnny Stork wrote: > How do I/we use these? And thanks!! > > Nathan Olson wrote: > > I don't know if this helps anyone, but here is a collection of regexes > > for sendmail (in Perl). > > > > Nate > > -- > *Johnny Stork* > Business & Technology Consultant > stork@openenterprise.ca > I's like to know, too. Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From naolson at gmail.com Wed Dec 5 20:50:12 2007 From: naolson at gmail.com (Nathan Olson) Date: Wed Dec 5 20:50:15 2007 Subject: cut off by spamhaus free use? In-Reply-To: <200712051452.51819.dyioulos@firstbhph.com> References: <8f54b4330712041756y3cd95ef2me08311836375221c@mail.gmail.com> <47561B13.8000706@openenterprise.ca> <200712051452.51819.dyioulos@firstbhph.com> Message-ID: <8f54b4330712051250x15334300l97152d60de1e79cb@mail.gmail.com> I'll write up an example that uses a few of them. I'm swamped at the moment. Check this space in six or seven hours. :) Nate On Dec 5, 2007 1:52 PM, Dimitri Yioulos wrote: > On Tuesday 04 December 2007 10:29 pm, Johnny Stork wrote: > > How do I/we use these? And thanks!! From ssilva at sgvwater.com Wed Dec 5 21:50:16 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 21:52:55 2007 Subject: ****Re: cut off by spamhaus free use? In-Reply-To: <1196819081.31259.15.camel@lin-workstation.azapple.com> References: <4755FE4B.60107@USherbrooke.ca> <1196819081.31259.15.camel@lin-workstation.azapple.com> Message-ID: on 12/4/2007 5:44 PM Craig White spake the following: > On Tue, 2007-12-04 at 20:26 -0500, Denis Beauchemin wrote: >> Jeff Mills a ??crit : >>> >>> >>>> If you can provide me with sample RBL blocks in Postfix, I'm >>>> sure I could make it work for you in no time. Same for Exim >>>> if I get log entries. >>>> >>>> Denis >>>> >>>> >>> Debnis, >>> >>> Here are a couple of examples. >>> If you need more, I can send. >>> >>> >>> Dec 5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from= to= proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br> >>> >>> Dec 5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from= to= proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br> >>> >> Jeff, >> >> The included version can catch your log lines AND my sendmail ones. >> >> Denis >> >> #!/bin/bash >> # >> # Script qui liste toutes les sources des RBL qui ont bloque au moins >> # un message dans le fichier de log parcouru. >> # >> # DB >> >> if [[ -n "$1" ]]; then >> file="$1" >> else >> file="/var/log/maillog" >> fi >> if [[ $file == ${file%.gz} ]]; then >> cmd="cat $file" >> else >> cmd="zcat $file" >> fi >> # Postfix: Client host [200.181.195.102] blocked using cbl.abuseat.org; >> # Sendmail: reject=554 >> $cmd | LANG=C egrep "reject=554| blocked using " | perl -ne ' >> $h{$1}++ if /found in (.*?)\s*$/; >> $h{$1}++ if /Client host .*? blocked using (.*?);/; >> END{ >> for $i (sort keys %h){ >> $t += $h{$i}; >> } >> for $i (sort keys %h){ >> printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t; >> } >> printf "%25s : %d\n", "*** Total blocked conns", $t; >> }' > ---- > yup - that worked for me (postfix) > > cbl.abuseat.org : 2241 ( 53 %) > list.dsbl.org : 84 ( 1 %) > pbl.spamhaus.org : 1880 ( 44 %) > sbl.spamhaus.org : 4 ( 0 %) > *** Total blocked conns : 4209 > > This whole thread has been useful, I'm obviously going to take another > look at rbl's now. > > Thanks > > Craig > I'm still playing with the regex's to match my log lines. Time to do some reading. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 22:05:28 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 22:08:05 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> Message-ID: on 12/4/2007 6:22 PM Duncan, Brian M. spake the following: > Thanks for confirming that for me. > > So is this not a feature that would benefit many users? > > The capability to have MailScanner NOT check ALL RBL's but in an order > based on how many the admin wants till it equals a failure? > > It seems kind of inefficient to check ALL RBL's listed if an admin > trusts results from specific RBL's. > > Like in my case I could avoid probably 80% of my queries to zen with > this capability. > > "The Spam Lists To Be Spam" directive could still be set, but > MailScanner could quit RBL checks after meeting that condition. > > It could even increase performance couldn't it for heavily loaded mail > servers? It would actually lower performance as each message would have to be checked one at a time one list at a time instead of firing off multiple queries and looking at the hits afterward. Think of telling a joke in a room full of people. Do you tell one person at a time and wait for a laugh (or not), or do you tell groups of people at the same time? If a sysadmin trusts a list that well, he/she usually uses it at the MTA. That is the only way to really cut the load, because no further processing is done on it. The batch processing is what puts mailscanner ahead of the other options like mimedefang or amavisd (or ???). > > In my organization we rely on MailScanner to do the RBL checks and pass > ALL mail through to end users (We need to, they can never afford to miss > a message) RBL failed messages are considered high scoring spam and get > a slightly different identifier to quickly identify an RBL'ed messages > from one that failed do to message content. > Since you forward all messages, you could have some preprocessor do rbl checks and add headers and then get mailscanner to not re-scan those. In my organisation, if they are on a trusted RBL, they only send spam. Otherwise the un-trusted RBL's are scored with spamassassin like other content. That way a message in a less than reliable list, with no other content problems will usually get through unmolested. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 22:11:37 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 22:13:44 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <47569C1D.8090204@farrows.org> References: <47557D9B.5090801@openenterprise.ca><625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> <1196821950.31259.39.camel@lin-workstation.azapple.com> <65234743FE1555428435CE39E6AC407801D7ED97@CHI-US-EXCH-01.us.kmz.com> <47568D72.4040807@fsl.com> <47569C1D.8090204@farrows.org> Message-ID: on 12/5/2007 4:39 AM Peter Farrow spake the following: > Steve Freegard wrote: >> Duncan, Brian M. wrote: >>> I guess it is the case that everyone has different needs. >> >> Yup - most definitely. >> >>> We never reject messages at the MTA level. (Well actually messages that >>> are destined to users that do not have valid MS Exchange SMTP records >>> are rejected, so I guess never is not correct, but that is the only case >>> we reject at the edge) >> >> Count yourself very lucky then - I've worked with many companies in >> the past that had similar policies. They got so much junk they were >> adding extra MailScanner servers or upgrading existing machines every >> 6 months or so to attempt to keep up with the load that this imposed >> on them. >> >>> RBL's tend to be a love/hate thing. We love them, based on the fact >>> that we still deliver every failed RBL message to the users Junk Mail >>> folder. (Giving them the option to "white list" in outlook RBL'ed >>> sources. >> >> Yes - but in the case of Spamhaus (which is why people like them) if >> you do some analysis you'll find that unless you've got horsepower, >> disk space (and the associated money) to burn it isn't worth >> delivering these messages. >> >> From the last SpamAssassin mass-check network tests run: >> >> xbl.spamhaus.org hit on 68.7% of spam messages and 0.0033% non-spam >> messages (3 out of 90160 non-spam messages) >> >> pbl.spamhaus.org hit on 61% of spam messages and 0.43% non-spam (390 >> out of 90160 non-spam messages) >> >> sbl.spamhaus.org hit on 1.26% of spam message and 0.0388% non-spam (35 >> out of 90160 non-spam messages) >> >> Based on those stats - I love RBLs too as that tells me that I could >> potentially gain 70% efficiency by rejecting them before they get to >> MailScanner. >> >>> Given that Mailscanner allows "high scoring treatment" on RBL checked >>> messages, and then the capability to set the intended actions (including >>> delivery) I would think the extra control over RBL behavior could allow >>> even finer tuning in some environments. >> >> I agree - everyone has different requirements and I think checking the >> Spam Lists in order and stopping at the first hit would make sense >> from an efficiency point of view. >> >> Cheers, >> Steve. > For me, > > If a sender/relay is listed on an RBL I reject it before it gets to > MailScanner. The sender knows they've been rejected so they can talk to > their ISP or IT dept to fix the problem. Personally I see no need to > even consider email from somebody who relayed through a blacklisted > server. This has not caused any complaints from my clients. > > Regards > > Pete > > And for a critical host, whitelisting can be done while they fix their mess. But not indefinitely. If they don't care to fix it, they shouldn't be running a mailserver. I have even helped some of our business partners that had systems set up by clueless or under trained people. You always get the Mom and Pop shop that let their nephew Jimmy set up their mail server because they didn't know any better. Most laymen think that e-mail is like putting a postal mailbox in front of your house, and waiting for the postman to stop. Although in some ways it is...have you seen the volume of "spam" in your snail-mail box? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 22:15:17 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 22:20:37 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7ED98@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca><625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> <8f54b4330712041838u1037d9t54ce2c354dd73566@mail.gmail.com> <65234743FE1555428435CE39E6AC407801D7ED98@CHI-US-EXCH-01.us.kmz.com> Message-ID: on 12/4/2007 7:00 PM Duncan, Brian M. spake the following: > Thanks I will look into that, we really like MailScanner (and have > donated) for the fine program, since we have handled RBL for years with > MailScanner it would be nice to continue to do it that way.. > > > It just seems odd that there is not more control over RBL checking in > the Mailscanner product. > > That is why I initially figured I must be missing something and there > must be a way to control how many RBL's it checks instead of all or > nothing type logic. > You haven't missed anything, it was just not put in. I think you would actually waste more time on the serial lookups of the messages "not" in the lists then you would save. DNS lookups don't add that much to the load. Spamassassin is the real system hog, and you can already stop spamassassin if a message hits the lists first. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 22:24:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 22:26:10 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <47560588.2020102@indomino.net> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> Message-ID: on 12/4/2007 5:57 PM Budi Febrianto spake the following: > Scott Silva wrote: >>> This is what I currently have in sendmail.mc >>> >>> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " >>> $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl >>> FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr} >>> " - see http://dnsbl.njabl.org/method.html"')dnl >>> FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " >>> $&{client_addr} " found in bl.spamcop.net"')dnl >>> FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " >>> $&{client_addr} " found in chinanet.blackholes.us"')dnl >>> >>> >>> >> If you put your spamhaus lookups at the bottom, you will generate less >> traffic to them. The sendmail RBL lookups are serial and stop on the >> first positive. > ah, so if I put zen.spamhaus.org at the bottom of the list, it will > reduce a lot of query to spamhaus, so I should be safe ( I hope so). > I will put bl.spamcop.net at first, and two or three others before > zen.spamhaus.org. > Spamcop will probably catch a large portion, at least 60% or better. You could also put cbl.abuseat.org before spamhaus, even if it is a double lookup, because that list is a significant portion of the zen list, and will cut lookups to zen even more. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 23:17:29 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 23:20:06 2007 Subject: MailScanner install problem In-Reply-To: <010d01c836de$eeed0710$f105010a@pc> References: <010d01c836de$eeed0710$f105010a@pc> Message-ID: on 12/4/2007 5:34 PM Patrick spake the following: > Hi, > > I am facing MailScanner installation problem. > > I am using Fedora 8 and planning to install MailScanner latest version > 4.65.3-1 > However, install error occurs: > > > # install.sh > > (skipped) > > + /usr/lib/rpm/find-debuginfo.sh > /usr/src/redhat/BUILD/ExtUtils-MakeMaker-6.32 > find: debug: No such file or directory > + /usr/lib/rpm/check-buildroot > /var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root/usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod:C into: /var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root/usr/lib/perl5/5.8.8> > Found '/var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root' in installed files; > aborting > error: Bad exit status from /var/tmp/rpm-tmp.4906 (%install) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.4906 (%install) > > (skipped) > > + /usr/lib/rpm/find-debuginfo.sh /usr/src/redhat/BUILD/IO-stringy-2.108 > find: debug: No such file or directory > + /usr/lib/rpm/check-buildroot > /var/tmp/perl-IO-stringy-root/usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod:C into: /var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.8> > Found '/var/tmp/perl-IO-stringy-root' in installed files; aborting > error: Bad exit status from /var/tmp/rpm-tmp.22440 (%install) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.22440 (%install) > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.108-1.noarch.rpm. > Maybe it did not build correctly? > > (skipped) > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > perl-MIME-tools >= 5.412 is needed by mailscanner-4.65.3-1.noarch > > > From the list chatter, Fedora 8 might have changed the root users default rpm build tree, or has a bad .rpmmacros file. Does the /usr/src/redhat/[BUILD|RPMS|SOURCES|SPECS|SRPMS] directory structure exist? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 23:22:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 23:25:06 2007 Subject: R: error after perl module upgrade In-Reply-To: <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu><011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> Message-ID: on 12/5/2007 8:47 AM Marcello Anderlini spake the following: > Thanks to all for your quick answer but this is a test system so I > prefer to wait the stable 4.66.2. > > Does anyone know when it will be released ? > > thanks again Probably at the end of the month, so you either have to use the beta or downgrade mailtools. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 5 23:23:17 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 5 23:30:14 2007 Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: References: Message-ID: on 12/5/2007 10:35 AM Erick Perez spake the following: > Just a quick help to the comunity, we started to see many errors in > our systems after a perl upgrade. > So here's how to spot it and fix it (temporary fix of course) > > These instructions are for Centos 4.x / 5.x only, modify according to > your system > > MailScanner version 4.65.3 > perl-MailTools-2.02-1.el4.rf > > equals the following errors: > > # MailScanner -v | head -20 > Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6907. > Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6910. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6907. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6910. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > > > Fix : > > #rpm -e perl-MailTools-2.02-1.el4.rf ?nodeps > #wget http://dag.wieers.com/rpm/packages/perl-MailTools/perl-MailTools-1.77-1.el4.rf.noarch.rpm > #rpm -ivh perl-MailTools-1.77-1.el4.rf.noarch.rpm > > Now check your system with > #MailScanner -v | head -20 > Running on > Linux xxxxxxxxxxxxxxx 2.6.9-55.0.12.ELsmp #1 SMP Fri Nov 2 11:19:08 > EDT 2007 i686 i686 i386 GNU/Linux > This is CentOS release 4.5 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.65.3 > Module versions are: > 1.00 AnyDBM_File > 1.23 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 0.92 Filesys::Df > > > Cheers, > Or install the new mailscanner beta that fixes this also. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From asakawa at quickd.net Thu Dec 6 05:05:17 2007 From: asakawa at quickd.net (Takashi Asakawa) Date: Thu Dec 6 05:05:49 2007 Subject: Found viruses but Uninfected Delivered Message-ID: <20071206135514.D7B0.ASAKAWA@quickd.net> Hi all Found 1 viruses but Uninfected Delivered --------- MailScanner[21677]: /var/spool/MailScanner/incoming/21677/./ lB63ouC1021957.message: Worm.Antinny-9 FOUND MailScanner[21677]: Virus Scanning: ClamAV found 1 infections MailScanner[21677]: lB63ouC1021957.message=>[Subject: N/A][Date: Thu, 6 Dec 2007 12:50:56 +0900]=>(MIME part)=>3.zip=>ne.scr:infected: Win32. Worm.Antinny.AY MailScanner[21677]: Virus Scanning: Bitdefender found 1 infections MailScanner[21677]: /var/spool/MailScanner/incoming/21677/lB63ouC1021957. message->3.zip->ne.scr->(UPX) Infection: W32/Worm.E MailScanner[21677]: Virus Scanning: F-Prot found virus W32/Worm.E MailScanner[21677]: Virus Scanning: F-Prot found 1 infections MailScanner[21677]: Virus Scanning: Avg found 1 infections MailScanner[21677]: Virus Scanning: Avast found 1 infections MailScanner[21677]: Virus Scanning: Norman found 1 infections MailScanner[21677]: Infected message 21677 came from MailScanner[21677]: Infected message lB63ouC1021957.message=>[Subject: N came from MailScanner[21677]: Infected message lB63ouC1021957.message came from MailScanner[21677]: Virus Scanning: Found 1 viruses MailScanner[21677]: Uninfected: Delivered 1 messages --------- My conf --------- %org-name% = %org-long-name% = %web-site% = %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run As User = Run As Group = Queue Scan Interval = 6 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 7200 MTA = sendmail Sendmail = /usr/sbin/sendmail sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 2 Find Archives By Content = yes Zip Attachments = no Attachments Zip Filename = MessageAttachments.zip Attachments Min Total Size To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg . mpe .mpeg .mp3 .rpm .htm .html .eml Virus Scanning = yes Virus Scanners = antivir clamav bitdefender f-prot avg avast norman Virus Scanner Timeout = 300 Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = no Check Filenames In Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /opt/sophos-av/lib/sav Sophos Lib Dir = /opt/sophos-av/lib Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/ local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Use Threads = no ClamAV Full Message Scan = yes Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Known Web Bug Servers = msgtag.com Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = no Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content. message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename. message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message. txt Deleted Size Message Report = %report-dir%/deleted.size.message. txt Stored Bad Content Message Report = %report-dir%/stored.content.message. txt Stored Bad Filename Message Report = %report-dir%/stored.filename. message.txt Stored Virus Message Report = %report-dir%/stored.virus.message. txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = no Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Attach Image To Signature = no Attach Image To HTML Message Only = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E- Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = yes Notices Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww. mailscanner.info Notices From = MailScanner Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 200k Use Watermarking = no Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = nothing Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-Secret Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Use SpamAssassin = yes Max SpamAssassin Size = 200k Required SpamAssassin Score = 6 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 75 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Include Binary Attachments In SpamAssassin = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/ SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" SpamAssassin Rule Actions = Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/ SpamAssassin-Temp SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = MCP Checks = no First Check = spam MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.66.1 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = Syslog Socket Type = Minimum Code Status = supported From shuttlebox at gmail.com Thu Dec 6 07:53:20 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Dec 6 07:53:27 2007 Subject: R: error after perl module upgrade In-Reply-To: References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> Message-ID: <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> On Dec 6, 2007 12:22 AM, Scott Silva wrote: > on 12/5/2007 8:47 AM Marcello Anderlini spake the following: > > Thanks to all for your quick answer but this is a test system so I > > prefer to wait the stable 4.66.2. > > > > Does anyone know when it will be released ? > > > > thanks again > Probably at the end of the month, so you either have to use the beta or > downgrade mailtools. Shouldn't it have been released already? It's usually at the beginning of each month. -- /peter From MailScanner at ecs.soton.ac.uk Thu Dec 6 09:35:21 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 6 09:35:43 2007 Subject: R: error after perl module upgrade In-Reply-To: <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> Message-ID: <4757C259.60107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > On Dec 6, 2007 12:22 AM, Scott Silva wrote: > >> on 12/5/2007 8:47 AM Marcello Anderlini spake the following: >> >>> Thanks to all for your quick answer but this is a test system so I >>> prefer to wait the stable 4.66.2. >>> >>> Does anyone know when it will be released ? >>> >>> thanks again >>> >> Probably at the end of the month, so you either have to use the beta or >> downgrade mailtools. >> > > Shouldn't it have been released already? It's usually at the beginning > of each month. > No, because I didn't do a release at the start of December. There simply wasn't anything new to release. Start of January will be the next stable release. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHV8JaEfZZRxQVtlQRAv2PAKCW2RcErF4GDm2DDxNng2REy4GsNgCgktDh AJY603MllQdbssFNXbiYIH0= =RaDg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From joost at waversveld.nl Thu Dec 6 10:28:41 2007 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Dec 6 10:28:45 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> Message-ID: <4757CED9.8050901@waversveld.nl> Scott Silva wrote: > on 12/4/2007 5:57 PM Budi Febrianto spake the following: >> Scott Silva wrote: >>>> This is what I currently have in sendmail.mc >>>> >>>> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " >>>> $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl >>>> FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " >>>> $&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl >>>> FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " >>>> $&{client_addr} " found in bl.spamcop.net"')dnl >>>> FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " >>>> $&{client_addr} " found in chinanet.blackholes.us"')dnl >>>> >>>> >>>> >>> If you put your spamhaus lookups at the bottom, you will generate >>> less traffic to them. The sendmail RBL lookups are serial and stop >>> on the first positive. >> ah, so if I put zen.spamhaus.org at the bottom of the list, it will >> reduce a lot of query to spamhaus, so I should be safe ( I hope so). >> I will put bl.spamcop.net at first, and two or three others before >> zen.spamhaus.org. >> > Spamcop will probably catch a large portion, at least 60% or better. > You could also put cbl.abuseat.org before spamhaus, even if it is a > double lookup, because that list is a significant portion of the zen > list, and will cut lookups to zen even more. > Because of your message I was looking on the website of the cbl.abuseat.org and founf on http://cbl.abuseat.org/faq.html the following text: ------------------------------------------------------------------------------------------ If you wish to download the CBL zone, YOU MUST register WARNING: it is CBL policy that spam filter and spam filter service vendors MUST obtain a paid-for feed from Spamhaus. Filter providers that do not have a paid-for feed from Spamhaus, or who have not registered for the CBL feed, MAY find themselves inhibited from obtaining a CBL feed without warning. ------------------------------------------------------------------------------------------ I do not know how they count the connections to the servers, but officially you will still need an paid-for feed from Spamhaus. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071206/09e3e905/attachment.html From steve.freegard at fsl.com Thu Dec 6 10:46:05 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Dec 6 10:44:17 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <4757CED9.8050901@waversveld.nl> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> <4757CED9.8050901@waversveld.nl> Message-ID: <4757D2ED.3080606@fsl.com> Joost Waversveld wrote: > Scott Silva wrote: >> on 12/4/2007 5:57 PM Budi Febrianto spake the following: >>> Scott Silva wrote: >>>>> This is what I currently have in sendmail.mc >>>>> >>>>> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " >>>>> $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl >>>>> FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " >>>>> $&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl >>>>> FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " >>>>> $&{client_addr} " found in bl.spamcop.net"')dnl >>>>> FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " >>>>> $&{client_addr} " found in chinanet.blackholes.us"')dnl >>>>> >>>>> >>>>> >>>> If you put your spamhaus lookups at the bottom, you will generate >>>> less traffic to them. The sendmail RBL lookups are serial and stop >>>> on the first positive. >>> ah, so if I put zen.spamhaus.org at the bottom of the list, it will >>> reduce a lot of query to spamhaus, so I should be safe ( I hope so). >>> I will put bl.spamcop.net at first, and two or three others before >>> zen.spamhaus.org. >>> >> Spamcop will probably catch a large portion, at least 60% or better. >> You could also put cbl.abuseat.org before spamhaus, even if it is a >> double lookup, because that list is a significant portion of the zen >> list, and will cut lookups to zen even more. >> > Because of your message I was looking on the website of the > cbl.abuseat.org and founf on http://cbl.abuseat.org/faq.html the > following text: > ------------------------------------------------------------------------------------------ > If you wish to download the CBL zone, YOU MUST register > > WARNING: it is CBL policy that spam filter and spam filter service > vendors MUST obtain a paid-for feed from Spamhaus. Filter providers that > do not have a paid-for feed from Spamhaus, or who have not registered > for the CBL feed, MAY find themselves inhibited from obtaining a CBL > feed without warning. > ------------------------------------------------------------------------------------------ > > I do not know how they count the connections to the servers, but > officially you will still need an paid-for feed from Spamhaus. > That text is talking about downloading the *zone file* via rsync, not querying the public mirrors. Regards, Steve. From joost at waversveld.nl Thu Dec 6 11:27:20 2007 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Dec 6 11:27:25 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <4757D2ED.3080606@fsl.com> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> <4757CED9.8050901@waversveld.nl> <4757D2ED.3080606@fsl.com> Message-ID: <4757DC98.4090701@waversveld.nl> Steve Freegard wrote: > Joost Waversveld wrote: >> Scott Silva wrote: >>> on 12/4/2007 5:57 PM Budi Febrianto spake the following: >>>> Scott Silva wrote: >>>>>> This is what I currently have in sendmail.mc >>>>>> >>>>>> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " >>>>>> $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl >>>>>> FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " >>>>>> $&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl >>>>>> FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " >>>>>> $&{client_addr} " found in bl.spamcop.net"')dnl >>>>>> FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " >>>>>> $&{client_addr} " found in chinanet.blackholes.us"')dnl >>>>>> >>>>>> >>>>>> >>>>> If you put your spamhaus lookups at the bottom, you will generate >>>>> less traffic to them. The sendmail RBL lookups are serial and stop >>>>> on the first positive. >>>> ah, so if I put zen.spamhaus.org at the bottom of the list, it will >>>> reduce a lot of query to spamhaus, so I should be safe ( I hope so). >>>> I will put bl.spamcop.net at first, and two or three others before >>>> zen.spamhaus.org. >>>> >>> Spamcop will probably catch a large portion, at least 60% or better. >>> You could also put cbl.abuseat.org before spamhaus, even if it is a >>> double lookup, because that list is a significant portion of the zen >>> list, and will cut lookups to zen even more. >>> >> Because of your message I was looking on the website of the >> cbl.abuseat.org and founf on http://cbl.abuseat.org/faq.html the >> following text: >> ------------------------------------------------------------------------------------------ >> >> If you wish to download the CBL zone, YOU MUST register >> >> WARNING: it is CBL policy that spam filter and spam filter service >> vendors MUST obtain a paid-for feed from Spamhaus. Filter providers >> that do not have a paid-for feed from Spamhaus, or who have not >> registered for the CBL feed, MAY find themselves inhibited from >> obtaining a CBL feed without warning. >> ------------------------------------------------------------------------------------------ >> >> >> I do not know how they count the connections to the servers, but >> officially you will still need an paid-for feed from Spamhaus. >> > > That text is talking about downloading the *zone file* via rsync, not > querying the public mirrors. > > Regards, > Steve. Ok, then it is a good solution. Sorry for the misunderstanding. Regards, Joost Waversveld From mailscanner at lists.mailscanner.info Thu Dec 6 13:39:39 2007 From: mailscanner at lists.mailscanner.info (VIAGRA ® Official Site) Date: Thu Dec 6 13:39:42 2007 Subject: December 79% OFF Message-ID: <20071206073939.11632.qmail@techred1> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071206/42b558f5/attachment.html From m.anderlini at database.it Thu Dec 6 14:01:23 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Dec 6 14:15:56 2007 Subject: Spamassassin speed In-Reply-To: <4757DC98.4090701@waversveld.nl> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> <4757CED9.8050901@waversveld.nl><4757D2ED.3080606@fsl.com> <4757DC98.4090701@waversveld.nl> Message-ID: <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> I know this has been discussed many, many time but I still waiting for a final and clear answer. For example now, without change nothing spamassassin is very slow. I'm using spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory. I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and razor, rulues_du_jour. Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg error. If I run spamassassin --lint -debug I see just the test with all check made by spamassassin but I can not understand where it became slow. Thanks for any kind of answer and please use a easy and clear english. Thanks a lot. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 05/12/2007 21.29 -- Messaggio verificato dal servizio antivirus di Database Informatica From martinh at solidstatelogic.com Thu Dec 6 14:20:47 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Dec 6 14:20:54 2007 Subject: Spamassassin speed In-Reply-To: <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> Message-ID: <6dd71f663d3311409e1ad340bf109351@solidstatelogic.com> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips and the section after... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 06 December 2007 14:01 > To: MailScanner discussion > Subject: Spamassassin speed > > I know this has been discussed many, many time but I still waiting for a > final and clear answer. > > For example now, without change nothing spamassassin is very slow. I'm > using > spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory. > > I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and > razor, rulues_du_jour. > > Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg > error. If I run spamassassin --lint -debug I see just the test with all > check made by spamassassin but I can not understand where it became slow. > > Thanks for any kind of answer and please use a easy and clear english. > > Thanks a lot. > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: > 05/12/2007 > 21.29 > > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Dec 6 14:36:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 6 14:36:41 2007 Subject: Spamassassin speed In-Reply-To: <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> <4757CED9.8050901@waversveld.nl><4757D2ED.3080606@fsl.com> <4757DC98.4090701@waversveld.nl> <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> Message-ID: <475808E8.8000409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try not using pyzor, to start with. Then try not using razor, then try not using RBLs in SpamAssassin. Marcello Anderlini wrote: > I know this has been discussed many, many time but I still waiting for a > final and clear answer. > > For example now, without change nothing spamassassin is very slow. I'm using > spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory. > > I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and > razor, rulues_du_jour. > > Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg > error. If I run spamassassin --lint -debug I see just the test with all > check made by spamassassin but I can not understand where it became slow. > > Thanks for any kind of answer and please use a easy and clear english. > > Thanks a lot. > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 05/12/2007 > 21.29 > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: windows-1250 wj8DBQFHWAjpEfZZRxQVtlQRAjxwAKDwqWXNRgg5DWgr6y82rkcXNCVebACghHbv 3sppdhXpdlXjsS145zi/JTA= =sZDY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.frovarp at sendit.nodak.edu Thu Dec 6 14:36:42 2007 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Dec 6 14:36:46 2007 Subject: Spamassassin speed In-Reply-To: <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> <4757CED9.8050901@waversveld.nl><4757D2ED.3080606@fsl.com> <4757DC98.4090701@waversveld.nl> <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> Message-ID: <475808FA.9040309@sendit.nodak.edu> Marcello Anderlini wrote: > I know this has been discussed many, many time but I still waiting for a > final and clear answer. > > For example now, without change nothing spamassassin is very slow. I'm using > spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory. > > I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and > razor, rulues_du_jour. > > Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg > error. If I run spamassassin --lint -debug I see just the test with all > check made by spamassassin but I can not understand where it became slow. > > Thanks for any kind of answer and please use a easy and clear english. > > Thanks a lot. > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 05/12/2007 > 21.29 > > > > spamassassin --lint -debug doesn't do network tests. Give spamassassin an email to work on to see if there is an issue with network tests. Richard From prandal at herefordshire.gov.uk Thu Dec 6 15:20:13 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Dec 6 15:20:24 2007 Subject: Spamassassin speed In-Reply-To: <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> <4757CED9.8050901@waversveld.nl><4757D2ED.3080606@fsl.com><4757DC98.4090701@waversveld.nl> <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA026017C9@HC-MBX02.herefordshire.gov.uk> Have you run sa-update? Have you ensured that in /etc/MailScanner/MailScanner.conf SpamAssassin Local State Dir= and checked that when you run MailScanner --debug --debug-sa that the SA rules are being loaded from the correct directory? e.g. /var/lib/spamassassin/3.002003/updates_spamassassin_org/ Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marcello Anderlini > Sent: 06 December 2007 14:01 > To: 'MailScanner discussion' > Subject: Spamassassin speed > > I know this has been discussed many, many time but I still > waiting for a > final and clear answer. > > For example now, without change nothing spamassassin is very > slow. I'm using > spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory. > > I've put /var/spool/MailScanner/incoming in memory. I'm using > pyzor and > razor, rulues_du_jour. > > Now I'm getting:SpamAssassin timed out and was killed, > failure 0 of 10 msg > error. If I run spamassassin --lint -debug I see just the > test with all > check made by spamassassin but I can not understand where it > became slow. > > Thanks for any kind of answer and please use a easy and clear english. > > Thanks a lot. > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release > Date: 05/12/2007 > 21.29 > > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikea at mikea.ath.cx Thu Dec 6 15:37:34 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Dec 6 15:38:00 2007 Subject: Irony (was: Re: December 79% OFF) In-Reply-To: <20071206073939.11632.qmail@techred1> References: <20071206073939.11632.qmail@techred1> Message-ID: <20071206153734.GB75306@mikea.ath.cx> On Thu, Dec 06, 2007 at 01:39:39PM +0000, VIAGRA ® Official Site wrote: : From mailscanner-bounces@lists.mailscanner.info Thu Dec 6 07:49:38 2007 : Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7]) : by mikea.ath.cx (8.12.3/8.12.3) with ESMTP id lB6Dnajw075192 : for ; Thu, 6 Dec 2007 07:49:37 -0600 (CST) : (envelope-from mailscanner-bounces@lists.mailscanner.info) : Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) : by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id lB6DhRWt014965; : Thu, 6 Dec 2007 13:46:37 GMT : X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ : Received: from techred1 (82.199.110.206.iskratelecom.ru [82.199.110.206]) : by safir.blacknight.ie (8.13.1/8.13.1) with SMTP id lB6Ddd2R012954 : for ; Thu, 6 Dec 2007 13:39:39 GMT : Date: Thu, 6 Dec 2007 13:39:39 GMT : Received: from Cheri Lara (10.18.18.10) by techred1 (PowerMTA(TM) v3.2r4) id : hfp11o34d14j00 for ; : Thu, 6 Dec 2007 04:39:39 +0300 : Message-Id: <20071206073939.11632.qmail@techred1> : To: : From: VIAGRA ® Official Site : MIME-Version: 1.0 : Subject: December 79% OFF : X-BeenThere: mailscanner@lists.mailscanner.info : X-Mailman-Version: 2.1.5 : Precedence: list : Reply-To: MailScanner discussion : List-Id: MailScanner discussion : List-Unsubscribe: , : : List-Archive: : List-Post: : List-Help: : List-Subscribe: , : : Content-Type: multipart/mixed; boundary="===============1370972488==" : Sender: mailscanner-bounces@lists.mailscanner.info : Errors-To: mailscanner-bounces@lists.mailscanner.info : Status: RO : Content-Length: 3437 : Lines: 51 : : --===============1370972488== : Content-Type: text/html; charset="iso-8859-1" : Content-Transfer-Encoding: 8bit : : :
: : : : : --===============1370972488== : Content-Type: text/plain; charset="us-ascii" : MIME-Version: 1.0 : Content-Transfer-Encoding: 7bit : Content-Disposition: inline : : -- : MailScanner mailing list : mailscanner@lists.mailscanner.info : http://lists.mailscanner.info/mailman/listinfo/mailscanner : : Before posting, read http://wiki.mailscanner.info/posting : : Support MailScanner development - buy the book off the website! : : --===============1370972488==-- The irony is truly delicious. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From mkettler at evi-inc.com Thu Dec 6 16:46:37 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Dec 6 16:47:13 2007 Subject: Spamassassin speed In-Reply-To: <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> References: <47557D9B.5090801@openenterprise.ca> <47560588.2020102@indomino.net> <4757CED9.8050901@waversveld.nl><4757D2ED.3080606@fsl.com> <4757DC98.4090701@waversveld.nl> <018e01c83810$7bfba260$2301a8c0@dbdomain.database.it> Message-ID: <4758276D.6030009@evi-inc.com> Marcello Anderlini wrote: > I know this has been discussed many, many time but I still waiting for a > final and clear answer. > > For example now, without change nothing spamassassin is very slow. I'm using > spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory. > > I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and > razor, rulues_du_jour. Word of warning: RDJ is almost obsolete, but is still useful for small-scale rule developers. Any rules from the SpamAssassin team can be updated with sa-update. You can also update SARE rules this way if you add their channel. See also: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt You can still use RDJ for various web-hosted rulsets that don't have sa-update channel support. However, many copies of RDJ floating around support rulesets that *nobody* should use. Make sure you're not using any of these sets with RDJ: antidrug - part of SA official set since 3.0.0, and only maintained in the official tree. sa-blacklist - too large for anyone to practically use. Consumes about 500MB per child and grinds SA to a screeching halt. blacklist-uri - as above, and wholly redundant with the WS list on SURBL (supported by default in SA 3.0 and higher if network tests are enabled.) From ssilva at sgvwater.com Thu Dec 6 17:35:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Dec 6 17:38:34 2007 Subject: R: error after perl module upgrade In-Reply-To: <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> Message-ID: on 12/5/2007 11:53 PM shuttlebox spake the following: > On Dec 6, 2007 12:22 AM, Scott Silva wrote: >> on 12/5/2007 8:47 AM Marcello Anderlini spake the following: >>> Thanks to all for your quick answer but this is a test system so I >>> prefer to wait the stable 4.66.2. >>> >>> Does anyone know when it will be released ? >>> >>> thanks again >> Probably at the end of the month, so you either have to use the beta or >> downgrade mailtools. > > Shouldn't it have been released already? It's usually at the beginning > of each month. > Most of the time it is either late (very late) in the evening on the last day or very early in the morning on the first. It looked like the beta was a few days after, and I doubt that Julian would release a code fix without some beta time. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Dec 6 17:38:14 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Dec 6 17:44:44 2007 Subject: Irony In-Reply-To: <20071206153734.GB75306@mikea.ath.cx> References: <20071206073939.11632.qmail@techred1> <20071206153734.GB75306@mikea.ath.cx> Message-ID: > > The irony is truly delicious. > Spam to a spam list! Somebody is probably high-fiveing his spammer buddies! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Dec 6 17:48:30 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 6 17:48:46 2007 Subject: R: error after perl module upgrade In-Reply-To: References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> Message-ID: <475835EE.1090103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 12/5/2007 11:53 PM shuttlebox spake the following: >> On Dec 6, 2007 12:22 AM, Scott Silva wrote: >>> on 12/5/2007 8:47 AM Marcello Anderlini spake the following: >>>> Thanks to all for your quick answer but this is a test system so I >>>> prefer to wait the stable 4.66.2. >>>> >>>> Does anyone know when it will be released ? >>>> >>>> thanks again >>> Probably at the end of the month, so you either have to use the beta or >>> downgrade mailtools. >> >> Shouldn't it have been released already? It's usually at the beginning >> of each month. >> > Most of the time it is either late (very late) in the evening on the > last day or very early in the morning on the first. It looked like the > beta was a few days after, and I doubt that Julian would release a > code fix without some beta time. > As I said, I didn't do a release on 1st December as there was nothing to release. So the next stable release will be on New Year's Day. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHWDXvEfZZRxQVtlQRAsjSAKDVK/UO8F8+kos605XmXGC9qZ8JCQCg9P0y KuPcgMNwKB9s7EdMpTV7Emw= =aC8R -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Dec 6 18:00:31 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Dec 6 18:01:24 2007 Subject: R: error after perl module upgrade In-Reply-To: <475835EE.1090103@ecs.soton.ac.uk> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> <475835EE.1090103@ecs.soton.ac.uk> Message-ID: on 12/6/2007 9:48 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: >> on 12/5/2007 11:53 PM shuttlebox spake the following: >>> On Dec 6, 2007 12:22 AM, Scott Silva wrote: >>>> on 12/5/2007 8:47 AM Marcello Anderlini spake the following: >>>>> Thanks to all for your quick answer but this is a test system so I >>>>> prefer to wait the stable 4.66.2. >>>>> >>>>> Does anyone know when it will be released ? >>>>> >>>>> thanks again >>>> Probably at the end of the month, so you either have to use the beta or >>>> downgrade mailtools. >>> Shouldn't it have been released already? It's usually at the beginning >>> of each month. >>> >> Most of the time it is either late (very late) in the evening on the >> last day or very early in the morning on the first. It looked like the >> beta was a few days after, and I doubt that Julian would release a >> code fix without some beta time. >> > As I said, I didn't do a release on 1st December as there was nothing to > release. So the next stable release will be on New Year's Day. > > Jules Sorry. I replied without reading all the new messages. You have been quiet on the list this week. Are you feeling OK, or just been busy? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From xmasterx at gmail.com Thu Dec 6 18:01:58 2007 From: xmasterx at gmail.com (Pedro) Date: Thu Dec 6 18:02:08 2007 Subject: Irony In-Reply-To: References: <20071206073939.11632.qmail@techred1> <20071206153734.GB75306@mikea.ath.cx> Message-ID: For me this was the laugh of the day ;) -- Pedro [ xmasterx@gmail.com ] On Dec 6, 2007 5:38 PM, Scott Silva wrote: > > > > > The irony is truly delicious. > > > Spam to a spam list! Somebody is probably high-fiveing his spammer buddies! > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Thu Dec 6 18:18:22 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Dec 6 18:18:31 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA023EA94E@HC-MBX02.herefordshire.gov.uk> References: <4165CF7A7F12DE4B96622CCBB90586470C59A80A@largo.campus.ncl.ac.uk><250402.67610.qm@web33303.mail.mud.yahoo.com> <7EF0EE5CB3B263488C8C18823239BEBA023EA94E@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02601821@HC-MBX02.herefordshire.gov.uk> I've finally tracked this down: yumming from the rpmforge repo had updated perl-MIME-Tools to version 5.424. Downgrading to 5.420 made things work: # MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule mcafee" Found these virus scanners installed: clamavmodule, mcafee ======================================================================== === ======================================================================== === If any of your virus scanners (clamavmodule,mcafee) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@mx1 src]# rpm -Uvh perl-MIME-tools-5.420-2.el5.rf.noarch.rpm --force Preparing... ########################################### [100%] 1:perl-MIME-tools ########################################### [100%] [root@mx1 src]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule mcafee" Found these virus scanners installed: clamavmodule, mcafee ======================================================================== === ======================================================================== === Virus Scanner test reports: ClamAVModule said "eicar.com was infected: Eicar-Test-Signature" McAfee said "/1/eicar.com Found: EICAR test file NOT a virus." If any of your virus scanners (clamavmodule,mcafee) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. This might have had other side-effects other than the antivirus lint. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 29 November 2007 13:58 To: MailScanner discussion Subject: RE: MailScanner --lint doesn't check Eicar virus - OK here! Michael, Which version of RedHat are you running? I see the problem on CentOS 5.0. It may a side effect of force-installing the perl update. It would be nice to know what's actually happening and what the fix is, though. I'm not a perl guru so it's beyond me. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Mansour Sent: 29 November 2007 06:13 To: MailScanner discussion Subject: RE: MailScanner --lint doesn't check Eicar virus - OK here! Hi Quentin, Quentin Campbell wrote: Phil It appears to work here. I get a different result to you: This is very strange then. This begs the question, in what cases does this --lint fail with the Eicar virus check? I'm pretty sure I saw the test pass with Eicar in there when I upgraded to MailScanner 4.65.3 (not certain but pretty sure), but only recently noticed that Eicar was no longer there. This may have happened after some perl errata upgrades on Linux recently released by Red Hat. I'm just interested to know now that if this is the case, then was would cause that symptom and is it causing other problems I can't see? Michael. [root@cheviot4 MailScanner]# MailScanner --lint Checking version numbers... Version number in MailScanner.conf (4.65.3) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule mcafee" Found these virus scanners installed: clamavmodule, mcafee ======================================================================== === ======================================================================== === Virus Scanner test reports: ClamAVModule said "eicar.com was infected: Eicar-Test-Signature" McAfee said "/1/eicar.com Found: EICAR test file NOT a virus." If any of your virus scanners (clamavmodule,mcafee) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@cheviot4 MailScanner]# Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), Newcastle University, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Randal, Phil >Sent: 28 November 2007 14:10 >To: MailScanner discussion >Subject: RE: MailScanner --lint doesn't check Eicar virus > >Well spotted! > >Confirming that it is broken in 4.65.3 > ># MailScanner --lint >Checking version numbers... >Version number in MailScanner.conf (4.65.3) is correct. > >Your envelope_sender_header in spam.assassin.prefs.conf is correct. > >Checking for SpamAssassin errors (if you use it)... >SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin- >Temp >SpamAssassin reported no errors. >MailScanner.conf says "Virus Scanners = clamavmodule mcafee" >Found these virus scanners installed: clamavmodule, mcafee >======================================================================= = >=== >======================================================================= = >=== > >If any of your virus scanners (clamavmodule,mcafee) >are not listed there, you should check that they are installed correctly >and that MailScanner is finding them correctly via its >virus.scanners.conf. > >Cheers, > >Phil > >-- >Phil Randal >Network Engineer >Herefordshire Council >Hereford, UK > > > > > >________________________________ > > From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael >Mansour > Sent: 28 November 2007 14:03 > To: MailScanner discussion > Subject: MailScanner --lint doesn't check Eicar virus > > > Hi, > > I used to be able to run: > > # MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.65.3) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is >correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamavmodule" > Found these virus scanners installed: clamavmodule > ================================================================== >========= > ================================================================== >========= > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed >correctly > and that MailScanner is finding them correctly via its >virus.scanners.conf. > > and see MailScanner test the Eicar virus between the "===" rows, >but most recently I see this doesn't work anymore. > > Is there something I can check to see why? > > When I run the wrapper: > > /usr/lib/MailScanner/clamav-wrapper /usr /tmp > > it finds clamav and works scans /tmp fine. > > Thanks. > > Michael. > > > > >________________________________ > > Make the switch to the world's best email. Get the new Yahoo!7 >Mail now > >u.yahoo.com/worldsbestmail/spankey/> . -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ________________________________ Make the switch to the world's best email. Get the new Yahoo!7 Mail now . -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071206/ae590724/attachment.html From campbell at cnpapers.com Thu Dec 6 18:24:38 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Dec 6 18:24:47 2007 Subject: Irony In-Reply-To: References: <20071206073939.11632.qmail@techred1> <20071206153734.GB75306@mikea.ath.cx> Message-ID: <47583E66.8070705@cnpapers.com> Things like this really piss me off. Thank goodness for our mailing list. The one I got directly only offered 70% off. Steve Campbell Pedro wrote: > For me this was the laugh of the day ;) > > From MailScanner at ecs.soton.ac.uk Thu Dec 6 19:26:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 6 19:26:27 2007 Subject: R: error after perl module upgrade In-Reply-To: References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> <475835EE.1090103@ecs.soton.ac.uk> Message-ID: <47584CD3.3030902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 12/6/2007 9:48 AM Julian Field spake the following: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Scott Silva wrote: >>> on 12/5/2007 11:53 PM shuttlebox spake the following: >>>> On Dec 6, 2007 12:22 AM, Scott Silva wrote: >>>>> on 12/5/2007 8:47 AM Marcello Anderlini spake the following: >>>>>> Thanks to all for your quick answer but this is a test system so I >>>>>> prefer to wait the stable 4.66.2. >>>>>> >>>>>> Does anyone know when it will be released ? >>>>>> >>>>>> thanks again >>>>> Probably at the end of the month, so you either have to use the >>>>> beta or >>>>> downgrade mailtools. >>>> Shouldn't it have been released already? It's usually at the beginning >>>> of each month. >>>> >>> Most of the time it is either late (very late) in the evening on the >>> last day or very early in the morning on the first. It looked like >>> the beta was a few days after, and I doubt that Julian would release >>> a code fix without some beta time. >>> >> As I said, I didn't do a release on 1st December as there was nothing >> to release. So the next stable release will be on New Year's Day. >> >> Jules > Sorry. I replied without reading all the new messages. > You have been quiet on the list this week. Are you feeling OK, or just > been busy? Both :-) Feeling fine, just have a lot on at the moment. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHWEzVEfZZRxQVtlQRApC1AKCmuTcXYAwN1ddr/16izMh5Gwrt9wCfVOl4 wayWuRbr2OFWp49FcFT4VVo= =yccY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Fri Dec 7 02:05:45 2007 From: micoots at yahoo.com (Michael Mansour) Date: Fri Dec 7 02:05:51 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA02601821@HC-MBX02.herefordshire.gov.uk> Message-ID: <703640.65993.qm@web33312.mail.mud.yahoo.com> Hi Phil, --- "Randal, Phil" wrote: > I've finally tracked this down: > > yumming from the rpmforge repo had updated > perl-MIME-Tools to version > 5.424. > > Downgrading to 5.420 made things work: I'm so glad you worked this one out. I also did the downgrade and discovered that the "block of wmv files" subject I'd sent through the list also was resolved ie. blocking attachments was now working again. What you, and anyone else using the perl-MIME-tools update would have found is, that you weren't actually blocking any attachments anymore, as for me this is what had happened. You see, the reason the Eicar virus test was failing was because the MIME checking was broken with the perl-MIME-tools update. I asked this question previously in the "block of wmv files" subject in the mailing list, asking/commenting that I couldn't be the only one experiencing this problem but others either didn't test it or were oblivious to the fact that attachment checking was no longer working for them. With this trouble-shooting and resolution (and letting us know about it here), you've hit at least 2 birds with the one stone. Good work mate and thanks again. Michael. > # MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.66.2) is > correct. > > Your envelope_sender_header in > spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamavmodule > mcafee" > Found these virus scanners installed: clamavmodule, > mcafee > ======================================================================== > === > ======================================================================== > === > > If any of your virus scanners (clamavmodule,mcafee) > are not listed there, you should check that they are > installed correctly > and that MailScanner is finding them correctly via > its > virus.scanners.conf. > [root@mx1 src]# rpm -Uvh > perl-MIME-tools-5.420-2.el5.rf.noarch.rpm > --force > Preparing... > ########################################### > [100%] > 1:perl-MIME-tools > ########################################### > [100%] > [root@mx1 src]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.66.2) is > correct. > > Your envelope_sender_header in > spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamavmodule > mcafee" > Found these virus scanners installed: clamavmodule, > mcafee > ======================================================================== > === > ======================================================================== > === > Virus Scanner test reports: > ClamAVModule said "eicar.com was infected: > Eicar-Test-Signature" > McAfee said "/1/eicar.com Found: EICAR test > file NOT a virus." > > If any of your virus scanners (clamavmodule,mcafee) > are not listed there, you should check that they are > installed correctly > and that MailScanner is finding them correctly via > its > virus.scanners.conf. > > This might have had other side-effects other than > the antivirus lint. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf Of Randal, > Phil > Sent: 29 November 2007 13:58 > To: MailScanner discussion > Subject: RE: MailScanner --lint doesn't check Eicar > virus - OK > here! > > > Michael, > > Which version of RedHat are you running? > > I see the problem on CentOS 5.0. > > It may a side effect of force-installing the perl > update. > > It would be nice to know what's actually happening > and what the > fix is, though. I'm not a perl guru so it's beyond > me. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf Of Michael > Mansour > Sent: 29 November 2007 06:13 > To: MailScanner discussion > Subject: RE: MailScanner --lint doesn't check > Eicar > virus - OK here! > > > Hi Quentin, > > Quentin Campbell > wrote: > > Phil > > It appears to work here. I get a different > result to you: > > > This is very strange then. > > This begs the question, in what cases does this > --lint > fail with the Eicar virus check? > > I'm pretty sure I saw the test pass with Eicar in > there > when I upgraded to MailScanner 4.65.3 (not certain > but pretty sure), but > only recently noticed that Eicar was no longer > there. This may have > happened after some perl errata upgrades on Linux > recently released by > Red Hat. > > I'm just interested to know now that if this is > the > case, then was would cause that symptom and is it > causing other problems > I can't see? > > Michael. > > > [root@cheviot4 MailScanner]# MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.65.3) is > correct. > > Your envelope_sender_header in > spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use > it)... > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = > clamavmodule mcafee" > Found these virus scanners installed: > clamavmodule, mcafee > > ======================================================================== > === > > ======================================================================== > === > Virus Scanner test reports: > ClamAVModule said "eicar.com was infected: > Eicar-Test-Signature" > McAfee said "/1/eicar.com Found: EICAR test file > NOT a virus." > > If any of your virus scanners > (clamavmodule,mcafee) > are not listed there, you should check that they > are installed correctly > and that MailScanner is finding them correctly > via its virus.scanners.conf. > [root@cheviot4 MailScanner]# > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems > and Services (ISS), > Newcastle University, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 > 7RU. > > ------------------------------------------------------------------------ > > > > > > >-----Original Message----- > >From: > mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >bounces@lists.mailscanner.info] On Behalf Of > Randal, Phil > >Sent: 28 November 2007 14:10 > >To: MailScanner discussion > >Subject: RE: MailScanner --lint doesn't check > Eicar virus > > > >Well spotted! > > > >Confirming that it is broken in 4.65.3 > > > ># MailScanner --lint > >Checking version numbers... > >Version number in MailScanner.conf (4.65.3) is > correct. > > > >Your envelope_sender_header in > spam.assassin.prefs.conf is correct. > > > >Checking for SpamAssassin errors (if you use > it)... > >SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin- > >Temp > >SpamAssassin reported no errors. > >MailScanner.conf says "Virus Scanners = > clamavmodule mcafee" > >Found these virus scanners installed: > clamavmodule, mcafee > > >======================================================================= > = > >=== > > >======================================================================= > = > >=== > > > >If any of your virus scanners > (clamavmodule,mcafee) > >are not listed there, you should check that > they are installed correctly > >and that MailScanner is finding them correctly > via its > >virus.scanners.conf. > > > >Cheers, > > > >Phil > > > >-- > >Phil Randal > >Network Engineer > >Herefordshire Council > >Hereford, UK > > > > > > > > > > > >________________________________ > > > > From: > mailscanner-bounces@lists.mailscanner.info > > >[mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf Of > Michael > >Mansour > > Sent: 28 November 2007 14:03 > > To: MailScanner discussion > > Subject: MailScanner --lint doesn't check > Eicar virus > > > > > > Hi, > > > > I used to be able to run: > > > > # MailScanner --lint > > Checking version numbers... > > Version number in MailScanner.conf (4.65.3) is > correct. > > > > Your envelope_sender_header in > spam.assassin.prefs.conf is > >correct. > > > > Checking for SpamAssassin errors (if you use > it)... > > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = > clamavmodule" > > Found these virus scanners installed: > clamavmodule > > > ================================================================== > >========= > > > ================================================================== > >========= > > > > If any of your virus scanners (clamavmodule) > > are not listed there, you should check that > they are installed > >correctly > > and that MailScanner is finding them correctly > via its > >virus.scanners.conf. > > > > and see MailScanner test the Eicar virus > between the "===" rows, > >but most recently I see this doesn't work > anymore. > > > > Is there something I can check to see why? > > > > When I run the wrapper: > > > > /usr/lib/MailScanner/clamav-wrapper /usr /tmp > > > > it finds clamav and works scans /tmp fine. > > > > Thanks. > > > > Michael. > > > > > > > > > >________________________________ > > > > Make the switch to the world's best email. Get > the new Yahoo!7 > >Mail now > > > >u.yahoo.com/worldsbestmail/spankey/> . > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book > off the website! > > > > > ________________________________ > > Make the switch to the world's best email. Get the > new > Yahoo!7 Mail now > u.yahoo.com/worldsbestmail/spankey/> . > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From micoots at yahoo.com Fri Dec 7 02:15:42 2007 From: micoots at yahoo.com (Michael Mansour) Date: Fri Dec 7 02:15:45 2007 Subject: MailTools and MailScanner... In-Reply-To: Message-ID: <350517.83862.qm@web33308.mail.mud.yahoo.com> Hi Scott, --- Scott Silva wrote: > on 12/4/2007 1:58 PM Philip Zeigler spake the > following: > > Scott Silva wrote: > >> on 12/4/2007 12:06 PM Philip Zeigler spake the > following: > >>> ajos1@onion.demon.co.uk wrote: > >>>> - > >>>> > >>>> The reply back is: > >>>> > >>>> ============================ > >>>> > >>>> From: mark@zzzzzzzz to ajos1@zzzzzzzz > Date: Sun, 2 > >>>> Dec 2007 22:35:59 +0100 Subject: ajos1 > - Re: MailTools and > >>>> MailScanner... CC/Multi-To: (none) > Attachments: > >>>> (none) * ajos1@zzzzzzzz (ajos1@zzzzzzzz) > [071202 21:07]: > >>>> > >>>>> Not sure if you use MailScanner or not... > >>>>> > >>>> > >>>> No, never heard of it. Don't know where it is > kept (not on CPAN). > >>>> > >>>> > >>>>> Since MailTools 2.01 - We have an error... and > we are not sure if it > >>>>> is a MailTools problem or a MailScanner > problem... See the message at > >>>>> the end... > >>>>> > >>>> > >>>> The MailTools 2.xx code is a massive clean-up. > One of the things which > >>>> changed, is a stricter use of clean coding > techniques. > >>>> > >>>> > >>>>> [root@onion perl_ext]# MailScanner -v | head > -20 > >>>>> Variable "$FIELD_NAME" is not imported at > >>>>> /usr/lib/MailScanner/MailScanner/Message.pm > line 6907. > >>>>> > >>>> > >>>> Understandable. Yes an effect of my cleanups. > >>>> > >>>> > >>>>> package Mail::Header; > >>>>> $arr->[1] =~ > /\A$FIELD_NAME/o; > >>>>> > >>>> > >>>> Something very bad is happening here: code is > added to an existing > >>>> module. This code should either be added in > the core Mail::Header > >>>> package OR should be added using the OO > extension mechanism. > >>>> > >>>> The author of the mailscanner has to clean-up > his code, IMO. I could > >>>> export the $FIELD_NAME, but preferrably not. > >>>> > >>> Just did a yum update on my Centos 5 system and > it installed > >>> MailTools-2.02. Is there a fix planned for this > any time soon or > >>> should I downgrade to 1.7.7 and exclude the > update? > >>> > >>> Philip > >> Which repo did you get this from? I only see it > in Fedora. > >> > > It updated today from the rpmforge repo. > > > > Philip > Now I see it. My mirror must have been a little > slow. > The only fix so far is to downgrade to 1.7x > MailTools. > Who knows if or when Julian might work on this. Just > because the MailTools > coder says he is using clean coding techniques > doesn't mean it is 100% proper > coding. We will have to see what else breaks. Have you noticed anything else break with the latest RPMforge perl-MailTools and the latest MailScanner 4.66 beta? Michael. Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From micoots at yahoo.com Fri Dec 7 02:19:17 2007 From: micoots at yahoo.com (Michael Mansour) Date: Fri Dec 7 02:19:21 2007 Subject: Whitelists not working properly In-Reply-To: <47561A64.9030803@openenterprise.ca> Message-ID: <10452.94845.qm@web33302.mail.mud.yahoo.com> Hi Johnny, --- Johnny Stork wrote: > I have noticed for the past few months, not sure > when it started, but > not all whitelist entries are getting picked up. For > instance, I just added > > >From To > *@www.pixologic.com *@* It's odd how such rules ever worked for you. They're syntax is incorrect. Please read: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=virus%20scanning%20rules for the correct way to define your rules. Regards, Michael. > Yet maillog shows a message from that domain tagged > as SPAM? > > > > Dec 4 18:23:16 gateway sendmail[5523]: > lB52N3Be005523: > from=, size=8671, class=0, > nrcpts=1, > msgid=<200712050223.lB52N2EH063776@www.pixologic.com>, > proto=ESMTP, > daemon=Daemon1, relay=mydomain.ca [11.111.11.111] > Dec 4 18:23:45 gateway MailScanner[29537]: Message > lB52N3Be005523 from > 11.111.11.111 (www@www.pixologic.com) to > myotherdomain.ca is spam, > SpamAssassin (not cached, score=17.851, required 5, > BAYES_99 15.00, > HTML_FONT_FACE_BAD 0.88, HTML_IMAGE_RATIO_04 0.17, > HTML_MESSAGE 0.00, > MIME_BASE64_BLANKS 0.04, MIME_BASE64_TEXT 1.75) > Dec 4 18:41:32 gateway sendmail[6513]: > lB52fLFj006513: > from=, size=8072, class=0, > nrcpts=1, > msgid=<200712050241.lB52fL6p064657@www.pixologic.com>, > proto=ESMTP, > daemon=Daemon1, relay=www.pixologic.com > [209.132.96.162] (may be forged) > Dec 4 18:41:57 gateway MailScanner[29589]: Message > lB52fLFj006513 from > 209.132.96.162 (www@www.pixologic.com) to > myotherdomain.ca is spam, > SpamAssassin (not cached, score=17.851, required 5, > BAYES_99 15.00, > HTML_FONT_FACE_BAD 0.88, HTML_IMAGE_RATIO_04 0.17, > HTML_MESSAGE 0.00, > MIME_BASE64_BLANKS 0.04, MIME_BASE64_TEXT 1.75) > > > > > -- > *Johnny Stork* > Business & Technology Consultant > stork@openenterprise.ca > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From asakawa at quickd.net Fri Dec 7 02:43:01 2007 From: asakawa at quickd.net (Takashi Asakawa) Date: Fri Dec 7 02:43:34 2007 Subject: Found viruses but Uninfected Delivered In-Reply-To: <20071206135514.D7B0.ASAKAWA@quickd.net> References: <20071206135514.D7B0.ASAKAWA@quickd.net> Message-ID: <20071207113246.BE94.ASAKAWA@quickd.net> Hi Don't work viruses block MailScanner 4.66.2 + perl-MIME-tools 5.424-1 ------------------------------- Work normal movement MailScanner 4.66.2 + perl-MIME-tools.noarch 5.420-1.el4.rf Best regards, > Hi all > > Found 1 viruses but Uninfected Delivered > > --------- > MailScanner[21677]: /var/spool/MailScanner/incoming/21677/./ > lB63ouC1021957.message: Worm.Antinny-9 FOUND > MailScanner[21677]: Virus Scanning: ClamAV found 1 infections > MailScanner[21677]: lB63ouC1021957.message=>[Subject: N/A][Date: Thu, 6 > Dec 2007 12:50:56 +0900]=>(MIME part)=>3.zip=>ne.scr:infected: Win32. > Worm.Antinny.AY > MailScanner[21677]: Virus Scanning: Bitdefender found 1 infections > MailScanner[21677]: /var/spool/MailScanner/incoming/21677/lB63ouC1021957. > message->3.zip->ne.scr->(UPX) Infection: W32/Worm.E > MailScanner[21677]: Virus Scanning: F-Prot found virus W32/Worm.E > MailScanner[21677]: Virus Scanning: F-Prot found 1 infections > MailScanner[21677]: Virus Scanning: Avg found 1 infections > MailScanner[21677]: Virus Scanning: Avast found 1 infections > MailScanner[21677]: Virus Scanning: Norman found 1 infections > MailScanner[21677]: Infected message 21677 came from > MailScanner[21677]: Infected message lB63ouC1021957.message=>[Subject: N > came from > MailScanner[21677]: Infected message lB63ouC1021957.message came from > MailScanner[21677]: Virus Scanning: Found 1 viruses > MailScanner[21677]: Uninfected: Delivered 1 messages > --------- > > My conf > --------- > %org-name% = > %org-long-name% = > %web-site% = > %etc-dir% = /etc/MailScanner > %report-dir% = /etc/MailScanner/reports/en > %rules-dir% = /etc/MailScanner/rules > %mcp-dir% = /etc/MailScanner/mcp > Max Children = 5 > Run As User = > Run As Group = > Queue Scan Interval = 6 > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 7200 > MTA = sendmail > Sendmail = /usr/sbin/sendmail > sendmail2 = /usr/sbin/sendmail > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = > Quarantine Group = > Quarantine Permissions = 0600 > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > Max Normal Queue Size = 800 > Scan Messages = yes > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = no > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = /usr/bin/file > File Timeout = 20 > Gunzip Command = /bin/gunzip > Gunzip Timeout = 50 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = %rules-dir%/max.message.size.rules > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 2 > Find Archives By Content = yes > Zip Attachments = no > Attachments Zip Filename = MessageAttachments.zip > Attachments Min Total Size To Zip = 100k > Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg . > mpe .mpeg .mp3 .rpm .htm .html .eml > Virus Scanning = yes > Virus Scanners = antivir clamav bitdefender f-prot avg avast norman > Virus Scanner Timeout = 300 > Deliver Disinfected Files = no > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = no > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = no > Check Filenames In Password-Protected Archives = yes > Allowed Sophos Error Messages = > Sophos IDE Dir = /opt/sophos-av/lib/sav > Sophos Lib Dir = /opt/sophos-av/lib > Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide > Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/ > local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum Compression Ratio = 250 > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Use Threads = no > ClamAV Full Message Scan = yes > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = no > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Use Stricter Phishing Net = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf > Country Sub-Domains List = %etc-dir%/country.domains.conf > Allow IFrame Tags = disarm > Allow Form Tags = disarm > Allow Script Tags = disarm > Allow WebBugs = disarm > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > Known Web Bug Servers = msgtag.com > Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > Allow Object Codebase Tags = disarm > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Allow Filenames = > Deny Filenames = > Filename Rules = %etc-dir%/filename.rules.conf > Allow Filetypes = > Deny Filetypes = > Filetype Rules = %etc-dir%/filetype.rules.conf > Quarantine Infections = yes > Quarantine Silent Viruses = no > Quarantine Modified Body = no > Quarantine Whole Message = no > Quarantine Whole Messages As Queue Files = no > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = %report-dir%/deleted.content. > message.txt > Deleted Bad Filename Message Report = %report-dir%/deleted.filename. > message.txt > Deleted Virus Message Report = %report-dir%/deleted.virus.message. > txt > Deleted Size Message Report = %report-dir%/deleted.size.message. > txt > Stored Bad Content Message Report = %report-dir%/stored.content.message. > txt > Stored Bad Filename Message Report = %report-dir%/stored.filename. > message.txt > Stored Virus Message Report = %report-dir%/stored.virus.message. > txt > Stored Size Message Report = %report-dir%/stored.size.message.txt > Disinfected Report = %report-dir%/disinfected.report.txt > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Signature Image Filename = %report-dir%/sig.jpg > Signature Image Filename = signature.jpg > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > Envelope To Header = X-%org-name%-MailScanner-To: > Spam Score Character = s > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 0 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > Information Header Value = Please contact the ISP for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = no > Multiple Headers = append > Hostname = the %org-name% ($HOSTNAME) MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = yes > Attach Image To Signature = no > Attach Image To HTML Message Only = yes > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact your Internet E- > Mail Service Provider for details > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = no > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Blocked Size Attachments = no > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > Scanned Subject Text = {Scanned} > Virus Modify Subject = start > Virus Subject Text = {Virus?} > Filename Modify Subject = start > Filename Subject Text = {Filename?} > Content Modify Subject = start > Content Subject Text = {Dangerous Content?} > Size Modify Subject = start > Size Subject Text = {Size} > Disarmed Modify Subject = start > Disarmed Subject Text = {Disarmed} > Phishing Modify Subject = no > Phishing Subject Text = {Fraud?} > Spam Modify Subject = start > Spam Subject Text = {Spam?} > High Scoring Spam Modify Subject = start > High Scoring Spam Subject Text = {Spam?} > Warning Is Attachment = yes > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = ISO-8859-1 > Archive Mail = > Send Notices = yes > Notices Include Full Headers = yes > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww. > mailscanner.info > Notices From = MailScanner > Notices To = postmaster > Local Postmaster = postmaster > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 3 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Is Definitely Spam = no > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 20 > Max Spam Check Size = 200k > Use Watermarking = no > Add Watermark = yes > Check Watermarks With No Sender = yes > Treat Invalid Watermarks With No Sender as Spam = nothing > Check Watermarks To Skip Spam Checks = yes > Watermark Secret = %org-name%-Secret > Watermark Lifetime = 604800 > Watermark Header = X-%org-name%-MailScanner-Watermark: > Use SpamAssassin = yes > Max SpamAssassin Size = 200k > Required SpamAssassin Score = 6 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = yes > SpamAssassin Timeout = 75 > Max SpamAssassin Timeouts = 10 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Include Binary Attachments In SpamAssassin = no > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/ > SpamAssassin.cache.db > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20k > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = deliver header "X-Spam-Status: Yes" > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > Non Spam Actions = deliver header "X-Spam-Status: No" > SpamAssassin Rule Actions = > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > Syslog Facility = mail > Log Speed = no > Log Spam = no > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/ > SpamAssassin-Temp > SpamAssassin User State Dir = > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = spam > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > MCP Modify Subject = start > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = start > High Scoring MCP Subject Text = {MCP?} > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.66.1 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > Always Looked Up Last = no > Always Looked Up Last After Batch = no > Deliver In Background = yes > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /tmp > Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions > Lock Type = > Syslog Socket Type = > Minimum Code Status = supported > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From micoots at yahoo.com Fri Dec 7 03:52:35 2007 From: micoots at yahoo.com (Michael Mansour) Date: Fri Dec 7 03:52:38 2007 Subject: Using deny.filenames.rules Message-ID: <267953.81190.qm@web33309.mail.mud.yahoo.com> Hi, I've started to use the "Deny Filenames" option in MailScanner, where I've defined: Deny Filenames = %rules-dir%/deny.filenames.rules and: # cat rules/deny.filenames.rules FromOrTo: *@example.com \.wmv$ FromOrTo: default This seems to work fine although when sending through the "example.wmv" file, the message is detected as a virus: Warning: E-mail viruses detected and content being: The virus detector said this about the message: etc We know the example.wmv file is not a virus but instead if "Bad Content". Why does MailScanner say it's a virus? Can MailScanner say "Bad Content" instead when using the "Deny Filenames" option? Thanks. Michael. Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From mailscanner at barendse.to Fri Dec 7 04:26:57 2007 From: mailscanner at barendse.to (Remco Barendse) Date: Fri Dec 7 04:27:07 2007 Subject: MailScanner on new install Message-ID: Hi list! I installed MailScanner on a new installed RedHat EL4 box. Sendmail worked properly, installed MailScanner. When i look into the log MailScanner keeps re-starting continuously (but without errors). MailScanner -v doesn't show any missing modules, and ps -A shows that all but one MailScanner process is . Because there are no errors in the logfiles i have no idea where to look for the problem. Any hints / pointers? Thanks! From hvdkooij at vanderkooij.org Fri Dec 7 06:34:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Dec 7 06:35:29 2007 Subject: R: error after perl module upgrade In-Reply-To: <47584CD3.3030902@ecs.soton.ac.uk> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D75D@MED-CORE03-MS1.med.wayne.edu> <011601c8375b$3053d090$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA023EB0E2@HC-MBX02.herefordshire.gov.uk> <012701c8375e$75a5e900$2301a8c0@dbdomain.database.it> <625385e30712052353o2f3052ebq5d6b90e9a775ee78@mail.gmail.com> <475835EE.1090103@ecs.soton.ac.uk> <47584CD3.3030902@ecs.soton.ac.uk> Message-ID: <4758E98A.2060801@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > Both :-) Feeling fine, just have a lot on at the moment. Not to mention you just took a break. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHWOmIBvzDRVjxmYERAswQAJ9Z9kVeh0u93xJkOr9fKMzGv0FMYACgiOEX OWPk+YPrBdApSQYYzCIE1I4= =YFr2 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Fri Dec 7 06:42:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Dec 7 06:43:11 2007 Subject: MailScanner on new install In-Reply-To: References: Message-ID: <4758EB63.9020506@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remco Barendse wrote: > Hi list! > > I installed MailScanner on a new installed RedHat EL4 box. Sendmail worked > properly, installed MailScanner. When i look into the log MailScanner > keeps re-starting continuously (but without errors). > > MailScanner -v doesn't show any missing modules, and ps -A shows that > all but one MailScanner process is . > > Because there are no errors in the logfiles i have no idea where to look > for the problem. Since you are the one with the logfiles and we are totally without any details at all. How do you expect this to be solved? So round up the usual suspects and spill out the beans. MailScanner version? OS details (uname -a)? Did you read the list in reard to known issues? What do you get when you start in debug mode? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHWOtgBvzDRVjxmYERAnRFAKCxioq/T0bu/K3aV9SAbfRCbHe6lACfYitz vWfrYd3XQZC3n8wk/rf7u9c= =neb5 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Fri Dec 7 09:41:04 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 7 09:41:22 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <703640.65993.qm@web33312.mail.mud.yahoo.com> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> Message-ID: <47591530.7030605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't really want to upgrade the copy of MIME-tools I use to the latest, as it now requires Perl 5.8. This will royally screw many of the Solaris users out there who only have Perl 5.6 available. If anyone has any thoughts on this, I'm all ears... Jules. Michael Mansour wrote: > Hi Phil, > > --- "Randal, Phil" > wrote: > > >> I've finally tracked this down: >> >> yumming from the rpmforge repo had updated >> perl-MIME-Tools to version >> 5.424. >> >> Downgrading to 5.420 made things work: >> > > I'm so glad you worked this one out. I also did the > downgrade and discovered that the "block of wmv files" > subject I'd sent through the list also was resolved > ie. blocking attachments was now working again. > > What you, and anyone else using the perl-MIME-tools > update would have found is, that you weren't actually > blocking any attachments anymore, as for me this is > what had happened. > > You see, the reason the Eicar virus test was failing > was because the MIME checking was broken with the > perl-MIME-tools update. > > I asked this question previously in the "block of wmv > files" subject in the mailing list, asking/commenting > that I couldn't be the only one experiencing this > problem but others either didn't test it or were > oblivious to the fact that attachment checking was no > longer working for them. > > With this trouble-shooting and resolution (and letting > us know about it here), you've hit at least 2 birds > with the one stone. > > Good work mate and thanks again. > > Michael. > > >> # MailScanner --lint >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.66.2) is >> correct. >> >> Your envelope_sender_header in >> spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = clamavmodule >> mcafee" >> Found these virus scanners installed: clamavmodule, >> mcafee >> >> > ======================================================================== > >> === >> >> > ======================================================================== > >> === >> >> If any of your virus scanners (clamavmodule,mcafee) >> are not listed there, you should check that they are >> installed correctly >> and that MailScanner is finding them correctly via >> its >> virus.scanners.conf. >> [root@mx1 src]# rpm -Uvh >> perl-MIME-tools-5.420-2.el5.rf.noarch.rpm >> --force >> Preparing... >> ########################################### >> [100%] >> 1:perl-MIME-tools >> ########################################### >> [100%] >> [root@mx1 src]# MailScanner --lint >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.66.2) is >> correct. >> >> Your envelope_sender_header in >> spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = clamavmodule >> mcafee" >> Found these virus scanners installed: clamavmodule, >> mcafee >> >> > ======================================================================== > >> === >> >> > ======================================================================== > >> === >> Virus Scanner test reports: >> ClamAVModule said "eicar.com was infected: >> Eicar-Test-Signature" >> McAfee said "/1/eicar.com Found: EICAR test >> file NOT a virus." >> >> If any of your virus scanners (clamavmodule,mcafee) >> are not listed there, you should check that they are >> installed correctly >> and that MailScanner is finding them correctly via >> its >> virus.scanners.conf. >> >> This might have had other side-effects other than >> the antivirus lint. >> >> Cheers, >> >> Phil >> -- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >> >> >> >> ________________________________ >> >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] >> On Behalf Of Randal, >> Phil >> Sent: 29 November 2007 13:58 >> To: MailScanner discussion >> Subject: RE: MailScanner --lint doesn't check Eicar >> virus - OK >> here! >> >> >> Michael, >> >> Which version of RedHat are you running? >> >> I see the problem on CentOS 5.0. >> >> It may a side effect of force-installing the perl >> update. >> >> It would be nice to know what's actually happening >> and what the >> fix is, though. I'm not a perl guru so it's beyond >> me. >> >> Cheers, >> >> Phil >> -- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >> >> >> >> ________________________________ >> >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] >> On Behalf Of Michael >> Mansour >> Sent: 29 November 2007 06:13 >> To: MailScanner discussion >> Subject: RE: MailScanner --lint doesn't check >> Eicar >> virus - OK here! >> >> >> Hi Quentin, >> >> Quentin Campbell >> wrote: >> >> Phil >> >> It appears to work here. I get a different >> result to you: >> >> >> This is very strange then. >> >> This begs the question, in what cases does this >> --lint >> fail with the Eicar virus check? >> >> I'm pretty sure I saw the test pass with Eicar in >> there >> when I upgraded to MailScanner 4.65.3 (not certain >> but pretty sure), but >> only recently noticed that Eicar was no longer >> there. This may have >> happened after some perl errata upgrades on Linux >> recently released by >> Red Hat. >> >> I'm just interested to know now that if this is >> the >> case, then was would cause that symptom and is it >> causing other problems >> I can't see? >> >> Michael. >> >> >> [root@cheviot4 MailScanner]# MailScanner --lint >> Checking version numbers... >> Version number in MailScanner.conf (4.65.3) is >> correct. >> >> Your envelope_sender_header in >> spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use >> it)... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = >> clamavmodule mcafee" >> Found these virus scanners installed: >> clamavmodule, mcafee >> >> >> > ======================================================================== > >> === >> >> >> > ======================================================================== > >> === >> Virus Scanner test reports: >> ClamAVModule said "eicar.com was infected: >> Eicar-Test-Signature" >> McAfee said "/1/eicar.com Found: EICAR test file >> NOT a virus." >> >> If any of your virus scanners >> (clamavmodule,mcafee) >> are not listed there, you should check that they >> are installed correctly >> and that MailScanner is finding them correctly >> via its virus.scanners.conf. >> [root@cheviot4 MailScanner]# >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems >> and Services (ISS), >> Newcastle University, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 >> 7RU. >> >> >> > ------------------------------------------------------------------------ > >> >> >> >> >> >> >-----Original Message----- >> >From: >> mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> >bounces@lists.mailscanner.info] On Behalf Of >> Randal, Phil >> >Sent: 28 November 2007 14:10 >> >To: MailScanner discussion >> >Subject: RE: MailScanner --lint doesn't check >> Eicar virus >> > >> >Well spotted! >> > >> >Confirming that it is broken in 4.65.3 >> > >> ># MailScanner --lint >> >Checking version numbers... >> >Version number in MailScanner.conf (4.65.3) is >> correct. >> > >> >Your envelope_sender_header in >> spam.assassin.prefs.conf is correct. >> > >> >Checking for SpamAssassin errors (if you use >> it)... >> >SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin- >> >Temp >> >SpamAssassin reported no errors. >> >MailScanner.conf says "Virus Scanners = >> clamavmodule mcafee" >> >Found these virus scanners installed: >> clamavmodule, mcafee >> >> >> ======================================================================= >> = >> >=== >> >> >> ======================================================================= >> = >> >=== >> > >> >If any of your virus scanners >> (clamavmodule,mcafee) >> >are not listed there, you should check that >> they are installed correctly >> >and that MailScanner is finding them correctly >> via its >> >virus.scanners.conf. >> > >> >Cheers, >> > >> >Phil >> > >> >-- >> >Phil Randal >> >Network Engineer >> >Herefordshire Council >> >Hereford, UK >> > >> > >> > >> > >> > >> >________________________________ >> > >> > From: >> mailscanner-bounces@lists.mailscanner.info >> >> >>> [mailto:mailscanner-bounces@lists.mailscanner.info] >>> >> On Behalf Of >> Michael >> >Mansour >> > Sent: 28 November 2007 14:03 >> > To: MailScanner discussion >> > Subject: MailScanner --lint doesn't check >> Eicar virus >> > >> > >> > Hi, >> > >> > I used to be able to run: >> > >> > # MailScanner --lint >> > Checking version numbers... >> > Version number in MailScanner.conf (4.65.3) is >> correct. >> > >> > Your envelope_sender_header in >> spam.assassin.prefs.conf is >> >correct. >> > >> > Checking for SpamAssassin errors (if you use >> it)... >> > SpamAssassin temp dir = /tmp/SpamAssassin-Temp >> > SpamAssassin reported no errors. >> > MailScanner.conf says "Virus Scanners = >> clamavmodule" >> > Found these virus scanners installed: >> clamavmodule >> > >> >> > ================================================================== > >> >========= >> > >> >> > ================================================================== > >> >========= >> > >> > If any of your virus scanners (clamavmodule) >> > are not listed there, you should check that >> they are installed >> >correctly >> > and that MailScanner is finding them correctly >> via its >> >virus.scanners.conf. >> > >> > and see MailScanner test the Eicar virus >> between the "===" rows, >> >but most recently I see this doesn't work >> anymore. >> > >> > Is there something I can check to see why? >> > >> > When I run the wrapper: >> > >> > /usr/lib/MailScanner/clamav-wrapper /usr /tmp >> > >> > it finds clamav and works scans /tmp fine. >> > >> > Thanks. >> > >> > Michael. >> > >> > >> > >> > >> >________________________________ >> > >> > Make the switch to the world's best email. Get >> the new Yahoo!7 >> >Mail now >> > >> >u.yahoo.com/worldsbestmail/spankey/> . >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book >> off the website! >> >> >> >> >> ________________________________ >> >> Make the switch to the world's best email. Get the >> new >> Yahoo!7 Mail now >> >> > >> u.yahoo.com/worldsbestmail/spankey/> . >> >> >>> -- >>> >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off >> the website! >> >> > > > > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHWRUxEfZZRxQVtlQRAr5IAKC+PXYGRpL7RX8ZVAtx7L1IDhCeFQCfe75d OOgyOEq4Ozjk+dW1aY5FQNY= =ulw6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Fri Dec 7 09:52:49 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Dec 7 09:52:59 2007 Subject: Found viruses but Uninfected Delivered In-Reply-To: <20071207113246.BE94.ASAKAWA@quickd.net> References: <20071206135514.D7B0.ASAKAWA@quickd.net> <20071207113246.BE94.ASAKAWA@quickd.net> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02601853@HC-MBX02.herefordshire.gov.uk> See my and Michael Mansour's earlier posts. This is a prime example of why "rpmforging" MailScanner and its support modules is a bad idea. Updates to both perl-MIME-tools and perl-Mail-Tools have broken MailScanner. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Takashi Asakawa > Sent: 07 December 2007 02:43 > To: MailScanner discussion > Subject: Re: Found viruses but Uninfected Delivered > > Hi > > Don't work viruses block > > MailScanner 4.66.2 + perl-MIME-tools 5.424-1 > > ------------------------------- > > Work normal movement > > MailScanner 4.66.2 + perl-MIME-tools.noarch 5.420-1.el4.rf > > > > > Best regards, > > > Hi all > > > > Found 1 viruses but Uninfected Delivered > > > > --------- > > MailScanner[21677]: /var/spool/MailScanner/incoming/21677/./ > > lB63ouC1021957.message: Worm.Antinny-9 FOUND > > MailScanner[21677]: Virus Scanning: ClamAV found 1 infections > > MailScanner[21677]: lB63ouC1021957.message=>[Subject: > N/A][Date: Thu, 6 > > Dec 2007 12:50:56 +0900]=>(MIME > part)=>3.zip=>ne.scr:infected: Win32. > > Worm.Antinny.AY > > MailScanner[21677]: Virus Scanning: Bitdefender found 1 infections > > MailScanner[21677]: > /var/spool/MailScanner/incoming/21677/lB63ouC1021957. > > message->3.zip->ne.scr->(UPX) Infection: W32/Worm.E > > MailScanner[21677]: Virus Scanning: F-Prot found virus W32/Worm.E > > MailScanner[21677]: Virus Scanning: F-Prot found 1 infections > > MailScanner[21677]: Virus Scanning: Avg found 1 infections > > MailScanner[21677]: Virus Scanning: Avast found 1 infections > > MailScanner[21677]: Virus Scanning: Norman found 1 infections > > MailScanner[21677]: Infected message 21677 came from > > MailScanner[21677]: Infected message > lB63ouC1021957.message=>[Subject: N > > came from > > MailScanner[21677]: Infected message lB63ouC1021957.message > came from > > MailScanner[21677]: Virus Scanning: Found 1 viruses > > MailScanner[21677]: Uninfected: Delivered 1 messages > > --------- > > > > My conf > > --------- > > %org-name% = > > %org-long-name% = > > %web-site% = > > %etc-dir% = /etc/MailScanner > > %report-dir% = /etc/MailScanner/reports/en > > %rules-dir% = /etc/MailScanner/rules > > %mcp-dir% = /etc/MailScanner/mcp > > Max Children = 5 > > Run As User = > > Run As Group = > > Queue Scan Interval = 6 > > Incoming Queue Dir = /var/spool/mqueue.in > > Outgoing Queue Dir = /var/spool/mqueue > > Incoming Work Dir = /var/spool/MailScanner/incoming > > Quarantine Dir = /var/spool/MailScanner/quarantine > > PID file = /var/run/MailScanner.pid > > Restart Every = 7200 > > MTA = sendmail > > Sendmail = /usr/sbin/sendmail > > sendmail2 = /usr/sbin/sendmail > > Incoming Work User = > > Incoming Work Group = > > Incoming Work Permissions = 0600 > > Quarantine User = > > Quarantine Group = > > Quarantine Permissions = 0600 > > Max Unscanned Bytes Per Scan = 100m > > Max Unsafe Bytes Per Scan = 50m > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > Max Normal Queue Size = 800 > > Scan Messages = yes > > Reject Message = no > > Maximum Attachments Per Message = 200 > > Expand TNEF = yes > > Use TNEF Contents = replace > > Deliver Unparsable TNEF = no > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > TNEF Timeout = 120 > > File Command = /usr/bin/file > > File Timeout = 20 > > Gunzip Command = /bin/gunzip > > Gunzip Timeout = 50 > > Unrar Command = /usr/bin/unrar > > Unrar Timeout = 50 > > Find UU-Encoded Files = no > > Maximum Message Size = %rules-dir%/max.message.size.rules > > Maximum Attachment Size = -1 > > Minimum Attachment Size = -1 > > Maximum Archive Depth = 2 > > Find Archives By Content = yes > > Zip Attachments = no > > Attachments Zip Filename = MessageAttachments.zip > > Attachments Min Total Size To Zip = 100k > > Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg > .jpeg .mpg . > > mpe .mpeg .mp3 .rpm .htm .html .eml > > Virus Scanning = yes > > Virus Scanners = antivir clamav bitdefender f-prot avg avast norman > > Virus Scanner Timeout = 300 > > Deliver Disinfected Files = no > > Silent Viruses = HTML-IFrame All-Viruses > > Still Deliver Silent Viruses = no > > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > > Block Encrypted Messages = no > > Block Unencrypted Messages = no > > Allow Password-Protected Archives = no > > Check Filenames In Password-Protected Archives = yes > > Allowed Sophos Error Messages = > > Sophos IDE Dir = /opt/sophos-av/lib/sav > > Sophos Lib Dir = /opt/sophos-av/lib > > Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide > > Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/ > > local/share/clamav/*.cvd > > ClamAVmodule Maximum Recursion Level = 8 > > ClamAVmodule Maximum Files = 1000 > > ClamAVmodule Maximum Compression Ratio = 250 > > Clamd Port = 3310 > > Clamd Socket = /tmp/clamd > > Clamd Use Threads = no > > ClamAV Full Message Scan = yes > > Dangerous Content Scanning = yes > > Allow Partial Messages = no > > Allow External Message Bodies = no > > Find Phishing Fraud = yes > > Also Find Numeric Phishing = yes > > Use Stricter Phishing Net = yes > > Highlight Phishing Fraud = yes > > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > > Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf > > Country Sub-Domains List = %etc-dir%/country.domains.conf > > Allow IFrame Tags = disarm > > Allow Form Tags = disarm > > Allow Script Tags = disarm > > Allow WebBugs = disarm > > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > > Known Web Bug Servers = msgtag.com > > Web Bug Replacement = > http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > > Allow Object Codebase Tags = disarm > > Convert Dangerous HTML To Text = no > > Convert HTML To Text = no > > Allow Filenames = > > Deny Filenames = > > Filename Rules = %etc-dir%/filename.rules.conf > > Allow Filetypes = > > Deny Filetypes = > > Filetype Rules = %etc-dir%/filetype.rules.conf > > Quarantine Infections = yes > > Quarantine Silent Viruses = no > > Quarantine Modified Body = no > > Quarantine Whole Message = no > > Quarantine Whole Messages As Queue Files = no > > Keep Spam And MCP Archive Clean = no > > Language Strings = %report-dir%/languages.conf > > Rejection Report = %report-dir%/rejection.report.txt > > Deleted Bad Content Message Report = %report-dir%/deleted.content. > > message.txt > > Deleted Bad Filename Message Report = %report-dir%/deleted.filename. > > message.txt > > Deleted Virus Message Report = > %report-dir%/deleted.virus.message. > > txt > > Deleted Size Message Report = > %report-dir%/deleted.size.message. > > txt > > Stored Bad Content Message Report = > %report-dir%/stored.content.message. > > txt > > Stored Bad Filename Message Report = %report-dir%/stored.filename. > > message.txt > > Stored Virus Message Report = > %report-dir%/stored.virus.message. > > txt > > Stored Size Message Report = > %report-dir%/stored.size.message.txt > > Disinfected Report = %report-dir%/disinfected.report.txt > > Inline HTML Signature = %report-dir%/inline.sig.html > > Inline Text Signature = %report-dir%/inline.sig.txt > > Signature Image Filename = %report-dir%/sig.jpg > > Signature Image Filename = signature.jpg > > Inline HTML Warning = %report-dir%/inline.warning.html > > Inline Text Warning = %report-dir%/inline.warning.txt > > Sender Content Report = > %report-dir%/sender.content.report.txt > > Sender Error Report = %report-dir%/sender.error.report.txt > > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > > Sender Virus Report = %report-dir%/sender.virus.report.txt > > Sender Size Report = %report-dir%/sender.size.report.txt > > Hide Incoming Work Dir = yes > > Include Scanner Name In Reports = yes > > Mail Header = X-%org-name%-MailScanner: > > Spam Header = X-%org-name%-MailScanner-SpamCheck: > > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > > Information Header = X-%org-name%-MailScanner-Information: > > Add Envelope From Header = yes > > Add Envelope To Header = no > > Envelope From Header = X-%org-name%-MailScanner-From: > > Envelope To Header = X-%org-name%-MailScanner-To: > > Spam Score Character = s > > SpamScore Number Instead Of Stars = no > > Minimum Stars If On Spam List = 0 > > Clean Header Value = Found to be clean > > Infected Header Value = Found to be infected > > Disinfected Header Value = Disinfected > > Information Header Value = Please contact the ISP for more > information > > Detailed Spam Report = yes > > Include Scores In SpamAssassin Report = yes > > Always Include SpamAssassin Report = no > > Multiple Headers = append > > Hostname = the %org-name% ($HOSTNAME) MailScanner > > Sign Messages Already Processed = no > > Sign Clean Messages = yes > > Attach Image To Signature = no > > Attach Image To HTML Message Only = yes > > Mark Infected Messages = yes > > Mark Unscanned Messages = yes > > Unscanned Header Value = Not scanned: please contact your > Internet E- > > Mail Service Provider for details > > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > > Deliver Cleaned Messages = yes > > Notify Senders = yes > > Notify Senders Of Viruses = no > > Notify Senders Of Blocked Filenames Or Filetypes = yes > > Notify Senders Of Blocked Size Attachments = no > > Notify Senders Of Other Blocked Content = yes > > Never Notify Senders Of Precedence = list bulk > > Scanned Subject Text = {Scanned} > > Virus Modify Subject = start > > Virus Subject Text = {Virus?} > > Filename Modify Subject = start > > Filename Subject Text = {Filename?} > > Content Modify Subject = start > > Content Subject Text = {Dangerous Content?} > > Size Modify Subject = start > > Size Subject Text = {Size} > > Disarmed Modify Subject = start > > Disarmed Subject Text = {Disarmed} > > Phishing Modify Subject = no > > Phishing Subject Text = {Fraud?} > > Spam Modify Subject = start > > Spam Subject Text = {Spam?} > > High Scoring Spam Modify Subject = start > > High Scoring Spam Subject Text = {Spam?} > > Warning Is Attachment = yes > > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > > Attachment Encoding Charset = ISO-8859-1 > > Archive Mail = > > Send Notices = yes > > Notices Include Full Headers = yes > > Hide Incoming Work Dir in Notices = no > > Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww. > > mailscanner.info > > Notices From = MailScanner > > Notices To = postmaster > > Local Postmaster = postmaster > > Spam List Definitions = %etc-dir%/spam.lists.conf > > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > > Spam Checks = yes > > Spam Domain List = > > Spam Lists To Be Spam = 1 > > Spam Lists To Reach High Score = 3 > > Spam List Timeout = 10 > > Max Spam List Timeouts = 7 > > Spam List Timeouts History = 10 > > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > > Is Definitely Spam = no > > Definite Spam Is High Scoring = no > > Ignore Spam Whitelist If Recipients Exceed = 20 > > Max Spam Check Size = 200k > > Use Watermarking = no > > Add Watermark = yes > > Check Watermarks With No Sender = yes > > Treat Invalid Watermarks With No Sender as Spam = nothing > > Check Watermarks To Skip Spam Checks = yes > > Watermark Secret = %org-name%-Secret > > Watermark Lifetime = 604800 > > Watermark Header = X-%org-name%-MailScanner-Watermark: > > Use SpamAssassin = yes > > Max SpamAssassin Size = 200k > > Required SpamAssassin Score = 6 > > High SpamAssassin Score = 10 > > SpamAssassin Auto Whitelist = yes > > SpamAssassin Timeout = 75 > > Max SpamAssassin Timeouts = 10 > > SpamAssassin Timeouts History = 30 > > Check SpamAssassin If On Spam List = yes > > Include Binary Attachments In SpamAssassin = no > > Spam Score = yes > > Cache SpamAssassin Results = yes > > SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/ > > SpamAssassin.cache.db > > Rebuild Bayes Every = 0 > > Wait During Bayes Rebuild = no > > Use Custom Spam Scanner = no > > Max Custom Spam Scanner Size = 20k > > Custom Spam Scanner Timeout = 20 > > Max Custom Spam Scanner Timeouts = 10 > > Custom Spam Scanner Timeout History = 20 > > Spam Actions = deliver header "X-Spam-Status: Yes" > > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > > Non Spam Actions = deliver header "X-Spam-Status: No" > > SpamAssassin Rule Actions = > > Sender Spam Report = %report-dir%/sender.spam.report.txt > > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > > Enable Spam Bounce = %rules-dir%/bounce.rules > > Bounce Spam As Attachment = no > > Syslog Facility = mail > > Log Speed = no > > Log Spam = no > > Log Non Spam = no > > Log Permitted Filenames = no > > Log Permitted Filetypes = no > > Log Silent Viruses = no > > Log Dangerous HTML Tags = no > > SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/ > > SpamAssassin-Temp > > SpamAssassin User State Dir = > > SpamAssassin Install Prefix = > > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > SpamAssassin Local Rules Dir = > > SpamAssassin Default Rules Dir = > > MCP Checks = no > > First Check = spam > > MCP Required SpamAssassin Score = 1 > > MCP High SpamAssassin Score = 10 > > MCP Error Score = 1 > > MCP Header = X-%org-name%-MailScanner-MCPCheck: > > Non MCP Actions = deliver > > MCP Actions = deliver > > High Scoring MCP Actions = deliver > > Bounce MCP As Attachment = no > > MCP Modify Subject = start > > MCP Subject Text = {MCP?} > > High Scoring MCP Modify Subject = start > > High Scoring MCP Subject Text = {MCP?} > > Is Definitely MCP = no > > Is Definitely Not MCP = no > > Definite MCP Is High Scoring = no > > Always Include MCP Report = no > > Detailed MCP Report = yes > > Include Scores In MCP Report = no > > Log MCP = no > > MCP Max SpamAssassin Timeouts = 20 > > MCP Max SpamAssassin Size = 100k > > MCP SpamAssassin Timeout = 10 > > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > > MCP SpamAssassin User State Dir = > > MCP SpamAssassin Local Rules Dir = %mcp-dir% > > MCP SpamAssassin Default Rules Dir = %mcp-dir% > > MCP SpamAssassin Install Prefix = %mcp-dir% > > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > Use Default Rules With Multiple Recipients = no > > Spam Score Number Format = %d > > MailScanner Version Number = 4.66.1 > > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > > Debug = no > > Debug SpamAssassin = no > > Run In Foreground = no > > Always Looked Up Last = no > > Always Looked Up Last After Batch = no > > Deliver In Background = yes > > Delivery Method = batch > > Split Exim Spool = no > > Lockfile Dir = /tmp > > Custom Functions Dir = > /usr/lib/MailScanner/MailScanner/CustomFunctions > > Lock Type = > > Syslog Socket Type = > > Minimum Code Status = supported > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Fri Dec 7 10:04:52 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Dec 7 10:04:55 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <47591530.7030605@ecs.soton.ac.uk> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> Message-ID: <625385e30712070204o2c299bb5v7d8f646ac4fb44f5@mail.gmail.com> On Dec 7, 2007 10:41 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I don't really want to upgrade the copy of MIME-tools I use to the > latest, as it now requires Perl 5.8. This will royally screw many of the > Solaris users out there who only have Perl 5.6 available. > > If anyone has any thoughts on this, I'm all ears... And there is no way MS can support both versions of MIME-tools? I was wondering about that regarding Mail-tools as well, to use 4.66 do we have to have Mail-tools 2.02 or is it OK with the older versions? -- /peter From MailScanner at ecs.soton.ac.uk Fri Dec 7 10:15:51 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 7 10:16:09 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <625385e30712070204o2c299bb5v7d8f646ac4fb44f5@mail.gmail.com> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> <625385e30712070204o2c299bb5v7d8f646ac4fb44f5@mail.gmail.com> Message-ID: <47591D57.3090301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > On Dec 7, 2007 10:41 AM, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I don't really want to upgrade the copy of MIME-tools I use to the >> latest, as it now requires Perl 5.8. This will royally screw many of the >> Solaris users out there who only have Perl 5.6 available. >> >> If anyone has any thoughts on this, I'm all ears... >> > > And there is no way MS can support both versions of MIME-tools? I was > wondering about that regarding Mail-tools as well, to use 4.66 do we > have to have Mail-tools 2.02 or is it OK with the older versions? > I'm sorry but my answer is "I don't know" on both counts. I would be very interested if you could try the second one (Mailtools). Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHWR1XEfZZRxQVtlQRAoJ3AJ0XevyUntcaDTWE2wfiVPx5sBevLQCgh4/U GywWhIV95VQ/zlduQSFv3oA= =bdyG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Fri Dec 7 10:26:38 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Dec 7 10:26:41 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <47591D57.3090301@ecs.soton.ac.uk> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> <625385e30712070204o2c299bb5v7d8f646ac4fb44f5@mail.gmail.com> <47591D57.3090301@ecs.soton.ac.uk> Message-ID: <625385e30712070226o52e28701h6259b99fdff6b4ef@mail.gmail.com> On Dec 7, 2007 11:15 AM, Julian Field wrote: > > And there is no way MS can support both versions of MIME-tools? I was > > wondering about that regarding Mail-tools as well, to use 4.66 do we > > have to have Mail-tools 2.02 or is it OK with the older versions? > > > I'm sorry but my answer is "I don't know" on both counts. > I would be very interested if you could try the second one (Mailtools). Blastwave is still at Mail-tools 1.71 so I'll just download the 4.66 beta and give it a spin. :-) -- /peter From jplorier at montecarlotv.com.uy Fri Dec 7 11:24:11 2007 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Fri Dec 7 10:29:08 2007 Subject: Setting gateway Message-ID: Hi people, I?m setting a mail gateway with mailscanner and sendmail to send only clean mail to my Scalix mail server. The thing is that of course, there are no mail accounts in the mailscanner box and though when I send a mail to the user@mydomain.com it bounces with the error ?unknown user?. Can anybody tell me how to set mailscanner (or sendmail in fact) to not to check for valid mail addresses and just deliver everything that is not spam or infected? Thanks, Ing. Juan Pablo Lorier Monte Carlo TV SA Montevideo, Uruguay +(598)2 9244444 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071207/919fd882/attachment.html From martinh at solidstatelogic.com Fri Dec 7 10:32:53 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Dec 7 10:32:58 2007 Subject: Setting gateway In-Reply-To: Message-ID: Juan There's a wiki article on setting up a relay within sendmail.. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Juan Pablo Lorier > Sent: 07 December 2007 11:24 > To: mailscanner@lists.mailscanner.info > Subject: Setting gateway > > Hi people, > > I'm setting a mail gateway with mailscanner and sendmail to send only > clean mail to my Scalix mail server. The thing is that of course, there > are no mail accounts in the mailscanner box and though when I send a mail > to the user@mydomain.com it bounces with the error "unknown user". Can > anybody tell me how to set mailscanner (or sendmail in fact) to not to > check for valid mail addresses and just deliver everything that is not > spam or infected? > Thanks, > > Ing. Juan Pablo Lorier > Monte Carlo TV SA > Montevideo, Uruguay > +(598)2 9244444 > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From t.d.lee at durham.ac.uk Fri Dec 7 10:46:30 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Dec 7 10:46:59 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <47591530.7030605@ecs.soton.ac.uk> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> Message-ID: On Fri, 7 Dec 2007, Julian Field wrote: > I don't really want to upgrade the copy of MIME-tools I use to the > latest, as it now requires Perl 5.8. This will royally screw many of the > Solaris users out there who only have Perl 5.6 available. > > If anyone has any thoughts on this, I'm all ears... I've not been following the detail, but I've done a quick check on the recent history of MIME-tools. It seems that version 5.420_01 (18 June 2007) of MIME-tools made a significant change, documented in its "ChangeLog", saying thus: ... NOTE THAT THIS REQUIRES PERL 5.8! It might be worth dropping a note to David Skoll (one of the MIME-tools custodians these days) pointing out the impact for Solaris users. I wonder whether or not they could relatively easily backtrack on this decision? Are the implications of their decision deeply embedded, and so difficult to revert? Or could they actually quite easily revert if necessary? Jules: Would you like me to contact Skoll about this, citing (for instance) your paragraph above about Solaris users? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From gerard at seibercom.net Fri Dec 7 10:56:58 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Dec 7 10:56:56 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: References: <47591530.7030605@ecs.soton.ac.uk> Message-ID: <20071207055643.326D.5D1198DB@seibercom.net> On Friday December 07, 2007 at 05:46:30 (AM) David Lee wrote: > > I don't really want to upgrade the copy of MIME-tools I use to the > > latest, as it now requires Perl 5.8. This will royally screw many of the > > Solaris users out there who only have Perl 5.6 available. Perl-5.6 is ancient. Many of my perl based programs can not run under it. This is probably a dumb question; however, why can't or don't Solaris users update to the latest version of Perl? As a FreeBSD user, that is a simple matter. The ports system on FBSD is virtually always up to date. Sorry; however, I just do not understand how Solaris works. -- Gerard -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071207/9b6f89c5/attachment.bin From prandal at herefordshire.gov.uk Fri Dec 7 10:57:23 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Dec 7 10:57:29 2007 Subject: The cluelessness of people who should know better Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0260188D@HC-MBX02.herefordshire.gov.uk> McAfee should be ashamed of themselves! "Just vist us at MailScanner has detected a possible fraud attempt from "www.dynamail.co.uk" claiming to be www.mcafeestopdataloss.com/uk to find out how. And you'll also gain access to all you need to know about McAfee Data Protection." *sigh* Well, it brought a smile to my face. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071207/9f9081a3/attachment.html From martinh at solidstatelogic.com Fri Dec 7 11:02:55 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Dec 7 11:03:04 2007 Subject: The cluelessness of people who should know better In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0260188D@HC-MBX02.herefordshire.gov.uk> Message-ID: <1d1d9f0b89b65c4da734d46c5e183dab@solidstatelogic.com> Stupid legit bulk mailings... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 07 December 2007 10:57 > To: mailscanner@lists.mailscanner.info > Subject: The cluelessness of people who should know better > > McAfee should be ashamed of themselves! > > > "Just vist us at MailScanner has detected a possible fraud attempt from > "www.dynamail.co.uk" claiming to be www.mcafeestopdataloss.com/uk > re.gov.uk&mailshotid=19229&redirect=http://www.mcafeestopdataloss.com/uk> > to find out how. And you'll also gain access to all you need to know about > McAfee Data Protection." > > *sigh* > > Well, it brought a smile to my face. > > Phil > > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Dec 7 11:21:33 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 7 11:21:48 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> Message-ID: <47592CBD.4080104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Lee wrote: > On Fri, 7 Dec 2007, Julian Field wrote: > > >> I don't really want to upgrade the copy of MIME-tools I use to the >> latest, as it now requires Perl 5.8. This will royally screw many of the >> Solaris users out there who only have Perl 5.6 available. >> >> If anyone has any thoughts on this, I'm all ears... >> > > I've not been following the detail, but I've done a quick check on the > recent history of MIME-tools. > > It seems that version 5.420_01 (18 June 2007) of MIME-tools made a > significant change, documented in its "ChangeLog", saying thus: > ... NOTE THAT THIS REQUIRES PERL 5.8! > > It might be worth dropping a note to David Skoll (one of the MIME-tools > custodians these days) pointing out the impact for Solaris users. > > I wonder whether or not they could relatively easily backtrack on this > decision? > > Are the implications of their decision deeply embedded, and so difficult > to revert? Or could they actually quite easily revert if necessary? > > Jules: Would you like me to contact Skoll about this, citing (for > instance) your paragraph above about Solaris users? > Yes please. > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHWSy9EfZZRxQVtlQRApFNAKCsjD0oldsaowspOM3gpXCsPMtOTQCeLjZJ zR7fYMP6aHNcsSWGi0MuK9s= =KdN6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jplorier at montecarlotv.com.uy Fri Dec 7 13:06:47 2007 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Fri Dec 7 12:12:00 2007 Subject: Setting gateway In-Reply-To: <200712071052.lB7Ap0Qj013746@safir.blacknight.ie> Message-ID: Hi Martin, Thanks for the answer, but I've already done that. I still don's know if it's working because I can't get mail to enter the server to be scanned and send to the mail server because as there are no user accounts for sendmail un the mailscanner gateway, it bounces the mails with the error user unknown. As I see it, it's not clean to set every user both in the gateway and in the mail server, so there should be two options: - have sendmail not to check for user existence and just accept the mail and forward it to the mail server - have sendmail to use the same LDAP database that the mail server. I prefer the first for less complexity and to avoid another point of failure. From ugob at lubik.ca Fri Dec 7 12:42:07 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Dec 7 12:43:05 2007 Subject: Setting gateway In-Reply-To: References: <200712071052.lB7Ap0Qj013746@safir.blacknight.ie> Message-ID: Juan Pablo Lorier wrote: > Hi Martin, > > Thanks for the answer, but I've already done that. I still don's know if > it's working because I can't get mail to enter the server to be scanned > and send to the mail server because as there are no user accounts for > sendmail un the mailscanner gateway, it bounces the mails with the error > user unknown. > As I see it, it's not clean to set every user both in the gateway and in > the mail server, so there should be two options: > - have sendmail not to check for user existence and just accept the mail > and forward it to the mail server > - have sendmail to use the same LDAP database that the mail server. > > I prefer the first for less complexity and to avoid another point of > failure. The first should be possible, many, many many persons do that. Please give more info on what you did and we'll help you. Regards, Ugo From steve.freegard at fsl.com Fri Dec 7 12:51:13 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Dec 7 12:49:20 2007 Subject: Setting gateway In-Reply-To: References: <200712071052.lB7Ap0Qj013746@safir.blacknight.ie> Message-ID: <475941C1.6060000@fsl.com> Hi Juan Pablo, Juan Pablo Lorier wrote: > Hi Martin, > > Thanks for the answer, but I've already done that. I still don's know if > it's working because I can't get mail to enter the server to be scanned > and send to the mail server because as there are no user accounts for > sendmail un the mailscanner gateway, it bounces the mails with the error > user unknown. This is being caused by the following possible reasons: 1) The hostname of the machine is the same as the domain (BAD!) so sendmail thinks all the mailboxes are local (which don't exist). 2) The domain is listed as an alias of the machine (e.g. /etc/mail/local-host-names on a RedHat system) causing the same issue as above. 3) You haven't configured Sendmail to relay messages for this domain correctly. You should have added a 'mailertable' entry for the domain e.g. domain.com esmtp:[ip.add.re.ss] And defined told the access-map that relaying messages to this domain is permissible: To:domain.com RELAY And you should make sure that you remembered to build the database files for both access and mailterable by running 'make'. Running: echo "3,0 email@domain.com" | sendmail -bt -d0.10 Should show what sendmail thinks it should do with the message (look for esmtp or smtp on the last-line, local is incorrect). > As I see it, it's not clean to set every user both in the gateway and in > the mail server, so there should be two options: > - have sendmail not to check for user existence and just accept the mail > and forward it to the mail server > - have sendmail to use the same LDAP database that the mail server. > > I prefer the first for less complexity and to avoid another point of > failure. This is a separate issue. Get the above working first, then start looking at the various milters for Sendmail that can do SMTP call-ahead recipient verification (milter-ahead, smf-sav, mailfromd etc.). Kind regards, Steve. -- Steve Freegard Fort Systems Ltd. From mailscanner at lists.com.ar Fri Dec 7 13:26:33 2007 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Fri Dec 7 13:26:46 2007 Subject: Possible optimization Message-ID: <1197033993.8513.14.camel@morticia.pert.com.ar> Hi, yesterday, I came across a chunk of code that I never saw before. -------------------------------------------------------- sub StartTiming { my $this = shift; my($varprefix, $usertext) = @_; my $command = ""; my $now = time; $command = '$this->{' . $varprefix . '_starttime} = $now;'; eval $command; } --------------------------------------------------------- And the same for StopTiming. I don't understand why you choose an eval there? It's about 20 times slower than doing something like $$this{$varprefix}{starttime}=$now; Or something like this if you prefer $this->{$varprefix . '_starttime'} = $now; I'm very curious about it. Why?? Here is a benchmark --------------------------------------------- use Benchmark; Benchmark::cmpthese(1000000, { _eval => '_eval', _hash => '_hash', } ); sub _eval { my $now = time; my $cmd = '$pepe{'.$var.'_start} = $now'; eval $cmd; } sub _hash{ $pepe{$var.'_start'} = time; } Rate _eval _hash _eval 28843/s -- -95% _hash 609756/s 2014% -- --------------------------------------------- Another one In the cache functions, the uncompress/compress calls should be better (cleaner) inside those functions. Saludos Leonardo Helman PERT Consultores SRL Argentina From shuttlebox at gmail.com Fri Dec 7 13:37:48 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Dec 7 13:37:52 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <20071207055643.326D.5D1198DB@seibercom.net> References: <47591530.7030605@ecs.soton.ac.uk> <20071207055643.326D.5D1198DB@seibercom.net> Message-ID: <625385e30712070537sd6f780fpba3185fa878ba392@mail.gmail.com> On Dec 7, 2007 11:56 AM, Gerard Seibert wrote: > This is probably a dumb question; however, why can't or don't Solaris users > update to the latest version of Perl? As a FreeBSD user, that is a simple > matter. The ports system on FBSD is virtually always up to date. > > Sorry; however, I just do not understand how Solaris works. As we've seen now and many times before running the latest doesn't always equal the greatest. Solaris is all about stability and they guarantee compatibility between releases, one way of fulfilling that is not doing feature upgrades during main releases. Only the latest version of Solaris (10) includes Perl 5.8 but since many Solaris servers just works it's a very real problem for Sun that their customers are still running version 8 and 9 in large numbers, some ever older releases than that and then we're looking at software releases over 10 years old. We like that the platform itself is stable but there are alternatives. I package MailScanner for the Blastwave project and it also has fresh versions of Perl and pretty much every popular open source software (around 1700 titles). Look at it as an alternative "repository" of free software. -- /peter From jaearick at colby.edu Fri Dec 7 13:51:32 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Dec 7 13:51:50 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <47591530.7030605@ecs.soton.ac.uk> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> Message-ID: On Fri, 7 Dec 2007, Julian Field wrote: > Date: Fri, 07 Dec 2007 09:41:04 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: MailScanner --lint doesn't check Eicar virus - OK here! > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I don't really want to upgrade the copy of MIME-tools I use to the > latest, as it now requires Perl 5.8. This will royally screw many of the > Solaris users out there who only have Perl 5.6 available. > > If anyone has any thoughts on this, I'm all ears... As a longtime Solaris user (soon to be Redhat!) I have to agree with others here -- 5.6 is ancient. If you can't be bothered to upgrade to Solaris 10 and/or build your own version of Perl, then you can't complain when you get left behind. I don't even install Sun's perl from my Jumpstart setup, I install from the latest stable tarball. I've always thought of MailScanner as "roll your own" instead of canned. Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Fri Dec 7 14:09:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 7 14:09:51 2007 Subject: Setting gateway In-Reply-To: <475941C1.6060000@fsl.com> References: <200712071052.lB7Ap0Qj013746@safir.blacknight.ie> <475941C1.6060000@fsl.com> Message-ID: <47595421.5080607@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Freegard wrote: > Hi Juan Pablo, > > Juan Pablo Lorier wrote: >> Hi Martin, >> >> Thanks for the answer, but I've already done that. I still don's know >> if it's working because I can't get mail to enter the server to be >> scanned and send to the mail server because as there are no user >> accounts for sendmail un the mailscanner gateway, it bounces the >> mails with the error user unknown. > > This is being caused by the following possible reasons: > > 1) The hostname of the machine is the same as the domain (BAD!) so > sendmail thinks all the mailboxes are local (which don't exist). > > 2) The domain is listed as an alias of the machine (e.g. > /etc/mail/local-host-names on a RedHat system) causing the same issue > as above. > > 3) You haven't configured Sendmail to relay messages for this domain > correctly. > > You should have added a 'mailertable' entry for the domain e.g. > > domain.com esmtp:[ip.add.re.ss] > > And defined told the access-map that relaying messages to this domain > is permissible: > > To:domain.com RELAY > > And you should make sure that you remembered to build the database > files for both access and mailterable by running 'make'. > > Running: > > echo "3,0 email@domain.com" | sendmail -bt -d0.10 > > Should show what sendmail thinks it should do with the message (look > for esmtp or smtp on the last-line, local is incorrect). sendmail -bv email@domain.com is rather shorter :-) > >> As I see it, it's not clean to set every user both in the gateway and >> in the mail server, so there should be two options: >> - have sendmail not to check for user existence and just accept the >> mail and forward it to the mail server >> - have sendmail to use the same LDAP database that the mail server. >> >> I prefer the first for less complexity and to avoid another point of >> failure. > > This is a separate issue. Get the above working first, then start > looking at the various milters for Sendmail that can do SMTP > call-ahead recipient verification (milter-ahead, smf-sav, mailfromd > etc.). > > Kind regards, > Steve. > > -- > Steve Freegard > Fort Systems Ltd. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHWVQhEfZZRxQVtlQRAobRAKCkIGz92yA7MJ6cY0CtZUghKb8FhgCeND1V Ey+9+ohK9OF5R1s8jCX04vY= =fRQf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Fri Dec 7 14:12:53 2007 From: dave.list at pixelhammer.com (DAve) Date: Fri Dec 7 14:11:05 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> Message-ID: <475954E5.2020803@pixelhammer.com> Jeff A. Earickson wrote: > On Fri, 7 Dec 2007, Julian Field wrote: > >> Date: Fri, 07 Dec 2007 09:41:04 +0000 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: MailScanner --lint doesn't check Eicar virus - OK here! >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I don't really want to upgrade the copy of MIME-tools I use to the >> latest, as it now requires Perl 5.8. This will royally screw many of the >> Solaris users out there who only have Perl 5.6 available. >> >> If anyone has any thoughts on this, I'm all ears... > > As a longtime Solaris user (soon to be Redhat!) I have to agree with > others here -- 5.6 is ancient. If you can't be bothered to upgrade > to Solaris 10 and/or build your own version of Perl, then you can't > complain when you get left behind. I don't even install Sun's perl > from my Jumpstart setup, I install from the latest stable tarball. > I've always thought of MailScanner as "roll your own" instead of canned. > For some who can't install Solaris 10 due to hardware, I'd recommend NetBSD. We have installed it on our old Solaris hardware and it runs wonderfully. DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? From MailScanner at ecs.soton.ac.uk Fri Dec 7 14:14:14 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 7 14:14:31 2007 Subject: Possible optimization In-Reply-To: <1197033993.8513.14.camel@morticia.pert.com.ar> References: <1197033993.8513.14.camel@morticia.pert.com.ar> Message-ID: <47595536.2070701@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well spotted. I didn't write that bit of code, and obviously didn't check someone else's contribution closely enough. Fixed now. Thanks! Jules. Leonardo Helman wrote: > Hi, yesterday, I came across a chunk of code that I never saw before. > > > -------------------------------------------------------- > sub StartTiming { > my $this = shift; > my($varprefix, $usertext) = @_; > > my $command = ""; > my $now = time; > > $command = '$this->{' . $varprefix . '_starttime} = $now;'; > eval $command; > } > --------------------------------------------------------- > > > And the same for StopTiming. > > I don't understand why you choose an eval there? > It's about 20 times slower than doing something like > > $$this{$varprefix}{starttime}=$now; > > Or something like this if you prefer > > $this->{$varprefix . '_starttime'} = $now; > > > I'm very curious about it. > Why?? > > > Here is a benchmark > > --------------------------------------------- > use Benchmark; > Benchmark::cmpthese(1000000, > { > _eval => '_eval', > _hash => '_hash', > } > ); > > sub _eval { > my $now = time; > my $cmd = '$pepe{'.$var.'_start} = $now'; > eval $cmd; > } > > sub _hash{ > $pepe{$var.'_start'} = time; > } > > > Rate _eval _hash > _eval 28843/s -- -95% > _hash 609756/s 2014% -- > > --------------------------------------------- > > Another one > > In the cache functions, the uncompress/compress calls should be better > (cleaner) inside those functions. > > > Saludos > Leonardo Helman > PERT Consultores SRL > Argentina > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHWVU2EfZZRxQVtlQRAqgCAKCJUDQPJSWFhwoNavwZEp6c3qEzhQCfe8Lj 8bROsfjaDQx7V1K0V1RTxpQ= =5Lms -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Fri Dec 7 14:36:39 2007 From: micoots at yahoo.com (Michael Mansour) Date: Fri Dec 7 14:36:42 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <20071207055643.326D.5D1198DB@seibercom.net> Message-ID: <47486.56893.qm@web33308.mail.mud.yahoo.com> Hi Gerard/Jules, --- Gerard Seibert wrote: > On Friday December 07, 2007 at 05:46:30 (AM) David > Lee wrote: > > > > I don't really want to upgrade the copy of > MIME-tools I use to the > > > latest, as it now requires Perl 5.8. This will > royally screw many of the > > > Solaris users out there who only have Perl 5.6 > available. > > Perl-5.6 is ancient. Many of my perl based programs > can not run under it. I may not fully agree with Gerard here, but he does have a point. There will be a time when Sun will cease support of the older perl 5.6 and force people to bite the bullet and upgrade their Solaris. I wonder if people have checked the Solaris roadmap lately? > This is probably a dumb question; however, why can't > or don't Solaris users > update to the latest version of Perl? As a FreeBSD > user, that is a simple > matter. The ports system on FBSD is virtually always > up to date. > > Sorry; however, I just do not understand how Solaris > works. Vendor support is critical, if they are running perl 5.6.x it's because the Solaris version they are running only provides that perl version. They would have to upgrade the entire OS to get the later version of perl. Most companies consider that a major upgrade which requires a lot of time to possibly purchase new hardware, test, QA and move into production. There's only so long an OS can last before you have to upgrade, but 8 years from first release is a "normal" vendor support timeframe. Although I guess Jules does have the option to modify his script to detect the perl and OS version which is running, and install an old Mail-tools pm for an older perl and a more updated Mail-tools pm for the newer perl. Regards, Michael. > -- > Gerard> -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From stef at aoc-uk.com Fri Dec 7 14:38:57 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Fri Dec 7 15:06:00 2007 Subject: Binary attachments in SpamAssassin Message-ID: <200712071505.lB7F5vjN014064@safir.blacknight.ie> The main.cf comments for the option Include Binary Attachments In SpamAssassin include the sentence # Setting this to "no" will have no effect without a small patch to the # SpamAssassin code. Did you mean "yes" rather than "no"?? Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From shuttlebox at gmail.com Fri Dec 7 16:05:09 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Dec 7 16:05:12 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <47591D57.3090301@ecs.soton.ac.uk> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> <625385e30712070204o2c299bb5v7d8f646ac4fb44f5@mail.gmail.com> <47591D57.3090301@ecs.soton.ac.uk> Message-ID: <625385e30712070805p1bf6dd6em328ecedc3c753617@mail.gmail.com> On Dec 7, 2007 11:15 AM, Julian Field wrote: > shuttlebox wrote: > > And there is no way MS can support both versions of MIME-tools? I was > > wondering about that regarding Mail-tools as well, to use 4.66 do we > > have to have Mail-tools 2.02 or is it OK with the older versions? > > > I'm sorry but my answer is "I don't know" on both counts. > I would be very interested if you could try the second one (Mailtools). I have just built the 4.66 beta and I can issue -v and --lint without problems and it also starts normally, this is with MIME-tools 5.420 and Mail-tools 1.71. I don't have time to do any real testing beyond that right now, I will get back to you Monday. -- /peter From richard.frovarp at sendit.nodak.edu Fri Dec 7 16:28:49 2007 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri Dec 7 16:28:53 2007 Subject: Setting gateway In-Reply-To: References: Message-ID: <475974C1.1030505@sendit.nodak.edu> Juan Pablo Lorier wrote: > Hi Martin, > > Thanks for the answer, but I've already done that. I still don's know if > it's working because I can't get mail to enter the server to be scanned > and send to the mail server because as there are no user accounts for > sendmail un the mailscanner gateway, it bounces the mails with the error > user unknown. > As I see it, it's not clean to set every user both in the gateway and in > the mail server, so there should be two options: > - have sendmail not to check for user existence and just accept the mail > and forward it to the mail server > This is bad. Your gateway will accept mail for unknown users, your mail server will reject, then you cause back scatter. > - have sendmail to use the same LDAP database that the mail server. > Do this as it will reject to unknown users at the right time and reduce load. It's actually easy to do. I have a meeting at the moment, so I can't lookup instructions right now. Richard From MailScanner at ecs.soton.ac.uk Fri Dec 7 16:32:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 7 16:33:15 2007 Subject: Binary attachments in SpamAssassin In-Reply-To: <200712071505.lB7F5vjN014064@safir.blacknight.ie> References: <200712071505.lB7F5vjN014064@safir.blacknight.ie> Message-ID: <475975B1.1040700@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Absolutely right. It will be fixed in the next release. Stef Morrell wrote: > The main.cf comments for the option > > Include Binary Attachments In SpamAssassin > > include the sentence > > # Setting this to "no" will have no effect without a small patch to the > # SpamAssassin code. > > Did you mean "yes" rather than "no"?? > > Stef > Stefan Morrell | Operations Director > Tel: 0845 3452820 | Alpha Omega Computers Ltd > Fax: 0845 3452830 | Incorporating Level 5 Internet > stef@aoc-uk.com | stef@l5net.net > > Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. > Registered in England No. 3867142. VAT No. GB734421454 > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHWXWyEfZZRxQVtlQRAtTLAKDMkgM42vIR+PrOCliTHw5RxD5iEQCdFJQK PY+Ii9Nlteh2bPZE7LQmCkY= =Gqb8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Fri Dec 7 16:34:18 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Dec 7 16:34:30 2007 Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: References: Message-ID: <4759760A.2060103@nerc.ac.uk> Erick Perez wrote: > Just a quick help to the comunity, we started to see many errors in > our systems after a perl upgrade. > So here's how to spot it and fix it (temporary fix of course) > > These instructions are for Centos 4.x / 5.x only, modify according to > your system Can't help thinking that this is part of the risk of using 3rd party repos. Much as I'd like a "one-click" installation of MailScanner, I'd rather put the extra work in twice a year to update MS than worry about unapproved upgrades from 3rd party breaking things in unexpected ways. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From ssilva at sgvwater.com Fri Dec 7 19:09:09 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Dec 7 19:09:37 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <703640.65993.qm@web33312.mail.mud.yahoo.com> References: <7EF0EE5CB3B263488C8C18823239BEBA02601821@HC-MBX02.herefordshire.gov.uk> <703640.65993.qm@web33312.mail.mud.yahoo.com> Message-ID: on 12/6/2007 6:05 PM Michael Mansour spake the following: > Hi Phil, > > --- "Randal, Phil" > wrote: > >> I've finally tracked this down: >> >> yumming from the rpmforge repo had updated >> perl-MIME-Tools to version >> 5.424. >> >> Downgrading to 5.420 made things work: > > I'm so glad you worked this one out. I also did the > downgrade and discovered that the "block of wmv files" > subject I'd sent through the list also was resolved > ie. blocking attachments was now working again. > > What you, and anyone else using the perl-MIME-tools > update would have found is, that you weren't actually > blocking any attachments anymore, as for me this is > what had happened. > > You see, the reason the Eicar virus test was failing > was because the MIME checking was broken with the > perl-MIME-tools update. > > I asked this question previously in the "block of wmv > files" subject in the mailing list, asking/commenting > that I couldn't be the only one experiencing this > problem but others either didn't test it or were > oblivious to the fact that attachment checking was no > longer working for them. > > With this trouble-shooting and resolution (and letting > us know about it here), you've hit at least 2 birds > with the one stone. > > Good work mate and thanks again. > > Michael. Strange.. I have rpmforge enabled on a CentOS 5 box and perl-MIME-tools is still at 5.420 here, and I know I have updated because I was hit with the mailtools upgrade bug. Did this also affect CentOS 4 or do I need to be ready for another hit? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Dec 7 19:19:23 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Dec 7 19:19:45 2007 Subject: MailTools and MailScanner... In-Reply-To: <350517.83862.qm@web33308.mail.mud.yahoo.com> References: <350517.83862.qm@web33308.mail.mud.yahoo.com> Message-ID: on 12/6/2007 6:15 PM Michael Mansour spake the following: > Hi Scott, > > --- Scott Silva wrote: > >> on 12/4/2007 1:58 PM Philip Zeigler spake the >> following: >>> Scott Silva wrote: >>>> on 12/4/2007 12:06 PM Philip Zeigler spake the >> following: >>>>> ajos1@onion.demon.co.uk wrote: >>>>>> - >>>>>> >>>>>> The reply back is: >>>>>> >>>>>> ============================ >>>>>> >>>>>> From: mark@zzzzzzzz to ajos1@zzzzzzzz >> Date: Sun, 2 >>>>>> Dec 2007 22:35:59 +0100 Subject: ajos1 >> - Re: MailTools and >>>>>> MailScanner... CC/Multi-To: (none) >> Attachments: >>>>>> (none) * ajos1@zzzzzzzz (ajos1@zzzzzzzz) >> [071202 21:07]: >>>>>> >>>>>>> Not sure if you use MailScanner or not... >>>>>>> >>>>>> No, never heard of it. Don't know where it is >> kept (not on CPAN). >>>>>> >>>>>>> Since MailTools 2.01 - We have an error... and >> we are not sure if it >>>>>>> is a MailTools problem or a MailScanner >> problem... See the message at >>>>>>> the end... >>>>>>> >>>>>> The MailTools 2.xx code is a massive clean-up. >> One of the things which >>>>>> changed, is a stricter use of clean coding >> techniques. >>>>>> >>>>>>> [root@onion perl_ext]# MailScanner -v | head >> -20 >>>>>>> Variable "$FIELD_NAME" is not imported at >>>>>>> /usr/lib/MailScanner/MailScanner/Message.pm >> line 6907. >>>>>>> >>>>>> Understandable. Yes an effect of my cleanups. >>>>>> >>>>>> >>>>>>> package Mail::Header; >>>>>>> $arr->[1] =~ >> /\A$FIELD_NAME/o; >>>>>>> >>>>>> Something very bad is happening here: code is >> added to an existing >>>>>> module. This code should either be added in >> the core Mail::Header >>>>>> package OR should be added using the OO >> extension mechanism. >>>>>> The author of the mailscanner has to clean-up >> his code, IMO. I could >>>>>> export the $FIELD_NAME, but preferrably not. >>>>>> >>>>> Just did a yum update on my Centos 5 system and >> it installed >>>>> MailTools-2.02. Is there a fix planned for this >> any time soon or >>>>> should I downgrade to 1.7.7 and exclude the >> update? >>>>> Philip >>>> Which repo did you get this from? I only see it >> in Fedora. >>> It updated today from the rpmforge repo. >>> >>> Philip >> Now I see it. My mirror must have been a little >> slow. >> The only fix so far is to downgrade to 1.7x >> MailTools. >> Who knows if or when Julian might work on this. Just >> because the MailTools >> coder says he is using clean coding techniques >> doesn't mean it is 100% proper >> coding. We will have to see what else breaks. > > Have you noticed anything else break with the latest > RPMforge perl-MailTools and the latest MailScanner > 4.66 beta? > No, but I see a problem with the latest Mime-tools and I don't think even the beta touches that one. My New mailservers aren't on line yet, so all I have to test with so far are --lint's. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Dec 7 19:39:28 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Dec 7 19:39:59 2007 Subject: Found viruses but Uninfected Delivered In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA02601853@HC-MBX02.herefordshire.gov.uk> References: <20071206135514.D7B0.ASAKAWA@quickd.net> <20071207113246.BE94.ASAKAWA@quickd.net> <7EF0EE5CB3B263488C8C18823239BEBA02601853@HC-MBX02.herefordshire.gov.uk> Message-ID: on 12/7/2007 1:52 AM Randal, Phil spake the following: > See my and Michael Mansour's earlier posts. > > This is a prime example of why "rpmforging" MailScanner and its support > modules is a bad idea. > > Updates to both perl-MIME-tools and perl-Mail-Tools have broken > MailScanner. > > Cheers, > > Phil I think I am going to have to re-think my use of rpmforge on EL5 platform as I stopped using it on the EL4 platform. Using excludes are OK, but you usually have to "close the barn door after the horses escape". That is less than optimal. Maybe Julian needs his own repo with the most current to his requirements packages, and if you already have better, rpm will take care of that. He could drop them in stable, and drop the beta packages in testing so people could also choose to be innovators or followers. But it would be more work for Julian, and I think his plate is full. I'm sure that rpmforge had valid reasons to update those packages other than "they are so shiny and new", but that is not the issue. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Dec 7 19:46:02 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Dec 7 19:46:16 2007 Subject: Setting gateway In-Reply-To: References: <200712071052.lB7Ap0Qj013746@safir.blacknight.ie> Message-ID: on 12/7/2007 5:06 AM Juan Pablo Lorier spake the following: > Hi Martin, > > Thanks for the answer, but I've already done that. I still don's know if > it's working because I can't get mail to enter the server to be scanned > and send to the mail server because as there are no user accounts for > sendmail un the mailscanner gateway, it bounces the mails with the error > user unknown. > As I see it, it's not clean to set every user both in the gateway and in > the mail server, so there should be two options: > - have sendmail not to check for user existence and just accept the mail > and forward it to the mail server > - have sendmail to use the same LDAP database that the mail server. > > I prefer the first for less complexity and to avoid another point of > failure. If you do this, make sure you do not bounce from the scalix box or you will just add to the backscatter problem. The best solution is to check the incoming mails for a valid destination, and drop those that are non-existent. If you blindly accept everything, you are now responsible to figure out how to pick out the typos from the forgeries, or never notify the people with the typos that their mail didn't go through. Because if you bounce all the bad recipients, you will get blacklisted. It is just a matter of time. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From shuttlebox at gmail.com Fri Dec 7 20:05:38 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Dec 7 20:05:43 2007 Subject: Found viruses but Uninfected Delivered In-Reply-To: References: <20071206135514.D7B0.ASAKAWA@quickd.net> <20071207113246.BE94.ASAKAWA@quickd.net> <7EF0EE5CB3B263488C8C18823239BEBA02601853@HC-MBX02.herefordshire.gov.uk> Message-ID: <625385e30712071205x2e6d0220l7d3c11341bd69bca@mail.gmail.com> On Dec 7, 2007 8:39 PM, Scott Silva wrote: > Maybe Julian needs his own repo with the most current to his > requirements packages He already does this by providing the needed modules, those are tested by him. If we use other than that we're on our own. This has happened before, I remember a few years back when we were told not to use the then current version of MIME-tools because it didn't work with MailScanner. Took quite a while before they got in sync. Some are behind on updates and some are actually bleeding on the cutting edge. However, Julian has his recommendation for us and it's up to us to follow it. -- /peter From mikea at mikea.ath.cx Fri Dec 7 20:28:03 2007 From: mikea at mikea.ath.cx (mikea) Date: Fri Dec 7 20:28:28 2007 Subject: Setting gateway In-Reply-To: References: <200712071052.lB7Ap0Qj013746@safir.blacknight.ie> Message-ID: <20071207202803.GC80248@mikea.ath.cx> On Fri, Dec 07, 2007 at 11:46:02AM -0800, Scott Silva wrote: > The best solution is to check the incoming mails for a valid destination, > and drop those that are non-existent. If you blindly accept everything, you > are now responsible to figure out how to pick out the typos from the > forgeries, or never notify the people with the typos that their mail didn't > go through. Because if you bounce all the bad recipients, you will get > blacklisted. It is just a matter of time. I certainly can't argue. Got a sendmail ruleset to share? I've got LDAP access and would _love_ to use it profitably, and I'll bet a *good* (beer|ale|porter|stout) I'm far from the only one. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From Denis.Beauchemin at USherbrooke.ca Fri Dec 7 20:48:24 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Dec 7 20:49:59 2007 Subject: Setting gateway In-Reply-To: <20071207202803.GC80248@mikea.ath.cx> References: <200712071052.lB7Ap0Qj013746@safir.blacknight.ie> <20071207202803.GC80248@mikea.ath.cx> Message-ID: <4759B198.2080703@USherbrooke.ca> mikea a ?crit : > On Fri, Dec 07, 2007 at 11:46:02AM -0800, Scott Silva wrote: > > >> The best solution is to check the incoming mails for a valid destination, >> and drop those that are non-existent. If you blindly accept everything, you >> are now responsible to figure out how to pick out the typos from the >> forgeries, or never notify the people with the typos that their mail didn't >> go through. Because if you bounce all the bad recipients, you will get >> blacklisted. It is just a matter of time. >> > > I certainly can't argue. Got a sendmail ruleset to share? I've got > LDAP access and would _love_ to use it profitably, and I'll bet a > *good* (beer|ale|porter|stout) I'm far from the only one. > > Mike, This is what we do in sendmail.mc: define(`confLDAP_DEFAULT_SPEC', `-h "name.of.ldap.server" -d uid=name-of-ldap-user,ou=your-ou,dc=your-dc -b dc=your-dc -M simple -s sub')dnl FEATURE(`ldap_routing')dnl LDAPROUTE_DOMAIN(`your.domain')dnl and in access: your.domain RELAY You'll be able to test it with: sendmail -bv user@your.domain Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From gmane at tippingmar.com Fri Dec 7 23:41:15 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Dec 7 23:41:47 2007 Subject: CentOS yum repository Message-ID: I'm preparing to install MailScanner on a fresh CentOS 5.1 x86_64 machine. I think I'll give the experimental yum repo a try. Is it recommended to use the yum-priorities plugin and give higher priority (lower numbers) to the Centos-Base repos to prevent packages from rpmforge from overwriting the ones that are part of the base distribution? Would this, for example, prevent the recent problems some had with perl-MailTools? Mark From ssilva at sgvwater.com Fri Dec 7 23:58:25 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Dec 8 00:05:06 2007 Subject: The cluelessness of people who should know better In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0260188D@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA0260188D@HC-MBX02.herefordshire.gov.uk> Message-ID: on 12/7/2007 2:57 AM Randal, Phil spake the following: > McAfee should be ashamed of themselves! > > "Just vist us at *MailScanner has detected a possible fraud attempt from > "www.dynamail.co.uk" claiming to be* www.mcafeestopdataloss.com/uk > > to find out how. And you?ll also gain access to all you need to know > about *McAfee Data Protection*." > > *sigh* > > Well, it brought a smile to my face. > They paid someone to spam a marketing mail. Or a reseller did it. I see no difference between these and V1@agr@ ads. If I didn't sign up for this junk, don't assume it is OK to send it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From craigwhite at azapple.com Sat Dec 8 01:24:57 2007 From: craigwhite at azapple.com (Craig White) Date: Sat Dec 8 01:26:28 2007 Subject: CentOS yum repository In-Reply-To: References: Message-ID: <1197077097.25190.5.camel@lin-workstation.azapple.com> On Fri, 2007-12-07 at 15:41 -0800, Mark Nienberg wrote: > I'm preparing to install MailScanner on a fresh CentOS 5.1 x86_64 machine. I think > I'll give the experimental yum repo a try. Is it recommended to use the > yum-priorities plugin and give higher priority (lower numbers) to the Centos-Base > repos to prevent packages from rpmforge from overwriting the ones that are part of > the base distribution? Would this, for example, prevent the recent problems some had > with perl-MailTools? ---- No Here's the deal as I understand it... If you install MailScanner, it installs a number of perl packages including perl-Time-HiRes perl-MailTools etc. If you add rpmforge/dag repo, it sees that those packages and happily updates them. This is a good thing. I don't think priorities would help for perl-MailTools because it wasn't installed from a repo. I think that you would benefit from newer packages from rpmforge such as his spamassassin. At present, perhaps it is best to just exclude perl-MailTools from rpmforge/dag until this is all worked out. Craig From gmane at tippingmar.com Sat Dec 8 05:06:40 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Dec 8 05:06:54 2007 Subject: CentOS yum repository In-Reply-To: <1197077097.25190.5.camel@lin-workstation.azapple.com> References: <1197077097.25190.5.camel@lin-workstation.azapple.com> Message-ID: Craig White wrote: > On Fri, 2007-12-07 at 15:41 -0800, Mark Nienberg wrote: >> I'm preparing to install MailScanner on a fresh CentOS 5.1 x86_64 machine. I think >> I'll give the experimental yum repo a try. Is it recommended to use the >> yum-priorities plugin and give higher priority (lower numbers) to the Centos-Base >> repos to prevent packages from rpmforge from overwriting the ones that are part of >> the base distribution? Would this, for example, prevent the recent problems some had >> with perl-MailTools? > ---- > No > > Here's the deal as I understand it... > > If you install MailScanner, it installs a number of perl packages > including perl-Time-HiRes perl-MailTools etc. > > If you add rpmforge/dag repo, it sees that those packages and happily > updates them. This is a good thing. > > I don't think priorities would help for perl-MailTools because it wasn't > installed from a repo. > > I think that you would benefit from newer packages from rpmforge such as > his spamassassin. > > At present, perhaps it is best to just exclude perl-MailTools from > rpmforge/dag until this is all worked out. I see that in the CentOS-Extra repo there is perl-MimeTools 1.77. So if you give that repo priority=1 and rpmforge priority=10, then yum should install the 1.77 version from Extras even if rpmforge has 2.02 in it. Strangely enough I see only 1.77 in rpmforge at the moment. Maybe a mirror problem or something. Mark From hvdkooij at vanderkooij.org Sat Dec 8 07:24:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Dec 8 07:25:17 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <47591D57.3090301@ecs.soton.ac.uk> References: <703640.65993.qm@web33312.mail.mud.yahoo.com> <47591530.7030605@ecs.soton.ac.uk> <625385e30712070204o2c299bb5v7d8f646ac4fb44f5@mail.gmail.com> <47591D57.3090301@ecs.soton.ac.uk> Message-ID: <475A46BB.3000602@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > > shuttlebox wrote: >> On Dec 7, 2007 10:41 AM, Julian Field wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I don't really want to upgrade the copy of MIME-tools I use to the >>> latest, as it now requires Perl 5.8. This will royally screw many of the >>> Solaris users out there who only have Perl 5.6 available. >>> >>> If anyone has any thoughts on this, I'm all ears... >>> >> And there is no way MS can support both versions of MIME-tools? I was >> wondering about that regarding Mail-tools as well, to use 4.66 do we >> have to have Mail-tools 2.02 or is it OK with the older versions? > > I'm sorry but my answer is "I don't know" on both counts. > I would be very interested if you could try the second one (Mailtools). Shouldn't both versions have documentation which tell a programmer how to interact with them? Anything not common to both versions will break things unless you program support for both of them explicitly. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHWka6BvzDRVjxmYERAuB/AJ44azSI8UCxIZV3gTxVB9RKC2HuBwCgrXCk UsV+Blp+WnEgp7vVwpGY4/4= =hGDz -----END PGP SIGNATURE----- From maillists at conactive.com Sat Dec 8 21:24:09 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Dec 8 21:24:14 2007 Subject: called with 2 bind variables when 0 are needed Message-ID: I upgraded a machine which was still holding CentOS 4.2 to the current 4.5 via yum. So far so good. Now, after upgrading MailScanner suddenly throws this error to my warn log: called with 2 bind variables when 0 are needed Google tells me there was one posting about this in April 2006 about this on this list, no reply to it and not much else. Anyone knows what this means? Apparently, MailScanner is stull running ok. The MailScanner log itself goes like this: Dec 8 22:10:38 nx05 MailScanner[16160]: New Batch: Scanning 1 messages, 7338 bytes Dec 8 22:10:46 nx05 MailScanner[16160]: Spam Checks: Found 1 spam messages Dec 8 22:10:46 nx05 MailScanner[16160]: Virus and Content Scanning: Starting Dec 8 22:10:50 nx05 MailScanner[16160]: called with 2 bind variables when 0 are needed Dec 8 22:10:50 nx05 MailScanner[16160]: Uninfected: Delivered 1 messages Dec 8 22:10:50 nx05 MailScanner[16160]: Batch (1 message) processed in 11.50 seconds Dec 8 22:10:50 nx05 MailScanner[16160]: Logging message lB8LAbAk016953 to SQL Dec 8 22:10:50 nx05 MailScanner[16160]: "Always Looked Up Last" took 0.00 seconds Dec 8 22:10:50 nx05 MailScanner[16168]: lB8LAbAk016953: Logged to MailWatch SQL So, could this be related to a clamav update as it happens during the clamscan? MailScanner 4.54.6 all Perl modules are from CentOS or rpmforge. Mail-Tools is still 1.77. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sat Dec 8 22:03:20 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Dec 8 22:03:55 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: References: Message-ID: <475B14A8.5060108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Unfortunately that error message doesn't exactly tell me very much. Can you try running it with MailScanner --debug and see if you can reliably reproduce the error If you can, please can you send me all the necessary details for me to be able to produce the symptoms. Kai Schaetzl wrote: > I upgraded a machine which was still holding CentOS 4.2 to the current 4.5 > via yum. So far so good. Now, after upgrading MailScanner suddenly throws > this error to my warn log: > called with 2 bind variables when 0 are needed > > Google tells me there was one posting about this in April 2006 about this > on this list, no reply to it and not much else. > > Anyone knows what this means? > > Apparently, MailScanner is stull running ok. The MailScanner log itself > goes like this: > > Dec 8 22:10:38 nx05 MailScanner[16160]: New Batch: Scanning 1 messages, > 7338 bytes > Dec 8 22:10:46 nx05 MailScanner[16160]: Spam Checks: Found 1 spam > messages > Dec 8 22:10:46 nx05 MailScanner[16160]: Virus and Content Scanning: > Starting > Dec 8 22:10:50 nx05 MailScanner[16160]: called with 2 bind variables when > 0 are needed > Dec 8 22:10:50 nx05 MailScanner[16160]: Uninfected: Delivered 1 messages > Dec 8 22:10:50 nx05 MailScanner[16160]: Batch (1 message) processed in > 11.50 seconds > Dec 8 22:10:50 nx05 MailScanner[16160]: Logging message lB8LAbAk016953 to > SQL > Dec 8 22:10:50 nx05 MailScanner[16160]: "Always Looked Up Last" took 0.00 > seconds > Dec 8 22:10:50 nx05 MailScanner[16168]: lB8LAbAk016953: Logged to > MailWatch SQL > > So, could this be related to a clamav update as it happens during the > clamscan? > > MailScanner 4.54.6 > all Perl modules are from CentOS or rpmforge. Mail-Tools is still 1.77. > > Kai > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHWxS/EfZZRxQVtlQRAjo2AJ9hZoEecw3wjhWxqbDb1B+NbEIdygCgw15m fMKVqdbFgUdx497LVNAEAYE= =/GoS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sat Dec 8 22:44:04 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Dec 8 22:44:09 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: <475B14A8.5060108@ecs.soton.ac.uk> References: <475B14A8.5060108@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sat, 08 Dec 2007 22:03:20 +0000: > Can you try running it with MailScanner --debug Hi Jules, still reading the list at this time? Wish you a good night! For tomorrow, here's the debug output: In Debugging mode, not forking... Ignore errors about failing to find EOCD signature LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ******************************************************** LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ******************************************************** Stopping now as you are debugging me. commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 36. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 36. clamav is indeed outdated as it is 88.7 or so from centos-extras. But it's been outdated for some time. I wonder why both warnings get repeated, could this be connected to the "2 bind variables" message? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From micoots at yahoo.com Sun Dec 9 01:35:46 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Dec 9 01:35:50 2007 Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <4759760A.2060103@nerc.ac.uk> Message-ID: <238995.14380.qm@web33310.mail.mud.yahoo.com> Hi Greg, --- Greg Matthews wrote: > Erick Perez wrote: > > Just a quick help to the comunity, we started to > see many errors in > > our systems after a perl upgrade. > > So here's how to spot it and fix it (temporary fix > of course) > > > > These instructions are for Centos 4.x / 5.x only, > modify according to > > your system > > Can't help thinking that this is part of the risk of > using 3rd party > repos. Much as I'd like a "one-click" installation > of MailScanner, I'd > rather put the extra work in twice a year to update > MS than worry about > unapproved upgrades from 3rd party breaking things > in unexpected ways. The fact that so many people use the 3rd party repo's and can help resolve issues IMO outways any benefit to building and maintaining things yourself, even if it's twice a year. Community efforts to help others (as shown in the Fedora world) really works, individual efforts may benefit you in a very small way, but you can't know everything. Regards, Michael. > GREG > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the > recipient only. NERC > is subject to the Freedom of Information Act 2000 > and the contents > of this email and any reply you make may be > disclosed by NERC unless > it is exempt from release under the Act. Any > material supplied to > NERC may be stored in an electronic records > management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From micoots at yahoo.com Sun Dec 9 01:38:17 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Dec 9 01:38:21 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: Message-ID: <859497.35863.qm@web33302.mail.mud.yahoo.com> Hi Scott, --- Scott Silva wrote: > on 12/6/2007 6:05 PM Michael Mansour spake the > following: > > Hi Phil, > > > > --- "Randal, Phil" > > wrote: > > > >> I've finally tracked this down: > >> > >> yumming from the rpmforge repo had updated > >> perl-MIME-Tools to version > >> 5.424. > >> > >> Downgrading to 5.420 made things work: > > > > I'm so glad you worked this one out. I also did > the > > downgrade and discovered that the "block of wmv > files" > > subject I'd sent through the list also was > resolved > > ie. blocking attachments was now working again. > > > > What you, and anyone else using the > perl-MIME-tools > > update would have found is, that you weren't > actually > > blocking any attachments anymore, as for me this > is > > what had happened. > > > > You see, the reason the Eicar virus test was > failing > > was because the MIME checking was broken with the > > perl-MIME-tools update. > > > > I asked this question previously in the "block of > wmv > > files" subject in the mailing list, > asking/commenting > > that I couldn't be the only one experiencing this > > problem but others either didn't test it or were > > oblivious to the fact that attachment checking was > no > > longer working for them. > > > > With this trouble-shooting and resolution (and > letting > > us know about it here), you've hit at least 2 > birds > > with the one stone. > > > > Good work mate and thanks again. > > > > Michael. > Strange.. I have rpmforge enabled on a CentOS 5 box > and perl-MIME-tools is > still at 5.420 here, and I know I have updated > because I was hit with the > mailtools upgrade bug. Did this also affect CentOS 4 > or do I need to be ready > for another hit? I can't speak for CentOS5 / SL5 / RHEL5 since I don't run MailScanner on anything other than SL4 (CentOS4/RHEL4). For the people running RHEL4-based derivatives, the above would hold true. Regards, Michael. Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From micoots at yahoo.com Sun Dec 9 01:41:07 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Dec 9 01:41:10 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: Message-ID: <586935.40284.qm@web33307.mail.mud.yahoo.com> Hi Kai, --- Kai Schaetzl wrote: > Julian Field wrote on Sat, 08 Dec 2007 22:03:20 > +0000: > > > Can you try running it with MailScanner --debug > > Hi Jules, still reading the list at this time? Wish > you a good night! > For tomorrow, here's the debug output: > > In Debugging mode, not forking... > Ignore errors about failing to find EOCD signature > LibClamAV Warning: > ******************************************************** > LibClamAV Warning: *** This version of the ClamAV > engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read > http://www.clamav.net/faq.html > *** > LibClamAV Warning: > ******************************************************** > LibClamAV Warning: > ******************************************************** > LibClamAV Warning: *** This version of the ClamAV > engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read > http://www.clamav.net/faq.html > *** > LibClamAV Warning: > ******************************************************** > Stopping now as you are debugging me. > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > line 93, > line 36. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > line 93, > line 36. > > clamav is indeed outdated as it is 88.7 or so from > centos-extras. But it's > been outdated for some time. I wonder why both Why not just use RPMforge for clamav? they consistently keep updated with the latest releases made available a day after mainstream. Regards, Michael. > warnings get repeated, > could this be connected to the "2 bind variables" > message? Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From steve.freegard at fsl.com Sun Dec 9 11:24:28 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Sun Dec 9 11:22:27 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: References: Message-ID: <475BD06C.8060309@fsl.com> Kai Schaetzl wrote: > I upgraded a machine which was still holding CentOS 4.2 to the current 4.5 > via yum. So far so good. Now, after upgrading MailScanner suddenly throws > this error to my warn log: > called with 2 bind variables when 0 are needed > > Google tells me there was one posting about this in April 2006 about this > on this list, no reply to it and not much else. > > Anyone knows what this means? Bind variables are an SQL thing used to increase efficiency for DBMS that compile identical SQL calls and to avoid SQL injection bugs by escaping. > Apparently, MailScanner is stull running ok. The MailScanner log itself > goes like this: > > Dec 8 22:10:38 nx05 MailScanner[16160]: New Batch: Scanning 1 messages, > 7338 bytes > Dec 8 22:10:46 nx05 MailScanner[16160]: Spam Checks: Found 1 spam > messages > Dec 8 22:10:46 nx05 MailScanner[16160]: Virus and Content Scanning: > Starting > Dec 8 22:10:50 nx05 MailScanner[16160]: called with 2 bind variables when > 0 are needed As the error appears at the Virus scanning stage I would guess that it is related to the SpamAssassin cache and that this is the line that generates the message: my $sth = $MailScanner::SA::cachedbh->prepare('UPDATE cache SET virusinfected=? WHERE md5=?'); Although this is perfectly correct. Try running 'analyse_SpamAssassin_cache' and see if you get any errors (if so remove the cache file). Otherwise I'd check your versions of DBI and DBD::sqlite and upgrade them as necessary to see if the problem disappears. Kind regards, Steve. From prandal at herefordshire.gov.uk Sun Dec 9 12:15:10 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Sun Dec 9 12:15:15 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <859497.35863.qm@web33302.mail.mud.yahoo.com> References: <859497.35863.qm@web33302.mail.mud.yahoo.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> I guess the big question is whether Jules can put a fix in for perl-MIME-Tools version 5.424 without breaking 5.420-compatibility. Whether he should update his installer to use 5.424 is his call. Sometimes you just have to take the pain of keeping things up to date and dealing with the breakages. We certainly will have to if we become dependent on the rpmforge repo. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Mansour Sent: 09 December 2007 01:38 To: MailScanner discussion Subject: Re: MailScanner --lint doesn't check Eicar virus - OK here! Hi Scott, --- Scott Silva wrote: > on 12/6/2007 6:05 PM Michael Mansour spake the > following: > > Hi Phil, > > > > --- "Randal, Phil" > > wrote: > > > >> I've finally tracked this down: > >> > >> yumming from the rpmforge repo had updated perl-MIME-Tools to > >> version 5.424. > >> > >> Downgrading to 5.420 made things work: > > > > I'm so glad you worked this one out. I also did > the > > downgrade and discovered that the "block of wmv > files" > > subject I'd sent through the list also was > resolved > > ie. blocking attachments was now working again. > > > > What you, and anyone else using the > perl-MIME-tools > > update would have found is, that you weren't > actually > > blocking any attachments anymore, as for me this > is > > what had happened. > > > > You see, the reason the Eicar virus test was > failing > > was because the MIME checking was broken with the perl-MIME-tools > > update. > > > > I asked this question previously in the "block of > wmv > > files" subject in the mailing list, > asking/commenting > > that I couldn't be the only one experiencing this problem but others > > either didn't test it or were oblivious to the fact that attachment > > checking was > no > > longer working for them. > > > > With this trouble-shooting and resolution (and > letting > > us know about it here), you've hit at least 2 > birds > > with the one stone. > > > > Good work mate and thanks again. > > > > Michael. > Strange.. I have rpmforge enabled on a CentOS 5 box and > perl-MIME-tools is still at 5.420 here, and I know I have updated > because I was hit with the mailtools upgrade bug. Did this also affect > CentOS 4 or do I need to be ready for another hit? I can't speak for CentOS5 / SL5 / RHEL5 since I don't run MailScanner on anything other than SL4 (CentOS4/RHEL4). For the people running RHEL4-based derivatives, the above would hold true. Regards, Michael. Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From peter at farrows.org Sun Dec 9 12:29:50 2007 From: peter at farrows.org (Peter Farrow) Date: Sun Dec 9 12:30:01 2007 Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <238995.14380.qm@web33310.mail.mud.yahoo.com> References: <238995.14380.qm@web33310.mail.mud.yahoo.com> Message-ID: <475BDFBE.3080605@farrows.org> Michael Mansour wrote: > Hi Greg, > > --- Greg Matthews wrote: > > >> Erick Perez wrote: >> >>> Just a quick help to the comunity, we started to >>> >> see many errors in >> >>> our systems after a perl upgrade. >>> So here's how to spot it and fix it (temporary fix >>> >> of course) >> >>> These instructions are for Centos 4.x / 5.x only, >>> >> modify according to >> >>> your system >>> >> Can't help thinking that this is part of the risk of >> using 3rd party >> repos. Much as I'd like a "one-click" installation >> of MailScanner, I'd >> rather put the extra work in twice a year to update >> MS than worry about >> unapproved upgrades from 3rd party breaking things >> in unexpected ways. >> > > The fact that so many people use the 3rd party repo's > and can help resolve issues IMO outways any benefit to > building and maintaining things yourself, even if it's > twice a year. > > Community efforts to help others (as shown in the > Fedora world) really works, individual efforts may > benefit you in a very small way, but you can't know > everything. > > Regards, > > Michael. > > >> GREG >> >> -- >> Greg Matthews 01491 692445 >> Head of UNIX/Linux, iTSS Wallingford >> >> -- >> This message (and any attachments) is for the >> recipient only. NERC >> is subject to the Freedom of Information Act 2000 >> and the contents >> of this email and any reply you make may be >> disclosed by NERC unless >> it is exempt from release under the Act. Any >> material supplied to >> NERC may be stored in an electronic records >> management system. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off >> the website! >> >> >> "worry about unapproved upgrades from 3rd party breaking things in unexpected ways." I think this quote is a little harsh, in almost all cases the third party repos have packages ahead of the official repos and save time and effort in more cases than they break things. In my experience the 3rd party repos have what your going to end up with anyway from the official repos, just bit ahead of time. In any case its just two simple rpm commands to fix the problem that takes under 60seconds to overcome. IMO not a reason by itself to not use third party repos. Furthermore there is plenty of excellent support and help on this forum to help identify problems such as these quickly and easily. MailScanner has such a long list of requirements it make sense to test out updates before going live with them. I use a separate machine to iron out the bumps. I avoid updating MailScanner machines unecessarily "for the sake of updating". Regards Pete -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From prandal at herefordshire.gov.uk Sun Dec 9 12:38:48 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Sun Dec 9 12:38:57 2007 Subject: MailScanner version 4.65.3 andperl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <475BDFBE.3080605@farrows.org> References: <238995.14380.qm@web33310.mail.mud.yahoo.com> <475BDFBE.3080605@farrows.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF40@HC-MBX02.herefordshire.gov.uk> Half the problem is perl module authors who don't give a damn about backwards-compatibility. Shame on them. Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: 09 December 2007 12:30 To: MailScanner discussion Subject: Re: MailScanner version 4.65.3 andperl-MailTools-2.02-1.el4.rf HOWTO Michael Mansour wrote: > Hi Greg, > > --- Greg Matthews wrote: > > >> Erick Perez wrote: >> >>> Just a quick help to the comunity, we started to >>> >> see many errors in >> >>> our systems after a perl upgrade. >>> So here's how to spot it and fix it (temporary fix >>> >> of course) >> >>> These instructions are for Centos 4.x / 5.x only, >>> >> modify according to >> >>> your system >>> >> Can't help thinking that this is part of the risk of using 3rd party >> repos. Much as I'd like a "one-click" installation of MailScanner, >> I'd rather put the extra work in twice a year to update MS than worry >> about unapproved upgrades from 3rd party breaking things in >> unexpected ways. >> > > The fact that so many people use the 3rd party repo's and can help > resolve issues IMO outways any benefit to building and maintaining > things yourself, even if it's twice a year. > > Community efforts to help others (as shown in the Fedora world) really > works, individual efforts may benefit you in a very small way, but you > can't know everything. > > Regards, > > Michael. > > >> GREG >> >> -- >> Greg Matthews 01491 692445 >> Head of UNIX/Linux, iTSS Wallingford >> >> -- >> This message (and any attachments) is for the recipient only. NERC is >> subject to the Freedom of Information Act 2000 and the contents of >> this email and any reply you make may be disclosed by NERC unless it >> is exempt from release under the Act. Any material supplied to NERC >> may be stored in an electronic records management system. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> "worry about unapproved upgrades from 3rd party breaking things in unexpected ways." I think this quote is a little harsh, in almost all cases the third party repos have packages ahead of the official repos and save time and effort in more cases than they break things. In my experience the 3rd party repos have what your going to end up with anyway from the official repos, just bit ahead of time. In any case its just two simple rpm commands to fix the problem that takes under 60seconds to overcome. IMO not a reason by itself to not use third party repos. Furthermore there is plenty of excellent support and help on this forum to help identify problems such as these quickly and easily. MailScanner has such a long list of requirements it make sense to test out updates before going live with them. I use a separate machine to iron out the bumps. I avoid updating MailScanner machines unecessarily "for the sake of updating". Regards Pete -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From stork at openenterprise.ca Sun Dec 9 12:39:36 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Sun Dec 9 12:40:57 2007 Subject: CRM114 Re-Install Problems Message-ID: <475BE208.7080404@openenterprise.ca> Well I certainly feel like an idiot having to post another set of questions about CRM114, but I had recetnely rebuilt my gateway machine, including MS/SA etc. All is runnign well so far and so I thought I would put crm114 back into the system. I went through the very clear install docs on the wiki and I dont have any of the problems I had on my first attempts back in July, but I dont seem to be getting the spam.css or nospam.css updated. The OS is also CentOS 5, so I dont know if that is the problem/difference. Various outputs are below. Any ideas/suggestions? ####Below is the contents of /etc/mail/spamassassin/crm114 root@gateway:/etc/mail/spamassassin/crm114# ls -la total 24776 drwxr-xr-x 3 root root 4096 Dec 9 03:33 . drwxr-xr-x 6 root root 4096 Dec 9 03:51 .. -rw-rw-rw- 1 root root 0 Dec 9 03:29 blacklist.mfp -rw-rw-rw- 1 root root 17430 Dec 9 04:28 mailfilter.cf -rwxr-xr-x 1 root root 44537 Dec 9 03:28 mailfilter.crm -rwxr-xr-x 1 root root 14511 Dec 9 03:28 maillib.crm -rwxr-xr-x 1 root root 22740 Dec 9 03:28 mailreaver.crm -rwxr-xr-x 1 root root 37621 Dec 9 03:28 mailtrainer.crm -rw-rw-rw- 1 root root 12582924 Dec 9 03:27 nonspam.css -rw-rw-rw- 1 root root 49 Dec 9 03:29 priolist.mfp drwxr-xr-x 8 root root 4096 Dec 9 03:33 reaver_cache -rw-rw-rw- 1 root root 0 Dec 9 03:29 rewrites.mfp -rw-rw-rw- 1 root root 12582924 Dec 9 03:27 spam.css -rw-rw-rw- 1 root root 0 Dec 9 03:29 whitelist.mfp ####Output of cssutil root@gateway:/etc/mail/spamassassin/crm114# cssutil -r -b spam.css Sparse spectra file spam.css statistics: Total available buckets : 1048577 Total buckets in use : 0 Total in-use zero-count buckets : 0 Total buckets with value >= max : 0 Total hashed datums in file : 0 Documents learned : 1 Features learned : 1 Average datums per bucket : 0.00 Maximum length of overflow chain : 0 Average length of overflow chain : 0.00 Average packing density : 0.00 #### Lines containing crm114 from spamassassin -D --lint > /tmp/crm.test 2>&1 root@gateway:/etc/mail/spamassassin/crm114# cat /tmp/crm.test | grep crm114 [6680] dbg: config: read file /etc/mail/spamassassin/crm114.cf [6680] dbg: config: fixed relative path: /etc/mail/spamassassin/crm114.pm [6680] dbg: plugin: loading Mail::SpamAssassin::Plugin::CRM114 from /etc/mail/spamassassin/crm114.pm [6680] dbg: crm114: call_crm() called, action: check [6680] dbg: crm114: opening pipe: /usr/bin/crm -u /etc/mail/spamassassin/crm114 mailreaver.crm < /tmp/.spamassassin6680jGL0F7tmp [6680] dbg: crm114: found version 20070301-BlameBaltar ( TRE 0.7.5 (LGPL) ) MR-BD9991E2 [6680] dbg: crm114: found CacheID sfid-20071209_043102_585041_8114344A [6680] dbg: crm114: found status UNSURE and score 0.00 [6680] dbg: crm114: found Notice Please train this message. [6680] dbg: crm114: call_crm returns (UNSURE, 0.00) [6680] dbg: crm114: score is 0.0000, returned CRM114_UNSURE #### With MS running, and mailwatch Spamassassin Lint (Test), I see these crm lines [7032] dbg: crm114: call_crm() called, action: check [7032] dbg: info: entering helper-app run mode [7032] dbg: crm114: opening pipe: /usr/bin/crm -u /etc/mail/spamassassin/crm114 mailreaver.crm < /tmp/.spamassassin7032odZrXptmp [7036] dbg: util: setuid: ruid=48 euid=48 [7032] dbg: crm114: [7036] finished: exit=0x0100 [7032] dbg: info: leaving helper-app run mode [7032] dbg: crm114: call_crm returns (UNKNOWN, 0) [7032] warn: crm114: Error. Failed to get CRM114-Status. at /etc/mail/spamassassin/crm114.pm line 563. -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071209/f96a29ff/attachment.html From prandal at herefordshire.gov.uk Sun Dec 9 12:56:30 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Sun Dec 9 12:56:38 2007 Subject: CRM114 Re-Install Problems In-Reply-To: <475BE208.7080404@openenterprise.ca> References: <475BE208.7080404@openenterprise.ca> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF41@HC-MBX02.herefordshire.gov.uk> I set it up here on CentOS 5 without any real problems. Your permissions there are less restrictive than mine, so that wouldn't appear to be the issue. Phil ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Johnny Stork Sent: 09 December 2007 12:40 To: MailScanner discussion Subject: CRM114 Re-Install Problems Well I certainly feel like an idiot having to post another set of questions about CRM114, but I had recetnely rebuilt my gateway machine, including MS/SA etc. All is runnign well so far and so I thought I would put crm114 back into the system. I went through the very clear install docs on the wiki and I dont have any of the problems I had on my first attempts back in July, but I dont seem to be getting the spam.css or nospam.css updated. The OS is also CentOS 5, so I dont know if that is the problem/difference. Various outputs are below. Any ideas/suggestions? ####Below is the contents of /etc/mail/spamassassin/crm114 root@gateway:/etc/mail/spamassassin/crm114# ls -la total 24776 drwxr-xr-x 3 root root 4096 Dec 9 03:33 . drwxr-xr-x 6 root root 4096 Dec 9 03:51 .. -rw-rw-rw- 1 root root 0 Dec 9 03:29 blacklist.mfp -rw-rw-rw- 1 root root 17430 Dec 9 04:28 mailfilter.cf -rwxr-xr-x 1 root root 44537 Dec 9 03:28 mailfilter.crm -rwxr-xr-x 1 root root 14511 Dec 9 03:28 maillib.crm -rwxr-xr-x 1 root root 22740 Dec 9 03:28 mailreaver.crm -rwxr-xr-x 1 root root 37621 Dec 9 03:28 mailtrainer.crm -rw-rw-rw- 1 root root 12582924 Dec 9 03:27 nonspam.css -rw-rw-rw- 1 root root 49 Dec 9 03:29 priolist.mfp drwxr-xr-x 8 root root 4096 Dec 9 03:33 reaver_cache -rw-rw-rw- 1 root root 0 Dec 9 03:29 rewrites.mfp -rw-rw-rw- 1 root root 12582924 Dec 9 03:27 spam.css -rw-rw-rw- 1 root root 0 Dec 9 03:29 whitelist.mfp ####Output of cssutil root@gateway:/etc/mail/spamassassin/crm114# cssutil -r -b spam.css Sparse spectra file spam.css statistics: Total available buckets : 1048577 Total buckets in use : 0 Total in-use zero-count buckets : 0 Total buckets with value >= max : 0 Total hashed datums in file : 0 Documents learned : 1 Features learned : 1 Average datums per bucket : 0.00 Maximum length of overflow chain : 0 Average length of overflow chain : 0.00 Average packing density : 0.00 #### Lines containing crm114 from spamassassin -D --lint > /tmp/crm.test 2>&1 root@gateway:/etc/mail/spamassassin/crm114# cat /tmp/crm.test | grep crm114 [6680] dbg: config: read file /etc/mail/spamassassin/crm114.cf [6680] dbg: config: fixed relative path: /etc/mail/spamassassin/crm114.pm [6680] dbg: plugin: loading Mail::SpamAssassin::Plugin::CRM114 from /etc/mail/spamassassin/crm114.pm [6680] dbg: crm114: call_crm() called, action: check [6680] dbg: crm114: opening pipe: /usr/bin/crm -u /etc/mail/spamassassin/crm114 mailreaver.crm < /tmp/.spamassassin6680jGL0F7tmp [6680] dbg: crm114: found version 20070301-BlameBaltar ( TRE 0.7.5 (LGPL) ) MR-BD9991E2 [6680] dbg: crm114: found CacheID sfid-20071209_043102_585041_8114344A [6680] dbg: crm114: found status UNSURE and score 0.00 [6680] dbg: crm114: found Notice Please train this message. [6680] dbg: crm114: call_crm returns (UNSURE, 0.00) [6680] dbg: crm114: score is 0.0000, returned CRM114_UNSURE #### With MS running, and mailwatch Spamassassin Lint (Test), I see these crm lines [7032] dbg: crm114: call_crm() called, action: check [7032] dbg: info: entering helper-app run mode [7032] dbg: crm114: opening pipe: /usr/bin/crm -u /etc/mail/spamassassin/crm114 mailreaver.crm < /tmp/.spamassassin7032odZrXptmp [7036] dbg: util: setuid: ruid=48 euid=48 [7032] dbg: crm114: [7036] finished: exit=0x0100 [7032] dbg: info: leaving helper-app run mode [7032] dbg: crm114: call_crm returns (UNKNOWN, 0) [7032] warn: crm114: Error. Failed to get CRM114-Status. at /etc/mail/spamassassin/crm114.pm line 563. -- Johnny Stork Business & Technology Consultant stork@openenterprise.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071209/7ecbace1/attachment.html From peter at farrows.org Sun Dec 9 13:05:36 2007 From: peter at farrows.org (Peter Farrow) Date: Sun Dec 9 13:05:44 2007 Subject: Spamassassin problem after updating MS Message-ID: <475BE820.10402@farrows.org> Hi Guys, I have three machines that I updated to to 4.65.3 and I then yummed them all, I fixed the perl-MailTools errors and a couple of others by backstepping after yumming. One of the machine however has a slight spamassassin problem that I can't seem to trackdown: sa-update gives this error: Can't locate object method "finish" via package "Mail::SpamAssassin::Timeout" at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PluginHandler.pm line 234. SA does work ok with MS, but I can't update it, the other two machines work fine and I can't spot the difference... It would seem that the timeout module is being loaded as a plugin when its not, but I haven't found where... Any ideas? Pete -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From hvdkooij at vanderkooij.org Sun Dec 9 13:33:48 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Dec 9 13:34:24 2007 Subject: MailScanner version 4.65.3 andperl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF40@HC-MBX02.herefordshire.gov.uk> References: <238995.14380.qm@web33310.mail.mud.yahoo.com> <475BDFBE.3080605@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF40@HC-MBX02.herefordshire.gov.uk> Message-ID: <475BEEBC.8010209@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > Half the problem is perl module authors who don't give a damn about > backwards-compatibility. > > Shame on them. Perhaps we should take advise from the hitchhickers guide and put those authors right beside the marketing division of the Sirius Cybernetics Corporation when the revolution comes. Then see if they care enough. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHW+64BvzDRVjxmYERAsdGAJ9iza/SRn5XHeetwSEM4j/5PGdizwCgkafl YuYd+7poiRaVuY6ZefTyY04= =rjHn -----END PGP SIGNATURE----- From ajos1 at onion.demon.co.uk Sun Dec 9 15:33:18 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Dec 9 15:33:23 2007 Subject: clamav freshclam libclamav.... Message-ID: - clamav freshclam libclamav.... I am absolutely 100% convinced my ClamAv system is 100% working... but "MailScanner --debug" says it is out of date... I am wondering if MailScanner has not caught up with ClamAv changes... or am I doing something majorly wrong... (ie) no doing some kind of update... ============================= [root@www clamav]# clamscan -V ClamAV 0.92rc2/5056/Sun Dec 9 10:55:13 2007 ============================= [root@www clamav]# freshclam ClamAV update process started at Sun Dec 9 13:38:58 2007 main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven) daily.inc is up to date (version: 5056, sigs: 41027, f-level: 21, builder: sven) ============================= [root@www clamav]# clamscan -debug ...... LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock LibClamAV debug: Loading databases from /var/lib/clamav/daily.inc LibClamAV debug: /var/lib/clamav/daily.inc/daily.cfg loaded LibClamAV debug: /var/lib/clamav/daily.inc/daily.ndu skipped LibClamAV debug: /var/lib/clamav/daily.inc/daily.mdu skipped LibClamAV debug: /var/lib/clamav/daily.inc/daily.zmd loaded ...... ============================= [root@www clamav]# find /var/lib/clamav -type f -exec /bin/ls -l {} \; Nov 24 05:08 /var/lib/clamav/daily.inc/daily.ndu Dec 9 11:10 /var/lib/clamav/daily.inc/daily.info Dec 9 06:14 /var/lib/clamav/daily.inc/daily.mdu Nov 24 05:08 /var/lib/clamav/daily.inc/daily.zmd Dec 8 12:10 /var/lib/clamav/daily.inc/daily.pdb Dec 3 18:12 /var/lib/clamav/daily.inc/daily.fp Dec 9 11:10 /var/lib/clamav/daily.inc/daily.ndb Dec 9 04:16 /var/lib/clamav/daily.inc/daily.wdb Nov 24 05:08 /var/lib/clamav/daily.inc/COPYING Dec 6 16:18 /var/lib/clamav/daily.inc/daily.db Dec 9 00:17 /var/lib/clamav/daily.inc/daily.cfg Dec 9 07:32 /var/lib/clamav/daily.inc/daily.mdb Dec 9 06:14 /var/lib/clamav/daily.inc/daily.hdb Nov 24 05:08 /var/lib/clamav/daily.inc/daily.hdu Dec 9 13:38 /var/lib/clamav/mirrors.dat Jul 20 19:07 /var/lib/clamav/main.inc/main.mdb Jul 20 19:07 /var/lib/clamav/main.inc/main.ndb Apr 11 2007 /var/lib/clamav/main.inc/main.zmd Jul 20 19:07 /var/lib/clamav/main.inc/main.info Apr 11 2007 /var/lib/clamav/main.inc/COPYING Jul 20 19:07 /var/lib/clamav/main.inc/main.db Jul 20 19:07 /var/lib/clamav/main.inc/main.fp Jul 20 19:07 /var/lib/clamav/main.inc/main.hdb ============================= But... HERE IT STARTS TO GO WRONG .... ============================= [root@www clamav]# MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days. *** LibClamAV Warning: *** Please update it IMMEDIATELY! *** LibClamAV Warning: ************************************************** ============================= A quick scan of MailScanner files suggests... it could be old cvd files... ============================= [root@www MailScanner]# find -type f -exec grep -H -i cvd {} \; ./MailScanner/ConfigDefs.pl:ClamWatchFiles /usr/local/share/clamav/*.cvd ============================= [root@www MailScanner]# la /usr/local/share/clamav/ total 7540 -rw-rw-r-- 1 clamav clamav 6924820 Dec 22 2006 main.cvd -rw-rw-r-- 1 clamav clamav 752606 Dec 22 2006 daily.cvd ============================= So I just did... ============================= /usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/main.cvd /usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/daily.cvd ============================= And now the message has gone... ============================= [root@www clamav]# MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp ============================= I am not sure where these main.cvd and daily.cvd files came from... as far as I know they are not part of my freshclam setup... What process is meant to update these files??? It seems that I have two sets of database files... but both sets are not of the same type... strange... Have I done something really wrong? I have daily.inc/main.inc directories in one place... and daily.cvd/main.cvd files in another... and I am not sure how they are related and all tie up to each other! I have looked at another server... and the date for main.cvd/daily.cvd was March 2007. Did MailScanner change in December 2006... but on the other server I only did the update 3 months later? Does anyone have any ideas where I might be going wrong... Thanks Ajos1 From maillists at conactive.com Sun Dec 9 16:32:00 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Dec 9 16:32:04 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: <475BD06C.8060309@fsl.com> References: <475BD06C.8060309@fsl.com> Message-ID: Steve Freegard wrote on Sun, 09 Dec 2007 11:24:28 +0000: > Bind variables are an SQL thing used to increase efficiency for DBMS > that compile identical SQL calls and to avoid SQL injection bugs by > escaping. Interesting. Do you know of a URL where I can read more about this (shouldn't be too guru-ish). > Otherwise I'd check your versions of DBI and DBD::sqlite and upgrade > them as necessary to see if the problem disappears. It was this, I had to upgrade perl-DBD-SQlite from rpmforge. Thanks! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun Dec 9 17:06:55 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Dec 9 17:06:58 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: <586935.40284.qm@web33307.mail.mud.yahoo.com> References: <586935.40284.qm@web33307.mail.mud.yahoo.com> Message-ID: Michael Mansour wrote on Sun, 9 Dec 2007 12:41:07 +1100 (EST): > Why not just use RPMforge for clamav? they > consistently keep updated with the latest releases > made available a day after mainstream. At the time I made the decision to use kbs-centos-extras for clamav that seemed to be the better choice. After fixing the sqlite problem I have now changed to clamav from rpmforge. I wonder why it doesn't add a clamav user when you install it. (the rpm -e of the kbs package removed that user and I had to re-add it and clean after it for file permissions.) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From gerard at seibercom.net Sun Dec 9 17:09:24 2007 From: gerard at seibercom.net (Gerard) Date: Sun Dec 9 17:09:15 2007 Subject: MailScanner version 4.65.3 andperl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF40@HC-MBX02.herefordshire.gov.uk> References: <475BDFBE.3080605@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF40@HC-MBX02.herefordshire.gov.uk> Message-ID: <20071209120912.6DFC.3409F18E@seibercom.net> On Sunday December 09, 2007 at 07:38:48 (AM) Randal, Phil wrote: > Half the problem is perl module authors who don't give a damn about > backwards-compatibility. I think that is being a bit harsh. In many cases maintaining 100% backwards compatibility is not feasible. This becomes rapidly apparent when an update deals with a security problem for instance. Most authors make allowances for end users when possible; however, that is not always possible. Software development is an on gong process. To expect it to simply sit idle while end users catch up is ridiculous. A software developer makes a choice as to how he develops his product. An end user has a choice as to whether or not he/she wishes to use said product. If the end user declines to make his/her system compatible with the product they are trying to utilize, then they have in fact made a conscious decision to not use said product. If no users could maintain a system that was compatible with the authors product, then a case could be make that the software author's requirements were not reasonable. However; when the actual number of end users who are affected is minute, and mostly of their own conscious decision, blaming a software author is ludicrous. By the way, I was not aware that 'perl module authors' were being reimbursed for their efforts. Since they apparently are doing on their own dime, they can pretty much do as they wish with their product. No one is excluded from writing their own module and having it included in the Perl offerings. Just my own 2?. -- Gerard From peter at farrows.org Sun Dec 9 17:26:12 2007 From: peter at farrows.org (Peter Farrow) Date: Sun Dec 9 17:26:28 2007 Subject: MailScanner version 4.65.3 andperl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <20071209120912.6DFC.3409F18E@seibercom.net> References: <475BDFBE.3080605@farrows.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF40@HC-MBX02.herefordshire.gov.uk> <20071209120912.6DFC.3409F18E@seibercom.net> Message-ID: <475C2534.4060200@farrows.org> >>In many cases maintaining 100% backwards compatibility is not feasible. I disagree, in cases such as libraries which are inherently, by design, to be called from other software, backwards compatibility is ESSENTIAL. Making a library not backwards compatible is basically lazy and there is no reason for it...you make everyone else work to modify the existing code base rather make your library work as it did. If you can't make it backwards compatible, write an extension library, if your code is insecure fix it. but keep the way it works. In many cases if you break compatibility in a library you just delay (indefinitely or otherwise) its uptake and acceptance as we have seen on this very list. P. Gerard wrote: > On Sunday December 09, 2007 at 07:38:48 (AM) Randal, Phil wrote: > > >> Half the problem is perl module authors who don't give a damn about >> backwards-compatibility. >> > > I think that is being a bit harsh. In many cases maintaining 100% backwards > compatibility is not feasible. This becomes rapidly apparent when an update > deals with a security problem for instance. Most authors make allowances for > end users when possible; however, that is not always possible. Software > development is an on gong process. To expect it to simply sit idle while > end users catch up is ridiculous. > > A software developer makes a choice as to how he develops his product. An end > user has a choice as to whether or not he/she wishes to use said product. If > the end user declines to make his/her system compatible with the product they > are trying to utilize, then they have in fact made a conscious decision to not > use said product. > > If no users could maintain a system that was compatible with the authors > product, then a case could be make that the software author's requirements > were not reasonable. However; when the actual number of end users who are > affected is minute, and mostly of their own conscious decision, blaming a > software author is ludicrous. > > By the way, I was not aware that 'perl module authors' were being reimbursed > for their efforts. Since they apparently are doing on their own dime, they can > pretty much do as they wish with their product. No one is excluded from > writing their own module and having it included in the Perl offerings. > > Just my own 2?. > > > -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From maillists at conactive.com Sun Dec 9 17:31:58 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Dec 9 17:32:03 2007 Subject: CentOS yum repository In-Reply-To: References: <1197077097.25190.5.camel@lin-workstation.azapple.com> Message-ID: Mark Nienberg wrote on Fri, 07 Dec 2007 21:06:40 -0800: > I see that in the CentOS-Extra repo there is perl-MimeTools 1.77. You mean perl-MailTools, right? (There is also a MIME Tools package!) So if > you give that repo priority=1 and rpmforge priority=10, then yum should > install the 1.77 version from Extras even if rpmforge has 2.02 in it. Yes. You can also exclude certain packages in the repo file. Just add exclude=packagename (you can use globbing) Warning: multiple exclusions have to be on one line! Where is that "experimental yum repo"? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sun Dec 9 17:53:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Dec 9 17:53:51 2007 Subject: clamav freshclam libclamav.... In-Reply-To: References: Message-ID: <475C2B8F.3090407@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ajos1@onion.demon.co.uk wrote: > - > > clamav freshclam libclamav.... > > I am absolutely 100% convinced my ClamAv system is 100% working... but "MailScanner --debug" says it is out of date... I am wondering if MailScanner has not caught up with ClamAv changes... or am I doing something majorly wrong... (ie) no doing some kind of update... > > ============================= > [root@www clamav]# clamscan -V > ClamAV 0.92rc2/5056/Sun Dec 9 10:55:13 2007 > > ============================= > [root@www clamav]# freshclam > ClamAV update process started at Sun Dec 9 13:38:58 2007 > main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven) > daily.inc is up to date (version: 5056, sigs: 41027, f-level: 21, builder: sven) > > ============================= > [root@www clamav]# clamscan -debug > ...... > LibClamAV debug: Loading databases from /var/lib/clamav > LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock > LibClamAV debug: Loading databases from /var/lib/clamav/daily.inc > LibClamAV debug: /var/lib/clamav/daily.inc/daily.cfg loaded > LibClamAV debug: /var/lib/clamav/daily.inc/daily.ndu skipped > LibClamAV debug: /var/lib/clamav/daily.inc/daily.mdu skipped > LibClamAV debug: /var/lib/clamav/daily.inc/daily.zmd loaded > ...... > > ============================= > [root@www clamav]# find /var/lib/clamav -type f -exec /bin/ls -l {} \; > > Nov 24 05:08 /var/lib/clamav/daily.inc/daily.ndu > Dec 9 11:10 /var/lib/clamav/daily.inc/daily.info > Dec 9 06:14 /var/lib/clamav/daily.inc/daily.mdu > Nov 24 05:08 /var/lib/clamav/daily.inc/daily.zmd > Dec 8 12:10 /var/lib/clamav/daily.inc/daily.pdb > Dec 3 18:12 /var/lib/clamav/daily.inc/daily.fp > Dec 9 11:10 /var/lib/clamav/daily.inc/daily.ndb > Dec 9 04:16 /var/lib/clamav/daily.inc/daily.wdb > Nov 24 05:08 /var/lib/clamav/daily.inc/COPYING > Dec 6 16:18 /var/lib/clamav/daily.inc/daily.db > Dec 9 00:17 /var/lib/clamav/daily.inc/daily.cfg > Dec 9 07:32 /var/lib/clamav/daily.inc/daily.mdb > Dec 9 06:14 /var/lib/clamav/daily.inc/daily.hdb > Nov 24 05:08 /var/lib/clamav/daily.inc/daily.hdu > > Dec 9 13:38 /var/lib/clamav/mirrors.dat > > Jul 20 19:07 /var/lib/clamav/main.inc/main.mdb > Jul 20 19:07 /var/lib/clamav/main.inc/main.ndb > Apr 11 2007 /var/lib/clamav/main.inc/main.zmd > Jul 20 19:07 /var/lib/clamav/main.inc/main.info > Apr 11 2007 /var/lib/clamav/main.inc/COPYING > Jul 20 19:07 /var/lib/clamav/main.inc/main.db > Jul 20 19:07 /var/lib/clamav/main.inc/main.fp > Jul 20 19:07 /var/lib/clamav/main.inc/main.hdb > > ============================= > > But... HERE IT STARTS TO GO WRONG .... > > ============================= > [root@www clamav]# MailScanner --debug > > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > LibClamAV Warning: ************************************************** > LibClamAV Warning: *** The virus database is older than 7 days. *** > LibClamAV Warning: *** Please update it IMMEDIATELY! *** > LibClamAV Warning: ************************************************** > > ============================= > > A quick scan of MailScanner files suggests... it could be old cvd files... > > ============================= > [root@www MailScanner]# find -type f -exec grep -H -i cvd {} \; > ./MailScanner/ConfigDefs.pl:ClamWatchFiles /usr/local/share/clamav/*.cvd > > ============================= > [root@www MailScanner]# la /usr/local/share/clamav/ > total 7540 > -rw-rw-r-- 1 clamav clamav 6924820 Dec 22 2006 main.cvd > -rw-rw-r-- 1 clamav clamav 752606 Dec 22 2006 daily.cvd > > ============================= > > So I just did... > > ============================= > > /usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/main.cvd > /usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/daily.cvd > > ============================= > > And now the message has gone... > > ============================= > [root@www clamav]# MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > ============================= > > > > I am not sure where these main.cvd and daily.cvd files came from... as far as I know they are not part of my freshclam setup... What process is meant to update these files??? > > It seems that I have two sets of database files... but both sets are not of the same type... strange... > > Have I done something really wrong? I have daily.inc/main.inc directories in one place... and daily.cvd/main.cvd files in another... and I am not sure how they are related and all tie up to each other! > > I have looked at another server... and the date for main.cvd/daily.cvd was March 2007. Did MailScanner change in December 2006... but on the other server I only did the update 3 months later? > > Does anyone have any ideas where I might be going wrong... > > Thanks Ajos1 > Go through your system and look for all traces of ClamAV. I would guess you have at least 2 different installations of it. Do "locate libclam" and see what it produces, I think there are two different sets of them. Delete all the ones you don't want and see if it starts picking up the right ones. You might need to "ldconfig" after deleting any libclam* files. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHXCuYEfZZRxQVtlQRAkRwAJ9+1xml6GHIuZDOUEKXHkC3iWu8GwCguCtL Mt3JfrHRMi0HjYextxykD3U= =b9v8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerard at seibercom.net Sun Dec 9 18:11:43 2007 From: gerard at seibercom.net (Gerard) Date: Sun Dec 9 18:11:37 2007 Subject: MailScanner version 4.65.3 andperl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <475C2534.4060200@farrows.org> References: <20071209120912.6DFC.3409F18E@seibercom.net> <475C2534.4060200@farrows.org> Message-ID: <20071209131108.C6EC.9364233A@seibercom.net> On Sunday December 09, 2007 at 12:26:12 (PM) Peter Farrow wrote: > Gerard wrote: > > On Sunday December 09, 2007 at 07:38:48 (AM) Randal, Phil wrote: > > > > > >> Half the problem is perl module authors who don't give a damn about > >> backwards-compatibility. > >> > > > > I think that is being a bit harsh. In many cases maintaining 100% backwards > > compatibility is not feasible. This becomes rapidly apparent when an update > > deals with a security problem for instance. Most authors make allowances for > > end users when possible; however, that is not always possible. Software > > development is an on gong process. To expect it to simply sit idle while > > end users catch up is ridiculous. > > > > A software developer makes a choice as to how he develops his product. An end > > user has a choice as to whether or not he/she wishes to use said product. If > > the end user declines to make his/her system compatible with the product they > > are trying to utilize, then they have in fact made a conscious decision to not > > use said product. > > > > If no users could maintain a system that was compatible with the authors > > product, then a case could be make that the software author's requirements > > were not reasonable. However; when the actual number of end users who are > > affected is minute, and mostly of their own conscious decision, blaming a > > software author is ludicrous. > > > > By the way, I was not aware that 'perl module authors' were being reimbursed > > for their efforts. Since they apparently are doing on their own dime, they can > > pretty much do as they wish with their product. No one is excluded from > > writing their own module and having it included in the Perl offerings. > > > > Just my own 2?. > >>In many cases maintaining 100% backwards > compatibility is not feasible. > > I disagree, in cases such as libraries which are inherently, by design, > to be called from other software, backwards compatibility is ESSENTIAL. It is only 'essential' if: 1) It is feasible to do so without incurring security or other incompatibility problems. 2) If the end user is forced to upgrade his current program in such a manner that it then requires an updated dependency. I have not seen any evidence that anyone is being forced to update their version of MainScanner. Even if they were, it would not make an iota of difference since it is possible to update Perl, and thus eliminate the perceived problem. That is obviously incorrect since other users are not encumbered by this problem. I realize that I am not familiar with every OS available; however, I still have not been given a solid reason why the updating of Perl, and if we are still referring to Perl-5.6, that is an obsolete version to begin with, why the end user cannot simply update Perl on their system also. I have updated Perl on my FreeBSD system in the past without any problems. > Making a library not backwards compatible is basically lazy and there is > no reason for it...you make everyone else work to modify the existing > code base rather make your library work as it did. You are assuming that the original module worked perfectly and therefore the author simply wanted to invest wasted time on attempting to improve it. I have sen no proof of that anywhere. Actually, I am going to contact the author an attempt to ascertain their reasons for updating the module and why it could not be made backward compatibility for what appears to be a relatively small group of users. If I actually get a reply, I will post it here. > If you can't make it backwards compatible, write an extension library, > if your code is insecure fix it. but keep the way it works. It works now, as evident by the users of it. It also works with MailScanner just fine, assuming you are not attempting to use it with antiquated software. > In many cases if you break compatibility in a library you just delay > (indefinitely or otherwise) its uptake and acceptance as we have seen on > this very list. I totally disagree. The only way anything gets accomplished is by individuals taking a lead. If everyone just assumes an attitude that once something works, leave it alone, we would still be living in caves. By your own account, why should Julian continue to work on this project? It already works, so leave it alone. Why run the risk of improving it if it ultimately causes it to fail with some obsolete software or , heavens forbid, actually causes an end user to maintain their system in a proper and timely fashion. -- Gerard From gmane at tippingmar.com Sun Dec 9 18:41:56 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Sun Dec 9 18:42:45 2007 Subject: CentOS yum repository In-Reply-To: References: <1197077097.25190.5.camel@lin-workstation.azapple.com> Message-ID: Kai Schaetzl wrote: > Mark Nienberg wrote on Fri, 07 Dec 2007 21:06:40 -0800: > >> I see that in the CentOS-Extra repo there is perl-MimeTools 1.77. > > You mean perl-MailTools, right? (There is also a MIME Tools package!) Whoops, yes I mean MailTools > So if >> you give that repo priority=1 and rpmforge priority=10, then yum should >> install the 1.77 version from Extras even if rpmforge has 2.02 in it. > > Yes. > You can also exclude certain packages in the repo file. Just add > > exclude=packagename (you can use globbing) > > Warning: multiple exclusions have to be on one line! > > Where is that "experimental yum repo"? Details are at http://yum.vanderkooij.org/ I'm hoping this catches on and becomes the preferred method for RHEL/CentOS installs. Mark From gmane at tippingmar.com Sun Dec 9 18:45:08 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Sun Dec 9 18:50:09 2007 Subject: CentOS yum repository In-Reply-To: <1197077097.25190.5.camel@lin-workstation.azapple.com> References: <1197077097.25190.5.camel@lin-workstation.azapple.com> Message-ID: Craig White wrote: > I don't think priorities would help for perl-MailTools because it wasn't > installed from a repo. Maybe if you already have MailTools installed from MailScanner's installation script you are right. But for a fresh install I think MailTools will be installed from a repo. Mark From MailScanner at ecs.soton.ac.uk Sun Dec 9 20:59:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Dec 9 20:59:59 2007 Subject: Beta release 4.66.3 and MIME-tools Message-ID: <475C573B.2090503@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the latest beta 4.66.3. I have updated the MIME-tools to the latest 5.425, to try to solve all your problems with yum repositories. Along with this, there is another dependency, perl-IO, and updates to some others, including perl-File-Temp. Installing it on a few other systems is showing up problems with not forcing the installation of perl-File-Temp. On RedHat 5 systems, I carefully don't force installation of any modules, as people had previously requested that. Inevitably, that has come back to bite me. Without installing the latest perl-File-Temp, the requirements of perl-MIME-tools are not met. So please try to install this version on your system, and let me know if the installation succeeds or not. If it does not succeed, do this to recover: 1) Use 'perl -MCPAN -e install File::Temp' 2) Re-run ./install.sh Then you should have a working system again. All advice on how to solve the problems with File::Temp are much appreciated. Should I just go back to forcing installation of modules on RedHat 5 again? And does it work on SuSE Linux as well? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHXFdDEfZZRxQVtlQRApWWAKCyoa8HjQAIG3rWD9gyFemE2rKWCgCfbp/G 4qurb6jpMviODWNZX87d3AY= =F1b0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Sun Dec 9 23:27:38 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Dec 9 23:28:00 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> References: <859497.35863.qm@web33302.mail.mud.yahoo.com> <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> Message-ID: on 12/9/2007 4:15 AM Randal, Phil spake the following: > I guess the big question is whether Jules can put a fix in for > perl-MIME-Tools version 5.424 without breaking 5.420-compatibility. > > Whether he should update his installer to use 5.424 is his call. > > Sometimes you just have to take the pain of keeping things up to date > and dealing with the breakages. > > We certainly will have to if we become dependent on the rpmforge repo. > He will eventually have to patch it, as sooner or later, some linux distro will be using 5.424. I'm sure he will get to it as his time permits. His fix for perl-mailtools came very quickly. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sun Dec 9 23:37:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Dec 9 23:37:41 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: References: Message-ID: on 12/8/2007 1:24 PM Kai Schaetzl spake the following: > I upgraded a machine which was still holding CentOS 4.2 to the current 4.5 > via yum. So far so good. Now, after upgrading MailScanner suddenly throws > this error to my warn log: > called with 2 bind variables when 0 are needed > > Google tells me there was one posting about this in April 2006 about this > on this list, no reply to it and not much else. > > Anyone knows what this means? > > Apparently, MailScanner is stull running ok. The MailScanner log itself > goes like this: > > Dec 8 22:10:38 nx05 MailScanner[16160]: New Batch: Scanning 1 messages, > 7338 bytes > Dec 8 22:10:46 nx05 MailScanner[16160]: Spam Checks: Found 1 spam > messages > Dec 8 22:10:46 nx05 MailScanner[16160]: Virus and Content Scanning: > Starting > Dec 8 22:10:50 nx05 MailScanner[16160]: called with 2 bind variables when > 0 are needed > Dec 8 22:10:50 nx05 MailScanner[16160]: Uninfected: Delivered 1 messages > Dec 8 22:10:50 nx05 MailScanner[16160]: Batch (1 message) processed in > 11.50 seconds > Dec 8 22:10:50 nx05 MailScanner[16160]: Logging message lB8LAbAk016953 to > SQL > Dec 8 22:10:50 nx05 MailScanner[16160]: "Always Looked Up Last" took 0.00 > seconds > Dec 8 22:10:50 nx05 MailScanner[16168]: lB8LAbAk016953: Logged to > MailWatch SQL > > So, could this be related to a clamav update as it happens during the > clamscan? > > MailScanner 4.54.6 > all Perl modules are from CentOS or rpmforge. Mail-Tools is still 1.77. > > Kai > You state that you just updated MailScanner, but you then list a version from mid 2006; "25/5/2006 - Release of stable 4.54.6. This is to get rid of all the issues with 4.53. Next release won't be until July or August. See the Change Log for details." -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From patrickchan at goodmark.com.cn Mon Dec 10 02:20:43 2007 From: patrickchan at goodmark.com.cn (Patrick) Date: Mon Dec 10 02:24:47 2007 Subject: Installation Problem on Fedora Core 8 Message-ID: <013a01c83ad3$43d7b660$f105010a@pc> Hi, I am facing MailScanner installation problem. I am using Fedora 8 and planning to install MailScanner latest version 4.65.3-1 However, install error occurs: # install.sh (skipped) + /usr/lib/rpm/find-debuginfo.sh /usr/src/redhat/BUILD/ExtUtils-MakeMaker-6.32 find: debug: No such file or directory + /usr/lib/rpm/check-buildroot /var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root/usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod:C Found '/var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root' in installed files; aborting error: Bad exit status from /var/tmp/rpm-tmp.4906 (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.4906 (%install) (skipped) + /usr/lib/rpm/find-debuginfo.sh /usr/src/redhat/BUILD/IO-stringy-2.108 find: debug: No such file or directory + /usr/lib/rpm/check-buildroot /var/tmp/perl-IO-stringy-root/usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod:C Found '/var/tmp/perl-IO-stringy-root' in installed files; aborting error: Bad exit status from /var/tmp/rpm-tmp.22440 (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.22440 (%install) Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.108-1.noarch.rpm. Maybe it did not build correctly? (skipped) Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.65.3-1.noarch -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071210/eff939ea/attachment.html From ugob at lubik.ca Mon Dec 10 03:34:36 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Dec 10 03:35:04 2007 Subject: Installation Problem on Fedora Core 8 In-Reply-To: <013a01c83ad3$43d7b660$f105010a@pc> References: <013a01c83ad3$43d7b660$f105010a@pc> Message-ID: Patrick wrote: > Hi, > > I am facing MailScanner installation problem. Is this a fresh install? If yes, I suggest you re-install something that has a longer life cycle, like centos. Sorry, I can't help your problem, but this advice is worth the noise. Ugo From MailScanner at ecs.soton.ac.uk Mon Dec 10 04:45:21 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 10 04:45:41 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: References: <859497.35863.qm@web33302.mail.mud.yahoo.com> <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> Message-ID: <475CC461.5010305@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 12/9/2007 4:15 AM Randal, Phil spake the following: >> I guess the big question is whether Jules can put a fix in for >> perl-MIME-Tools version 5.424 without breaking 5.420-compatibility. >> >> Whether he should update his installer to use 5.424 is his call. >> >> Sometimes you just have to take the pain of keeping things up to date >> and dealing with the breakages. >> >> We certainly will have to if we become dependent on the rpmforge repo. >> > He will eventually have to patch it, as sooner or later, some linux > distro will be using 5.424. I'm sure he will get to it as his time > permits. His fix for perl-mailtools came very quickly. > It didn't require any code mods at all. If you had installed the new MIME-tools via CPAN instead of just rpmforge, you would have picked up its requirements correctly. It needs a new File-Temp, IO and IO-stringy. Then it appears to work just fine. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHXMRoEfZZRxQVtlQRApXiAJsEYqZzxj0g9K/ug8enOiE4Qi6+rwCg4I34 Rxf2qefNc5Zrz38dg3tUTqo= =SpMD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From craigwhite at azapple.com Mon Dec 10 05:02:56 2007 From: craigwhite at azapple.com (Craig White) Date: Mon Dec 10 05:03:10 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <475CC461.5010305@ecs.soton.ac.uk> References: <859497.35863.qm@web33302.mail.mud.yahoo.com> <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> <475CC461.5010305@ecs.soton.ac.uk> Message-ID: <1197262976.5019.135.camel@lin-workstation.azapple.com> On Mon, 2007-12-10 at 04:45 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > > on 12/9/2007 4:15 AM Randal, Phil spake the following: > >> I guess the big question is whether Jules can put a fix in for > >> perl-MIME-Tools version 5.424 without breaking 5.420-compatibility. > >> > >> Whether he should update his installer to use 5.424 is his call. > >> > >> Sometimes you just have to take the pain of keeping things up to date > >> and dealing with the breakages. > >> > >> We certainly will have to if we become dependent on the rpmforge repo. > >> > > He will eventually have to patch it, as sooner or later, some linux > > distro will be using 5.424. I'm sure he will get to it as his time > > permits. His fix for perl-mailtools came very quickly. > > > It didn't require any code mods at all. If you had installed the new > MIME-tools via CPAN instead of just rpmforge, you would have picked up > its requirements correctly. It needs a new File-Temp, IO and IO-stringy. > Then it appears to work just fine. ---- Jules...that isn't practical or recommended. mixing cpan installs with rpm installs can create havoc Craig From MailScanner at ecs.soton.ac.uk Mon Dec 10 05:13:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 10 05:13:35 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <475CC461.5010305@ecs.soton.ac.uk> References: <859497.35863.qm@web33302.mail.mud.yahoo.com> <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> <475CC461.5010305@ecs.soton.ac.uk> Message-ID: <475CCAEF.4070202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > * PGP Signed: 12/10/07 at 04:45:28 > > > > Scott Silva wrote: >> on 12/9/2007 4:15 AM Randal, Phil spake the following: >>> I guess the big question is whether Jules can put a fix in for >>> perl-MIME-Tools version 5.424 without breaking 5.420-compatibility. >>> >>> Whether he should update his installer to use 5.424 is his call. >>> >>> Sometimes you just have to take the pain of keeping things up to date >>> and dealing with the breakages. >>> >>> We certainly will have to if we become dependent on the rpmforge repo. >>> >> He will eventually have to patch it, as sooner or later, some linux >> distro will be using 5.424. I'm sure he will get to it as his time >> permits. His fix for perl-mailtools came very quickly. >> > It didn't require any code mods at all. If you had installed the new > MIME-tools via CPAN instead of just rpmforge, you would have picked up > its requirements correctly. It needs a new File-Temp, IO and IO-stringy. > Then it appears to work just fine. I have just released 4.66.4 which checks to see you have a consistent pair of MIME-tools and IO-stringy, as they are the important ones. Please try this with your current installation (ie just install the mailscanner*rpm file) and see if it catches the error correctly. Then run the whole install.sh to get the new modules and then try it again and it should work this time. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHXMrxEfZZRxQVtlQRAmQAAJ0TzTBwNkAsbHOhPoptxzYD9RRw/gCfU+y2 XMnFJA+uvTGupR3lpmS+LsQ= =Zde9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Dec 10 05:28:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 10 05:29:04 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <475CCAEF.4070202@ecs.soton.ac.uk> References: <859497.35863.qm@web33302.mail.mud.yahoo.com> <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> <475CC461.5010305@ecs.soton.ac.uk> <475CCAEF.4070202@ecs.soton.ac.uk> Message-ID: <475CCE91.6090308@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > * PGP Signed: 12/10/07 at 05:13:21 > > > > Julian Field wrote: >> > Old Signed: 12/10/07 at 04:45:28 >> >> >> >> Scott Silva wrote: >>> on 12/9/2007 4:15 AM Randal, Phil spake the following: >>>> I guess the big question is whether Jules can put a fix in for >>>> perl-MIME-Tools version 5.424 without breaking 5.420-compatibility. >>>> >>>> Whether he should update his installer to use 5.424 is his call. >>>> >>>> Sometimes you just have to take the pain of keeping things up to date >>>> and dealing with the breakages. >>>> >>>> We certainly will have to if we become dependent on the rpmforge repo. >>>> >>> He will eventually have to patch it, as sooner or later, some linux >>> distro will be using 5.424. I'm sure he will get to it as his time >>> permits. His fix for perl-mailtools came very quickly. >>> >> It didn't require any code mods at all. If you had installed the new >> MIME-tools via CPAN instead of just rpmforge, you would have picked >> up its requirements correctly. It needs a new File-Temp, IO and >> IO-stringy. >> Then it appears to work just fine. > I have just released 4.66.4 which checks to see you have a consistent > pair of MIME-tools and IO-stringy, as they are the important ones. Correction: MIME-tools and IO. IO-stringy doesn't appear to be as critical. Without the IO module update, MIME-tools won't even build. > Please try this with your current installation (ie just install the > mailscanner*rpm file) and see if it catches the error correctly. Then > run the whole install.sh to get the new modules and then try it again > and it should work this time. This still applies. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHXM6TEfZZRxQVtlQRAkA+AJ0aM2WUgLejjz7aEx/w7L/rudAPDwCfa8tu krha+8xRYX3P4tSLE3QB1oc= =HMYZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Dec 10 06:26:32 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Dec 10 06:27:16 2007 Subject: MailScanner --lint doesn't check Eicar virus - OK here! In-Reply-To: <475CC461.5010305@ecs.soton.ac.uk> References: <859497.35863.qm@web33302.mail.mud.yahoo.com> <7EF0EE5CB3B263488C8C18823239BEBA03CF3F@HC-MBX02.herefordshire.gov.uk> <475CC461.5010305@ecs.soton.ac.uk> Message-ID: <475CDC18.90907@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > > Scott Silva wrote: >> on 12/9/2007 4:15 AM Randal, Phil spake the following: >>> I guess the big question is whether Jules can put a fix in for >>> perl-MIME-Tools version 5.424 without breaking 5.420-compatibility. >>> >>> Whether he should update his installer to use 5.424 is his call. >>> >>> Sometimes you just have to take the pain of keeping things up to date >>> and dealing with the breakages. >>> >>> We certainly will have to if we become dependent on the rpmforge repo. >>> >> He will eventually have to patch it, as sooner or later, some linux >> distro will be using 5.424. I'm sure he will get to it as his time >> permits. His fix for perl-mailtools came very quickly. > > It didn't require any code mods at all. If you had installed the new > MIME-tools via CPAN instead of just rpmforge, you would have picked up > its requirements correctly. It needs a new File-Temp, IO and IO-stringy. > Then it appears to work just fine. What are the combinations you have tested? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHXNwTBvzDRVjxmYERAtZWAJ4nkqlKquZLD1NgHqp2A2v8s1il0QCggXDP Yhq8dKP0kVZVLKJoiNhUPC0= =gB58 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Mon Dec 10 06:33:11 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Dec 10 06:33:53 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475C573B.2090503@ecs.soton.ac.uk> References: <475C573B.2090503@ecs.soton.ac.uk> Message-ID: <475CDDA7.2060209@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > I have just released the latest beta 4.66.3. > I have updated the MIME-tools to the latest 5.425, to try to solve all > your problems with yum repositories. > Along with this, there is another dependency, perl-IO, and updates to > some others, including perl-File-Temp. > > Installing it on a few other systems is showing up problems with not > forcing the installation of perl-File-Temp. On RedHat 5 systems, I > carefully don't force installation of any modules, as people had > previously requested that. Inevitably, that has come back to bite me. > Without installing the latest perl-File-Temp, the requirements of > perl-MIME-tools are not met. This would indicate to me the rpmforge package is broken at this moment. If you can provide me with details I can create a bug report. This needs to be adressed by the packager. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHXN2mBvzDRVjxmYERAowvAJ4k0CreloCU/P5dD3nc8TvVg5adTACcDQOR ItNdDIKsZWSVekAkC6k9yCE= =sAmP -----END PGP SIGNATURE----- From maillists at conactive.com Mon Dec 10 10:32:06 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Dec 10 10:32:12 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475C573B.2090503@ecs.soton.ac.uk> References: <475C573B.2090503@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sun, 09 Dec 2007 20:59:39 +0000: > All advice on how to solve the problems with File::Temp are much > appreciated. Should I just go back to forcing installation of modules on > RedHat 5 again? No. The big question for me is: Why do you force that MIME-tools installation? I have always avoided your "special" package and haven't seen problems with the MIME-tools that were coming with the system. > Without installing the latest perl-File-Temp, the requirements of > perl-MIME-tools are not met. I find this rather scary. Why would you want to force us to always use the latest libraries? There are good reasons why people may not want to upgrade the existing perl modules they have on the system, with the exception of official security fixes. MailScanner, even new versions, has been working reliably on older systems in the past. This would change it. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Dec 10 10:32:06 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Dec 10 10:33:49 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475CDDA7.2060209@vanderkooij.org> References: <475C573B.2090503@ecs.soton.ac.uk> <475CDDA7.2060209@vanderkooij.org> Message-ID: Hugo van der Kooij wrote on Mon, 10 Dec 2007 07:33:11 +0100: > This would indicate to me the rpmforge package is broken at this moment. Why? He's forcing installation of his special MIME-tools which seems to depend on a new version of perl-File-Temp. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Dec 10 12:48:41 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Dec 10 12:48:46 2007 Subject: clamscan --debug output Message-ID: I noticed when using clamscan --debug I get output like LibClamAV debug: Signature offset: 52156282, expected: 0 (Exploit.CVE_2007_0038). It may produce hundreds of this kind of message (depending on the directory I'm in as it is scanning the content of it). Scanning seems to be working fine, though. Is this something to worry about? I wonder if this happens when it finds a fake signature start and can't find the next offset where the real malware would continue? Best to do in an empty directory if I just want to have the info? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Dec 10 12:48:41 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Dec 10 12:50:24 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: References: Message-ID: Scott, you misread the first sentence. I upgraded from "CentOS 4.2 to the current 4.5". (Actually, it was from 4.3 to 4.5.) MailScanner was not updated. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jplorier at montecarlotv.com.uy Mon Dec 10 13:34:20 2007 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Mon Dec 10 12:52:13 2007 Subject: MailScanner Digest, Vol 24, Issue 14 In-Reply-To: <200712081200.lB8C0Afl022273@safir.blacknight.ie> Message-ID: Hi Steve Thanks for the guidence. Here is the output of the command you asked me to try. [root@mailscanner mail]# echo "3,0 jplorier@mailcanal.no-ip.org"|sendmail -bt -d0.10 Version 8.13.8 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC USE_DOUBLE_FORK USE_SIGLONGJMP Kernel symbols: /boot/vmlinux Conf file: /etc/mail/submit.cf (default for MSP) Conf file: /etc/mail/sendmail.cf (default for MTA) Pid file: /var/run/sendmail.pid (default) Canonical name: mailscanner.mailcanal.no-ip.org UUCP nodename: mailscanner.mailcanal.no-ip.org a.k.a.: [192.168.2.XX] Conf file: /etc/mail/sendmail.cf (selected) Pid file: /var/run/sendmail.pid (selected) ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = mailscanner (canonical domain name) $j = mailscanner. my.domain.org (subdomain name) $m = my.domain.org (node name) $k = mailscanner. my.domain.org ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> canonify input: jplorier @ my . domain . org Canonify2 input: jplorier < @ my. domain . org > Canonify2 returns: jplorier < @ my. domain . org . > canonify returns: jplorier < @ my. domain . org . > parse input: jplorier < @ my. domain . org . > Parse0 input: jplorier < @ my. domain . org . > Parse0 returns: jplorier < @ my. domain . org . > ParseLocal input: jplorier < @ my. domain . org . > ParseLocal returns: jplorier < @ my. domain . org . > Parse1 input: jplorier < @ my. domain . org . > Parse1 returns: $# local $: jplorier parse returns: $# local $: jplorier As you can see there's no esmtp or smtp line at all, the most likely are the last two that point to local (which you told me is wrong). As I said earlier, I'm quite a rookie in mail stuff, so there are tones of stuff I don't know how to hanndle. In other replays to my post they suggest me to stop mails at the gateway for no further proccessing under the risk of being blacklisted, so maybe I shoud choose to go this way. If you can help me to solve this trough then I can get to connect to my Scalix LDAP database for user resolution. I have rechecked access and local-host-names for any problem. I have two different ways to point to the server: One is via my DNS server with a fake zone for testing. This server is used by the Scalix server for resolution, so can point to the gateway localy. The second is via a free hostname in no-ip.org domain, but as I have my doubts it's working properly, I stopped using it until the other tests succeed. Thanks again for the support you all people are giving me. From maillists at conactive.com Mon Dec 10 13:06:06 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Dec 10 13:06:09 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: References: <475C573B.2090503@ecs.soton.ac.uk> Message-ID: Kai Schaetzl wrote on Mon, 10 Dec 2007 11:32:06 +0100: > > Without installing the latest perl-File-Temp, the requirements of > > perl-MIME-tools are not met. BTW, Jules, File::Temp is another perl core package on RHEL/CentOS 5 and should not be upgraded by external packages as it may affect other packages or create a problem when the core package gets updated. Just stumbled over this on the CentOS list from yesterday. > Where do I find an RPM for perl-File-Temp for Centos 5 that will work? At some > point Perl got upgraded, and perl-File-Temp stopped working, killing > amavisd-new. So, you don't seem to be the only one requiring latest File::Temp. Are there other solutions than going to a very new File::Temp? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Mon Dec 10 14:50:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 10 14:50:23 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: References: <475C573B.2090503@ecs.soton.ac.uk> Message-ID: <475D5221.80502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai Schaetzl wrote: > Kai Schaetzl wrote on Mon, 10 Dec 2007 11:32:06 +0100: > > >>> Without installing the latest perl-File-Temp, the requirements of >>> perl-MIME-tools are not met. >>> > > BTW, Jules, File::Temp is another perl core package on RHEL/CentOS 5 > and should not be upgraded by external packages as it may affect other > packages or create a problem when the core package gets updated. > Just stumbled over this on the CentOS list from yesterday. > Turns out it's IO which causes most of the problem, not File::Temp. If on a RHEL5 box you do not upgrade that, MIME-tools (latest) will not work. It won't even build. Try it. > >> Where do I find an RPM for perl-File-Temp for Centos 5 that will work? At some >> point Perl got upgraded, and perl-File-Temp stopped working, killing >> amavisd-new. >> > > So, you don't seem to be the only one requiring latest File::Temp. > Are there other solutions than going to a very new File::Temp? > > Kai > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHXVIiEfZZRxQVtlQRAj9TAKCU69z3SH8XVQ5cBawGh3zKR591fgCeL8Fw Ub777gdvMhRQGRtgpS4+Esk= =xr97 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jplorier at montecarlotv.com.uy Mon Dec 10 17:39:23 2007 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Mon Dec 10 16:54:53 2007 Subject: Setting gateway In-Reply-To: <200712081200.lB8C0Afl022273@safir.blacknight.ie> Message-ID: Steve, I'm setting up the MailScanner gateway and Scalix server both behind a firewall. SMTP is redirected via NAT to mailscanner for all transactions with the outside world, while pop, imap and http are NAT to the Scalix server. In the inside, both servers run in the same subnetwork as the dns server that is declared as master for the fake zone that I use as test. Mailscanner has the only MX record, and the dns server is also in the same subnetwork. Thanks to everyone for the help From martinh at solidstatelogic.com Mon Dec 10 17:03:40 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Dec 10 17:04:00 2007 Subject: Setting gateway In-Reply-To: Message-ID: Juan Go to the wiki, find your MTA (sendmail/exim etc) and follow the instructions for setting up a gateway.. "http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Juan Pablo Lorier > Sent: 10 December 2007 17:39 > To: mailscanner@lists.mailscanner.info > Subject: Re: Setting gateway > > Steve, > > I'm setting up the MailScanner gateway and Scalix server both behind a > firewall. > SMTP is redirected via NAT to mailscanner for all transactions with the > outside world, while pop, imap and http are NAT to the Scalix server. > In the inside, both servers run in the same subnetwork as the dns server > that is declared as master for the fake zone that I use as test. > Mailscanner has the only MX record, and the dns server is also in the > same subnetwork. > Thanks to everyone for the help > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From patrickchan at goodmark.com.cn Mon Dec 10 17:00:25 2007 From: patrickchan at goodmark.com.cn (Patrick) Date: Mon Dec 10 17:04:28 2007 Subject: Installation Problem on Fedora Core 8 References: <013a01c83ad3$43d7b660$f105010a@pc> Message-ID: <021d01c83b4e$286e6330$f105010a@pc> SGkgYWxsLA0KDQpJIGZvbGxvdyBVZ28ncyBhZHZpY2UsIHJlLWluc3RhbGwgdGhlIG1hY2hpbmUg d2l0aCBDZW50T1MsIGluc3RlYWQgb2YgRkM4DQoNClRoZSBpbnN0YWxsYXRpb24gaXMgc3VjY2Vz c2Z1bCAhDQoNCldoeSBjYW4ndCBpbnN0YWxsIE1haWxTY2FubmVyIDQuNjUuMy0xIG9uIEZDOD8g QW55b25lIGNhbiBleHBsYWluPw0KDQpUaGFua3MgVWdvLg0KDQotLS0tLSBPcmlnaW5hbCBNZXNz YWdlIC0tLS0tIA0KRnJvbTogIlVnbyBCZWxsYXZhbmNlIiA8dWdvYkBsdWJpay5jYT4NClRvOiA8 bWFpbHNjYW5uZXJAbGlzdHMubWFpbHNjYW5uZXIuaW5mbz4NClNlbnQ6IE1vbmRheSwgRGVjZW1i ZXIgMTAsIDIwMDcgMTE6MzQgQU0NClN1YmplY3Q6IFJlOiBJbnN0YWxsYXRpb24gUHJvYmxlbSBv biBGZWRvcmEgQ29yZSA4DQoNCg0KPiBQYXRyaWNrIHdyb3RlOg0KPiA+IEhpLA0KPiA+ICANCj4g PiBJIGFtIGZhY2luZyBNYWlsU2Nhbm5lciBpbnN0YWxsYXRpb24gcHJvYmxlbS4NCj4gDQo+IElz IHRoaXMgYSBmcmVzaCBpbnN0YWxsPyBJZiB5ZXMsIEkgc3VnZ2VzdCB5b3UgcmUtaW5zdGFsbCBz b21ldGhpbmcgdGhhdCANCj4gaGFzIGEgbG9uZ2VyIGxpZmUgY3ljbGUsIGxpa2UgY2VudG9zLg0K PiANCj4gU29ycnksIEkgY2FuJ3QgaGVscCB5b3VyIHByb2JsZW0sIGJ1dCB0aGlzIGFkdmljZSBp cyB3b3J0aCB0aGUgbm9pc2UuDQo+IA0KPiBVZ28NCj4gDQo+IC0tIA0KPiBNYWlsU2Nhbm5lciBt YWlsaW5nIGxpc3QNCj4gbWFpbHNjYW5uZXJAbGlzdHMubWFpbHNjYW5uZXIuaW5mbw0KPiBodHRw Oi8vbGlzdHMubWFpbHNjYW5uZXIuaW5mby9tYWlsbWFuL2xpc3RpbmZvL21haWxzY2FubmVyDQo+ IA0KPiBCZWZvcmUgcG9zdGluZywgcmVhZCBodHRwOi8vd2lraS5tYWlsc2Nhbm5lci5pbmZvL3Bv c3RpbmcNCj4gDQo+IFN1cHBvcnQgTWFpbFNjYW5uZXIgZGV2ZWxvcG1lbnQgLSBidXkgdGhlIGJv b2sgb2ZmIHRoZSB3ZWJzaXRlIQ0K From admin at lctn.org Mon Dec 10 17:02:49 2007 From: admin at lctn.org (admin@lctn.org) Date: Mon Dec 10 17:05:12 2007 Subject: junk folder problem Message-ID: <4356.10.10.1.1.1197306169.squirrel@lctn.org> I Have one school in particular that says many clean messages end up in Outlook, and Thunderbird junk folders. They feel the problem started after we began to scan their mail for them. Is this possible? If so, what can be done about it? Raymond From martinh at solidstatelogic.com Mon Dec 10 17:45:06 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Dec 10 17:45:15 2007 Subject: junk folder problem In-Reply-To: <4356.10.10.1.1.1197306169.squirrel@lctn.org> Message-ID: <276499a3ff5b4c41b83542145933b1a2@solidstatelogic.com> Raymond If you're SA/MS is upto to scratch it should be way better than outleek/thunderbird so they should be able to turn that off. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of admin@lctn.org > Sent: 10 December 2007 17:03 > To: mailscanner@lists.mailscanner.info > Subject: junk folder problem > > I Have one school in particular that says many clean messages end up in > Outlook, and Thunderbird junk folders. They feel the problem started after > we began to scan their mail for them. Is this possible? If so, what can be > done about it? > > > > Raymond > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ajcartmell at fonant.com Mon Dec 10 17:56:55 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon Dec 10 17:56:55 2007 Subject: junk folder problem In-Reply-To: <4356.10.10.1.1.1197306169.squirrel@lctn.org> References: <4356.10.10.1.1.1197306169.squirrel@lctn.org> Message-ID: > I Have one school in particular that says many clean messages end up in > Outlook, and Thunderbird junk folders. They feel the problem started > after > we began to scan their mail for them. Is this possible? Yes, possibly, if MailScanner is modifying the messages in a manner that Outlook or Thunderbird think is spammy. Getting lots of ham and no spam might be throwing their learning filters off? Having said that I've never had any problems with Opera's learning spam filter. > If so, what can be done about it? You'd have to look at the characteristics of the junked messages to find out, to see if there's anything they have in common. Anthony -- www.fonant.com - Quality web sites From hvdkooij at vanderkooij.org Mon Dec 10 17:56:27 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Dec 10 17:57:20 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: References: <475C573B.2090503@ecs.soton.ac.uk> <475CDDA7.2060209@vanderkooij.org> Message-ID: <475D7DCB.6010601@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai Schaetzl wrote: > Hugo van der Kooij wrote on Mon, 10 Dec 2007 07:33:11 +0100: > >> This would indicate to me the rpmforge package is broken at this moment. > > Why? He's forcing installation of his special MIME-tools which seems to > depend on a new version of perl-File-Temp. Hmm. That --force option is not good. I see it fail all the time. rm Sadam -from Iraq --force sex --force rpm -I --force .... Nope. None of them seems to end up in anything but chaos and pain. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHXX3JBvzDRVjxmYERAupyAJ9RI+8VqYYiXjMixeUSoWpMJzvVoQCgiyTn Lpe4ABVRXxY2zNUPgibAvkA= =G1/w -----END PGP SIGNATURE----- From uxbod at splatnix.net Mon Dec 10 18:35:49 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Dec 10 18:35:50 2007 Subject: junk folder problem In-Reply-To: Message-ID: <16450294.8921197311749034.JavaMail.root@office.splatnix.net> If the email is really clean then it should be fine. Check the headers etc to see what MS is scoring them as, or MailWatch if your running it. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Anthony Cartmell" To: "MailScanner discussion" Sent: Monday, December 10, 2007 5:56:55 PM (GMT) Europe/London Subject: Re: junk folder problem > I Have one school in particular that says many clean messages end up in > Outlook, and Thunderbird junk folders. They feel the problem started > after > we began to scan their mail for them. Is this possible? Yes, possibly, if MailScanner is modifying the messages in a manner that Outlook or Thunderbird think is spammy. Getting lots of ham and no spam might be throwing their learning filters off? Having said that I've never had any problems with Opera's learning spam filter. > If so, what can be done about it? You'd have to look at the characteristics of the junked messages to find out, to see if there's anything they have in common. Anthony -- www.fonant.com - Quality web sites -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Mon Dec 10 18:40:29 2007 From: peter at farrows.org (Peter Farrow) Date: Mon Dec 10 18:40:48 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475D7DCB.6010601@vanderkooij.org> References: <475C573B.2090503@ecs.soton.ac.uk> <475CDDA7.2060209@vanderkooij.org> <475D7DCB.6010601@vanderkooij.org> Message-ID: <475D881D.5000602@farrows.org> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Kai Schaetzl wrote: > >> Hugo van der Kooij wrote on Mon, 10 Dec 2007 07:33:11 +0100: >> >> >>> This would indicate to me the rpmforge package is broken at this moment. >>> >> Why? He's forcing installation of his special MIME-tools which seems to >> depend on a new version of perl-File-Temp. >> > > Hmm. That --force option is not good. I see it fail all the time. > > rm Sadam -from Iraq --force > sex --force > rpm -I --force .... > > Nope. None of them seems to end up in anything but chaos and pain. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHXX3JBvzDRVjxmYERAupyAJ9RI+8VqYYiXjMixeUSoWpMJzvVoQCgiyTn > Lpe4ABVRXxY2zNUPgibAvkA= > =G1/w > -----END PGP SIGNATURE----- > sex --force always seemed to work for my wife with good results -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From uxbod at splatnix.net Mon Dec 10 18:43:49 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Dec 10 18:43:53 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475D881D.5000602@farrows.org> Message-ID: <28180401.9011197312229512.JavaMail.root@office.splatnix.net> now now lets keep it clean ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Dec 10 20:05:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 10 20:22:39 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: References: <475C573B.2090503@ecs.soton.ac.uk> <475CDDA7.2060209@vanderkooij.org> Message-ID: on 12/10/2007 2:32 AM Kai Schaetzl spake the following: > Hugo van der Kooij wrote on Mon, 10 Dec 2007 07:33:11 +0100: > >> This would indicate to me the rpmforge package is broken at this moment. > > Why? He's forcing installation of his special MIME-tools which seems to > depend on a new version of perl-File-Temp. > > Kai > This only came about because rpmforge released a new version of perl-MIMETools to the ent4 repo that seems to have broken requires. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Dec 10 20:02:41 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 10 20:26:28 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: References: Message-ID: on 12/10/2007 4:48 AM Kai Schaetzl spake the following: > Scott, you misread the first sentence. I upgraded from > "CentOS 4.2 to the current 4.5". (Actually, it was from 4.3 to 4.5.) > MailScanner was not updated. > Oops! Should keep my posting to myself on those real busy days. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Dec 10 20:11:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 10 20:27:28 2007 Subject: Installation Problem on Fedora Core 8 In-Reply-To: <021d01c83b4e$286e6330$f105010a@pc> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> Message-ID: on 12/10/2007 9:00 AM Patrick spake the following: > Hi all, > > I follow Ugo's advice, re-install the machine with CentOS, instead of FC8 > > The installation is successful ! > > Why can't install MailScanner 4.65.3-1 on FC8? Anyone can explain? > > Thanks Ugo. From what I have been able to see on several forums is that Fedora changed the rpm build directories in some way, either by permission, UPPER/lower case, or the .rpmmacros file. I haven't tried FC8 to see for myself. There was even some speculation that they were discouraging package building as root, but I find that a little much. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Dec 10 20:06:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 10 20:32:13 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475D881D.5000602@farrows.org> References: <475C573B.2090503@ecs.soton.ac.uk> <475CDDA7.2060209@vanderkooij.org> <475D7DCB.6010601@vanderkooij.org> <475D881D.5000602@farrows.org> Message-ID: on 12/10/2007 10:40 AM Peter Farrow spake the following: > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Kai Schaetzl wrote: >> >>> Hugo van der Kooij wrote on Mon, 10 Dec 2007 07:33:11 +0100: >>> >>> >>>> This would indicate to me the rpmforge package is broken at this >>>> moment. >>>> >>> Why? He's forcing installation of his special MIME-tools which seems >>> to depend on a new version of perl-File-Temp. >>> >> >> Hmm. That --force option is not good. I see it fail all the time. >> >> rm Sadam -from Iraq --force >> sex --force >> rpm -I --force .... >> >> Nope. None of them seems to end up in anything but chaos and pain. >> >> Hugo. >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (GNU/Linux) >> >> iD8DBQFHXX3JBvzDRVjxmYERAupyAJ9RI+8VqYYiXjMixeUSoWpMJzvVoQCgiyTn >> Lpe4ABVRXxY2zNUPgibAvkA= >> =G1/w >> -----END PGP SIGNATURE----- >> > sex --force > always seemed to work for my wife with good results > > > Confusing --beg-and-plead with --force ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Dec 10 20:39:16 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Dec 10 20:40:03 2007 Subject: called with 2 bind variables when 0 are needed In-Reply-To: References: Message-ID: on 12/10/2007 12:02 PM Scott Silva spake the following: > on 12/10/2007 4:48 AM Kai Schaetzl spake the following: >> Scott, you misread the first sentence. I upgraded from "CentOS 4.2 to >> the current 4.5". (Actually, it was from 4.3 to 4.5.) >> MailScanner was not updated. >> > Oops! Should keep my posting to myself on those real busy days. > AFAIR, CentOS had a perl update late in 4.5. Maybe this did some damage. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ebhoeve-ms at ehoeve.com Mon Dec 10 23:31:41 2007 From: ebhoeve-ms at ehoeve.com (Eric Hoeve) Date: Mon Dec 10 23:32:13 2007 Subject: MailScanner, Postfix, Cyrus-imap, SpamAssassin and MySQL Message-ID: <475DCC5D.1050604@ehoeve.com> postfix 2.4.5 MailScanner 4.6.5-1 Cyrus-Imap 2.3.7 SpamAssassin 3.2.3 I have been running MailScanner and with clamav, spamassassin, postfix, cyrus-imap and etc for 3 years now on several different servers. It has been a great piece of software, but now I want to implement an sql (mysql/psql) backend for spamassassin and let each user add his/her own whitelists and blacklists. I have looked through the MailScanner list and have not found a "good" solution for this. Any help would be greatly appreciated. Thanks in advance. -Eric -=-=-=-=-=-=-=-=-=-=-=- Eric Hoeve eHoeve Solutions, LLC Specializing in Open Source Web & Email Solutions RHCE - RedHat Certified Engineer -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rpotter at rpcs.net Tue Dec 11 00:58:52 2007 From: rpotter at rpcs.net (Richard Potter) Date: Tue Dec 11 00:59:09 2007 Subject: Installation Problem on Fedora Core 8 In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> Message-ID: <20071211005852.GA7117@rpcs.net> On Mon, Dec 10, 2007 at 12:11:15PM -0800, Scott Silva wrote: > on 12/10/2007 9:00 AM Patrick spake the following: > >Hi all, > > > >I follow Ugo's advice, re-install the machine with CentOS, instead of FC8 > > > >The installation is successful ! > > > >Why can't install MailScanner 4.65.3-1 on FC8? Anyone can explain? > > > >Thanks Ugo. > From what I have been able to see on several forums is that Fedora changed > the rpm build directories in some way, either by permission, UPPER/lower > case, or the .rpmmacros file. I haven't tried FC8 to see for myself. > There was even some speculation that they were discouraging package > building as root, but I find that a little much. Whatever the case, Ugo's advice was the best. Fedora has a purpose, but not as a mail server of any importance IMHO. I *will* be testing FC8 in vmware for a desktop, but that is about it. Richard From edward at tdcs.com.au Tue Dec 11 04:24:08 2007 From: edward at tdcs.com.au (Edward Dekkers) Date: Tue Dec 11 04:26:20 2007 Subject: PERL Stuff Message-ID: All this stuff about PERL and MailScanner is making me a coward, especially as I'm still very new to MailScanner. My question is: Ubuntu Server 7.10 is listing a whole heap of PERL updates from 5.8.8-7ubuntu3 to 5.8.8-7ubuntu3.1 as availabe updates. Can someone please confirm this is NOT the update you guys have been talking about and it's safe to install? Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071211/03c42d46/attachment.html From gdoris at rogers.com Tue Dec 11 06:54:38 2007 From: gdoris at rogers.com (Gerry Doris) Date: Tue Dec 11 06:55:47 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475C573B.2090503@ecs.soton.ac.uk> References: <475C573B.2090503@ecs.soton.ac.uk> Message-ID: <475E342E.3050900@rogers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest beta 4.66.3. > I have updated the MIME-tools to the latest 5.425, to try to solve all > your problems with yum repositories. > Along with this, there is another dependency, perl-IO, and updates to > some others, including perl-File-Temp. > > Installing it on a few other systems is showing up problems with not > forcing the installation of perl-File-Temp. On RedHat 5 systems, I > carefully don't force installation of any modules, as people had > previously requested that. Inevitably, that has come back to bite me. > Without installing the latest perl-File-Temp, the requirements of > perl-MIME-tools are not met. > > So please try to install this version on your system, and let me know if > the installation succeeds or not. If it does not succeed, do this to > recover: > 1) Use 'perl -MCPAN -e install File::Temp' > 2) Re-run ./install.sh > > Then you should have a working system again. > > All advice on how to solve the problems with File::Temp are much > appreciated. Should I just go back to forcing installation of modules on > RedHat 5 again? > > And does it work on SuSE Linux as well? > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > I've upgraded MailScanner to 4.66.3 and it's working fine. However, I noticed that your latest version of Test::Harness didn't install. I'm still using version 2.52. I also attempted to upgrade my version of CPAN. The newest version of CPAN requires at least Test::Harness 2.62. When CPAN tries to upgrade to that version I get an error message that the 2.52 install looks suspicious and it won't do the upgrade. I've tried everything I can think of to remove/upgrade Test::Harness without success. How can I get remove the 2.52 version of Test::Harness and move the a higher version? From mailscanner at PDSCC.COM Tue Dec 11 07:03:27 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Dec 11 07:03:23 2007 Subject: problems with mail queuing up Message-ID: <20071211070319.57E3F82BF4@sinclaire.sibble.net> Okay, after a successful ip addressing change by the isp on friday then getting hit with the perl-MailTools upgrade which broke mailscanner on Friday and wasn't discovered until this morning, now that I've reverted mailtools as per "Erick Perez" Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO In my case I am running 4.62.9-3, reverted mailtools and all seemed well. During the weekend and today, the queue got up to around 450 messages. After successfully starting MS, I noticed all of nothing updating in Mailwatch. Looking in the maillogs I see several errors, of which copious googling doesn't give me any fixes. Errors are for email still sitting in the queue (delivery temporarily suspended: unknown mail transport error) in the maillog's I see Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: private/smtp socket: malformed response Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description Dec 10 22:44:06 cyclops postfix/qmgr[7466]: CF388B340F8: to=, orig_to=, relay=none, delay=616, status=deferred (delivery temporarily suspended: unknown mail transport error) Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: premature end-of-input on private/smtp socket while reading input attribute name Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: private/smtp socket: malformed response Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description and Dec 10 22:53:16 cyclops postfix/smtp[9544]: warning: connect #2 to subsystem private/scache: Connection refused Dec 10 22:53:16 cyclops postfix/smtp[9542]: warning: connect #2 to subsystem private/scache: Connection refused Dec 10 22:53:16 cyclops postfix/smtp[9548]: warning: connect #2 to subsystem private/scache: Connection refused Tried this tried postqueue -f postsuper -r ALL end result a few (maybe 10) messages leave the queue Googling, I came across comments involving upgrading the version of postfix. eg (see the section - September 20, 2005 Postfix, Red Hat Enterprise Linux and a Dell PowerEdge 2650) http://www.sharp-tools.net/archives/2005_09.html This all seems to have happened in conjunction with this perl issue, so not sure what to make of it at this point. Comments I was thinking of just going to the MailScanner-4.66.4-3 beta, but the pgp sig is not there for this, when it downloads the sig, I get the following as the text of the sig file 404 Not Found

Not Found

The requested URL /files/4/rpm/MailScanner-4.66.4-3.rpm.tar.gz.sig was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.37 Server at www.mailscanner.info Port 80
-- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From J.Ede at birchenallhowden.co.uk Tue Dec 11 08:16:33 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Dec 11 08:18:58 2007 Subject: problems with mail queuing up In-Reply-To: <20071211070319.57E3F82BF4@sinclaire.sibble.net> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00BF582@server02.bhl.local> Ummm... You aren't by any chance running postfix in a chroot jail are you? I've tended to see those logs when the files in the chroot jail that postfix needs haven't been updated (or if there is something else running on port 25) If you are then try a service postfix restart and post the postfix logs at that time up here... ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Harondel J. Sibble [mailscanner@PDSCC.COM] Sent: 11 December 2007 07:03 To: mailscanner@lists.mailscanner.info Subject: problems with mail queuing up Okay, after a successful ip addressing change by the isp on friday then getting hit with the perl-MailTools upgrade which broke mailscanner on Friday and wasn't discovered until this morning, now that I've reverted mailtools as per "Erick Perez" Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO In my case I am running 4.62.9-3, reverted mailtools and all seemed well. During the weekend and today, the queue got up to around 450 messages. After successfully starting MS, I noticed all of nothing updating in Mailwatch. Looking in the maillogs I see several errors, of which copious googling doesn't give me any fixes. Errors are for email still sitting in the queue (delivery temporarily suspended: unknown mail transport error) in the maillog's I see Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: private/smtp socket: malformed response Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description Dec 10 22:44:06 cyclops postfix/qmgr[7466]: CF388B340F8: to=, orig_to=, relay=none, delay=616, status=deferred (delivery temporarily suspended: unknown mail transport error) Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: premature end-of-input on private/smtp socket while reading input attribute name Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: private/smtp socket: malformed response Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description and Dec 10 22:53:16 cyclops postfix/smtp[9544]: warning: connect #2 to subsystem private/scache: Connection refused Dec 10 22:53:16 cyclops postfix/smtp[9542]: warning: connect #2 to subsystem private/scache: Connection refused Dec 10 22:53:16 cyclops postfix/smtp[9548]: warning: connect #2 to subsystem private/scache: Connection refused Tried this tried postqueue -f postsuper -r ALL end result a few (maybe 10) messages leave the queue Googling, I came across comments involving upgrading the version of postfix. eg (see the section - September 20, 2005 Postfix, Red Hat Enterprise Linux and a Dell PowerEdge 2650) http://www.sharp-tools.net/archives/2005_09.html This all seems to have happened in conjunction with this perl issue, so not sure what to make of it at this point. Comments I was thinking of just going to the MailScanner-4.66.4-3 beta, but the pgp sig is not there for this, when it downloads the sig, I get the following as the text of the sig file 404 Not Found

Not Found

The requested URL /files/4/rpm/MailScanner-4.66.4-3.rpm.tar.gz.sig was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.37 Server at www.mailscanner.info Port 80
-- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From peter at farrows.org Tue Dec 11 08:24:07 2007 From: peter at farrows.org (Peter Farrow) Date: Tue Dec 11 08:24:26 2007 Subject: problems with mail queuing up In-Reply-To: <20071211070319.57E3F82BF4@sinclaire.sibble.net> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net> Message-ID: <475E4927.7060105@farrows.org> Harondel J. Sibble wrote: > Okay, after a successful ip addressing change by the isp on friday then > getting hit with the perl-MailTools upgrade which broke mailscanner on Friday > and wasn't discovered until this morning, now that I've reverted mailtools as > per > > "Erick Perez" > Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO > > In my case I am running 4.62.9-3, reverted mailtools and all seemed well. > During the weekend and today, the queue got up to around 450 messages. After > successfully starting MS, I noticed all of nothing updating in Mailwatch. > Looking in the maillogs I see several errors, of which copious googling > doesn't give me any fixes. Errors are > > for email still sitting in the queue > (delivery temporarily suspended: unknown mail transport error) > > in the maillog's I see > > Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: private/smtp socket: > malformed response > Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: transport smtp failure -- > see a previous warning/fatal/panic logfile record for the problem > description > Dec 10 22:44:06 cyclops postfix/qmgr[7466]: CF388B340F8: to=, > orig_to=, relay=none, delay=616, status=deferred (delivery temporarily > suspended: unknown mail transport error) > Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: premature end-of-input > on private/smtp socket while reading input attribute name > Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: private/smtp socket: > malformed response > Dec 10 22:44:06 cyclops postfix/qmgr[7466]: warning: transport smtp failure -- > see a previous warning/fatal/panic logfile record for the problem > description > > and > > Dec 10 22:53:16 cyclops postfix/smtp[9544]: warning: connect #2 to subsystem > private/scache: Connection refused > Dec 10 22:53:16 cyclops postfix/smtp[9542]: warning: connect #2 to subsystem > private/scache: Connection refused > Dec 10 22:53:16 cyclops postfix/smtp[9548]: warning: connect #2 to subsystem > private/scache: Connection refused > > > Tried this > > tried postqueue -f > postsuper -r ALL > > end result a few (maybe 10) messages leave the queue > > Googling, I came across comments involving upgrading the version of postfix. > > eg > (see the section - September 20, 2005 > Postfix, Red Hat Enterprise Linux and a Dell PowerEdge 2650) > > http://www.sharp-tools.net/archives/2005_09.html > > This all seems to have happened in conjunction with this perl issue, so not > sure what to make of it at this point. > > Comments > > I was thinking of just going to the MailScanner-4.66.4-3 beta, but the pgp > sig is not there for this, when it downloads the sig, I get the following as > the text of the sig file > > > > 404 Not Found > >

Not Found

> The requested URL /files/4/rpm/MailScanner-4.66.4-3.rpm.tar.gz.sig was not > found on this server.

>

Additionally, a 404 Not Found > error was encountered while trying to use an ErrorDocument to handle the > request. >

>
Apache/1.3.37 Server at www.mailscanner.info Port 80
> > > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating solutions for the small business and home computer user. > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > > Hi There, Although I don't use postfix but it looks like your postfix daemon is running already when MS starts. Try service Postfix stop before service ms start.... P -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From peter at farrows.org Tue Dec 11 08:29:11 2007 From: peter at farrows.org (Peter Farrow) Date: Tue Dec 11 08:29:29 2007 Subject: PERL Stuff In-Reply-To: References: Message-ID: <475E4A57.7070601@farrows.org> Edward Dekkers wrote: > All this stuff about PERL and MailScanner is making me a coward, > especially as I'm still very new to MailScanner. > > My question is: > > Ubuntu Server 7.10 is listing a whole heap of PERL updates from > 5.8.8-7ubuntu3 to 5.8.8-7ubuntu3.1 as availabe updates. > > Can someone please confirm this is NOT the update you guys have been > talking about and it's safe to install? > > Regards, > Ed. > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by the *Enhancion* > system scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. It depends on the specific packages that this update brings with it... perl-MailTools is the prime culprit. P. -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From mailscanner at PDSCC.COM Tue Dec 11 08:35:56 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Dec 11 08:35:51 2007 Subject: problems with mail queuing up In-Reply-To: <475E4927.7060105@farrows.org> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <475E4927.7060105@farrows.org> Message-ID: <20071211083548.2B23D82BF0@sinclaire.sibble.net> On 11 Dec 2007 at 8:24, Peter Farrow wrote: > Hi There, > > Although I don't use postfix but it looks like your postfix daemon is > running already when MS starts. Try service Postfix stop before service > ms start.... Tried that already, no change :-( -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From mailscanner at PDSCC.COM Tue Dec 11 08:40:26 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Dec 11 08:40:20 2007 Subject: problems with mail queuing up In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00BF582@server02.bhl.local> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <4CAB0118AEC63A4FAAE77E6BCBDF760CA00BF582@server02.bhl.local> Message-ID: <20071211084017.628C982BF0@sinclaire.sibble.net> On 11 Dec 2007 at 8:16, Jason Ede wrote: > Ummm... You aren't by any chance running postfix in a chroot jail are you? Nope > I've tended to see those logs when the files in the chroot jail that postfix > needs haven't been updated (or if there is something else running on port > 25) It is responding on 25 as telnetting to the box works. > If you are then try a service postfix restart and post the postfix logs at > that time up here... Dec 11 00:36:19 cyclops postfix/postfix-script: stopping the Postfix mail system Dec 11 00:36:19 cyclops postfix/master[17913]: terminating on signal 15 Dec 11 00:36:20 cyclops postfix/postfix-script: starting the Postfix mail system Dec 11 00:36:20 cyclops postfix/master[18324]: daemon started -- version 2.2.10, configuration /etc/postfix -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ajcartmell at fonant.com Tue Dec 11 09:06:50 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue Dec 11 09:07:01 2007 Subject: Installation Problem on Fedora Core 8 In-Reply-To: <20071211005852.GA7117@rpcs.net> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> Message-ID: > Whatever the case, Ugo's advice was the best. Fedora has a purpose, but > not as a mail server of any importance IMHO. In my experience, as a smallish volume provider, Fedora works fine as a mail server, although as with any OS it's worth waiting for major versions to settle down. ISTR that there were a lot of posts here recently about problems with MailScanner on CentOS, a "more stable" OS than Fedora, and about the wonderful long-term stability of Solaris, meaning that people can run very old versions of software. Each OS has its own problems. Anthony -- www.fonant.com - Quality web sites From glenn.steen at gmail.com Tue Dec 11 09:30:25 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Dec 11 09:30:30 2007 Subject: MailScanner, Postfix, Cyrus-imap, SpamAssassin and MySQL In-Reply-To: <475DCC5D.1050604@ehoeve.com> References: <475DCC5D.1050604@ehoeve.com> Message-ID: <223f97700712110130n29f941dck42a304bbb7669e3f@mail.gmail.com> On 11/12/2007, Eric Hoeve wrote: > postfix 2.4.5 > MailScanner 4.6.5-1 > Cyrus-Imap 2.3.7 > SpamAssassin 3.2.3 > > I have been running MailScanner and with clamav, spamassassin, postfix, > cyrus-imap and etc for > 3 years now on several different servers. It has been a great piece of > software, but now > I want to implement an sql (mysql/psql) backend for spamassassin and let > each user > add his/her own whitelists and blacklists. I have looked through the > MailScanner list and > have not found a "good" solution for this. > > Any help would be greatly appreciated. > > Thanks in advance. > > -Eric > The best would likely be MailWatch, implementing both the black-/whitelists as well as individual scores. Look at http://mailwatch.sf.net (and in the MailScanner wiki). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From peter at farrows.org Tue Dec 11 10:02:00 2007 From: peter at farrows.org (Peter Farrow) Date: Tue Dec 11 10:02:18 2007 Subject: Installation Problem on Fedora Core 8 In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> Message-ID: <475E6018.6020106@farrows.org> Anthony Cartmell wrote: >> Whatever the case, Ugo's advice was the best. Fedora has a purpose, but >> not as a mail server of any importance IMHO. > > In my experience, as a smallish volume provider, Fedora works fine as > a mail server, although as with any OS it's worth waiting for major > versions to settle down. > > ISTR that there were a lot of posts here recently about problems with > MailScanner on CentOS, a "more stable" OS than Fedora, and about the > wonderful long-term stability of Solaris, meaning that people can run > very old versions of software. Each OS has its own problems. > > Anthony > --www.fonant.com - Quality web sites > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Centos is basically Red Hat Enterprise, the stable, standardised fully tested production qaulity commercial grade and supported OS from Red Hat. Fedora is the bleeding edge, experimental, non production version. Fedora is the testing ground to make the Red Hat Enterprise that follows it stable and reliable. So just to recap Fedora is Experimental and not intended for production use, as defined by the people that made it, and that gentleman is as you you might say "straight from the horses mouth". The people that created it say its less stable and experimental *by design*, that is its purpose in life. To use it in a production environment doing critical jobs is rather less than wise. The recent issues with the Perl-MailTools as posted affected all versions of Linux that used the affected repos. And in my case it was a 30second fix. I would be willing to bet money that Fedora Core 8 problems do not fall in the 30sec fix category and are more difficult to fix. If you want to fix your problems with MailScanner on Fedora Core 8, install it on something else other than Fedora Core 8, like centos 4.5 for example. Regards Pete Regards Pete -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From maillists at conactive.com Tue Dec 11 10:32:15 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Dec 11 10:32:19 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: <475E342E.3050900@rogers.com> References: <475C573B.2090503@ecs.soton.ac.uk> <475E342E.3050900@rogers.com> Message-ID: Gerry Doris wrote on Tue, 11 Dec 2007 01:54:38 -0500: > How can I get remove the 2.52 version of Test::Harness and move the a > higher version? If you are talking about a package that came with MS: rpm -e perl-Test-Harness btw, you can force installations in CPAN, too. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From gdoris at rogers.com Tue Dec 11 10:57:31 2007 From: gdoris at rogers.com (Gerry Doris) Date: Tue Dec 11 10:58:17 2007 Subject: Beta release 4.66.3 and MIME-tools In-Reply-To: References: <475C573B.2090503@ecs.soton.ac.uk> <475E342E.3050900@rogers.com> Message-ID: <475E6D1B.1010907@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071211/8a892e6f/attachment.html From gerard at seibercom.net Tue Dec 11 10:59:36 2007 From: gerard at seibercom.net (Gerard) Date: Tue Dec 11 10:59:21 2007 Subject: PERL Stuff In-Reply-To: References: Message-ID: <20071211055916.7280.A38C9147@seibercom.net> > On December 10, 2007 at 11:24PM Edward Dekkers wrote: > My question is: > > Ubuntu Server 7.10 is listing a whole heap of PERL updates from 5.8.8-7ubuntu3 to 5.8.8-7ubuntu3.1 as availabe updates. > > Can someone please confirm this is NOT the update you guys have been talking about and it's safe to install? Unless you have some over whelming reason not to update Perl, I would recommend that you install any updates available. Developers usually write for the latest version of libraries, modules, etc. available. While they attempt to make their software backward compatible, there is no guarantee that it will be. I usually keep my system (FreeBSD) as up-to-date as possible and have rarely suffered any ill effects, while users with far more conservative approaches have not always fared as well. -- Gerard From ajcartmell at fonant.com Tue Dec 11 11:44:30 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue Dec 11 11:44:43 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <475E6018.6020106@farrows.org> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> Message-ID: > Centos is basically Red Hat Enterprise, the stable, standardised fully > tested production qaulity commercial grade and supported OS from Red Hat. I don't think RedHat support CentOS... ;) > Fedora is the bleeding edge, experimental, non production version. Where does it say "experimental" or "bleeding edge"? My copy of Fedora has only stable versions of software installed (Apache, PHP, MySQL, sendmail, etc). > So just to recap Fedora is Experimental and not intended for production > use, as defined by the people that made it, and that gentleman is as you > you might say "straight from the horses mouth". The people that created > it say its less stable and experimental *by design*, that is its purpose > in life. Do you have a reference for that? I can only find articles where Fedora people recommend Fedora for production use, e.g. from Fedora Project Leader, Max Spevack (http://interviews.slashdot.org/article.pl?sid=06/08/17/177220) in August last year: "Anyone (Red Hat or non-Red Hat) who tells you that Fedora isn't suitable for a production server is wrong. If someone tells you that Fedora is "just a beta for RHEL", they too are wrong. Either the person is insufficiently informed about what Fedora is (and it's our job within Fedora to do that), or the person is purposefully misrepresenting Fedora and neglecting to tell the whole story, in which case it's our job within Fedora to call them out. http://fedoraproject.org/wiki/Objectives" > To use it in a production environment doing critical jobs is rather less > than wise. Not sure I agree with that. I've had no problems with it, even having upgraded releases with yum. It does have a shorter release cycle, but not as short as MailScanner does ;) Anyway, I've been very happy using Fedora on my servers for years, and will continue to do so. Others may decide to avoid it for things like CentOS, but I prefer to keep more up-to-date with the more recent stable releases of things! Cheers! Anthony -- www.fonant.com - Quality web sites From glenn.steen at gmail.com Tue Dec 11 11:59:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Dec 11 11:59:13 2007 Subject: problems with mail queuing up In-Reply-To: <20071211084017.628C982BF0@sinclaire.sibble.net> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net> <4CAB0118AEC63A4FAAE77E6BCBDF760CA00BF582@server02.bhl.local> <20071211084017.628C982BF0@sinclaire.sibble.net> Message-ID: <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> On 11/12/2007, Harondel J. Sibble wrote: > > > On 11 Dec 2007 at 8:16, Jason Ede wrote: > > > Ummm... You aren't by any chance running postfix in a chroot jail are you? > > Nope > Really? No "y" in the fourth column of master.cf? Perhaps fo just one or two lines? So that you have a "mixed" setup, where some try run in the jail, some don't ...? (Depending on which, one might see a problem here:-) > > I've tended to see those logs when the files in the chroot jail that postfix > > needs haven't been updated (or if there is something else running on port > > 25) > > It is responding on 25 as telnetting to the box works. Right, so smtpd works, kind of. But the interraction between qmgr and smtp (and scache etc) don't... Might be a fifo file (permission/-like) problem. > > If you are then try a service postfix restart and post the postfix logs at > > that time up here... > > > Dec 11 00:36:19 cyclops postfix/postfix-script: stopping the Postfix mail > system > Dec 11 00:36:19 cyclops postfix/master[17913]: terminating on signal 15 > Dec 11 00:36:20 cyclops postfix/postfix-script: starting the Postfix mail > system > Dec 11 00:36:20 cyclops postfix/master[18324]: daemon started -- version > 2.2.10, configuration /etc/postfix > Do you employ split log files? If so, is there anything in the error/warning files at that time? When you stop postfix, does all the PF processes die? If not, what state are they in? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmatt at nerc.ac.uk Tue Dec 11 13:13:53 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Dec 11 13:14:11 2007 Subject: MailScanner version 4.65.3 and perl-MailTools-2.02-1.el4.rf HOWTO In-Reply-To: <475BDFBE.3080605@farrows.org> References: <238995.14380.qm@web33310.mail.mud.yahoo.com> <475BDFBE.3080605@farrows.org> Message-ID: <475E8D11.4090809@nerc.ac.uk> Peter Farrow wrote: > Michael Mansour wrote: >> Hi Greg, Hi Michael... >> The fact that so many people use the 3rd party repo's >> and can help resolve issues IMO outways any benefit to >> building and maintaining things yourself, even if it's >> twice a year. >> >> Community efforts to help others (as shown in the >> Fedora world) really works, individual efforts may >> benefit you in a very small way, but you can't know >> everything. Dont get me wrong, I'm 100% supportive of community supported software, and am active in the free software community myself. I certainly dont claim to know everything...! I wasnt suggesting that I build everything from source. I was simply saying that Jules provides the software along with its dependencies and I use that rather than a repo that might provide everything with a "yum update". Peter... > "worry about unapproved upgrades from 3rd party breaking things > in unexpected ways." I tell it like I see it - the evidence is on this mailing list. > I think this quote is a little harsh, in almost all cases the third > party repos have packages ahead of the official repos and save time and > effort in more cases than they break things. > In my experience the 3rd party repos have what your going to end up with > anyway from the official repos, just bit ahead of time. > In any case its just two simple rpm commands to fix the problem that > takes under 60seconds to overcome. IMO not a reason by itself to not > use third party repos. no, the point is that my mail relays are far too mission critical to risk using 3rd party repos. The point of sticking with my distros offical repos is that I /know/ that those packages have been tested to a certain extent against exactly that distro and the offical packages. Once you start using a 3rd party, you cannot be sure if this package has been tested against that version of openssl or whatever. I admit that the distros get it wrong occasionally (how many times will redhat break the automounter...?) but this is usually down to not being able to test every configuration, not version incompatibility. Also, you are wrong when you say that the 3rd party repos have what you'll end up with eventually anyway. The long life distros (Suse, RHEL, Debian etc.) take great pains to /backport/ security fixes so that ABIs and APIs stay the same. Now you may have other reasons for disliking this approach but in a corporate setting it is very important. > > Furthermore there is plenty of excellent support and help on this forum > to help identify problems such as these quickly and easily. agreed, but for my own peace of mind I will stick with official repos and the packages provided as dependencies by JF. I know MS is tested with those versions so why risk it? Believe me, I know what its like to have 2500 users breathing down my neck - email is a very emotive service! > > MailScanner has such a long list of requirements it make sense to test > out updates before going live with them. I use a separate machine to > iron out the bumps. I avoid updating MailScanner machines unecessarily > "for the sake of updating". we are in agreement here. I too use a dev/test box to dry run the updates and I'm also conservative about updating for no good enough reason. The same attitude that keeps me clear of rpmforge and the like. Those repos are ideal for non-critical machines and for desktop users that are restricted by the distros limited package range (think redhat). But for corporate services, no way. GREG > Regards > > Pete > > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From peter at farrows.org Tue Dec 11 15:10:37 2007 From: peter at farrows.org (Peter Farrow) Date: Tue Dec 11 15:10:52 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> Message-ID: <475EA86D.9060101@farrows.org> You miss read the grammar in my reply. We all know that Centos is not supported by Red Hat, however it is binary compatible, if you're not sure what binary compatible just go for google. Heres an article worth reading that looks at both sides of the argument: http://www.eweek.com/article2/0,1759,1766350,00.asp You also might want to read real world comment here: http://ubuntuforums.org/archive/index.php/t-255265.html I think that by insisting its not a testing ground OS you are not in agreement with everyone I deal with... Its a testing ground for RHEL, all the proven stable parts of Fedora get incorporated in RH, all the duff bits are left for Fedora to turn the handle again. So if you want a distro, that is right out at the front of development with potential pitfalls and duff bits then use Fedora. If you want low maintenance servers running 24x7x365 with little interference from Admins, just running doing a high availability job then use a production OS such as RHEL or Centos. If you use Fedora for production, then I'm glad I'm not relying on your production servers. To say that it is suitable for production comes down to experience, it really isn't suitable for production and certainly not Core 8, I could only imagine that it might be useful on small scale servers doing traditional tasks where there is a high ratio of admins to users and perhaps machines physically close at hand so you can reboot them when required . Regard Pete Anthony Cartmell wrote: >> Centos is basically Red Hat Enterprise, the stable, standardised >> fully tested production qaulity commercial grade and supported OS >> from Red Hat. > > I don't think RedHat support CentOS... ;) > >> Fedora is the bleeding edge, experimental, non production version. > > Where does it say "experimental" or "bleeding edge"? My copy of Fedora > has only stable versions of software installed (Apache, PHP, MySQL, > sendmail, etc). > >> So just to recap Fedora is Experimental and not intended for >> production use, as defined by the people that made it, and that >> gentleman is as you you might say "straight from the horses mouth". >> The people that created it say its less stable and experimental *by >> design*, that is its purpose in life. > > Do you have a reference for that? > > I can only find articles where Fedora people recommend Fedora for > production use, e.g. from Fedora Project Leader, Max Spevack > (http://interviews.slashdot.org/article.pl?sid=06/08/17/177220) in > August last year: > > "Anyone (Red Hat or non-Red Hat) who tells you that Fedora isn't > suitable for a production server is wrong. If someone tells you that > Fedora is "just a beta for RHEL", they too are wrong. > > Either the person is insufficiently informed about what Fedora is (and > it's our job within Fedora to do that), or the person is purposefully > misrepresenting Fedora and neglecting to tell the whole story, in > which case it's our job within Fedora to call them out. > > http://fedoraproject.org/wiki/Objectives" > >> To use it in a production environment doing critical jobs is rather >> less than wise. > > Not sure I agree with that. I've had no problems with it, even having > upgraded releases with yum. It does have a shorter release cycle, but > not as short as MailScanner does ;) > > Anyway, I've been very happy using Fedora on my servers for years, and > will continue to do so. Others may decide to avoid it for things like > CentOS, but I prefer to keep more up-to-date with the more recent > stable releases of things! > > Cheers! > > Anthony > --www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --This message has been scanned for viruses and > dangerous content by the Enhancion system Scanner > and is believed to be clean. > http://www.enhancion.net > -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From peter at farrows.org Tue Dec 11 15:13:41 2007 From: peter at farrows.org (Peter Farrow) Date: Tue Dec 11 15:13:58 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> Message-ID: <475EA925.5010200@farrows.org> BTW: >>Anyway, I've been very happy using Fedora on my servers for years, and will continue to do so. Others may decide to avoid it for things like CentOS, but I >>prefer to keep more up-to-date with the more recent stable releases of things! Stability is demonstrated over time, it doesn't come guaranteed by simply using the latest versions..... have you checked Vista out recently ;-) P. Anthony Cartmell wrote: >> Centos is basically Red Hat Enterprise, the stable, standardised >> fully tested production qaulity commercial grade and supported OS >> from Red Hat. > > I don't think RedHat support CentOS... ;) > >> Fedora is the bleeding edge, experimental, non production version. > > Where does it say "experimental" or "bleeding edge"? My copy of Fedora > has only stable versions of software installed (Apache, PHP, MySQL, > sendmail, etc). > >> So just to recap Fedora is Experimental and not intended for >> production use, as defined by the people that made it, and that >> gentleman is as you you might say "straight from the horses mouth". >> The people that created it say its less stable and experimental *by >> design*, that is its purpose in life. > > Do you have a reference for that? > > I can only find articles where Fedora people recommend Fedora for > production use, e.g. from Fedora Project Leader, Max Spevack > (http://interviews.slashdot.org/article.pl?sid=06/08/17/177220) in > August last year: > > "Anyone (Red Hat or non-Red Hat) who tells you that Fedora isn't > suitable for a production server is wrong. If someone tells you that > Fedora is "just a beta for RHEL", they too are wrong. > > Either the person is insufficiently informed about what Fedora is (and > it's our job within Fedora to do that), or the person is purposefully > misrepresenting Fedora and neglecting to tell the whole story, in > which case it's our job within Fedora to call them out. > > http://fedoraproject.org/wiki/Objectives" > >> To use it in a production environment doing critical jobs is rather >> less than wise. > > Not sure I agree with that. I've had no problems with it, even having > upgraded releases with yum. It does have a shorter release cycle, but > not as short as MailScanner does ;) > > Anyway, I've been very happy using Fedora on my servers for years, and > will continue to do so. Others may decide to avoid it for things like > CentOS, but I prefer to keep more up-to-date with the more recent > stable releases of things! > > Cheers! > > Anthony > --www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --This message has been scanned for viruses and > dangerous content by the Enhancion system Scanner > and is believed to be clean. > http://www.enhancion.net > -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From R.Sterenborg at netsourcing.nl Tue Dec 11 16:24:34 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Tue Dec 11 16:25:53 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E289@WISENT.dcyb.net> Lol. So now we have an "OS war" between RHEL en Fedora? :-) >> Centos is basically Red Hat Enterprise, the stable, standardised >> fully tested production qaulity commercial grade and supported OS >> from Red Hat. > > I don't think RedHat support CentOS... ;) No they don't. But AFAIK RHEL is meant to be stable, CentOS is rebuilt from the RHEL sources and was meant to be binary compatible with RHEL. > I can only find articles where Fedora people recommend Fedora for > production use, I'm sorry, but I'm a bit sceptic about that sort of articles. IMO: of course they recommend Fedora. > e.g. from Fedora Project Leader, Max Spevack > (http://interviews.slashdot.org/article.pl?sid=06/08/17/177220) > in August last year: When being supportive for his own creation, he can't say it's unstable, now can he? (Okay, unstable is "a bit" strong because Fedora is not really totally unstable. I guess you get my point.) > "Anyone (Red Hat or non-Red Hat) who tells you that Fedora > isn't suitable for a production server is wrong. If someone tells > you that Fedora is "just a beta for RHEL", they too are wrong. > > Either the person is insufficiently informed about what Fedora is > (and it's our job within Fedora to do that), or the person is > purposefully misrepresenting Fedora and neglecting to tell the > whole story, in which case it's our job within Fedora to call them > out. No matter what they say, Fedora is still the playground for RHEL. What I have always understood is that software or features that appear in Fedora *may* appear in RHEL because it proved to behave well (and would be useful? oh well..), not vice versa. So, no-one can tell me that Fedora is as stable as RHEL. > Anyway, I've been very happy using Fedora on my servers for years, > and will continue to do so. Others may decide to avoid it for > things like CentOS, I'm not going to tell you not to use Fedora. If you feel comfortable with it, use it. However, I've had problems with Fedora (I'll admit: I tried to build a multimedia system several time but I keep having all kinds of problems in that area). So, when I need a stable and reasonably well supported Linux but for some reason cannot offer a distro that has paid support (RHEL) then I'll offer CentOS, not Fedora. > but I prefer to keep more up-to-date with the more recent > stable releases of things! I agree with Peter: more recent is not always more stable. Of course, sometimes you need "more recent" because of features, critical bugfixes, etc, not (yet) available via RPM. If I want or need specific/latest features/bugfixes/whatever not in any suitable RPM, I'll build from source and keep the configure line (and any other info if needed) for reference. That way I can easily compile a new version of the software in the future and that makes, normally, upgrading still easy. (I'm not making RPM's myself as I don't have the need for it: it would just be an extra step that I can omit.) Grts, Rob From mailscanner at PDSCC.COM Tue Dec 11 16:46:08 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Dec 11 16:46:04 2007 Subject: problems with mail queuing up In-Reply-To: <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <20071211084017.628C982BF0@sinclaire.sibble.net>, <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> Message-ID: <20071211164559.9C67A82BF0@sinclaire.sibble.net> On 11 Dec 2007 at 12:59, Glenn Steen wrote: > Really? No "y" in the fourth column of master.cf? Perhaps fo just one > or two lines? So that you have a "mixed" setup, where some try run in > the jail, some don't ...? (Depending on which, one might see a problem > here:-) Not a single one. Note: these are the only system updates as per the yum log Dec 07 05:54:20 Updated: perl-Test-Simple.noarch 0.74-1.el4.rf Dec 07 05:54:20 Updated: perl-MailTools.noarch 2.02-1.el4.rf Dec 07 05:54:20 Updated: perl-Time-HiRes.i386 1.9711-1.el4.rf Dec 10 20:15:58 Updated: perl-MIME-Base64.i386 3.07-1.el4.rf Dec 10 20:15:58 Updated: perl-Test-Simple.noarch 0.72-1.el4.rf Dec 10 21:45:49 Updated: perl-Test-Simple.noarch 0.74-1.el4.rf Dec 10 21:45:49 Updated: perl-bignum.noarch 0.22-1.el4.rf Dec 11 04:58:46 Updated: perl-Getopt-Long.noarch 2.37-1.el4.rf Dec 11 04:58:46 Updated: perl-MIME-Base64.i386 3.07-1.el4.rf Prior to this, there were no updates since the mid November. Mail stopped working sometime late in the evening of the 7th. > Right, so smtpd works, kind of. But the interraction between qmgr and > smtp (and scache etc) don't... Might be a fifo file (permission/-like) > problem. How do I determine that and repair it? > Do you employ split log files? If so, is there anything in the > error/warning files at that time? Not for mail, this is a centos 4 box, just has /var/log/maillog > When you stop postfix, does all the PF processes die? If not, what > state are they in? Yup, they are all gone from a ps auxw -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ian-list at securitypimp.com Tue Dec 11 16:51:51 2007 From: ian-list at securitypimp.com (Ian Lists) Date: Tue Dec 11 16:51:59 2007 Subject: read timeout In-Reply-To: <11839542.431197390497214.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <26866650.451197391911616.JavaMail.root@postal.insourcedsecurity.com> This is sort of off the topic but I think this list would be the best place to ask. On an egress mail relay I am seeing a bunch of my users mail timing out going to legit external accounts. From the particular mail server I am able to see a full tcp session established on port 25 to the 3rd party mail servers, but they never give me the 220 message back. If I try from personal server hosted on on a different network to the same 3rd party servers I get the 220 message right away. I have checked every spam list I could find and only found my server's IP on apews.org bulked in with a huge Sprint /14 network. I've seen previous posting on this list about apews.org and saw some people say that creating SPF records solved most of their issues, but it hasn't for me. Is a server not responding back with the 220 message typical of being on a black list? I would think if I were black listed the server would send tcp resets back or not respond back at all by just dropping the packets. Any suggestions on how I can troubleshoot this a little further would be much appreciated. Thanks, Ian From sbanderson at impromed.com Tue Dec 11 17:26:49 2007 From: sbanderson at impromed.com (Scott B. Anderson) Date: Tue Dec 11 17:27:12 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <475EA925.5010200@farrows.org> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA925.5010200@farrows.org> Message-ID: I'm not sure whether the topic is FC8 stability or MailScanner installation on it, but after obtaining 4.66-2, letting install.sh fail miserably, then going back to the build dir and simply 'make installing' in each of the failed installations, then running ./install.sh again, I was able to get MailScanner to run and --lint out properly, with clamav and mcafee scanners catching eicar, delivering scanned email on FC8 x86_64. As for stability, whether you use apt-get, yum, cpan official, or cpan unofficial software, it will never work 100% of the time for every distribution of linux, or even releases of commercial uni*. Considering the complexity of the situation, my hat is off to everyone who figures out all the tweaks/hacks for installation for every build environment each a distro is updated or MailScanner is upgraded. Thank you very much. Scott -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow Sent: Tuesday, December 11, 2007 9:14 AM To: MailScanner discussion Subject: Re: OT Fedora in production (as nstallation Problem on Fedora Core 8) BTW: >>Anyway, I've been very happy using Fedora on my servers for years, and will continue to do so. Others may decide to avoid it for things like CentOS, but I >>prefer to keep more up-to-date with the more recent stable releases of things! Stability is demonstrated over time, it doesn't come guaranteed by simply using the latest versions..... have you checked Vista out recently ;-) P. Anthony Cartmell wrote: >> Centos is basically Red Hat Enterprise, the stable, standardised >> fully tested production qaulity commercial grade and supported OS >> from Red Hat. > > I don't think RedHat support CentOS... ;) > >> Fedora is the bleeding edge, experimental, non production version. > > Where does it say "experimental" or "bleeding edge"? My copy of Fedora > has only stable versions of software installed (Apache, PHP, MySQL, > sendmail, etc). > >> So just to recap Fedora is Experimental and not intended for >> production use, as defined by the people that made it, and that >> gentleman is as you you might say "straight from the horses mouth". >> The people that created it say its less stable and experimental *by >> design*, that is its purpose in life. > > Do you have a reference for that? > > I can only find articles where Fedora people recommend Fedora for > production use, e.g. from Fedora Project Leader, Max Spevack > (http://interviews.slashdot.org/article.pl?sid=06/08/17/177220) in > August last year: > > "Anyone (Red Hat or non-Red Hat) who tells you that Fedora isn't > suitable for a production server is wrong. If someone tells you that > Fedora is "just a beta for RHEL", they too are wrong. > > Either the person is insufficiently informed about what Fedora is (and > it's our job within Fedora to do that), or the person is purposefully > misrepresenting Fedora and neglecting to tell the whole story, in > which case it's our job within Fedora to call them out. > > http://fedoraproject.org/wiki/Objectives" > >> To use it in a production environment doing critical jobs is rather >> less than wise. > > Not sure I agree with that. I've had no problems with it, even having > upgraded releases with yum. It does have a shorter release cycle, but > not as short as MailScanner does ;) > > Anyway, I've been very happy using Fedora on my servers for years, and > will continue to do so. Others may decide to avoid it for things like > CentOS, but I prefer to keep more up-to-date with the more recent > stable releases of things! > > Cheers! > > Anthony > --www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --This message has been scanned for viruses and > dangerous content by the Enhancion system Scanner > and is believed to be clean. > http://www.enhancion.net > -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at PDSCC.COM Tue Dec 11 17:53:28 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Dec 11 17:53:23 2007 Subject: problems with mail queuing up In-Reply-To: <20071211164559.9C67A82BF0@sinclaire.sibble.net> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com>, <20071211164559.9C67A82BF0@sinclaire.sibble.net> Message-ID: <20071211175319.B653682BF0@sinclaire.sibble.net> On 11 Dec 2007 at 8:46, Harondel J. Sibble wrote: > > Right, so smtpd works, kind of. But the interraction between qmgr and > > smtp (and scache etc) don't... Might be a fifo file (permission/-like) > > problem. > > How do I determine that and repair it? Well, it looks like new mail is working fine, it's just the 270 messages stuck in the queue, that aren't going anywhere, I've tried postqueue -r and postsuper -r ALL, then I start getting the same errors in the logs as noted before. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From steve.freegard at fsl.com Tue Dec 11 18:14:09 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Dec 11 18:11:54 2007 Subject: read timeout In-Reply-To: <26866650.451197391911616.JavaMail.root@postal.insourcedsecurity.com> References: <11839542.431197390497214.JavaMail.root@postal.insourcedsecurity.com> <26866650.451197391911616.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <475ED371.7020307@fsl.com> Wow - I don't know what mail client you use, but that sure is one long line... Ian Lists wrote: > This is sort of off the topic but I think this list would be the best place to ask. On an egress mail relay I am seeing a bunch of my users mail timing out going to legit external accounts. From the particular mail server I am able to see a full tcp session established on port 25 to the 3rd party mail servers, but they never give me the 220 message back. If I try from personal server hosted on on a different network to the same 3rd party servers I get the 220 message right away. I have checked every spam list I could find and only found my server's IP on apews.org bulked in with a huge Sprint /14 network. I've seen previous posting on this list about apews.org and saw some people say that creating SPF records solved most of their issues, but it hasn't for me. Is a server not responding back with the 220 message typical of being on a black list? I would think if I were black listed the server would send tcp resets back or not respond back at all by just dropping the p ackets. Any suggestions on how I can troubleshoot this a little further would be much appreciated. No-one who cares about receiving e-mail that they actually want uses APEWS, so don't worry about them. Not getting a 220 wouldn't be indicative of blacklisting (in this cause you'd get a 550 SMTP response), tarpitting might have the same effect that you are seeing, but the more likely explanation is that you're running into MTU size issues, see http://www.znep.com/~marcs/mtu/ and check that you aren't blocking all ICMP traffic. Kind regards, Steve. From Carl.Andrews at crackerbarrel.com Tue Dec 11 18:30:05 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Tue Dec 11 18:30:11 2007 Subject: problems with mail queuing up In-Reply-To: <20071211175319.B653682BF0@sinclaire.sibble.net> Message-ID: Probably a silly suggestion, I know little about postfix, but you mentioned an IP address change. Any chance these files are keyed to the old tcpip address? If so a one line perl command to search for the old address and replace with the new one .... ? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Harondel J. Sibble Sent: Tuesday, December 11, 2007 11:53 AM To: MailScanner discussion Subject: Re: problems with mail queuing up On 11 Dec 2007 at 8:46, Harondel J. Sibble wrote: > > Right, so smtpd works, kind of. But the interraction between qmgr > > and smtp (and scache etc) don't... Might be a fifo file > > (permission/-like) problem. > > How do I determine that and repair it? Well, it looks like new mail is working fine, it's just the 270 messages stuck in the queue, that aren't going anywhere, I've tried postqueue -r and postsuper -r ALL, then I start getting the same errors in the logs as noted before. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at PDSCC.COM Tue Dec 11 22:28:52 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Dec 11 22:29:03 2007 Subject: problems with mail queuing up In-Reply-To: <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <20071211084017.628C982BF0@sinclaire.sibble.net>, <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> Message-ID: <20071211222857.4C3A582BF0@sinclaire.sibble.net> On 11 Dec 2007 at 12:59, Glenn Steen wrote: > Right, so smtpd works, kind of. But the interraction between qmgr and > smtp (and scache etc) don't... Might be a fifo file (permission/-like) > problem. >From a quick look at some of the files in the deferred directory, it looks like in the 2 cases I saw with messages queued to go out that the file is corrupted, could that cause the behaviour I am seeing and if so is there and easy/efficient way to determine what's corrupted vs. what's not? There are 270 messages in the queue and I don't wan't to go through them 1 by 1... -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From jnsmith at chaucergroup.com Wed Dec 12 01:30:27 2007 From: jnsmith at chaucergroup.com (James N. Smith) Date: Wed Dec 12 01:30:42 2007 Subject: mailscanner 4.66.4-3 reccomendation References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <20071211084017.628C982BF0@sinclaire.sibble.net>, <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> <20071211222857.4C3A582BF0@sinclaire.sibble.net> Message-ID: <005d01c83c5e$939d4890$6714a8c0@Gemini> Need some advice from the list. I am doing a new install based on CentOS 5.1. I have run into the MailTools v.2 problem trying to run MailScanner 4.65.3-1. Is it recommended to use the MailScanner 4.66.4-3 Beta with MailTools 2.02 or try to revert to an older version of MailTools and use the stable MailScanner? More specifically, is 4.66.4-3 a reliable beta (more akin to a Release Candidate) or is it more "buyer beware"? Thanks in advance! James From gmane at tippingmar.com Wed Dec 12 01:58:35 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Dec 12 01:58:56 2007 Subject: rpmforge MailTools and MIME-tools Message-ID: It looks like rpmforge has reverted to perl-MailTools 1.77 and perl-MIME-tools 5.420 so the recent problems with both of these should be over? Mark From mailscanner at PDSCC.COM Wed Dec 12 03:58:44 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Wed Dec 12 03:58:39 2007 Subject: problems with mail queuing up In-Reply-To: <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <20071211084017.628C982BF0@sinclaire.sibble.net>, <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> Message-ID: <20071212035834.DADB982BF0@sinclaire.sibble.net> On 11 Dec 2007 at 12:59, Glenn Steen wrote: > Right, so smtpd works, kind of. But the interraction between qmgr and > smtp (and scache etc) don't... Might be a fifo file (permission/-like) > problem. Well after a visit to the #POSTFIX group on irc.freenode.net, it was determined that I needed to add scache unix - - n - 1 scache to the bottom of /etc/postfix/master.cf, after that and a postqueue -f, all was good with the world, not sure why things changed -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From philipp.bundschuh at comit-gmbh.de Wed Dec 12 05:15:29 2007 From: philipp.bundschuh at comit-gmbh.de (Bundschuh, Philipp) Date: Wed Dec 12 05:15:35 2007 Subject: requeueing / resending archived emails Message-ID: hello everybody, we use the email-archiving feature and a copy of all incoming mails is stored in /var/spool/MailScanner/archive/. Now I have all messages in "Date-Named-Folders", BUT: How can I resend the messages or one message to the origin destination or to an alternative email-adress? I could't finy anything on the web. Please help. Regards, Philipp -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071212/b96bcc08/attachment.html From hvdkooij at vanderkooij.org Wed Dec 12 06:45:05 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Dec 12 06:45:42 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> Message-ID: <475F8371.90003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anthony Cartmell wrote: >> Centos is basically Red Hat Enterprise, the stable, standardised fully >> tested production qaulity commercial grade and supported OS from Red Hat. > > I don't think RedHat support CentOS... ;) > >> Fedora is the bleeding edge, experimental, non production version. > > Where does it say "experimental" or "bleeding edge"? My copy of Fedora > has only stable versions of software installed (Apache, PHP, MySQL, > sendmail, etc). > >> So just to recap Fedora is Experimental and not intended for >> production use, as defined by the people that made it, and that >> gentleman is as you you might say "straight from the horses mouth". >> The people that created it say its less stable and experimental *by >> design*, that is its purpose in life. > > Do you have a reference for that? - From the End-Of-Lif statement from Red Hat Linux 7.3 and 9: - ---- We'd like to take this opportunity to remind you of the options available to you for migrating your Red Hat Linux implementations. >>> >>> For businesses, governments, or those looking for a stable Linux that provides updates and support for up to 5 years: try Red Hat Enterprise Linux. >>> >>> For developers or technology enthusiasts looking to contribute to new Linux and open source technology developments: try the Fedora Project. - ---- And given the lifespan of 12 to 18 months were it goes from released to no longer provided with updates I concur that Fedora should never been used for business. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHX4NvBvzDRVjxmYERAlIjAJ9AXpWhQ3BnqA51iGyhesxUNPkHhACfXTQJ vRGF5UOrXgNulI8TQ9JAbcE= =ODpx -----END PGP SIGNATURE----- From glenn.steen at gmail.com Wed Dec 12 09:41:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Dec 12 09:41:40 2007 Subject: problems with mail queuing up In-Reply-To: <20071212035834.DADB982BF0@sinclaire.sibble.net> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net> <20071211084017.628C982BF0@sinclaire.sibble.net> <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> <20071212035834.DADB982BF0@sinclaire.sibble.net> Message-ID: <223f97700712120141x35ece18em1d7958bef77aa93d@mail.gmail.com> On 12/12/2007, Harondel J. Sibble wrote: > > > On 11 Dec 2007 at 12:59, Glenn Steen wrote: > > > Right, so smtpd works, kind of. But the interraction between qmgr and > > smtp (and scache etc) don't... Might be a fifo file (permission/-like) > > problem. > > Well after a visit to the #POSTFIX group on irc.freenode.net, it was > determined that I needed to add > > scache unix - - n - 1 scache > > to the bottom of /etc/postfix/master.cf, after that and a postqueue -f, all > was good with the world, not sure why things changed Eh, how did it disappear? Oh well, there it is... Without that line, how will it know what to do and where to do it... Glad that you got it resolved! BTW, this would only affect "bursts" of messages then, to the same servers... Since then scache would kick in... So feeding it one message at a time might've "worked", but would then conceal the true error. And if, for some reason, you had another burst... you'd have had even more "buildup". Should've asked you for your master.cf, in hindsight, sorry for that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikael at syska.dk Wed Dec 12 14:40:01 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Dec 12 14:40:29 2007 Subject: requeueing / resending archived emails In-Reply-To: References: Message-ID: <475FF2C1.6060708@syska.dk> Hi, Looking for the same thing ... Sure hope there are someone out there with the answer .... Guess its some like piping the "file" ( mail ) to the mail program on the box ... just not sure how .... // ouT Bundschuh, Philipp wrote: > > hello everybody, > > we use the email-archiving feature and a copy of all incoming mails is > stored in /var/spool/MailScanner/archive/. > > Now I have all messages in ?Date-Named-Folders?, BUT: > > How can I resend the messages or one message to the origin destination > or to an alternative email-adress? > > I could?t finy anything on the web. > > Please help. > > Regards, > > > Philipp > From peter at farrows.org Wed Dec 12 14:52:52 2007 From: peter at farrows.org (Peter Farrow) Date: Wed Dec 12 14:53:18 2007 Subject: requeueing / resending archived emails In-Reply-To: <475FF2C1.6060708@syska.dk> References: <475FF2C1.6060708@syska.dk> Message-ID: <475FF5C4.3020201@farrows.org> Mikael Syska wrote: > Hi, > > Looking for the same thing ... > > Sure hope there are someone out there with the answer .... > > Guess its some like piping the "file" ( mail ) to the mail program on > the box ... just not sure how .... > > // ouT > > Bundschuh, Philipp wrote: >> >> hello everybody, >> >> we use the email-archiving feature and a copy of all incoming mails >> is stored in /var/spool/MailScanner/archive/. >> >> Now I have all messages in ?Date-Named-Folders?, BUT: >> >> How can I resend the messages or one message to the origin >> destination or to an alternative email-adress? >> >> I could?t finy anything on the web. >> >> Please help. >> >> Regards, >> >> >> Philipp >> > >>How can I resend the messages or one message to the origin destination or to an alternative email-adress? If you are running Sendmail and the messages are Queue files you can copy them to the outgoing Queue directory and issue a sendmail -qv Sendmail will de-queue theemails to the original recipients. I recently did this when 5000+ emails backed up on a miss-behaving MailScanner server... P. -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From paul at blacknight.ie Wed Dec 12 15:02:34 2007 From: paul at blacknight.ie (Paul Kelly :: Blacknight Solutions) Date: Wed Dec 12 15:02:44 2007 Subject: Mailing List problem Message-ID: <475FF80A.1000502@blacknight.ie> Hi Guys, /var filled up on the mailscanner mailing list server so I think mail for the past few days has been slow coming from the list. It's catching up now, but there are a few messages in the queue. Paul -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Tel: +353 (0) 59 9183072 Lo-call: 1850 929 929 DDI: +353 (0) 59 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From philipp.bundschuh at comit-gmbh.de Wed Dec 12 15:06:30 2007 From: philipp.bundschuh at comit-gmbh.de (Bundschuh, Philipp) Date: Wed Dec 12 15:06:44 2007 Subject: AW: requeueing / resending archived emails References: <475FF2C1.6060708@syska.dk> <475FF5C4.3020201@farrows.org> Message-ID: And what if the server is running on postfix? Regards, philipp -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Peter Farrow Gesendet: Mittwoch, 12. Dezember 2007 15:53 An: MailScanner discussion Betreff: Re: requeueing / resending archived emails Mikael Syska wrote: > Hi, > > Looking for the same thing ... > > Sure hope there are someone out there with the answer .... > > Guess its some like piping the "file" ( mail ) to the mail program on > the box ... just not sure how .... > > // ouT > > Bundschuh, Philipp wrote: >> >> hello everybody, >> >> we use the email-archiving feature and a copy of all incoming mails >> is stored in /var/spool/MailScanner/archive/. >> >> Now I have all messages in "Date-Named-Folders", BUT: >> >> How can I resend the messages or one message to the origin >> destination or to an alternative email-adress? >> >> I could't finy anything on the web. >> >> Please help. >> >> Regards, >> >> >> Philipp >> > >>How can I resend the messages or one message to the origin destination or to an alternative email-adress? If you are running Sendmail and the messages are Queue files you can copy them to the outgoing Queue directory and issue a sendmail -qv Sendmail will de-queue theemails to the original recipients. I recently did this when 5000+ emails backed up on a miss-behaving MailScanner server... P. -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mikael at syska.dk Wed Dec 12 15:24:24 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Dec 12 15:25:00 2007 Subject: AW: requeueing / resending archived emails In-Reply-To: References: <475FF2C1.6060708@syska.dk> <475FF5C4.3020201@farrows.org> Message-ID: <475FFD28.4040801@syska.dk> Same thing ... :-) I'm running postfix on the server ... not the other way around :-) ( I know what you mean ) Still looking for the answer ... and I will ofcause post here if I find it ... just have more important things to do at the moment. // ouT Bundschuh, Philipp wrote: > And what if the server is running on postfix? > > Regards, > philipp > > > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Peter Farrow > Gesendet: Mittwoch, 12. Dezember 2007 15:53 > An: MailScanner discussion > Betreff: Re: requeueing / resending archived emails > > Mikael Syska wrote: > >> Hi, >> >> Looking for the same thing ... >> >> Sure hope there are someone out there with the answer .... >> >> Guess its some like piping the "file" ( mail ) to the mail program on >> the box ... just not sure how .... >> >> // ouT >> >> Bundschuh, Philipp wrote: >> >>> hello everybody, >>> >>> we use the email-archiving feature and a copy of all incoming mails >>> is stored in /var/spool/MailScanner/archive/. >>> >>> Now I have all messages in "Date-Named-Folders", BUT: >>> >>> How can I resend the messages or one message to the origin >>> destination or to an alternative email-adress? >>> >>> I could't finy anything on the web. >>> >>> Please help. >>> >>> Regards, >>> >>> >>> Philipp >>> >>> > >>How can I resend the messages or one message to the origin > destination or to an alternative email-adress? > > If you are running Sendmail and the messages are Queue files you can > copy them to the outgoing Queue directory and issue a sendmail -qv > > Sendmail will de-queue theemails to the original recipients. I recently > did this when 5000+ emails backed up on a miss-behaving MailScanner > server... > > P. > > From ugob at lubik.ca Wed Dec 12 15:30:04 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Dec 12 15:42:21 2007 Subject: Outbound spam prevention & reaction Message-ID: Hi, I was wondering what you guys are doing to prevent outbound spam and react to it. I relay for a few IPs but I'm a little scared about having spams sent through my MS server that may get me listed on a DNSBL... I could set a separate server for outbound so that I can tweak it differently... I thought of: To react: - Using the 'bounce' setting in MailScanner so that spam senders are notified (for false positives). A "forward" rule could also be used to alert someone - Have a second quarantine report running to show quarantined outbound e-mails, per IP address, or something similar However, SA is not as good at detecting spam when it is going outbound, so I thought we should enforce a strict throttling on all outbound IPs (connection rate & concurrent connections). If several spams are caught, what would be your reaction? Deny the relay or firewall them off? Deny relay would mean that they would get DSNs when trying to send, and they would "loose" their e-mails" To prevent: Hum... I have no idea except to enforce strict firewalling and good sysadmin practices... Any opinions? From ajcartmell at fonant.com Wed Dec 12 15:43:27 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Dec 12 15:43:46 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <475F8371.90003@vanderkooij.org> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475F8371.90003@vanderkooij.org> Message-ID: >> Do you have a reference for that? > > - From the End-Of-Lif statement from Red Hat Linux 7.3 and 9: I don't see where it says "don't use Fedora for production use" or "unstable" or "bleeding edge". Of course RHEL is a little more stable, and probably Solaris is even more stable still. But that doesn't mean Fedora is unstable. We're probably misunderstanding what we each mean by "stable". I mean it as using stable versions of software, such as Apache, MySQL, sendmail, the linux Kernel, etc. So no beta releases, few bugs. I think you take it as meaning long-term (5 years) maintenance, so you don't have to upgrade so often. MailScanner has stable releases roughly every month, and is therefore much more "cutting edge" than even Fedora, but unless you install the beta releases I wouldn't call MailScanner "unstable" or "not for production use". :) > And given the lifespan of 12 to 18 months were it goes from released to > no longer provided with updates I concur that Fedora should never been > used for business. I agree, if you aren't willing to upgrade your server OS roughly once per year then Fedora's not such a good idea. If you are, like I am, then it's a very nice and stable OS for business use. Cheers! Anthony -- www.fonant.com - Quality web sites From peter at farrows.org Wed Dec 12 15:46:17 2007 From: peter at farrows.org (Peter Farrow) Date: Wed Dec 12 15:46:38 2007 Subject: Outbound spam prevention & reaction In-Reply-To: References: Message-ID: <47600249.1020105@farrows.org> Ugo Bellavance wrote: > Hi, > > I was wondering what you guys are doing to prevent outbound spam > and react to it. > > I relay for a few IPs but I'm a little scared about having spams > sent through my MS server that may get me listed on a DNSBL... I > could set a separate server for outbound so that I can tweak it > differently... > > I thought of: > To react: > > - Using the 'bounce' setting in MailScanner so that spam senders > are notified (for false positives). A "forward" rule could also be > used to alert someone > > - Have a second quarantine report running to show quarantined > outbound e-mails, per IP address, or something similar > > However, SA is not as good at detecting spam when it is going > outbound, so I thought we should enforce a strict throttling on all > outbound IPs (connection rate & concurrent connections). > > If several spams are caught, what would be your reaction? Deny the > relay or firewall them off? Deny relay would mean that they would get > DSNs when trying to send, and they would "loose" their e-mails" > > To prevent: > > Hum... I have no idea except to enforce strict firewalling and good > sysadmin practices... > > Any opinions? > I run the maillog through a perl script that counts the number of messages sent from any IP per minute when it reaches a threshold, they are flagged as a spammer in real time and stopped... Ithen use a MS machine just to check for viruses etc outbound. P, -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From peter at farrows.org Wed Dec 12 15:52:01 2007 From: peter at farrows.org (Peter Farrow) Date: Wed Dec 12 15:52:24 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475F8371.90003@vanderkooij.org> Message-ID: <476003A1.70508@farrows.org> Anthony Cartmell wrote: >>> Do you have a reference for that? >> >> - From the End-Of-Lif statement from Red Hat Linux 7.3 and 9: > > I don't see where it says "don't use Fedora for production use" or > "unstable" or "bleeding edge". Of course RHEL is a little more stable, > and probably Solaris is even more stable still. But that doesn't mean > Fedora is unstable. > > We're probably misunderstanding what we each mean by "stable". I mean > it as using stable versions of software, such as Apache, MySQL, > sendmail, the linux Kernel, etc. So no beta releases, few bugs. I > think you take it as meaning long-term (5 years) maintenance, so you > don't have to upgrade so often. > > MailScanner has stable releases roughly every month, and is therefore > much more "cutting edge" than even Fedora, but unless you install the > beta releases I wouldn't call MailScanner "unstable" or "not for > production use". :) > >> And given the lifespan of 12 to 18 months were it goes from released to >> no longer provided with updates I concur that Fedora should never been >> used for business. > > I agree, if you aren't willing to upgrade your server OS roughly once > per year then Fedora's not such a good idea. If you are, like I am, > then it's a very nice and stable OS for business use. > > Cheers! > > Anthony > --www.fonant.com - Quality web sites > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --This message has been scanned for viruses and > dangerous content by the Enhancion system Scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. > http://www.enhancion.com I think we've moved on now, and every else agrees "not for production" Regards Pete -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From jb at jbacher.com Wed Dec 12 15:52:59 2007 From: jb at jbacher.com (J Bacher) Date: Wed Dec 12 15:53:12 2007 Subject: Outbound spam prevention & reaction In-Reply-To: References: Message-ID: <476003DB.1030007@jbacher.com> Ugo Bellavance wrote: > - Using the 'bounce' setting in MailScanner so that spam senders are > notified (for false positives). A "forward" rule could also be used to > alert someone When forged spam email comes through, your server will be spamming someone else (that didn't originate the email). If you're worried about being blacklisted, this should be on your list of "never do". From dgottsc at emory.edu Wed Dec 12 15:56:06 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Wed Dec 12 15:56:23 2007 Subject: Outbound spam prevention & reaction In-Reply-To: References: Message-ID: Here are the University we filter inbound & outbound email. Filtering outbound mail is literally no different than filtering inbound mail. We actually do it on the same physical servers as our inbound filtering. This is done using a front-end load balancer that re-directs mail to a different running copy of Sendmail on a higher TCP port. *A lot* of users here get infected with viruses that are spamming robots. Before I had mailscanner scanning all inbound and outbound messages, we were getting blacklisted very often. I don't send users a bounce message if their message gets filtered as spam. I mainly just monitor the queues for messages that look suspicious (we have a lot of email going inbound and outbound here, I hope to automate this sooner rather than later) If someone is caught spamming, we simply block their IP on the firewall level, and notify them. Hope that helps, good luck! David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance Sent: Wednesday, December 12, 2007 10:30 AM To: mailscanner@lists.mailscanner.info Subject: Outbound spam prevention & reaction Hi, I was wondering what you guys are doing to prevent outbound spam and react to it. I relay for a few IPs but I'm a little scared about having spams sent through my MS server that may get me listed on a DNSBL... I could set a separate server for outbound so that I can tweak it differently... I thought of: To react: - Using the 'bounce' setting in MailScanner so that spam senders are notified (for false positives). A "forward" rule could also be used to alert someone - Have a second quarantine report running to show quarantined outbound e-mails, per IP address, or something similar However, SA is not as good at detecting spam when it is going outbound, so I thought we should enforce a strict throttling on all outbound IPs (connection rate & concurrent connections). If several spams are caught, what would be your reaction? Deny the relay or firewall them off? Deny relay would mean that they would get DSNs when trying to send, and they would "loose" their e-mails" To prevent: Hum... I have no idea except to enforce strict firewalling and good sysadmin practices... Any opinions? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From ajcartmell at fonant.com Wed Dec 12 16:01:39 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Dec 12 16:01:59 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core8) In-Reply-To: <74ACEB3E6A055643A89B8CEC74C7BF2488E289@WISENT.dcyb.net> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <74ACEB3E6A055643A89B8CEC74C7BF2488E289@WISENT.dcyb.net> Message-ID: > So, no-one can tell me that Fedora is as stable as RHEL. No, it's not as stable, because RHEL lags behind Fedora by a year or so, but that doesn't mean that Fedora is unstable. > I agree with Peter: more recent is not always more stable. Of course, > sometimes you need "more recent" because of features, critical bugfixes, > etc, not (yet) available via RPM. Yes, more recent releases are less stable, by definition. Choosing what to use is a constant trade-off between stability and requiring new features and performance improvements. I'm glad that MailScanner has a policy of regular releases with new features, I'd hate to be stuck with the last "stable" version that was perhaps five years old! Anthony -- www.fonant.com - Quality web sites From Denis.Beauchemin at USherbrooke.ca Wed Dec 12 16:00:29 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Dec 12 16:03:28 2007 Subject: Outbound spam prevention & reaction In-Reply-To: <47600249.1020105@farrows.org> References: <47600249.1020105@farrows.org> Message-ID: <4760059D.1070002@USherbrooke.ca> Peter Farrow a ?crit : > Ugo Bellavance wrote: >> Hi, >> >> I was wondering what you guys are doing to prevent outbound spam >> and react to it. >> >> I relay for a few IPs but I'm a little scared about having spams >> sent through my MS server that may get me listed on a DNSBL... I >> could set a separate server for outbound so that I can tweak it >> differently... >> >> I thought of: >> To react: >> >> - Using the 'bounce' setting in MailScanner so that spam senders >> are notified (for false positives). A "forward" rule could also be >> used to alert someone >> >> - Have a second quarantine report running to show quarantined >> outbound e-mails, per IP address, or something similar >> >> However, SA is not as good at detecting spam when it is going >> outbound, so I thought we should enforce a strict throttling on all >> outbound IPs (connection rate & concurrent connections). >> >> If several spams are caught, what would be your reaction? Deny >> the relay or firewall them off? Deny relay would mean that they >> would get DSNs when trying to send, and they would "loose" their >> e-mails" >> >> To prevent: >> >> Hum... I have no idea except to enforce strict firewalling and good >> sysadmin practices... >> >> Any opinions? >> > I run the maillog through a perl script that counts the number of > messages sent from any IP per minute when it reaches a threshold, they > are flagged as a spammer in real time and stopped... > > Ithen use a MS machine just to check for viruses etc outbound. > P, > I do about the same thing using milter-limit (free). My main servers get high limits but users get: # Defaut milter-limit-Connect: 50/1h I set a lower limit for VPN and wireless users. It does catch a few every day. I also bounce spam back to the sender (just on my internal servers). I bounce about a dozen each day. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From peter at farrows.org Wed Dec 12 16:10:53 2007 From: peter at farrows.org (Peter Farrow) Date: Wed Dec 12 16:11:17 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <74ACEB3E6A055643A89B8CEC74C7BF2488E289@WISENT.dcyb.net> Message-ID: <4760080D.7070109@farrows.org> >>I'm glad that MailScanner has a policy of regular releases with new features, I'd hate to be stuck with the last "stable" version that was perhaps five years old! You really are missing the point. Its the quality of the release not the quantity. And Fedora releases are not the same stable quality as RHEL or CentOS, if you read the mail list you will note the original poster fixed the problem by using CentOS. http://en.wikipedia.org/wiki/Q.E.D. You mistake the freqency of release with the stability of the product. Fedora could release every day but it still wouldn't be the production stable platform. Think about it like this, if your very life depended on the stability of an OS, where one hiccup or reboot or software failure would cause you to die a slow and painful death, would you rather the machine deciding your fate ran Centos/RHEL or Fedora Core 8. If your answer is the latter (which I think you would choose just for effect), then perhaps you should just shoot yourself now ;-) regards Pete Anthony Cartmell wrote: >> So, no-one can tell me that Fedora is as stable as RHEL. > > No, it's not as stable, because RHEL lags behind Fedora by a year or > so, but that doesn't mean that Fedora is unstable. > >> I agree with Peter: more recent is not always more stable. Of course, >> sometimes you need "more recent" because of features, critical bugfixes, >> etc, not (yet) available via RPM. > > Yes, more recent releases are less stable, by definition. Choosing > what to use is a constant trade-off between stability and requiring > new features and performance improvements. > > I'm glad that MailScanner has a policy of regular releases with new > features, I'd hate to be stuck with the last "stable" version that was > perhaps five years old! > > Anthony > --www.fonant.com - Quality web sites > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --This message has been scanned for viruses and > dangerous content by the Enhancion system Scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [0]. > http://www.enhancion.com -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From john at tradoc.fr Wed Dec 12 16:12:15 2007 From: john at tradoc.fr (John Wilcock) Date: Wed Dec 12 16:12:26 2007 Subject: Outbound spam prevention & reaction In-Reply-To: <476003DB.1030007@jbacher.com> References: <476003DB.1030007@jbacher.com> Message-ID: <4760085F.20804@tradoc.fr> J Bacher wrote: > Ugo Bellavance wrote: > >> - Using the 'bounce' setting in MailScanner so that spam senders >> are notified (for false positives). A "forward" rule could also be >> used to alert someone > > When forged spam email comes through, your server will be spamming > someone else (that didn't originate the email). If you're worried > about being blacklisted, this should be on your list of "never do". ... except if you use a ruleset to only bounce spam for internal IP addresses. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From ajcartmell at fonant.com Wed Dec 12 16:22:29 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Dec 12 16:22:47 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <475EA86D.9060101@farrows.org> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> Message-ID: > You miss read the grammar in my reply. > > We all know that Centos is not supported by Red Hat, however it is > binary compatible, if you're not sure what binary compatible just go for > google. You missed my winking smiley ;) > Heres an article worth reading that looks at both sides of the argument: > > http://www.eweek.com/article2/0,1759,1766350,00.asp Although that's a little old now, I agree with its sentiments. It even lists Wikipedia and Sourceforge as using Fedora for production servers :) > You also might want to read real world comment here: > > http://ubuntuforums.org/archive/index.php/t-255265.html I agree with those opinions that compare Ubuntu with Fedora rather than with RHEL. The points about stability being unrelated to the age of software are exactly what I'm talking about. > I think that by insisting its not a testing ground OS you are not in > agreement with everyone I deal with... Depends whether "testing ground OS" is a good thing or not. I'd have thought that the fact that RHEL is based on Fedora, and not, say, Ubuntu, was an indication that Fedora is indeed one of the most stable free Linux distros available. > If you use Fedora for production, then I'm glad I'm not relying on your > production servers. My only few downtimes over the last three years have been hardware and network related. I have never had any issues with Fedora, which has proved to be quite stable enough for production use. > To say that it is suitable for production comes down to experience I quite agree, I'm simply relating what I've personally experienced. If someone has run production web/e-mail servers with Fedora and has had problems with the OS I'd love to hear, in case I've been unusually lucky. Cheers! Anthony -- www.fonant.com - Quality web sites From ugob at lubik.ca Wed Dec 12 16:31:37 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Dec 12 16:32:22 2007 Subject: Outbound spam prevention & reaction In-Reply-To: <47600249.1020105@farrows.org> References: <47600249.1020105@farrows.org> Message-ID: Peter Farrow wrote: > Ugo Bellavance wrote: >> Hi, >> >> I was wondering what you guys are doing to prevent outbound spam >> and react to it. >> >> I relay for a few IPs but I'm a little scared about having spams >> sent through my MS server that may get me listed on a DNSBL... I >> could set a separate server for outbound so that I can tweak it >> differently... >> >> I thought of: >> To react: >> >> - Using the 'bounce' setting in MailScanner so that spam senders >> are notified (for false positives). A "forward" rule could also be >> used to alert someone >> >> - Have a second quarantine report running to show quarantined >> outbound e-mails, per IP address, or something similar >> >> However, SA is not as good at detecting spam when it is going >> outbound, so I thought we should enforce a strict throttling on all >> outbound IPs (connection rate & concurrent connections). >> >> If several spams are caught, what would be your reaction? Deny the >> relay or firewall them off? Deny relay would mean that they would get >> DSNs when trying to send, and they would "loose" their e-mails" >> >> To prevent: >> >> Hum... I have no idea except to enforce strict firewalling and good >> sysadmin practices... >> >> Any opinions? >> > I run the maillog through a perl script that counts the number of > messages sent from any IP per minute when it reaches a threshold, they > are flagged as a spammer in real time and stopped... > That sounds like a good idea... mind sharing your script? Regards, Ugo From mailscanner at PDSCC.COM Wed Dec 12 16:33:26 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Wed Dec 12 16:33:24 2007 Subject: problems with mail queuing up In-Reply-To: <223f97700712120141x35ece18em1d7958bef77aa93d@mail.gmail.com> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <20071212035834.DADB982BF0@sinclaire.sibble.net>, <223f97700712120141x35ece18em1d7958bef77aa93d@mail.gmail.com> Message-ID: <20071212163315.8BA1D82BF4@sinclaire.sibble.net> On 12 Dec 2007 at 10:41, Glenn Steen wrote: > Eh, how did it disappear? It didn't... As best as I can tell it was never there, when it was suggested to me to add the line, I looked at my Ubuntu 6.0.6 MailScanner box and it also doesn't have the scache line.... > Oh well, there it is... Without that line, how will it know what to do > and where to do it... Glad that you got it resolved! Me too! What's odd is everything has been running tickety-boo for the last 179 days before this occurred > BTW, this would only affect "bursts" of messages then, to the same > servers... Since then scache would kick in... So feeding it one odd, the queue was filled with a mix of messages in/outbound, the outbound were to a whole bunch of different servers while the inbound would have been to the internal exchange server. Both were hanging up. > message at a time might've "worked", but would then conceal the true > error. And if, for some reason, you had another burst... you'd have > had even more "buildup". Well that would explain why each time I requeued the lot, the queue would go down say 10 or 20 messages > Should've asked you for your master.cf, in hindsight, sorry for that. Heh, no worries -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ugob at lubik.ca Wed Dec 12 16:32:52 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Dec 12 16:35:22 2007 Subject: Outbound spam prevention & reaction In-Reply-To: <4760085F.20804@tradoc.fr> References: <476003DB.1030007@jbacher.com> <4760085F.20804@tradoc.fr> Message-ID: John Wilcock wrote: > J Bacher wrote: >> Ugo Bellavance wrote: >> >>> - Using the 'bounce' setting in MailScanner so that spam senders >>> are notified (for false positives). A "forward" rule could also be >>> used to alert someone >> >> When forged spam email comes through, your server will be spamming >> someone else (that didn't originate the email). If you're worried >> about being blacklisted, this should be on your list of "never do". > > ... except if you use a ruleset to only bounce spam for internal IP > addresses. That was the plan... But if it uses forged addresses, even if I bounce for internal IP address, I might be bouncing back to the internet, right? Ugo From jb at jbacher.com Wed Dec 12 16:48:20 2007 From: jb at jbacher.com (J Bacher) Date: Wed Dec 12 16:48:31 2007 Subject: Outbound spam prevention & reaction In-Reply-To: <4760085F.20804@tradoc.fr> References: <476003DB.1030007@jbacher.com> <4760085F.20804@tradoc.fr> Message-ID: <476010D4.2030702@jbacher.com> John Wilcock wrote: >> When forged spam email comes through, your server will be spamming >> someone else (that didn't originate the email). If you're worried >> about being blacklisted, this should be on your list of "never do". > > ... except if you use a ruleset to only bounce spam for internal IP > addresses. I still recommend to never send a bounce on possible spam. From peter at farrows.org Wed Dec 12 16:48:17 2007 From: peter at farrows.org (Peter Farrow) Date: Wed Dec 12 16:48:41 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> Message-ID: <476010D1.3070406@farrows.org> Anthony Cartmell wrote: >> You miss read the grammar in my reply. >> >> We all know that Centos is not supported by Red Hat, however it is >> binary compatible, if you're not sure what binary compatible just go >> for google. > > You missed my winking smiley ;) > >> Heres an article worth reading that looks at both sides of the argument: >> >> http://www.eweek.com/article2/0,1759,1766350,00.asp > > Although that's a little old now, I agree with its sentiments. It even > lists Wikipedia and Sourceforge as using Fedora for production servers :) > >> You also might want to read real world comment here: >> >> http://ubuntuforums.org/archive/index.php/t-255265.html > > I agree with those opinions that compare Ubuntu with Fedora rather > than with RHEL. The points about stability being unrelated to the age > of software are exactly what I'm talking about. > >> I think that by insisting its not a testing ground OS you are not in >> agreement with everyone I deal with... > > Depends whether "testing ground OS" is a good thing or not. I'd have > thought that the fact that RHEL is based on Fedora, and not, say, > Ubuntu, was an indication that Fedora is indeed one of the most stable > free Linux distros available. > >> If you use Fedora for production, then I'm glad I'm not relying on >> your production servers. > > My only few downtimes over the last three years have been hardware and > network related. I have never had any issues with Fedora, which has > proved to be quite stable enough for production use. > >> To say that it is suitable for production comes down to experience > > I quite agree, I'm simply relating what I've personally experienced. > If someone has run production web/e-mail servers with Fedora and has > had problems with the OS I'd love to hear, in case I've been unusually > lucky. > > Cheers! > > Anthony > --www.fonant.com - Quality web sites > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --This message has been scanned for viruses and > dangerous content by the Enhancion system Scanner > and is believed to be clean. > http://www.enhancion.net >>I quite agree, I'm simply relating what I've personally experienced. If someone has run production web/e-mail servers with Fedora and has had problems with the >>OS I'd love to hear, in case I've been unusually lucky. I quite prepared to concede that I may have been unusually unlucky in my Fedora experience...but once bitten twice shy... P. -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From ajcartmell at fonant.com Wed Dec 12 17:03:15 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Dec 12 17:03:33 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <476010D1.3070406@farrows.org> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <476010D1.3070406@farrows.org> Message-ID: > I quite prepared to concede that I may have been unusually unlucky in my > Fedora experience...but once bitten twice shy... What was the problem you had? Was it recently? Perhaps I should investigate CentOS after all... hmmm... Cheers! Anthony -- www.fonant.com - Quality web sites From w.kranenborg at am-impact.nl Wed Dec 12 17:34:47 2007 From: w.kranenborg at am-impact.nl (A&M ImpacT [W. Kranenborg]) Date: Wed Dec 12 17:34:55 2007 Subject: Outbound spam prevention & reaction References: <476003DB.1030007@jbacher.com><4760085F.20804@tradoc.fr> <476010D4.2030702@jbacher.com> Message-ID: That's my opinion too. About 20% of the mail of one day are bounces of spam. That's very annoying because we can't do anything about is and it is waste of CPU time because it has to be scanned through x server in stead of just putting it to /dev/null after seeing it is spam. Greets Wessel Kranenborg -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens J Bacher Verzonden: woensdag 12 december 2007 17:48 Aan: MailScanner discussion Onderwerp: Re: Outbound spam prevention & reaction John Wilcock wrote: >> When forged spam email comes through, your server will be spamming >> someone else (that didn't originate the email). If you're worried >> about being blacklisted, this should be on your list of "never do". > > ... except if you use a ruleset to only bounce spam for internal IP > addresses. I still recommend to never send a bounce on possible spam. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Wed Dec 12 17:45:11 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Dec 12 17:45:22 2007 Subject: Outbound spam prevention & reaction In-Reply-To: Message-ID: <5036f028cdaf47429fea9905f3f72ac7@solidstatelogic.com> Don't accept email for unknown recipients (see the wiki for howto for you're MTA), have a look at Tim Jacksons SA rules for bad virus bounces (don't forget to take out the MailScanner rules!). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of A&M ImpacT [W. Kranenborg] > Sent: 12 December 2007 17:35 > To: MailScanner discussion > Subject: RE: Outbound spam prevention & reaction > > That's my opinion too. About 20% of the mail of one day are bounces of > spam. That's very annoying because we can't do anything about is and it > is waste of CPU time because it has to be scanned through x server in > stead of just putting it to /dev/null after seeing it is spam. > > Greets Wessel Kranenborg > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Namens J Bacher > Verzonden: woensdag 12 december 2007 17:48 > Aan: MailScanner discussion > Onderwerp: Re: Outbound spam prevention & reaction > > John Wilcock wrote: > > >> When forged spam email comes through, your server will be spamming > >> someone else (that didn't originate the email). If you're worried > >> about being blacklisted, this should be on your list of "never do". > > > > ... except if you use a ruleset to only bounce spam for internal IP > > addresses. > > I still recommend to never send a bounce on possible spam. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From w.kranenborg at am-impact.nl Wed Dec 12 17:59:26 2007 From: w.kranenborg at am-impact.nl (A&M ImpacT [W. Kranenborg]) Date: Wed Dec 12 17:59:36 2007 Subject: Outbound spam prevention & reaction References: <5036f028cdaf47429fea9905f3f72ac7@solidstatelogic.com> Message-ID: I don't accept mail for unknown recipients. Spammers send mail from an emailadres of one of our customers. 20% of the mail to scan for them are bounces of spam with the customers email-adress. Don't pay attention to my bad englisch. Greets Wessel -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Martin.Hepworth Verzonden: woensdag 12 december 2007 18:45 Aan: MailScanner discussion Onderwerp: RE: Outbound spam prevention & reaction Don't accept email for unknown recipients (see the wiki for howto for you're MTA), have a look at Tim Jacksons SA rules for bad virus bounces (don't forget to take out the MailScanner rules!). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of A&M ImpacT [W. Kranenborg] > Sent: 12 December 2007 17:35 > To: MailScanner discussion > Subject: RE: Outbound spam prevention & reaction > > That's my opinion too. About 20% of the mail of one day are bounces of > spam. That's very annoying because we can't do anything about is and it > is waste of CPU time because it has to be scanned through x server in > stead of just putting it to /dev/null after seeing it is spam. > > Greets Wessel Kranenborg > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Namens J Bacher > Verzonden: woensdag 12 december 2007 17:48 > Aan: MailScanner discussion > Onderwerp: Re: Outbound spam prevention & reaction > > John Wilcock wrote: > > >> When forged spam email comes through, your server will be spamming > >> someone else (that didn't originate the email). If you're worried > >> about being blacklisted, this should be on your list of "never do". > > > > ... except if you use a ruleset to only bounce spam for internal IP > > addresses. > > I still recommend to never send a bounce on possible spam. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gerard at seibercom.net Wed Dec 12 18:24:35 2007 From: gerard at seibercom.net (Gerard) Date: Wed Dec 12 18:24:44 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core8) In-Reply-To: <4760080D.7070109@farrows.org> References: <4760080D.7070109@farrows.org> Message-ID: <20071212132051.5117.A38C9147@seibercom.net> > On December 12, 2007 at 11:10AM Peter Farrow wrote: [ snip ] > Think about it like this, if your very life depended on the stability of > an OS, where one hiccup or reboot or software failure would cause you to > die a slow and painful death, would you rather the machine deciding your > fate ran Centos/RHEL or Fedora Core 8. It is purely academic. In either case, you are going to die. The only variable is the time factor. In fact, if the criteria is a single 'hiccup' or other software failure, then the user is just plain out of luck. Inevitably, it is going to happen. -- Gerard From cooper at hmcnetworks.com Wed Dec 12 19:55:41 2007 From: cooper at hmcnetworks.com (Al Cooper) Date: Wed Dec 12 19:58:15 2007 Subject: Spam Mail Being Delivered To A Spam Folder Message-ID: <016501c83cf8$fa9f77d0$efde6770$@com> Hi All, I upgraded to a new mail server (CentOS 5) a few months ago and installed MailScanner version 4.63.8 & Spamassassin version 3.2.3 (with mostly default settings). Ever since the upgrade, email that is tagged as spam is being delivered to a user level spam file, which most of my customers love. However one of my domains would like to receive all their email including email tagged as spam. I have a few of questions: 1. Where in the conf is the setting that is causing spam to go into the user level spam file? My MailScanner.conf spam delivery options are set as: Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" 2. Is it possible to have spam for just one domain delivered to the user's mbox, but all other domains deliver to the user's spam file? And if yes, how? 3. Since the spam files are getting rather large and messing with my quotas, does anyone have a script that will delete mail in the spam file after a specified number of days? Thanks for your help, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Dec 12 19:42:05 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 12 20:13:08 2007 Subject: Outbound spam prevention & reaction In-Reply-To: References: <5036f028cdaf47429fea9905f3f72ac7@solidstatelogic.com> Message-ID: on 12/12/2007 9:59 AM A&M ImpacT [W. Kranenborg] spake the following: > I don't accept mail for unknown recipients. Spammers send mail from an > emailadres of one of our customers. 20% of the mail to scan for them are > bounces of spam with the customers email-adress. > > Don't pay attention to my bad englisch. > > Greets Wessel > If you have a separate outbound server you can also have strict rules of what ip addresses to accept mail from. If they are your customer, their ip addresses should be info you have. Spammers can fake the address easily, but it is very difficult to fake the ip address that is connecting. Or you can force your customers to have to auth to your server, or use certificates, or whatever other system you can think of and support easily. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Dec 12 19:27:25 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 12 20:19:01 2007 Subject: mailscanner 4.66.4-3 reccomendation In-Reply-To: <005d01c83c5e$939d4890$6714a8c0@Gemini> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <20071211084017.628C982BF0@sinclaire.sibble.net>, <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> <20071211222857.4C3A582BF0@sinclaire.sibble.net> <005d01c83c5e$939d4890$6714a8c0@Gemini> Message-ID: on 12/11/2007 5:30 PM James N. Smith spake the following: > Need some advice from the list. I am doing a new install based on > CentOS 5.1. I have run into the MailTools v.2 problem trying to run > MailScanner 4.65.3-1. > > Is it recommended to use the MailScanner 4.66.4-3 Beta with MailTools > 2.02 or try to revert to an older version of MailTools and use the > stable MailScanner? > > More specifically, is 4.66.4-3 a reliable beta (more akin to a Release > Candidate) or is it more "buyer beware"? > If you are afraid of the term beta in its name, then revert to the 1.xx mailtools. But Julian's betas are usually very stable, and most of the time if he is concerned, you will see a request for testing in the release announcement, or problem reports within hours of the release. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brian.duncan at kattenlaw.com Wed Dec 12 21:05:50 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Dec 12 21:06:03 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC407801D7EDDC@CHI-US-EXCH-01.us.kmz.com> > > "The Spam Lists To Be Spam" directive could still be set, but > > MailScanner could quit RBL checks after meeting that condition. > > > > It could even increase performance couldn't it for heavily > loaded mail > > servers? > It would actually lower performance as each message would > have to be checked one at a time one list at a time instead > of firing off multiple queries and looking at the hits > afterward. Think of telling a joke in a room full of people. > Do you tell one person at a time and wait for a laugh (or > not), or do you tell groups of people at the same time? > If a sysadmin trusts a list that well, he/she usually uses it > at the MTA. That is the only way to really cut the load, > because no further processing is done on it. The batch > processing is what puts mailscanner ahead of the other > options like mimedefang or amavisd (or ???). I know this was from last week, I have been busy and did not see your reply till today. So you are saying currently Mailscanner sends out queries to ALL the RBL's listed in the mailscanner conf, but does NOT wait for ALL of them to reply? Your analogy on telling a joke to a room full of people makes sense, but if you have to wait for the room full of people to all laugh or not laugh it seems less efficient unless I am missing something there. >From what I can see in my logs normally I have log entries for ALL the RBL's that each message failed against. And only if an RBL times out does it skip it. So does mailscanner after it queries all the RBL's initially continue without pause even if one of the RBL's does NOT answer? I do see how serial lookup could slow things down now though, if RBL one say no, then it goes onto RBL 2, etc.. So any valid mail will still wind up queuing ALL the RBL's anyhow. Just not all at the same time, which would add delay(how much I don't know). But if as it works now ALL RBL's have to reply before Mailscanner thinks that it is done with that message, the difference in time might be very minor. Especially if it was serial, and you only wanted 1 RBL to fail and your servers receive allot of Spam. (and your first specified RBL check is what you get your largest hit on anyhow) > > > > > In my organization we rely on MailScanner to do the RBL checks and > > pass ALL mail through to end users (We need to, they can > never afford > > to miss a message) RBL failed messages are considered high scoring > > spam and get a slightly different identifier to quickly identify an > > RBL'ed messages from one that failed do to message content. > > > Since you forward all messages, you could have some > preprocessor do rbl checks and add headers and then get > mailscanner to not re-scan those. I guess I will have to look into that if I want to do it. I just figured it might be a benefit to have the capability to do it in Mailscanner since it already has the RBL checking functionality, just not the capability to do it in a serial manner. > > In my organisation, if they are on a trusted RBL, they only > send spam. > Otherwise the un-trusted RBL's are scored with spamassassin > like other content. That way a message in a less than > reliable list, with no other content problems will usually > get through unmolested. > Yeah in my situation I work in an environment where a client could technically be a Spammer. So many users need ALL messages that were sent to them. I don't have the option of telling a user, the reason you did not receive message X which related to a deal you were working on was because they use an ISP that they just switched to that got assigned a previous block of addresses that were black listed. They don't care what I say, they just care they did not receive the message. So we do this for all users. If something is RBL'ed and it came from a Spammer we just tell them to add the user to their safe sender list in Outlook and then I can still fight Spam while giving individual users the control to receive what they want. Back before we did this, do you know how much time I would waste having to assist other companies IT departments in getting off an RBL? Now I never have to. I wish I could dump RBL'ed messages at my edge. But all I can do is wish. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From ssilva at sgvwater.com Wed Dec 12 22:21:07 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Dec 12 22:33:06 2007 Subject: Recommended spam.lists and/or sendmail dnsbl settings? In-Reply-To: <65234743FE1555428435CE39E6AC407801D7EDDC@CHI-US-EXCH-01.us.kmz.com> References: <47557D9B.5090801@openenterprise.ca> <625385e30712041119s506151d0y6a79003dcea9cdee@mail.gmail.com><65234743FE1555428435CE39E6AC407801D7ED92@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC407801D7ED96@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC407801D7EDDC@CHI-US-EXCH-01.us.kmz.com> Message-ID: on 12/12/2007 1:05 PM Duncan, Brian M. spake the following: > >>> "The Spam Lists To Be Spam" directive could still be set, but > >>> MailScanner could quit RBL checks after meeting that condition. >>> > >>> It could even increase performance couldn't it for heavily > >> loaded mail > >>> servers? >> It would actually lower performance as each message would > >> have to be checked one at a time one list at a time instead > >> of firing off multiple queries and looking at the hits > >> afterward. Think of telling a joke in a room full of people. > >> Do you tell one person at a time and wait for a laugh (or > >> not), or do you tell groups of people at the same time? >> If a sysadmin trusts a list that well, he/she usually uses it > >> at the MTA. That is the only way to really cut the load, > >> because no further processing is done on it. The batch > >> processing is what puts mailscanner ahead of the other > >> options like mimedefang or amavisd (or ???). > > I know this was from last week, I have been busy and did not see your > reply till today. > > So you are saying currently Mailscanner sends out queries to ALL the > RBL's listed in the mailscanner conf, but does NOT wait for ALL of them > to reply? > > Your analogy on telling a joke to a room full of people makes sense, but > if you have to wait for the room full of people to all laugh or not > laugh it seems less efficient unless I am missing something there. > > >>From what I can see in my logs normally I have log entries for ALL the > RBL's that each message failed against. And only if an RBL times out > does it skip it. So does mailscanner after it queries all the RBL's > initially continue without pause even if one of the RBL's does NOT > answer? > > I do see how serial lookup could slow things down now though, if RBL one > say no, then it goes onto RBL 2, etc.. So any valid mail will still wind > up queuing ALL the RBL's anyhow. Just not all at the same time, which > would add delay(how much I don't know). But if as it works now ALL > RBL's have to reply before Mailscanner thinks that it is done with that > message, the difference in time might be very minor. Especially if it > was serial, and you only wanted 1 RBL to fail and your servers receive > allot of Spam. (and your first specified RBL check is what you get your > largest hit on anyhow) That is a best case senario. > > > > >> Since you forward all messages, you could have some > >> preprocessor do rbl checks and add headers and then get > >> mailscanner to not re-scan those. > > I guess I will have to look into that if I want to do it. I just > figured it might be a benefit to have the capability to do it in > Mailscanner since it already has the RBL checking functionality, just > not the capability to do it in a serial manner. Julian made this decision when he created mailscanner. It also uses this same parallel processing on virus scanning, which saves a lot more cpu power. There are already a bunch of other options that do it the way you would like. Mimedefang, amavisd, and a few others that I can't remember right now. Julian set out to make mailscanner stand out from the crowd. I think he was successful. > > > Yeah in my situation I work in an environment where a client could > technically be a Spammer. So many users need ALL messages that were > sent to them. I don't have the option of telling a user, the reason you > did not receive message X which related to a deal you were working on > was because they use an ISP that they just switched to that got assigned > a previous block of addresses that were black listed. They don't care > what I say, they just care they did not receive the message. So we do > this for all users. If something is RBL'ed and it came from a Spammer > we just tell them to add the user to their safe sender list in Outlook > and then I can still fight Spam while giving individual users the > control to receive what they want. Back before we did this, do you know > how much time I would waste having to assist other companies IT > departments in getting off an RBL? Now I never have to. > > I wish I could dump RBL'ed messages at my edge. But all I can do is > wish. Yes, that is too bad. We drop 60 to 70% of all incoming messages at the MTA. That is stuff I don't have to scan, check, store, or be responsible for. Every requirement is different, that is why there are so many tools available. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gmane at tippingmar.com Thu Dec 13 01:14:24 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Thu Dec 13 01:14:43 2007 Subject: Sophos.install for v6 Message-ID: The changelog says: 10/12/2007 New in Version 4.66.4-3 ================================== * New Features and Improvements * 1 Update of Sophos.install for Sophos version 6. However, the Sophos.install file in the rpm seems to be the old one. I don't see any mention of v6 in it. I'd like to get a copy since I am doing a fresh installation. Thanks, Mark From rwahyudi at gmail.com Thu Dec 13 02:37:50 2007 From: rwahyudi at gmail.com (R Wahyudi) Date: Thu Dec 13 02:39:18 2007 Subject: Outbound spam prevention & reaction In-Reply-To: References: Message-ID: <47609AFE.6060606@gmail.com> Im running mail server for ISP. We use separate server for incoming and outgoing mail server and postfix as our MTA. We set our outgoing MTA with following restriction when they are not authenticated : 1. Within 10 minutes , client can make 20 connection to our server 2. Within 10 minutes , user can send email(s) with a maximum of 150 recipients. 3. In 1 connection, user can include up to 150 recipients. When user hit this limit we give them SMTP error with link to a website which show them what this error message means and instruction on how to setup smtp auth if they want to send large quantity of email. Authenticated user have far less restriction compared to non authenticated user. All outgoing mail scanned by MailScanner with customized SA rules. Basically we disable all RBL based check and few rules that trigger false positive. Increase URIBL / SURBL scoring so it reach high scoring spam & increase razor score. We use MailWatch to log email transaction details to MySQL database and we create a script to find IP addresses that send more than 5 spam/virus in 30 minutes. We blacklist these offender at SMTP level for 2 hour. The SMTP rejection error message contain URL asking them to go our spam report website. When user go to this website, we get their origin IP address and provide them explanation on why they get blacklisted, status if they are still on the blacklist, and also a list of Spam/Virus originated from their IP adress in the last 24 hour. They can request immediate removal ( maximum 3 times before 24 hour ban ). If user continuously spamming/sending virus for 7 days we generate email threatening to lock their DSL/dialup account they dont stop. User that continuously spamming/sending virus for 1 week after we sent the letter will get lock. Regards, Rianto Wahyudi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071213/db1ac436/attachment.html From root at doctor.nl2k.ab.ca Thu Dec 13 05:05:24 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Thu Dec 13 05:42:39 2007 Subject: Mysterious missing mail Message-ID: <20071213050524.GC17044@doctor.nl2k.ab.ca> Have you heard of the one where someone sends a test mail and it does not show up? From hvdkooij at vanderkooij.org Thu Dec 13 06:31:21 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Dec 13 06:34:44 2007 Subject: Mysterious missing mail In-Reply-To: <20071213050524.GC17044@doctor.nl2k.ab.ca> References: <20071213050524.GC17044@doctor.nl2k.ab.ca> Message-ID: <4760D1B9.3000806@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Have you heard of the one where someone sends a test mail > and it does not show up? Sounds like a real "dijenkletser'. (Only the best jokes get this classification in dutch.) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHYNG3BvzDRVjxmYERAlzsAJ4nVgFkEq2H60vYQR8y0MvqlpdEYQCeJ8Xg oWq5CKGOlGuT2IB89r6o9uU= =1QOp -----END PGP SIGNATURE----- From edward at tdcs.com.au Thu Dec 13 06:44:38 2007 From: edward at tdcs.com.au (Edward Dekkers) Date: Thu Dec 13 06:45:23 2007 Subject: Mysterious missing mail In-Reply-To: <4760D1B9.3000806@vanderkooij.org> References: <20071213050524.GC17044@doctor.nl2k.ab.ca> <4760D1B9.3000806@vanderkooij.org> Message-ID: > Sounds like a real "dijenkletser'. (Only the best jokes get this > classification in dutch.) > > Hugo. Die had ik nog niet echt gehoord en toen ik het leesde dacht ik dat het iets anders was. Maar goed, in ieder geval schooner dan: Ik lach me een krul in m'n l_l Die ik het meeste gebruikt. Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alvaro at hostalia.com Thu Dec 13 08:43:39 2007 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Thu Dec 13 08:43:52 2007 Subject: Outbound spam prevention & reaction In-Reply-To: <47609AFE.6060606@gmail.com> References: <47609AFE.6060606@gmail.com> Message-ID: <4760F0BB.7080901@hostalia.com> Hello, > Im running mail server for ISP. We use separate server for incoming and > outgoing mail server and postfix as our MTA. > > We set our outgoing MTA with following restriction when they are not > authenticated : > > 1. > Within 10 minutes , client can make 20 connection to our server > 2. > Within 10 minutes , user can send email(s) with a maximum of 150 > recipients. > 3. > In 1 connection, user can include up to 150 recipients. Are you using policyd with postfix for this or a MailScanner plugin? Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From pascal.maes at elec.ucl.ac.be Thu Dec 13 08:47:44 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Dec 13 08:48:00 2007 Subject: MailScanner could not analyze some mails Message-ID: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> Hello, All the mails like the following are put in quarantine because MailScanner "Could not analyze message" and the recipient receives and advertising in place ot the message. The message seems very simple, that what I receive after the release from the quarantine : Received: from smtp3.sgsi.ucl.ac.be ([10.1.5.3]) by mmp.sipr-dc.ucl.ac.be (Sun Java(tm) System Messaging Server 6.3-4.01 (built Aug 3 2007; 32bit)) with ESMTP id <0JSZ00A9BBOXUM40@mmp.sipr-dc.ucl.ac.be > for my-address; Thu, 13 Dec 2007 09:31:45 +0100 (CET) Received: from smtp3.sgsi.ucl.ac.be (localhost.localdomain [127.0.0.1]) by smtp3.sgsi.ucl.ac.be (Postfix) with ESMTP id A92821C6E9C for ; Wed, 12 Dec 2007 14:10:15 +0100 (CET) Received: from mail6.e-zone.net (mail6.e-zone.net [212.35.125.173]) by smtp3.sgsi.ucl.ac.be (Postfix) with ESMTP for ; Wed, 12 Dec 2007 14:10:15 +0100 (CET) Date: Wed, 12 Dec 2007 14:09:28 +0100 From: postmaster@legat.eu Subject: Delivery failure (toto@legat.eu) To: my-address Message-id: MIME-version: 1.0 Content-type: multipart/report; report-type=delivery-status X-AV-Checked: ClamAV using ClamSMTP This is a multi-part message in MIME format. --20354/1197464968/MailSite/6760/3916 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" Your message has encountered delivery problems to the following recipient(s): toto@legat.eu Delivery failed User not known --20354/1197464968/MailSite/6760/3916 Content-Disposition: attachment; filename="DSN475FDC94.txt" Content-Transfer-Encoding: quoted-printable Content-Type: message/delivery-status; charset="utf-8" Reporting-MTA: mail.register.be Received-From-MTA: dns; smtp3.sgsi.ucl.ac.be (unverified [130.104.5.77]) Arrival-Date: Wed, 12 Dec 2007 14:05:24 +0100 Final-Recipient: rfc822; toto@legat.eu Action: failed Status: 5.1.1 (Permanent failure - addressing: bad destination mailbox ad= dress) --20354/1197464968/MailSite/6760/3916 Content-Type: message/rfc822; charset="utf-8" X-Spam-Score: 1 Received: from smtp3.sgsi.ucl.ac.be (unverified [130.104.5.77]) by mail.register.be (Rockliffe SMTPRA 7.0.6) with ESMTP id for ; Wed, 12 Dec 2007 14:05:24 +0100 Received: from smtp3.sgsi.ucl.ac.be (localhost.localdomain [127.0.0.1]) by smtp3.sgsi.ucl.ac.be (Postfix) with ESMTP id 41BD11C65B3; Wed, 12 Dec 2007 13:50:08 +0100 (CET) Received: from Ulysse.elec.ucl.ac.be (Ulysse.elec.ucl.ac.be [130.104.236.7]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.sgsi.ucl.ac.be (Postfix) with ESMTP; Wed, 12 Dec 2007 13:50:08 +0100 (CET) Message-ID: <475FD8F8.1010109@uclouvain.be> Disposition-Notification-To: Pascal Maes Date: Wed, 12 Dec 2007 13:50:00 +0100 From: Pascal Maes User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: toto@legat.eu Subject: test Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AV-Checked: ClamAV using ClamSMTP X-Sgsi-Spamcheck: Authenticated, X-SGSI-MailScanner: Found to be clean X-SGSI-From: my-address X-SGSI-Spam-Status: No test --20354/1197464968/MailSite/6760/3916-- Questions - why that kind of email could no be analyzed ? - Does a workaround exist ? - How can we distribute these kind of emails ? Thanks -- Pascal From pascal.maes at elec.ucl.ac.be Thu Dec 13 09:03:53 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Dec 13 09:04:08 2007 Subject: Whitelists not working properly In-Reply-To: <10452.94845.qm@web33302.mail.mud.yahoo.com> References: <10452.94845.qm@web33302.mail.mud.yahoo.com> Message-ID: Le 07-d?c.-07 ? 03:19, Michael Mansour a ?crit : > Hi Johnny, > > --- Johnny Stork wrote: > >> I have noticed for the past few months, not sure >> when it started, but >> not all whitelist entries are getting picked up. For >> instance, I just added >> >>> From To >> *@www.pixologic.com *@* > > It's odd how such rules ever worked for you. They're > syntax is incorrect. > > Please read: > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=virus%20scanning%20rules > > for the correct way to define your rules. > > Regards, > > Michael. > >> Is the following syntax correct ? From: /opt/MailScanner/etc/rules/whitelist.domains yes FromOrTo: default no and in the file /opt/MailScanner/etc/rules/whitelist.domains, I have lines like : *@ess-fp7.org But, recently, I get : > X-SGSI-Spam-Score: ssssssssss > X-SGSI-From: fp7aor@ess-fp7.org > X-SGSI-Spam-Status: Yes -- Pascal From martinh at solidstatelogic.com Thu Dec 13 09:28:17 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Dec 13 09:28:31 2007 Subject: Spam Mail Being Delivered To A Spam Folder In-Reply-To: <016501c83cf8$fa9f77d0$efde6770$@com> Message-ID: <44ed12922f15fb4192467b50e594c53a@solidstatelogic.com> Al Sounds like the client doing this - based on the X-Spam-Status: header. You can make the Spam Actions a rule set and for those domains that want to be subject marked change the rule actions. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Al Cooper > Sent: 12 December 2007 19:56 > To: mailscanner@lists.mailscanner.info > Subject: Spam Mail Being Delivered To A Spam Folder > > Hi All, > > I upgraded to a new mail server (CentOS 5) a few months ago and installed > MailScanner version 4.63.8 & Spamassassin version 3.2.3 (with mostly > default > settings). Ever since the upgrade, email that is tagged as spam is being > delivered to a user level spam file, which most of my customers love. > However one of my domains would like to receive all their email including > email tagged as spam. > > I have a few of questions: > > 1. Where in the conf is the setting that is causing spam to go into the > user > level spam file? > My MailScanner.conf spam delivery options are set as: > Spam Actions = deliver header "X-Spam-Status: Yes" > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > > 2. Is it possible to have spam for just one domain delivered to the user's > mbox, but all other domains deliver to the user's spam file? And if yes, > how? > > 3. Since the spam files are getting rather large and messing with my > quotas, > does anyone have a script that will delete mail in the spam file after a > specified number of days? > > Thanks for your help, > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Dec 13 09:41:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 13 09:42:03 2007 Subject: mailscanner 4.66.4-3 reccomendation In-Reply-To: <005d01c83c5e$939d4890$6714a8c0@Gemini> References: <20071211070319.57E3F82BF4@sinclaire.sibble.net>, <20071211084017.628C982BF0@sinclaire.sibble.net>, <223f97700712110359h13b7118bh753ac7041bcd8c02@mail.gmail.com> <20071211222857.4C3A582BF0@sinclaire.sibble.net> <005d01c83c5e$939d4890$6714a8c0@Gemini> Message-ID: <4760FE57.9050507@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only "beta" thing about it is the install.sh. It should install fine on CentOS 5.1. Please let me know if it doesn't. James N. Smith wrote: > Need some advice from the list. I am doing a new install based on > CentOS 5.1. I have run into the MailTools v.2 problem trying to run > MailScanner 4.65.3-1. > > Is it recommended to use the MailScanner 4.66.4-3 Beta with MailTools > 2.02 or try to revert to an older version of MailTools and use the > stable MailScanner? > > More specifically, is 4.66.4-3 a reliable beta (more akin to a Release > Candidate) or is it more "buyer beware"? > > Thanks in advance! > > James Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHYP5YEfZZRxQVtlQRAuPTAJ44qzxY1NCZkPJZDhw86Vt/9CMzrgCfYJ35 ZS0JRKLbcG8m8hz1f235MpU= =mQPI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Dec 13 09:50:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 13 09:50:27 2007 Subject: Sophos.install for v6 In-Reply-To: References: Message-ID: <4761004E.1090006@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 217 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071213/b682de25/PGP.bin From J.Ede at birchenallhowden.co.uk Thu Dec 13 10:29:19 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Dec 13 10:29:41 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A60B9@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Anthony Cartmell > Sent: 12 December 2007 16:22 > To: MailScanner discussion > Subject: Re: OT Fedora in production (as nstallation Problem on Fedora > Core 8) > > > You miss read the grammar in my reply. > > > > We all know that Centos is not supported by Red Hat, however it is > > binary compatible, if you're not sure what binary compatible just go > for > > google. > > You missed my winking smiley ;) > > > Heres an article worth reading that looks at both sides of the > argument: > > > > http://www.eweek.com/article2/0,1759,1766350,00.asp > > Although that's a little old now, I agree with its sentiments. It even > lists Wikipedia and Sourceforge as using Fedora for production servers > :) > > > You also might want to read real world comment here: > > > > http://ubuntuforums.org/archive/index.php/t-255265.html > > I agree with those opinions that compare Ubuntu with Fedora rather than > with RHEL. The points about stability being unrelated to the age of > software are exactly what I'm talking about. > > > I think that by insisting its not a testing ground OS you are not in > > agreement with everyone I deal with... > > Depends whether "testing ground OS" is a good thing or not. I'd have > thought that the fact that RHEL is based on Fedora, and not, say, > Ubuntu, > was an indication that Fedora is indeed one of the most stable free > Linux > distros available. > > > If you use Fedora for production, then I'm glad I'm not relying on > your > > production servers. > > My only few downtimes over the last three years have been hardware and > network related. I have never had any issues with Fedora, which has > proved > to be quite stable enough for production use. > > > To say that it is suitable for production comes down to experience > > I quite agree, I'm simply relating what I've personally experienced. If > someone has run production web/e-mail servers with Fedora and has had > problems with the OS I'd love to hear, in case I've been unusually > lucky. > > Cheers! > I've been running Fedora for several years as a mail server. First on FC4 then 5,6 and finally 7. Not yet built one on FC8 Apart from 2 small problems with FC7 (one was a cron update that broke cron for a few days and the other a perl update with a faulty Scalar::Utils) they've been running fine. The only real problems I've had is with the yum updates conflicting with the MailScanner perl packages that means I need to remove some packages before running yum update (although that has really only been an issue on FC7). Generally, for reasons other than stability, the servers have been rebuilt every 12-18 months so far. I've always made sure that I've turned off all services that I've not needed to minimise the exposure of ports and with one exception they've all been behind good firewalls. I will be trying an install on CentOS 5.1, but that is mainly because of the rpmforge repository and it removes the problem of having a mixture of perl updates which has caused problems before. Jason From gmatt at nerc.ac.uk Thu Dec 13 12:19:12 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Dec 13 12:20:18 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> Message-ID: <47612340.6050007@nerc.ac.uk> Anthony Cartmell wrote: > My only few downtimes over the last three years have been hardware and > network related. I have never had any issues with Fedora, which has > proved to be quite stable enough for production use. Given that Fedora is only supported for 18 months I wonder how that can be unless you are running an unmaintained OS. Fedora changes too fast for a production environment for /me/. I want to install and maintain an OS for roughly the life of the hardware. That means 5+ years. My job as an administrator is to make systems as easy to maintain as possible. A short lived distro requires more time and bodies to maintain it on production equipment - a luxury I dont have. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Thu Dec 13 12:22:08 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Dec 13 12:22:37 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A60B9@server02.bhl.local> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A60B9@server02.bhl.local> Message-ID: <476123F0.5090900@nerc.ac.uk> Jason Ede wrote: > I've been running Fedora for several years as a mail server. First on > FC4 then 5,6 and finally 7. Not yet built one on FC8 hey, I've been running CentOS for years on my mail relays. First CentOS 4, then... nope still CentOS 4... And it'll be CentOS 4 until the hardware is replaced. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From ugob at lubik.ca Thu Dec 13 13:33:38 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Dec 13 13:44:45 2007 Subject: MailScanner could not analyze some mails In-Reply-To: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> References: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> Message-ID: Pascal Maes wrote: > Hello, > > > Questions > > - why that kind of email could no be analyzed ? > - Does a workaround exist ? > - How can we distribute these kind of emails ? Most likely an AV problem, are you using Sophos? Please have a look at your logs and show us what you find, we'll then be able to help you. Ugo From glenn.steen at gmail.com Thu Dec 13 14:27:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 13 14:27:19 2007 Subject: AW: requeueing / resending archived emails In-Reply-To: <475FFD28.4040801@syska.dk> References: <475FF2C1.6060708@syska.dk> <475FF5C4.3020201@farrows.org> <475FFD28.4040801@syska.dk> Message-ID: <223f97700712130627j522d1518v5d9013b3c75230a1@mail.gmail.com> On 12/12/2007, Mikael Syska wrote: > Same thing ... :-) > > I'm running postfix on the server ... not the other way around :-) ( I > know what you mean ) > > Still looking for the answer ... and I will ofcause post here if I find > it ... just have more important things to do at the moment. > > // ouT The hints needed are in the wiki... If your archive consists of queue files, all needed info (recipient(s) etc) is in that file... So use the information in http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail#releasing_mail_from_the_quarantine_-_queue_files (all one link on one line:-), amended with the fact that the files aren't in the quarantine, but rather the archive... Simple enough?!:-). Cheers -- -- Glenn > Bundschuh, Philipp wrote: > > And what if the server is running on postfix? > > > > Regards, > > philipp > > > > > > -----Urspr?ngliche Nachricht----- > > Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Peter Farrow > > Gesendet: Mittwoch, 12. Dezember 2007 15:53 > > An: MailScanner discussion > > Betreff: Re: requeueing / resending archived emails > > > > Mikael Syska wrote: > > > >> Hi, > >> > >> Looking for the same thing ... > >> > >> Sure hope there are someone out there with the answer .... > >> > >> Guess its some like piping the "file" ( mail ) to the mail program on > >> the box ... just not sure how .... > >> > >> // ouT > >> > >> Bundschuh, Philipp wrote: > >> > >>> hello everybody, > >>> > >>> we use the email-archiving feature and a copy of all incoming mails > >>> is stored in /var/spool/MailScanner/archive/. > >>> > >>> Now I have all messages in "Date-Named-Folders", BUT: > >>> > >>> How can I resend the messages or one message to the origin > >>> destination or to an alternative email-adress? > >>> > >>> I could't finy anything on the web. > >>> > >>> Please help. > >>> > >>> Regards, > >>> > >>> > >>> Philipp > >>> > >>> > > >>How can I resend the messages or one message to the origin > > destination or to an alternative email-adress? > > > > If you are running Sendmail and the messages are Queue files you can > > copy them to the outgoing Queue directory and issue a sendmail -qv > > > > Sendmail will de-queue theemails to the original recipients. I recently > > did this when 5000+ emails backed up on a miss-behaving MailScanner > > server... > > > > P. > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ajcartmell at fonant.com Thu Dec 13 15:18:31 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu Dec 13 15:18:49 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <47612340.6050007@nerc.ac.uk> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <47612340.6050007@nerc.ac.uk> Message-ID: > Anthony Cartmell wrote: >> My only few downtimes over the last three years have been hardware and >> network related. I have never had any issues with Fedora, which has >> proved to be quite stable enough for production use. > > Given that Fedora is only supported for 18 months I wonder how that can > be unless you are running an unmaintained OS. Quite simple, I upgrade roughly every 12 to 18 months :) Anthony -- www.fonant.com - Quality web sites From pascal.maes at elec.ucl.ac.be Thu Dec 13 16:43:50 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Dec 13 16:44:11 2007 Subject: MailScanner could not analyze some mails In-Reply-To: References: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> Message-ID: <390CC465-C7A5-435C-AC22-354CCB2AA359@elec.ucl.ac.be> Le 13-d?c.-07 ? 14:33, Ugo Bellavance a ?crit : > Pascal Maes wrote: >> Hello, >> Questions >> - why that kind of email could no be analyzed ? >> - Does a workaround exist ? >> - How can we distribute these kind of emails ? > > Most likely an AV problem, are you using Sophos? > > Please have a look at your logs and show us what you find, we'll > then be able to help you. > > Ugo > In mail.log, I have : Dec 13 09:35:37 smtp-2 postfix/cleanup[18424]: 9B004EBAD1: message-id= Dec 13 09:35:37 smtp-2 clamsmtpd: 3D1B3B: from=<>, to=pascal.maes@uclouvain.be , status=CLEAN Dec 13 09:35:42 smtp-2 MailScanner[10049]: Message 9B004EBAD1.CBDD7 from 127.0.0.1 () to uclouvain.be is n'est pas un polluriel, SpamAssassin (not cached, score=2.401, requis 5, BAYES_00 -1.60, BOTNET_NORDNS 3.00, NO_REAL_NAME 1.00) and the next line (search on 9B004EBAD1) is : Dec 13 09:35:43 smtp-2 MailScanner[10049]: Saved entire message to / var/spool/MailScanner/quarantine/20071213/9B004EBAD1.CBDD7 We are using postfix as MTA, with ClamAV as first antivirus then the mail is passed through MailScanner which uses mcafe as AV -- Pascal -- Pascal From gmatt at nerc.ac.uk Thu Dec 13 16:44:12 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Dec 13 16:44:43 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <47612340.6050007@nerc.ac.uk> Message-ID: <4761615C.7050103@nerc.ac.uk> Anthony Cartmell wrote: >> Anthony Cartmell wrote: >>> My only few downtimes over the last three years have been hardware >>> and network related. I have never had any issues with Fedora, which >>> has proved to be quite stable enough for production use. >> >> Given that Fedora is only supported for 18 months I wonder how that >> can be unless you are running an unmaintained OS. > > Quite simple, I upgrade roughly every 12 to 18 months :) I rest my case -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From mikael at syska.dk Thu Dec 13 17:33:54 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Dec 13 17:34:39 2007 Subject: AW: requeueing / resending archived emails In-Reply-To: <223f97700712130627j522d1518v5d9013b3c75230a1@mail.gmail.com> References: <475FF2C1.6060708@syska.dk> <475FF5C4.3020201@farrows.org> <475FFD28.4040801@syska.dk> <223f97700712130627j522d1518v5d9013b3c75230a1@mail.gmail.com> Message-ID: <47616D02.2080205@syska.dk> Hey, Glenn Steen wrote: > On 12/12/2007, Mikael Syska wrote: > >> Same thing ... :-) >> >> I'm running postfix on the server ... not the other way around :-) ( I >> know what you mean ) >> >> Still looking for the answer ... and I will ofcause post here if I find >> it ... just have more important things to do at the moment. >> >> // ouT >> > > The hints needed are in the wiki... If your archive consists of queue > files, all needed info (recipient(s) etc) is in that file... So use > the information in > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail#releasing_mail_from_the_quarantine_-_queue_files > (all one link on one line:-), amended with the fact that the files > aren't in the quarantine, but rather the archive... Simple > enough?!:-). > > Cheers > -- > -- Glenn > Thanks for the note on that one. When using: "Releasing mail from the quarantine - message files" sendmail -i -t < meesageid Its gets send from the current account I'm logged onto as ... and yes, ofcause, but I can't seem to find a way to read the sender address, so it gets resend as the original user who send the message ... >> Bundschu [snip] // ouT From glenn.steen at gmail.com Thu Dec 13 19:14:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 13 19:15:10 2007 Subject: AW: requeueing / resending archived emails In-Reply-To: <47616D02.2080205@syska.dk> References: <475FF2C1.6060708@syska.dk> <475FF5C4.3020201@farrows.org> <475FFD28.4040801@syska.dk> <223f97700712130627j522d1518v5d9013b3c75230a1@mail.gmail.com> <47616D02.2080205@syska.dk> Message-ID: <223f97700712131114o3a65dad4mdd22785eb103ea28@mail.gmail.com> On 13/12/2007, Mikael Syska wrote: > Hey, > > Glenn Steen wrote: > > On 12/12/2007, Mikael Syska wrote: > > > >> Same thing ... :-) > >> > >> I'm running postfix on the server ... not the other way around :-) ( I > >> know what you mean ) > >> > >> Still looking for the answer ... and I will ofcause post here if I find > >> it ... just have more important things to do at the moment. > >> > >> // ouT > >> > > > > The hints needed are in the wiki... If your archive consists of queue > > files, all needed info (recipient(s) etc) is in that file... So use > > the information in > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail#releasing_mail_from_the_quarantine_-_queue_files > > (all one link on one line:-), amended with the fact that the files > > aren't in the quarantine, but rather the archive... Simple > > enough?!:-). > > > > Cheers > > -- > > -- Glenn > > > Thanks for the note on that one. > > When using: > "Releasing mail from the quarantine - message files" > > sendmail -i -t < meesageid So "file messageid" reports it as RFC822 text (or similar)? Good. > Its gets send from the current account I'm logged onto as ... and yes, > ofcause, but I can't seem to find a way to read the sender address, so > it gets resend as the original user who send the message ... Eh? In MailWatch you have the message id... and the envelope sender... Right? So a simple SQL scriptlet would get you that... If you mind the clickety-click cut'n'paste:-):-) Or am I misunderstanding this somehow? That it'd look like root@yourhost.yourdomain.com in MW when sent doesn't matter much, the user will just see whatever there is in the header From: anyway... So that shouldn't matter much... > >> Bundschu > [snip] > > // ouT Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu Dec 13 19:30:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Dec 13 19:31:45 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <476123F0.5090900@nerc.ac.uk> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A60B9@server02.bhl.local> <476123F0.5090900@nerc.ac.uk> Message-ID: on 12/13/2007 4:22 AM Greg Matthews spake the following: > Jason Ede wrote: >> I've been running Fedora for several years as a mail server. First on >> FC4 then 5,6 and finally 7. Not yet built one on FC8 > > hey, I've been running CentOS for years on my mail relays. First CentOS > 4, then... nope still CentOS 4... And it'll be CentOS 4 until the > hardware is replaced. Amen brother! I have enough work to do keeping the winblows users from hanging themselves. "I can't find my e-mail", "I lost my icon", "Why can't I install this screensaver my uncle's cousin's co-worker's neighbor gave me?" -- whine whine whine... ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Dec 13 19:40:19 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Dec 13 19:42:32 2007 Subject: Mysterious missing mail In-Reply-To: References: <20071213050524.GC17044@doctor.nl2k.ab.ca> <4760D1B9.3000806@vanderkooij.org> Message-ID: on 12/12/2007 10:44 PM Edward Dekkers spake the following: >> Sounds like a real "dijenkletser'. (Only the best jokes get this >> classification in dutch.) >> >> Hugo. > > Die had ik nog niet echt gehoord en toen ik het leesde dacht ik dat het iets > anders was. > > Maar goed, in ieder geval schooner dan: > > > Ik lach me een krul in m'n l_l > > Die ik het meeste gebruikt. > > Ed. > > > Shouldn't that go to the dutch mailscanner joke list? 8-D ;-P (Extra smiley) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikael at syska.dk Thu Dec 13 20:33:36 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Dec 13 20:34:21 2007 Subject: AW: requeueing / resending archived emails In-Reply-To: <223f97700712131114o3a65dad4mdd22785eb103ea28@mail.gmail.com> References: <475FF2C1.6060708@syska.dk> <475FF5C4.3020201@farrows.org> <475FFD28.4040801@syska.dk> <223f97700712130627j522d1518v5d9013b3c75230a1@mail.gmail.com> <47616D02.2080205@syska.dk> <223f97700712131114o3a65dad4mdd22785eb103ea28@mail.gmail.com> Message-ID: <47619720.6070606@syska.dk> Glenn Steen wrote: > On 13/12/2007, Mikael Syska wrote: > >> Hey, >> >> Glenn Steen wrote: >> >>> On 12/12/2007, Mikael Syska wrote: >>> >>> >>>> Same thing ... :-) >>>> >>>> I'm running postfix on the server ... not the other way around :-) ( I >>>> know what you mean ) >>>> >>>> Still looking for the answer ... and I will ofcause post here if I find >>>> it ... just have more important things to do at the moment. >>>> >>>> // ouT >>>> >>>> >>> The hints needed are in the wiki... If your archive consists of queue >>> files, all needed info (recipient(s) etc) is in that file... So use >>> the information in >>> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail#releasing_mail_from_the_quarantine_-_queue_files >>> (all one link on one line:-), amended with the fact that the files >>> aren't in the quarantine, but rather the archive... Simple >>> enough?!:-). >>> >>> Cheers >>> -- >>> -- Glenn >>> >>> >> Thanks for the note on that one. >> >> When using: >> "Releasing mail from the quarantine - message files" >> >> sendmail -i -t < meesageid >> > So "file messageid" reports it as RFC822 text (or similar)? Good. > > >> Its gets send from the current account I'm logged onto as ... and yes, >> ofcause, but I can't seem to find a way to read the sender address, so >> it gets resend as the original user who send the message ... >> > Eh? In MailWatch you have the message id... and the envelope sender... > Right? So a simple SQL scriptlet would get you that... If you mind the > clickety-click cut'n'paste:-):-) > Or am I misunderstanding this somehow? That it'd look like > root@yourhost.yourdomain.com in MW when sent doesn't matter much, the > user will just see whatever there is in the header From: anyway... So > that shouldn't matter much... > > You are right ... :-) was the root@domain.tld in mailwatch ... but as I now look in the mailbox its right there ... :-) guess I was just a little confused ... thanks for your time. >>>> Bundschu >>>> >> [snip] >> >> // ouT >> > > Cheers > mvh Mikael Syska From dnsadmin at 1bigthink.com Thu Dec 13 20:57:13 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Dec 13 20:57:44 2007 Subject: Very OT: bind/named question Message-ID: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> Hello All, I've a caching nameserver configured on my recently built CentOS 5.x mail server. The server is completely 'self-contained' as all mail and related processes are local on the box; no gateways. I recently configured a similar box with CentOS 4.x this past year and have not seen this problem: e.g.: Dec 9 04:07:42 mxt named[3020]: FORMERR resolving 'foxnewsmail.com.spintlink.net/AAAA/IN': 66.45.231.146#53 Dec 9 04:08:39 mxt named[3020]: FORMERR resolving 'www.mailscanner.eu.spintlink.net/AAAA/IN': 64.20.52.34#53 I get many of these an hour. I'm not seeing real named problems, though. Mail seems to be flowing okay. What if anything can I/should I do about this? I've performed some searches on this topic and see that this can be related to IPV6 being enabled, but I believe I've disabled it. Also mentions of lame servers being at approximately 60-some-odd-percent Internet-wide and spammers with forged IPs causing these. That seems more likely; did the authors of bind just change the error message for lame servers to be more specific? Your comments/suggestions appreciated. Thanks, Glenn -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.1/1183 - Release Date: 12/13/2007 9:15 AM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Thu Dec 13 21:06:05 2007 From: ka at pacific.net (ka) Date: Thu Dec 13 21:06:18 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A60B9@server02.bhl.local> References: <013a01c83ad3$43d7b660$f105010a@pc> <021d01c83b4e$286e6330$f105010a@pc> <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A60B9@server02.bhl.local> Message-ID: <47619EBD.5040105@pacific.net> Jason Ede wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Anthony Cartmell >> Sent: 12 December 2007 16:22 >> To: MailScanner discussion >> Subject: Re: OT Fedora in production (as nstallation Problem on Fedora >> Core 8) >> >>> You miss read the grammar in my reply. >>> >>> We all know that Centos is not supported by Red Hat, however it is >>> binary compatible, if you're not sure what binary compatible just go >> for >>> google. >> You missed my winking smiley ;) >> >>> Heres an article worth reading that looks at both sides of the >> argument: >>> http://www.eweek.com/article2/0,1759,1766350,00.asp >> Although that's a little old now, I agree with its sentiments. It even >> lists Wikipedia and Sourceforge as using Fedora for production servers >> :) >> >>> You also might want to read real world comment here: >>> >>> http://ubuntuforums.org/archive/index.php/t-255265.html >> I agree with those opinions that compare Ubuntu with Fedora rather than >> with RHEL. The points about stability being unrelated to the age of >> software are exactly what I'm talking about. >> >>> I think that by insisting its not a testing ground OS you are not in >>> agreement with everyone I deal with... >> Depends whether "testing ground OS" is a good thing or not. I'd have >> thought that the fact that RHEL is based on Fedora, and not, say, >> Ubuntu, >> was an indication that Fedora is indeed one of the most stable free >> Linux >> distros available. >> >>> If you use Fedora for production, then I'm glad I'm not relying on >> your >>> production servers. >> My only few downtimes over the last three years have been hardware and >> network related. I have never had any issues with Fedora, which has >> proved >> to be quite stable enough for production use. >> >>> To say that it is suitable for production comes down to experience >> I quite agree, I'm simply relating what I've personally experienced. If >> someone has run production web/e-mail servers with Fedora and has had >> problems with the OS I'd love to hear, in case I've been unusually >> lucky. >> >> Cheers! >> > > I've been running Fedora for several years as a mail server. First on FC4 then 5,6 and finally 7. Not yet built one on FC8 > > Apart from 2 small problems with FC7 (one was a cron update that broke cron for a few days and the other a perl update with a faulty Scalar::Utils) they've been running fine. The only real problems I've had is with the yum updates conflicting with the MailScanner perl packages that means I need to remove some packages before running yum update (although that has really only been an issue on FC7). Generally, for reasons other than stability, the servers have been rebuilt every 12-18 months so far. > > I've always made sure that I've turned off all services that I've not needed to minimise the exposure of ports and with one exception they've all been behind good firewalls. > > I will be trying an install on CentOS 5.1, but that is mainly because of the rpmforge repository and it removes the problem of having a mixture of perl updates which has caused problems before. > > Jason > Same experience here. Fedora core is solid. We've been running pretty much everything on fedora core for years with no problems with the os, and most new hardware is supported, which is a plus you sometimes don't get with 'stable'. We recycle hardware after 2-3 years and reinstall - usually demoting old mailscanner boxes to do less difficult chores as the new xeons with multicores are much faster. There's no point in having 4 or 5 year old hardware running mailscanner.. unless you don't need more than one mailscanner box. Ken Pacific.Net From mkercher at nfsmith.com Thu Dec 13 21:06:43 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Dec 13 21:06:56 2007 Subject: Very OT: bind/named question In-Reply-To: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> References: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F5A4AAD@HOUPEX01.nfsmith.info> >From what I can see on a quick google search, this may have something to do with IPV6 Mike -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Thursday, December 13, 2007 2:57 PM To: MailScanner mailing list Subject: Very OT: bind/named question Hello All, I've a caching nameserver configured on my recently built CentOS 5.x mail server. The server is completely 'self-contained' as all mail and related processes are local on the box; no gateways. I recently configured a similar box with CentOS 4.x this past year and have not seen this problem: e.g.: Dec 9 04:07:42 mxt named[3020]: FORMERR resolving 'foxnewsmail.com.spintlink.net/AAAA/IN': 66.45.231.146#53 Dec 9 04:08:39 mxt named[3020]: FORMERR resolving 'www.mailscanner.eu.spintlink.net/AAAA/IN': 64.20.52.34#53 I get many of these an hour. I'm not seeing real named problems, though. Mail seems to be flowing okay. What if anything can I/should I do about this? I've performed some searches on this topic and see that this can be related to IPV6 being enabled, but I believe I've disabled it. Also mentions of lame servers being at approximately 60-some-odd-percent Internet-wide and spammers with forged IPs causing these. That seems more likely; did the authors of bind just change the error message for lame servers to be more specific? Your comments/suggestions appreciated. Thanks, Glenn -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.1/1183 - Release Date: 12/13/2007 9:15 AM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkercher at nfsmith.com Thu Dec 13 21:10:52 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Dec 13 21:11:03 2007 Subject: Very OT: bind/named question In-Reply-To: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> References: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F5A4AAE@HOUPEX01.nfsmith.info> Hit send too soon :) Have you disabled IPV6 on the box itself? /etc/sysconfig/network, add: "NETWORKING_IPV6=no" /etc/modprobe.conf, add: "alias net-pf-10 off" Mike -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Thursday, December 13, 2007 2:57 PM To: MailScanner mailing list Subject: Very OT: bind/named question Hello All, I've a caching nameserver configured on my recently built CentOS 5.x mail server. The server is completely 'self-contained' as all mail and related processes are local on the box; no gateways. I recently configured a similar box with CentOS 4.x this past year and have not seen this problem: e.g.: Dec 9 04:07:42 mxt named[3020]: FORMERR resolving 'foxnewsmail.com.spintlink.net/AAAA/IN': 66.45.231.146#53 Dec 9 04:08:39 mxt named[3020]: FORMERR resolving 'www.mailscanner.eu.spintlink.net/AAAA/IN': 64.20.52.34#53 I get many of these an hour. I'm not seeing real named problems, though. Mail seems to be flowing okay. What if anything can I/should I do about this? I've performed some searches on this topic and see that this can be related to IPV6 being enabled, but I believe I've disabled it. Also mentions of lame servers being at approximately 60-some-odd-percent Internet-wide and spammers with forged IPs causing these. That seems more likely; did the authors of bind just change the error message for lame servers to be more specific? Your comments/suggestions appreciated. Thanks, Glenn -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.1/1183 - Release Date: 12/13/2007 9:15 AM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dnsadmin at 1bigthink.com Thu Dec 13 22:26:25 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Dec 13 22:26:57 2007 Subject: Very OT: bind/named question In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F5A4AAE@HOUPEX01.nfsmith.in fo> References: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> <224FA7E11EA39E45843E11CEBBD3A36F5A4AAE@HOUPEX01.nfsmith.info> Message-ID: <200712132226.lBDMQobg010352@mxt.1bigthink.com> Skipped content of type multipart/alternative-------------- next part -------------- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.1/1183 - Release Date: 12/13/2007 9:15 AM From rwahyudi at gmail.com Thu Dec 13 23:51:43 2007 From: rwahyudi at gmail.com (R Wahyudi) Date: Thu Dec 13 23:53:14 2007 Subject: Outbound spam prevention & reaction In-Reply-To: <4760F0BB.7080901@hostalia.com> References: <47609AFE.6060606@gmail.com> <4760F0BB.7080901@hostalia.com> Message-ID: <4761C58F.5020608@gmail.com> Alvaro Mar?n wrote: > Hello, > >> Im running mail server for ISP. We use separate server for incoming >> and outgoing mail server and postfix as our MTA. >> >> We set our outgoing MTA with following restriction when they are not >> authenticated : >> >> 1. >> Within 10 minutes , client can make 20 connection to our >> server 2. >> Within 10 minutes , user can send email(s) with a maximum of 150 >> recipients. >> 3. >> In 1 connection, user can include up to 150 recipients. > > Are you using policyd with postfix for this or a MailScanner plugin? > > Regards, > Im using policyd for this as I need to do the rejection on SMTP level. They are great little program to run on multiple server since it has MySQL backend. Im not sure if MailScanner plugin can do this ... We also insert the offending IP for people that send virus / spam to policyd blacklist table and set the auto expire timestamp and let policyd deal with the expiration .. Regards, Rianto Wahyudi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071214/9b4c076e/attachment.html From rpotter at rpcs.net Fri Dec 14 03:20:02 2007 From: rpotter at rpcs.net (Richard Potter) Date: Fri Dec 14 03:20:23 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <4761615C.7050103@nerc.ac.uk> References: <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <47612340.6050007@nerc.ac.uk> <4761615C.7050103@nerc.ac.uk> Message-ID: <20071214032001.GA20636@rpcs.net> On Thu, Dec 13, 2007 at 04:44:12PM +0000, Greg Matthews wrote: > Anthony Cartmell wrote: > >>Anthony Cartmell wrote: > >>>My only few downtimes over the last three years have been hardware > >>>and network related. I have never had any issues with Fedora, which > >>>has proved to be quite stable enough for production use. > >> > >>Given that Fedora is only supported for 18 months I wonder how that > >>can be unless you are running an unmaintained OS. > > > >Quite simple, I upgrade roughly every 12 to 18 months :) > > I rest my case I agree with Greg. I'm amazed at the length of this thread :-) I had something to do with it early on, as I replied at least once. I think it shows the broad spectrum of contributors here, from Unix newbies, to old guys like me (I'm 48). I'm obviously from the old school, but a piece of hardware, install your OS and run until it you get a new piece of hardware. This was the way it was when I started out with SCO and AIX, and it's the way it still is. I've never done a in place linux upgrade, and I never will. Fresh install or nothing. I also wait at least 10 days after release to install a MailScanner or any other major upgrades to my boxes. That's experience. I am experimenting with dag's repository on my own home server, and I have been burnt a few times lately. The latest was the MailTools upgrade, which a quick check of this list showed the answer. That was my fault, as I approved the yum upgrade. Who would have thought the MailTools upgrade would have busted MailScanner? My production servers are not using dag's repository, so life went on. So... my answer is still the same, Fedora is not meant for a production enviroment. But, if you have only one server, and you can afford to lose it when you least expect it, or to upgrade it, go for it! My servers cannot be taken down to upgrade. I'm not sure how you Fedora users do it. Richard From J.Ede at birchenallhowden.co.uk Fri Dec 14 08:27:10 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Dec 14 08:27:27 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <20071214032001.GA20636@rpcs.net> References: <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <47612340.6050007@nerc.ac.uk> <4761615C.7050103@nerc.ac.uk> <20071214032001.GA20636@rpcs.net> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A60F6@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Potter > Sent: 14 December 2007 03:20 > To: MailScanner discussion > Subject: Re: OT Fedora in production (as nstallation Problem on Fedora > Core 8) > > On Thu, Dec 13, 2007 at 04:44:12PM +0000, Greg Matthews wrote: > > > Anthony Cartmell wrote: > > >>Anthony Cartmell wrote: > > >>>My only few downtimes over the last three years have been hardware > > >>>and network related. I have never had any issues with Fedora, > which > > >>>has proved to be quite stable enough for production use. > > >> > > >>Given that Fedora is only supported for 18 months I wonder how that > > >>can be unless you are running an unmaintained OS. > > > > > >Quite simple, I upgrade roughly every 12 to 18 months :) > > > > I rest my case > > I agree with Greg. > > I'm amazed at the length of this thread :-) I had something to do with > it early on, as I replied at least once. > > I think it shows the broad spectrum of contributors here, from Unix > newbies, to old guys like me (I'm 48). I'm obviously from the old > school, > but a piece of hardware, install your OS and run until it you get a > new piece of hardware. This was the way it was when I started out with > SCO and AIX, and it's the way it still is. > > I've never done a in place linux upgrade, and I never will. Fresh > install or nothing. > > I also wait at least 10 days after release to install a MailScanner or > any other major upgrades to my boxes. That's experience. > > I am experimenting with dag's repository on my own home server, and I > have been burnt a few times lately. The latest was the MailTools > upgrade, > which a quick check of this list showed the answer. That was my fault, > as > I approved the yum upgrade. Who would have thought the MailTools > upgrade > would have busted MailScanner? My production servers are not using > dag's > repository, so life went on. > > So... my answer is still the same, Fedora is not meant for a production > enviroment. But, if you have only one server, and you can afford to > lose > it when you least expect it, or to upgrade it, go for it! > > My servers cannot be taken down to upgrade. I'm not sure how you Fedora > users > do it. > > Richard Multiple servers is the answer. If your servers cannot afford to be taken down at all, then what happens when you have a major hardware failure? Or as was the case up here 5 months ago when a major flood comes? We cannot afford our mail servers to be off line for more than a few minutes at a time so we always have a backup mail server running to make sure of the continuity. Jason From ajcartmell at fonant.com Fri Dec 14 10:40:39 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri Dec 14 10:40:59 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <20071214032001.GA20636@rpcs.net> References: <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <47612340.6050007@nerc.ac.uk> <4761615C.7050103@nerc.ac.uk> <20071214032001.GA20636@rpcs.net> Message-ID: >> >Quite simple, I upgrade roughly every 12 to 18 months :) >> >> I rest my case Your case is that some people don't want to update their OS every 12 to 18 months. I quite agree with that. For those of us that do, Fedora is perfectly stable (as in bug-free) enough for production, whatever the folks from CentOS say ;) > I think it shows the broad spectrum of contributors here, from Unix > newbies, to old guys like me (I'm 48). Hmmm... perhaps I am a Unix newbie. I'm still less than 40 (39.75) and have only been involved with Unix/Linux admin (HP/SGI/Sun/AIX/RedHat) for 21 years :) > I'm obviously from the old school, > but a piece of hardware, install your OS and run until it you get a > new piece of hardware. This was the way it was when I started out with > SCO and AIX, and it's the way it still is. Yes, and it's still the way to go for some server situations. I think the web requires more frequent updates, especially for the sort of work I do. I have many small customers wanting up-to-date features, and no proprietory software that requires a long-term-fixed OS. > I've never done a in place linux upgrade, and I never will. Fresh > install or nothing. Yum upgrades over the web are great fun! You will need a remote serial console to sort out networking problems though. > My servers cannot be taken down to upgrade. I'm not sure how you Fedora > users do it. Having a single server is not suitable for production use. Since you should have a backup server it's simple to upgrade and test, then switch and upgrade the other one. A Fedora upgrade using yum goes 1) Update fedora version package, so yum reads from the later repository directories. 2) Yum update (perhaps a little fiddling to sort package dependencies, just uninstall problem ones, then reinstall after the update). 3) Have a coffee and wait for it to finish (usually a few hours). 4) Test all systems are working OK :) 5) Switch over and repeat on other servers. I'm glad to hear that I'm not the only one who is happy with Fedora. I'll be upgrading to FC8 from FC6 in the New Year. Cheers! Anthony -- www.fonant.com - Quality web sites From ugob at lubik.ca Fri Dec 14 12:56:20 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Dec 14 13:05:25 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: <20071214032001.GA20636@rpcs.net> References: <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <47612340.6050007@nerc.ac.uk> <4761615C.7050103@nerc.ac.uk> <20071214032001.GA20636@rpcs.net> Message-ID: Richard Potter wrote: > On Thu, Dec 13, 2007 at 04:44:12PM +0000, Greg Matthews wrote: > > I'm amazed at the length of this thread :-) I had something to do with > it early on, as I replied at least once. You can be sure I will not give OS choice advice anymore here... Ugo From davejones70 at gmail.com Fri Dec 14 13:24:50 2007 From: davejones70 at gmail.com (Dave Jones) Date: Fri Dec 14 13:25:00 2007 Subject: No programs allowed (ETP.DAT) Message-ID: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> MailScanner is blocking the BlackBerry Enterprise Activation file. It shows in MailWatch as a "video/unknown" file type so I added this to the filetype.rules.conf and the file name to the filename.rules.conf but it is still getting blocked as if it is an executable of some kind. The following e-mails were found to have: Bad Filename Detected Sender: network@etp1101.etp.na.blackberry.net IP Address: 172.16.11.11 Recipient: someuser@domain.com Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 MessageID: lBDM3p5x002753 Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 Report: MailScanner: No programs allowed (ETP.DAT) Full headers are: ........... filetype.rules.conf --------------------------- allow video/unknown ETP.DAT BlackBerry Enterprise Activation file filename.rules.conf --------------------------- allow ^ETP.DAT$ BlackBerry Enterprise Activation file BlackBerry Enterprise Activation file (ETP.DAT) Any suggestions would be greatly appreciated. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071214/3dd4c705/attachment.html From ugob at lubik.ca Fri Dec 14 13:52:34 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Dec 14 13:53:27 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> Message-ID: Dave Jones wrote: > MailScanner is blocking the BlackBerry Enterprise Activation file. It > shows in MailWatch as a "video/unknown" file type so I added this to the > filetype.rules.conf and the file name to the filename.rules.conf but it > is still getting blocked as if it is an executable of some kind. > > The following e-mails were found to have: Bad Filename Detected > > Sender: network@etp1101.etp.na.blackberry.net > > IP Address: 172.16.11.11 > Recipient: someuser@domain.com > Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > MessageID: lBDM3p5x002753 > Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 > Report: MailScanner: No programs allowed (ETP.DAT) ^^^^^^^^^^^^^^^^^^^ It is seen as a program, not a video. Regards, Ugo From ms-list at alexb.ch Fri Dec 14 14:06:23 2007 From: ms-list at alexb.ch (Alex Broens) Date: Fri Dec 14 14:06:40 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> Message-ID: <47628DDF.2090005@alexb.ch> On 12/14/2007 2:24 PM, Dave Jones wrote: > MailScanner is blocking the BlackBerry Enterprise Activation file. It shows > in MailWatch as a "video/unknown" file type so I added this to the > filetype.rules.conf and the file name to the filename.rules.conf but it is > still getting blocked as if it is an executable of some kind. > > The following e-mails were found to have: Bad Filename Detected > > Sender: network@etp1101.etp.na.blackberry.net > IP Address: 172.16.11.11 > Recipient: someuser@domain.com > Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > MessageID: lBDM3p5x002753 > Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 > Report: MailScanner: No programs allowed (ETP.DAT) > > Full headers are: ........... > > > filetype.rules.conf > --------------------------- > allow video/unknown ETP.DAT BlackBerry Enterprise > Activation file > > filename.rules.conf > --------------------------- > allow ^ETP.DAT$ BlackBerry Enterprise Activation > file BlackBerry Enterprise > Activation file (ETP.DAT) > > Any suggestions would be greatly appreciated. these files are a PITA coz file sees about 5 different types I used MailScanner.cong Dangerous Content Scanning = %rules-dir%/content.scanning.rules ___ File: content.scanning.rules From: *.blackberry.net no No more problems since - all other methods failed at some point Alex From steve at fsl.com Fri Dec 14 14:11:21 2007 From: steve at fsl.com (Stephen Swaney) Date: Fri Dec 14 14:11:34 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> Message-ID: <47628F09.5040508@fsl.com> Ugo Bellavance wrote: > Dave Jones wrote: >> MailScanner is blocking the BlackBerry Enterprise Activation file. >> It shows in MailWatch as a "video/unknown" file type so I added this >> to the filetype.rules.conf and the file name to the >> filename.rules.conf but it is still getting blocked as if it is an >> executable of some kind. >> >> The following e-mails were found to have: Bad Filename Detected >> >> Sender: network@etp1101.etp.na.blackberry.net >> >> IP Address: 172.16.11.11 >> Recipient: someuser@domain.com >> Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 >> MessageID: lBDM3p5x002753 >> Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 >> Report: MailScanner: No programs allowed (ETP.DAT) > ^^^^^^^^^^^^^^^^^^^ > It is seen as a program, not a video. > > Regards, > > Ugo > You need to add a ruleset that exempts mail from na.blackberry.net from attachment checking or at least checking this type of attachment. I believe this solution might be in the mail list archives. Steve Steve Swaney From glenn.steen at gmail.com Fri Dec 14 14:16:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 14 14:16:17 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> Message-ID: <223f97700712140616v7f0cce78h68f4bda933a2cedf@mail.gmail.com> On 14/12/2007, Ugo Bellavance wrote: > Dave Jones wrote: > > MailScanner is blocking the BlackBerry Enterprise Activation file. It > > shows in MailWatch as a "video/unknown" file type so I added this to the > > filetype.rules.conf and the file name to the filename.rules.conf but it > > is still getting blocked as if it is an executable of some kind. > > > > The following e-mails were found to have: Bad Filename Detected > > > > Sender: network@etp1101.etp.na.blackberry.net > > > > IP Address: 172.16.11.11 > > Recipient: someuser@domain.com > > Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > > MessageID: lBDM3p5x002753 > > Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 > > Report: MailScanner: No programs allowed (ETP.DAT) > ^^^^^^^^^^^^^^^^^^^ > It is seen as a program, not a video. > > Regards, > > Ugo Yes, this is the problem with ETP.DAT... It is a binary file, encrypted, but not ascii armored... There should be an ascii-armored attachment (or is it in the message body? I fail to recall...) as well, but sometimes BES seems to be unable to grok that. The only solution is to avoid filetype checking on these altogether. A simple ruleset and a generic "allow everything" file will do the trick. Best would be if the BB people had only one or two fixed IPs that send these, but... alas, that is not the case. So you'll have to WL on address, likely. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Dec 14 14:34:55 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 14 14:35:07 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: <47628F09.5040508@fsl.com> References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> <47628F09.5040508@fsl.com> Message-ID: <223f97700712140634w32cc0289mbfe6bee80bc5e34d@mail.gmail.com> On 14/12/2007, Stephen Swaney wrote: > Ugo Bellavance wrote: > > Dave Jones wrote: > >> MailScanner is blocking the BlackBerry Enterprise Activation file. > >> It shows in MailWatch as a "video/unknown" file type so I added this > >> to the filetype.rules.conf and the file name to the > >> filename.rules.conf but it is still getting blocked as if it is an > >> executable of some kind. > >> > >> The following e-mails were found to have: Bad Filename Detected > >> > >> Sender: network@etp1101.etp.na.blackberry.net > >> > >> IP Address: 172.16.11.11 > >> Recipient: someuser@domain.com > >> Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > >> MessageID: lBDM3p5x002753 > >> Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 > >> Report: MailScanner: No programs allowed (ETP.DAT) > > ^^^^^^^^^^^^^^^^^^^ > > It is seen as a program, not a video. > > > > Regards, > > > > Ugo > > > You need to add a ruleset that exempts mail from na.blackberry.net from The actual sender differs depending on where on the globe you are... na==Nort America, one could presume...:-). > attachment checking or at least checking this type of attachment. I > believe this solution might be in the mail list archives. Oh yes, it is. Multiple times. Perhaps one should add an example to the wiki ruleset section. I'm too busy ATM, but ... Ether you or Ugo perhaps have a spare moment? > Steve > Steve Swaney Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From serhan at medianova.tv Fri Dec 14 17:11:44 2007 From: serhan at medianova.tv (Serhan Sevim) Date: Fri Dec 14 17:11:53 2007 Subject: mailscanner won't scan Message-ID: <002501c83e74$6842dd00$38c89700$@tv> Well,first of all I'm not new to mailscanner.However, it's been 4 years since the last time I used it for some other company. Since then, things have been changed I guess. I successfully, installed and started Mailscanner, and the logs shows as: Dec 13 19:28:16 server MailScanner[6081]: MailScanner E-Mail Virus Scanner version 4.65.3 starting... Dec 13 19:28:16 server MailScanner[6081]: Read 797 hostnames from the phishing whitelist Dec 13 19:28:16 server MailScanner[6081]: Read 4147 hostnames from the phishing blacklist Dec 13 19:28:16 server MailScanner[6081]: SpamAssassin temporary working directory is /tmp Dec 13 19:28:16 server MailScanner[6081]: Using SpamAssassin results cache Dec 13 19:28:16 server MailScanner[6081]: Connected to SpamAssassin cache database Dec 13 19:28:16 server MailScanner[6081]: Enabling SpamAssassin auto-whitelist functionality... Dec 13 19:28:17 server MailScanner[6081]: I have found clamavmodule scanners installed, and will use them all by default. Dec 13 19:28:18 server MailScanner[6081]: Using locktype = flock Times 5 for each MailScanner process. I've checked everything working ok, emails are accepted ok, except one thing.. well, It seems like MailScanner doesn't even notice the emails are being received. It doesn't scan it, it doesn't tag it, no virus scans, no nothing.. Emails are slipping thru without even MailScanner knows it. Email server is running on the same server as MailScanner, so it can't be a by-pass problem either. It's currently running on default spamassassin and clamav. Any ideas? Thanks in advance, Serhan. From martinh at solidstatelogic.com Fri Dec 14 17:18:40 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Dec 14 17:18:51 2007 Subject: mailscanner won't scan In-Reply-To: <002501c83e74$6842dd00$38c89700$@tv> Message-ID: <8712813381567e4e884aa777dbe3150d@solidstatelogic.com> How did you configure the MTA - you need to tell it store the messages for MailScanner to pick up... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > Sent: 14 December 2007 17:12 > To: mailscanner@lists.mailscanner.info > Subject: mailscanner won't scan > > Well,first of all I'm not new to mailscanner.However, it's been 4 years > since the last time I used it for some other company. Since then, things > have been changed I guess. I successfully, installed and started > Mailscanner, and the logs shows as: > > Dec 13 19:28:16 server MailScanner[6081]: MailScanner E-Mail Virus Scanner > version 4.65.3 starting... > Dec 13 19:28:16 server MailScanner[6081]: Read 797 hostnames from the > phishing whitelist > Dec 13 19:28:16 server MailScanner[6081]: Read 4147 hostnames from the > phishing blacklist > Dec 13 19:28:16 server MailScanner[6081]: SpamAssassin temporary working > directory is /tmp > Dec 13 19:28:16 server MailScanner[6081]: Using SpamAssassin results cache > Dec 13 19:28:16 server MailScanner[6081]: Connected to SpamAssassin cache > database > Dec 13 19:28:16 server MailScanner[6081]: Enabling SpamAssassin > auto-whitelist functionality... > Dec 13 19:28:17 server MailScanner[6081]: I have found clamavmodule > scanners > installed, and will use them all by default. > Dec 13 19:28:18 server MailScanner[6081]: Using locktype = flock > > Times 5 for each MailScanner process. I've checked everything working ok, > emails are accepted ok, except one thing.. well, It seems like MailScanner > doesn't even notice the emails are being received. It doesn't scan it, it > doesn't tag it, no virus scans, no nothing.. Emails are slipping thru > without even MailScanner knows it. Email server is running on the same > server as MailScanner, so it can't be a by-pass problem either. > It's currently running on default spamassassin and clamav. > Any ideas? > Thanks in advance, > Serhan. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From shuttlebox at gmail.com Fri Dec 14 17:40:07 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Dec 14 17:40:16 2007 Subject: mailscanner won't scan In-Reply-To: <002501c83e74$6842dd00$38c89700$@tv> References: <002501c83e74$6842dd00$38c89700$@tv> Message-ID: <625385e30712140940t6df0f75ag3ea36c7447859637@mail.gmail.com> On Dec 14, 2007 6:11 PM, Serhan Sevim wrote: > Dec 13 19:28:18 server MailScanner[6081]: Using locktype = flock > > Times 5 for each MailScanner process. I've checked everything working ok, > emails are accepted ok, except one thing.. well, It seems like MailScanner > doesn't even notice the emails are being received. It doesn't scan it, it > doesn't tag it, no virus scans, no nothing.. Emails are slipping thru > without even MailScanner knows it. Email server is running on the same > server as MailScanner, so it can't be a by-pass problem either. > It's currently running on default spamassassin and clamav. > Any ideas? How is your MTA set up? Does it really queue-only incoming mail? Or does it deliver mail from the same queue before MailScanner can get to them? If the two queues are completely separate I would look into locking issues (locktype=flock|posix) next. -- /peter From glenn.steen at gmail.com Fri Dec 14 17:55:24 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 14 17:55:40 2007 Subject: mailscanner won't scan In-Reply-To: <625385e30712140940t6df0f75ag3ea36c7447859637@mail.gmail.com> References: <002501c83e74$6842dd00$38c89700$@tv> <625385e30712140940t6df0f75ag3ea36c7447859637@mail.gmail.com> Message-ID: <223f97700712140955x52c15ce0sdbd0f2f33a8a9fa1@mail.gmail.com> On 14/12/2007, shuttlebox wrote: > On Dec 14, 2007 6:11 PM, Serhan Sevim wrote: > > Dec 13 19:28:18 server MailScanner[6081]: Using locktype = flock > > > > Times 5 for each MailScanner process. I've checked everything working ok, > > emails are accepted ok, except one thing.. well, It seems like MailScanner > > doesn't even notice the emails are being received. It doesn't scan it, it > > doesn't tag it, no virus scans, no nothing.. Emails are slipping thru > > without even MailScanner knows it. Email server is running on the same > > server as MailScanner, so it can't be a by-pass problem either. > > It's currently running on default spamassassin and clamav. > > Any ideas? > > How is your MTA set up? Does it really queue-only incoming mail? Or > does it deliver mail from the same queue before MailScanner can get to > them? If the two queues are completely separate I would look into > locking issues (locktype=flock|posix) next. > Guys, shouldn't we ask "What MTA?", first?:-):-) After all... Only R^HSendmau^Hil have the locking problem.... :-) So... MTA and version, pretty please? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Dec 14 18:00:03 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 14 18:00:16 2007 Subject: mailscanner won't scan In-Reply-To: <223f97700712140955x52c15ce0sdbd0f2f33a8a9fa1@mail.gmail.com> References: <002501c83e74$6842dd00$38c89700$@tv> <625385e30712140940t6df0f75ag3ea36c7447859637@mail.gmail.com> <223f97700712140955x52c15ce0sdbd0f2f33a8a9fa1@mail.gmail.com> Message-ID: <223f97700712141000y24f190f1k4ff972070034507f@mail.gmail.com> On 14/12/2007, Glenn Steen wrote: > On 14/12/2007, shuttlebox wrote: > > On Dec 14, 2007 6:11 PM, Serhan Sevim wrote: > > > Dec 13 19:28:18 server MailScanner[6081]: Using locktype = flock > > > > > > Times 5 for each MailScanner process. I've checked everything working ok, > > > emails are accepted ok, except one thing.. well, It seems like MailScanner > > > doesn't even notice the emails are being received. It doesn't scan it, it > > > doesn't tag it, no virus scans, no nothing.. Emails are slipping thru > > > without even MailScanner knows it. Email server is running on the same > > > server as MailScanner, so it can't be a by-pass problem either. > > > It's currently running on default spamassassin and clamav. > > > Any ideas? > > > > How is your MTA set up? Does it really queue-only incoming mail? Or > > does it deliver mail from the same queue before MailScanner can get to > > them? If the two queues are completely separate I would look into > > locking issues (locktype=flock|posix) next. > > > Guys, shouldn't we ask "What MTA?", first?:-):-) After all... Only > R^HSendmau^Hil have the locking problem.... :-) > So... MTA and version, pretty please? > > Cheers Oh and tell some more about OS etc and we'll likely be able to be pretty ... detailed. What we're all suspecting is that you've either skipped some steps in the setup instructions... or perhaps followed some outdated howto, or similar. So that you still have the "non-MailScanner" MTA running, thus bypassing MS altogether... Logs and headers (or rather... absence of MailScanner-specific headers) are clear signs of such a problem. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From serhan at medianova.tv Fri Dec 14 18:11:36 2007 From: serhan at medianova.tv (Serhan Sevim) Date: Fri Dec 14 18:11:45 2007 Subject: mailscanner won't scan In-Reply-To: <8712813381567e4e884aa777dbe3150d@solidstatelogic.com> References: <002501c83e74$6842dd00$38c89700$@tv> <8712813381567e4e884aa777dbe3150d@solidstatelogic.com> Message-ID: <002c01c83e7c$c4ffe2b0$4effa810$@tv> Martin, That did the trick. I forgot to inform postfix to hold the messages first. It works now. Too quick installation and the results are obvious. :) BTW somebody else asked what MTA, it's configured over postfix. Thanks, Serhan. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: Friday, December 14, 2007 12:19 PM > To: MailScanner discussion > Subject: RE: mailscanner won't scan > > How did you configure the MTA - you need to tell it store the messages > for MailScanner to pick up... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > > Sent: 14 December 2007 17:12 > > To: mailscanner@lists.mailscanner.info > > Subject: mailscanner won't scan > > > > Well,first of all I'm not new to mailscanner.However, it's been 4 > years > > since the last time I used it for some other company. Since then, > things > > have been changed I guess. I successfully, installed and started > > Mailscanner, and the logs shows as: > > > > Dec 13 19:28:16 server MailScanner[6081]: MailScanner E-Mail Virus > Scanner > > version 4.65.3 starting... > > Dec 13 19:28:16 server MailScanner[6081]: Read 797 hostnames from the > > phishing whitelist > > Dec 13 19:28:16 server MailScanner[6081]: Read 4147 hostnames from > the > > phishing blacklist > > Dec 13 19:28:16 server MailScanner[6081]: SpamAssassin temporary > working > > directory is /tmp > > Dec 13 19:28:16 server MailScanner[6081]: Using SpamAssassin results > cache > > Dec 13 19:28:16 server MailScanner[6081]: Connected to SpamAssassin > cache > > database > > Dec 13 19:28:16 server MailScanner[6081]: Enabling SpamAssassin > > auto-whitelist functionality... > > Dec 13 19:28:17 server MailScanner[6081]: I have found clamavmodule > > scanners > > installed, and will use them all by default. > > Dec 13 19:28:18 server MailScanner[6081]: Using locktype = flock > > > > Times 5 for each MailScanner process. I've checked everything working > ok, > > emails are accepted ok, except one thing.. well, It seems like > MailScanner > > doesn't even notice the emails are being received. It doesn't scan > it, it > > doesn't tag it, no virus scans, no nothing.. Emails are slipping thru > > without even MailScanner knows it. Email server is running on the > same > > server as MailScanner, so it can't be a by-pass problem either. > > It's currently running on default spamassassin and clamav. > > Any ideas? > > Thanks in advance, > > Serhan. > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Dec 14 18:33:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 14 18:33:35 2007 Subject: mailscanner won't scan In-Reply-To: <002c01c83e7c$c4ffe2b0$4effa810$@tv> References: <002501c83e74$6842dd00$38c89700$@tv> <8712813381567e4e884aa777dbe3150d@solidstatelogic.com> <002c01c83e7c$c4ffe2b0$4effa810$@tv> Message-ID: <223f97700712141033scc83957wf6211dd46991113e@mail.gmail.com> On 14/12/2007, Serhan Sevim wrote: > Martin, > That did the trick. I forgot to inform postfix to hold the messages first. > It works now. Too quick installation and the results are obvious. :) > BTW somebody else asked what MTA, it's configured over postfix. > Thanks, > Serhan. :-) ... As suspected... Glad to hear you got that resolved. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmane at tippingmar.com Fri Dec 14 18:37:36 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Dec 14 18:38:04 2007 Subject: Sophos.install for v6 In-Reply-To: <4761004E.1090006@ecs.soton.ac.uk> References: <4761004E.1090006@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Thanks for spotting that one. > It will be fixed in the next release. > However, to keep you going until then, and so you can test it for me, > attached is the new Sophos.install program. Just gunzip it and dump it > in /usr/sbin. Thanks Julian, that appeared to work just fine. I have not run any real mail through the system yet, but Sophos shows up in the maillog when MailScanner starts and it finds the eicar when running "MailScanner --lint". Will Sophos v6 would work with the SAVI perl module? If so, I'll give that a try too. mark From ssilva at sgvwater.com Fri Dec 14 18:53:24 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Dec 14 18:54:06 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: <223f97700712140634w32cc0289mbfe6bee80bc5e34d@mail.gmail.com> References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> <47628F09.5040508@fsl.com> <223f97700712140634w32cc0289mbfe6bee80bc5e34d@mail.gmail.com> Message-ID: on 12/14/2007 6:34 AM Glenn Steen spake the following: > On 14/12/2007, Stephen Swaney wrote: >> Ugo Bellavance wrote: >>> Dave Jones wrote: >>>> MailScanner is blocking the BlackBerry Enterprise Activation file. >>>> It shows in MailWatch as a "video/unknown" file type so I added this >>>> to the filetype.rules.conf and the file name to the >>>> filename.rules.conf but it is still getting blocked as if it is an >>>> executable of some kind. >>>> >>>> The following e-mails were found to have: Bad Filename Detected >>>> >>>> Sender: network@etp1101.etp.na.blackberry.net >>>> >>>> IP Address: 172.16.11.11 >>>> Recipient: someuser@domain.com >>>> Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 >>>> MessageID: lBDM3p5x002753 >>>> Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 >>>> Report: MailScanner: No programs allowed (ETP.DAT) >>> ^^^^^^^^^^^^^^^^^^^ >>> It is seen as a program, not a video. >>> >>> Regards, >>> >>> Ugo >>> >> You need to add a ruleset that exempts mail from na.blackberry.net from > The actual sender differs depending on where on the globe you are... > na==Nort America, one could presume...:-). > >> attachment checking or at least checking this type of attachment. I >> believe this solution might be in the mail list archives. > Oh yes, it is. Multiple times. Perhaps one should add an example to > the wiki ruleset section. I'm too busy ATM, but ... Ether you or Ugo > perhaps have a spare moment? > >> Steve >> Steve Swaney > > Cheers Luckily, my company moved away from the blackberries, and started using windows based smartphones. At least lucky for me. ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Dec 14 19:36:45 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 14 19:36:54 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> <47628F09.5040508@fsl.com> <223f97700712140634w32cc0289mbfe6bee80bc5e34d@mail.gmail.com> Message-ID: <223f97700712141136m49a3afebg96f524a1d1aeb0d3@mail.gmail.com> On 14/12/2007, Scott Silva wrote: > on 12/14/2007 6:34 AM Glenn Steen spake the following: > > On 14/12/2007, Stephen Swaney wrote: > >> Ugo Bellavance wrote: > >>> Dave Jones wrote: > >>>> MailScanner is blocking the BlackBerry Enterprise Activation file. > >>>> It shows in MailWatch as a "video/unknown" file type so I added this > >>>> to the filetype.rules.conf and the file name to the > >>>> filename.rules.conf but it is still getting blocked as if it is an > >>>> executable of some kind. > >>>> > >>>> The following e-mails were found to have: Bad Filename Detected > >>>> > >>>> Sender: network@etp1101.etp.na.blackberry.net > >>>> > >>>> IP Address: 172.16.11.11 > >>>> Recipient: someuser@domain.com > >>>> Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 > >>>> MessageID: lBDM3p5x002753 > >>>> Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 > >>>> Report: MailScanner: No programs allowed (ETP.DAT) > >>> ^^^^^^^^^^^^^^^^^^^ > >>> It is seen as a program, not a video. > >>> > >>> Regards, > >>> > >>> Ugo > >>> > >> You need to add a ruleset that exempts mail from na.blackberry.net from > > The actual sender differs depending on where on the globe you are... > > na==Nort America, one could presume...:-). > > > >> attachment checking or at least checking this type of attachment. I > >> believe this solution might be in the mail list archives. > > Oh yes, it is. Multiple times. Perhaps one should add an example to > > the wiki ruleset section. I'm too busy ATM, but ... Ether you or Ugo > > perhaps have a spare moment? > > > >> Steve > >> Steve Swaney > > > > Cheers > Luckily, my company moved away from the blackberries, and started using > windows based smartphones. At least lucky for me. ;-P > AFAICS Acrive Sync is an even greater mess.... So all in all, I kind of like the BBs. Apart from this problem, they are a zero in the "added admin tasks" for me:-):-). And the lusers are ecstatic...:-). But then... I'm definitely biased (wrt m$)... Just the sound of it "windoze mobile"... yuk.;) Cheers (a very non-Hugo safe on... Friday night... Newcastle Brown...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Fri Dec 14 19:49:55 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Dec 14 19:50:28 2007 Subject: OT Fedora in production (as nstallation Problem on Fedora Core 8) In-Reply-To: References: <20071211005852.GA7117@rpcs.net> <475E6018.6020106@farrows.org> <475EA86D.9060101@farrows.org> <47612340.6050007@nerc.ac.uk> <4761615C.7050103@nerc.ac.uk> <20071214032001.GA20636@rpcs.net> Message-ID: <200712141950.lBEJoEGJ030286@mxt.1bigthink.com> At 07:56 AM 12/14/2007, you wrote: >Richard Potter wrote: >>On Thu, Dec 13, 2007 at 04:44:12PM +0000, Greg Matthews wrote: >>I'm amazed at the length of this thread :-) I had something to do >>with it early on, as I replied at least once. > >You can be sure I will not give OS choice advice anymore here... > >Ugo I skipped a lot of this discussion as soon as it started disappearing into the murk of back-n-forth 'my OS is better than yours' ; to which most often these sort of discussions devolve. However, I value the opinions and facts (much more often than not) on this group, and have had to jump-ship on my OS once (RedHat to CentOS) and almost twice (CentOS to Ubuntu when a CentOS rpm update around CentOS 3.8 broke one of my productions servers). I will continue to read such threads until the back-n-forth de-evolution transpires. I will also continue to test OS in hopes of either having a backup plan or a better ship to jump! Cheers, Glenn -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.2/1184 - Release Date: 12/14/2007 11:29 AM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Fri Dec 14 21:27:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Dec 14 21:57:47 2007 Subject: No programs allowed (ETP.DAT) In-Reply-To: <223f97700712141136m49a3afebg96f524a1d1aeb0d3@mail.gmail.com> References: <67a55ed50712140524r3f8e598ao48859afae5e908a@mail.gmail.com> <47628F09.5040508@fsl.com> <223f97700712140634w32cc0289mbfe6bee80bc5e34d@mail.gmail.com> <223f97700712141136m49a3afebg96f524a1d1aeb0d3@mail.gmail.com> Message-ID: on 12/14/2007 11:36 AM Glenn Steen spake the following: > On 14/12/2007, Scott Silva wrote: >> on 12/14/2007 6:34 AM Glenn Steen spake the following: >>> On 14/12/2007, Stephen Swaney wrote: >>>> Ugo Bellavance wrote: >>>>> Dave Jones wrote: >>>>>> MailScanner is blocking the BlackBerry Enterprise Activation file. >>>>>> It shows in MailWatch as a "video/unknown" file type so I added this >>>>>> to the filetype.rules.conf and the file name to the >>>>>> filename.rules.conf but it is still getting blocked as if it is an >>>>>> executable of some kind. >>>>>> >>>>>> The following e-mails were found to have: Bad Filename Detected >>>>>> >>>>>> Sender: network@etp1101.etp.na.blackberry.net >>>>>> >>>>>> IP Address: 172.16.11.11 >>>>>> Recipient: someuser@domain.com >>>>>> Subject: RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2 >>>>>> MessageID: lBDM3p5x002753 >>>>>> Quarantine: /var/spool/MailScanner/quarantine/20071213/lBDM3p5x002753 >>>>>> Report: MailScanner: No programs allowed (ETP.DAT) >>>>> ^^^^^^^^^^^^^^^^^^^ >>>>> It is seen as a program, not a video. >>>>> >>>>> Regards, >>>>> >>>>> Ugo >>>>> >>>> You need to add a ruleset that exempts mail from na.blackberry.net from >>> The actual sender differs depending on where on the globe you are... >>> na==Nort America, one could presume...:-). >>> >>>> attachment checking or at least checking this type of attachment. I >>>> believe this solution might be in the mail list archives. >>> Oh yes, it is. Multiple times. Perhaps one should add an example to >>> the wiki ruleset section. I'm too busy ATM, but ... Ether you or Ugo >>> perhaps have a spare moment? >>> >>>> Steve >>>> Steve Swaney >>> Cheers >> Luckily, my company moved away from the blackberries, and started using >> windows based smartphones. At least lucky for me. ;-P >> > AFAICS Acrive Sync is an even greater mess.... So all in all, I kind > of like the BBs. Apart from this problem, they are a zero in the > "added admin tasks" for me:-):-). > And the lusers are ecstatic...:-). > But then... I'm definitely biased (wrt m$)... Just the sound of it > "windoze mobile"... yuk.;) > > Cheers (a very non-Hugo safe on... Friday night... Newcastle Brown...:-) Still mid-day here, but cheers to you also! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From sirvulcan at gmail.com Fri Dec 14 23:24:53 2007 From: sirvulcan at gmail.com (Neil Spierling) Date: Fri Dec 14 23:25:06 2007 Subject: whitelisting/blacklisting without spamassassin Message-ID: <1d9012300712141524n2a785c5ev22418f6f6afd4795@mail.gmail.com> Hi, Is there any way to use MailScanners whitelisting and blacklisting features when "Use SpamAssassin" is set to no? Messages pass through spamassassin before they reach their final destination where MailScanner runs. We only use MailScanner for virus and content filtering. I can see MailScanner reads the whitelist and blacklist tables (sql feature from mailwatch) on load but when i send through a test infected message MailScanner blocks the message even through ive whitelisted my address as the from address and target address as the to address. Neil. From glenn.steen at gmail.com Sat Dec 15 09:34:42 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Dec 15 09:34:53 2007 Subject: whitelisting/blacklisting without spamassassin In-Reply-To: <1d9012300712141524n2a785c5ev22418f6f6afd4795@mail.gmail.com> References: <1d9012300712141524n2a785c5ev22418f6f6afd4795@mail.gmail.com> Message-ID: <223f97700712150134j3837f06ex936545df45976160@mail.gmail.com> On 15/12/2007, Neil Spierling wrote: > Hi, > > Is there any way to use MailScanners whitelisting and blacklisting > features when "Use SpamAssassin" is set to no? Messages pass through > spamassassin before they reach their final destination where > MailScanner runs. We only use MailScanner for virus and content > filtering. I can see MailScanner reads the whitelist and blacklist > tables (sql feature from mailwatch) on load but when i send through a > test infected message MailScanner blocks the message even through ive > whitelisted my address as the from address and target address as the > to address. > > Neil. The supplied white/blacklists are for spam, and are really more like functional examples...:-). Theoretically you could add the same functions as you did for spam on the Virus Scanning and dangerous Content scanning settings... Letting lusers decide whether they should check for viruses from some senders.... wouldn't be my cup of tea, to say the least, but .... it should work. Or use traditional MailScanner rulesets instead, so that you keep the administrative control... (msre is nice if you do that, and still want a webGUI for it)... Check out the MailScanner wiki for ideas and examples and links (http://wiki.mailscanner.info)... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Dec 15 14:51:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Dec 15 14:51:34 2007 Subject: Sophos.install for v6 In-Reply-To: References: <4761004E.1090006@ecs.soton.ac.uk> Message-ID: <4763E9DA.90706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Julian Field wrote: >> Thanks for spotting that one. >> It will be fixed in the next release. >> However, to keep you going until then, and so you can test it for me, >> attached is the new Sophos.install program. Just gunzip it and dump >> it in /usr/sbin. > > Thanks Julian, that appeared to work just fine. I have not run any > real mail through the system yet, but Sophos shows up in the maillog > when MailScanner starts and it finds the eicar when running > "MailScanner --lint". > > Will Sophos v6 would work with the SAVI perl module? If so, I'll give > that a try too. Sorry for taking a while to respond. I have just built a new system to test this out properly, and it appears to be working just fine. One point to note: make sure that "Monitors For Sophos Updates" is set correctly, as it needs to point to some wildcarded list of files in /opt/sophos-av/lib/sav. I have used "/opt/sophos-av/lib/sav/*.vdb" but I'm not 100% sure that is correct, I will have to test it some more, over a few days, to see exactly what files are being updated by the sophos-autoupdate (which is compatible with Sophos 6 already). Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHY+nfEfZZRxQVtlQRAijxAKDXE59sAW5ch8iGh+ob4R3ihd2e0ACfRAyw 2NQqqjgzJTu7DMRN3lzfres= =Bw4e -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Dec 15 15:08:25 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Dec 15 15:08:52 2007 Subject: whitelisting/blacklisting without spamassassin In-Reply-To: <223f97700712150134j3837f06ex936545df45976160@mail.gmail.com> References: <1d9012300712141524n2a785c5ev22418f6f6afd4795@mail.gmail.com> <223f97700712150134j3837f06ex936545df45976160@mail.gmail.com> Message-ID: <4763EDE9.4070308@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 15/12/2007, Neil Spierling wrote: > >> Hi, >> >> Is there any way to use MailScanners whitelisting and blacklisting >> features when "Use SpamAssassin" is set to no? Messages pass through >> spamassassin before they reach their final destination where >> MailScanner runs. We only use MailScanner for virus and content >> filtering. I can see MailScanner reads the whitelist and blacklist >> tables (sql feature from mailwatch) on load but when i send through a >> test infected message MailScanner blocks the message even through ive >> whitelisted my address as the from address and target address as the >> to address. >> >> Neil. >> > > The supplied white/blacklists are for spam, and are really more like > functional examples...:-). > Very much so. Don't forget that you can add a ruleset to nearly all the settings in MailScanner.conf. So you can whitelist them in many, many ways. Just decide what tests you want them to run or not run, and add a ruleset to them. To reduce the number of files you have to keep up to date, don't forget that you can use the same ruleset file on more than one conf setting. So you may decide you want to ignore phishing detection _and_ spam checks on mail from your favourite customers. In that case, purely as an example, in MailScanner.conf set Find Phishing Fraud = %rules-dir%/trusted-customers.rules Spam Checks = %rules-dir%/trusted-customers.rules To make the web admin of this ruleset even easier, you could use one extra feature, so the file that needs editing is simply a list of domain names, one per line, with no extra text around it at all. Make your trusted-customers.rules file look like this # Ruleset that returns "no" for our most favourite trusted customers. From: /etc/MailScanner/customers-domains.txt no FromOrTo: default yes and then in /etc/MailScanner/customers-domains.txt, you simply put a list of the addresses/domains/regular-expressions/IP-ranges/whatever, with nothing else at all. That way no knowledge of MailScanner is needed *at all* for whoever maintains the list of customers. So for example, /etc/MailScanner/customers-domain.txt could contain # List of trusted customers and where their mail comes from. amazon.co.uk amazon.com 192.68.21.* /\@google\.(co\.uk|com)$/ your-boss@yahoo.com So that file contains no MailScanner-specific knowledge at all, it's just a list of things we're going to match against to find addresses which we don't spam check and anything else we don't do to "trusted customers" mail. Sorry if that's a bit long as an answer, I just wanted to take advantage to remind you of some of the configuration flexibility in MailScanner. > Theoretically you could add the same functions as you did for spam on > the Virus Scanning and dangerous Content scanning settings... Letting > lusers decide whether they should check for viruses from some > senders.... wouldn't be my cup of tea, to say the least, but .... it > should work. Or use traditional MailScanner rulesets instead, so that > you keep the administrative control... (msre is nice if you do that, > and still want a webGUI for it)... Check out the MailScanner wiki for > ideas and examples and links (http://wiki.mailscanner.info)... > > Cheers > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHY+3sEfZZRxQVtlQRAkyHAJ9EQLpBCgAqxccE4/itjsHTOWbJ0wCeK9ql 1Z9+mCW1iRsJ/rTxFyFnZUo= =dvCG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmane at tippingmar.com Sat Dec 15 18:53:40 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Dec 15 18:54:17 2007 Subject: Sophos.install for v6 In-Reply-To: <4763E9DA.90706@ecs.soton.ac.uk> References: <4761004E.1090006@ecs.soton.ac.uk> <4763E9DA.90706@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Mark Nienberg wrote: >> Will Sophos v6 would work with the SAVI perl module? If so, I'll give >> that a try too. > Sorry for taking a while to respond. I have just built a new system to > test this out properly, and it appears to be working just fine. For Pete's sake it has been less than 24 hours, and in that time you built a new system and tested this? I really don't think you should apologize for that! Thanks for your help. Mark From andreab at guttadauro.com Sat Dec 15 22:04:23 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Sat Dec 15 22:01:27 2007 Subject: Check email before sending Message-ID: <47644F67.7040809@guttadauro.com> Hello guy I have a strange problem to solve. My boss ask me if is possible block all mails coming from one or more address before sending. All email received from(ex) user@foo.bar must be routeted to bigboss@mydomain, if the email is ok, the message will be relased to the final destination.... Can i use MS to solve my problem ?? Thanks... NB: sorry about bad english ! -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071215/f94f9229/attachment.html From pascal.maes at elec.ucl.ac.be Sun Dec 16 08:05:23 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Sun Dec 16 08:05:35 2007 Subject: MailScanner could not analyze some mails In-Reply-To: References: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> Message-ID: <506F1796-4189-4742-9476-78450198C089@elec.ucl.ac.be> Le 13-d?c.-07 ? 14:33, Ugo Bellavance a ?crit : > Pascal Maes wrote: >> Hello, >> Questions >> - why that kind of email could no be analyzed ? >> - Does a workaround exist ? >> - How can we distribute these kind of emails ? > > Most likely an AV problem, are you using Sophos? > > Please have a look at your logs and show us what you find, we'll > then be able to help you. > > Ugo I have disabled the Virus scanning in MailScanner: Virus Scanning = no but the message is always put in quarantine : Dec 16 08:39:24 smtp-2 postfix/smtpd[13500]: 6F516EC10F: client=localhost.localdomain[127.0.0.1] Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: hold: header Received: from smtp2.sgsi.ucl.ac.be (localhost.localdomain [127.0.0.1])??by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP id 6F516EC10F??for ; Sun, 16 Dec 2007 08:39:24 +0100 (CE from localhost.localdomain[127.0.0.1]; from=<> to= proto=ESMTP helo= Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: message-id= Dec 16 08:39:24 smtp-2 clamsmtpd: 3E803F: from=<>, to=pascal.maes@uclouvain.be , status=CLEAN Dec 16 08:39:26 smtp-2 MailScanner[13754]: Message 6F516EC10F.7E01C from 127.0.0.1 () to uclouvain.be is n'est pas un polluriel, SpamAssassin (not cached, score=3.401, requis 5, BAYES_00 -1.60, BOTNET_BADDNS 3.00, BOTNET_SERVERWORDS 1.00, NO_REAL_NAME 1.00) Dec 16 08:39:26 smtp-2 MailScanner[13754]: Virus and Content Scanning: Starting Dec 16 08:39:26 smtp-2 MailScanner[13754]: Saved entire message to / var/spool/MailScanner/quarantine/20071216/6F516EC10F.7E01C With Virus Scanning = no and Dangerous Content Scanning = no, I receive the return message : > Received: from smtp4.sgsi.ucl.ac.be ([10.1.5.4]) > by mmp.sipr-dc.ucl.ac.be (Sun Java(tm) System Messaging Server > 6.3-4.01 (built > Aug 3 2007; 32bit)) with ESMTP id <0JT400L13TTY4Q10@mmp.sipr-dc.ucl.ac.be > > > for pascal.maes@uclouvain.be; Sun, 16 Dec 2007 08:51:34 +0100 (CET) > Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain > [127.0.0.1]) > by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 0C1FCEFB78 for > ; Sun, 16 Dec 2007 08:51:37 +0100 (CET) > Received: from mail6.e-zone.net (mail6.e-zone.net [212.35.125.173]) > by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP for >; > Sun, 16 Dec 2007 08:51:36 +0100 (CET) > Date: Sun, 16 Dec 2007 08:51:34 +0100 > From: postmaster@legat.eu > Subject: Delivery failure (toto@legat.eu) > To: pascal.maes@uclouvain.be > Message-id: > MIME-version: 1.0 > Content-type: multipart/report; report-type=delivery-status > X-AV-Checked: ClamAV using ClamSMTP > X-SGSI-SpamCheck: n'est pas un polluriel, SpamAssassin (not cached, > score=2, > requis 5, autolearn=not spam, BOTNET_SERVERWORDS 1.00, NO_REAL_NAME > 1.00) > X-SGSI-Spam-Score: ss > X-SGSI-From: > X-SGSI-Spam-Status: No > > This is a multi-part message in MIME format. > > > --6764/1197791494/MailSite/1392/1480 > Content-Transfer-Encoding: quoted-printable > Content-Type: text/plain; charset="us-ascii" > > Your message has encountered delivery problems > to the following recipient(s): > > toto@legat.eu > Delivery failed > User not known > > > > --6764/1197791494/MailSite/1392/1480 > Content-Disposition: attachment; filename="DSN4764D8FE.txt" > Content-Transfer-Encoding: quoted-printable > Content-Type: message/delivery-status; charset="utf-8" > > Reporting-MTA: mail.register.be > Received-From-MTA: dns; smtp2.sgsi.ucl.ac.be (unverified > [130.104.5.77]) > Arrival-Date: Sun, 16 Dec 2007 08:51:26 +0100 > > Final-Recipient: rfc822; toto@legat.eu > Action: failed > Status: 5.1.1 (Permanent failure - addressing: bad destination > mailbox ad= > dress) > > > --6764/1197791494/MailSite/1392/1480 > Content-Type: message/rfc822; charset="utf-8" > > X-Spam-Score: 1 > Received: from smtp2.sgsi.ucl.ac.be (unverified [130.104.5.77]) by > mail.register.be > (Rockliffe SMTPRA 7.0.6) with ESMTP id > for ; > Sun, 16 Dec 2007 08:51:29 +0100 > Received: from smtp2.sgsi.ucl.ac.be (localhost.localdomain > [127.0.0.1]) > by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP id 9159AEC0CF > for ; Sun, 16 Dec 2007 08:51:24 +0100 (CET) > Received: from [192.168.1.66] (maes.elec.ucl.ac.be [130.104.240.228]) > (using TLSv1 with cipher AES128-SHA (128/128 bits)) > (No client certificate requested) > (Authenticated sender: pmaes@smtp2.sgsi.ucl.ac.be) > by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP > for ; Sun, 16 Dec 2007 08:51:24 +0100 (CET) > Message-Id: <816190C6-AD6F-48A3-BD13-E3F7727B2C3F@uclouvain.be> > From: Pascal Maes > To: toto@legat.eu > Content-Type: text/plain; charset=US-ASCII; format=flowed > Content-Transfer-Encoding: 7bit > Mime-Version: 1.0 (Apple Message framework v915) > Subject: test du 16/12 avec MailScanner 4.65 sans Content ni virus > scanning > Date: Sun, 16 Dec 2007 08:51:23 +0100 > X-Mailer: Apple Mail (2.915) > X-AV-Checked: ClamAV using ClamSMTP > X-Sgsi-Spamcheck: Authenticated, > X-SGSI-From: pascal.maes@uclouvain.be > X-SGSI-Spam-Status: No > > > test du 16/12 > > -- > Pascal > > > > --6764/1197791494/MailSite/1392/1480-- > Why this message can not be analyzed ? -- Pascal -- Pascal From glenn.steen at gmail.com Sun Dec 16 15:12:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 16 15:12:48 2007 Subject: Check email before sending In-Reply-To: <47644F67.7040809@guttadauro.com> References: <47644F67.7040809@guttadauro.com> Message-ID: <223f97700712160712k4bb90f16u5f483e8a29802887@mail.gmail.com> On 15/12/2007, Andrea Bazzanini wrote: > > Hello guy > > I have a strange problem to solve. > My boss ask me if is possible block all mails coming from one or more > address before sending. > > All email received from(ex) user@foo.bar must be routeted to > bigboss@mydomain, if the email is ok, the message will be relased to the > final destination.... > > Can i use MS to solve my problem ?? > > Thanks... > > NB: sorry about bad english ! > Yes, you could, in a way. You could use a ruleset to blacklist (Definitiely Spam, Definite Spam Is Highscoring, High Spam Action containing "store"... or something similar). Then use MailWatch, set the bigboss up so that he can see the relevant user(s) mail(s), and let him release them as he sees fit. SHould be workable:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From michael at huntley.net Sun Dec 16 15:40:19 2007 From: michael at huntley.net (Michael Huntley) Date: Sun Dec 16 15:40:48 2007 Subject: Check email before sending In-Reply-To: <223f97700712160712k4bb90f16u5f483e8a29802887@mail.gmail.com> References: <47644F67.7040809@guttadauro.com> <223f97700712160712k4bb90f16u5f483e8a29802887@mail.gmail.com> Message-ID: <476546E3.7000502@huntley.net> Glenn Steen wrote: > On 15/12/2007, Andrea Bazzanini wrote: > >> Hello guy >> >> I have a strange problem to solve. >> My boss ask me if is possible block all mails coming from one or more >> address before sending. >> >> All email received from(ex) user@foo.bar must be routeted to >> bigboss@mydomain, if the email is ok, the message will be relased to the >> final destination.... >> >> Can i use MS to solve my problem ?? >> >> Thanks... >> >> NB: sorry about bad english ! >> >> > Yes, you could, in a way. You could use a ruleset to blacklist > (Definitiely Spam, Definite Spam Is Highscoring, High Spam Action > containing "store"... or something similar). Then use MailWatch, set > the bigboss up so that he can see the relevant user(s) mail(s), and > let him release them as he sees fit. SHould be workable:-). > > Cheers > Just use the Non Spam Actions and set up a rule that email from user@domain.com gets 'store' as the action. Very easy. mph vinum vesco valens viscus From ugob at lubik.ca Mon Dec 17 14:14:51 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Dec 17 14:18:02 2007 Subject: Can't upgrade some perl modules Message-ID: Hi, This is MailScanner version 4.61.7 When I try a yum update (using rpmforge), I get these errors, so I can't really update my systems: file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf file /usr/share/man/man3/bignum.3pm.gz conflicts between attempted installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf file /usr/share/man/man3/bigrat.3pm.gz conflicts between attempted installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf file /usr/share/man/man3/Test::Builder.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 file /usr/share/man/man3/Test::More.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 file /usr/share/man/man3/Test::Simple.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 file /usr/share/man/man3/Test::Tutorial.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 Is there a way to update w/o having to upgrade MS? Regards, Ugo From ugob at lubik.ca Mon Dec 17 14:16:01 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Dec 17 14:20:21 2007 Subject: how to use rpm module instead of installed source Message-ID: Hi, From MailScanner -V output, I get this: 0.53 Net::DNS But I have perl-Net-DNS-0.59-1.el3.rf installed. How can I tell my system to use the rpm instead of the source-installed 0.53? Regards, Ugo From rpotter at rpcs.net Mon Dec 17 16:16:51 2007 From: rpotter at rpcs.net (Richard Potter) Date: Mon Dec 17 16:17:13 2007 Subject: Can't upgrade some perl modules In-Reply-To: References: Message-ID: <57368.10.0.0.31.1197908211.squirrel@webmail.rpcs.net> On Mon, December 17, 2007 9:14 am, Ugo Bellavance wrote: > Hi, > > This is MailScanner version 4.61.7 > > When I try a yum update (using rpmforge), I get these errors, so I can't > really update my systems: > > file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted > installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf > file /usr/share/man/man3/bignum.3pm.gz conflicts between attempted > installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf > file /usr/share/man/man3/bigrat.3pm.gz conflicts between attempted > installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf > file /usr/share/man/man3/Test::Builder.3pm.gz conflicts between > attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 > file /usr/share/man/man3/Test::More.3pm.gz conflicts between attempted > installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 > file /usr/share/man/man3/Test::Simple.3pm.gz conflicts between attempted > installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 > file /usr/share/man/man3/Test::Tutorial.3pm.gz conflicts between > attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 > > Is there a way to update w/o having to upgrade MS? This *appears* to be a yum problem. I have installed the following plugins, to work around this problem. This is on my testing box. # yum install yum-fastestmirror yum-skip-broken yum-kmod yum-kernel-module yum-priorities Dag Wiiers talks about it here: http://dag.wieers.com/blog/content/i-am-sorry-that-your-yum-is-broken Richard From ugob at lubik.ca Mon Dec 17 16:32:07 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Dec 17 16:42:38 2007 Subject: Can't upgrade some perl modules In-Reply-To: <57368.10.0.0.31.1197908211.squirrel@webmail.rpcs.net> References: <57368.10.0.0.31.1197908211.squirrel@webmail.rpcs.net> Message-ID: Richard Potter wrote: > On Mon, December 17, 2007 9:14 am, Ugo Bellavance wrote: > >> Hi, >> >> This is MailScanner version 4.61.7 >> >> When I try a yum update (using rpmforge), I get these errors, so I can't >> really update my systems: >> >> file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted >> installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf >> file /usr/share/man/man3/bignum.3pm.gz conflicts between attempted >> installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf >> file /usr/share/man/man3/bigrat.3pm.gz conflicts between attempted >> installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf >> file /usr/share/man/man3/Test::Builder.3pm.gz conflicts between >> attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 >> file /usr/share/man/man3/Test::More.3pm.gz conflicts between attempted >> installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 >> file /usr/share/man/man3/Test::Simple.3pm.gz conflicts between attempted >> installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 >> file /usr/share/man/man3/Test::Tutorial.3pm.gz conflicts between >> attempted installs of perl-Test-Simple-0.74-1.el3.rf and perl-5.8.0-97.EL3 >> >> Is there a way to update w/o having to upgrade MS? > > This *appears* to be a yum problem. I have installed the following > plugins, to work around this problem. This is on my testing box. > > # yum install yum-fastestmirror yum-skip-broken yum-kmod yum-kernel-module > yum-priorities Theses are not available on CentOS3 :(. Regards, Ugo From richard.siddall at elirion.net Mon Dec 17 16:50:32 2007 From: richard.siddall at elirion.net (Richard Siddall) Date: Mon Dec 17 16:52:31 2007 Subject: Can't upgrade some perl modules In-Reply-To: References: Message-ID: <4766A8D8.6010007@elirion.net> Ugo Bellavance wrote: > When I try a yum update (using rpmforge), I get these errors, so I can't > really update my systems: > > file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted > installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf [snip] > > Is there a way to update w/o having to upgrade MS? You're running into one of the classic RPM packaging problems with Perl. The main Perl RPM contains the bignum Perl module. You're trying to install just an updated version of bignum, but RPM can't replace part of the main Perl RPM; it's the whole RPM or nothing. The usual way of getting around this is to force installation of the new package. yum will have left a copy of the RPM in the cache for the repository you downloaded it from, so you can probably do something like: rpm -Uvh --nodeps \ /var/cache/yum/rpmforge/perl-bignum-0.22-1.el3.rf where rpmforge is the repo name. As has been pointed out on the list before, there's a small possibility that forcing installation of a new module will stop existing Perl programs from working. The alternative is to add perl-bignum to the list of RPMs that are excluded from updating for the repo that's causing the conflict. Find the repo file in /etc/yum.repos.d/ and append perl-bignum to the exclude line, or add an exclude line if there isn't one there already. exclude=perl-bignum I hope that helps. Regards, Richard Siddall From richard.siddall at elirion.net Mon Dec 17 16:59:13 2007 From: richard.siddall at elirion.net (Richard Siddall) Date: Mon Dec 17 17:00:06 2007 Subject: how to use rpm module instead of installed source In-Reply-To: References: Message-ID: <4766AAE1.7010105@elirion.net> Ugo Bellavance wrote: > From MailScanner -V output, I get this: > > 0.53 Net::DNS > > But I have perl-Net-DNS-0.59-1.el3.rf installed. > > How can I tell my system to use the rpm instead of the source-installed > 0.53? I'm guessing that Net::DNS 0.53 was installed earlier in the @INC Perl search path than the RPM version, 0.59, so MailScanner finds it first. perl -V will show you the @INC search path. I don't know of an easy way of deleting a Perl module that was installed with cpan. I'd probably do: locate Net/DNS and then move all the matches I believed were part of the cpan installation to a directory outside the Perl search path. BTW, you can use rpm to determine if the matched file was installed by rpm: rpm -qf /usr/lib/perl5/site_perl/5.8.5/Net/DNS.pm will tell you which RPM the file was installed by. Regards, Richard Siddall From gmane at tippingmar.com Mon Dec 17 19:01:08 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Dec 17 19:01:33 2007 Subject: Sophos.install for v6 In-Reply-To: <4763E9DA.90706@ecs.soton.ac.uk> References: <4761004E.1090006@ecs.soton.ac.uk> <4763E9DA.90706@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Mark Nienberg wrote: >> Will Sophos v6 would work with the SAVI perl module? If so, I'll give >> that a try too. > Sorry for taking a while to respond. I have just built a new system to > test this out properly, and it appears to be working just fine. > > One point to note: make sure that "Monitors For Sophos Updates" is set > correctly, as it needs to point to some wildcarded list of files in > /opt/sophos-av/lib/sav. I have used "/opt/sophos-av/lib/sav/*.vdb" but > I'm not 100% sure that is correct, I will have to test it some more, > over a few days, to see exactly what files are being updated by the > sophos-autoupdate (which is compatible with Sophos 6 already). I edited the SAVI-Perl-0.30 Makefile.PL like this: 'LIBS' => ['-L/opt/sophos-av/lib -R/opt/sophos-av/lib -lsavi'], but the "make" failed with this: sav_if/s_comput.h:662:4: error: #error Unsupported GNU C/C++ target hardware platform This is CentOS 5.1: [root@tesla2 SAVI-Perl-0.30]# uname -a Linux tesla2.tippingmar.com 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 00:45:55 EST 2007 x86_64 x86_64 x86_64 GNU/Linux Does that mean it won't build on x86_64? Mark From MailScanner at ecs.soton.ac.uk Mon Dec 17 20:22:28 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 17 20:23:04 2007 Subject: Sophos.install for v6 In-Reply-To: References: <4761004E.1090006@ecs.soton.ac.uk> <4763E9DA.90706@ecs.soton.ac.uk> Message-ID: <4766DA84.6000507@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Julian Field wrote: > >> Mark Nienberg wrote: > >>> Will Sophos v6 would work with the SAVI perl module? If so, I'll >>> give that a try too. >> Sorry for taking a while to respond. I have just built a new system >> to test this out properly, and it appears to be working just fine. >> >> One point to note: make sure that "Monitors For Sophos Updates" is >> set correctly, as it needs to point to some wildcarded list of files >> in /opt/sophos-av/lib/sav. I have used "/opt/sophos-av/lib/sav/*.vdb" >> but I'm not 100% sure that is correct, I will have to test it some >> more, over a few days, to see exactly what files are being updated by >> the sophos-autoupdate (which is compatible with Sophos 6 already). > > I edited the SAVI-Perl-0.30 Makefile.PL like this: > > 'LIBS' => ['-L/opt/sophos-av/lib -R/opt/sophos-av/lib -lsavi'], > > but the "make" failed with this: > > sav_if/s_comput.h:662:4: error: #error Unsupported GNU C/C++ target > hardware platform > > > This is CentOS 5.1: > > [root@tesla2 SAVI-Perl-0.30]# uname -a > Linux tesla2.tippingmar.com 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 > 00:45:55 EST 2007 x86_64 x86_64 x86_64 GNU/Linux > > Does that mean it won't build on x86_64? Correct. It won't build on x86_64. I don't know if it can be massaged into working at all, but it certainly won't straight out of the box. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHZtqREfZZRxQVtlQRAoDKAJ4n5PNtrH/8PM+lkIf9GRtdesyWOQCgqHE0 No/xO8hXDeaGTKQUPT0gl3I= =/8Bq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Mon Dec 17 20:44:15 2007 From: gdoris at rogers.com (Gerry Doris) Date: Mon Dec 17 20:45:23 2007 Subject: Can't upgrade some perl modules In-Reply-To: <4766A8D8.6010007@elirion.net> References: <4766A8D8.6010007@elirion.net> Message-ID: <4766DF9F.9050005@rogers.com> Richard Siddall wrote: > Ugo Bellavance wrote: >> When I try a yum update (using rpmforge), I get these errors, so I >> can't really update my systems: >> >> file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted >> installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf > [snip] >> >> Is there a way to update w/o having to upgrade MS? > > You're running into one of the classic RPM packaging problems with > Perl. The main Perl RPM contains the bignum Perl module. You're > trying to install just an updated version of bignum, but RPM can't > replace part of the main Perl RPM; it's the whole RPM or nothing. > > The usual way of getting around this is to force installation of the > new package. yum will have left a copy of the RPM in the cache for > the repository you downloaded it from, so you can probably do > something like: > > rpm -Uvh --nodeps \ > /var/cache/yum/rpmforge/perl-bignum-0.22-1.el3.rf > > where rpmforge is the repo name. > > As has been pointed out on the list before, there's a small > possibility that forcing installation of a new module will stop > existing Perl programs from working. > > The alternative is to add perl-bignum to the list of RPMs that are > excluded from updating for the repo that's causing the conflict. Find > the repo file in /etc/yum.repos.d/ and append perl-bignum to the > exclude line, or add an exclude line if there isn't one there already. > > exclude=perl-bignum > > I hope that helps. > > Regards, > > Richard Siddall I ran into much the same problem a week ago. I was getting a yum error when it tried to update my main perl rpm. There were several conflicts with rpm's installed by MailScanner. I ended up shutting down MailScanner and removing the problem rpm's. I then did the yum perl upgrade. I did a MailScanner reinstall to confirm everything was ok (I was told MailScanner was already installed). All has been working fine. From J.Ede at birchenallhowden.co.uk Mon Dec 17 21:07:16 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Dec 17 21:07:40 2007 Subject: Can't upgrade some perl modules In-Reply-To: <4766DF9F.9050005@rogers.com> References: <4766A8D8.6010007@elirion.net> <4766DF9F.9050005@rogers.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A6152@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gerry Doris > Sent: 17 December 2007 20:44 > To: MailScanner discussion > Subject: Re: Can't upgrade some perl modules > > Richard Siddall wrote: > > Ugo Bellavance wrote: > >> When I try a yum update (using rpmforge), I get these errors, so I > >> can't really update my systems: > >> > >> file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted > >> installs of perl-5.8.0-97.EL3 and perl-bignum-0.22-1.el3.rf > > [snip] > >> > >> Is there a way to update w/o having to upgrade MS? > > > > You're running into one of the classic RPM packaging problems with > > Perl. The main Perl RPM contains the bignum Perl module. You're > > trying to install just an updated version of bignum, but RPM can't > > replace part of the main Perl RPM; it's the whole RPM or nothing. > > > > The usual way of getting around this is to force installation of the > > new package. yum will have left a copy of the RPM in the cache for > > the repository you downloaded it from, so you can probably do > > something like: > > > > rpm -Uvh --nodeps \ > > /var/cache/yum/rpmforge/perl-bignum-0.22-1.el3.rf > > > > where rpmforge is the repo name. > > > > As has been pointed out on the list before, there's a small > > possibility that forcing installation of a new module will stop > > existing Perl programs from working. > > > > The alternative is to add perl-bignum to the list of RPMs that are > > excluded from updating for the repo that's causing the conflict. > Find > > the repo file in /etc/yum.repos.d/ and append perl-bignum to the > > exclude line, or add an exclude line if there isn't one there > already. > > > > exclude=perl-bignum > > > > I hope that helps. > > > > Regards, > > > > Richard Siddall > I ran into much the same problem a week ago. I was getting a yum error > when it tried to update my main perl rpm. There were several conflicts > with rpm's installed by MailScanner. I ended up shutting down > MailScanner and removing the problem rpm's. I then did the yum perl > upgrade. > > I did a MailScanner reinstall to confirm everything was ok (I was told > MailScanner was already installed). All has been working fine. I did same thing... Happens each time I run yum update. Keep meaning to write a little script to remove problem perl modules... Its a pain having to do this each time want to run yum though. Jason From hvdkooij at vanderkooij.org Mon Dec 17 23:53:20 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Dec 18 01:55:07 2007 Subject: MailScanner could not analyze some mails In-Reply-To: <506F1796-4189-4742-9476-78450198C089@elec.ucl.ac.be> References: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> <506F1796-4189-4742-9476-78450198C089@elec.ucl.ac.be> Message-ID: <47670BF0.2060002@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pascal Maes wrote: > > Le 13-d?c.-07 ? 14:33, Ugo Bellavance a ?crit : > >> Pascal Maes wrote: >>> Hello, >>> Questions >>> - why that kind of email could no be analyzed ? >>> - Does a workaround exist ? >>> - How can we distribute these kind of emails ? >> >> Most likely an AV problem, are you using Sophos? >> >> Please have a look at your logs and show us what you find, we'll then >> be able to help you. >> >> Ugo > > I have disabled the Virus scanning in MailScanner: > > Virus Scanning = no > > but the message is always put in quarantine : > > Dec 16 08:39:24 smtp-2 postfix/smtpd[13500]: 6F516EC10F: > client=localhost.localdomain[127.0.0.1] > Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: hold: header > Received: from smtp2.sgsi.ucl.ac.be (localhost.localdomain > [127.0.0.1])??by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP id > 6F516EC10F??for ; Sun, 16 Dec 2007 08:39:24 > +0100 (CE from localhost.localdomain[127.0.0.1]; from=<> > to= proto=ESMTP helo= > Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: > message-id= > Dec 16 08:39:24 smtp-2 clamsmtpd: 3E803F: from=<>, > to=pascal.maes@uclouvain.be, status=CLEAN > Dec 16 08:39:26 smtp-2 MailScanner[13754]: Message 6F516EC10F.7E01C from > 127.0.0.1 () to uclouvain.be is n'est pas un polluriel, SpamAssassin > (not cached, score=3.401, requis 5, BAYES_00 -1.60, BOTNET_BADDNS 3.00, > BOTNET_SERVERWORDS 1.00, NO_REAL_NAME 1.00) > Dec 16 08:39:26 smtp-2 MailScanner[13754]: Virus and Content Scanning: > Starting > Dec 16 08:39:26 smtp-2 MailScanner[13754]: Saved entire message to > /var/spool/MailScanner/quarantine/20071216/6F516EC10F.7E01C Can you translate this message "n'est pas un polluriel" to English? It might have to do with the whole thing or not at all. But I can't tell at the moment. French was never my strong point. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHZwvvBvzDRVjxmYERAkRFAJ0eahrdmvBnRpFE6/mtLgqxLUVM1ACgleHv 6uxwRiaeJjzBhn+6sIVPScA= =tlHj -----END PGP SIGNATURE----- From ugob at lubik.ca Tue Dec 18 02:09:38 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Tue Dec 18 02:15:17 2007 Subject: MailScanner could not analyze some mails In-Reply-To: <47670BF0.2060002@vanderkooij.org> References: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> <506F1796-4189-4742-9476-78450198C089@elec.ucl.ac.be> <47670BF0.2060002@vanderkooij.org> Message-ID: Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Pascal Maes wrote: >> Le 13-d?c.-07 ? 14:33, Ugo Bellavance a ?crit : >> >>> Pascal Maes wrote: >>>> Hello, >>>> Questions >>>> - why that kind of email could no be analyzed ? >>>> - Does a workaround exist ? >>>> - How can we distribute these kind of emails ? >>> Most likely an AV problem, are you using Sophos? >>> >>> Please have a look at your logs and show us what you find, we'll then >>> be able to help you. >>> >>> Ugo >> I have disabled the Virus scanning in MailScanner: >> >> Virus Scanning = no >> >> but the message is always put in quarantine : >> >> Dec 16 08:39:24 smtp-2 postfix/smtpd[13500]: 6F516EC10F: >> client=localhost.localdomain[127.0.0.1] >> Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: hold: header >> Received: from smtp2.sgsi.ucl.ac.be (localhost.localdomain >> [127.0.0.1])??by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP id >> 6F516EC10F??for ; Sun, 16 Dec 2007 08:39:24 >> +0100 (CE from localhost.localdomain[127.0.0.1]; from=<> >> to= proto=ESMTP helo= >> Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: >> message-id= >> Dec 16 08:39:24 smtp-2 clamsmtpd: 3E803F: from=<>, >> to=pascal.maes@uclouvain.be, status=CLEAN >> Dec 16 08:39:26 smtp-2 MailScanner[13754]: Message 6F516EC10F.7E01C from >> 127.0.0.1 () to uclouvain.be is n'est pas un polluriel, SpamAssassin >> (not cached, score=3.401, requis 5, BAYES_00 -1.60, BOTNET_BADDNS 3.00, >> BOTNET_SERVERWORDS 1.00, NO_REAL_NAME 1.00) >> Dec 16 08:39:26 smtp-2 MailScanner[13754]: Virus and Content Scanning: >> Starting >> Dec 16 08:39:26 smtp-2 MailScanner[13754]: Saved entire message to >> /var/spool/MailScanner/quarantine/20071216/6F516EC10F.7E01C > > Can you translate this message "n'est pas un polluriel" to English? "Is not spam" Ugo From mon at cyberec.com Tue Dec 18 06:05:37 2007 From: mon at cyberec.com (Mon Chan) Date: Tue Dec 18 06:05:25 2007 Subject: Message contained archive nested too deeply In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A6152@server02.bhl.local> Message-ID: <002e01c8413c$02c5a690$4801a8c0@cyberec> Dear All Where is this setting? My Mailscanner.conf is "Dangerous Content Scanning = no" But give email show me this msg. thx The content filters found this: MailScanner: Message contained archive nested too deeply Mon From hvdkooij at vanderkooij.org Tue Dec 18 06:20:01 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Dec 18 06:20:34 2007 Subject: Message contained archive nested too deeply In-Reply-To: <002e01c8413c$02c5a690$4801a8c0@cyberec> References: <002e01c8413c$02c5a690$4801a8c0@cyberec> Message-ID: <47676691.6000105@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mon Chan wrote: > Dear All We would be most honored if you did not steal a thread. Use a clean message to start a new subject but NEVER reply to a message to start a new thread like you did now. The following headers gave you away: X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A6152@server02.bhl.local> Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHZ2aQBvzDRVjxmYERAhkHAJwKmJTYN963u87MiqPj54E7QHPaLgCdF1dM j/k66P05Km5RBYlaCHQw6/s= =ETxY -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Dec 18 06:23:57 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Dec 18 06:24:31 2007 Subject: Whitelists not working properly In-Reply-To: References: <10452.94845.qm@web33302.mail.mud.yahoo.com> Message-ID: <4767677D.9000008@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pascal Maes wrote: > > Le 07-d?c.-07 ? 03:19, Michael Mansour a ?crit : > >> Hi Johnny, >> >> --- Johnny Stork wrote: >> >>> I have noticed for the past few months, not sure >>> when it started, but >>> not all whitelist entries are getting picked up. For >>> instance, I just added >>> >>>> From To >>> *@www.pixologic.com *@* >> >> It's odd how such rules ever worked for you. They're >> syntax is incorrect. >> >> Please read: >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples&s=virus%20scanning%20rules >> >> >> for the correct way to define your rules. >> >> Regards, >> >> Michael. >> >>> > > Is the following syntax correct ? > > From: /opt/MailScanner/etc/rules/whitelist.domains yes > FromOrTo: default no > > and in the file /opt/MailScanner/etc/rules/whitelist.domains, I have > lines like : > > *@ess-fp7.org > > > But, recently, I get : > >> X-SGSI-Spam-Score: ssssssssss >> X-SGSI-From: fp7aor@ess-fp7.org >> X-SGSI-Spam-Status: Yes I guess you have not mastered regular expressions. * is not a wildcard in itzelf. You need to use .* instead. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHZ2d7BvzDRVjxmYERAtSPAKCfpPOtfEBU0fVdDRCFH8bufGJQIQCfZaYv SC8ue2x1qgeCvpaozM5995Y= =zVuk -----END PGP SIGNATURE----- From pascal.maes at elec.ucl.ac.be Tue Dec 18 07:37:36 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Tue Dec 18 07:37:49 2007 Subject: MailScanner could not analyze some mails In-Reply-To: References: <2EF0E860-C2D1-4196-8298-2A711B8C27EF@elec.ucl.ac.be> <506F1796-4189-4742-9476-78450198C089@elec.ucl.ac.be> <47670BF0.2060002@vanderkooij.org> Message-ID: Le 18-d?c.-07 ? 03:09, Ugo Bellavance a ?crit : > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> Pascal Maes wrote: >>> Le 13-d?c.-07 ? 14:33, Ugo Bellavance a ?crit : >>> >>>> Pascal Maes wrote: >>>>> Hello, >>>>> Questions >>>>> - why that kind of email could no be analyzed ? >>>>> - Does a workaround exist ? >>>>> - How can we distribute these kind of emails ? >>>> Most likely an AV problem, are you using Sophos? >>>> >>>> Please have a look at your logs and show us what you find, we'll >>>> then >>>> be able to help you. >>>> >>>> Ugo >>> I have disabled the Virus scanning in MailScanner: >>> >>> Virus Scanning = no >>> >>> but the message is always put in quarantine : >>> >>> Dec 16 08:39:24 smtp-2 postfix/smtpd[13500]: 6F516EC10F: >>> client=localhost.localdomain[127.0.0.1] >>> Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: hold: >>> header >>> Received: from smtp2.sgsi.ucl.ac.be (localhost.localdomain >>> [127.0.0.1])??by smtp2.sgsi.ucl.ac.be (Postfix) with ESMTP id >>> 6F516EC10F??for ; Sun, 16 Dec 2007 >>> 08:39:24 >>> +0100 (CE from localhost.localdomain[127.0.0.1]; from=<> >>> to= proto=ESMTP >>> helo= >>> Dec 16 08:39:24 smtp-2 postfix/cleanup[12467]: 6F516EC10F: >>> message-id= >>> Dec 16 08:39:24 smtp-2 clamsmtpd: 3E803F: from=<>, >>> to=pascal.maes@uclouvain.be, status=CLEAN >>> Dec 16 08:39:26 smtp-2 MailScanner[13754]: Message 6F516EC10F. >>> 7E01C from >>> 127.0.0.1 () to uclouvain.be is n'est pas un polluriel, SpamAssassin >>> (not cached, score=3.401, requis 5, BAYES_00 -1.60, BOTNET_BADDNS >>> 3.00, >>> BOTNET_SERVERWORDS 1.00, NO_REAL_NAME 1.00) >>> Dec 16 08:39:26 smtp-2 MailScanner[13754]: Virus and Content >>> Scanning: >>> Starting >>> Dec 16 08:39:26 smtp-2 MailScanner[13754]: Saved entire message to >>> /var/spool/MailScanner/quarantine/20071216/6F516EC10F.7E01C >> Can you translate this message "n'est pas un polluriel" to English? > > "Is not spam" > > Ugo > Right. In etc/reports/fr/languages.conf NotSpam = n'est pas un polluriel Well, for a good syntax it should be etc/reports/en/langauges.conf: IsNotSpam = is not spam etc/reports/fr/languages.conf: IsNotSpam = n'est pas un polluriel but this is not really a problem ;-) -- Pascal -- Pascal From glenn.steen at gmail.com Tue Dec 18 09:25:09 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Dec 18 09:25:19 2007 Subject: Message contained archive nested too deeply In-Reply-To: <002e01c8413c$02c5a690$4801a8c0@cyberec> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A6152@server02.bhl.local> <002e01c8413c$02c5a690$4801a8c0@cyberec> Message-ID: <223f97700712180125m286bcc85g885448990570462d@mail.gmail.com> On 18/12/2007, Mon Chan wrote: > Dear All > > > Where is this setting? My Mailscanner.conf is "Dangerous Content Scanning = > no" > But give email show me this msg. thx > > > The content filters found this: > MailScanner: Message contained archive nested too deeply > > > Mon > Try setting Maximum Archive Depth = 0 ... http://www.mailscanner.info/MailScanner.conf.index.html#Maximum%20Archive%20Depth Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmatt at nerc.ac.uk Tue Dec 18 13:12:07 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Dec 18 13:16:09 2007 Subject: missing lint test Message-ID: <4767C727.7050403@nerc.ac.uk> Would be nice if MailScanner --lint picked up syntax errors in filename.rules.conf. After cutting and pasting a couple of additions during a recent upgrade, MailScanner passed a lint test but reported syntax errors when run because the tabs had been transformed to spaces. just a thought. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From bbecken at aafp.org Tue Dec 18 14:39:01 2007 From: bbecken at aafp.org (Brad Beckenhauer) Date: Tue Dec 18 14:40:44 2007 Subject: Clamav updated to version 0.92 Message-ID: <47678725.D87E.0068.3@aafp.org> My MX boxes started complaining this am about clamav being outdated. I checked clamav.net and sure enough, the current version is now 0.92 From MailScanner at ecs.soton.ac.uk Tue Dec 18 14:56:56 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Dec 18 14:57:17 2007 Subject: Clamav updated to version 0.92 In-Reply-To: <47678725.D87E.0068.3@aafp.org> References: <47678725.D87E.0068.3@aafp.org> Message-ID: <4767DFB8.2090006@ecs.soton.ac.uk> I have just posted a new version of the ClamAV + SpamAssassin tarball to www.mailscanner.info. Brad Beckenhauer wrote: > My MX boxes started complaining this am about clamav being outdated. I > checked clamav.net and sure enough, the current version is now 0.92 > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Dec 18 15:26:02 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Dec 18 15:26:27 2007 Subject: Clamav updated to version 0.92 In-Reply-To: <4767DFB8.2090006@ecs.soton.ac.uk> References: <47678725.D87E.0068.3@aafp.org> <4767DFB8.2090006@ecs.soton.ac.uk> Message-ID: <4767E68A.3080406@ecs.soton.ac.uk> Due to problems with it building the clamavmodule virus scanner, I have backed off to the previous version again. Sorry about that. Julian Field wrote: > I have just posted a new version of the ClamAV + SpamAssassin tarball > to www.mailscanner.info. > > > Brad Beckenhauer wrote: >> My MX boxes started complaining this am about clamav being outdated. I >> checked clamav.net and sure enough, the current version is now 0.92 >> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pascal.maes at elec.ucl.ac.be Tue Dec 18 16:33:29 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Tue Dec 18 16:34:37 2007 Subject: Ruleset for Quarantine Infections Message-ID: Hello, This mail is related to the thread "MailScanner could not analyze some mails". As it seems that all the messages which cannot be analyzed come from the same servers, I try to create a ruleset for the Quanrantine Infections : Quarantine Infections = %rules-dir%/quarantine.rules # was yes In the file quarantine.rules, I have : # # Quarantine Infections # # mail.register.be # From: 212.35.125. no From: /e-zone\.net/ no FromOrTo: default yes But today, I still have a mail which has been put in quarantine. The "postcat" of the file gives : # postcat 4B600EFB74 *** ENVELOPE RECORDS 4B600EFB74 *** message_size: 3440 586 1 0 3440 message_arrival_time: Tue Dec 18 12:17:17 2007 create_time: Tue Dec 18 12:17:17 2007 named_attribute: rewrite_context=local sender: named_attribute: log_client_name=localhost.localdomain named_attribute: log_client_address=127.0.0.1 named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] named_attribute: log_helo_name=smtp4.sgsi.ucl.ac.be named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost.localdomain named_attribute: reverse_client_name=localhost.localdomain named_attribute: client_address=127.0.0.1 named_attribute: helo_name=smtp4.sgsi.ucl.ac.be named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;autenne@cpdr.ucl.ac.be original_recipient: autenne@cpdr.ucl.ac.be recipient: autenne@cpdr.ucl.ac.be *** MESSAGE CONTENTS 4B600EFB74 *** Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain [127.0.0.1]) by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 4B600EFB74 for ; Tue, 18 Dec 2007 12:17:17 +0100 (CET) Received: from mail5.e-zone.net (unknown [212.35.125.179]) by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP for ; Tue, 18 Dec 2007 12:17:17 +0100 (CET) Message-Id: Date: Tue, 18 Dec 2007 12:17:05 +0100 What's wrong with the quarantine ruleset ? Thanks -- Pascal From gmatt at nerc.ac.uk Tue Dec 18 16:59:37 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Dec 18 17:00:09 2007 Subject: Can't upgrade some perl modules In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A6152@server02.bhl.local> References: <4766A8D8.6010007@elirion.net> <4766DF9F.9050005@rogers.com> <4CAB0118AEC63A4FAAE77E6BCBDF760CA00A6152@server02.bhl.local> Message-ID: <4767FC79.7080603@nerc.ac.uk> Jason Ede wrote: >> I did a MailScanner reinstall to confirm everything was ok (I was >> told MailScanner was already installed). All has been working >> fine. > > I did same thing... Happens each time I run yum update. Keep meaning > to write a little script to remove problem perl modules... Its a pain > having to do this each time want to run yum though. alternatively, this works: rpm -e perl-Syslog perl-Math-BigInt perl-Math-BigRat perl-bignum yum update -y assuming you kept the rpms you can then: cd /usr/src/redhat/RPMS/noarch rpm -i --force ./perl-bignum-0.21-1.noarch.rpm \ ./perl-Math-BigInt-1.86-1.noarch.rpm \ ./perl-Math-BigRat-0.19-1.noarch.rpm \ ./perl-Sys-Syslog-0.18-1.noarch.rpm which is basically what JF's install script does anyway (once its built them from source). Its not pretty. I suppose the alternative is install and maintain your own perl distribution with all the required modules at the required revisions. Sounds like much more work. GREG > Jason -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From AHKAPLAN at PARTNERS.ORG Tue Dec 18 18:49:06 2007 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Dec 18 18:49:17 2007 Subject: Upgrading ClamAV to the latest version Message-ID: Hi there - I did the initial installation of ClamAV 0.91.2 and SpamAssassin 3.2.3 via the easy installation package. The latest version of ClamAV, version 0.92, is now available. If I want to upgrade ClamAV independent from SpamAssassin and MailScanner, can I do so, or should I wait until a newer version of the easy installation package is available? The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071218/dc428bc6/attachment.html From uxbod at splatnix.net Tue Dec 18 20:53:50 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Dec 18 20:54:01 2007 Subject: Upgrading ClamAV to the latest version In-Reply-To: Message-ID: <18627947.18431198011230459.JavaMail.root@office.splatnix.net> you can but beware of the path changes! Jules will sort out the easy install package and from the release notes I believe not a great deal has changed. So personally I am waiting. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Andrew H. Kaplan" To: mailscanner@lists.mailscanner.info Sent: Tuesday, December 18, 2007 6:49:06 PM (GMT) Europe/London Subject: Upgrading ClamAV to the latest version Hi there ? I did the initial installation of ClamAV 0.91.2 and SpamAssassin 3.2.3 via the easy installation package. The latest version of ClamAV, version 0.92, is now available. If I want to upgrade ClamAV independent from SpamAssassin and MailScanner, can I do so, or should I wait until a newer version of the easy installation package is available? The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Tue Dec 18 21:15:26 2007 From: steve at fsl.com (Stephen Swaney) Date: Tue Dec 18 21:15:37 2007 Subject: Upgrading ClamAV to the latest version In-Reply-To: <18627947.18431198011230459.JavaMail.root@office.splatnix.net> References: <18627947.18431198011230459.JavaMail.root@office.splatnix.net> Message-ID: <4768386E.1030503@fsl.com> UxBoD wrote: > you can but beware of the path changes! Jules will sort out the easy install package and from the release notes I believe not a great deal has changed. So personally I am waiting. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Andrew H. Kaplan" > To: mailscanner@lists.mailscanner.info > Sent: Tuesday, December 18, 2007 6:49:06 PM (GMT) Europe/London > Subject: Upgrading ClamAV to the latest version > > > > > > Hi there ? > > > > I did the initial installation of ClamAV 0.91.2 and SpamAssassin 3.2.3 via the easy installation package. The latest version > > of ClamAV, version 0.92, is now available. If I want to upgrade ClamAV independent from SpamAssassin and MailScanner, > > can I do so, or should I wait until a newer version of the easy installation package is available? The information transmitted in this electronic communication is intended only > for the person or entity to whom it is addressed and may contain confidential > and/or privileged material. Any review, retransmission, dissemination or other > use of or taking of any action in reliance upon this information by persons or > entities other than the intended recipient is prohibited. If you received this > information in error, please contact the Compliance HelpLine at 800-856-1983 and > properly dispose of this information. > Actually I believe there are some Mail::ClamAV (clamavmodule) issues that need to be resolved. Has anyone gotten Mail::ClamAV to compile against the 0.92 libraries? Steve Steve Swaney, www.fsl.com From glenn.steen at gmail.com Wed Dec 19 08:05:28 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Dec 19 08:05:38 2007 Subject: Ruleset for Quarantine Infections In-Reply-To: References: Message-ID: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> On 18/12/2007, Pascal Maes wrote: > Hello, > > > This mail is related to the thread "MailScanner could not analyze some > mails". > > As it seems that all the messages which cannot be analyzed come from > the same servers, > I try to create a ruleset for the Quanrantine Infections : > > Quarantine Infections = %rules-dir%/quarantine.rules # was yes > > > In the file quarantine.rules, I have : > > # > # Quarantine Infections > # > > # mail.register.be > # > From: 212.35.125. no > From: /e-zone\.net/ no > > FromOrTo: default yes > > > > But today, I still have a mail which has been put in quarantine. > The "postcat" of the file gives : > > # postcat 4B600EFB74 > *** ENVELOPE RECORDS 4B600EFB74 *** > message_size: 3440 586 > 1 0 3440 > message_arrival_time: Tue Dec 18 12:17:17 2007 > create_time: Tue Dec 18 12:17:17 2007 > named_attribute: rewrite_context=local > sender: > named_attribute: log_client_name=localhost.localdomain > named_attribute: log_client_address=127.0.0.1 > named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] > named_attribute: log_helo_name=smtp4.sgsi.ucl.ac.be > named_attribute: log_protocol_name=ESMTP > named_attribute: client_name=localhost.localdomain > named_attribute: reverse_client_name=localhost.localdomain > named_attribute: client_address=127.0.0.1 > named_attribute: helo_name=smtp4.sgsi.ucl.ac.be > named_attribute: client_address_type=2 > named_attribute: dsn_orig_rcpt=rfc822;autenne@cpdr.ucl.ac.be > original_recipient: autenne@cpdr.ucl.ac.be > recipient: autenne@cpdr.ucl.ac.be > *** MESSAGE CONTENTS 4B600EFB74 *** > Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain [127.0.0.1]) > by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 4B600EFB74 > for ; Tue, 18 Dec 2007 12:17:17 +0100 (CET) > Received: from mail5.e-zone.net (unknown [212.35.125.179]) > by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP > for ; Tue, 18 Dec 2007 12:17:17 +0100 (CET) > Message-Id: > Date: Tue, 18 Dec 2007 12:17:05 +0100 > > > What's wrong with the quarantine ruleset ? > > Thanks The ruleset works with the envelope information, not what happens to be in the (possibly forged) RFC822 message, so you should look above the "*** MESSAGE ..." line. As you can see there, it is seen as locally supplied. Is this perhaps a release from quarantine? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hofu12 at physik.tu-darmstadt.de Wed Dec 19 08:55:33 2007 From: hofu12 at physik.tu-darmstadt.de (Joachim Holzfuss) Date: Wed Dec 19 08:56:08 2007 Subject: How to not relay already marked spam bounced by sub-domain mailservers Message-ID: Hello, we are having a central mailserver accepting, scanning and relaying inbound/outbound mail for several departmental mailservers. Every spam detection puts the mail into an attachment and forwards it. Now: The departmental mailservers are sometimes equipped with their own scanning procedure and sometimes send bounces of not accepted mail back to the falsified sender (via my relay), also their users may .forward their mail to other (outbound)destinations. How can I stop the main mailserver from sending out these already scanned, positively watermarked and spam marked mails. Can someone think of and share with me any mixture of rules in the conf files to accomplish that? Thanks j.h. From martinh at solidstatelogic.com Wed Dec 19 09:25:07 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Dec 19 09:25:29 2007 Subject: Upgrading ClamAV to the latest version In-Reply-To: <4768386E.1030503@fsl.com> Message-ID: <6ef5e25398b47b4397179d5e4f6a472e@solidstatelogic.com> Steve NEVER got Mail::Clamav to work at all - I find the new clamd to be a very good alternative. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: 18 December 2007 21:15 > To: MailScanner discussion > Subject: Re: Upgrading ClamAV to the latest version > > UxBoD wrote: > > you can but beware of the path changes! Jules will sort out the easy > install package and from the release notes I believe not a great deal has > changed. So personally I am waiting. > > > > Regards, > > > > --[ UxBoD ]-- > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > > ----- Original Message ----- > > From: "Andrew H. Kaplan" > > To: mailscanner@lists.mailscanner.info > > Sent: Tuesday, December 18, 2007 6:49:06 PM (GMT) Europe/London > > Subject: Upgrading ClamAV to the latest version > > > > > > > > > > > > Hi there - > > > > > > > > I did the initial installation of ClamAV 0.91.2 and SpamAssassin 3.2.3 > via the easy installation package. The latest version > > > > of ClamAV, version 0.92, is now available. If I want to upgrade ClamAV > independent from SpamAssassin and MailScanner, > > > > can I do so, or should I wait until a newer version of the easy > installation package is available? The information transmitted in this > electronic communication is intended only > > for the person or entity to whom it is addressed and may contain > confidential > > and/or privileged material. Any review, retransmission, dissemination or > other > > use of or taking of any action in reliance upon this information by > persons or > > entities other than the intended recipient is prohibited. If you > received this > > information in error, please contact the Compliance HelpLine at 800-856- > 1983 and > > properly dispose of this information. > > > > Actually I believe there are some Mail::ClamAV (clamavmodule) issues > that need to be resolved. Has anyone gotten Mail::ClamAV to compile > against the 0.92 libraries? > > > Steve > Steve Swaney, > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From darren at torsion.co.uk Wed Dec 19 12:19:40 2007 From: darren at torsion.co.uk (Darren Walker) Date: Wed Dec 19 12:21:01 2007 Subject: MailScanner problem - reinstall In-Reply-To: <6ef5e25398b47b4397179d5e4f6a472e@solidstatelogic.com> References: <4768386E.1030503@fsl.com> <6ef5e25398b47b4397179d5e4f6a472e@solidstatelogic.com> Message-ID: <097f01c84239$6e2819b0$1001a8c0@Lappy2> Hi, A problem occurred with MailScanner a few days ago. After a few days of trying to fix it in vain I eventually tried: rpm -e mailscanner The original version was 4.58 then I re-installed Mailscanner 4.65.3-1 but now I get the following message when I try to start it. I have removed it twice and re-installed but each time I get the same error. Does anyone have any ideas please? The server is BlueQuartz installation on Centos ERROR MESSAGE BELOW: [root@mail MailScanner-4.65.3-1]# /etc/rc.d/init.d/MailScanner start Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6907. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6910. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. [ OK ] [root@mail MailScanner-4.65.3-1]# Thanks Darren -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. From peter at farrows.org Wed Dec 19 12:27:05 2007 From: peter at farrows.org (Peter Farrow) Date: Wed Dec 19 12:27:28 2007 Subject: MailScanner problem - reinstall In-Reply-To: <097f01c84239$6e2819b0$1001a8c0@Lappy2> References: <4768386E.1030503@fsl.com> <6ef5e25398b47b4397179d5e4f6a472e@solidstatelogic.com> <097f01c84239$6e2819b0$1001a8c0@Lappy2> Message-ID: <47690E19.4060001@farrows.org> Darren Walker wrote: > Hi, > > A problem occurred with MailScanner a few days ago. After a few days of > trying to fix it in vain I eventually tried: > > rpm -e mailscanner > > The original version was 4.58 > > then I re-installed Mailscanner 4.65.3-1 > > but now I get the following message when I try to start it. > I have removed it twice and re-installed but each time I get the same error. > Does anyone have any ideas please? > > > The server is BlueQuartz installation on Centos > > ERROR MESSAGE BELOW: > > > [root@mail MailScanner-4.65.3-1]# /etc/rc.d/init.d/MailScanner start > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6907. > Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6910. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6907. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6910. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > [ OK ] > [root@mail MailScanner-4.65.3-1]# > > > Thanks Darren > > > Your problem is that perl-MailTools rpm is the wrong version, you probably have 2.02 install (rpm -qa | grep perl-MailTools -i ) if this is the case uninstall it (rpm -e --nodeps perl-MailTools ) and install the perl-MailTools 1.7x in the MailScanner installation dir. P. -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net From ajos1 at onion.demon.co.uk Wed Dec 19 12:51:30 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Wed Dec 19 12:51:42 2007 Subject: Mail-ClamAv / ClamAv Message-ID: - Julian Field wrote: >> >> Due to problems with it building the clamavmodule virus scanner, I have backed off to the previous version again. Sorry about that. >> For those interested... I spent hours (and hours) last week trying to get Mail-ClamAv to install... and in the end I managed to work out it failed for the following reason... Mail-ClamAv-0.20 was built with ClamAv 0.90 in mind (0.91 works) ... The reason why Mail-ClamAv-0.20 will not install/compile with ClamAv-0.92... is that clamav.h (provided by clamav) has changed a lot between 0.90 (0.91) and 0.92 with some #DEFINES disappearing. (If you need a quick hack, install in the following order: clamav-0.912, Mail-ClamAv-0.20 and then Clamav-0.92 ). I sent the maintainer this message last week (and he was going to do something when 0.92 was released). =================================== =================================== I am just writing to let you know that between clamav-0.91.2 and clamav-0.92rc2 there have been a number of changes to clamav.h ! These changes now stop Mail::ClamAv-0.20 from compiling. Mainly... these 3 lines have disappeared (plus others...) #define CL_ENCINIT -200 /* NodalCore initialization failed */ #define CL_ENCLOAD -201 /* error loading NodalCore database */ #define CL_ENCIO -202 /* general NodalCore I/O error */ Are you planning to do an update to: Mail-ClamAV-0.20 to take these changes into account? Original error: --------------- ClamAV.xs:326: error: 'CL_ENCINIT' undeclared (first use in this function) ClamAV.xs:326: error: (Each undeclared identifier is reported only once ClamAV.xs:326: error: for each function it appears in.) ClamAV.xs:327: error: 'CL_ENCLOAD' undeclared (first use in this function) ClamAV.xs:328: error: 'CL_ENCIO' undeclared (first use in this function) ClamAV.xs:331: error: 'CL_DB_NCORE' undeclared (first use in this function) make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/root/servers/perl_ext/Mail-ClamAV-0.20/_Inline/buil d/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /root/servers/perl_ext/Mail-ClamAV-0.20/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /root/servers/perl_ext/Mail-ClamAV-0.20/blib/lib/Mail/ClamAV.pm line 178 BEGIN failed--compilation aborted at /root/servers/perl_ext/Mail-ClamAV-0.20/bli b/lib/Mail/ClamAV.pm line 542. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 25 =================================== =================================== From shuttlebox at gmail.com Wed Dec 19 13:02:51 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Dec 19 13:02:59 2007 Subject: Mail-ClamAv / ClamAv In-Reply-To: References: Message-ID: <625385e30712190502m28b912aao1647b25278ac5183@mail.gmail.com> On Dec 19, 2007 1:51 PM, ajos1@onion.demon.co.uk wrote: > - > > Julian Field wrote: > >> > >> Due to problems with it building the clamavmodule virus scanner, I have backed off to the previous version again. Sorry about that. > >> > > > For those interested... I spent hours (and hours) last week trying to get Mail-ClamAv to install... and in the end I managed to work out it failed for the following reason... This has happened every other release of Clam...that Mail::Clamav gets out of sync. But now there's no reason to use it anymore when MS has support for clamd. Same speed and less memory used. -- /peter From mailing_lists+mailscanner at caleotech.com Wed Dec 19 13:26:05 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Wed Dec 19 13:26:23 2007 Subject: eTrust 8.1 and MailScanner Message-ID: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> Hi all, I have updated eTrust to version 8.1 (latest). Has anybody got this working with MailScanner ? I have run with my setup for several years without problem, MailScanner, sendmail, eTrust, clamavmodule, spamassassin ... After the update of eTrust only clamav reports infections. I have tested with eicar test file on command line and then both clamscan and inocmd32 reports the file as infected. Looking in SweepViruses.pm i found that inocm32 is called with the following parameters: -nex -arc -mod reviewer -spm h -act cure -sca mf And then searches for the string "is infected by virus:" in ProcessInoculateOutput. Running inocmd32 -nex -arc -mod reviewer -spm h -act cure -sca mf /tmp/eicar_test_file gives the following output: File /tmp/eicar_test_file cannot be cured of virus: the EICAR test string, and has been moved to /opt/etrust/ino/Move/b1a8c152-7b48-0001-cd13-6947522606ca.AVB Total Files Scanned: 1 Total Viruses Found: 1 Total Infected Files Found: 0 Total Cured Files: 0 Total Moved Files: 1 Scan Mode: Reviewer *** End Of Summary *** If I change the -act parameter so that we don't try to cure the file but report I get the output: inocmd32 -nex -arc -mod reviewer -spm h -act report -sca mf /tmp/eicar_test_file File /tmp/eicar_test_file is infected by virus: the EICAR test string Total Files Scanned: 1 Total Viruses Found: 1 Total Infected Files Found: 1 Scan Mode: Reviewer *** End Of Summary *** Now the output includes the magic string "is infected by virus:". I have tried to change the parameter in SweepViruses.pm to -act report instead of -act cure but MailScanner will not report that eTrust find the virus in the file anyway. I can see that MailScanner calls inocmd32 (running top). Any idea of what I'm doing wrong ? Also the etrust-autoupdate fails since InoDist isn't available in 8.1. I can live with that since I update agains local update server anyways... Any possibility for eTrust 8.1 support in MailScanner out of the box Jules ? Can I help in any way ? Sorry for the long post. Regards, Jens From glenn.steen at gmail.com Wed Dec 19 14:32:54 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Dec 19 14:33:06 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> Message-ID: <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> On 19/12/2007, Jens Ahlin wrote: > Hi all, > > I have updated eTrust to version 8.1 (latest). Has anybody got this > working with MailScanner ? > > I have run with my setup for several years without problem, MailScanner, > sendmail, eTrust, clamavmodule, spamassassin ... > > After the update of eTrust only clamav reports infections. I have tested > with eicar test file on command line and then both clamscan and inocmd32 > reports the file as infected. Looking in SweepViruses.pm i found that > inocm32 is called with the following parameters: > -nex -arc -mod reviewer -spm h -act cure -sca mf > > And then searches for the string "is infected by virus:" in > ProcessInoculateOutput. > > Running > inocmd32 -nex -arc -mod reviewer -spm h -act cure -sca mf > /tmp/eicar_test_file > Hm, normally you don't use the "disinfect" options unless explicitly setting "Deliver Disinfected Files = yes"... Do you have that? Unless you do, the relevant thing would be to test what output you get from inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file ... might be that the defaults have changed? > gives the following output: > File /tmp/eicar_test_file cannot be cured of virus: the EICAR test string, > and has been moved to > /opt/etrust/ino/Move/b1a8c152-7b48-0001-cd13-6947522606ca.AVB > > Total Files Scanned: 1 > Total Viruses Found: 1 > Total Infected Files Found: 0 > Total Cured Files: 0 > Total Moved Files: 1 > Scan Mode: Reviewer > > *** End Of Summary *** > > If I change the -act parameter so that we don't try to cure the file but > report I get the output: > inocmd32 -nex -arc -mod reviewer -spm h -act report -sca mf > /tmp/eicar_test_file > File /tmp/eicar_test_file is infected by virus: the EICAR test string > > Total Files Scanned: 1 > Total Viruses Found: 1 > Total Infected Files Found: 1 > Scan Mode: Reviewer > > *** End Of Summary *** > > Now the output includes the magic string "is infected by virus:". I have > tried to change the parameter in SweepViruses.pm to -act report instead of > -act cure but MailScanner will not report that eTrust find the virus in > the file anyway. I can see that MailScanner calls inocmd32 (running top). > > Any idea of what I'm doing wrong ? > > Also the etrust-autoupdate fails since InoDist isn't available in 8.1. I > can live with that since I update agains local update server anyways... > > Any possibility for eTrust 8.1 support in MailScanner out of the box Jules > ? Can I help in any way ? > > Sorry for the long post. > > Regards, > > Jens > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailing_lists+mailscanner at caleotech.com Wed Dec 19 14:39:52 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Wed Dec 19 14:40:11 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> Message-ID: <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> > On 19/12/2007, Jens Ahlin wrote: >> Hi all, >> >> I have updated eTrust to version 8.1 (latest). Has anybody got this >> working with MailScanner ? >> >> I have run with my setup for several years without problem, MailScanner, >> sendmail, eTrust, clamavmodule, spamassassin ... >> >> After the update of eTrust only clamav reports infections. I have tested >> with eicar test file on command line and then both clamscan and inocmd32 >> reports the file as infected. Looking in SweepViruses.pm i found that >> inocm32 is called with the following parameters: >> -nex -arc -mod reviewer -spm h -act cure -sca mf >> >> And then searches for the string "is infected by virus:" in >> ProcessInoculateOutput. >> >> Running >> inocmd32 -nex -arc -mod reviewer -spm h -act cure -sca mf >> /tmp/eicar_test_file >> > Hm, normally you don't use the "disinfect" options unless explicitly > setting "Deliver Disinfected Files = yes"... Do you have that? > Unless you do, the relevant thing would be to test what output you get > from > inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file > ... might be that the defaults have changed? > Thanks for that pointer. I noticed this myself just before your post. So I tried : inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file File /tmp/eicar_test_file is infected by virus: the EICAR test string Total Files Scanned: 1 Total Viruses Found: 1 Total Infected Files Found: 1 Scan Mode: Reviewer *** End Of Summary *** Still the same result :( >> gives the following output: >> File /tmp/eicar_test_file cannot be cured of virus: the EICAR test >> string, >> and has been moved to >> /opt/etrust/ino/Move/b1a8c152-7b48-0001-cd13-6947522606ca.AVB >> >> Total Files Scanned: 1 >> Total Viruses Found: 1 >> Total Infected Files Found: 0 >> Total Cured Files: 0 >> Total Moved Files: 1 >> Scan Mode: Reviewer >> >> *** End Of Summary *** >> >> If I change the -act parameter so that we don't try to cure the file but >> report I get the output: >> inocmd32 -nex -arc -mod reviewer -spm h -act report -sca mf >> /tmp/eicar_test_file >> File /tmp/eicar_test_file is infected by virus: the EICAR test string >> >> Total Files Scanned: 1 >> Total Viruses Found: 1 >> Total Infected Files Found: 1 >> Scan Mode: Reviewer >> >> *** End Of Summary *** >> >> Now the output includes the magic string "is infected by virus:". I have >> tried to change the parameter in SweepViruses.pm to -act report instead >> of >> -act cure but MailScanner will not report that eTrust find the virus in >> the file anyway. I can see that MailScanner calls inocmd32 (running >> top). >> >> Any idea of what I'm doing wrong ? >> >> Also the etrust-autoupdate fails since InoDist isn't available in 8.1. I >> can live with that since I update agains local update server anyways... >> >> Any possibility for eTrust 8.1 support in MailScanner out of the box >> Jules >> ? Can I help in any way ? >> >> Sorry for the long post. >> >> Regards, >> >> Jens >> > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Wed Dec 19 15:13:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 19 15:14:17 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> Message-ID: <4769352E.6090406@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please can you send me a full copy of the latest version of eTrust, together with any licence keys I'll need to make it work. Jens Ahlin wrote: >> On 19/12/2007, Jens Ahlin wrote: >> >>> Hi all, >>> >>> I have updated eTrust to version 8.1 (latest). Has anybody got this >>> working with MailScanner ? >>> >>> I have run with my setup for several years without problem, MailScanner, >>> sendmail, eTrust, clamavmodule, spamassassin ... >>> >>> After the update of eTrust only clamav reports infections. I have tested >>> with eicar test file on command line and then both clamscan and inocmd32 >>> reports the file as infected. Looking in SweepViruses.pm i found that >>> inocm32 is called with the following parameters: >>> -nex -arc -mod reviewer -spm h -act cure -sca mf >>> >>> And then searches for the string "is infected by virus:" in >>> ProcessInoculateOutput. >>> >>> Running >>> inocmd32 -nex -arc -mod reviewer -spm h -act cure -sca mf >>> /tmp/eicar_test_file >>> >>> >> Hm, normally you don't use the "disinfect" options unless explicitly >> setting "Deliver Disinfected Files = yes"... Do you have that? >> Unless you do, the relevant thing would be to test what output you get >> from >> inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file >> ... might be that the defaults have changed? >> >> > > Thanks for that pointer. > I noticed this myself just before your post. So I tried : > inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file > File /tmp/eicar_test_file is infected by virus: the EICAR test string > > Total Files Scanned: 1 > Total Viruses Found: 1 > Total Infected Files Found: 1 > Scan Mode: Reviewer > > *** End Of Summary *** > > Still the same result :( > > >>> gives the following output: >>> File /tmp/eicar_test_file cannot be cured of virus: the EICAR test >>> string, >>> and has been moved to >>> /opt/etrust/ino/Move/b1a8c152-7b48-0001-cd13-6947522606ca.AVB >>> >>> Total Files Scanned: 1 >>> Total Viruses Found: 1 >>> Total Infected Files Found: 0 >>> Total Cured Files: 0 >>> Total Moved Files: 1 >>> Scan Mode: Reviewer >>> >>> *** End Of Summary *** >>> >>> If I change the -act parameter so that we don't try to cure the file but >>> report I get the output: >>> inocmd32 -nex -arc -mod reviewer -spm h -act report -sca mf >>> /tmp/eicar_test_file >>> File /tmp/eicar_test_file is infected by virus: the EICAR test string >>> >>> Total Files Scanned: 1 >>> Total Viruses Found: 1 >>> Total Infected Files Found: 1 >>> Scan Mode: Reviewer >>> >>> *** End Of Summary *** >>> >>> Now the output includes the magic string "is infected by virus:". I have >>> tried to change the parameter in SweepViruses.pm to -act report instead >>> of >>> -act cure but MailScanner will not report that eTrust find the virus in >>> the file anyway. I can see that MailScanner calls inocmd32 (running >>> top). >>> >>> Any idea of what I'm doing wrong ? >>> >>> Also the etrust-autoupdate fails since InoDist isn't available in 8.1. I >>> can live with that since I update agains local update server anyways... >>> >>> Any possibility for eTrust 8.1 support in MailScanner out of the box >>> Jules >>> ? Can I help in any way ? >>> >>> Sorry for the long post. >>> >>> Regards, >>> >>> Jens >>> >>> >> Cheers >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHaTUvEfZZRxQVtlQRAre/AJ9GLIomcWLsYdgVt+29MhGFeigDUQCgogtl 7quSfZdCP/WvRdzuPh3WvaE= =ojSg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Dec 19 16:02:16 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Dec 19 16:02:29 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> Message-ID: <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> On 19/12/2007, Jens Ahlin wrote: > > On 19/12/2007, Jens Ahlin wrote: (snip) > > Hm, normally you don't use the "disinfect" options unless explicitly > > setting "Deliver Disinfected Files = yes"... Do you have that? > > Unless you do, the relevant thing would be to test what output you get > > from > > inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file > > ... might be that the defaults have changed? > > > > Thanks for that pointer. > I noticed this myself just before your post. So I tried : > inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file > File /tmp/eicar_test_file is infected by virus: the EICAR test string > > Total Files Scanned: 1 > Total Viruses Found: 1 > Total Infected Files Found: 1 > Scan Mode: Reviewer > > *** End Of Summary *** > > Still the same result :( > (snip) .... but .... isn't that the string we're after? If you run the wrapper on that file, what happens then? Try first something like /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus -IsItInstalled ... if that fails, well, then something is up with the installation/the assumptions about the installation (in the wrapper). You should of course use the third column in virus.scanners.conf (for the etrust line) as the first parameter:-). Then perhaps try /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus -nex -arc -mod reviewer -spm h /tmp/eicar_test_file ... and see what happens. If you had to amend virus.scanners.conf, check it with a finetoothed comb for errors;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rickt at rickt.org Wed Dec 19 16:36:40 2007 From: rickt at rickt.org (Rick Tait) Date: Wed Dec 19 16:36:49 2007 Subject: Very OT: bind/named question In-Reply-To: <200712132226.lBDMQobg010352@mxt.1bigthink.com> References: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> <224FA7E11EA39E45843E11CEBBD3A36F5A4AAE@HOUPEX01.nfsmith.info> <200712132226.lBDMQobg010352@mxt.1bigthink.com> Message-ID: <798375e00712190836s7b0b1a30tb1109ead6416749@mail.gmail.com> Glenn, Why is bind appending .sprintlink.net to everything? Something is definitely not right there..... RMT -- rick tait -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071219/f8389812/attachment.html From martinh at solidstatelogic.com Wed Dec 19 16:43:28 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Dec 19 16:43:41 2007 Subject: Very OT: bind/named question In-Reply-To: <798375e00712190836s7b0b1a30tb1109ead6416749@mail.gmail.com> Message-ID: <5537baa5c7546447a80abcd7588df89a@solidstatelogic.com> Rick Sure it's not nslookup/dig doing this?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rick Tait > Sent: 19 December 2007 16:37 > To: MailScanner discussion > Subject: Re: Very OT: bind/named question > > Glenn, > > Why is bind appending .sprintlink.net to everything? Something is > definitely not right there..... > > RMT > > > > -- > rick tait ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ajcartmell at fonant.com Wed Dec 19 16:52:46 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Dec 19 16:52:51 2007 Subject: Very OT: bind/named question In-Reply-To: <798375e00712190836s7b0b1a30tb1109ead6416749@mail.gmail.com> References: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> <224FA7E11EA39E45843E11CEBBD3A36F5A4AAE@HOUPEX01.nfsmith.info> <200712132226.lBDMQobg010352@mxt.1bigthink.com> <798375e00712190836s7b0b1a30tb1109ead6416749@mail.gmail.com> Message-ID: > Why is bind appending .sprintlink.net to everything? Something is > definitely not right there..... If you mean in your own DNS, and for the zone sprintlink.net, remember that full hostnames need to have a trailing dot in your zone files. Anthony -- www.fonant.com - Quality web sites From dnsadmin at 1bigthink.com Wed Dec 19 16:53:06 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Dec 19 16:53:35 2007 Subject: Very OT: bind/named question In-Reply-To: <798375e00712190836s7b0b1a30tb1109ead6416749@mail.gmail.com > References: <200712132057.lBDKvWAi018119@mxt.1bigthink.com> <224FA7E11EA39E45843E11CEBBD3A36F5A4AAE@HOUPEX01.nfsmith.info> <200712132226.lBDMQobg010352@mxt.1bigthink.com> <798375e00712190836s7b0b1a30tb1109ead6416749@mail.gmail.com> Message-ID: <200712191653.lBJGrJZE013628@mxt.1bigthink.com> At 11:36 AM 12/19/2007, you wrote: >Glenn, > >Why is bind appending .sprintlink.net to everything? Something is >definitely not right there..... > >RMT Thanks Rick, I was polling Sprintlink.net DNS and it was not answering. I fixed that and now poll my own DNS server, which does get answers from upstream Sprintlink.net servers (my ISP). The issue got mostly fixed, though still getting errors like this: Dec 19 10:35:40 mxt named[2104]: unexpected RCODE (REFUSED) resolving 'dns-sec-01.rdc-nyc.rr.com/A/IN': 24.29.99.13#53 Dec 19 10:48:57 mxt named[2104]: unexpected RCODE (REFUSED) resolving '88.250.216.24.in-addr.arpa/PTR/IN': 66.215.64.13#53 which I suspect are harmless, because my mail server is functioning fine with caching DNS. Thanks, Glenn Parsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sconway at wlnet.com Wed Dec 19 19:52:41 2007 From: sconway at wlnet.com (Stephen Conway) Date: Wed Dec 19 19:52:59 2007 Subject: Clamav updated to version 0.92 In-Reply-To: <4767DFB8.2090006@ecs.soton.ac.uk> References: <47678725.D87E.0068.3@aafp.org> <4767DFB8.2090006@ecs.soton.ac.uk> Message-ID: <006901c84278$b7842a60$268c7f20$@com> Please remove my email from this list Regards, Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, December 18, 2007 9:57 AM To: MailScanner discussion Subject: Re: Clamav updated to version 0.92 I have just posted a new version of the ClamAV + SpamAssassin tarball to www.mailscanner.info. Brad Beckenhauer wrote: > My MX boxes started complaining this am about clamav being outdated. I > checked clamav.net and sure enough, the current version is now 0.92 > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ShipMail Now 30% Faster From Kevin_Miller at ci.juneau.ak.us Wed Dec 19 20:04:42 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Dec 19 20:04:04 2007 Subject: Clamav updated to version 0.92 In-Reply-To: <006901c84278$b7842a60$268c7f20$@com> References: <47678725.D87E.0068.3@aafp.org> <4767DFB8.2090006@ecs.soton.ac.uk> <006901c84278$b7842a60$268c7f20$@com> Message-ID: Stephen Conway wrote: > Please remove my email from this list > > Regards, > > Steve You're able to do that yourself - click on the link in the footer of any of the posts and it will take you to the maillist page where you can alter your settings... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From rcooper at dwford.com Wed Dec 19 20:11:52 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Dec 19 20:12:04 2007 Subject: Clamav updated to version 0.92 In-Reply-To: References: <47678725.D87E.0068.3@aafp.org> <4767DFB8.2090006@ecs.soton.ac.uk><006901c84278$b7842a60$268c7f20$@com> Message-ID: <096301c8427b$653916f0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Kevin Miller > Sent: Wednesday, December 19, 2007 3:05 PM > To: MailScanner discussion > Subject: RE: Clamav updated to version 0.92 > > Stephen Conway wrote: > > Please remove my email from this list > > > > Regards, > > > > Steve > > You're able to do that yourself - click on the link in the > footer of any > of the posts and it will take you to the maillist page where you can > alter your settings... > > [...] Or look in the headers for help with doing it by email(as with most lists) : List-Id: MailScanner discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Dec 19 20:59:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 19 21:00:21 2007 Subject: [Fwd: MailScanner unsubscribe notification] Message-ID: <4769864B.80502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- Subject: MailScanner unsubscribe notification Date: Wed, 19 Dec 2007 20:50:39 +0000 From: mailman-bounces@lists.mailscanner.info To: mailscanner-owner@lists.mailscanner.info sconway@wlnet.com has been removed from MailScanner. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHaYZOEfZZRxQVtlQRAogFAJ0QTm8IAo1hrRXLmqFaky+74uAwCQCfVk+l Eub0EL4JrZOmsA4OqxGEdZA= =JH7u -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Wed Dec 19 21:15:24 2007 From: davejones70 at gmail.com (Dave Jones) Date: Wed Dec 19 21:15:33 2007 Subject: Notification for Password-Protected Archives Message-ID: <67a55ed50712191315w3a125a2w6e01d129027faea2@mail.gmail.com> Enhancement request: Is it possible to get notification working for "Allow Password-Protected Archives = no" similar to the "Notify Senders Of Blocked Filenames Or Filetypes ="? Our users are not aware that they have missed an email until a few days have passed and the sender contacts them about it. I am having to monitor an administrator mailbox that receives the notice and forward it to the user to inform them that they shouldn't use this type of file. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071219/88a7169a/attachment.html From MailScanner at ecs.soton.ac.uk Wed Dec 19 21:31:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 19 21:32:01 2007 Subject: Notification for Password-Protected Archives In-Reply-To: <67a55ed50712191315w3a125a2w6e01d129027faea2@mail.gmail.com> References: <67a55ed50712191315w3a125a2w6e01d129027faea2@mail.gmail.com> Message-ID: <47698DBB.80909@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is Notify Senders Of Other Blocked Content = yes not enough? If not, then I'll definitely consider it for you, but I would like to hear why the above setting isn't good enough for you. Jules. Dave Jones wrote: > Enhancement request: Is it possible to get notification working for > "Allow Password-Protected Archives = no" similar to the "Notify > Senders Of Blocked Filenames Or Filetypes ="? > > Our users are not aware that they have missed an email until a few > days have passed and the sender contacts them about it. I am having > to monitor an administrator mailbox that receives the notice and > forward it to the user to inform them that they shouldn't use this > type of file. > > -- > Dave Jones Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHaY29EfZZRxQVtlQRAuybAKCRcVhThBxGmwjWAGStAHw/kkyhfACdEeYW OtBaQD8+GxwrbGSvLMy8H24= =Ttfh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Dec 19 21:53:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 19 21:53:48 2007 Subject: Notification for Password-Protected Archives In-Reply-To: <47698DBB.80909@ecs.soton.ac.uk> References: <67a55ed50712191315w3a125a2w6e01d129027faea2@mail.gmail.com> <47698DBB.80909@ecs.soton.ac.uk> Message-ID: <476992D4.4000800@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You may need to add Non-Forging Viruses = Zip-Password Notify Senders = yes as well, or else your system may treat it as a "silent virus" and not do any reporting to anyone. Julian Field wrote: > * PGP Signed: 12/19/07 at 21:31:41 > > Is > Notify Senders Of Other Blocked Content = yes > not enough? > > If not, then I'll definitely consider it for you, but I would like to > hear why the above setting isn't good enough for you. > > Jules. > > Dave Jones wrote: >> Enhancement request: Is it possible to get notification working for >> "Allow Password-Protected Archives = no" similar to the "Notify >> Senders Of Blocked Filenames Or Filetypes ="? >> >> Our users are not aware that they have missed an email until a few >> days have passed and the sender contacts them about it. I am having >> to monitor an administrator mailbox that receives the notice and >> forward it to the user to inform them that they shouldn't use this >> type of file. >> >> -- >> Dave Jones > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHaZLWEfZZRxQVtlQRAuKYAJ9H5i7ad+81Xph+XnJEsWS3DuM5KACg7X00 c+J0Rw6KrrjvGfES39mHsWI= =JRUE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From joey.da3rd at gmail.com Wed Dec 19 22:02:21 2007 From: joey.da3rd at gmail.com (Joey Marino) Date: Wed Dec 19 22:02:31 2007 Subject: need help blocking emails to non-existent users Message-ID: I am currently running a mailscanner box on centos using sendmail that relays to my exchange server. I am trying to block email to non-existent users at the smtp level on the MX. I understand I have to somehow update sendmail with existent users in the active directory possibly using ldap. I can't seem to find any good documentation on how to do this. Many entries in the archive point to http://www.mailscanner.info/serve/cache/270.html but this doesn't exist anymore. I also found a sketchy bash script at http://the-jer.spaces.live.com/blog/cns!E4FBBD09FA146AF!128.entry but I don't like this approach either. I want to do all the work on the gateway. Can somebody point me to some good documentation or a healthy script that I could use to accomplish this? -- Joey Marino -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071219/10de614e/attachment.html From Kevin_Miller at ci.juneau.ak.us Wed Dec 19 22:23:37 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Dec 19 22:22:56 2007 Subject: need help blocking emails to non-existent users In-Reply-To: References: Message-ID: I'm using sms-sav to do that - it works quite well and is free. Another good solution is milter-ahead, although there's a reasonable charge for it. sms-sav is on sourceforge if memory serves. Certainly google will find it if not... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Joey Marino Sent: Wednesday, December 19, 2007 1:02 PM To: mailscanner@lists.mailscanner.info Subject: need help blocking emails to non-existent users I am currently running a mailscanner box on centos using sendmail that relays to my exchange server. I am trying to block email to non-existent users at the smtp level on the MX. I understand I have to somehow update sendmail with existent users in the active directory possibly using ldap. I can't seem to find any good documentation on how to do this. Many entries in the archive point to http://www.mailscanner.info/serve/cache/270.html but this doesn't exist anymore. I also found a sketchy bash script at http://the-jer.spaces.live.com/blog/cns!E4FBBD09FA146AF!128.entry but I don't like this approach either. I want to do all the work on the gateway. Can somebody point me to some good documentation or a healthy script that I could use to accomplish this? -- Joey Marino -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071219/49f33b80/attachment.html From richard.frovarp at sendit.nodak.edu Wed Dec 19 22:32:48 2007 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Dec 19 22:32:59 2007 Subject: need help blocking emails to non-existent users In-Reply-To: References: Message-ID: <47699C10.4010002@sendit.nodak.edu> Joey Marino wrote: > I am currently running a mailscanner box on centos using sendmail that > relays to my exchange server. I am trying to block email to > non-existent users at the smtp level on the MX. I understand I have to > somehow update sendmail with existent users in the active directory > possibly using ldap. I can't seem to find any good documentation on > how to do this. Many entries in the archive point to > http://www.mailscanner.info/serve/cache/270.html but this doesn't > exist anymore. I also found a sketchy bash script at > http://the-jer.spaces.live.com/blog/cns!E4FBBD09FA146AF!128.entry > > but I don't like this approach either. I want to do all the work on > the gateway. Can somebody point me to some good documentation or a > healthy script that I could use to accomplish this? What does your LDAP look like? Do you have mailLocalAddress and mailRoutingAddress information or something similar? If so, just use the LDAP-routing feature inside of sendmail. http://www.sendmail.org/m4/ldap_routing.html This way you don't have to worry about syncing anything. Load shouldn't be an issue either as it works quite quickly against Open LDAP. That should reject for users not in LDAP or who don't have the correct information in LDAP. From MailScanner at ecs.soton.ac.uk Wed Dec 19 22:33:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 19 22:34:10 2007 Subject: need help blocking emails to non-existent users In-Reply-To: References: Message-ID: <47699C4A.3070007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From the archives.... If you are using Exchange 2003 (or 2007 and have installed the relevant edge role on your 2007 mailbox server and have enabled the valid recipient checking, which is all documented in technet), then I would advise using milter-ahead instead of querying the list of valid addresses directly, as it's far more reliable. On Exchange 2003, there is a simple tick-box somewhere (Steve at FSL might be able to help you there) which enables SMTP-time rejection of invalid recipients. On Exchange 2007, you need to install the anti-spam agents on your hub transport server http://exchangepedia.com/blog/2006/09/how-to-install-anti-spam-agents-on-hub.html and then enable the invalid-recipient checks by doing Set-RecipientFilterConfig -RecipientValidationEnabled:$true in the Exchange Management Shell. Then use milter-ahead if you are using sendmail or Postfix, available from http://www.milter.info/sendmail/milter-ahead/ It will cost you ? 90 euros for a site licence for it, but it's well worth the small investment. This is a far more robust solution than trying to reliably read, parse and process all the Active Directory entries, which may be out of date on newly-created accounts, and require far more long-term maintenance than my solution above, which you can just setup and leave alone. Can someone add this to the wiki please? Thanks! Hope that helps get you going, Jules. Joey Marino wrote: > I am currently running a mailscanner box on centos using sendmail that > relays to my exchange server. I am trying to block email to > non-existent users at the smtp level on the MX. I understand I have to > somehow update sendmail with existent users in the active directory > possibly using ldap. I can't seem to find any good documentation on > how to do this. Many entries in the archive point to > http://www.mailscanner.info/serve/cache/270.html but this doesn't > exist anymore. I also found a sketchy bash script at > http://the-jer.spaces.live.com/blog/cns!E4FBBD09FA146AF!128.entry > > but I don't like this approach either. I want to do all the work on > the gateway. Can somebody point me to some good documentation or a > healthy script that I could use to accomplish this? > > -- > Joey Marino Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: windows-1252 wj8DBQFHaZxMEfZZRxQVtlQRAqg9AJwJRVXilR9BXD9rjOgNa490ZP3gcgCg9T0E 4oe8x/ecQrenasYP6/mPtq0= =rnRh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Carl.Andrews at crackerbarrel.com Wed Dec 19 22:38:46 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Wed Dec 19 22:38:58 2007 Subject: need help blocking emails to non-existent users In-Reply-To: Message-ID: I used getadsmtp.pl (http://www-personal.umich.edu/~malth/gaptuning/postfix/). I had to modify it and use it with a shell script to create my access/access.db but it works great. Using the getadsmtp.pl I am creating and /etc/mail/access file To: OK ... .. .. .. ERROR:User unknown in local recipient table then, /usr/sbin/makemap hash /etc/mail/access.db < /etc/mail/access The last line tells sendmail to reject anything for that domain that it does not already know about You will have to add these to sendmail.mc and rebuild sendmail.cf FEATURE(`delay_checks`,`friend', `n')dnl ' you could use hater, just not both FEATURE(`blacklist_recipients')dnl I am not 100% certain you need both of these but delay_checks is a definite. Thanks, Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Joey Marino Sent: Wednesday, December 19, 2007 4:02 PM To: mailscanner@lists.mailscanner.info Subject: need help blocking emails to non-existent users I am currently running a mailscanner box on centos using sendmail that relays to my exchange server. I am trying to block email to non-existent users at the smtp level on the MX. I understand I have to somehow update sendmail with existent users in the active directory possibly using ldap. I can't seem to find any good documentation on how to do this. Many entries in the archive point to http://www.mailscanner.info/serve/cache/270.html but this doesn't exist anymore. I also found a sketchy bash script at http://the-jer.spaces.live.com/blog/cns!E4FBBD09FA146AF!128.entry but I don't like this approach either. I want to do all the work on the gateway. Can somebody point me to some good documentation or a healthy script that I could use to accomplish this? -- Joey Marino -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071219/07d96735/attachment.html From drew.marshall at technologytiger.net Wed Dec 19 22:48:56 2007 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Wed Dec 19 22:49:16 2007 Subject: need help blocking emails to non-existent users In-Reply-To: <47699C4A.3070007@ecs.soton.ac.uk> References: <47699C4A.3070007@ecs.soton.ac.uk> Message-ID: On Wed, 19 Dec 2007 22:33:46 +0000, Julian Field wrote: > Then use milter-ahead if you are using sendmail or Postfix, available from > http://www.milter.info/sendmail/milter-ahead/ > It will cost you ? 90 euros for a site licence for it, but it's well > worth the small investment. Agreed if you are running Sendmail. POstfix has this functionality built it. Just use recipient_verification as one of your smtpd checks and you are done. > > This is a far more robust solution than trying to reliably read, parse > and process all the Active Directory entries, which may be out of date > on newly-created accounts, and require far more long-term maintenance > than my solution above, which you can just setup and leave alone. > > Can someone add this to the wiki please? I think you will find this is in the Postfix section already http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users (Watch for the wrapping) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Tiger Mail www.technologytiger.net/tigermail from Technology Tiger. Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From ms-list at alexb.ch Wed Dec 19 22:49:14 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Dec 19 22:49:43 2007 Subject: need help blocking emails to non-existent users In-Reply-To: <47699C4A.3070007@ecs.soton.ac.uk> References: <47699C4A.3070007@ecs.soton.ac.uk> Message-ID: <47699FEA.9050403@alexb.ch> On 12/19/2007 11:33 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > From the archives.... > > If you are using Exchange 2003 (or 2007 and have installed the relevant > edge role on your 2007 mailbox server and have enabled the valid > recipient checking, which is all documented in technet), then I would > advise using milter-ahead instead of querying the list of valid > addresses directly, as it's far more reliable. > > On Exchange 2003, there is a simple tick-box somewhere (Steve at FSL > might be able to help you there) which enables SMTP-time rejection of > invalid recipients. > On Exchange 2007, you need to install the anti-spam agents on your hub > transport server > http://exchangepedia.com/blog/2006/09/how-to-install-anti-spam-agents-on-hub.html > and then enable the invalid-recipient checks by doing > Set-RecipientFilterConfig -RecipientValidationEnabled:$true > in the Exchange Management Shell. > > Then use milter-ahead if you are using sendmail or Postfix, available from > http://www.milter.info/sendmail/milter-ahead/ > It will cost you ? 90 euros for a site licence for it, but it's well > worth the small investment. > > This is a far more robust solution than trying to reliably read, parse > and process all the Active Directory entries, which may be out of date > on newly-created accounts, and require far more long-term maintenance > than my solution above, which you can just setup and leave alone. > ... may want to add that milter-ahead's next release will support sendmail's mailertable and postfix's transport maps as a drop in for milter-ahead's call-ahead-db I'm testing the postfix transport maps and it rocks!!! h2h Alex From ms-list at alexb.ch Wed Dec 19 23:00:41 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Dec 19 23:00:54 2007 Subject: need help blocking emails to non-existent users In-Reply-To: References: <47699C4A.3070007@ecs.soton.ac.uk> Message-ID: <4769A299.20309@alexb.ch> On 12/19/2007 11:48 PM, Drew Marshall wrote: > On Wed, 19 Dec 2007 22:33:46 +0000, Julian Field > wrote: >> Then use milter-ahead if you are using sendmail or Postfix, available > from >> http://www.milter.info/sendmail/milter-ahead/ >> It will cost you ? 90 euros for a site licence for it, but it's well >> worth the small investment. > > Agreed if you are running Sendmail. POstfix has this functionality built > it. Just use recipient_verification as one of your smtpd checks and you are > done. >> This is a far more robust solution than trying to reliably read, parse >> and process all the Active Directory entries, which may be out of date >> on newly-created accounts, and require far more long-term maintenance >> than my solution above, which you can just setup and leave alone. >> >> Can someone add this to the wiki please? > > I think you will find this is in the Postfix section already > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users > (Watch for the wrapping) > Won't recipient_verification 550 the sender if the target server is unreachable? milter-ahead's action is configurable. Alex From MailScanner at ecs.soton.ac.uk Wed Dec 19 23:07:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 19 23:07:55 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 Message-ID: <4769A42F.6080208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have produced a patched version of this Perl module which should successfully build with ClamAV 0.92 installed. So to upgrade a test system, download the newest ClamAV+SpamAssassin package (including ClamAV 0.92) from http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz Unpack and install it as normal. The installation of Mail::ClamAV will fail, that is to be expected. Now download http://www.mailscanner.info/files/4/Mail-ClamAV-0.20.JKF.tar.gz Unpack and install it with tar xzf Mail-ClamAV-0.20.JKF.tar.gz cd Mail-ClamAV-0.20 perl Makefile.PL make make test make install If you're in luck today, that will successfully build, test and install. Now you should be in business, with a new ClamAV and a working "clamavmodule" virus scanner. Please tell me how you get on with this. All my mods are in the "JKF" subdirectory of the Mail-ClamAV-0.20 directory. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHaaQwEfZZRxQVtlQRAvyFAJ9ZeIasjfAL+v1JgKumuivxEtj9MACcCaAO iRLkF5LjaOAj4aZ2J7+B+IM= =SzdS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at technologytiger.net Wed Dec 19 23:33:06 2007 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Wed Dec 19 23:33:23 2007 Subject: need help blocking emails to non-existent users In-Reply-To: <4769A299.20309@alexb.ch> References: <4769A299.20309@alexb.ch> Message-ID: On Thu, 20 Dec 2007 00:00:41 +0100, Alex Broens wrote: > > Won't recipient_verification 550 the sender if the target server is > unreachable? > milter-ahead's action is configurable. No I believe it returns a 450 - verification in progress error. May be not as configurable but highly functional and built in (Which some might see as an advantage). Regards Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Tiger Mail www.technologytiger.net/tigermail from Technology Tiger. Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From jan-peter at koopmann.eu Wed Dec 19 23:51:48 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Wed Dec 19 23:52:06 2007 Subject: crm question Message-ID: <5F9EB2B0731E5B4D88FC20780DFD16100894ED@DE-SEXB01RZ.intern.seceidos.de> Hi, I just implemented crm today. Two things make me think: 1. I see a lot of learned documents in spam.css. More than spams above the spam threshold. 2. The accuracy right now is poor: Id:1J4v83-000EIG-MntSA Score:50.184 CRM114 Score:-0.15 Id:1J4vSG-000Eng-8jtSA Score:7.415 CRM114 Score:-0.56 Id:1J4vVR-000Esm-GHtSA Score:8.595 CRM114 Score:-0.10 Id:1J4vZO-000Eva-MOtSA Score:14.439 CRM114 Score:-0.33 Id:1J4vah-000ExY-GOtSA Score:21.129 CRM114 Score:14.96 Id:1J4vbt-000F0R-FqtSA Score:6.463 CRM114 Score:-1.52 Id:1J4vgb-000F5b-QGtSA Score:6.401 CRM114 Score:-0.40 Id:1J4vgf-000F5Q-JrtSA Score:6.439 CRM114 Score:-0.36 Id:1J4vgf-000F5S-HHtSA Score:6.401 CRM114 Score:-0.40 Id:1J4vsE-000FNu-1ktSA Score:7.616 CRM114 Score:-0.05 Id:1J4w68-000FeL-HwtSA Score:10.054 CRM114 Score:-0.09 Id:1J4xFR-000Hpa-CatSA Score:12.041 CRM114 Score:-0.33 Id:1J4xqF-000Ipa-0itSA Score:46.701 CRM114 Score:-0.22 Id:1J4y6U-000JJk-PhtSA Score:47.709 CRM114 Score:0.18 Id:1J4y8u-000JQj-CWtSA Score:10.574 CRM114 Score:0.46 Id:1J4yLX-000Jjj-HPtSA Score:39.997 CRM114 Score:0.90 Id:1J4yjL-000KTm-BXtSA Score:24.844 CRM114 Score:0.36 Id:1J4yjB-000KTa-94tSA Score:11.199 CRM114 Score:-0.02 Id:1J4ywH-000L0s-4VtSA Score:17.607 CRM114 Score:-0.03 Id:1J4yyY-000L5j-6RtSA Score:20.166 CRM114 Score:-0.29 Id:1J4z0m-000LC5-JmtSA Score:18.519 CRM114 Score:-0.40 Id:1J4zRY-000M1J-UrtSA Score:7.77 CRM114 Score:0.65 Id:1J4zhl-000Mbf-8htSA Score:11.473 CRM114 Score:0.47 Id:1J4znT-000MlI-UOtSA Score:12.217 CRM114 Score:2.63 Id:1J4zqC-000MvI-9wtSA Score:31.898 CRM114 Score:-0.11 Id:1J4zrk-000N1K-HztSA Score:21.626 CRM114 Score:0.73 Id:1J506N-000NWJ-4KtSA Score:35.986 CRM114 Score:0.75 Id:1J50eF-000Ocu-3UtSA Score:8.262 CRM114 Score:-0.48 Id:1J51He-000PxA-UotSA Score:21.383 CRM114 Score:0.81 Id:1J51WW-0000Qq-SutSA Score:7.187 CRM114 Score:-0.40 Id:1J525Y-0001I4-IktSA Score:43.963 CRM114 Score:1.06 Id:1J52Aw-0001QU-0ctSA Score:40.391 CRM114 Score:0.66 Id:1J52Sj-0001wY-8btSA Score:25.329 CRM114 Score:0.66 Id:1J54Ir-0004JM-IvtSA Score:18.02 CRM114 Score:0.02 Id:1J54ph-0005HH-TktSA Score:30.694 CRM114 Score:0.81 Id:1J54th-0005Ph-IZtSA Score:28.211 CRM114 Score:1.05 Id:1J55q8-0006Zw-VptSA Score:46.701 CRM114 Score:-0.22 Id:1J55qB-0006bS-VPtSA Score:36.446 CRM114 Score:0.65 Id:1J561i-0006p1-3itSA Score:18.866 CRM114 Score:0.36 Id:1J56cJ-0007at-M1tSA Score:21.154 CRM114 Score:0.48 Id:1J57fa-0008qe-BHtSA Score:15.118 CRM114 Score:0.09 Is this due to the few documents on my server? proxy:/server-root/spamlearn/crm # cssutil -b -r spam.css Sparse spectra file spam.css statistics: Total available buckets : 1048577 Total buckets in use : 26847 Total in-use zero-count buckets : 0 Total buckets with value >= max : 0 Total hashed datums in file : 30840 Documents learned : 645 Features learned : 30841 Average datums per bucket : 1.15 Maximum length of overflow chain : 4 Average length of overflow chain : 1.04 Average packing density : 0.03 proxy:/server-root/spamlearn/crm # cssutil -b -r nonspam.css Sparse spectra file nonspam.css statistics: Total available buckets : 1048577 Total buckets in use : 55127 Total in-use zero-count buckets : 0 Total buckets with value >= max : 0 Total hashed datums in file : 62625 Documents learned : 666 Features learned : 62626 Average datums per bucket : 1.14 Maximum length of overflow chain : 5 Average length of overflow chain : 1.08 Average packing density : 0.05 Will this improve automatically or is there something wrong with my setup? Kind regards, JP From davejones70 at gmail.com Thu Dec 20 02:55:27 2007 From: davejones70 at gmail.com (Dave Jones) Date: Thu Dec 20 02:55:36 2007 Subject: Notification for Password-Protected Archives Message-ID: <67a55ed50712191855w5ecd855dsa0678466d0816162@mail.gmail.com> I apologize. I found this in the MailScanner book shortly after posting this. Then it's in plain English in the MailScanner.conf. MailScanner is so flexible it's really amazing. You are awesome Jules!!!!! > Is > Notify Senders Of Other Blocked Content = yes > not enough? > > If not, then I'll definitely consider it for you, but I would like to > hear why the above setting isn't good enough for you. > > Jules. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071219/5fbde5ee/attachment.html From rpotter at rpcs.net Thu Dec 20 04:10:12 2007 From: rpotter at rpcs.net (Richard Potter) Date: Thu Dec 20 04:10:31 2007 Subject: Mail-ClamAv / ClamAv In-Reply-To: <625385e30712190502m28b912aao1647b25278ac5183@mail.gmail.com> References: <625385e30712190502m28b912aao1647b25278ac5183@mail.gmail.com> Message-ID: <39991.10.0.0.40.1198123812.squirrel@webmail.rpcs.net> On Wed, December 19, 2007 8:02 am, shuttlebox wrote: > On Dec 19, 2007 1:51 PM, ajos1@onion.demon.co.uk > wrote: >> Julian Field wrote: >> >> >> >> Due to problems with it building the clamavmodule virus scanner, I >> have backed off to the previous version again. Sorry about that. >> >> >> >> >> For those interested... I spent hours (and hours) last week trying to >> get Mail-ClamAv to install... and in the end I managed to work out it >> failed for the following reason... > > This has happened every other release of Clam...that Mail::Clamav gets > out of sync. But now there's no reason to use it anymore when MS has > support for clamd. Same speed and less memory used. I have also come to this conclusion. Anyone have thoughts on this, right or wrong? Richard From mailing_lists+mailscanner at caleotech.com Thu Dec 20 08:20:57 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Dec 20 08:21:11 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> Message-ID: <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> > On 19/12/2007, Jens Ahlin wrote: >> > On 19/12/2007, Jens Ahlin >> wrote: > (snip) >> > Hm, normally you don't use the "disinfect" options unless explicitly >> > setting "Deliver Disinfected Files = yes"... Do you have that? >> > Unless you do, the relevant thing would be to test what output you get >> > from >> > inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file >> > ... might be that the defaults have changed? >> > >> >> Thanks for that pointer. >> I noticed this myself just before your post. So I tried : >> inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file >> File /tmp/eicar_test_file is infected by virus: the EICAR test string >> >> Total Files Scanned: 1 >> Total Viruses Found: 1 >> Total Infected Files Found: 1 >> Scan Mode: Reviewer >> >> *** End Of Summary *** >> >> Still the same result :( >> > (snip) > .... but .... isn't that the string we're after? If you run the > wrapper on that file, what happens then? Try first something like > /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus -IsItInstalled > ... if that fails, well, then something is up with the > installation/the assumptions about the installation (in the wrapper). > You should of course use the third column in virus.scanners.conf (for > the etrust line) as the first parameter:-). Then perhaps try > /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus -nex -arc > -mod reviewer -spm h /tmp/eicar_test_file > ... and see what happens. If you had to amend virus.scanners.conf, > check it with a finetoothed comb for errors;-). > This gets even more fishy... Running this works: /usr/lib/MailScanner/etrust-wrapper /opt/etrust -nex -arc -mod reviewer -spm h /tmp/eicar_test_file File /tmp/eicar_test_file is infected by virus: the EICAR test string Total Files Scanned: 1 Total Viruses Found: 1 Total Infected Files Found: 1 Scan Mode: Reviewer *** End Of Summary *** Yes I have edited the virus.scanners.conf file since I don't have etrust installed at the same location as default. The finetoothed comb did not get cought... I also dug out the old bitdefender that I disabled (CPU hog) a while ago. bitdefender finds the eicar on command line but not when called from mailscanner. I have change MailScanner.conf to only run one scanner at the time. For me only clamav works. I have added debug printouts in SweepViruses.pm just before the scanner is executed and when the result is processed. (exec "$sweepcommand $instdir $voptions $subdir";) A programmer cannot get his finger out of the cookie jar :) Sadly though perl isn't my strong language :( The command that is executed are "/usr/lib/MailScanner/etrust-wrapper /opt/etrust -nex -arc -mod reviewer -spm h ." Running this command on command line work of course. (Started in a directory containg a eicar test file) /usr/lib/MailScanner/etrust-wrapper /opt/etrust -nex -arc -mod reviewer -spm h . File /root/eicar/./eicar_test_file is infected by virus: the EICAR test string Total Files Scanned: 1 Total Viruses Found: 1 Total Infected Files Found: 1 Scan Mode: Reviewer *** End Of Summary *** For me it looks like any scanner treated as a commercial scanner fails while clamavmodule works... Maybe it's time to start over with a fresh install of MailScanner... The config files has been upgraded for many years now... I am running MailScanner 4.65.3 on a fully updated CentOS 3 system. Jens From pascal.maes at elec.ucl.ac.be Thu Dec 20 10:09:29 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Dec 20 10:09:54 2007 Subject: Ruleset for Quarantine Infections In-Reply-To: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> References: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> Message-ID: <8E7BE26E-4302-4697-8402-840FC6BD70E5@elec.ucl.ac.be> Le 19-d?c.-07 ? 09:05, Glenn Steen a ?crit : > On 18/12/2007, Pascal Maes wrote: >> Hello, >> >> >> This mail is related to the thread "MailScanner could not analyze >> some >> mails". >> >> As it seems that all the messages which cannot be analyzed come from >> the same servers, >> I try to create a ruleset for the Quanrantine Infections : >> >> Quarantine Infections = %rules-dir%/quarantine.rules # was yes >> >> >> In the file quarantine.rules, I have : >> >> # >> # Quarantine Infections >> # >> >> # mail.register.be >> # >> From: 212.35.125. no >> From: /e-zone\.net/ no >> >> FromOrTo: default yes >> >> >> >> But today, I still have a mail which has been put in quarantine. >> The "postcat" of the file gives : >> >> # postcat 4B600EFB74 >> *** ENVELOPE RECORDS 4B600EFB74 *** >> message_size: 3440 586 >> 1 0 3440 >> message_arrival_time: Tue Dec 18 12:17:17 2007 >> create_time: Tue Dec 18 12:17:17 2007 >> named_attribute: rewrite_context=local >> sender: >> named_attribute: log_client_name=localhost.localdomain >> named_attribute: log_client_address=127.0.0.1 >> named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] >> named_attribute: log_helo_name=smtp4.sgsi.ucl.ac.be >> named_attribute: log_protocol_name=ESMTP >> named_attribute: client_name=localhost.localdomain >> named_attribute: reverse_client_name=localhost.localdomain >> named_attribute: client_address=127.0.0.1 >> named_attribute: helo_name=smtp4.sgsi.ucl.ac.be >> named_attribute: client_address_type=2 >> named_attribute: dsn_orig_rcpt=rfc822;autenne@cpdr.ucl.ac.be >> original_recipient: autenne@cpdr.ucl.ac.be >> recipient: autenne@cpdr.ucl.ac.be >> *** MESSAGE CONTENTS 4B600EFB74 *** >> Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain >> [127.0.0.1]) >> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 4B600EFB74 >> for ; Tue, 18 Dec 2007 12:17:17 >> +0100 (CET) >> Received: from mail5.e-zone.net (unknown [212.35.125.179]) >> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP >> for ; Tue, 18 Dec 2007 12:17:17 >> +0100 (CET) >> Message-Id: >> Date: Tue, 18 Dec 2007 12:17:05 +0100 >> >> >> What's wrong with the quarantine ruleset ? >> >> Thanks > The ruleset works with the envelope information, not what happens to > be in the (possibly forged) RFC822 message, so you should look above > the "*** MESSAGE ..." line. > As you can see there, it is seen as locally supplied. Is this perhaps > a release from quarantine? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Hello, I have followed the instructions from bu we have also an before-queue filter (clamsmtp) that could explain why the mail is coming from our server. I have changed the way tat the message is re-inected into postfix from clamsmtp. Now we have : # postcat 98B581C5CE2 *** ENVELOPE RECORDS 98B581C5CE2 *** message_size: 2970 545 1 0 2970 message_arrival_time: Thu Dec 20 11:02:02 2007 create_time: Thu Dec 20 11:02:02 2007 named_attribute: rewrite_context=remote sender: named_attribute: log_client_address=212.35.125.182 named_attribute: log_message_origin=unknown[212.35.125.182] named_attribute: log_helo_name=web3.e-zone.net named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost.localdomain named_attribute: reverse_client_name=localhost.localdomain named_attribute: client_address=127.0.0.1 named_attribute: helo_name=smtp3.sgsi.ucl.ac.be named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;pascal.maes@uclouvain.be original_recipient: pascal.maes@uclouvain.be recipient: pascal.maes@uclouvain.be *** MESSAGE CONTENTS 98B581C5CE2 *** [...] And the message is still put in quarantine ! Regards, -- Pascal From glenn.steen at gmail.com Thu Dec 20 12:07:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 20 12:07:31 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> Message-ID: <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> On 20/12/2007, Jens Ahlin wrote: > > On 19/12/2007, Jens Ahlin wrote: > >> > On 19/12/2007, Jens Ahlin > >> wrote: > > (snip) > >> > Hm, normally you don't use the "disinfect" options unless explicitly > >> > setting "Deliver Disinfected Files = yes"... Do you have that? > >> > Unless you do, the relevant thing would be to test what output you get > >> > from > >> > inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file > >> > ... might be that the defaults have changed? > >> > > >> > >> Thanks for that pointer. > >> I noticed this myself just before your post. So I tried : > >> inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file > >> File /tmp/eicar_test_file is infected by virus: the EICAR test string > >> > >> Total Files Scanned: 1 > >> Total Viruses Found: 1 > >> Total Infected Files Found: 1 > >> Scan Mode: Reviewer > >> > >> *** End Of Summary *** > >> > >> Still the same result :( > >> > > (snip) > > .... but .... isn't that the string we're after? If you run the > > wrapper on that file, what happens then? Try first something like > > /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus -IsItInstalled > > ... if that fails, well, then something is up with the > > installation/the assumptions about the installation (in the wrapper). > > You should of course use the third column in virus.scanners.conf (for > > the etrust line) as the first parameter:-). Then perhaps try > > /usr/lib/MailScanner/etrust-wrapper /opt/eTrustAntivirus -nex -arc > > -mod reviewer -spm h /tmp/eicar_test_file > > ... and see what happens. If you had to amend virus.scanners.conf, > > check it with a finetoothed comb for errors;-). > > > > This gets even more fishy... > Running this works: > /usr/lib/MailScanner/etrust-wrapper /opt/etrust -nex -arc -mod reviewer > -spm h /tmp/eicar_test_file > File /tmp/eicar_test_file is infected by virus: the EICAR test string > > Total Files Scanned: 1 > Total Viruses Found: 1 > Total Infected Files Found: 1 > Scan Mode: Reviewer > > *** End Of Summary *** > > Yes I have edited the virus.scanners.conf file since I don't have etrust > installed at the same location as default. The finetoothed comb did not > get cought... > > I also dug out the old bitdefender that I disabled (CPU hog) a while ago. > bitdefender finds the eicar on command line but not when called from > mailscanner. I have change MailScanner.conf to only run one scanner at the > time. For me only clamav works. > I have added debug printouts in SweepViruses.pm just before the scanner is > executed and when the result is processed. (exec "$sweepcommand $instdir > $voptions $subdir";) A programmer cannot get his finger out of the cookie > jar :) Sadly though perl isn't my strong language :( > > The command that is executed are "/usr/lib/MailScanner/etrust-wrapper > /opt/etrust -nex -arc -mod reviewer -spm h ." > > Running this command on command line work of course. (Started in a > directory containg a eicar test file) > > /usr/lib/MailScanner/etrust-wrapper /opt/etrust -nex -arc -mod reviewer > -spm h . > File /root/eicar/./eicar_test_file is infected by virus: the EICAR test > string > > Total Files Scanned: 1 > Total Viruses Found: 1 > Total Infected Files Found: 1 > Scan Mode: Reviewer > > *** End Of Summary *** > > > For me it looks like any scanner treated as a commercial scanner fails > while clamavmodule works... > > Maybe it's time to start over with a fresh install of MailScanner... The > config files has been upgraded for many years now... I am running > MailScanner 4.65.3 on a fully updated CentOS 3 system. > > > Jens > Might be "te solution"...:-). Before doing that though... What MTA do you use? If Postfix, then check as the user you run it as... Might be something environment-dependant... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailing_lists+mailscanner at caleotech.com Thu Dec 20 12:54:10 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Dec 20 12:54:24 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> Message-ID: <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> (snip) >> > Might be "te solution"...:-). > Before doing that though... What MTA do you use? If Postfix, then > check as the user you run it as... Might be something > environment-dependant... > I thought of that but no luck there either... I'm running sendmail, and it's works for the sendmail user. (root) Jens > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From FStein at thehill.org Thu Dec 20 12:56:11 2007 From: FStein at thehill.org (Stein, Mr. Fred) Date: Thu Dec 20 12:57:15 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <4769A42F.6080208@ecs.soton.ac.uk> References: <4769A42F.6080208@ecs.soton.ac.uk> Message-ID: Julian, It installed, but the make test had this error. Centos 4.6 MailScanner 4.66.4.3 [root@clyde Mail-ClamAV-0.20]# make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....NOK 2 # Failed test 'Constants' # at t/Mail-ClamAV.t line 90. t/Mail-ClamAV....ok 3/10# Looks like you failed 1 test of 10. t/Mail-ClamAV....dubious Test returned status 1 (wstat 256, 0x100) DIED. FAILED test 2 Failed 1/10 tests, 90.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Mail-ClamAV.t 1 256 10 1 10.00% 2 Failed 1/1 test scripts, 0.00% okay. 1/10 subtests failed, 90.00% okay. make: *** [test_dynamic] Error 1 Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA? 19464 fstein@thehill.org www.thehill.org -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, December 19, 2007 6:07 PM To: MailScanner discussion Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have produced a patched version of this Perl module which should successfully build with ClamAV 0.92 installed. So to upgrade a test system, download the newest ClamAV+SpamAssassin package (including ClamAV 0.92) from http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz Unpack and install it as normal. The installation of Mail::ClamAV will fail, that is to be expected. Now download http://www.mailscanner.info/files/4/Mail-ClamAV-0.20.JKF.tar.gz Unpack and install it with tar xzf Mail-ClamAV-0.20.JKF.tar.gz cd Mail-ClamAV-0.20 perl Makefile.PL make make test make install If you're in luck today, that will successfully build, test and install. Now you should be in business, with a new ClamAV and a working "clamavmodule" virus scanner. Please tell me how you get on with this. All my mods are in the "JKF" subdirectory of the Mail-ClamAV-0.20 directory. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHaaQwEfZZRxQVtlQRAvyFAJ9ZeIasjfAL+v1JgKumuivxEtj9MACcCaAO iRLkF5LjaOAj4aZ2J7+B+IM= =SzdS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jaearick at colby.edu Thu Dec 20 13:06:06 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Dec 20 13:06:23 2007 Subject: Mail-ClamAv / ClamAv In-Reply-To: <39991.10.0.0.40.1198123812.squirrel@webmail.rpcs.net> References: <625385e30712190502m28b912aao1647b25278ac5183@mail.gmail.com> <39991.10.0.0.40.1198123812.squirrel@webmail.rpcs.net> Message-ID: On Wed, 19 Dec 2007, Richard Potter wrote: > Date: Wed, 19 Dec 2007 23:10:12 -0500 (EST) > From: Richard Potter > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Mail-ClamAv / ClamAv > > On Wed, December 19, 2007 8:02 am, shuttlebox wrote: >> On Dec 19, 2007 1:51 PM, ajos1@onion.demon.co.uk >> wrote: > >>> Julian Field wrote: >>>>> >>>>> Due to problems with it building the clamavmodule virus scanner, I >>> have backed off to the previous version again. Sorry about that. >>>>> >>> >>> >>> For those interested... I spent hours (and hours) last week trying to >>> get Mail-ClamAv to install... and in the end I managed to work out it >>> failed for the following reason... >> >> This has happened every other release of Clam...that Mail::Clamav gets >> out of sync. But now there's no reason to use it anymore when MS has >> support for clamd. Same speed and less memory used. > > I have also come to this conclusion. Anyone have thoughts on this, right > or wrong? I've got to agree here... Clamavmodule was always a PITA with the perl module being out of sync. The only reason I used it was speed. Clamd has worked great since Julian introduced it to MailScanner. My two cents: offer clamd or the original clamav version for people who can't get clamd to go, and yank the clamavmodule stuff outta there... Jeff Earickson Colby College From glenn.steen at gmail.com Thu Dec 20 13:34:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 20 13:34:51 2007 Subject: Ruleset for Quarantine Infections In-Reply-To: <8E7BE26E-4302-4697-8402-840FC6BD70E5@elec.ucl.ac.be> References: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> <8E7BE26E-4302-4697-8402-840FC6BD70E5@elec.ucl.ac.be> Message-ID: <223f97700712200534r52c98a88u3af845e36e22fd2f@mail.gmail.com> On 20/12/2007, Pascal Maes wrote: > > Le 19-d?c.-07 ? 09:05, Glenn Steen a ?crit : > > > On 18/12/2007, Pascal Maes wrote: > >> Hello, > >> > >> > >> This mail is related to the thread "MailScanner could not analyze > >> some > >> mails". > >> > >> As it seems that all the messages which cannot be analyzed come from > >> the same servers, > >> I try to create a ruleset for the Quanrantine Infections : > >> > >> Quarantine Infections = %rules-dir%/quarantine.rules # was yes > >> > >> > >> In the file quarantine.rules, I have : > >> > >> # > >> # Quarantine Infections > >> # > >> > >> # mail.register.be > >> # > >> From: 212.35.125. no > >> From: /e-zone\.net/ no > >> > >> FromOrTo: default yes > >> > >> > >> > >> But today, I still have a mail which has been put in quarantine. > >> The "postcat" of the file gives : > >> > >> # postcat 4B600EFB74 > >> *** ENVELOPE RECORDS 4B600EFB74 *** > >> message_size: 3440 586 > >> 1 0 3440 > >> message_arrival_time: Tue Dec 18 12:17:17 2007 > >> create_time: Tue Dec 18 12:17:17 2007 > >> named_attribute: rewrite_context=local > >> sender: > >> named_attribute: log_client_name=localhost.localdomain > >> named_attribute: log_client_address=127.0.0.1 > >> named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] > >> named_attribute: log_helo_name=smtp4.sgsi.ucl.ac.be > >> named_attribute: log_protocol_name=ESMTP > >> named_attribute: client_name=localhost.localdomain > >> named_attribute: reverse_client_name=localhost.localdomain > >> named_attribute: client_address=127.0.0.1 > >> named_attribute: helo_name=smtp4.sgsi.ucl.ac.be > >> named_attribute: client_address_type=2 > >> named_attribute: dsn_orig_rcpt=rfc822;autenne@cpdr.ucl.ac.be > >> original_recipient: autenne@cpdr.ucl.ac.be > >> recipient: autenne@cpdr.ucl.ac.be > >> *** MESSAGE CONTENTS 4B600EFB74 *** > >> Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain > >> [127.0.0.1]) > >> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 4B600EFB74 > >> for ; Tue, 18 Dec 2007 12:17:17 > >> +0100 (CET) > >> Received: from mail5.e-zone.net (unknown [212.35.125.179]) > >> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP > >> for ; Tue, 18 Dec 2007 12:17:17 > >> +0100 (CET) > >> Message-Id: > >> Date: Tue, 18 Dec 2007 12:17:05 +0100 > >> > >> > >> What's wrong with the quarantine ruleset ? > >> > >> Thanks > > The ruleset works with the envelope information, not what happens to > > be in the (possibly forged) RFC822 message, so you should look above > > the "*** MESSAGE ..." line. > > As you can see there, it is seen as locally supplied. Is this perhaps > > a release from quarantine? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Hello, > > > I have followed the instructions from > > bu we have also an before-queue filter (clamsmtp) that could explain > why the mail is coming from our server. > > I have changed the way tat the message is re-inected into postfix from > clamsmtp. > Now we have : > > # postcat 98B581C5CE2 > *** ENVELOPE RECORDS 98B581C5CE2 *** > message_size: 2970 545 > 1 0 2970 > message_arrival_time: Thu Dec 20 11:02:02 2007 > create_time: Thu Dec 20 11:02:02 2007 > named_attribute: rewrite_context=remote > sender: > named_attribute: log_client_address=212.35.125.182 > named_attribute: log_message_origin=unknown[212.35.125.182] > named_attribute: log_helo_name=web3.e-zone.net > named_attribute: log_protocol_name=ESMTP > named_attribute: client_name=localhost.localdomain > named_attribute: reverse_client_name=localhost.localdomain > named_attribute: client_address=127.0.0.1 > named_attribute: helo_name=smtp3.sgsi.ucl.ac.be > named_attribute: client_address_type=2 > named_attribute: dsn_orig_rcpt=rfc822;pascal.maes@uclouvain.be > original_recipient: pascal.maes@uclouvain.be > recipient: pascal.maes@uclouvain.be > *** MESSAGE CONTENTS 98B581C5CE2 *** > [...] > Looking good so far:-). > > And the message is still put in quarantine ! What reason is given? The same? If you try the setting with the MailScanner command, does it return the expected result? MailScanner --value=quarantineinfections --ip=212.35.125.182 ... or similar, what do you get? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From campbell at cnpapers.com Thu Dec 20 13:35:04 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Dec 20 13:35:22 2007 Subject: need help blocking emails to non-existent users In-Reply-To: References: Message-ID: <476A6F88.4070904@cnpapers.com> Joey Marino wrote: > I am currently running a mailscanner box on centos using sendmail that > relays to my exchange server. I am trying to block email to > non-existent users at the smtp level on the MX. I understand I have to > somehow update sendmail with existent users in the active directory > possibly using ldap. I can't seem to find any good documentation on > how to do this. Many entries in the archive point to > http://www.mailscanner.info/serve/cache/270.html but this doesn't > exist anymore. I also found a sketchy bash script at > http://the-jer.spaces.live.com/blog/cns!E4FBBD09FA146AF!128.entry > > but I don't like this approach either. I want to do all the work on > the gateway. Can somebody point me to some good documentation or a > healthy script that I could use to accomplish this? > > -- > Joey Marino I run MimeDefang for this singular purpose, although MD will do lots more if I ever need the extra functionality. I use the md_check_against_smtp_server function and throw away the mail immediately if it returns an invalid recipient. Steve Campbell From glenn.steen at gmail.com Thu Dec 20 13:36:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 20 13:36:51 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> Message-ID: <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> On 20/12/2007, Jens Ahlin wrote: > (snip) > >> > > Might be "te solution"...:-). > > Before doing that though... What MTA do you use? If Postfix, then > > check as the user you run it as... Might be something > > environment-dependant... > > > > I thought of that but no luck there either... > I'm running sendmail, and it's works for the sendmail user. (root) > > Jens Ok, and if you try clamav instead of clamavmodule, does that work? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve at fsl.com Thu Dec 20 13:55:15 2007 From: steve at fsl.com (Stephen Swaney) Date: Thu Dec 20 13:55:26 2007 Subject: Mail-ClamAv / ClamAv In-Reply-To: References: <625385e30712190502m28b912aao1647b25278ac5183@mail.gmail.com> <39991.10.0.0.40.1198123812.squirrel@webmail.rpcs.net> Message-ID: <476A7443.4030407@fsl.com> Jeff A. Earickson wrote: > On Wed, 19 Dec 2007, Richard Potter wrote: > >> Date: Wed, 19 Dec 2007 23:10:12 -0500 (EST) >> From: Richard Potter >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: Mail-ClamAv / ClamAv >> >> On Wed, December 19, 2007 8:02 am, shuttlebox wrote: >>> On Dec 19, 2007 1:51 PM, ajos1@onion.demon.co.uk >>> wrote: >> >>>> Julian Field wrote: >>>>>> >>>>>> Due to problems with it building the clamavmodule virus scanner, I >>>> have backed off to the previous version again. Sorry about that. >>>>>> >>>> >>>> >>>> For those interested... I spent hours (and hours) last week trying to >>>> get Mail-ClamAv to install... and in the end I managed to work out it >>>> failed for the following reason... >>> >>> This has happened every other release of Clam...that Mail::Clamav gets >>> out of sync. But now there's no reason to use it anymore when MS has >>> support for clamd. Same speed and less memory used. >> >> I have also come to this conclusion. Anyone have thoughts on this, right >> or wrong? > > I've got to agree here... Clamavmodule was always a PITA with the > perl module being out of sync. The only reason I used it was speed. > Clamd > has worked great since Julian introduced it to MailScanner. My two > cents: offer clamd or the original clamav version for people who can't > get clamd to go, and yank the clamavmodule stuff outta there... > > Jeff Earickson > Colby College The only drawback might be what happens when clamd dies and I've seen this happen. Do you run a keepalive wrapper on clamd? Steve Steve Swaney www.fsl.com From dgottsc at emory.edu Thu Dec 20 14:10:24 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Dec 20 14:10:47 2007 Subject: ClamAV 0.92 Message-ID: Anyone running ClamAV 0.92 OK? I just got this alert, and looks like it is time to upgrade..... TITLE: ClamAV "cli_scanpe()" MEW Handling Integer Overflow SECUNIA ADVISORY ID: SA28117 VERIFY ADVISORY: http://secunia.com/advisories/28117/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Clam AntiVirus (clamav) 0.x http://secunia.com/product/2538/ DESCRIPTION: A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to an integer overflow error within the "cli_scanpe()" function when handling MEW packed executables. This can be exploited to cause a heap-based buffer overflow via specially crafted "ssize" and "dsize" values. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions prior to 0.92. SOLUTION: Update to version 0.92. PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous researcher and reported via iDefense Labs. ORIGINAL ADVISORY: ClamAV: http://sourceforge.net/project/shownotes.php?release_id=562254&group_id=86638 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634 David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From mailing_lists+mailscanner at caleotech.com Thu Dec 20 14:11:54 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Dec 20 14:12:07 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> Message-ID: <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> > On 20/12/2007, Jens Ahlin wrote: >> (snip) >> >> >> > Might be "te solution"...:-). >> > Before doing that though... What MTA do you use? If Postfix, then >> > check as the user you run it as... Might be something >> > environment-dependant... >> > >> >> I thought of that but no luck there either... >> I'm running sendmail, and it's works for the sendmail user. (root) >> >> Jens > Ok, and if you try clamav instead of clamavmodule, does that work? > Hmmm. Looking in the log clamav found the virus but MailScanner did not report it to postmaster and quarantined the virus as with clamavmodule. I have the Do not deliver virus setting = yes. sendmail log: Dec 20 14:59:50 tiger MailScanner[7470]: Virus and Content Scanning: Starting Dec 20 14:59:52 tiger MailScanner[7470]: /var/spool/MailScanner/incoming/7470/./lBKDx5uM007473.message: Eicar-Test-Signature FOUND Dec 20 14:59:52 tiger MailScanner[7470]: Virus Scanning: ClamAV found 1 infections Dec 20 15:02:03 tiger MailScanner[7470]: Virus Scanning: Found 1 viruses Dec 20 15:02:03 tiger MailScanner[7470]: Uninfected: Delivered 1 messages Dec 20 15:02:03 tiger MailScanner[7470]: Logging message lBKE1nAY008068 to SQL Dec 20 15:02:03 tiger MailScanner[7466]: lBKE1nAY008068: Logged to MailWatch SQL Dec 20 15:02:04 tiger sendmail[8132]: STARTTLS=client, relay=mail.yyyyy.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Dec 20 15:02:04 tiger sendmail[8132]: lBKE1nAY008068: to=, Maybe it's time to look back into the backupsets and see if I have made some changes ... feels like all exec's fails... Jens > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Thu Dec 20 14:18:40 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Dec 20 14:18:49 2007 Subject: Mail-ClamAv / ClamAv In-Reply-To: <476A7443.4030407@fsl.com> References: <625385e30712190502m28b912aao1647b25278ac5183@mail.gmail.com> <39991.10.0.0.40.1198123812.squirrel@webmail.rpcs.net> <476A7443.4030407@fsl.com> Message-ID: <625385e30712200618s706b2b8epe8b953755203e8b0@mail.gmail.com> On Dec 20, 2007 2:55 PM, Stephen Swaney wrote: > The only drawback might be what happens when clamd dies and I've seen > this happen. Do you run a keepalive wrapper on clamd? I don't have to do that since Solaris Service Management Facility takes care of keeping enabled services running. On other OS:es a very simple script run from cron every few minutes takes care of that, lots of things needs to be running on a server so this is nothing new, there's plenty of utilities to do this as well. It also seems the unstable days of clamd are over, I haven't had a restart yet. :-) -- /peter From merkel at metalink.net Thu Dec 20 14:20:17 2007 From: merkel at metalink.net (Eric Merkel) Date: Thu Dec 20 14:22:09 2007 Subject: CentOS 5 yum updates breaks MailScanner Message-ID: <006701c84313$727b6c30$27c8a8c0@staff.metalink.net> I was in the process of setting up a new MailScanner box on Centos 5. I had finished installing MailScanner Version 4.65.3-1 for RedHat and tweaking the system to my liking, I figured I would do a yum update before putting into production. I didn't think anything of it at the time, but there were several perl updates from the rpmforge repo which I added to install clamav from. In any case after doing the updates, MailScanner fails to start. My questions is, since MailScanner builds a lot of it's own perl rpms from source during the install script, is there a way to keep further yum updates from updating or overriding what MailScanner has built? This is my first time installing MailScanner on Centos so I am not really familiar with the best procedure to keep the OS as well as MailScanner up to date. Is there a best practice for doing this? Eric Merkel / MetaLINK Technologies, Inc From glenn.steen at gmail.com Thu Dec 20 14:27:16 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 20 14:27:32 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> Message-ID: <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> On 20/12/2007, Jens Ahlin wrote: > > On 20/12/2007, Jens Ahlin wrote: > >> (snip) > >> >> > >> > Might be "te solution"...:-). > >> > Before doing that though... What MTA do you use? If Postfix, then > >> > check as the user you run it as... Might be something > >> > environment-dependant... > >> > > >> > >> I thought of that but no luck there either... > >> I'm running sendmail, and it's works for the sendmail user. (root) > >> > >> Jens > > Ok, and if you try clamav instead of clamavmodule, does that work? > > > > Hmmm. Looking in the log clamav found the virus but MailScanner did not > report it to postmaster and quarantined the virus as with clamavmodule. I > have the Do not deliver virus setting = yes. > > sendmail log: > Dec 20 14:59:50 tiger MailScanner[7470]: Virus and Content Scanning: Starting > Dec 20 14:59:52 tiger MailScanner[7470]: > /var/spool/MailScanner/incoming/7470/./lBKDx5uM007473.message: > Eicar-Test-Signature FOUND > Dec 20 14:59:52 tiger MailScanner[7470]: Virus Scanning: ClamAV found 1 > infections > Dec 20 15:02:03 tiger MailScanner[7470]: Virus Scanning: Found 1 viruses > Dec 20 15:02:03 tiger MailScanner[7470]: Uninfected: Delivered 1 messages > Dec 20 15:02:03 tiger MailScanner[7470]: Logging message lBKE1nAY008068 to > SQL > Dec 20 15:02:03 tiger MailScanner[7466]: lBKE1nAY008068: Logged to > MailWatch SQL > Dec 20 15:02:04 tiger sendmail[8132]: STARTTLS=client, > relay=mail.yyyyy.com., version=TLSv1/SSLv3, verify=FAIL, > cipher=DHE-RSA-AES256-SHA, bits=256/256 > Dec 20 15:02:04 tiger sendmail[8132]: lBKE1nAY008068: to=, > > Maybe it's time to look back into the backupsets and see if I have made > some changes ... > > feels like all exec's fails... > > Jens ... Or something similar, yep. And since there isn't a whole lot of others chiming in with you, one can probably draw the conclusion the problem is limited to ... your particular installation. Tell us more about it... Pehraps show a MailScanner -V ... might be (yet another) perl module/repository problem... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From raymond at prolocation.net Thu Dec 20 14:28:38 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Dec 20 14:28:45 2007 Subject: CentOS 5 yum updates breaks MailScanner In-Reply-To: <006701c84313$727b6c30$27c8a8c0@staff.metalink.net> References: <006701c84313$727b6c30$27c8a8c0@staff.metalink.net> Message-ID: Hi! > My questions is, since MailScanner builds a lot of it's own perl rpms from > source during the install script, is there a way to keep further yum updates > from updating or overriding what MailScanner has built? > > This is my first time installing MailScanner on Centos so I am not really > familiar with the best procedure to keep the OS as well as MailScanner up to > date. Is there a best practice for doing this? Place some exclude= stuff inside your yum.conf, you can exclude whatever you want there from your regular updates. Stuff like rpmforge will break more updates, not only MS. Be carefulll with adding 3rd party repo's. Bye, Raymond. From mailing_lists+mailscanner at caleotech.com Thu Dec 20 14:40:00 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Dec 20 14:40:14 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <223f97700712190632j69efd679v1f4c4787e3fe9767@mail.gmail.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> Message-ID: <55052.172.16.1.37.1198161600.squirrel@www.caleotech.com> (snip) > > ... Or something similar, yep. And since there isn't a whole lot of > others chiming in with you, one can probably draw the conclusion the > problem is limited to ... your particular installation. Tell us more > about it... Pehraps show a MailScanner -V ... might be (yet another) > perl module/repository problem... > Sure does... Damn and I have rpmforge repo enabled... I have been too busy to read the warnings about this... Is there a "sure breaker" when using rpmforge ? My MailScanner -V: MailScanner -V Running on Linux tiger 2.4.21-53.ELsmp #1 SMP Mon Dec 3 13:34:41 EST 2007 i686 i686 i386 GNU/Linux This is CentOS release 3.9 (Final) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.65.3 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.55 HTML::Parser 2.37 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.77 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.424 MIME::Decoder 5.424 MIME::Decoder::UU 5.424 MIME::Head 5.424 MIME::Parser 3.03 MIME::QuotedPrint 5.424 MIME::Tools 0.11 Net::CIDR 1.05 POSIX 1.09 Scalar::Util 1.75 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.29 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.20 Mail::ClamAV 3.002003 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.19 Math::BigRat 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.60 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.56 Test::Harness 0.95 Test::Manifest 1.89 Text::Balanced 1.35 URI 0.7203 version missing YAML > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Thu Dec 20 14:46:21 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Dec 20 14:46:39 2007 Subject: Mail-ClamAv / ClamAv In-Reply-To: <625385e30712200618s706b2b8epe8b953755203e8b0@mail.gmail.com> References: <625385e30712190502m28b912aao1647b25278ac5183@mail.gmail.com> <39991.10.0.0.40.1198123812.squirrel@webmail.rpcs.net> <476A7443.4030407@fsl.com> <625385e30712200618s706b2b8epe8b953755203e8b0@mail.gmail.com> Message-ID: On Thu, 20 Dec 2007, shuttlebox wrote: > Date: Thu, 20 Dec 2007 15:18:40 +0100 > From: shuttlebox > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Mail-ClamAv / ClamAv > > On Dec 20, 2007 2:55 PM, Stephen Swaney wrote: >> The only drawback might be what happens when clamd dies and I've seen >> this happen. Do you run a keepalive wrapper on clamd? > > I don't have to do that since Solaris Service Management Facility > takes care of keeping enabled services running. On other OS:es a very > simple script run from cron every few minutes takes care of that, lots > of things needs to be running on a server so this is nothing new, > there's plenty of utilities to do this as well. > > It also seems the unstable days of clamd are over, I haven't had a > restart yet. :-) Also no porblems with clamd for me (Solaris 10, using an /etc/init.d script). Jeff Earickson Colby College From bpirie at rma.edu Thu Dec 20 14:50:28 2007 From: bpirie at rma.edu (Brendan Pirie) Date: Thu Dec 20 14:47:17 2007 Subject: CentOS 5 yum updates breaks MailScanner In-Reply-To: References: <006701c84313$727b6c30$27c8a8c0@staff.metalink.net> Message-ID: <476A8134.5000009@rma.edu> I highly recommend you (and anyone using CentOS) take a look at the yum-protectbase and yum-priorities plugins for yum http://wiki.centos.org/PackageManagement/Yum (Note: you can only use one or the other, not both). They can be extremely useful in minimizing some of the risks associated with 3rd party packages. Brendan Raymond Dijkxhoorn wrote: > Hi! > >> My questions is, since MailScanner builds a lot of it's own perl rpms >> from source during the install script, is there a way to keep further >> yum updates from updating or overriding what MailScanner has built? >> >> This is my first time installing MailScanner on Centos so I am not >> really familiar with the best procedure to keep the OS as well as >> MailScanner up to date. Is there a best practice for doing this? > > Place some exclude= stuff inside your yum.conf, you can exclude whatever > you want there from your regular updates. > > Stuff like rpmforge will break more updates, not only MS. Be carefulll > with adding 3rd party repo's. > > Bye, > Raymond. From merkel at metalink.net Thu Dec 20 14:51:04 2007 From: merkel at metalink.net (Eric Merkel) Date: Thu Dec 20 14:51:35 2007 Subject: CentOS 5 yum updates breaks MailScanner References: <006701c84313$727b6c30$27c8a8c0@staff.metalink.net> Message-ID: <010101c84317$bf2b8bb0$27c8a8c0@staff.metalink.net> ----- Original Message ----- From: "Raymond Dijkxhoorn" To: "MailScanner discussion" Sent: Thursday, December 20, 2007 9:28 AM Subject: Re: CentOS 5 yum updates breaks MailScanner > Hi! > >> My questions is, since MailScanner builds a lot of it's own perl rpms >> from source during the install script, is there a way to keep further yum >> updates from updating or overriding what MailScanner has built? >> >> This is my first time installing MailScanner on Centos so I am not really >> familiar with the best procedure to keep the OS as well as MailScanner up >> to date. Is there a best practice for doing this? > > Place some exclude= stuff inside your yum.conf, you can exclude whatever > you want there from your regular updates. > > Stuff like rpmforge will break more updates, not only MS. Be carefulll > with adding 3rd party repo's. I like using rpm's as much as possible to make updating as painless as possible. I didn't realize rpmforge would break other things. Just curious, if most people just build clamav from source or how they go about keeping clamav up to date? -Eric From glenn.steen at gmail.com Thu Dec 20 15:11:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 20 15:11:50 2007 Subject: eTrust 8.1 and MailScanner In-Reply-To: <55052.172.16.1.37.1198161600.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> <55052.172.16.1.37.1198161600.squirrel@www.caleotech.com> Message-ID: <223f97700712200711s5ebc53fbg1cfbaf538b09c7d8@mail.gmail.com> On 20/12/2007, Jens Ahlin wrote: > (snip) > > > > ... Or something similar, yep. And since there isn't a whole lot of > > others chiming in with you, one can probably draw the conclusion the > > problem is limited to ... your particular installation. Tell us more > > about it... Pehraps show a MailScanner -V ... might be (yet another) > > perl module/repository problem... > > > > Sure does... Damn and I have rpmforge repo enabled... I have been too busy > to read the warnings about this... > > Is there a "sure breaker" when using rpmforge ? Am a bit stressed (lots of things to do before Xmas:-), but ... MailTools and MIME-Tools are the important "Miss Behavers" recently. I think your MIME-Tools might be ... problematic, but ... As said, have no time to check this for you. Look in the archives... there should be workarounds there, if you do have a "problemic version":-). (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailing_lists+mailscanner at caleotech.com Thu Dec 20 15:52:08 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Dec 20 15:52:21 2007 Subject: [SOLVED] Re: eTrust 8.1 and MailScanner In-Reply-To: <223f97700712200711s5ebc53fbg1cfbaf538b09c7d8@mail.gmail.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <51673.172.16.1.37.1198075192.squirrel@www.caleotech.com> <223f97700712190802ncb87f52mae5615bffd15a56b@mail.gmail.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> <55052.172.16.1.37.1198161600.squirrel@www.caleotech.com> <223f97700712200711s5ebc53fbg1cfbaf538b09c7d8@mail.gmail.com> Message-ID: <55326.172.16.1.37.1198165928.squirrel@www.caleotech.com> Finally. I rebuild the MIME-tools and MailTools using the src.rpm's from the MailScanner release and forced an update. Now it works again. Thanks a lot for helping me! Now I can take some time off during Xmas !! (Like thats really going to happen) rpmforge is from now on banned :) I will could look at protectbase plugin but a quick glance shows that it's only available for centos4 and I'm running systems with centos3 and centos5... bummer.. Jens > On 20/12/2007, Jens Ahlin wrote: >> (snip) >> > >> > ... Or something similar, yep. And since there isn't a whole lot of >> > others chiming in with you, one can probably draw the conclusion the >> > problem is limited to ... your particular installation. Tell us more >> > about it... Pehraps show a MailScanner -V ... might be (yet another) >> > perl module/repository problem... >> > >> >> Sure does... Damn and I have rpmforge repo enabled... I have been too >> busy >> to read the warnings about this... >> >> Is there a "sure breaker" when using rpmforge ? > > Am a bit stressed (lots of things to do before Xmas:-), but ... > MailTools and MIME-Tools are the important "Miss Behavers" recently. I > think your MIME-Tools might be ... problematic, but ... As said, have > no time to check this for you. Look in the archives... there should be > workarounds there, if you do have a "problemic version":-). > > (snip) > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Denis.Beauchemin at USherbrooke.ca Thu Dec 20 15:51:50 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Dec 20 15:52:34 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <4769A42F.6080208@ecs.soton.ac.uk> References: <4769A42F.6080208@ecs.soton.ac.uk> Message-ID: <476A8F96.1010205@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have produced a patched version of this Perl module which should > successfully build with ClamAV 0.92 installed. > > So to upgrade a test system, download the newest ClamAV+SpamAssassin > package (including ClamAV 0.92) from > http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz > Unpack and install it as normal. The installation of Mail::ClamAV will > fail, that is to be expected. > > Now download > http://www.mailscanner.info/files/4/Mail-ClamAV-0.20.JKF.tar.gz > > Unpack and install it with > tar xzf Mail-ClamAV-0.20.JKF.tar.gz > cd Mail-ClamAV-0.20 > perl Makefile.PL > make > make test > make install > > If you're in luck today, that will successfully build, test and install. > > Now you should be in business, with a new ClamAV and a working > "clamavmodule" virus scanner. > > Please tell me how you get on with this. > All my mods are in the "JKF" subdirectory of the Mail-ClamAV-0.20 directory. > > Jules > > > Julian, I noticed your easy Clam+SA install script didn't ask me if I wanted to install SA and it just did... I don't really mind because that was on a test system, but is there still a DNS performance problem with SA 3.2.3? I looked at patch http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 but couldn't figure out if it was still needed. If so, I guess it has to be applied to the installation dir and then run the install stuff (perl Makefile.PL; make; make test; make install)? Thanks! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From glenn.steen at gmail.com Thu Dec 20 16:31:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Dec 20 16:32:02 2007 Subject: [SOLVED] Re: eTrust 8.1 and MailScanner In-Reply-To: <55326.172.16.1.37.1198165928.squirrel@www.caleotech.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> <55052.172.16.1.37.1198161600.squirrel@www.caleotech.com> <223f97700712200711s5ebc53fbg1cfbaf538b09c7d8@mail.gmail.com> <55326.172.16.1.37.1198165928.squirrel@www.caleotech.com> Message-ID: <223f97700712200831g6590e701v3438795d6bff04f@mail.gmail.com> On 20/12/2007, Jens Ahlin wrote: > Finally. > > I rebuild the MIME-tools and MailTools using the src.rpm's from the > MailScanner release and forced an update. Now it works again. > > Thanks a lot for helping me! Now I can take some time off during Xmas !! > (Like thats really going to happen) > > rpmforge is from now on banned :) I will could look at protectbase plugin > but a quick glance shows that it's only available for centos4 and I'm > running systems with centos3 and centos5... bummer.. > > Jens > Glad to hear it! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pascal.maes at elec.ucl.ac.be Thu Dec 20 17:37:38 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Dec 20 17:37:53 2007 Subject: Ruleset for Quarantine Infections In-Reply-To: <223f97700712200534r52c98a88u3af845e36e22fd2f@mail.gmail.com> References: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> <8E7BE26E-4302-4697-8402-840FC6BD70E5@elec.ucl.ac.be> <223f97700712200534r52c98a88u3af845e36e22fd2f@mail.gmail.com> Message-ID: <334A774D-7677-4609-95F7-C31B4D32D67F@elec.ucl.ac.be> Le 20-d?c.-07 ? 14:34, Glenn Steen a ?crit : >> [...] >> Hello, >> >> >> I have followed the instructions from >> >> bu we have also an before-queue filter (clamsmtp) that could explain >> why the mail is coming from our server. >> >> I have changed the way tat the message is re-inected into postfix >> from >> clamsmtp. >> Now we have : >> >> # postcat 98B581C5CE2 >> *** ENVELOPE RECORDS 98B581C5CE2 *** >> message_size: 2970 545 >> 1 0 2970 >> message_arrival_time: Thu Dec 20 11:02:02 2007 >> create_time: Thu Dec 20 11:02:02 2007 >> named_attribute: rewrite_context=remote >> sender: >> named_attribute: log_client_address=212.35.125.182 >> named_attribute: log_message_origin=unknown[212.35.125.182] >> named_attribute: log_helo_name=web3.e-zone.net >> named_attribute: log_protocol_name=ESMTP >> named_attribute: client_name=localhost.localdomain >> named_attribute: reverse_client_name=localhost.localdomain >> named_attribute: client_address=127.0.0.1 >> named_attribute: helo_name=smtp3.sgsi.ucl.ac.be >> named_attribute: client_address_type=2 >> named_attribute: dsn_orig_rcpt=rfc822;pascal.maes@uclouvain.be >> original_recipient: pascal.maes@uclouvain.be >> recipient: pascal.maes@uclouvain.be >> *** MESSAGE CONTENTS 98B581C5CE2 *** >> [...] >> > Looking good so far:-). > >> >> And the message is still put in quarantine ! > > What reason is given? The same? > > If you try the setting with the MailScanner command, does it return > the expected result? > MailScanner --value=quarantineinfections --ip=212.35.125.182 > ... or similar, what do you get? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Tha's what I get : ./MailScanner --value=quarantineinfections --ip=212.35.125.182 Looked up internal option name "quarantineinfections" With sender = Client IP = 212.35.125.182 Virus = Result is "0" 0=No 1=Yes Seems good. -- Pascal -- Pascal From Denis.Beauchemin at USherbrooke.ca Thu Dec 20 19:37:26 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Dec 20 19:39:14 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476A8F96.1010205@USherbrooke.ca> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> Message-ID: <476AC476.2000605@USherbrooke.ca> Denis Beauchemin a ?crit : > Julian Field a ?crit : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have produced a patched version of this Perl module which should >> successfully build with ClamAV 0.92 installed. >> >> So to upgrade a test system, download the newest ClamAV+SpamAssassin >> package (including ClamAV 0.92) from >> http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz >> Unpack and install it as normal. The installation of Mail::ClamAV >> will fail, that is to be expected. >> >> Now download >> http://www.mailscanner.info/files/4/Mail-ClamAV-0.20.JKF.tar.gz >> >> Unpack and install it with >> tar xzf Mail-ClamAV-0.20.JKF.tar.gz >> cd Mail-ClamAV-0.20 >> perl Makefile.PL >> make >> make test >> make install >> >> If you're in luck today, that will successfully build, test and install. >> >> Now you should be in business, with a new ClamAV and a working >> "clamavmodule" virus scanner. >> >> Please tell me how you get on with this. >> All my mods are in the "JKF" subdirectory of the Mail-ClamAV-0.20 >> directory. >> >> Jules >> >> >> > Julian, > > I noticed your easy Clam+SA install script didn't ask me if I wanted > to install SA and it just did... I don't really mind because that was > on a test system, but is there still a DNS performance problem with SA > 3.2.3? > > I looked at patch > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 but > couldn't figure out if it was still needed. If so, I guess it has to > be applied to the installation dir and then run the install stuff > (perl Makefile.PL; make; make test; make install)? > > Thanks! > > Denis > OK, I experimented a bit with SA 3.2.3 and patch 5589. Indeed, it has to be applied to the initial directory (patch -p0 References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> <476AC476.2000605@USherbrooke.ca> Message-ID: <476AD3AA.20901@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Beauchemin wrote: > Denis Beauchemin a ?crit : >> Julian Field a ?crit : >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have produced a patched version of this Perl module which should >>> successfully build with ClamAV 0.92 installed. >>> >>> So to upgrade a test system, download the newest ClamAV+SpamAssassin >>> package (including ClamAV 0.92) from >>> http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz >>> Unpack and install it as normal. The installation of Mail::ClamAV >>> will fail, that is to be expected. >>> >>> Now download >>> http://www.mailscanner.info/files/4/Mail-ClamAV-0.20.JKF.tar.gz >>> >>> Unpack and install it with >>> tar xzf Mail-ClamAV-0.20.JKF.tar.gz >>> cd Mail-ClamAV-0.20 >>> perl Makefile.PL >>> make >>> make test >>> make install >>> >>> If you're in luck today, that will successfully build, test and >>> install. >>> >>> Now you should be in business, with a new ClamAV and a working >>> "clamavmodule" virus scanner. >>> >>> Please tell me how you get on with this. >>> All my mods are in the "JKF" subdirectory of the Mail-ClamAV-0.20 >>> directory. >>> >>> Jules >>> >>> >>> >> Julian, >> >> I noticed your easy Clam+SA install script didn't ask me if I wanted >> to install SA and it just did... I don't really mind because that >> was on a test system, but is there still a DNS performance problem >> with SA 3.2.3? >> >> I looked at patch >> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 but >> couldn't figure out if it was still needed. If so, I guess it has to >> be applied to the installation dir and then run the install stuff >> (perl Makefile.PL; make; make test; make install)? >> >> Thanks! >> >> Denis >> > OK, I experimented a bit with SA 3.2.3 and patch 5589. Indeed, it has > to be applied to the initial directory (patch -p0 > make install. > > I did not dare installing it because I got many errors in the make > test run: > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > > t/spamc_optC.t 9 4 44.44% 2 4 6 8 > t/spamc_optL.t 16 16 100.00% 1-16 > t/spamd_protocol_10.t 10 2 20.00% 9-10 > 34 tests skipped. > Failed 3/141 test scripts, 97.87% okay. 22/1974 subtests failed, > 98.89% okay. > make: *** [test_dynamic] Error 255 My easy-install ClamAV+SpamAssassin package doesn't do any of the spamc or spamd tests as MailScanner doesn't use them anyway. So I don't care about errors with those tests, I don't run them in the first place :-) > > I tried "./spamassassin --lint -D < spam.msg" and it seemed to work > fine but I will have to investigate some more before going into > production. After all, I am almost on Christmas leave... > > May all of you have a nice Christmas holiday (if it applies). > Contrary to last year's Christmas, this one will be a nice white > Christmas under loads of snow! Merry Christmas to you too! Doesn't look like we're getting any snow any time soon :-( All pictures of snow are most welcome :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHatOsEfZZRxQVtlQRAvHiAKCK0A1jKYQ9Z5Oa8YpuPlO/HahlOACeLFCK EeeevR+AWj4bDvDAadi8pBk= =8lkQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Thu Dec 20 21:01:27 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Dec 20 21:04:13 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476AD3AA.20901@ecs.soton.ac.uk> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> Message-ID: <476AD827.4070608@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Denis Beauchemin wrote: > >> >>> Julian, >>> >>> I noticed your easy Clam+SA install script didn't ask me if I wanted >>> to install SA and it just did... I don't really mind because that >>> was on a test system, but is there still a DNS performance problem >>> with SA 3.2.3? >>> >>> I looked at patch >>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 but >>> couldn't figure out if it was still needed. If so, I guess it has to >>> be applied to the installation dir and then run the install stuff >>> (perl Makefile.PL; make; make test; make install)? >>> >>> >>> >> OK, I experimented a bit with SA 3.2.3 and patch 5589. Indeed, it has >> to be applied to the initial directory (patch -p0 >> > make install. >> >> I did not dare installing it because I got many errors in the make >> test run: >> Failed Test Stat Wstat Total Fail Failed List of Failed >> ------------------------------------------------------------------------------- >> >> t/spamc_optC.t 9 4 44.44% 2 4 6 8 >> t/spamc_optL.t 16 16 100.00% 1-16 >> t/spamd_protocol_10.t 10 2 20.00% 9-10 >> 34 tests skipped. >> Failed 3/141 test scripts, 97.87% okay. 22/1974 subtests failed, >> 98.89% okay. >> make: *** [test_dynamic] Error 255 >> > My easy-install ClamAV+SpamAssassin package doesn't do any of the spamc > or spamd tests as MailScanner doesn't use them anyway. So I don't care > about errors with those tests, I don't run them in the first place :-) > OK. So it is probably safe to install. Could you patch your easy-install package with patch 5589 so people don't have to do it manually? It's not that difficult but many people don't know how to use patch... > >> >> May all of you have a nice Christmas holiday (if it applies). >> Contrary to last year's Christmas, this one will be a nice white >> Christmas under loads of snow! >> > Merry Christmas to you too! > Doesn't look like we're getting any snow any time soon :-( All pictures > of snow are most welcome :-) > > Jules > > I will try to send you some pics soon! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Thu Dec 20 21:26:59 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 20 21:27:24 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 Message-ID: <476ADE23.6030505@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The current release of the Perl module Mail::ClamAV 0.20 will not build against the current version of ClamAV 0.92. I have patched Mail::ClamAV so that it will successfully compile, pass regression tests and work with the latest ClamAV. This is all available in the latest release of my easy-to-install ClamAV+SpamAssassin package. This package is available from http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz If you want to install ClamAV from an RPM, then please do, the best place to get it is probably http://dag.wieers.com/rpm/packages/clamav/ You need to install the RPMs clamav clamav-db clamav-devel clamd (if you may want to use that scanner in the future) Install them before my combined package, and note that my package gives you the option to not install its version of ClamAV. When it asks, just tell it that clamscan is installed in /usr/bin. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHat4lEfZZRxQVtlQRAlpZAKDvPnUdiUCuZSPWcEevXfFEI4zvzwCfYDGd zuMZHsIaAT5RiekdtxjWXtM= =4f+N -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Dec 20 21:32:01 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 20 21:32:22 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476A8F96.1010205@USherbrooke.ca> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> Message-ID: <476ADF51.7040506@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Beauchemin wrote: > Julian Field a ?crit : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have produced a patched version of this Perl module which should >> successfully build with ClamAV 0.92 installed. >> >> So to upgrade a test system, download the newest ClamAV+SpamAssassin >> package (including ClamAV 0.92) from >> http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz >> Unpack and install it as normal. The installation of Mail::ClamAV >> will fail, that is to be expected. >> >> Now download >> http://www.mailscanner.info/files/4/Mail-ClamAV-0.20.JKF.tar.gz >> >> Unpack and install it with >> tar xzf Mail-ClamAV-0.20.JKF.tar.gz >> cd Mail-ClamAV-0.20 >> perl Makefile.PL >> make >> make test >> make install >> >> If you're in luck today, that will successfully build, test and install. >> >> Now you should be in business, with a new ClamAV and a working >> "clamavmodule" virus scanner. >> >> Please tell me how you get on with this. >> All my mods are in the "JKF" subdirectory of the Mail-ClamAV-0.20 >> directory. >> >> Jules >> >> >> > Julian, > > I noticed your easy Clam+SA install script didn't ask me if I wanted > to install SA and it just did... It's the last thing it builds, so you can just Ctrl-C it before it gets as far as installing (which is a few minutes away). > I don't really mind because that was on a test system, but is there > still a DNS performance problem with SA 3.2.3? > > I looked at patch > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 but > couldn't figure out if it was still needed. If so, I guess it has to > be applied to the installation dir and then run the install stuff > (perl Makefile.PL; make; make test; make install)? I still run with the 5589 patch (I think). Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHat9TEfZZRxQVtlQRApoXAKCe/r0Mfp+ZDKmh6jkiA69IGm6X3gCfW8Jn ROef2PicGqNOtXcgCBAckvI= =4+cg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Thu Dec 20 21:32:33 2007 From: dave.list at pixelhammer.com (DAve) Date: Thu Dec 20 21:32:48 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476AD3AA.20901@ecs.soton.ac.uk> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> Message-ID: <476ADF71.6080606@pixelhammer.com> Julian Field wrote: > Merry Christmas to you too! > Doesn't look like we're getting any snow any time soon :-( All pictures > of snow are most welcome :-) > > Jules > We got plenty... http://pixelhammer.com/Dan/snow/1-snow.jpg http://pixelhammer.com/Dan/snow/2-digging.JPG http://pixelhammer.com/Dan/snow/3-done.JPG Wishing everyone a silent pager for the next couple of days. DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? From MailScanner at ecs.soton.ac.uk Thu Dec 20 21:35:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 20 21:35:46 2007 Subject: [SOLVED] Re: eTrust 8.1 and MailScanner In-Reply-To: <223f97700712200831g6590e701v3438795d6bff04f@mail.gmail.com> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> <55052.172.16.1.37.1198161600.squirrel@www.caleotech.com> <223f97700712200711s5ebc53fbg1cfbaf538b09c7d8@mail.gmail.com> <55326.172.16.1.37.1198165928.squirrel@www.caleotech.com> <223f97700712200831g6590e701v3438795d6bff04f@mail.gmail.com> Message-ID: <476AE01C.4050606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 20/12/2007, Jens Ahlin wrote: > >> Finally. >> >> I rebuild the MIME-tools and MailTools using the src.rpm's from the >> MailScanner release and forced an update. Now it works again. >> >> Thanks a lot for helping me! Now I can take some time off during Xmas !! >> (Like thats really going to happen) >> >> rpmforge is from now on banned :) I will could look at protectbase plugin >> but a quick glance shows that it's only available for centos4 and I'm >> running systems with centos3 and centos5... bummer.. >> >> Jens >> >> > Glad to hear it! > 2 problems with the latest version of eTrust. 1) It doesn't support RedHat Server 5. Won't even install, and it is not listed in the "supported OSes" list. A bit poor, considering RedHat 5.1 is out now, 5.0 has been out for quite a long time, and this is the latest version of eTrust. 2) There is no command-line updater available. You have to run their whole management system to be able to update the signatures, rendering it unusable in anything other than a big corporate environment. As a result of these problems, I would no longer recommend eTrust to anyone unless they already have a large licence for it, and they have their own redistribution server to force signature updates onto the MailScanner servers. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHauAeEfZZRxQVtlQRApX+AJ48bH6/7AkQ9wxkEETKL7LkteH1hwCcCTy/ /n6SYdfJ2EVetmR7u14R4Y4= =3GtB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Dec 20 21:42:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 20 21:43:06 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476AD827.4070608@USherbrooke.ca> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> <476AD827.4070608@USherbrooke.ca> Message-ID: <476AE1CD.7070206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Beauchemin wrote: > Julian Field a ?crit : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Denis Beauchemin wrote: >> >>> >>>> Julian, >>>> >>>> I noticed your easy Clam+SA install script didn't ask me if I >>>> wanted to install SA and it just did... I don't really mind >>>> because that was on a test system, but is there still a DNS >>>> performance problem with SA 3.2.3? >>>> >>>> I looked at patch >>>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 but >>>> couldn't figure out if it was still needed. If so, I guess it has >>>> to be applied to the installation dir and then run the install >>>> stuff (perl Makefile.PL; make; make test; make install)? >>>> >>>> >>>> >>> OK, I experimented a bit with SA 3.2.3 and patch 5589. Indeed, it >>> has to be applied to the initial directory (patch -p0 >>> >> and make install. >>> >>> I did not dare installing it because I got many errors in the make >>> test run: >>> Failed Test Stat Wstat Total Fail Failed List of Failed >>> ------------------------------------------------------------------------------- >>> >>> t/spamc_optC.t 9 4 44.44% 2 4 6 8 >>> t/spamc_optL.t 16 16 100.00% 1-16 >>> t/spamd_protocol_10.t 10 2 20.00% 9-10 >>> 34 tests skipped. >>> Failed 3/141 test scripts, 97.87% okay. 22/1974 subtests failed, >>> 98.89% okay. >>> make: *** [test_dynamic] Error 255 >>> >> My easy-install ClamAV+SpamAssassin package doesn't do any of the >> spamc or spamd tests as MailScanner doesn't use them anyway. So I >> don't care about errors with those tests, I don't run them in the >> first place :-) >> > OK. So it is probably safe to install. > > Could you patch your easy-install package with patch 5589 so people > don't have to do it manually? It's not that difficult but many people > don't know how to use patch... Very good point. Done. I have just pushed a new install-Clam-0.92-SA-3.2.3.tar.gz to the web site. >> >>> >>> May all of you have a nice Christmas holiday (if it applies). >>> Contrary to last year's Christmas, this one will be a nice white >>> Christmas under loads of snow! >>> >> Merry Christmas to you too! >> Doesn't look like we're getting any snow any time soon :-( All >> pictures of snow are most welcome :-) >> >> Jules >> >> > > I will try to send you some pics soon! Happy New Year cards are most welcome (or a birthday card as my birthday is on Jan 16th). :) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHauHPEfZZRxQVtlQRAlvrAKDSr6T2Z/6lDUhrxRJJqIUPp63algCgpZzm dFwzHVXqdv+4EYmn+QKGqDM= =I9Zx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Dec 20 21:51:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 20 21:52:10 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476ADF71.6080606@pixelhammer.com> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> <476ADF71.6080606@pixelhammer.com> Message-ID: <476AE3F6.4030304@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DAve wrote: > Julian Field wrote: > >> Merry Christmas to you too! >> Doesn't look like we're getting any snow any time soon :-( All pictures >> of snow are most welcome :-) >> >> Jules >> >> > > We got plenty... > http://pixelhammer.com/Dan/snow/1-snow.jpg > http://pixelhammer.com/Dan/snow/2-digging.JPG > http://pixelhammer.com/Dan/snow/3-done.JPG > > Wishing everyone a silent pager for the next couple of days. > Anyone fancy writing a new version of "Silent Night" along the same theme... > DAve > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHauP4EfZZRxQVtlQRAskbAKD9tFchs2scPqPTLDn8ZlbsjM8T7QCgwHiZ nFcpV7r7lSzq2FjHvWWUzjM= =eEWk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Thu Dec 20 22:01:16 2007 From: ka at pacific.net (Ken A) Date: Thu Dec 20 22:01:26 2007 Subject: OT: dnsstuff alternatives? Message-ID: <476AE62C.600@pacific.net> Hi all, For those who used dnsstuff.com, what are you using now that service has morphed into a pay model? Any good dnsstuff clones out there that you'd recommend? Thanks, Ken -- Ken Anderson Pacific.Net From gerard at seibercom.net Thu Dec 20 22:06:52 2007 From: gerard at seibercom.net (Gerard) Date: Thu Dec 20 22:07:02 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476AD3AA.20901@ecs.soton.ac.uk> References: <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> Message-ID: <20071220165216.B8AB.A38C9147@seibercom.net> > On December 20, 2007 at 03:42PM Julian Field wrote: > Merry Christmas to you too! > Doesn't look like we're getting any snow any time soon :-( All pictures > of snow are most welcome :-) Here you go Jules. Snow, a car and a cute girl. Doesn't get much better than that. http://seibercom.net/DRS/4-Forum/NOVEMBER/200712121.jpg Here is another one of two girls shoveling snow. http://seibercom.net/DRS/4-Forum/NOVEMBER/2-Girls-Shoveling-Snow.png Merry Christmas to you also! -- Gerard From dave.list at pixelhammer.com Thu Dec 20 22:07:50 2007 From: dave.list at pixelhammer.com (DAve) Date: Thu Dec 20 22:08:07 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476AE3F6.4030304@ecs.soton.ac.uk> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> <476ADF71.6080606@pixelhammer.com> <476AE3F6.4030304@ecs.soton.ac.uk> Message-ID: <476AE7B6.3040703@pixelhammer.com> Julian Field wrote: > > > DAve wrote: >> Julian Field wrote: > >>> Merry Christmas to you too! >>> Doesn't look like we're getting any snow any time soon :-( All pictures >>> of snow are most welcome :-) >>> >>> Jules >>> >>> >> We got plenty... >> http://pixelhammer.com/Dan/snow/1-snow.jpg >> http://pixelhammer.com/Dan/snow/2-digging.JPG >> http://pixelhammer.com/Dan/snow/3-done.JPG > >> Wishing everyone a silent pager for the next couple of days. > > Anyone fancy writing a new version of "Silent Night" along the same theme... >> DAve > > > > Jules > Silent pager, quiet cell Noc is calm, fiber is well Blackberries are charged, no messages arrived Queues are empty, the traffic is light Email is spam free again Email is spam free again Two more verses to go, someone else step up to the plate. I have one more ticket open today ;^) DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? From Kevin_Miller at ci.juneau.ak.us Thu Dec 20 22:19:10 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Dec 20 22:18:27 2007 Subject: dnsstuff alternatives? In-Reply-To: <476AE62C.600@pacific.net> References: <476AE62C.600@pacific.net> Message-ID: Ken A wrote: > Hi all, > > For those who used dnsstuff.com, what are you using now that service > has morphed into a pay model? Any good dnsstuff clones out there that > you'd recommend? My Scot ancestry notwithstanding I just ponied up the $3/month. It's too handy a tool to do w/o (saved my bacon just today as a matter of fact!) I'm as bad as the rest when it comes to thinking things on the web outta be free (maybe worse!) but someone's gotta pay the light bill... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From dave.list at pixelhammer.com Thu Dec 20 22:20:39 2007 From: dave.list at pixelhammer.com (DAve) Date: Thu Dec 20 22:20:53 2007 Subject: OT: dnsstuff alternatives? In-Reply-To: <476AE62C.600@pacific.net> References: <476AE62C.600@pacific.net> Message-ID: <476AEAB7.1050502@pixelhammer.com> Ken A wrote: > Hi all, > > For those who used dnsstuff.com, what are you using now that service has > morphed into a pay model? Any good dnsstuff clones out there that you'd > recommend? > > Thanks, > Ken > We paid, for our entire support staff. It works well, was cheap, is repeatable. They could ditch the ads if they want to keep paying customers happy. Just a thought before the renewal comes up, if any dnstuff folks are listening. DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? From MailScanner at ecs.soton.ac.uk Thu Dec 20 22:22:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Dec 20 22:22:51 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <476ADE23.6030505@ecs.soton.ac.uk> References: <476ADE23.6030505@ecs.soton.ac.uk> Message-ID: <476AEB22.9070205@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This new release also include SpamAssassin patch 5589 which significantly improves the performance of many of the network tests done on each message, by improving the performance of the DNS lookup code. This will save you having to download and apply the patch yourself, which I am aware is quite a problem for many MailScanner users who are less experienced than the 'ninjas' :-) Merry Christmas! Jules. Julian Field wrote: > * PGP Signed: 12/20/07 at 21:27:01 > > The current release of the Perl module Mail::ClamAV 0.20 will not > build against the current version of ClamAV 0.92. > > I have patched Mail::ClamAV so that it will successfully compile, pass > regression tests and work with the latest ClamAV. > > This is all available in the latest release of my easy-to-install > ClamAV+SpamAssassin package. > > This package is available from > http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz > > If you want to install ClamAV from an RPM, then please do, the best > place to get it is probably > http://dag.wieers.com/rpm/packages/clamav/ > You need to install the RPMs > clamav > clamav-db > clamav-devel > clamd (if you may want to use that scanner in the future) > Install them before my combined package, and note that my package > gives you the option to not install its version of ClamAV. When it > asks, just tell it that clamscan is installed in /usr/bin. > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 867) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHauskEfZZRxQVtlQRAinfAJ90+h39HOHlMeSG1S+qI53hn3ZmrwCglRuq g15jcS3had8SuMQyIIzurhQ= =/f/W -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Thu Dec 20 23:32:36 2007 From: ka at pacific.net (Ken A) Date: Thu Dec 20 23:32:44 2007 Subject: OT: dnsstuff alternatives? In-Reply-To: <476AEAB7.1050502@pixelhammer.com> References: <476AE62C.600@pacific.net> <476AEAB7.1050502@pixelhammer.com> Message-ID: <476AFB94.7020203@pacific.net> DAve wrote: > Ken A wrote: >> Hi all, >> >> For those who used dnsstuff.com, what are you using now that service has >> morphed into a pay model? Any good dnsstuff clones out there that you'd >> recommend? >> >> Thanks, >> Ken >> > > We paid, for our entire support staff. It works well, was cheap, is > repeatable. They could ditch the ads if they want to keep paying > customers happy. Just a thought before the renewal comes up, if any > dnstuff folks are listening. I'm really glad somebody is paying for it. :-) We don't use it often enough to pay for it though, especially not for the whole support staff. I'd rather they use dig or just webify something simple to lookup MX, and A records, etc.. fwiw, http://www.iptools.com/ comes close and http://www.intodns.com/ is okay too, if you are very patient.. Thanks, Ken > > DAve > -- Ken Anderson Pacific.Net From gmane at tippingmar.com Fri Dec 21 00:41:51 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Dec 21 00:42:25 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <476ADE23.6030505@ecs.soton.ac.uk> References: <476ADE23.6030505@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The current release of the Perl module Mail::ClamAV 0.20 will not build > against the current version of ClamAV 0.92. > > I have patched Mail::ClamAV so that it will successfully compile, pass > regression tests and work with the latest ClamAV. > > This is all available in the latest release of my easy-to-install > ClamAV+SpamAssassin package. > > This package is available from > http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz At the top of install.sh there is the line CLAMAVVERSION=0.91.2 which isn't right. It causes an error about a missing directory. Mark From ssilva at sgvwater.com Fri Dec 21 04:51:26 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Dec 21 04:52:08 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476AD3AA.20901@ecs.soton.ac.uk> References: <4769A42F.6080208@ecs.soton.ac.uk> <476A8F96.1010205@USherbrooke.ca> <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> Message-ID: on 12/20/2007 12:42 PM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Denis Beauchemin wrote: >> Denis Beauchemin a ?crit : >>> Julian Field a ?crit : >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> I have produced a patched version of this Perl module which should >>>> successfully build with ClamAV 0.92 installed. >>>> >>>> So to upgrade a test system, download the newest ClamAV+SpamAssassin >>>> package (including ClamAV 0.92) from >>>> http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz >>>> Unpack and install it as normal. The installation of Mail::ClamAV >>>> will fail, that is to be expected. >>>> >>>> Now download >>>> http://www.mailscanner.info/files/4/Mail-ClamAV-0.20.JKF.tar.gz >>>> >>>> Unpack and install it with >>>> tar xzf Mail-ClamAV-0.20.JKF.tar.gz >>>> cd Mail-ClamAV-0.20 >>>> perl Makefile.PL >>>> make >>>> make test >>>> make install >>>> >>>> If you're in luck today, that will successfully build, test and >>>> install. >>>> >>>> Now you should be in business, with a new ClamAV and a working >>>> "clamavmodule" virus scanner. >>>> >>>> Please tell me how you get on with this. >>>> All my mods are in the "JKF" subdirectory of the Mail-ClamAV-0.20 >>>> directory. >>>> >>>> Jules >>>> >>>> >>>> >>> Julian, >>> >>> I noticed your easy Clam+SA install script didn't ask me if I wanted >>> to install SA and it just did... I don't really mind because that >>> was on a test system, but is there still a DNS performance problem >>> with SA 3.2.3? >>> >>> I looked at patch >>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 but >>> couldn't figure out if it was still needed. If so, I guess it has to >>> be applied to the installation dir and then run the install stuff >>> (perl Makefile.PL; make; make test; make install)? >>> >>> Thanks! >>> >>> Denis >>> >> OK, I experimented a bit with SA 3.2.3 and patch 5589. Indeed, it has >> to be applied to the initial directory (patch -p0 >> > make install. >> >> I did not dare installing it because I got many errors in the make >> test run: >> Failed Test Stat Wstat Total Fail Failed List of Failed >> ------------------------------------------------------------------------------- >> >> t/spamc_optC.t 9 4 44.44% 2 4 6 8 >> t/spamc_optL.t 16 16 100.00% 1-16 >> t/spamd_protocol_10.t 10 2 20.00% 9-10 >> 34 tests skipped. >> Failed 3/141 test scripts, 97.87% okay. 22/1974 subtests failed, >> 98.89% okay. >> make: *** [test_dynamic] Error 255 > My easy-install ClamAV+SpamAssassin package doesn't do any of the spamc > or spamd tests as MailScanner doesn't use them anyway. So I don't care > about errors with those tests, I don't run them in the first place :-) > >> I tried "./spamassassin --lint -D < spam.msg" and it seemed to work >> fine but I will have to investigate some more before going into >> production. After all, I am almost on Christmas leave... >> >> May all of you have a nice Christmas holiday (if it applies). >> Contrary to last year's Christmas, this one will be a nice white >> Christmas under loads of snow! > Merry Christmas to you too! > Doesn't look like we're getting any snow any time soon :-( All pictures > of snow are most welcome :-) > Can't help with snow here. California, USA. But rain I have plenty of! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Fri Dec 21 08:36:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 21 08:36:31 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: References: <476ADE23.6030505@ecs.soton.ac.uk> Message-ID: <476B7AF8.5070105@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixed. thanks for spotting that one. Mark Nienberg wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> The current release of the Perl module Mail::ClamAV 0.20 will not >> build against the current version of ClamAV 0.92. >> >> I have patched Mail::ClamAV so that it will successfully compile, >> pass regression tests and work with the latest ClamAV. >> >> This is all available in the latest release of my easy-to-install >> ClamAV+SpamAssassin package. >> >> This package is available from >> http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz > > At the top of install.sh there is the line > > CLAMAVVERSION=0.91.2 > > which isn't right. It causes an error about a missing directory. > > Mark > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHa3r5EfZZRxQVtlQRAmU+AKCosp8j+g/94wSCXta3V3nZX3mJfwCeKSD7 fW8cCYLX/x25FIBapzZ+uOA= =uRZd -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Dec 21 08:40:18 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 21 08:40:28 2007 Subject: OT: dnsstuff alternatives? In-Reply-To: <476AFB94.7020203@pacific.net> References: <476AE62C.600@pacific.net> <476AEAB7.1050502@pixelhammer.com> <476AFB94.7020203@pacific.net> Message-ID: <223f97700712210040x66e5298er29ea749b76c419d2@mail.gmail.com> On 21/12/2007, Ken A wrote: > DAve wrote: > > Ken A wrote: > >> Hi all, > >> > >> For those who used dnsstuff.com, what are you using now that service has > >> morphed into a pay model? Any good dnsstuff clones out there that you'd > >> recommend? > >> > >> Thanks, > >> Ken > >> > > > > We paid, for our entire support staff. It works well, was cheap, is > > repeatable. They could ditch the ads if they want to keep paying > > customers happy. Just a thought before the renewal comes up, if any > > dnstuff folks are listening. > > I'm really glad somebody is paying for it. :-) > > We don't use it often enough to pay for it though, especially not for > the whole support staff. I'd rather they use dig or just webify > something simple to lookup MX, and A records, etc.. fwiw, > http://www.iptools.com/ comes close and http://www.intodns.com/ is okay > too, if you are very patient.. > Thanks, > > Ken > For purely network related stuff, we now use http://nwtools.com ... Looks pretty ugly, but works OK. Especially the rather slow (since it'll traceroute) "Express" option is nice, IMO. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Dec 21 08:48:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 21 08:48:42 2007 Subject: Ruleset for Quarantine Infections In-Reply-To: <334A774D-7677-4609-95F7-C31B4D32D67F@elec.ucl.ac.be> References: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> <8E7BE26E-4302-4697-8402-840FC6BD70E5@elec.ucl.ac.be> <223f97700712200534r52c98a88u3af845e36e22fd2f@mail.gmail.com> <334A774D-7677-4609-95F7-C31B4D32D67F@elec.ucl.ac.be> Message-ID: <223f97700712210048v46d8dc1alaa0cd5ba7a31f4d1@mail.gmail.com> On 20/12/2007, Pascal Maes wrote: > > Le 20-d?c.-07 ? 14:34, Glenn Steen a ?crit : > > >> [...] > >> Hello, > >> > >> > >> I have followed the instructions from >>> > >> bu we have also an before-queue filter (clamsmtp) that could explain > >> why the mail is coming from our server. > >> > >> I have changed the way tat the message is re-inected into postfix > >> from > >> clamsmtp. > >> Now we have : > >> > >> # postcat 98B581C5CE2 > >> *** ENVELOPE RECORDS 98B581C5CE2 *** > >> message_size: 2970 545 > >> 1 0 2970 > >> message_arrival_time: Thu Dec 20 11:02:02 2007 > >> create_time: Thu Dec 20 11:02:02 2007 > >> named_attribute: rewrite_context=remote > >> sender: > >> named_attribute: log_client_address=212.35.125.182 > >> named_attribute: log_message_origin=unknown[212.35.125.182] > >> named_attribute: log_helo_name=web3.e-zone.net > >> named_attribute: log_protocol_name=ESMTP > >> named_attribute: client_name=localhost.localdomain > >> named_attribute: reverse_client_name=localhost.localdomain > >> named_attribute: client_address=127.0.0.1 > >> named_attribute: helo_name=smtp3.sgsi.ucl.ac.be > >> named_attribute: client_address_type=2 > >> named_attribute: dsn_orig_rcpt=rfc822;pascal.maes@uclouvain.be > >> original_recipient: pascal.maes@uclouvain.be > >> recipient: pascal.maes@uclouvain.be > >> *** MESSAGE CONTENTS 98B581C5CE2 *** > >> [...] > >> > > Looking good so far:-). > > > >> > >> And the message is still put in quarantine ! > > > > What reason is given? The same? > > > > If you try the setting with the MailScanner command, does it return > > the expected result? > > MailScanner --value=quarantineinfections --ip=212.35.125.182 > > ... or similar, what do you get? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Tha's what I get : > > ./MailScanner --value=quarantineinfections --ip=212.35.125.182 > Looked up internal option name "quarantineinfections" > With sender = > Client IP = 212.35.125.182 > Virus = > Result is "0" > > 0=No 1=Yes > > > > Seems good. Yep, so then it must be "something else" making it go into quarantine... What does the logs say (Do you use MailWatch? What does the details there look like?)? ... Or you have a genuine bug on your hands... You're not suffering from the recent MailTools or MIME-tools and rpmforge problems? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailing_lists+mailscanner at caleotech.com Fri Dec 21 10:17:11 2007 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Fri Dec 21 10:17:27 2007 Subject: [SOLVED] Re: eTrust 8.1 and MailScanner In-Reply-To: <476AE01C.4050606@ecs.soton.ac.uk> References: <51090.172.16.1.37.1198070765.squirrel@www.caleotech.com> <53144.172.16.1.37.1198138857.squirrel@www.caleotech.com> <223f97700712200407t4999308fgad913605525e890a@mail.gmail.com> <54524.172.16.1.37.1198155250.squirrel@www.caleotech.com> <223f97700712200536i12f56689m2c25cf0cd71c85c1@mail.gmail.com> <54949.172.16.1.37.1198159914.squirrel@www.caleotech.com> <223f97700712200627x18611830ic0d1756c13485158@mail.gmail.com> <55052.172.16.1.37.1198161600.squirrel@www.caleotech.com> <223f97700712200711s5ebc53fbg1cfbaf538b09c7d8@mail.gmail.com> <55326.172.16.1.37.1198165928.squirrel@www.caleotech.com> <223f97700712200831g6590e701v3438795d6bff04f@mail.gmail.com> <476AE01C.4050606@ecs.soton.ac.uk> Message-ID: <49918.172.16.1.37.1198232231.squirrel@www.caleotech.com> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Glenn Steen wrote: >> On 20/12/2007, Jens Ahlin >> wrote: >> >>> Finally. >>> >>> I rebuild the MIME-tools and MailTools using the src.rpm's from the >>> MailScanner release and forced an update. Now it works again. >>> >>> Thanks a lot for helping me! Now I can take some time off during Xmas >>> !! >>> (Like thats really going to happen) >>> >>> rpmforge is from now on banned :) I will could look at protectbase >>> plugin >>> but a quick glance shows that it's only available for centos4 and I'm >>> running systems with centos3 and centos5... bummer.. >>> >>> Jens >>> >>> >> Glad to hear it! >> > 2 problems with the latest version of eTrust. > 1) It doesn't support RedHat Server 5. Won't even install, and it is not > listed in the "supported OSes" list. A bit poor, considering RedHat 5.1 > is out now, 5.0 has been out for quite a long time, and this is the > latest version of eTrust. > 2) There is no command-line updater available. You have to run their > whole management system to be able to update the signatures, rendering > it unusable in anything other than a big corporate environment. > > As a result of these problems, I would no longer recommend eTrust to > anyone unless they already have a large licence for it, and they have > their own redistribution server to force signature updates onto the > MailScanner servers. > CA have added support for RHEL5, SUSE 10 in November this year. They are generally a bit slow... http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO92662&os=LINUX&returninput=0&prev=true I have not tested this yet though. Planning to do this during xmas. There is a command-line updater on my system (RHEL3): /opt/CA/SharedComponents/ScanEngine/bin/ITMDist -update /opt/CA/SharedComponents/ScanEngine/bin/InoDist.ini Jens > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 867) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHauAeEfZZRxQVtlQRApX+AJ48bH6/7AkQ9wxkEETKL7LkteH1hwCcCTy/ > /n6SYdfJ2EVetmR7u14R4Y4= > =3GtB > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Fri Dec 21 10:20:53 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Dec 21 10:21:02 2007 Subject: Problem with HTML disarm Message-ID: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> I've recently been involved in debugging Nortel HW and their support made some remarks about how MailScanner disarms HTML I wanted to share with the list. When a mail with script tags is received it looks something like this (tag is intentionally split): {add some javascript code here} I use disarm and get something like this: {add some javascript code here} What happens is depending on the e-mail client/web browser used to look at the mail different things are rendered. Some (typically Firefox) show the mail as it was intended but others (typically IE and Outlook) shows only the script in clear text and nothing of the mail itself. Nortel said that the more correct way (according to HTML standards) to disarm scripts would be to insert remark tags like this: Anyone else this has happened to? Opinions? Could this be added to MS for more correct HTML rendering? -- /peter From pascal.maes at elec.ucl.ac.be Fri Dec 21 11:29:24 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Fri Dec 21 11:29:39 2007 Subject: Ruleset for Quarantine Infections In-Reply-To: <223f97700712210048v46d8dc1alaa0cd5ba7a31f4d1@mail.gmail.com> References: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> <8E7BE26E-4302-4697-8402-840FC6BD70E5@elec.ucl.ac.be> <223f97700712200534r52c98a88u3af845e36e22fd2f@mail.gmail.com> <334A774D-7677-4609-95F7-C31B4D32D67F@elec.ucl.ac.be> <223f97700712210048v46d8dc1alaa0cd5ba7a31f4d1@mail.gmail.com> Message-ID: <8E318E12-98A5-47B0-A933-B8FA2E41B332@elec.ucl.ac.be> Le 21-d?c.-07 ? 09:48, Glenn Steen a ?crit : > On 20/12/2007, Pascal Maes wrote: >> >> Le 20-d?c.-07 ? 14:34, Glenn Steen a ?crit : >> >>>> [...] >>>> Hello, >>>> >>>> >>>> I have followed the instructions from >>>> >>>> bu we have also an before-queue filter (clamsmtp) that could >>>> explain >>>> why the mail is coming from our server. >>>> >>>> I have changed the way tat the message is re-inected into postfix >>>> from >>>> clamsmtp. >>>> Now we have : >>>> >>>> # postcat 98B581C5CE2 >>>> *** ENVELOPE RECORDS 98B581C5CE2 *** >>>> message_size: 2970 545 >>>> 1 0 2970 >>>> message_arrival_time: Thu Dec 20 11:02:02 2007 >>>> create_time: Thu Dec 20 11:02:02 2007 >>>> named_attribute: rewrite_context=remote >>>> sender: >>>> named_attribute: log_client_address=212.35.125.182 >>>> named_attribute: log_message_origin=unknown[212.35.125.182] >>>> named_attribute: log_helo_name=web3.e-zone.net >>>> named_attribute: log_protocol_name=ESMTP >>>> named_attribute: client_name=localhost.localdomain >>>> named_attribute: reverse_client_name=localhost.localdomain >>>> named_attribute: client_address=127.0.0.1 >>>> named_attribute: helo_name=smtp3.sgsi.ucl.ac.be >>>> named_attribute: client_address_type=2 >>>> named_attribute: dsn_orig_rcpt=rfc822;pascal.maes@uclouvain.be >>>> original_recipient: pascal.maes@uclouvain.be >>>> recipient: pascal.maes@uclouvain.be >>>> *** MESSAGE CONTENTS 98B581C5CE2 *** >>>> [...] >>>> >>> Looking good so far:-). >>> >>>> >>>> And the message is still put in quarantine ! >>> >>> What reason is given? The same? >>> >>> If you try the setting with the MailScanner command, does it return >>> the expected result? >>> MailScanner --value=quarantineinfections --ip=212.35.125.182 >>> ... or similar, what do you get? >>> >>> Cheers >>> -- >>> -- Glenn >>> email: glenn < dot > steen < at > gmail < dot > com >>> work: glenn < dot > steen < at > ap1 < dot > se >> >> Tha's what I get : >> >> ./MailScanner --value=quarantineinfections --ip=212.35.125.182 >> Looked up internal option name "quarantineinfections" >> With sender = >> Client IP = 212.35.125.182 >> Virus = >> Result is "0" >> >> 0=No 1=Yes >> >> >> >> Seems good. > Yep, so then it must be "something else" making it go into > quarantine... What does the logs say (Do you use MailWatch? What does > the details there look like?)? > ... Or you have a genuine bug on your hands... You're not suffering > from the recent MailTools or MIME-tools and rpmforge problems? > > Cheers > -- > -- Glenn We doesn't use mailwatch and all I can see in the logfile is that the email is saved in quarantine. When I made the upgrade to MailScanner-4.65.3-1, I have also upgraded all the Perl modules... and then made a downgrade to MailTools-1.7.7 Below are the main perl packages installed Package namespace installed latest in CPAN file Archive::Zip 1.18 1.23 Compress::Zlib 2.004 2.008 DBD::SQLite 1.13 1.14 File::Temp 0.18 0.19 Filesys::Df 0.90 0.92 Getopt::Long 2.36 2.37 Mail::Address 1.77 2.02 Test::Builder 0.70 0.74 Test::Harness 2.64 3.05 Time::HiRes 1.9707 1.9711 MIME::Parser::Filer (DONEILL/MIME-tools-5.425.tar.gz) -- Pascal From glenn.steen at gmail.com Fri Dec 21 12:58:55 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Dec 21 12:59:08 2007 Subject: Ruleset for Quarantine Infections In-Reply-To: <8E318E12-98A5-47B0-A933-B8FA2E41B332@elec.ucl.ac.be> References: <223f97700712190005l7551182bg93a492f69142f77c@mail.gmail.com> <8E7BE26E-4302-4697-8402-840FC6BD70E5@elec.ucl.ac.be> <223f97700712200534r52c98a88u3af845e36e22fd2f@mail.gmail.com> <334A774D-7677-4609-95F7-C31B4D32D67F@elec.ucl.ac.be> <223f97700712210048v46d8dc1alaa0cd5ba7a31f4d1@mail.gmail.com> <8E318E12-98A5-47B0-A933-B8FA2E41B332@elec.ucl.ac.be> Message-ID: <223f97700712210458y156aa0d7k8a5b7a86c35deea6@mail.gmail.com> On 21/12/2007, Pascal Maes wrote: > > Le 21-d?c.-07 ? 09:48, Glenn Steen a ?crit : > > > On 20/12/2007, Pascal Maes wrote: > >> > >> Le 20-d?c.-07 ? 14:34, Glenn Steen a ?crit : > >> > >>>> [...] > >>>> Hello, > >>>> > >>>> > >>>> I have followed the instructions from >>>>> > >>>> bu we have also an before-queue filter (clamsmtp) that could > >>>> explain > >>>> why the mail is coming from our server. > >>>> > >>>> I have changed the way tat the message is re-inected into postfix > >>>> from > >>>> clamsmtp. > >>>> Now we have : > >>>> > >>>> # postcat 98B581C5CE2 > >>>> *** ENVELOPE RECORDS 98B581C5CE2 *** > >>>> message_size: 2970 545 > >>>> 1 0 2970 > >>>> message_arrival_time: Thu Dec 20 11:02:02 2007 > >>>> create_time: Thu Dec 20 11:02:02 2007 > >>>> named_attribute: rewrite_context=remote > >>>> sender: > >>>> named_attribute: log_client_address=212.35.125.182 > >>>> named_attribute: log_message_origin=unknown[212.35.125.182] > >>>> named_attribute: log_helo_name=web3.e-zone.net > >>>> named_attribute: log_protocol_name=ESMTP > >>>> named_attribute: client_name=localhost.localdomain > >>>> named_attribute: reverse_client_name=localhost.localdomain > >>>> named_attribute: client_address=127.0.0.1 > >>>> named_attribute: helo_name=smtp3.sgsi.ucl.ac.be > >>>> named_attribute: client_address_type=2 > >>>> named_attribute: dsn_orig_rcpt=rfc822;pascal.maes@uclouvain.be > >>>> original_recipient: pascal.maes@uclouvain.be > >>>> recipient: pascal.maes@uclouvain.be > >>>> *** MESSAGE CONTENTS 98B581C5CE2 *** > >>>> [...] > >>>> > >>> Looking good so far:-). > >>> > >>>> > >>>> And the message is still put in quarantine ! > >>> > >>> What reason is given? The same? > >>> > >>> If you try the setting with the MailScanner command, does it return > >>> the expected result? > >>> MailScanner --value=quarantineinfections --ip=212.35.125.182 > >>> ... or similar, what do you get? > >>> > >>> Cheers > >>> -- > >>> -- Glenn > >>> email: glenn < dot > steen < at > gmail < dot > com > >>> work: glenn < dot > steen < at > ap1 < dot > se > >> > >> Tha's what I get : > >> > >> ./MailScanner --value=quarantineinfections --ip=212.35.125.182 > >> Looked up internal option name "quarantineinfections" > >> With sender = > >> Client IP = 212.35.125.182 > >> Virus = > >> Result is "0" > >> > >> 0=No 1=Yes > >> > >> > >> > >> Seems good. > > Yep, so then it must be "something else" making it go into > > quarantine... What does the logs say (Do you use MailWatch? What does > > the details there look like?)? > > ... Or you have a genuine bug on your hands... You're not suffering > > from the recent MailTools or MIME-tools and rpmforge problems? > > > > Cheers > > -- > > -- Glenn > > We doesn't use mailwatch and all I can see in the logfile is that the > email is saved in quarantine. > > When I made the upgrade to MailScanner-4.65.3-1, I have also upgraded > all the Perl modules... > and then made a downgrade to MailTools-1.7.7 > > Below are the main perl packages installed > > Package namespace installed latest in CPAN file > Archive::Zip 1.18 1.23 > Compress::Zlib 2.004 2.008 > DBD::SQLite 1.13 1.14 > File::Temp 0.18 0.19 > Filesys::Df 0.90 0.92 > Getopt::Long 2.36 2.37 > Mail::Address 1.77 2.02 > Test::Builder 0.70 0.74 > Test::Harness 2.64 3.05 > Time::HiRes 1.9707 1.9711 > MIME::Parser::Filer (DONEILL/MIME-tools-5.425.tar.gz) > You could try downgrading MIME-tools to 5.420 and see what happens... Is the one you'?ev got built from CPAN? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Fri Dec 21 17:20:00 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Dec 21 17:20:35 2007 Subject: Problem with HTML disarm In-Reply-To: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> References: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> Message-ID: <476BF5C0.4040102@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > I've recently been involved in debugging Nortel HW and their support > made some remarks about how MailScanner disarms HTML I wanted to share > with the list. .... > Anyone else this has happened to? Opinions? Could this be added to MS > for more correct HTML rendering? I have not been bitten by it. But their remark is a valid concern and their proposed solution makes sense to me. I would recommend to disable script that way in MailScanner. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHa/W+BvzDRVjxmYERAgmsAJ4mz5OPKQ8fbdKy1Ty/3wEfA/HshACfY6n+ VFhJ7bON1ASfdkZxohfk9EQ= =ZBVd -----END PGP SIGNATURE----- From itdept at fractalweb.com Fri Dec 21 19:36:18 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Fri Dec 21 19:36:34 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <20071220165216.B8AB.A38C9147@seibercom.net> References: <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> <20071220165216.B8AB.A38C9147@seibercom.net> Message-ID: <476C15B2.2010300@fractalweb.com> Gerard wrote: > Here you go Jules. Snow, a car and a cute girl. Doesn't get much better than > that. > > http://seibercom.net/DRS/4-Forum/NOVEMBER/200712121.jpg > > Here is another one of two girls shoveling snow. > > http://seibercom.net/DRS/4-Forum/NOVEMBER/2-Girls-Shoveling-Snow.png Nice pornfolio! Thanks! > Merry Christmas to you also! To you also! Cheers, From MailScanner at ecs.soton.ac.uk Fri Dec 21 22:42:07 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 21 22:42:37 2007 Subject: Problem with HTML disarm In-Reply-To: <476BF5C0.4040102@vanderkooij.org> References: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> <476BF5C0.4040102@vanderkooij.org> Message-ID: <476C413F.101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > * PGP Signed by an unknown key > > shuttlebox wrote: > >> I've recently been involved in debugging Nortel HW and their support >> made some remarks about how MailScanner disarms HTML I wanted to share >> with the list. >> > > .... > > >> Anyone else this has happened to? Opinions? Could this be added to MS >> for more correct HTML rendering? >> > > I have not been bitten by it. But their remark is a valid concern and > their proposed solution makes sense to me. > > I would recommend to disable script that way in MailScanner. > > I'll take a look, but no guarantees as it's not just a tag replacement. Current planned improvements are: 1) etrust-autoupdate needs fixing to use the correct autoupdater in the latest version, while not breaking backwards compatibility with any previous versions. 2) Produce a customised report on receipt of password-protected archives, back to sender. 3) Comment out scripts in HTML emails, and some other HTML email. I'll try to get this out for 1st Jan, it will give me something to do over Christmas. If anyone wants to send me some very nice brandy for Christmas, they are most welcome... :-) Happy Christmas! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHbEFGEfZZRxQVtlQRAvK2AJ0ZNL4IT7df049TnGozOIp7b8VBqwCgmrNf cXkkvakfU59fHV+Z4Y+VdPA= =WbEQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Dec 21 22:43:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Dec 21 22:44:24 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476C15B2.2010300@fractalweb.com> References: <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> <20071220165216.B8AB.A38C9147@seibercom.net> <476C15B2.2010300@fractalweb.com> Message-ID: <476C419D.803@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wow, they look _really_ cold! :-) Dedication to the cause, it has to be lauded... Chris Yuzik wrote: > Gerard wrote: >> Here you go Jules. Snow, a car and a cute girl. Doesn't get much >> better than >> that. >> >> http://seibercom.net/DRS/4-Forum/NOVEMBER/200712121.jpg >> >> Here is another one of two girls shoveling snow. >> >> http://seibercom.net/DRS/4-Forum/NOVEMBER/2-Girls-Shoveling-Snow.png > > Nice pornfolio! Thanks! > >> Merry Christmas to you also! > > To you also! > > Cheers, Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHbEGpEfZZRxQVtlQRAnkzAKCP9CkLvIMISRnVBK1yIBTEhrmxfwCgxb/v p7U1+4HifH3M73VAkW3vaCs= =6i4A -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Fri Dec 21 22:53:19 2007 From: ka at pacific.net (Ken A) Date: Fri Dec 21 22:53:27 2007 Subject: 3rd party clamav sigs Message-ID: <476C43DF.6020809@pacific.net> I had a corrupt clamav sig cause mail to stop flowing early this am. I had about 30k emails in queues to catch up on. Thankfully, once MailScanner started going through them, it only took a couple hours to catch up! The problem was traced to a shell script 'scamp.sh' from the sanesecurity site that downloads the sigs and unpacks them. Somehow it was corrupting them one of them. Downloading and unpacking manually worked fine. :-\ In any case, I visited the sanesecurity site and there's a new version of the script - updated this month. So, in testing it, I'm seeing it grabbing sigs from a few other sites. Sanesecurity and MSRBL have been good in the past, but I'm not sure about the others. Any opinions or experiences with these sources below? Thanks, Ken # Files updated: # honeynet.hdb.gz (securiteinfo.com) # mbl.db (Malware.com.br) # MSRBL-Images.hdb (MSRBL.com) # MSRBL-SPAM.ndb (MSRBL.com) # MSRBL-SPAM-CR.ndb (MSRBL.com) # phish.ndb.gz (sanesecurity.com) # scam.ndb.gz (sanesecurity.com) # securiteinfo.hdb.gz (securiteinfo.com) # vx.hdb.gz (securiteinfo.com) -- Ken Anderson Pacific.Net From gerard at seibercom.net Fri Dec 21 23:31:11 2007 From: gerard at seibercom.net (Gerard) Date: Fri Dec 21 23:31:14 2007 Subject: 3rd party clamav sigs In-Reply-To: <476C43DF.6020809@pacific.net> References: <476C43DF.6020809@pacific.net> Message-ID: <20071221182721.6DF8.A38C9147@seibercom.net> > On December 21, 2007 at 05:53PM Ken A wrote: > In any case, I visited the sanesecurity site and there's a new version > of the script - updated this month. So, in testing it, I'm seeing it > grabbing sigs from a few other sites. > > Sanesecurity and MSRBL have been good in the past, but I'm not sure > about the others. Any opinions or experiences with these sources below? > > Thanks, > Ken > > > # Files updated: > # honeynet.hdb.gz (securiteinfo.com) > # mbl.db (Malware.com.br) > # MSRBL-Images.hdb (MSRBL.com) > # MSRBL-SPAM.ndb (MSRBL.com) > # MSRBL-SPAM-CR.ndb (MSRBL.com) > # phish.ndb.gz (sanesecurity.com) > # scam.ndb.gz (sanesecurity.com) > # securiteinfo.hdb.gz (securiteinfo.com) > # vx.hdb.gz (securiteinfo.com) Hi Ken, I wrote that script. In the script, you will notice that "MSRBL-SPAM-CR.ndb (MSRBL.com)" is disabled by default. There is a link to a site that details why it might not be appropriate for you use. The other sites have never given me any problems. -- Ciao, Gerard "A Merry Christmas to all of my friends, except two." -- Attributed to W. C. Fields, American comedian From shuttlebox at gmail.com Sat Dec 22 00:33:49 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Dec 22 00:33:57 2007 Subject: Problem with HTML disarm In-Reply-To: <476C413F.101@ecs.soton.ac.uk> References: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> <476BF5C0.4040102@vanderkooij.org> <476C413F.101@ecs.soton.ac.uk> Message-ID: <625385e30712211633n3c714cd9x39f0c1a82fd6281d@mail.gmail.com> On Dec 21, 2007 11:42 PM, Julian Field wrote: > I'll try to get this out for 1st Jan, it will give me something to do > over Christmas. If anyone wants to send me some very nice brandy for > Christmas, they are most welcome... :-) I could send you a nice bottle of Swedish cognac made by a customer of yours. :-) How would I do that, order it from an online shop in the UK or what? Mail me offlist if interested. -- /peter From kc5goi at gmail.com Sat Dec 22 03:30:46 2007 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Sat Dec 22 03:30:57 2007 Subject: hold folder not getting processed Message-ID: I need some advice. I did an upgrade to 2.4.5 of postfix thursday, I am using 4.46.2 of mailscanner. I have the header_checks pointing to the header_check file for the HOLD. The mail goes to the hold queue but stays there. The logfile says mailscanner is working but you never see it scan and the mail stays in the hold queue. incoming mail queue points to /var/spool/postfix/hold. Postfix owns that folder. Mailscanner is told to run as postfix. What could cause mailscanner to not look at this folder for processing? I doubt this is a postfix issue since the folder gets contents as it comes in If I remove the entry in the postfix main.cf that moves mail to the hold queue, mail is delivered. That rules out postfix courier as the issue. I suspect a permissions issue but since the owner is postifx, I am at a loss to explain this. . -- 73 Guy Story KC5GOI kc5goi@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071221/504579c0/attachment.html From gmane at tippingmar.com Sat Dec 22 05:14:38 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Dec 22 05:15:07 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <476B7AF8.5070105@ecs.soton.ac.uk> References: <476ADE23.6030505@ecs.soton.ac.uk> <476B7AF8.5070105@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Fixed. thanks for spotting that one. When running the installer on a system that already has clamavmodule 0.20 and spamassassin 3.2.3 installed, will the script rebuild and install the patched clamavmodule and patched spamassassin or will it just say "oh, good, module foo is already installed"? I'm hoping it will replace clamavmodule with one that works for clamav 0.92 and I'm hoping it will replace my spamassassin 3.2.3 with the new patched version of 3.2.3. I wasn't paying close attention when I ran the script, but in retrospect I'm not convinced it installed the new versions. Correct me if I'm wrong. Thanks, Mark From hvdkooij at vanderkooij.org Sat Dec 22 08:48:14 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Dec 22 08:48:42 2007 Subject: hold folder not getting processed In-Reply-To: References: Message-ID: <476CCF4E.1030302@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guy Story KC5GOI wrote: > I need some advice. I did an upgrade to 2.4.5 of postfix thursday, I am > using 4.46.2 of mailscanner. I have the header_checks pointing to the > header_check file for the HOLD. The mail goes to the hold queue but > stays there. The logfile says mailscanner is working but you never see > it scan and the mail stays in the hold queue. You went for the latest postfix but are running an older MailScanner. I guess you feel the obvious answer coming right around the corner. ..... Upgrade MailScanner to a version that suports this version of postfix. I think that you will find that the latest version (4.65 at the moment) will work nicely. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHbM9MBvzDRVjxmYERArhPAJ4pGOzgAwIgyt14qW/XnNst84itGACfRTct ittRMPdq75UYfXtWZq78gkk= =8WLJ -----END PGP SIGNATURE----- From drew.marshall at technologytiger.net Sat Dec 22 10:06:47 2007 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sat Dec 22 10:07:08 2007 Subject: hold folder not getting processed In-Reply-To: <476CCF4E.1030302@vanderkooij.org> References: <476CCF4E.1030302@vanderkooij.org> Message-ID: <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> On Sat, 22 Dec 2007 09:48:14 +0100, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Guy Story KC5GOI wrote: >> I need some advice. I did an upgrade to 2.4.5 of postfix thursday, I am >> using 4.46.2 of mailscanner. I have the header_checks pointing to the >> header_check file for the HOLD. The mail goes to the hold queue but >> stays there. The logfile says mailscanner is working but you never see >> it scan and the mail stays in the hold queue. > > You went for the latest postfix but are running an older MailScanner. I > guess you feel the obvious answer coming right around the corner. > > ..... > > Upgrade MailScanner to a version that suports this version of postfix. I > think that you will find that the latest version (4.65 at the moment) > will work nicely. And also have a read of the wiki here http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation with particular attention to queue hash depths. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Tiger Mail www.technologytiger.net/tigermail from Technology Tiger. Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From MailScanner at ecs.soton.ac.uk Sat Dec 22 12:14:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Dec 22 12:14:52 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: References: <476ADE23.6030505@ecs.soton.ac.uk> <476B7AF8.5070105@ecs.soton.ac.uk> Message-ID: <476CFFA2.9050400@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Fixed. thanks for spotting that one. > > When running the installer on a system that already has clamavmodule > 0.20 and spamassassin 3.2.3 installed, will the script rebuild and > install the patched clamavmodule and patched spamassassin or will it > just say "oh, good, module foo is already installed"? I'm hoping it > will replace clamavmodule with one that works for clamav 0.92 and I'm > hoping it will replace my spamassassin 3.2.3 with the new patched > version of 3.2.3. Fair point, it will just say "oh good". I'll add a command-line "force" option to it or something. What's the best you of doing this, do you think? Just always force SA and Mail::ClamAV? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHbP+oEfZZRxQVtlQRAi6pAKD2Wq6OYpnd2sQZDxtXIrFJF0xftgCfVFlx 7PmyN4VsrnFDVrtaK0WQk74= =uADm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Sat Dec 22 16:16:36 2007 From: ka at pacific.net (Ken A) Date: Sat Dec 22 16:16:44 2007 Subject: 3rd party clamav sigs In-Reply-To: <20071221182721.6DF8.A38C9147@seibercom.net> References: <476C43DF.6020809@pacific.net> <20071221182721.6DF8.A38C9147@seibercom.net> Message-ID: <476D3864.3020600@pacific.net> Gerard wrote: >> On December 21, 2007 at 05:53PM Ken A wrote: > >> In any case, I visited the sanesecurity site and there's a new version >> of the script - updated this month. So, in testing it, I'm seeing it >> grabbing sigs from a few other sites. >> >> Sanesecurity and MSRBL have been good in the past, but I'm not sure >> about the others. Any opinions or experiences with these sources below? >> >> Thanks, >> Ken >> >> >> # Files updated: >> # honeynet.hdb.gz (securiteinfo.com) >> # mbl.db (Malware.com.br) >> # MSRBL-Images.hdb (MSRBL.com) >> # MSRBL-SPAM.ndb (MSRBL.com) >> # MSRBL-SPAM-CR.ndb (MSRBL.com) >> # phish.ndb.gz (sanesecurity.com) >> # scam.ndb.gz (sanesecurity.com) >> # securiteinfo.hdb.gz (securiteinfo.com) >> # vx.hdb.gz (securiteinfo.com) > > Hi Ken, > > I wrote that script. In the script, you will notice that "MSRBL-SPAM-CR.ndb (MSRBL.com)" > is disabled by default. There is a link to a site that details why it might > not be appropriate for you use. The other sites have never given me any > problems. > > Hi Gerard, Thanks for the script! It really is nice to catch this stuff with clamav but of course there is more concern about false positives since we delete viruses. So far so good.. :-) Ken -- Ken Anderson Pacific.Net From jan-peter at koopmann.eu Sat Dec 22 17:01:39 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sat Dec 22 17:01:59 2007 Subject: 3rd party clamav sigs In-Reply-To: <20071221182721.6DF8.A38C9147@seibercom.net> References: <476C43DF.6020809@pacific.net> <20071221182721.6DF8.A38C9147@seibercom.net> Message-ID: <5F9EB2B0731E5B4D88FC20780DFD16100895A2@DE-SEXB01RZ.intern.seceidos.de> Hi, > > In any case, I visited the sanesecurity site and there's a new > version > > of the script - updated this month. So, in testing it, I'm seeing it > > grabbing sigs from a few other sites. Any news on that? I am using the same script and getting the same error on phish.ndb. Is this a script problem or a problem on sanesecurity? Regards, JP From ka at pacific.net Sat Dec 22 18:00:34 2007 From: ka at pacific.net (Ken A) Date: Sat Dec 22 18:00:42 2007 Subject: 3rd party clamav sigs In-Reply-To: <5F9EB2B0731E5B4D88FC20780DFD16100895A2@DE-SEXB01RZ.intern.seceidos.de> References: <476C43DF.6020809@pacific.net> <20071221182721.6DF8.A38C9147@seibercom.net> <5F9EB2B0731E5B4D88FC20780DFD16100895A2@DE-SEXB01RZ.intern.seceidos.de> Message-ID: <476D50C2.8020804@pacific.net> Koopmann, Jan-Peter wrote: > Hi, > >>> In any case, I visited the sanesecurity site and there's a new >> version >>> of the script - updated this month. So, in testing it, I'm seeing it >>> grabbing sigs from a few other sites. > > Any news on that? I am using the same script and getting the same error > on phish.ndb. Is this a script problem or a problem on sanesecurity? > > Regards, > JP Suggest you grab the new script. I didn't spend the time necessary to figure out why the old one was corrupting the db, but it appeared to be the problem, since when I just used wget and gunzip, the phish.ndb loaded fine. Ken -- Ken Anderson Pacific.Net From gerard at seibercom.net Sat Dec 22 22:40:44 2007 From: gerard at seibercom.net (Gerard) Date: Sat Dec 22 22:41:05 2007 Subject: 3rd party clamav sigs In-Reply-To: <476D50C2.8020804@pacific.net> References: <476C43DF.6020809@pacific.net> <20071221182721.6DF8.A38C9147@seibercom.net> <5F9EB2B0731E5B4D88FC20780DFD16100895A2@DE-SEXB01RZ.intern.seceidos.de> <476D50C2.8020804@pacific.net> Message-ID: <20071222174044.038bb3b4@scorpio> On Sat, 22 Dec 2007 12:00:34 -0600 Ken A wrote: [ snip ] > Suggest you grab the new script. I didn't spend the time necessary to > figure out why the old one was corrupting the db, but it appeared to > be the problem, since when I just used wget and gunzip, the phish.ndb > loaded fine. I don't believe the script had anything to do with it, unless you had a very old version. The original script did not check the file to insure it was not corrupt; the newer versions do. I have been receiving that same error sporadically myself. I analyzed the files and even downloaded them manually myself. It seems that one of the mirrors is distributing a corrupt file. Try downloading it four or five times in successions, and at least one copy comes in at something like 13 bytes or there about. Obviously bonked. Perhaps Steve can look into this. It is beyond my field of influence. Sometime next year, I will have a version that automatically retires broken downloads. It won't be for awhile though. I'll post a notice here when I get it completed. -- Gerard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071222/8c158e3a/signature.bin From mark at msapiro.net Sat Dec 22 23:05:18 2007 From: mark at msapiro.net (Mark Sapiro) Date: Sat Dec 22 23:05:33 2007 Subject: Mailscanner generated duplicate message. Message-ID: CentOS 5 Mailscanner 4.65.3 Postfix 2.3.3 This is a fairly new server install, running only a few weeks. Two days ago I received duplicate logwatch messages from the system. The duplication appears to be in Mailscanner. The headers of the two messages are identical and are: Return-Path: X-Original-To: root Delivered-To: root@sbh16.songbird.com Received: by sbh16.songbird.com (Postfix, from userid 0) id 6325C6900A9; Fri, 21 Dec 2007 04:03:47 -0800 (PST) To: root@sbh16.songbird.com From: logwatch@sbh16.songbird.com Subject: Logwatch for sbh16.songbird.com (Linux) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" Message-Id: <20071221120349.6325C6900A9@sbh16.songbird.com> Date: Fri, 21 Dec 2007 04:02:47 -0800 (PST) The relevant maillog entries are: Dec 21 04:03:49 sbh16 postfix/pickup[2954]: 6325C6900A9: uid=0 from= Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: hold: header Received: by sbh16.songbird.com (Postfix, from userid 0)??id 6325C6900A9; Fri, 21 Dec 2007 04:03:47 -0800 (PST) from local; from= Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: message-id=<20071221120349.6325C6900A9@sbh16.songbird.com> Dec 21 04:03:54 sbh16 MailScanner[2858]: New Batch: Scanning 1 messages, 43244 bytes Dec 21 04:03:54 sbh16 MailScanner[2858]: Requeue: 6325C6900A9.B64EF to 7903D6900A4 Dec 21 04:03:54 sbh16 postfix/qmgr[8765]: 7903D6900A4: from=, size=43045, nrcpt=1 (queue active) Dec 21 04:03:54 sbh16 MailScanner[2858]: Unscanned: Delivered 1 messages Dec 21 04:03:54 sbh16 MailScanner[2858]: Virus and Content Scanning: Starting Dec 21 04:03:54 sbh16 MailScanner[2945]: New Batch: Scanning 1 messages, 0 bytes Dec 21 04:03:56 sbh16 postfix/local[3483]: 7903D6900A4: to=, orig_to=, relay=local, delay=70, delays=67/0.02/0/2.5, dsn=2.0.0, status=sent (delivered to mailbox) Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 7903D6900A4: removed Dec 21 04:03:57 sbh16 MailScanner[2945]: Expired 2 records from the SpamAssassin cache Dec 21 04:03:57 sbh16 MailScanner[2945]: Requeue: 6325C6900A9.61B5E to 1E7946900A4 Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: from=, size=43045, nrcpt=1 (queue active) Dec 21 04:03:57 sbh16 MailScanner[2945]: Unscanned: Delivered 1 messages Dec 21 04:03:57 sbh16 MailScanner[2945]: Virus and Content Scanning: Starting Dec 21 04:03:57 sbh16 postfix/local[3483]: 1E7946900A4: to=, orig_to=, relay=local, delay=71, delays=71/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: removed Note that the message was not actually scanned because Scan Messages = %rules-dir%/scan.messages.rules and the following is in %rules-dir%/scan.messages.rules From: 127.0.0.1 no It appears that the same incoming message was processed from the hold queue by two MailScanner children (pids 2858 and 2945). Perhaps I am missing some locking or other setting in my MailScanner.conf that is enabling a race condition. Can anyone help? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From gmane at tippingmar.com Sun Dec 23 01:12:00 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Sun Dec 23 01:21:34 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <476CFFA2.9050400@ecs.soton.ac.uk> References: <476ADE23.6030505@ecs.soton.ac.uk> <476B7AF8.5070105@ecs.soton.ac.uk> <476CFFA2.9050400@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Mark Nienberg wrote: >> When running the installer on a system that already has clamavmodule >> 0.20 and spamassassin 3.2.3 installed, will the script rebuild and >> install the patched clamavmodule and patched spamassassin or will it >> just say "oh, good, module foo is already installed"? I'm hoping it >> will replace clamavmodule with one that works for clamav 0.92 and I'm >> hoping it will replace my spamassassin 3.2.3 with the new patched >> version of 3.2.3. > Fair point, it will just say "oh good". I'll add a command-line "force" > option to it or something. What's the best you of doing this, do you > think? Just always force SA and Mail::ClamAV? There have been other times in the past when a new version of clamav required a rebuild of clamavmodule, so I would be in favor of forcing clamavmodule whenever clamav is being installed. Spamassassin is a more time consuming to install so it would be nice not to have it done unnecessarily, but I'm not sure how. Mark From micoots at yahoo.com Sun Dec 23 01:52:24 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Dec 23 01:52:35 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <476CFFA2.9050400@ecs.soton.ac.uk> Message-ID: <782312.76865.qm@web33312.mail.mud.yahoo.com> Hi Jules, > Mark Nienberg wrote: > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Fixed. thanks for spotting that one. > > > > When running the installer on a system that > already has clamavmodule > > 0.20 and spamassassin 3.2.3 installed, will the > script rebuild and > > install the patched clamavmodule and patched > spamassassin or will it > > just say "oh, good, module foo is already > installed"? I'm hoping it > > will replace clamavmodule with one that works for > clamav 0.92 and I'm > > hoping it will replace my spamassassin 3.2.3 with > the new patched > > version of 3.2.3. > Fair point, it will just say "oh good". I'll add a > command-line "force" > option to it or something. What's the best you of > doing this, do you > think? Just always force SA and Mail::ClamAV? It's my understanding that re-installing Mail::ClamAV will have no effect anyway and will likely break clamavmodule. Mail::ClamAV requires the libclamav.so.2 module which clamav 0.92 does not have (clamav 0.92 has libclamav.so.3), so if you're using Mail::ClamAV 0.20 and clamav 0.92, it just won't work. You need to stay with 0.91.x or move to clamd. I have spoken to the author of Mail::ClamAV and he has said he'll release a new version of Mail::ClamAV after the new year break which will be compatible with clamav 0.92. I personally use clamav and perl-Mail-ClamAV from RPMforge and this topic has been the discussion recently int he users@lists.rpmforge.net mailing list. Regards, Michael. > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at > www.MailScanner.info/store > > MailScanner customisation, or any advanced system > administration help? > Contact me at Jules@Jules.FM Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From kc5goi at gmail.com Sun Dec 23 05:28:35 2007 From: kc5goi at gmail.com (Guy Story) Date: Sun Dec 23 05:28:30 2007 Subject: hold folder not getting processed In-Reply-To: <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> Message-ID: <476DF203.4040402@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I tried the hash suggestion in the wiki and that did not fix the problem. I am using Ubuntu and would have thought that this would not have been an issue. I found a Debian package that is 4.55. I want to copy of the VM I have my mail server running in first then install the Debian package. If that breaks anything, I can just copy over the backup vm and press it back into service while I look for the answer. Monday is when I will try to take this on. I do not want to fall in a trap with dependencies by using the source package. I can use a copy of the VM to test that out and see what happens from there as well. I did triple check permissions today and I have a 770 for postfix user and group on the hold and incoming folders. That was a wild guess and it failed. I tried to use debug mode by starting MailScanner with - --debug but that generated a compile error and refused to start. Check_mailscanner does show active processes when I start MailScanner from init.d. It is like MailScanner has lost the path is should use, and I have checked that in MailScanner.conf or there is a permissions issue. When MailScanner is running, the hold queue folder never clears the folder and move clean mail to incoming. I have checked to make sure MailScanner.conf does not have more than once copy present on the system. MailScanner.conf has 744 on it with root as the owner. My guess is one of 3 things, either the hold folder contents is not in a valid format, MailScanner is ignoring the line that says where hold is or the portion of MailScanner that does the scanning is not functioning anymore. The last one seems unlikely. Hugo, I see your point. For my sanity, I want to use the Debian package. Since this is an Ubuntu box, there should not be an issue and any dependencies should be resolved. Guy >> Guy Story KC5GOI wrote: >>> I need some advice. I did an upgrade to 2.4.5 of postfix thursday, I am >>> using 4.46.2 of mailscanner. I have the header_checks pointing to the >>> header_check file for the HOLD. The mail goes to the hold queue but >>> stays there. The logfile says mailscanner is working but you never see >>> it scan and the mail stays in the hold queue. >> You went for the latest postfix but are running an older MailScanner. I >> guess you feel the obvious answer coming right around the corner. >> >> ..... >> >> Upgrade MailScanner to a version that suports this version of postfix. I >> think that you will find that the latest version (4.65 at the moment) >> will work nicely. > > And also have a read of the wiki here > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > with particular attention to queue hash depths. > > Drew -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHbfIDR5em5LitiYoRAuavAJ44cbuu7LO5eysdjNKhqTLhk2ScsQCeM+au 5f8VNsQOhvJU1ah0iUC841A= =k/q6 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sun Dec 23 09:29:34 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Dec 23 09:30:15 2007 Subject: hold folder not getting processed In-Reply-To: <476DF203.4040402@gmail.com> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> Message-ID: <476E2A7E.8000303@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guy Story wrote: > I tried the hash suggestion in the wiki and that did not fix the > problem. I am using Ubuntu and would have thought that this would not > have been an issue. I found a Debian package that is 4.55. I want to > copy of the VM I have my mail server running in first then install the > Debian package. If that breaks anything, I can just copy over the > backup vm and press it back into service while I look for the answer. > Monday is when I will try to take this on. I do not want to fall in a > trap with dependencies by using the source package. I can use a copy of > the VM to test that out and see what happens from there as well. I suggest you build your deb file or notify the package maintainer. But I feel you have proven Jules point about external maintenance of MailScanner packages. Please read the Changelog (http://www.mailscanner.info/ChangeLog) and see that 4.60.8-1 is your minimal required version. If you run a packaged version the packager should keep up or write up a fixed set of versions. I suggest you file a bug at the Unbuntu repository. The maintainer should not allow postfix > 2.2 if MailScanner < 4.60.8 Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHbip7BvzDRVjxmYERAnlRAJwLGK95/bzBDLfV9opeQvBcEfrOrACgpxuF 9/V1vY0Y7GRodboTlamN9Ik= =NV11 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sun Dec 23 09:40:57 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Dec 23 09:41:34 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: References: Message-ID: <476E2D29.1050802@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > CentOS 5 > Mailscanner 4.65.3 > Postfix 2.3.3 > > This is a fairly new server install, running only a few weeks. What changes have you made to the config? Did you verify that ony one instance of MailScanner was started and that it is starting postfix and postfix is not started by itself? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHbi0nBvzDRVjxmYERAhuvAKCv0Uu0IfRRqj1ebLQe3zA8Ee9fdQCfdL2v ohP0vEv27mYkIZFxTN2AcSg= =DdZT -----END PGP SIGNATURE----- From glenn.steen at gmail.com Sun Dec 23 10:43:11 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 23 10:43:21 2007 Subject: hold folder not getting processed In-Reply-To: <476E2A7E.8000303@vanderkooij.org> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> <476E2A7E.8000303@vanderkooij.org> Message-ID: <223f97700712230243s3d64272bw38812ee0d7b9a8d7@mail.gmail.com> On 23/12/2007, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Guy Story wrote: > > > I tried the hash suggestion in the wiki and that did not fix the > > problem. I am using Ubuntu and would have thought that this would not > > have been an issue. I found a Debian package that is 4.55. I want to > > copy of the VM I have my mail server running in first then install the > > Debian package. If that breaks anything, I can just copy over the > > backup vm and press it back into service while I look for the answer. > > Monday is when I will try to take this on. I do not want to fall in a > > trap with dependencies by using the source package. I can use a copy of > > the VM to test that out and see what happens from there as well. > > I suggest you build your deb file or notify the package maintainer. But > I feel you have proven Jules point about external maintenance of > MailScanner packages. > > Please read the Changelog (http://www.mailscanner.info/ChangeLog) and > see that 4.60.8-1 is your minimal required version. > > If you run a packaged version the packager should keep up or write up a > fixed set of versions. > > I suggest you file a bug at the Unbuntu repository. The maintainer > should not allow postfix > 2.2 if MailScanner < 4.60.8 > > Hugo. > Quite true, Hugo. I personally find the lag in the .deb packaging very strange... Since someone has made the effort to package the latest postfix, they should be willing to do the same for MS... Oh well, "niche product" comes to mind:-/... If I had the time, I would do it myself, just to give an easy alternative... But since I don't really use any Debian derivatives in production systems ... it's likely not going to happen. Not from me at least. The only viable option, if one wants to use the latest PF and the milter support it provides, is to use the source tarball and the debian-ized init script that Jules provides separately. We've had reports that this cures any problems between PF 2.4.x/MS ... If one doesn't need the latest functionality of PF, one really don't need upgrade;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Dec 23 10:49:33 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 23 10:49:44 2007 Subject: hold folder not getting processed In-Reply-To: <476DF203.4040402@gmail.com> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> Message-ID: <223f97700712230249v5426c644m18cb49b9f48fef06@mail.gmail.com> On 23/12/2007, Guy Story wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I tried the hash suggestion in the wiki and that did not fix the > problem. I am using Ubuntu and would have thought that this would not > have been an issue. I found a Debian package that is 4.55. I want to > copy of the VM I have my mail server running in first then install the > Debian package. If that breaks anything, I can just copy over the > backup vm and press it back into service while I look for the answer. > Monday is when I will try to take this on. I do not want to fall in a > trap with dependencies by using the source package. I can use a copy of > the VM to test that out and see what happens from there as well. > > I did triple check permissions today and I have a 770 for postfix user > and group on the hold and incoming folders. That was a wild guess and > it failed. I tried to use debug mode by starting MailScanner with > - --debug but that generated a compile error and refused to start. > > Check_mailscanner does show active processes when I start MailScanner > from init.d. It is like MailScanner has lost the path is should use, > and I have checked that in MailScanner.conf or there is a permissions > issue. When MailScanner is running, the hold queue folder never clears > the folder and move clean mail to incoming. > > I have checked to make sure MailScanner.conf does not have more than > once copy present on the system. MailScanner.conf has 744 on it with > root as the owner. > > My guess is one of 3 things, either the hold folder contents is not in a > valid format, MailScanner is ignoring the line that says where hold is > or the portion of MailScanner that does the scanning is not functioning > anymore. The last one seems unlikely. > > Hugo, I see your point. For my sanity, I want to use the Debian > package. Since this is an Ubuntu box, there should not be an issue and > any dependencies should be resolved. > > Guy The problem is very likely that the format changes to the queue files PF 2.4 has ... makes MS (4.46... Old... 4.55... not much better....Sigh) ignore the files. ATM there really is no solution other than a) backdate PF to a 2.2 version, or b) "upgrade" MailScanner to the latest, using the source tarball .... The relevant init script is available on the download page as well. ... unless you feel like stepping up to the plate and doing thepackaging of MS yourself:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Dec 23 10:59:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 23 10:59:59 2007 Subject: Problem with HTML disarm In-Reply-To: <625385e30712211633n3c714cd9x39f0c1a82fd6281d@mail.gmail.com> References: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> <476BF5C0.4040102@vanderkooij.org> <476C413F.101@ecs.soton.ac.uk> <625385e30712211633n3c714cd9x39f0c1a82fd6281d@mail.gmail.com> Message-ID: <223f97700712230259p8a97873he111cabadff5dccd@mail.gmail.com> On 22/12/2007, shuttlebox wrote: > On Dec 21, 2007 11:42 PM, Julian Field wrote: > > I'll try to get this out for 1st Jan, it will give me something to do > > over Christmas. If anyone wants to send me some very nice brandy for > > Christmas, they are most welcome... :-) > > I could send you a nice bottle of Swedish cognac made by a customer of > yours. :-) How would I do that, order it from an online shop in the > UK or what? Mail me offlist if interested. > Is Gr?nstedts/Vin&Sprit using MailScanner? Cool....! Or did you have someone else in mind...? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Dec 23 11:13:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 23 11:13:18 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: References: Message-ID: <223f97700712230313k4d3541a7hf437eca978814e03@mail.gmail.com> On 23/12/2007, Mark Sapiro wrote: > CentOS 5 > Mailscanner 4.65.3 > Postfix 2.3.3 > > This is a fairly new server install, running only a few weeks. > > Two days ago I received duplicate logwatch messages from the system. > The duplication appears to be in Mailscanner. The headers of the two > messages are identical and are: > > Return-Path: > X-Original-To: root > Delivered-To: root@sbh16.songbird.com > Received: by sbh16.songbird.com (Postfix, from userid 0) > id 6325C6900A9; Fri, 21 Dec 2007 04:03:47 -0800 (PST) > To: root@sbh16.songbird.com > From: logwatch@sbh16.songbird.com > Subject: Logwatch for sbh16.songbird.com (Linux) > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Type: text/plain; charset="iso-8859-1" > Message-Id: <20071221120349.6325C6900A9@sbh16.songbird.com> > Date: Fri, 21 Dec 2007 04:02:47 -0800 (PST) > > > The relevant maillog entries are: > > Dec 21 04:03:49 sbh16 postfix/pickup[2954]: 6325C6900A9: uid=0 > from= > Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: hold: header > Received: > by sbh16.songbird.com (Postfix, from userid 0)??id 6325C6900A9; Fri, > 21 Dec 2007 04:03:47 -0800 (PST) from local; > from= > Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: > message-id=<20071221120349.6325C6900A9@sbh16.songbird.com> > Dec 21 04:03:54 sbh16 MailScanner[2858]: New Batch: Scanning 1 > messages, 43244 bytes > Dec 21 04:03:54 sbh16 MailScanner[2858]: Requeue: 6325C6900A9.B64EF to > 7903D6900A4 > Dec 21 04:03:54 sbh16 postfix/qmgr[8765]: 7903D6900A4: > from=, size=43045, nrcpt=1 (queue active) > Dec 21 04:03:54 sbh16 MailScanner[2858]: Unscanned: Delivered 1 messages > Dec 21 04:03:54 sbh16 MailScanner[2858]: Virus and Content Scanning: > Starting > Dec 21 04:03:54 sbh16 MailScanner[2945]: New Batch: Scanning 1 > messages, 0 bytes > Dec 21 04:03:56 sbh16 postfix/local[3483]: 7903D6900A4: > to=, orig_to=, relay=local, delay=70, > delays=67/0.02/0/2.5, dsn=2.0.0, status=sent (delivered to mailbox) > Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 7903D6900A4: removed > Dec 21 04:03:57 sbh16 MailScanner[2945]: Expired 2 records from the > SpamAssassin cache > Dec 21 04:03:57 sbh16 MailScanner[2945]: Requeue: 6325C6900A9.61B5E to > 1E7946900A4 > Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: > from=, size=43045, nrcpt=1 (queue active) > Dec 21 04:03:57 sbh16 MailScanner[2945]: Unscanned: Delivered 1 messages > Dec 21 04:03:57 sbh16 MailScanner[2945]: Virus and Content Scanning: > Starting > Dec 21 04:03:57 sbh16 postfix/local[3483]: 1E7946900A4: > to=, orig_to=, relay=local, delay=71, > delays=71/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) > Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: removed > > > Note that the message was not actually scanned because > > Scan Messages = %rules-dir%/scan.messages.rules > > and the following is in %rules-dir%/scan.messages.rules > > From: 127.0.0.1 no > > It appears that the same incoming message was processed from the hold > queue by two MailScanner children (pids 2858 and 2945). > > Perhaps I am missing some locking or other setting in my > MailScanner.conf that is enabling a race condition. > > Can anyone help? > Um, I'm not entirely sure these are errors... Have you "massaged" the logs in any way (excluding things you don't think relevant) in any way? Since PF can&will reuse queue IDs, that isn't much to go on... And one wonders if there might've been a quick succession of message-introduction (same message twice)...? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roland at inbox4u.de Sun Dec 23 15:32:25 2007 From: roland at inbox4u.de (Ehle, Roland) Date: Sun Dec 23 15:33:36 2007 Subject: AW: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <476CFFA2.9050400@ecs.soton.ac.uk> References: <476ADE23.6030505@ecs.soton.ac.uk> <476B7AF8.5070105@ecs.soton.ac.uk> <476CFFA2.9050400@ecs.soton.ac.uk> Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F91B17811F74@ts-dc2.TS-Webarts.local> Julian Field wrote: > Mark Nienberg wrote: > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Fixed. thanks for spotting that one. > > > > When running the installer on a system that already has clamavmodule > > 0.20 and spamassassin 3.2.3 installed, will the script rebuild and > > install the patched clamavmodule and patched spamassassin or will it > > just say "oh, good, module foo is already installed"? I'm hoping it > > will replace clamavmodule with one that works for clamav 0.92 and I'm > > hoping it will replace my spamassassin 3.2.3 with the new patched > > version of 3.2.3. > Fair point, it will just say "oh good". I'll add a command-line "force" > option to it or something. What's the best you of doing this, do you > think? Just always force SA and Mail::ClamAV? Hi everybody, to keep Jules away from keyboard und have him taking a rest during the holidays, a small howto. If you have spamassassin 3.23 already installed follow these steps to install the new patched version: 1. Download http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz 2. unpack the package and change to directory install-Clam-0.92-SA-3.2.3.tar.gz 3. change to subdirectory perl-tar 4. unpack Mail-SpamAssassin-3.2.3.tar.gz 5. change to subdirectory Mail-SpamAssassin-3.2.3 6. perl Makefile.PL 7. rm -f t/spamc* 8. rm -f t/spamd* 9. make 10. make test 11. make install These steps are copied from the originall install.sh and functions.sh. Merry Christmas to everybody here, especially to Jules and thank you very much for you effort and work in 2007. Regards, Roland From mark at msapiro.net Sun Dec 23 16:51:12 2007 From: mark at msapiro.net (Mark Sapiro) Date: Sun Dec 23 16:51:31 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <223f97700712230313k4d3541a7hf437eca978814e03@mail.gmail.com> Message-ID: Glenn Steen wrote: >On 23/12/2007, Mark Sapiro wrote: >> CentOS 5 >> Mailscanner 4.65.3 >> Postfix 2.3.3 >> >> This is a fairly new server install, running only a few weeks. >> >> Two days ago I received duplicate logwatch messages from the system. >> The duplication appears to be in Mailscanner. The headers of the two >> messages are identical and are: >> >> Return-Path: >> X-Original-To: root >> Delivered-To: root@sbh16.songbird.com >> Received: by sbh16.songbird.com (Postfix, from userid 0) >> id 6325C6900A9; Fri, 21 Dec 2007 04:03:47 -0800 (PST) >> To: root@sbh16.songbird.com >> From: logwatch@sbh16.songbird.com >> Subject: Logwatch for sbh16.songbird.com (Linux) >> MIME-Version: 1.0 >> Content-Transfer-Encoding: 7bit >> Content-Type: text/plain; charset="iso-8859-1" >> Message-Id: <20071221120349.6325C6900A9@sbh16.songbird.com> >> Date: Fri, 21 Dec 2007 04:02:47 -0800 (PST) >> >> >> The relevant maillog entries are: >> >> Dec 21 04:03:49 sbh16 postfix/pickup[2954]: 6325C6900A9: uid=0 >> from= >> Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: hold: header >> Received: >> by sbh16.songbird.com (Postfix, from userid 0)??id 6325C6900A9; Fri, >> 21 Dec 2007 04:03:47 -0800 (PST) from local; >> from= >> Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: >> message-id=<20071221120349.6325C6900A9@sbh16.songbird.com> >> Dec 21 04:03:54 sbh16 MailScanner[2858]: New Batch: Scanning 1 >> messages, 43244 bytes >> Dec 21 04:03:54 sbh16 MailScanner[2858]: Requeue: 6325C6900A9.B64EF to >> 7903D6900A4 >> Dec 21 04:03:54 sbh16 postfix/qmgr[8765]: 7903D6900A4: >> from=, size=43045, nrcpt=1 (queue active) >> Dec 21 04:03:54 sbh16 MailScanner[2858]: Unscanned: Delivered 1 messages >> Dec 21 04:03:54 sbh16 MailScanner[2858]: Virus and Content Scanning: >> Starting >> Dec 21 04:03:54 sbh16 MailScanner[2945]: New Batch: Scanning 1 >> messages, 0 bytes >> Dec 21 04:03:56 sbh16 postfix/local[3483]: 7903D6900A4: >> to=, orig_to=, relay=local, delay=70, >> delays=67/0.02/0/2.5, dsn=2.0.0, status=sent (delivered to mailbox) >> Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 7903D6900A4: removed >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Expired 2 records from the >> SpamAssassin cache >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Requeue: 6325C6900A9.61B5E to >> 1E7946900A4 >> Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: >> from=, size=43045, nrcpt=1 (queue active) >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Unscanned: Delivered 1 messages >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Virus and Content Scanning: >> Starting >> Dec 21 04:03:57 sbh16 postfix/local[3483]: 1E7946900A4: >> to=, orig_to=, relay=local, delay=71, >> delays=71/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) >> Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: removed >> >Um, I'm not entirely sure these are errors... Have you "massaged" the >logs in any way (excluding things you don't think relevant) in any >way? Yes, I removed one entry from the above sequence having to do with an unrelated message Dec 21 04:03:50 sbh16 postfix/smtpd[3017]: disconnect from dsl-207-112-4-156.tor.primus.ca[207.112.4.156] The two prior entries for that message were Dec 21 04:03:47 sbh16 postfix/smtpd[3017]: connect from dsl-207-112-4-156.tor.primus.ca[207.112.4.156] Dec 21 04:03:49 sbh16 postfix/smtpd[3017]: NOQUEUE: reject: RCPT from dsl-207-112-4-156.tor.primus.ca[207.112.4.156]: 550 5.1.1 : Recipient address rejected: User unknown in virtual alias table; from= to= proto=ESMTP helo= >Since PF can&will reuse queue IDs, that isn't much to go on... And one >wonders if there might've been a quick succession of >message-introduction (same message twice)...? The previous introduction of a message from root was 24 hours earlier Dec 20 04:03:18 sbh16 postfix/cleanup[7992]: 463B46900A4: hold: header Received: by sbh16.songbird.com (Postfix, from userid 0)??id 463B46900A4; Thu, 20 Dec 2007 04:03:17 -0800 (PST) from local; from=. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Sun Dec 23 17:03:24 2007 From: mark at msapiro.net (Mark Sapiro) Date: Sun Dec 23 17:03:49 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476E2D29.1050802@vanderkooij.org> Message-ID: Hugo van der Kooij wrote: > >Mark Sapiro wrote: >> CentOS 5 >> Mailscanner 4.65.3 >> Postfix 2.3.3 >> >> This is a fairly new server install, running only a few weeks. > >What changes have you made to the config? [root@sbh16 ~]# diff /etc/MailScanner/MailScanner.conf.orig /etc/MailScanner/MailScanner.conf 58c58 < %org-name% = yoursite --- > %org-name% = GPC 65c65 < %org-long-name% = Your Organisation Name Here --- > %org-long-name% = Grizzly Peak Cyclists 72c72 < %web-site% = www.your-organisation.com --- > %web-site% = sbh16.songbird.com 78c78 < %report-dir% = /etc/MailScanner/reports/en --- > %report-dir% = /etc/MailScanner/reports/local 115c115 < Run As User = --- > Run As User = postfix 120c120 < Run As Group = --- > Run As Group = postfix 149c149 < Incoming Queue Dir = /var/spool/mqueue.in --- > Incoming Queue Dir = /var/spool/postfix/hold 153c153 < Outgoing Queue Dir = /var/spool/mqueue --- > Outgoing Queue Dir = /var/spool/postfix/incoming 180c180 < MTA = sendmail --- > MTA = postfix 185c185 < Sendmail = /usr/sbin/sendmail --- > Sendmail = /usr/sbin/sendmail.postfix 195c195 < Sendmail2 = /usr/sbin/sendmail --- > Sendmail2 = /usr/sbin/sendmail.postfix 309c309 < Scan Messages = yes --- > Scan Messages = %rules-dir%/scan.messages.rules 414c414 < Unrar Command = /usr/bin/unrar --- > #Unrar Command = /usr/bin/unrar 568c568 < Virus Scanners = auto --- > Virus Scanners = clamd 748,749c748,749 < Clamd Socket = /tmp/clamd < Clamd Lock File = # /var/lock/subsys/clamd --- > Clamd Socket = /tmp/clamd.socket > Clamd Lock File = /var/lock/subsys/clamd 1211c1211 < Information Header = X-%org-name%-MailScanner-Information: --- > #Information Header = X-%org-name%-MailScanner-Information: 1258c1258 < Minimum Stars If On Spam List = 0 --- > Minimum Stars If On Spam List = 1 1280c1280 < Always Include SpamAssassin Report = no --- > Always Include SpamAssassin Report = yes 1297c1297 < Hostname = the %org-name% ($HOSTNAME) MailScanner --- > Hostname = the %org-name% MailScanner 1309c1309 < Sign Clean Messages = yes --- > Sign Clean Messages = no 1374c1374,1375 < Notify Senders = yes --- > # Think about this one (Notify Senders) - MAS > Notify Senders = no 1651c1652 < Notices To = postmaster --- > Notices To = msapiro+virus@sbh16.songbird.com 1656c1657 < Local Postmaster = postmaster --- > Local Postmaster = postmaster@sbh16.songbird.com 1771c1772 < Max Spam Check Size = 200k --- > Max Spam Check Size = 400k 1889c1890 < Max SpamAssassin Size = 200k --- > Max SpamAssassin Size = 200k continue 200k 1896c1897 < Required SpamAssassin Score = 6 --- > Required SpamAssassin Score = 5 1902c1903 < High SpamAssassin Score = 10 --- > High SpamAssassin Score = 9 1910c1911 < SpamAssassin Auto Whitelist = yes --- > SpamAssassin Auto Whitelist = no 2076c2077,2078 < Spam Actions = deliver header "X-Spam-Status: Yes" --- > #Spam Actions = deliver header "X-Spam-Status: Yes" > Spam Actions = store forward msapiro+spam@sbh16.songbird.com 2114c2116,2117 < High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" --- > #High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > High Scoring Spam Actions = store 2306,2307c2309,2310 < #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin < SpamAssassin User State Dir = --- > SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > #SpamAssassin User State Dir = 2340c2343 < SpamAssassin Local State Dir = # /var/lib/spamassassin --- > SpamAssassin Local State Dir = /var/lib/spamassassin [root@sbh16 ~]# >Did you verify that ony one instance of MailScanner was started and that >it is starting postfix and postfix is not started by itself? Yes -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Sun Dec 23 18:03:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Dec 23 18:04:10 2007 Subject: AW: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F91B17811F74@ts-dc2.TS-Webarts.local> References: <476ADE23.6030505@ecs.soton.ac.uk> <476B7AF8.5070105@ecs.soton.ac.uk> <476CFFA2.9050400@ecs.soton.ac.uk> <9A519AA4E4FCED4582DCCAEFE0E0C6F91B17811F74@ts-dc2.TS-Webarts.local> Message-ID: <476EA2FF.7090806@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ehle, Roland wrote: > Julian Field wrote: > >> Mark Nienberg wrote: >> >>> Julian Field wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Fixed. thanks for spotting that one. >>>> >>> When running the installer on a system that already has clamavmodule >>> 0.20 and spamassassin 3.2.3 installed, will the script rebuild and >>> install the patched clamavmodule and patched spamassassin or will it >>> just say "oh, good, module foo is already installed"? I'm hoping it >>> will replace clamavmodule with one that works for clamav 0.92 and I'm >>> hoping it will replace my spamassassin 3.2.3 with the new patched >>> version of 3.2.3. >>> >> Fair point, it will just say "oh good". I'll add a command-line "force" >> option to it or something. What's the best you of doing this, do you >> think? Just always force SA and Mail::ClamAV? >> > > Hi everybody, > > to keep Jules away from keyboard und have him taking a rest during the holidays, a small howto. > > If you have spamassassin 3.23 already installed follow these steps to install the new patched version: > > 1. Download http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz > 2. unpack the package and change to directory install-Clam-0.92-SA-3.2.3.tar.gz > 3. change to subdirectory perl-tar > 4. unpack Mail-SpamAssassin-3.2.3.tar.gz > 5. change to subdirectory Mail-SpamAssassin-3.2.3 > 6. perl Makefile.PL > 7. rm -f t/spamc* > 8. rm -f t/spamd* > 9. make > 10. make test > 11. make install > > These steps are copied from the originall install.sh and functions.sh. > > Merry Christmas to everybody here, especially to Jules and thank you very much for you effort and work in 2007. > Thanks very much for posting that. The same trick with the Mail-ClamAV tar.gz file will install the patched version of the Mail::ClamAV Perl module as well, so that will build once you've got the latest ClamAV installed by whatever route you chose. Happy Christmas everybody! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHbqMBEfZZRxQVtlQRAn9QAKCz5tQ346YgS87frwT3CPcYl3F/5wCgo5lW CeEowvIIwWgaKXZTDmFPjvM= =O1u/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Dec 23 19:03:31 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Dec 23 19:03:54 2007 Subject: hold folder not getting processed In-Reply-To: <476DF203.4040402@gmail.com> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> Message-ID: <476EB103.4030708@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guy Story wrote: > I did triple check permissions today and I have a 770 for postfix user > and group on the hold and incoming folders. That was a wild guess and > it failed. I tried to use debug mode by starting MailScanner with > --debug but that generated a compile error and refused to start. > That is *definitely* a bad sign. What exact output do you get when you do a MailScanner --debug ? Please cut and paste the output of this into a reply to this message. It should start up, process one batch of mail as normal and then quit. It certainly shouldn't produce any errors. Do "MailScanner --lint" as well. And give us the output of that. "MailScanner --version" will tell you the version numbers of pretty much everything involved that you have installed. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHbrEFEfZZRxQVtlQRAsruAKCtbl5RACXLd2Ga7IOldFfkdg8uVQCg0xD4 Q+GpH3juXNZ9+8n6Eyo41f4= =zZpY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sun Dec 23 19:03:22 2007 From: gdoris at rogers.com (Gerry Doris) Date: Sun Dec 23 19:04:03 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <20071220165216.B8AB.A38C9147@seibercom.net> References: <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> <20071220165216.B8AB.A38C9147@seibercom.net> Message-ID: <476EB0FA.9060307@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071223/04c236a2/attachment.html From craigwhite at azapple.com Sun Dec 23 19:16:27 2007 From: craigwhite at azapple.com (Craig White) Date: Sun Dec 23 19:18:03 2007 Subject: Mail::ClamAV 0.20 patched to build with ClamAV 0.92 In-Reply-To: <476EB0FA.9060307@rogers.com> References: <476AC476.2000605@USherbrooke.ca> <476AD3AA.20901@ecs.soton.ac.uk> <20071220165216.B8AB.A38C9147@seibercom.net> <476EB0FA.9060307@rogers.com> Message-ID: <1198437387.5056.10.camel@lin-workstation.azapple.com> snow? what snow? On Sun, 2007-12-23 at 14:03 -0500, Gerry Doris wrote: > The ladies in my area tend to wear a little more when shovelling snow. > These must be California folks? > > Gerard wrote: > > > On December 20, 2007 at 03:42PM Julian Field wrote: > > > > > > > > > > Merry Christmas to you too! > > > Doesn't look like we're getting any snow any time soon :-( All pictures > > > of snow are most welcome :-) > > > > > > > Here you go Jules. Snow, a car and a cute girl. Doesn't get much better than > > that. > > > > http://seibercom.net/DRS/4-Forum/NOVEMBER/200712121.jpg > > > > Here is another one of two girls shoveling snow. > > > > http://seibercom.net/DRS/4-Forum/NOVEMBER/2-Girls-Shoveling-Snow.png > > > > Merry Christmas to you also! > > > > > > From glenn.steen at gmail.com Sun Dec 23 21:17:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Dec 23 21:18:06 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: References: <223f97700712230313k4d3541a7hf437eca978814e03@mail.gmail.com> Message-ID: <223f97700712231317u60f45cder7bd4837f9327bc9b@mail.gmail.com> On 23/12/2007, Mark Sapiro wrote: > Glenn Steen wrote: > > >On 23/12/2007, Mark Sapiro wrote: > >> CentOS 5 > >> Mailscanner 4.65.3 > >> Postfix 2.3.3 > >> > >> This is a fairly new server install, running only a few weeks. > >> > >> Two days ago I received duplicate logwatch messages from the system. > >> The duplication appears to be in Mailscanner. The headers of the two > >> messages are identical and are: > >> > >> Return-Path: > >> X-Original-To: root > >> Delivered-To: root@sbh16.songbird.com > >> Received: by sbh16.songbird.com (Postfix, from userid 0) > >> id 6325C6900A9; Fri, 21 Dec 2007 04:03:47 -0800 (PST) > >> To: root@sbh16.songbird.com > >> From: logwatch@sbh16.songbird.com > >> Subject: Logwatch for sbh16.songbird.com (Linux) > >> MIME-Version: 1.0 > >> Content-Transfer-Encoding: 7bit > >> Content-Type: text/plain; charset="iso-8859-1" > >> Message-Id: <20071221120349.6325C6900A9@sbh16.songbird.com> > >> Date: Fri, 21 Dec 2007 04:02:47 -0800 (PST) > >> > >> > >> The relevant maillog entries are: > >> > >> Dec 21 04:03:49 sbh16 postfix/pickup[2954]: 6325C6900A9: uid=0 > >> from= > >> Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: hold: header > >> Received: > >> by sbh16.songbird.com (Postfix, from userid 0)??id 6325C6900A9; Fri, > >> 21 Dec 2007 04:03:47 -0800 (PST) from local; > >> from= > >> Dec 21 04:03:49 sbh16 postfix/cleanup[3448]: 6325C6900A9: > >> message-id=<20071221120349.6325C6900A9@sbh16.songbird.com> > >> Dec 21 04:03:54 sbh16 MailScanner[2858]: New Batch: Scanning 1 > >> messages, 43244 bytes > >> Dec 21 04:03:54 sbh16 MailScanner[2858]: Requeue: 6325C6900A9.B64EF to > >> 7903D6900A4 > >> Dec 21 04:03:54 sbh16 postfix/qmgr[8765]: 7903D6900A4: > >> from=, size=43045, nrcpt=1 (queue active) > >> Dec 21 04:03:54 sbh16 MailScanner[2858]: Unscanned: Delivered 1 messages > >> Dec 21 04:03:54 sbh16 MailScanner[2858]: Virus and Content Scanning: > >> Starting > >> Dec 21 04:03:54 sbh16 MailScanner[2945]: New Batch: Scanning 1 > >> messages, 0 bytes > >> Dec 21 04:03:56 sbh16 postfix/local[3483]: 7903D6900A4: > >> to=, orig_to=, relay=local, delay=70, > >> delays=67/0.02/0/2.5, dsn=2.0.0, status=sent (delivered to mailbox) > >> Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 7903D6900A4: removed > >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Expired 2 records from the > >> SpamAssassin cache > >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Requeue: 6325C6900A9.61B5E to > >> 1E7946900A4 > >> Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: > >> from=, size=43045, nrcpt=1 (queue active) > >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Unscanned: Delivered 1 messages > >> Dec 21 04:03:57 sbh16 MailScanner[2945]: Virus and Content Scanning: > >> Starting > >> Dec 21 04:03:57 sbh16 postfix/local[3483]: 1E7946900A4: > >> to=, orig_to=, relay=local, delay=71, > >> delays=71/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) > >> Dec 21 04:03:57 sbh16 postfix/qmgr[8765]: 1E7946900A4: removed > > > >> > >Um, I'm not entirely sure these are errors... Have you "massaged" the > >logs in any way (excluding things you don't think relevant) in any > >way? > > > Yes, I removed one entry from the above sequence having to do with an > unrelated message > > Dec 21 04:03:50 sbh16 postfix/smtpd[3017]: disconnect from > dsl-207-112-4-156.tor.primus.ca[207.112.4.156] > > The two prior entries for that message were > > Dec 21 04:03:47 sbh16 postfix/smtpd[3017]: connect from > dsl-207-112-4-156.tor.primus.ca[207.112.4.156] > Dec 21 04:03:49 sbh16 postfix/smtpd[3017]: NOQUEUE: reject: RCPT from > dsl-207-112-4-156.tor.primus.ca[207.112.4.156]: 550 5.1.1 > : Recipient address rejected: User unknown in virtual > alias table; from= > to= proto=ESMTP helo= > Ok, not what I'd hoped for ....:-) > >Since PF can&will reuse queue IDs, that isn't much to go on... And one > >wonders if there might've been a quick succession of > >message-introduction (same message twice)...? > > > The previous introduction of a message from root was 24 hours earlier > > Dec 20 04:03:18 sbh16 postfix/cleanup[7992]: 463B46900A4: hold: header > Received: by sbh16.songbird.com (Postfix, from userid 0)??id > 463B46900A4; Thu, 20 Dec 2007 04:03:17 -0800 (PST) from local; > from=. > Hm. Not good. The thing is that a message already picked up by one child shouldn't be able to be processed by another... Might mean I need to go over this (again) to see that any of the changes to support the latest versions of PF hasn't broken the base assumptions. Sigh. How often do you see this (needless to say, I've not seen this/had any reports of duplicates from my rather picky users...), or is it this one instance? One should be able to do some log massaging to find this... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Sun Dec 23 22:30:54 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Dec 23 22:31:35 2007 Subject: Where to put the SA rule(s) file? Message-ID: <476EE19E.4070508@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I read the docs and I know it was on the list but I can not find the info anymore. Where does one put a local rules file for SpamAssassin and what name convention should it use? It might be nice if thanswer also made it to the wiki: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:rules:write Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHbuGbBvzDRVjxmYERAluNAJ9hcfdsgFD0+I6P/otHrx/cXHGLiACgkuHA S6/Dhv+nVSaeGytow+QSzo8= =nVX/ -----END PGP SIGNATURE----- From ms-list at alexb.ch Sun Dec 23 23:24:49 2007 From: ms-list at alexb.ch (Alex Broens) Date: Sun Dec 23 23:25:06 2007 Subject: Where to put the SA rule(s) file? In-Reply-To: <476EE19E.4070508@vanderkooij.org> References: <476EE19E.4070508@vanderkooij.org> Message-ID: <476EEE41.3050605@alexb.ch> On 12/23/2007 11:30 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I read the docs and I know it was on the list but I can not find the > info anymore. > > Where does one put a local rules file for SpamAssassin and what name > convention should it use? /etc/mail/spamassassin naming is alphabetically parsed so if you need a rules for metas later, use a low name/number 80_my_rules.cf is parsed before 81_my_metas.cf, etc alpahanumeric and underscores are supported in names. (dont' be too creative) > It might be nice if thanswer also made it to the wiki: > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:rules:write This is SA basics so imo, there's no real need to add it on the MS site. spamassasassin.apache.org has all the Docs you need + its mailing list which is full of ppl who are very helpful and patient, h2h Alex PS: always run spamassassin --lint -D after writing a rule to see if its correct. From mark at msapiro.net Mon Dec 24 02:23:31 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 02:23:51 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <223f97700712231317u60f45cder7bd4837f9327bc9b@mail.gmail.com> Message-ID: Glenn Steen wrote: >> >Hm. Not good. The thing is that a message already picked up by one >child shouldn't be able to be processed by another... Might mean I >need to go over this (again) to see that any of the changes to support >the latest versions of PF hasn't broken the base assumptions. Sigh. >How often do you see this (needless to say, I've not seen this/had any >reports of duplicates from my rather picky users...), or is it this >one instance? One should be able to do some log massaging to find >this... I went through the maillog files and I found 33,469 MailScanner Requeue messages. In the first 10,466 (from Nov 25 through Dec 11, 04:04) there were no apparent dups. In the remaining log entries, I found 8 potential duplication incidents, 4 of which involved new batches with multiple messages waiting for a total of 15 potential duplicates. I have reviewed what I did on Dec 10-11, and I think it is likely that at that time I stopped and started Postfix without restarting MailScanner. If that could cause this, then I think that is likely to be the reason. I have since stopped both Postfix and MailScanner and restarted MailScanner only and let it start Postfix. I can provide log segments from the above mentioned 8 incidents if they would be of interest. OTOH, perhaps I should just monitor for a few days to see if the proper startup of Postfix/MailScanner has 'fixed' the issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Mon Dec 24 03:54:30 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 03:54:55 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: Message-ID: Mark Sapiro wrote: > >I went through the maillog files and I found 33,469 MailScanner Requeue >messages. In the first 10,466 (from Nov 25 through Dec 11, 04:04) >there were no apparent dups. In the remaining log entries, I found 8 >potential duplication incidents, 4 of which involved new batches with >multiple messages waiting for a total of 15 potential duplicates. > >I have reviewed what I did on Dec 10-11, and I think it is likely that >at that time I stopped and started Postfix without restarting >MailScanner. If that could cause this, then I think that is likely to >be the reason. I have since stopped both Postfix and MailScanner and >restarted MailScanner only and let it start Postfix. > >I can provide log segments from the above mentioned 8 incidents if they >would be of interest. OTOH, perhaps I should just monitor for a few >days to see if the proper startup of Postfix/MailScanner has 'fixed' >the issue. I spoke too soon. In scanning the maillog files, I was only remembering the last 4 queue ids seen in Requeued: messages. It turns out that when for example, a Mailman list sends 200+ messages at once, there can be duplicates separated by many more than 3 intervening Requeued: entries. I rescanned the logs and found more dups. In particular, I found one from this afternoon after I had stopped Postfix and Mailscanner and restarted MailScanner, so that is apparently not the reason for the duplication. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From hvdkooij at vanderkooij.org Mon Dec 24 06:52:47 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Dec 24 06:53:34 2007 Subject: Where to put the SA rule(s) file? In-Reply-To: <476EEE41.3050605@alexb.ch> References: <476EE19E.4070508@vanderkooij.org> <476EEE41.3050605@alexb.ch> Message-ID: <476F573F.1080601@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > On 12/23/2007 11:30 PM, Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> >> I read the docs and I know it was on the list but I can not find the >> info anymore. >> >> Where does one put a local rules file for SpamAssassin and what name >> convention should it use? > > /etc/mail/spamassassin > > naming is alphabetically parsed so if you need a rules for metas later, > use a low name/number > > 80_my_rules.cf is parsed before > 81_my_metas.cf, etc > > alpahanumeric and underscores are supported in names. > (dont' be too creative) > >> It might be nice if thanswer also made it to the wiki: >> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:rules:write >> > > This is SA basics so imo, there's no real need to add it on the MS site. So you will remove the wiki entry? After all it servers no purpose according to your comment. I do think it should be left there and augmented. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHb1c7BvzDRVjxmYERAkw4AKCZ7oys3sMz5wh5uETrSqv2an8WmACfZe1O FQBbU9llItbC5URkwP/o4mQ= =Qefv -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Mon Dec 24 08:43:14 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Dec 24 08:43:32 2007 Subject: Where to put the SA rule(s) file? In-Reply-To: <476F573F.1080601@vanderkooij.org> Message-ID: Fixing it as I type.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: 24 December 2007 06:53 > To: MailScanner discussion > Subject: Re: Where to put the SA rule(s) file? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Broens wrote: > > On 12/23/2007 11:30 PM, Hugo van der Kooij wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Hi, > >> > >> I read the docs and I know it was on the list but I can not find the > >> info anymore. > >> > >> Where does one put a local rules file for SpamAssassin and what name > >> convention should it use? > > > > /etc/mail/spamassassin > > > > naming is alphabetically parsed so if you need a rules for metas later, > > use a low name/number > > > > 80_my_rules.cf is parsed before > > 81_my_metas.cf, etc > > > > alpahanumeric and underscores are supported in names. > > (dont' be too creative) > > > >> It might be nice if thanswer also made it to the wiki: > >> > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassas > sin:rules:write > >> > > > > This is SA basics so imo, there's no real need to add it on the MS site. > > So you will remove the wiki entry? After all it servers no purpose > according to your comment. I do think it should be left there and > augmented. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHb1c7BvzDRVjxmYERAkw4AKCZ7oys3sMz5wh5uETrSqv2an8WmACfZe1O > FQBbU9llItbC5URkwP/o4mQ= > =Qefv > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ms-list at alexb.ch Mon Dec 24 09:06:48 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Dec 24 09:07:05 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: References: Message-ID: <476F76A8.1050603@alexb.ch> On 12/24/2007 4:54 AM, Mark Sapiro wrote: > Mark Sapiro wrote: >> I went through the maillog files and I found 33,469 MailScanner Requeue >> messages. In the first 10,466 (from Nov 25 through Dec 11, 04:04) >> there were no apparent dups. In the remaining log entries, I found 8 >> potential duplication incidents, 4 of which involved new batches with >> multiple messages waiting for a total of 15 potential duplicates. >> >> I have reviewed what I did on Dec 10-11, and I think it is likely that >> at that time I stopped and started Postfix without restarting >> MailScanner. If that could cause this, then I think that is likely to >> be the reason. I have since stopped both Postfix and MailScanner and >> restarted MailScanner only and let it start Postfix. >> >> I can provide log segments from the above mentioned 8 incidents if they >> would be of interest. OTOH, perhaps I should just monitor for a few >> days to see if the proper startup of Postfix/MailScanner has 'fixed' >> the issue. > > > I spoke too soon. In scanning the maillog files, I was only remembering > the last 4 queue ids seen in Requeued: messages. It turns out that > when for example, a Mailman list sends 200+ messages at once, there > can be duplicates separated by many more than 3 intervening Requeued: > entries. I rescanned the logs and found more dups. In particular, I > found one from this afternoon after I had stopped Postfix and > Mailscanner and restarted MailScanner, so that is apparently not the > reason for the duplication. probably totally irrelevant yet got a hunch... what are your settings in MailScanner.conf for Queue Scan Interval Max Unscanned Messages Per Scan Max Unsafe Messages Per Scan Could it be you're seeing a race condition between scanning threads? Alex From mark at msapiro.net Mon Dec 24 14:23:51 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 14:24:17 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476F76A8.1050603@alexb.ch> Message-ID: Alex Broens wrote: > >probably totally irrelevant yet got a hunch... > > >what are your settings in MailScanner.conf for > >Queue Scan Interval > >Max Unscanned Messages Per Scan > >Max Unsafe Messages Per Scan Queue Scan Interval = 6 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 >Could it be you're seeing a race condition between scanning threads? This is exactly what the problem seems to be, but I don't know what to do to prevent it or what I could have done or omitted to cause it. I suppose I could set Max Children = 1 but that seems extreme, and it seems if it were necessary, more than just me would be seeing this problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ms-list at alexb.ch Mon Dec 24 15:01:03 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Dec 24 15:01:13 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: References: Message-ID: <476FC9AF.2010903@alexb.ch> On 12/24/2007 3:23 PM, Mark Sapiro wrote: > Alex Broens wrote: >> probably totally irrelevant yet got a hunch... >> >> >> what are your settings in MailScanner.conf for >> >> Queue Scan Interval >> >> Max Unscanned Messages Per Scan >> >> Max Unsafe Messages Per Scan > > > Queue Scan Interval = 6 > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > >> Could it be you're seeing a race condition between scanning threads? > > > This is exactly what the problem seems to be, but I don't know what to > do to prevent it or what I could have done or omitted to cause it. > > I suppose I could set > > Max Children = 1 > > but that seems extreme, and it seems if it were necessary, more than > just me would be seeing this problem. Single CPU: Max Children = 5 Dual: Max Children = 8 (keep the box relaxed till you get the stuff to process) Pls try: Queue Scan Interval = 15 Max Unscanned Messages Per Scan = 5 Max Unsafe Messages Per Scan = 5 You may need to tweek "Queue Scan Interval" to your box's perfomance my rule of thumb: Queue Scan Interval = thread_count + 3 keep us posted h2h Alex From mark at msapiro.net Mon Dec 24 16:00:16 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 16:00:24 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FC9AF.2010903@alexb.ch> References: <476FC9AF.2010903@alexb.ch> Message-ID: <476FD790.8040208@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > > > > > On 12/24/2007 3:23 PM, Mark Sapiro wrote: >> Alex Broens wrote: >>> probably totally irrelevant yet got a hunch... >>> >>> >>> what are your settings in MailScanner.conf for >>> >>> Queue Scan Interval >>> >>> Max Unscanned Messages Per Scan >>> >>> Max Unsafe Messages Per Scan >> >> >> Queue Scan Interval = 6 >> >> Max Unscanned Messages Per Scan = 30 >> >> Max Unsafe Messages Per Scan = 30 >> >> >>> Could it be you're seeing a race condition between scanning threads? >> >> >> This is exactly what the problem seems to be, but I don't know what to >> do to prevent it or what I could have done or omitted to cause it. >> >> I suppose I could set >> >> Max Children = 1 >> >> but that seems extreme, and it seems if it were necessary, more than >> just me would be seeing this problem. > > Single CPU: > > Max Children = 5 This is what I currently have. > Dual: > > Max Children = 8 > > (keep the box relaxed till you get the stuff to process) > > Pls try: > > Queue Scan Interval = 15 > > Max Unscanned Messages Per Scan = 5 > Max Unsafe Messages Per Scan = 5 I will try these. Note that I will be offline for the next week, so I won't be able to report much until after the new year. > You may need to tweek "Queue Scan Interval" to your box's perfomance > > my rule of thumb: > > Queue Scan Interval = thread_count + 3 > > keep us posted OK. Note that logs indicate that this problem has only occurred on mail which is not actually scanned because of a 'no' in scan.messages.rules. I don't know why this would matter, but it may be significant. All but one of the occurrences were on outgoing mail from localhost. The other one was an incoming message to postmaster. Logs indicate 4 copies of this one were delivered and I undoubtedly saw all four but just deleted them thinking they were multiple spams The nature of the server is that outgoing mail is virtually all Mailman list posts or forwards of mail, all of which was scanned on the way in. I would just as soon not have Postfix hold mail from localhost at all, but I haven't figured out how to do that. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHb9ePVVuXXpU7hpMRAuc2AKC4I/3TyTSh+sJfiuusqG3r/FASgwCggbzm Mjgi7rKzKzGKE5Y7CF9D6ys= =z32Y -----END PGP SIGNATURE----- From Phil.Udel at salemcorp.com Mon Dec 24 15:54:45 2007 From: Phil.Udel at salemcorp.com (Phil Udel) Date: Mon Dec 24 16:05:36 2007 Subject: CentOS 5.0 Install Message-ID: <00c301c84645$4e75f460$6102a8c0@salemcorp.com> Has Anyone Had any issues with CentOS 5.0? I am creating a New Mail Server and thought I would use the new CentOS -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071224/59aeefdd/attachment.html From MailScanner at ecs.soton.ac.uk Mon Dec 24 16:07:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 24 16:07:38 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FC9AF.2010903@alexb.ch> References: <476FC9AF.2010903@alexb.ch> Message-ID: <476FD930.50402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > > > > > On 12/24/2007 3:23 PM, Mark Sapiro wrote: >> Alex Broens wrote: >>> probably totally irrelevant yet got a hunch... >>> >>> >>> what are your settings in MailScanner.conf for >>> >>> Queue Scan Interval >>> >>> Max Unscanned Messages Per Scan >>> >>> Max Unsafe Messages Per Scan >> >> >> Queue Scan Interval = 6 >> >> Max Unscanned Messages Per Scan = 30 >> >> Max Unsafe Messages Per Scan = 30 >> >> >>> Could it be you're seeing a race condition between scanning threads? >> >> >> This is exactly what the problem seems to be, but I don't know what to >> do to prevent it or what I could have done or omitted to cause it. >> >> I suppose I could set >> >> Max Children = 1 >> >> but that seems extreme, and it seems if it were necessary, more than >> just me would be seeing this problem. > > Single CPU: > > Max Children = 5 > > Dual: > > Max Children = 8 > > (keep the box relaxed till you get the stuff to process) > > Pls try: > > Queue Scan Interval = 15 > > Max Unscanned Messages Per Scan = 5 > Max Unsafe Messages Per Scan = 5 > > You may need to tweek "Queue Scan Interval" to your box's perfomance > > my rule of thumb: > > Queue Scan Interval = thread_count + 3 > > keep us posted > > h2h > > Alex > I've gone to quite some lengths to stop problems like this, and would be very interested in working out what might have caused it. The child processes should not be able to grab each other's messages, so unless a problem has arisen with the recent code for handling Postfix milters (which I didn't write all of) this really should not be possible. It never used to be a problem, which does seem to point a bit towards the milter handling code. I don't really have the time required to go through all that code I didn't write looking for possible problems of this nature (it's a far bigger job than just reading the code); I will have to rely on the author of that bit of code to do it. Sorry about that, but work (my bill-paying day job at the University) has been pretty busy recently. But even so, I'm always open to bribes of any nature :-) Happy Christmas! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHb9k0EfZZRxQVtlQRAm/DAJ4o1zApXAauaURkdkCSGK7OvnhJnACg0z6w MlPoedROcxT4wJ2Oz2pfbLk= =KJI5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Mon Dec 24 16:09:27 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Dec 24 16:09:39 2007 Subject: CentOS 5.0 Install In-Reply-To: <00c301c84645$4e75f460$6102a8c0@salemcorp.com> Message-ID: <798849.41198512567757.JavaMail.root@office.splatnix.net> Running it at work, but did take the approach of using the tarball installation for MailScanner as I do tend to stay bleading edge with it. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Phil Udel" To: mailscanner@lists.mailscanner.info Sent: 24 December 2007 15:54:45 o'clock (GMT) Europe/London Subject: CentOS 5.0 Install Has Anyone Had any issues with CentOS 5.0? I am creating a New Mail Server and thought I would use the new CentOS -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Dec 24 16:21:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 24 16:21:31 2007 Subject: CentOS 5.0 Install In-Reply-To: <00c301c84645$4e75f460$6102a8c0@salemcorp.com> References: <00c301c84645$4e75f460$6102a8c0@salemcorp.com> Message-ID: <476FDC74.7080403@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It should work fine on CentOS 5.0 or 5.1. Use the most recent version as there are a few Perl modules that have to be force-installed even on CentOS 5. Without them some bits won't work, or even worse it won't start at all. As far as I am aware, the latest beta should work just fine. I certainly don't have much intention of changing it much between now and the next stable release. Let us know if you hit any problems at all. Phil Udel wrote: > Has Anyone Had any issues with CentOS 5.0? > I am creating a New Mail Server and thought I would use the new CentOS Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHb9x3EfZZRxQVtlQRAkazAJ9buvPF5Z/I4a+SeB1rcVm8wpkyWwCeLdXn HIvVK+9uGM4Ptd37zLGQLdI= =szwj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Dec 24 16:38:01 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 24 16:38:24 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FD790.8040208@msapiro.net> References: <476FC9AF.2010903@alexb.ch> <476FD790.8040208@msapiro.net> Message-ID: <476FE069.1070502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > * PGP Signed by an unknown key > > Alex Broens wrote: > >> >> >> On 12/24/2007 3:23 PM, Mark Sapiro wrote: >> >>> Alex Broens wrote: >>> >>>> probably totally irrelevant yet got a hunch... >>>> >>>> >>>> what are your settings in MailScanner.conf for >>>> >>>> Queue Scan Interval >>>> >>>> Max Unscanned Messages Per Scan >>>> >>>> Max Unsafe Messages Per Scan >>>> >>> Queue Scan Interval = 6 >>> >>> Max Unscanned Messages Per Scan = 30 >>> >>> Max Unsafe Messages Per Scan = 30 >>> >>> >>> >>>> Could it be you're seeing a race condition between scanning threads? >>>> >>> This is exactly what the problem seems to be, but I don't know what to >>> do to prevent it or what I could have done or omitted to cause it. >>> >>> I suppose I could set >>> >>> Max Children = 1 >>> >>> but that seems extreme, and it seems if it were necessary, more than >>> just me would be seeing this problem. >>> >> Single CPU: >> >> Max Children = 5 >> > > > This is what I currently have. > > > >> Dual: >> >> Max Children = 8 >> >> (keep the box relaxed till you get the stuff to process) >> >> Pls try: >> >> Queue Scan Interval = 15 >> >> Max Unscanned Messages Per Scan = 5 >> Max Unsafe Messages Per Scan = 5 >> > > > I will try these. Note that I will be offline for the next week, so I > won't be able to report much until after the new year. > > > >> You may need to tweek "Queue Scan Interval" to your box's perfomance >> >> my rule of thumb: >> >> Queue Scan Interval = thread_count + 3 >> >> keep us posted >> > > I'm slightly surprised you need to change Queue Scan Interval much. It won't have much effect when you have quite a few children running, as the effective queue scan interval will be that number divided by the number of children. So your queue will be scanned once every second or two anyway. Which is more than frequent enough! > OK. > > Note that logs indicate that this problem has only occurred on mail > which is not actually scanned because of a 'no' in scan.messages.rules. > I don't know why this would matter, but it may be significant. > > All but one of the occurrences were on outgoing mail from localhost. The > other one was an incoming message to postmaster. Logs indicate 4 copies > of this one were delivered and I undoubtedly saw all four but just > deleted them thinking they were multiple spams > > The nature of the server is that outgoing mail is virtually all Mailman > list posts or forwards of mail, all of which was scanned on the way in. > I would just as soon not have Postfix hold mail from localhost at all, > but I haven't figured out how to do that. > You could easily stop it scanning outgoing messages from itself if you want. In MailScaner.conf, set Scan Messages = %rules-dir%/not.this.server.rules and then in /etc/MailScanner/rules/not.this.server.rules put 4 lines like this (where the server's own IP address is 10.11.12.13) : # Say "yes" to everything except messages I created. From: 127.0.0.1 no From: 10.11.12.13 no # Worth adding this, just in case FromOrTo: default yes Then run service MailScanner reload to make it re-read its configuration. That's a very simple example of how rulesets work, so now you can start adding rulesets that do lots more clever things for other configuration settings where you want different values for different messages: they are documented (well?) in The Book, the Wiki, the configration files themselves, the "spam.whitelist.rules" example file and the other files in /etc/MailScanner/rules. Now messages originating from the host itself will not be scanned or processed by MailScanner at all, just moved straight into the outgoing queue without being looked at. Note that none of the MailScanner headers will be added either, so the messages will look like they never saw MailScanner at all. The last thing you want is to have mailing list exploders sending multiple copies of messages, that equals an enormous amount of unnecessary mail! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHb+BsEfZZRxQVtlQRAjeNAJ49lPhfOtgWw/C1+ac/z13IMjCUfQCfR9F0 aEWAmfnsjAIHPi3BlHFCNuI= =g/H7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Dec 24 16:39:52 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 24 16:40:14 2007 Subject: CentOS 5.0 Install In-Reply-To: <798849.41198512567757.JavaMail.root@office.splatnix.net> References: <798849.41198512567757.JavaMail.root@office.splatnix.net> Message-ID: <476FE0D8.6060206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: > Running it at work, but did take the approach of using the tarball installation for MailScanner as I do tend to stay bleading edge with it. > The RPM install should work just fine. Using the tarball install instead of the RPM install will cause you a whole load of extra work. I wouldn't advise using a "yum install MailScaner" just quite yet. > ----- Original Message ----- > step 3.: "Phil Udel" > To: mailscanner@lists.mailscanner.info > Sent: 24 December 2007 15:54:45 o'clock (GMT) Europe/London > Subject: CentOS 5.0 Install > > > > Has Anyone Had any issues with CentOS 5.0? > I am creating a New Mail Server and thought I would use the new CentOS > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHb+DbEfZZRxQVtlQRAkWyAKCO++jEPo5sB0bWGVXKyTDLxQbGfwCgqbzj xM7AAxZXZ5UizG/jxIleohE= =MI9a -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From AHKAPLAN at PARTNERS.ORG Mon Dec 24 16:47:18 2007 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Dec 24 16:47:32 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F91B17811F74@ts-dc2.TS-Webarts.local> Message-ID: Hi there -- I completed the small howto, and everything appears to have installed successfully. I was able to restart MailScanner without any difficulty. Just for my edification, what command(s) can I run to confirm the newer versions appropriate upgrades have been put into place? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ehle, Roland Sent: Sunday, December 23, 2007 10:32 AM To: MailScanner discussion Subject: AW: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 Julian Field wrote: > Mark Nienberg wrote: > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Fixed. thanks for spotting that one. > > > > When running the installer on a system that already has clamavmodule > > 0.20 and spamassassin 3.2.3 installed, will the script rebuild and > > install the patched clamavmodule and patched spamassassin or will it > > just say "oh, good, module foo is already installed"? I'm hoping it > > will replace clamavmodule with one that works for clamav 0.92 and I'm > > hoping it will replace my spamassassin 3.2.3 with the new patched > > version of 3.2.3. > Fair point, it will just say "oh good". I'll add a command-line "force" > option to it or something. What's the best you of doing this, do you > think? Just always force SA and Mail::ClamAV? Hi everybody, to keep Jules away from keyboard und have him taking a rest during the holidays, a small howto. If you have spamassassin 3.23 already installed follow these steps to install the new patched version: 1. Download http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz 2. unpack the package and change to directory install-Clam-0.92-SA-3.2.3.tar.gz 3. change to subdirectory perl-tar 4. unpack Mail-SpamAssassin-3.2.3.tar.gz 5. change to subdirectory Mail-SpamAssassin-3.2.3 6. perl Makefile.PL 7. rm -f t/spamc* 8. rm -f t/spamd* 9. make 10. make test 11. make install These steps are copied from the originall install.sh and functions.sh. Merry Christmas to everybody here, especially to Jules and thank you very much for you effort and work in 2007. Regards, Roland -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. From steve at fsl.com Mon Dec 24 17:01:46 2007 From: steve at fsl.com (Stephen Swaney) Date: Mon Dec 24 17:01:56 2007 Subject: CentOS 5.0 Install In-Reply-To: <00c301c84645$4e75f460$6102a8c0@salemcorp.com> References: <00c301c84645$4e75f460$6102a8c0@salemcorp.com> Message-ID: <476FE5FA.4090401@fsl.com> Phil Udel wrote: > Has Anyone Had any issues with CentOS 5.0? > I am creating a New Mail Server and thought I would use the new CentOS > CentOS 5 quietly installs some iptables rules that can cause problems with some gateway email ralated applications. Be sure and check them after the install and make sure you can live with the new defaults. Also SELinux is configured on by default and you probably need to turn it off in the security configuration screen that appears during the first reboot after installation. Happy Holidays, Steve Steve Swaney www.fsl.com From MailScanner at ecs.soton.ac.uk Mon Dec 24 17:27:40 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 24 17:28:03 2007 Subject: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 -- HOWTO In-Reply-To: References: Message-ID: <476FEC0C.9080201@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kaplan, Andrew H. wrote: > Hi there -- > > I completed the small howto, and everything appears to have installed > successfully. I was able to restart MailScanner without any difficulty. > > Just for my edification, what command(s) can I run to confirm the newer > versions appropriate upgrades have been put into place? Thanks. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ehle, Roland > Sent: Sunday, December 23, 2007 10:32 AM > To: MailScanner discussion > Subject: AW: Easy-install ClamAV 0.92 and SpamAssassin 3.2.3 > > Julian Field wrote: > >> Mark Nienberg wrote: >> >>> Julian Field wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Fixed. thanks for spotting that one. >>>> >>> When running the installer on a system that already has clamavmodule >>> 0.20 and spamassassin 3.2.3 installed, will the script rebuild and >>> install the patched clamavmodule and patched spamassassin or will it >>> just say "oh, good, module foo is already installed"? I'm hoping it >>> will replace clamavmodule with one that works for clamav 0.92 and I'm >>> hoping it will replace my spamassassin 3.2.3 with the new patched >>> version of 3.2.3. >>> >> Fair point, it will just say "oh good". I'll add a command-line "force" >> option to it or something. What's the best you of doing this, do you >> think? Just always force SA and Mail::ClamAV? >> > > Hi everybody, > > to keep Jules away from keyboard und have him taking a rest during the holidays, > :-) > a small howto. > > If you have spamassassin 3.23 already installed follow these steps to install > the new patched version: > > 1. Download > http://www.mailscanner.info/files/4/install-Clam-0.92-SA-3.2.3.tar.gz > 2. unpack the package and change to directory install-Clam-0.92-SA-3.2.3.tar.gz > 3. change to subdirectory perl-tar > 4. unpack Mail-SpamAssassin-3.2.3.tar.gz > 5. change to subdirectory Mail-SpamAssassin-3.2.3 > 6. perl Makefile.PL > 7. rm -f t/spamc* > 8. rm -f t/spamd* > 9. make > 10. make test > 11. make install > > These steps are copied from the originall install.sh and functions.sh. > > Merry Christmas to everybody here, especially to Jules and thank you very much > for you effort and work in 2007. > My pleasure. Note that the same procedure on the Mail-ClamAV-0.20.tar.gz file will install the patched Mail::ClamAV so that you can continue to use the "clamavmodule" if you so choose. And a quick note of thanks is due to all the regulars here, without whom I would have a much bigger job of supporting MailScanner and keeping everyone on the straight and narrow! All your hard work is much appreciated by me, and also hopefully by the "transient members" who only pop into existence when they have a problem that needs solving, which you all handle very swiftly, politely, accurately and succinctly too! So Cheers to all, and I hope you all have a great Christmas and a very merry New Year, and I wish you all have silent pagers and mobiles for the next week or so. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHb+wNEfZZRxQVtlQRAi6oAKCeHWZ+vm29rh42db/tZCvnf70eJwCgwM+O 3Y/cTI8JVpXprcEqiYyVQDs= =FGSS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Dec 24 17:33:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Dec 24 17:33:34 2007 Subject: CentOS 5.0 Install In-Reply-To: <476FE5FA.4090401@fsl.com> References: <00c301c84645$4e75f460$6102a8c0@salemcorp.com> <476FE5FA.4090401@fsl.com> Message-ID: <476FED58.8080007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Swaney wrote: > Phil Udel wrote: >> Has Anyone Had any issues with CentOS 5.0? >> I am creating a New Mail Server and thought I would use the new CentOS >> > CentOS 5 quietly installs some iptables rules that can cause problems > with some gateway email ralated applications. Be sure and check them > after the install and make sure you can live with the new defaults. > > Also SELinux is configured on by default and you probably need to > turn it off in the security configuration screen that appears during > the first reboot after installation. Eek, well spotted there, Mr S. I don't run host-based firewalls on anything except Windows boxes, so didn't know that one. The first thing I do is always permanently switch off all services I don't need, including iptables and ip6tables (oh, and selinux). Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHb+1ZEfZZRxQVtlQRAsiuAJ4gVk+XNRkpBDWfV3LD91y/jYVeLACfUMzI RyoAJu04p1yVWrV9ucdsqjY= =X7cN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Mon Dec 24 17:42:22 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 17:42:31 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FD930.50402@ecs.soton.ac.uk> References: <476FC9AF.2010903@alexb.ch> <476FD930.50402@ecs.soton.ac.uk> Message-ID: <476FEF7E.2080408@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > I've gone to quite some lengths to stop problems like this, and would be > very interested in working out what might have caused it. The child > processes should not be able to grab each other's messages, so unless a > problem has arisen with the recent code for handling Postfix milters > (which I didn't write all of) this really should not be possible. It > never used to be a problem, which does seem to point a bit towards the > milter handling code. Caveat: I don't know anything about the internals of either Postfix or MailScanner. Given that, it seems that Postfix itself is not involved much if at all. Postfix gets the incoming message and sees a Received: header during header_checks and queues the message in 'hold'. Then a MailScanner child picks up the message from the hold queue, but somehow whatever locking mechanism is invoked to prevent this, a second child picks up the same message. This is what my maillog shows is happening. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHb+9+VVuXXpU7hpMRAhuwAJ97Pmac0ykwzDWHx9GDd29Or3pqPwCgrVfp NldiSwn9h9U2kiEDkp6IOSg= =h8sw -----END PGP SIGNATURE----- From mark at msapiro.net Mon Dec 24 17:48:53 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 17:48:59 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FE069.1070502@ecs.soton.ac.uk> References: <476FC9AF.2010903@alexb.ch> <476FD790.8040208@msapiro.net> <476FE069.1070502@ecs.soton.ac.uk> Message-ID: <476FF105.7040903@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > You could easily stop it scanning outgoing messages from itself if you want. > In MailScaner.conf, set > Scan Messages = %rules-dir%/not.this.server.rules > and then in /etc/MailScanner/rules/not.this.server.rules put 4 lines > like this > (where the server's own IP address is 10.11.12.13) : I already do this. # Ruleset to not scan messages to abuse or postmaster # To: /^abuse[+@].*/ no To: /^postmaster[+@].*/ no # # Also exempt locally generated mail # # localhost From: 127.0.0.1 no # sbh16.songbird.com From: 72.52.113.16 no # ms2.msapiro.net sbh34.songbird.com From: 72.52.113.34 no # FromOrTo: default yes What I would like to do is tell Postfix not to hold these messages for MailScanner in the first place. I haven't (yet) figured out how to do this. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHb/EFVVuXXpU7hpMRAhFsAJ9F8If6gL/4CVPoWo9bLGKAVBPdjgCeNrGt jfZm6t6R9Ye4SHabryopkyM= =3vMU -----END PGP SIGNATURE----- From mark at msapiro.net Mon Dec 24 17:57:10 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 17:57:17 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FE069.1070502@ecs.soton.ac.uk> References: <476FC9AF.2010903@alexb.ch> <476FD790.8040208@msapiro.net> <476FE069.1070502@ecs.soton.ac.uk> Message-ID: <476FF2F6.7070909@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > The last thing you want is to have mailing list exploders sending > multiple copies of messages, that equals an enormous amount of > unnecessary mail! Agreed. So far however, this has not been an issue as the duplication (multiplication) has occurred on only one recipient's outbound message (per incident), not on an incoming post. I don't know what would happen to a message with multiple recipients, but my Mailman is configured to send VERP like messages, so it sends with one recipient per SMTP transaction to Postfix. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHb/L1VVuXXpU7hpMRAu61AJ0QOk24ECegS71VVKP2Q2+RhOXzGQCgnYwL 0Qz9BA/iYmBVPd8sp/IoxJo= =btAC -----END PGP SIGNATURE----- From mark at msapiro.net Mon Dec 24 18:03:32 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 18:03:40 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FEF7E.2080408@msapiro.net> References: <476FC9AF.2010903@alexb.ch> <476FD930.50402@ecs.soton.ac.uk> <476FEF7E.2080408@msapiro.net> Message-ID: <476FF474.90502@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > > Then a MailScanner child picks up the message from the hold queue, but > somehow whatever locking mechanism is invoked to prevent this, a second > child picks up the same message. I meant to say but somehow, despite whatever locking mechanism is invoked to prevent this, a second child picks up the same message. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHb/R0VVuXXpU7hpMRAvKdAKC1/sn+eh4HenLYxlo/jqJJZIYCmwCeI39Y 8LImbqJKbpj/92iRxCpT3vU= =zAjr -----END PGP SIGNATURE----- From tjones at isthmus.com Mon Dec 24 18:45:51 2007 From: tjones at isthmus.com (Thom Jones) Date: Mon Dec 24 18:47:54 2007 Subject: Even spammers take a holiday? Message-ID: <200712241245.51551.tjones@isthmus.com> I've seen about a 40% reduction in spam per day since last Friday. Seemed strange to me since you'd think this would be their busiest time of year - just like the arrogant kiosk hand lotion sales people in the malls. Anomaly? Or do they succumb to the spirt of giving like the rest of the world? -- Thom Jones http://www.thedailypage.com If we all are here to help others , then what exactly are others here for? From mark at msapiro.net Mon Dec 24 19:59:00 2007 From: mark at msapiro.net (Mark Sapiro) Date: Mon Dec 24 19:59:14 2007 Subject: Even spammers take a holiday? In-Reply-To: <200712241245.51551.tjones@isthmus.com> Message-ID: Thom Jones wrote: >I've seen about a 40% reduction in spam per day since last Friday. >Seemed strange to me since you'd think this would be their busiest time of >year - just like the arrogant kiosk hand lotion sales people in the malls. >Anomaly? Or do they succumb to the spirt of giving like the rest of the world? My hypothesis (no supporting evidence) is the owners of the zombied machines in the spambot networks are not as likely to have their machines turned on. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From kc5goi at gmail.com Mon Dec 24 19:59:51 2007 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Mon Dec 24 20:00:00 2007 Subject: hold folder not getting processed In-Reply-To: <476EB103.4030708@ecs.soton.ac.uk> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> <476EB103.4030708@ecs.soton.ac.uk> Message-ID: Jules, this is what I got when I ran --debug: root@pccc-gw2:~# MailScanner --debug Cannot open config file --debug, No such file or directory at /usr/share/MailScanner/MailScanner/Config.pm line 592. Compilation failed in require at /usr/sbin/MailScanner line 65. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. I also found out on the Ubuntu list that I am not alone. Guy On Dec 23, 2007 1:03 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Guy Story wrote: > > I did triple check permissions today and I have a 770 for postfix user > > and group on the hold and incoming folders. That was a wild guess and > > it failed. I tried to use debug mode by starting MailScanner with > > --debug but that generated a compile error and refused to start. > > > That is *definitely* a bad sign. What exact output do you get when you do > a > MailScanner --debug > ? Please cut and paste the output of this into a reply to this message. > It should start up, process one batch of mail as normal and then quit. > It certainly shouldn't produce any errors. > Do "MailScanner --lint" as well. And give us the output of that. > "MailScanner --version" will tell you the version numbers of pretty much > everything involved that you have installed. > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: UTF-8 > > wj8DBQFHbrEFEfZZRxQVtlQRAsruAKCtbl5RACXLd2Ga7IOldFfkdg8uVQCg0xD4 > Q+GpH3juXNZ9+8n6Eyo41f4= > =zZpY > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- 73 Guy Story KC5GOI kc5goi@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071224/9c4455ba/attachment.html From kc5goi at gmail.com Mon Dec 24 20:02:17 2007 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Mon Dec 24 20:02:26 2007 Subject: hold folder not getting processed In-Reply-To: <476EB103.4030708@ecs.soton.ac.uk> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> <476EB103.4030708@ecs.soton.ac.uk> Message-ID: Got in a hurry, sorry. Here is the lint and version results: root@pccc-gw2:/etc/postfix# MailScanner --lint Cannot open config file --lint, No such file or directory at /usr/share/MailScanner/MailScanner/Config.pm line 592. Compilation failed in require at /usr/sbin/MailScanner line 65. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. root@pccc-gw2:/etc/postfix# MailScanner --version Running on Linux pccc-gw2 2.6.15-26-server #1 SMP Fri Sep 8 21:00:37 UTC 2006 i686 GNU/Linux This is Perl version 5.008007 (5.8.7) This is MailScanner version 4.46.2 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.07 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.11 IO::File 1.123 IO::Pipe 1.62 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.09 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.811 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001003 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.53 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.48 Test::Harness 0.54 Test::Simple 1.95 Text::Balanced 1.35 URI On Dec 23, 2007 1:03 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Guy Story wrote: > > I did triple check permissions today and I have a 770 for postfix user > > and group on the hold and incoming folders. That was a wild guess and > > it failed. I tried to use debug mode by starting MailScanner with > > --debug but that generated a compile error and refused to start. > > > That is *definitely* a bad sign. What exact output do you get when you do > a > MailScanner --debug > ? Please cut and paste the output of this into a reply to this message. > It should start up, process one batch of mail as normal and then quit. > It certainly shouldn't produce any errors. > Do "MailScanner --lint" as well. And give us the output of that. > "MailScanner --version" will tell you the version numbers of pretty much > everything involved that you have installed. > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: UTF-8 > > wj8DBQFHbrEFEfZZRxQVtlQRAsruAKCtbl5RACXLd2Ga7IOldFfkdg8uVQCg0xD4 > Q+GpH3juXNZ9+8n6Eyo41f4= > =zZpY > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- 73 Guy Story KC5GOI kc5goi@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071224/b383e990/attachment.html From rsweat at gmail.com Mon Dec 24 21:42:10 2007 From: rsweat at gmail.com (Ryan Sweat) Date: Mon Dec 24 21:42:21 2007 Subject: SQL Logging problem Message-ID: <37728b30712241342l6293ae6cm9cdf05fea028f1e7@mail.gmail.com> I'm having a problem with the SQL logging functionality in MailScanner and hopefully someone can help me figure it out. After MailScanner starts, it works perfectly for a period of time, usually 30 minutes to an hour, then it stops logging incoming email to the MySQL database. The log shows "Logging message to SQL" but it never finishes with the usual "Logged message to SQL. When this happens, the queue builds incredibly fast and there are huge delays in delivering email -- often many hours of delay. Currently the MySQL database is local, but I had the same problem logging to a remote database where an older version of MailScanner is currently running (and logging) without problems. I put some custom debugging in the CustomFunctions/MailWatch.pm and I can tell that the connection to the database is failing here and never seems to recover. # Failed to connect - kick off new child, wait, and try again InitMailWatchLogging(); I ran strace on the MailWatch SQL process until the problem occurred and it doesn't really show any good info, other than it eventually gets stuck waiting for data. 24731 write(3, "<22>Dec 24 15:15:20 MailScanner[24731]: lBOGSJ16013580: Logged to MailWatch SQL\n\0", 81) = 81 24731 accept(7, {sa_family=AF_INET, sin_port=htons(57527), sin_addr=inet_addr("127.0.0.1")}, [13249590112313933840]) = 10 24731 close(9) = 0 24731 ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffaedc7350) = -1 EINVAL (Invalid argument) 24731 lseek(10, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) 24731 ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffaedc7350) = -1 EINVAL (Invalid argument) 24731 lseek(10, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) 24731 fcntl(10, F_SETFD, FD_CLOEXEC) = 0 24731 alarm(9600) = 9600 24731 read(10, # ps auwx | grep Mail root 22372 0.0 0.0 152796 31408 ? Ss 14:58 0:00 MailScanner: master waiting for children, sleeping root 22373 8.7 0.3 237232 104848 ? S 14:58 3:24 MailScanner: finishing batch root 22387 7.8 0.3 242212 107484 ? S 14:58 3:02 MailScanner: finishing batch root 22396 8.4 0.3 237400 104764 ? S 14:58 3:17 MailScanner: finishing batch root 22409 3.9 0.3 234432 103984 ? S 14:58 1:33 MailScanner: finishing batch Strace on these MailScanner processes all show the same thing... connect(8, {sa_family=AF_INET, sin_port=htons(11553), sin_addr=inet_addr(" 127.0.0.1")}, 16 I check the port 11553 and it is indeed listening. Restarting MailScanner fixes the problem (for about 30 minutes). I installed MailScanner using the rpm packages/installation scripts on the download page "Version 4.65.3-1 for RedHat, Fedora and Mandrake Linux". The OS is Linux RHEL 5 64-bit, 16 processors and 32 GB ram. Has anyone experienced this before or have any advice? Thanks, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071224/869bea8a/attachment-0001.html From hvdkooij at vanderkooij.org Mon Dec 24 23:23:42 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Dec 24 23:24:49 2007 Subject: Even spammers take a holiday? In-Reply-To: References: Message-ID: <47703F7E.3050909@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > Thom Jones wrote: > >> I've seen about a 40% reduction in spam per day since last Friday. >> Seemed strange to me since you'd think this would be their busiest time of >> year - just like the arrogant kiosk hand lotion sales people in the malls. >> Anomaly? Or do they succumb to the spirt of giving like the rest of the world? > > > My hypothesis (no supporting evidence) is the owners of the zombied > machines in the spambot networks are not as likely to have their > machines turned on. I second that theory. The prime source of spam is home computers. Well .... Make that: The prime source of the SMTP connections delivering us the spam is home computers. Take that source partially offline and down goes the spam. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHcD97BvzDRVjxmYERAgazAJ9Q8qKqZCcN4ZqeHDSQqju1XCaVswCfcAWi 4Oex3BWbDaz1KWHuWSdb+Wc= =WV9/ -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Dec 25 05:29:10 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Dec 25 05:29:41 2007 Subject: CentOS 5.0 Install In-Reply-To: <476FED58.8080007@ecs.soton.ac.uk> Message-ID: <31826334.71198560550814.JavaMail.root@office.splatnix.net> Why disable IPtables ? I always run it and it is not that hard to configure. I think it was on here somebody pointed out http://www.rfxnetworks.com/apf.php and that just works great! Take the time and set it up, and it also provides a better understanding of what is actually running on your server. Completely agree about SELinux! Yes it is a very good security system, but can be a real PIA ;) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" Sent: 24 December 2007 17:33:12 o'clock (GMT) Europe/London Subject: Re: CentOS 5.0 Install -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Swaney wrote: > Phil Udel wrote: >> Has Anyone Had any issues with CentOS 5.0? >> I am creating a New Mail Server and thought I would use the new CentOS >> > CentOS 5 quietly installs some iptables rules that can cause problems > with some gateway email ralated applications. Be sure and check them > after the install and make sure you can live with the new defaults. > > Also SELinux is configured on by default and you probably need to > turn it off in the security configuration screen that appears during > the first reboot after installation. Eek, well spotted there, Mr S. I don't run host-based firewalls on anything except Windows boxes, so didn't know that one. The first thing I do is always permanently switch off all services I don't need, including iptables and ip6tables (oh, and selinux). Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHb+1ZEfZZRxQVtlQRAsiuAJ4gVk+XNRkpBDWfV3LD91y/jYVeLACfUMzI RyoAJu04p1yVWrV9ucdsqjY= =X7cN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Tue Dec 25 05:30:58 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Dec 25 05:31:18 2007 Subject: Even spammers take a holiday? In-Reply-To: <47703F7E.3050909@vanderkooij.org> Message-ID: <3319516.101198560658338.JavaMail.root@office.splatnix.net> Just wait till the New Year when all those un-savvy people switch on their new xmas presents ! The bot nets will be shouting from the rafters SPAM SPAM SPAM instead of Ho Ho Ho. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Hugo van der Kooij" To: "MailScanner discussion" Sent: 24 December 2007 23:23:42 o'clock (GMT) Europe/London Subject: Re: Even spammers take a holiday? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > Thom Jones wrote: > >> I've seen about a 40% reduction in spam per day since last Friday. >> Seemed strange to me since you'd think this would be their busiest time of >> year - just like the arrogant kiosk hand lotion sales people in the malls. >> Anomaly? Or do they succumb to the spirt of giving like the rest of the world? > > > My hypothesis (no supporting evidence) is the owners of the zombied > machines in the spambot networks are not as likely to have their > machines turned on. I second that theory. The prime source of spam is home computers. Well .... Make that: The prime source of the SMTP connections delivering us the spam is home computers. Take that source partially offline and down goes the spam. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHcD97BvzDRVjxmYERAgazAJ9Q8qKqZCcN4ZqeHDSQqju1XCaVswCfcAWi 4Oex3BWbDaz1KWHuWSdb+Wc= =WV9/ -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Dec 25 09:15:52 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Dec 25 09:16:15 2007 Subject: hold folder not getting processed In-Reply-To: References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> <476EB103.4030708@ecs.soton.ac.uk> Message-ID: <4770CA48.7020603@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is due to a bug in get getopts code in Perl. Newer versions of MailScanner shouldn't do this, I put in a workaround which should be good enough to stop this happening. If you run it with MailScanner /etc/MailScanner/MailScanner.conf --debug then it should work okay. Guy Story KC5GOI wrote: > Jules, this is what I got when I ran --debug: > > root@pccc-gw2:~# MailScanner --debug > Cannot open config file --debug, No such file or directory at > /usr/share/MailScanner/MailScanner/Config.pm line 592. > Compilation failed in require at /usr/sbin/MailScanner line 65. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. > > I also found out on the Ubuntu list that I am not alone. > > Guy > > On Dec 23, 2007 1:03 PM, Julian Field < MailScanner@ecs.soton.ac.uk > > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Guy Story wrote: > > I did triple check permissions today and I have a 770 for > postfix user > > and group on the hold and incoming folders. That was a wild > guess and > > it failed. I tried to use debug mode by starting MailScanner with > > --debug but that generated a compile error and refused to start. > > > That is *definitely* a bad sign. What exact output do you get when > you do a > MailScanner --debug > ? Please cut and paste the output of this into a reply to this > message. > It should start up, process one batch of mail as normal and then quit. > It certainly shouldn't produce any errors. > Do "MailScanner --lint" as well. And give us the output of that. > "MailScanner --version" will tell you the version numbers of > pretty much > everything involved that you have installed. > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: UTF-8 > > wj8DBQFHbrEFEfZZRxQVtlQRAsruAKCtbl5RACXLd2Ga7IOldFfkdg8uVQCg0xD4 > Q+GpH3juXNZ9+8n6Eyo41f4= > =zZpY > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > 73 > > Guy Story KC5GOI > kc5goi@gmail.com Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHcMpKEfZZRxQVtlQRAnhXAJ9XY0TKYu9c/o9KGhGQGFWSL88uJgCgtf2R 7eeMCXvxKTshuYylQccjOAU= =1yWI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul at blacknight.ie Tue Dec 25 11:40:11 2007 From: paul at blacknight.ie (Paul Kelly:: Blacknight) Date: Tue Dec 25 11:40:17 2007 Subject: {Disarmed} SQL Logging problem In-Reply-To: <37728b30712241342l6293ae6cm9cdf05fea028f1e7@mail.gmail.com> References: <37728b30712241342l6293ae6cm9cdf05fea028f1e7@mail.gmail.com> Message-ID: <4770EC1B.8070405@blacknight.ie> Ryan Sweat wrote: > I'm having a problem with the SQL logging functionality in MailScanner > and hopefully someone can help me figure it out. After MailScanner > starts, it works perfectly for a period of time, usually 30 minutes to > an hour, then it stops logging incoming email to the MySQL database. > The log shows "Logging message to SQL" but it never finishes with the > usual "Logged message to SQL. When this happens, the queue builds > incredibly fast and there are huge delays in delivering email -- often > many hours of delay. Currently the MySQL database is local, but I had > the same problem logging to a remote database where an older version of > MailScanner is currently running (and logging) without problems. I put > some custom debugging in the CustomFunctions/MailWatch.pm and I can tell > that the connection to the database is failing here and never seems to > recover. > May I suggest that you turn on the DBI tracing in MailWatch.pm and examine the logs. It looks like a database issue, are you sure there are no crashed tables or any other DB issues. Turn on DB logging in mysql also and again check the logs. I've recently seen this happen where the db host ran out of space. This happen very quickly when you do a few hundred million mails a day :) Happy Christmas. Paul > # Failed to connect - kick off new child, wait, and try again > InitMailWatchLogging(); > > I ran strace on the MailWatch SQL process until the problem occurred and > it doesn't really show any good info, other than it eventually gets > stuck waiting for data. > > 24731 write(3, "<22>Dec 24 15:15:20 MailScanner[24731]: lBOGSJ16013580: > Logged to MailWatch SQL\n\0", 81) = 81 > 24731 accept(7, {sa_family=AF_INET, sin_port=htons(57527), > sin_addr=inet_addr(" *MailScanner has detected a possible fraud attempt > from "127.0.0.1" claiming to be* 127.0.0.1 ")}, > [13249590112313933840]) = 10 > 24731 close(9) = 0 > 24731 ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffaedc7350) = -1 > EINVAL (Invalid argument) > 24731 lseek(10, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > 24731 ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffaedc7350) = -1 > EINVAL (Invalid argument) > 24731 lseek(10, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > 24731 fcntl(10, F_SETFD, FD_CLOEXEC) = 0 > 24731 alarm(9600) = 9600 > 24731 read(10, > > # ps auwx | grep Mail > root 22372 0.0 0.0 152796 31408 ? Ss 14:58 0:00 > MailScanner: master waiting for children, sleeping > root 22373 8.7 0.3 237232 104848 ? S 14:58 3:24 > MailScanner: finishing batch > root 22387 7.8 0.3 242212 107484 ? S 14:58 3:02 > MailScanner: finishing batch > root 22396 8.4 0.3 237400 104764 ? S 14:58 3:17 > MailScanner: finishing batch > root 22409 3.9 0.3 234432 103984 ? S 14:58 1:33 > MailScanner: finishing batch > > Strace on these MailScanner processes all show the same thing... > > connect(8, {sa_family=AF_INET, sin_port=htons(11553), > sin_addr=inet_addr("*MailScanner has detected a possible fraud attempt > from "127.0.0.1" claiming to be* 127.0.0.1 ")}, 16 > > I check the port 11553 and it is indeed listening. Restarting > MailScanner fixes the problem (for about 30 minutes). I installed > MailScanner using the rpm packages/installation scripts on the download > page " Version 4.65.3-1 for RedHat, Fedora and Mandrake Linux > ". > The OS is Linux RHEL 5 64-bit, 16 processors and 32 GB ram. Has anyone > experienced this before or have any advice? > > Thanks, > > Ryan > -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Tel: +353 (0) 59 9183072 Lo-call: 1850 929 929 DDI: +353 (0) 59 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From peter at farrows.org Tue Dec 25 13:24:23 2007 From: peter at farrows.org (Peter Farrow) Date: Tue Dec 25 13:24:35 2007 Subject: CentOS 5.0 Install In-Reply-To: <31826334.71198560550814.JavaMail.root@office.splatnix.net> References: <31826334.71198560550814.JavaMail.root@office.splatnix.net> Message-ID: <47710487.5080709@farrows.org> Hi There, yes iptables is easy to configure and you should probably firewall your boxes on the net (I firewall every machine that faces the net). However I have to say that SElinux is a PITA and I disable it at the earliest possible opportunity. If you don't have box which people don't log into locally, i.e. just a web server, mail server or file server the SElinux is more trouble than its worth. I have certainly never needed it across any of the enterprises I own or support/manage. Generally if I come across a troublesome machine looking to see if it has SELinux enabled is the first port of call. That's not to say it doesn't have its uses, just that I have never found them, specifically I think because my users don't get shell access to the machines, but primarily because the machines are properly/tightly configured from a security perspective to start with. So in summary, its not really needed in my book. P. UxBoD wrote: > Why disable IPtables ? I always run it and it is not that hard to configure. I think it was on here somebody pointed out http://www.rfxnetworks.com/apf.php and that just works great! Take the time and set it up, and it also provides a better understanding of what is actually running on your server. > > Completely agree about SELinux! Yes it is a very good security system, but can be a real PIA ;) > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "Julian Field" > To: "MailScanner discussion" > Sent: 24 December 2007 17:33:12 o'clock (GMT) Europe/London > Subject: Re: CentOS 5.0 Install > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Stephen Swaney wrote: > >> Phil Udel wrote: >> >>> Has Anyone Had any issues with CentOS 5.0? >>> I am creating a New Mail Server and thought I would use the new CentOS >>> >>> >> CentOS 5 quietly installs some iptables rules that can cause problems >> with some gateway email ralated applications. Be sure and check them >> after the install and make sure you can live with the new defaults. >> >> Also SELinux is configured on by default and you probably need to >> turn it off in the security configuration screen that appears during >> the first reboot after installation. >> > Eek, well spotted there, Mr S. I don't run host-based firewalls on > anything except Windows boxes, so didn't know that one. The first thing > I do is always permanently switch off all services I don't need, > including iptables and ip6tables (oh, and selinux). > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHb+1ZEfZZRxQVtlQRAsiuAJ4gVk+XNRkpBDWfV3LD91y/jYVeLACfUMzI > RyoAJu04p1yVWrV9ucdsqjY= > =X7cN > -----END PGP SIGNATURE----- > > From glenn.steen at gmail.com Tue Dec 25 18:44:03 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Dec 25 18:44:15 2007 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FD930.50402@ecs.soton.ac.uk> References: <476FC9AF.2010903@alexb.ch> <476FD930.50402@ecs.soton.ac.uk> Message-ID: <223f97700712251044p3b9c516fsf2847f0d86495627@mail.gmail.com> On 24/12/2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alex Broens wrote: > > > > > > > > > > On 12/24/2007 3:23 PM, Mark Sapiro wrote: > >> Alex Broens wrote: > >>> probably totally irrelevant yet got a hunch... > >>> > >>> > >>> what are your settings in MailScanner.conf for > >>> > >>> Queue Scan Interval > >>> > >>> Max Unscanned Messages Per Scan > >>> > >>> Max Unsafe Messages Per Scan > >> > >> > >> Queue Scan Interval = 6 > >> > >> Max Unscanned Messages Per Scan = 30 > >> > >> Max Unsafe Messages Per Scan = 30 > >> > >> > >>> Could it be you're seeing a race condition between scanning threads? > >> > >> > >> This is exactly what the problem seems to be, but I don't know what to > >> do to prevent it or what I could have done or omitted to cause it. > >> > >> I suppose I could set > >> > >> Max Children = 1 > >> > >> but that seems extreme, and it seems if it were necessary, more than > >> just me would be seeing this problem. > > > > Single CPU: > > > > Max Children = 5 > > > > Dual: > > > > Max Children = 8 > > > > (keep the box relaxed till you get the stuff to process) > > > > Pls try: > > > > Queue Scan Interval = 15 > > > > Max Unscanned Messages Per Scan = 5 > > Max Unsafe Messages Per Scan = 5 > > > > You may need to tweek "Queue Scan Interval" to your box's perfomance > > > > my rule of thumb: > > > > Queue Scan Interval = thread_count + 3 > > > > keep us posted > > > > h2h > > > > Alex > > > I've gone to quite some lengths to stop problems like this, and would be > very interested in working out what might have caused it. The child > processes should not be able to grab each other's messages, so unless a > problem has arisen with the recent code for handling Postfix milters > (which I didn't write all of) this really should not be possible. It > never used to be a problem, which does seem to point a bit towards the > milter handling code. I know, I know... Caan't really see what my goof would've been this time... But I will have a look. Not today though:-). > I don't really have the time required to go through all that code I > didn't write looking for possible problems of this nature (it's a far > bigger job than just reading the code); I will have to rely on the > author of that bit of code to do it. Sorry about that, but work (my > bill-paying day job at the University) has been pretty busy recently. ... Same here, and having some kind of bug in my system (severe headache... and the usual Crohns related sh*t...) ... Might just be the mother of all hangovers though (Xmas celebrations start on the 24:th here in Sweden:-)... That notwithstanding... I'll try get into the work-systems and check on my test-rigg. > But even so, I'm always open to bribes of any nature :-) :-) > Happy Christmas! .... And a merry new year...?;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Tue Dec 25 20:12:34 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Dec 25 20:13:24 2007 Subject: Even spammers take a holiday? In-Reply-To: <3319516.101198560658338.JavaMail.root@office.splatnix.net> References: <47703F7E.3050909@vanderkooij.org> <3319516.101198560658338.JavaMail.root@office.splatnix.net> Message-ID: on 12/24/2007 9:30 PM UxBoD spake the following: > Just wait till the New Year when all those un-savvy people switch on their new xmas presents ! The bot nets will be shouting from the rafters SPAM SPAM SPAM instead of Ho Ho Ho. > It might take a month or so, as most of the new PC's will come with a free trial virus scanner that will get ignored and not activated. Or 10 minutes after the teen boys find pron sites. > > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHcD97BvzDRVjxmYERAgazAJ9Q8qKqZCcN4ZqeHDSQqju1XCaVswCfcAWi > 4Oex3BWbDaz1KWHuWSdb+Wc= > =WV9/ > -----END PGP SIGNATURE----- -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From kc5goi at gmail.com Tue Dec 25 22:51:19 2007 From: kc5goi at gmail.com (Guy Story) Date: Tue Dec 25 22:51:36 2007 Subject: hold folder not getting processed In-Reply-To: <4770CA48.7020603@ecs.soton.ac.uk> References: <476CCF4E.1030302@vanderkooij.org> <7a35f329756f32d2f52a0581ed7377ca@mail.technologytiger.net> <476DF203.4040402@gmail.com> <476EB103.4030708@ecs.soton.ac.uk> <4770CA48.7020603@ecs.soton.ac.uk> Message-ID: <47718967.3090703@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I will give this a shot tomorrow morning. Thanks and have a great Christman. Guy Julian Field wrote: > This is due to a bug in get getopts code in Perl. Newer versions of > MailScanner shouldn't do this, I put in a workaround which should be > good enough to stop this happening. > If you run it with > MailScanner /etc/MailScanner/MailScanner.conf --debug > then it should work okay. > > Guy Story KC5GOI wrote: >> Jules, this is what I got when I ran --debug: > >> root@pccc-gw2:~# MailScanner --debug >> Cannot open config file --debug, No such file or directory at >> /usr/share/MailScanner/MailScanner/Config.pm line 592. >> Compilation failed in require at /usr/sbin/MailScanner line 65. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. > >> I also found out on the Ubuntu list that I am not alone. > >> Guy > >> On Dec 23, 2007 1:03 PM, Julian Field < MailScanner@ecs.soton.ac.uk >> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 > >> Guy Story wrote: >> > I did triple check permissions today and I have a 770 for >> postfix user >> > and group on the hold and incoming folders. That was a wild >> guess and >> > it failed. I tried to use debug mode by starting MailScanner with >> > --debug but that generated a compile error and refused to start. >> > >> That is *definitely* a bad sign. What exact output do you get when >> you do a >> MailScanner --debug >> ? Please cut and paste the output of this into a reply to this >> message. >> It should start up, process one batch of mail as normal and then quit. >> It certainly shouldn't produce any errors. >> Do "MailScanner --lint" as well. And give us the output of that. >> "MailScanner --version" will tell you the version numbers of >> pretty much >> everything involved that you have installed. > >> Jules > >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> > >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHcYlnR5em5LitiYoRAkY7AJ9e6B+kW5FG1GPcEB1lj4XV9vCAiwCfZj8c oU8K7GUqDB+fhg6nIZT/rR0= =F0Zj -----END PGP SIGNATURE----- From uxbod at splatnix.net Wed Dec 26 00:11:46 2007 From: uxbod at splatnix.net (UxBoD) Date: Wed Dec 26 14:38:46 2007 Subject: CentOS 5.0 Install In-Reply-To: <47710487.5080709@farrows.org> Message-ID: <18222692.511198627906751.JavaMail.root@office.splatnix.net> yo ho ho and and bottle of SPAM, give them some RUM and get them on the RUN :D Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Peter Farrow" To: "MailScanner discussion" Sent: 25 December 2007 13:24:23 o'clock (GMT) Europe/London Subject: Re: CentOS 5.0 Install Hi There, yes iptables is easy to configure and you should probably firewall your boxes on the net (I firewall every machine that faces the net). However I have to say that SElinux is a PITA and I disable it at the earliest possible opportunity. If you don't have box which people don't log into locally, i.e. just a web server, mail server or file server the SElinux is more trouble than its worth. I have certainly never needed it across any of the enterprises I own or support/manage. Generally if I come across a troublesome machine looking to see if it has SELinux enabled is the first port of call. That's not to say it doesn't have its uses, just that I have never found them, specifically I think because my users don't get shell access to the machines, but primarily because the machines are properly/tightly configured from a security perspective to start with. So in summary, its not really needed in my book. P. UxBoD wrote: > Why disable IPtables ? I always run it and it is not that hard to configure. I think it was on here somebody pointed out http://www.rfxnetworks.com/apf.php and that just works great! Take the time and set it up, and it also provides a better understanding of what is actually running on your server. > > Completely agree about SELinux! Yes it is a very good security system, but can be a real PIA ;) > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "Julian Field" > To: "MailScanner discussion" > Sent: 24 December 2007 17:33:12 o'clock (GMT) Europe/London > Subject: Re: CentOS 5.0 Install > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Stephen Swaney wrote: > >> Phil Udel wrote: >> >>> Has Anyone Had any issues with CentOS 5.0? >>> I am creating a New Mail Server and thought I would use the new CentOS >>> >>> >> CentOS 5 quietly installs some iptables rules that can cause problems >> with some gateway email ralated applications. Be sure and check them >> after the install and make sure you can live with the new defaults. >> >> Also SELinux is configured on by default and you probably need to >> turn it off in the security configuration screen that appears during >> the first reboot after installation. >> > Eek, well spotted there, Mr S. I don't run host-based firewalls on > anything except Windows boxes, so didn't know that one. The first thing > I do is always permanently switch off all services I don't need, > including iptables and ip6tables (oh, and selinux). > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHb+1ZEfZZRxQVtlQRAsiuAJ4gVk+XNRkpBDWfV3LD91y/jYVeLACfUMzI > RyoAJu04p1yVWrV9ucdsqjY= > =X7cN > -----END PGP SIGNATURE----- > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at lubik.ca Wed Dec 26 19:18:52 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Dec 26 19:53:15 2007 Subject: SQL Logging problem In-Reply-To: <37728b30712241342l6293ae6cm9cdf05fea028f1e7@mail.gmail.com> References: <37728b30712241342l6293ae6cm9cdf05fea028f1e7@mail.gmail.com> Message-ID: Ryan Sweat wrote: > I'm having a problem with the SQL logging functionality in MailScanner > and hopefully someone can help me figure it out. After MailScanner > starts, it works perfectly for a period of time, usually 30 minutes to > an hour, then it stops logging incoming email to the MySQL database. > The log shows "Logging message to SQL" but it never finishes with the > usual "Logged message to SQL. When this happens, the queue builds > incredibly fast and there are huge delays in delivering email -- often > many hours of delay. Currently the MySQL database is local, but I had > the same problem logging to a remote database where an older version of > MailScanner is currently running (and logging) without problems. I put > some custom debugging in the CustomFunctions/MailWat ch.pm and I can > tell that the connection to the database is failing here and never seems > to recover. > > # Failed to connect - kick off new child, wait, and try again > InitMailWatchLogging(); > > I ran strace on the MailWatch SQL process until the problem occurred and > it doesn't really show any good info, other than it eventually gets > stuck waiting for data. > > 24731 write(3, "<22>Dec 24 15:15:20 MailScanner[24731]: lBOGSJ16013580: > Logged to MailWatch SQL\n\0", 81) = 81 > 24731 accept(7, {sa_family=AF_INET, sin_port=htons(57527), > sin_addr=inet_addr(" 127.0.0.1 ")}, > [13249590112313933840]) = 10 > 24731 close(9) = 0 > 24731 ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffaedc7350) = -1 > EINVAL (Invalid argument) > 24731 lseek(10, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > 24731 ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffaedc7350) = -1 > EINVAL (Invalid argument) > 24731 lseek(10, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) > 24731 fcntl(10, F_SETFD, FD_CLOEXEC) = 0 > 24731 alarm(9600) = 9600 > 24731 read(10, > > # ps auwx | grep Mail > root 22372 0.0 0.0 152796 31408 ? Ss 14:58 0:00 > MailScanner: master waiting for children, sleeping > root 22373 8.7 0.3 237232 104848 ? S 14:58 3:24 > MailScanner: finishing batch > root 22387 7.8 0.3 242212 107484 ? S 14:58 3:02 > MailScanner: finishing batch > root 22396 8.4 0.3 237400 104764 ? S 14:58 3:17 > MailScanner: finishing batch > root 22409 3.9 0.3 234432 103984 ? S 14:58 1:33 > MailScanner: finishing batch > > Strace on these MailScanner processes all show the same thing... > > connect(8, {sa_family=AF_INET, sin_port=htons(11553), > sin_addr=inet_addr("127.0.0.1 ")}, 16 > > I check the port 11553 and it is indeed listening. Restarting > MailScanner fixes the problem (for about 30 minutes). I installed > MailScanner using the rpm packages/installation scripts on the download > page " Version 4.65.3-1 for RedHat, Fedora and Mandrake Linux > ". > The OS is Linux RHEL 5 64-bit, 16 processors and 32 GB ram. Has anyone > experienced this before or have any advice? 16 procs and 32GB ram ? What is your daily volume? I strongly suggest having your MySQL server on a separte server, with the fastest disks or array that you can find and maybe do your selects on a slave, while inserting on the master. Ugo From MailScanner at ecs.soton.ac.uk Wed Dec 26 21:48:03 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Dec 26 21:48:36 2007 Subject: Problem with HTML disarm In-Reply-To: <476C413F.101@ecs.soton.ac.uk> References: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> <476BF5C0.4040102@vanderkooij.org> <476C413F.101@ecs.soton.ac.uk> Message-ID: <4772CC13.7080304@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > * PGP Signed: 12/21/07 at 17:42:14 > > > > Hugo van der Kooij wrote: >> > Old Signed by an unknown key >> >> shuttlebox wrote: >> >>> I've recently been involved in debugging Nortel HW and their support >>> made some remarks about how MailScanner disarms HTML I wanted to share >>> with the list. >>> >> >> .... >> >> >>> Anyone else this has happened to? Opinions? Could this be added to MS >>> for more correct HTML rendering? >>> >> >> I have not been bitten by it. But their remark is a valid concern and >> their proposed solution makes sense to me. >> >> I would recommend to disable script that way in MailScanner. >> >> > I'll take a look, but no guarantees as it's not just a tag replacement. > > Current planned improvements are: > 1) etrust-autoupdate needs fixing to use the correct autoupdater in > the latest version, while not breaking backwards compatibility with > any previous versions. Done that one. > 2) Produce a customised report on receipt of password-protected > archives, back to sender. > 3) Comment out scripts in HTML emails, and some other HTML email. Currently the entire text of the script should be removed, not just commented out. Is this not working? With your example, I get the HTML without the