From MailScanner at ecs.soton.ac.uk Thu Feb 1 00:04:47 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 31 23:08:47 2007 Subject: RBL performance: caching nameserver vs RBL mirroring In-Reply-To: <45C10660.2070101@nkpanama.com> References: <45C09F0F.7FBE.00FC.3@medicine.wisc.edu> <45C10660.2070101@nkpanama.com> Message-ID: <45C1208F.90108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > Michael Masse wrote: >> Can someone explain the pro's and con's of each with respect to >> performance and accuracy, or am I confused and they are not actually >> mutually exclusive, and have nothing to do with eachother? >> >> Mike >> > Caching nameserver means "keep a copy of DNS lookups so I don't have > to do it again for some time". RBL Mirroring means "don't ask a remote > RBL every time I get a message; download the changes to the list > periodically". As a general rule, you don't need your own mirror of an RBL unless you are doing well over 100,000 messages per day. Below that figure, most of the RBL managers won't give you a feed for a mirror anyway. Get a caching nameserver going first (essential) and see how you get on and measure your message throughput. If you are well into 6 or 7 figures, then think about asking the RBL managers for a direct feed. "rbldns" is the best thing to use for big RBLs, not BIND. Run rbldnsd on a different port and just tell BIND to feed requests for the domain to the port used by rbldnsd. I can supply config snippets if necessary. I have a mirror feed for the SURBLs. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwSCYEfZZRxQVtlQRAkBbAKC8KgFkdczsi2vrhkZMjI4q6/ze8ACfVFzb Psu9Ib3zogMHLRLnJunQ0xs= =QgLD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From res at ausics.net Thu Feb 1 01:37:04 2007 From: res at ausics.net (Res) Date: Thu Feb 1 00:40:36 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <20070131163457.B633.GERARD@seibercom.net> References: <20070131163457.B633.GERARD@seibercom.net> Message-ID: On Wed, 31 Jan 2007, Gerard Seibert wrote: > On Wednesday January 31, 2007 at 03:53:47 (PM) Res wrote: > >> Thats very obvious by the posts in here. Sendmail is easiest, followed by >> Exim and then Postfix (which is the most problematic because of its author) > > > I would be interested in why you make that statement regarding Postfix. I You're kidding me right? Just read the archives, and the fact way he speaks of mailscanner alone not only now but in recent years. His attitude is alike DJB, prolly half the reason I despise Qmail ( only half because DJB has no problem with mailscanner) and why i despise postfix, I have NO time for arrogant people who have such narrow vision. > had used Sendmail for several years and found it confusing. Getting SASL, Some people do, some don't. I will agree in the early days Sendmails documentation was poor (might stil be I have not looked at it in years) > trait. I will agree through that milters work far better on Sendmail > than Postfix. The problem is that they were written with Sendmail in As Julian pointed out, they were created by Sendmail so it should :) > Even the clamav milter does not work correctly. I spoke to its I fail to see the need for anti virus milter when I use MailScanner on every mail server. The only milters I use are spf, and on some machines the look-ahead user lookup milter to back end machines. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Thu Feb 1 02:17:18 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 1 01:20:44 2007 Subject: Performance In-Reply-To: <45C11A25.5010407@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> Message-ID: <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> On 31/01/07, Peter Russell wrote: (snip) > >> PostFix Configuration: > >> [root@mx1 ~]# postconf -n > >> canonical_maps = hash:/etc/postfix/canonical > >> config_directory = /etc/postfix > >> disable_vrfy_command = yes > >> hash_queue_names = "" > >> header_checks = regexp:/etc/postfix/header_checks > >> masquerade_exceptions = root > >> message_size_limit = 51200000 > >> mydomain = schmerold.com > >> myhostname = mx1.schmerold.com > >> mynetworks = 127.0.0.0/8 65.16.251.208/29 > >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > > Why is there no "companion" relay_recipient_maps? You should reject > > unknown recipients. > > > >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> smtpd_helo_required = yes > > Here you should perhaps have a > > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > > hash:/etc/postfix/deny_domain_spoof > > Where the deny_domain_spoof is simply an access file detailing the > > domains and IP addresses you relay for like "katy.com REJECT". Will be > > perfectly safe to use. > > Glenn - should he have REJECT for domains he relays for? Yes. The thinking here is to REJECT anyone pretending to be either your domain (your MX) or any of the "internal/trusted" IP addresses, unless they really are... The permit_mynetworks take care of not rejecting things that shouldn't be rejected:). As said, perfectly safe;-). This one rejects a few every day. > I am interested > in tweaking my postfix config myself. Any chance one fo the postfix > gurus like your self would post up your main.cf with some comments on > your anti spam settings? Will have to sanitise it a bit (don't want to spread any "secrets":-), but sure... It's really not that exciting reading... I got a lot of it from the UCE links over at www.postfix.org, with some slight adaptations to my needs... And to complete the picture one would have to have some other files too (access maps, perhaps some scripts). I'll see what I can do over the next few days (am pretty busy with real work... Providing SSL Explorer (yay!) to the "unwashed masses" at work (inc yet another upgrade), fiddling a bit with Oracle, testing the latest MS beta/stable... all for tomorrow. And sqeeze in a doctors appointment somewhere too):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Thu Feb 1 02:33:53 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 1 01:37:48 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <20070131163457.B633.GERARD@seibercom.net> References: <20070131163457.B633.GERARD@seibercom.net> Message-ID: <45C14381.1000107@nkpanama.com> Gerard Seibert wrote: > I would be interested in why you make that statement regarding Postfix. I > had used Sendmail for several years and found it confusing. Getting SASL, > etc working on it can be a real chore. SASL appears to work out-of-the-box on CentOS, at least for me. What do you mean by " a real chore "? From pete at enitech.com.au Thu Feb 1 02:46:58 2007 From: pete at enitech.com.au (Peter Russell) Date: Thu Feb 1 01:50:25 2007 Subject: Performance In-Reply-To: <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> Message-ID: <45C14692.2020704@enitech.com.au> Glenn Steen wrote: > On 31/01/07, Peter Russell wrote: > (snip) >> >> PostFix Configuration: >> >> [root@mx1 ~]# postconf -n >> >> canonical_maps = hash:/etc/postfix/canonical >> >> config_directory = /etc/postfix >> >> disable_vrfy_command = yes >> >> hash_queue_names = "" >> >> header_checks = regexp:/etc/postfix/header_checks >> >> masquerade_exceptions = root >> >> message_size_limit = 51200000 >> >> mydomain = schmerold.com >> >> myhostname = mx1.schmerold.com >> >> mynetworks = 127.0.0.0/8 65.16.251.208/29 >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com >> > Why is there no "companion" relay_recipient_maps? You should reject >> > unknown recipients. >> > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> >> smtpd_helo_required = yes >> > Here you should perhaps have a >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> > hash:/etc/postfix/deny_domain_spoof >> > Where the deny_domain_spoof is simply an access file detailing the >> > domains and IP addresses you relay for like "katy.com REJECT". Will be >> > perfectly safe to use. >> >> Glenn - should he have REJECT for domains he relays for? > Yes. The thinking here is to REJECT anyone pretending to be either > your domain (your MX) or any of the "internal/trusted" IP addresses, > unless they really are... The permit_mynetworks take care of not > rejecting things that shouldn't be rejected:). > As said, perfectly safe;-). > This one rejects a few every day. Sorry for the questions, but i am trying to stop some of the low scoring spam i keep getting through - i am sure some tweaking will get it. How do you check if these have blocked some spam? grep the maillog? > >> I am interested >> in tweaking my postfix config myself. Any chance one fo the postfix >> gurus like your self would post up your main.cf with some comments on >> your anti spam settings? > Will have to sanitise it a bit (don't want to spread any "secrets":-), > but sure... It's really not that exciting reading... And sqeeze in a doctors > appointment somewhere too):-). > That's cool - just figured some already tested and explained MTA set ups would stop some of the easier spam. Appreciate any help you can offer. No rush :) From Richard.Frovarp at sendit.nodak.edu Thu Feb 1 03:03:43 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 1 02:07:13 2007 Subject: RBL performance: caching nameserver vs RBL mirroring In-Reply-To: <45C1208F.90108@ecs.soton.ac.uk> References: <45C09F0F.7FBE.00FC.3@medicine.wisc.edu> <45C10660.2070101@nkpanama.com> <45C1208F.90108@ecs.soton.ac.uk> Message-ID: <45C14A7F.4000308@sendit.nodak.edu> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alex Neuman van der Hans wrote: > >> Michael Masse wrote: >> >>> Can someone explain the pro's and con's of each with respect to >>> performance and accuracy, or am I confused and they are not actually >>> mutually exclusive, and have nothing to do with eachother? >>> >>> Mike >>> >>> >> Caching nameserver means "keep a copy of DNS lookups so I don't have >> to do it again for some time". RBL Mirroring means "don't ask a remote >> RBL every time I get a message; download the changes to the list >> periodically". >> > As a general rule, you don't need your own mirror of an RBL unless you > are doing well over 100,000 messages per day. Below that figure, most of > the RBL managers won't give you a feed for a mirror anyway. Get a > caching nameserver going first (essential) and see how you get on and > measure your message throughput. If you are well into 6 or 7 figures, > then think about asking the RBL managers for a direct feed. "rbldns" is > the best thing to use for big RBLs, not BIND. Run rbldnsd on a different > port and just tell BIND to feed requests for the domain to the port used > by rbldnsd. > You want to be running a caching nameserver no matter what. I know a certain server that was running MailScanner and for some reason the caching nameserver failed on it. It had to make a trip all the way to the local DNS (same room), and it got very very very backed up. Of course this is a server that probably handles a 100,000 alone on a light day. No wonder the end-to-end monitor kept paging all weekend. From pascal.maes at elec.ucl.ac.be Thu Feb 1 07:50:52 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Feb 1 06:54:21 2007 Subject: Question about headers In-Reply-To: <20070129072647.3B08.GERARD@seibercom.net> References: <45BD7919.1020009@rogers.com> <223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com> <20070129072647.3B08.GERARD@seibercom.net> Message-ID: hello, In /etc/mail/spamassassin/local.cf I have : clear_headers add_header all Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_S(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ When I use spamassassin -D I get the following headers in the result : X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on smtp-1.dynsipr.ucl.ac.be X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=unavailable version=3.1.7S(*)_ But when the mail goes through MailScanner I get only : X-Sgsi-Mailscanner: Found to be clean X-Sgsi-Mailscanner-Spamcheck: n'est pas un polluriel, SpamAssassin (cached, score=-22.6, requis 5, autolearn=not spam, BAYES_00 -2.60, RCVD_AUTH_OK -20.00, SPF_HELO_PASS -0.00) X-Sgsi-Mailscanner-From: pascal.maes@elec.ucl.ac.be X-Spam-Status: No In MailScanner.conf, I have the following settings : Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Spam Score Character = s Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: What could I do to get all the SpamAssassin headers ? Thanks -- Pascal From micoots at yahoo.com Thu Feb 1 08:11:50 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 07:15:14 2007 Subject: Enable MCP Bounce, no such thing? Message-ID: <404490.91616.qm@web33305.mail.mud.yahoo.com> Hi Julian, :) I had one of my clients ask me "so if the senders message is blocked, they should know why otherwise they'll think the message successfully went through". I've implemented MCP scanning for this client, who has used the feature to enable regex for "bad words" which he basically doesn't want to see. f words, p words, c words, you get what I mean, things that are commonly part of adult spam but he's going one step further, if a real person emails him those words (swear words etc) then he doesn't even want to know the email was sent. I use MailWatch and various SARE rules, so this means mailwatch to also not log the stuff (which I'm able to do quite easily). So when the MCP rule kicks in and /dev/null's the message, it would be good for the sender to know why their message was rejected/blocked and never sent. They're a church group btw and I host for a couple of churches which would benefit from the same types of services. Can you complete the implementation of this feature Julian? Michael. ----- Original Message ---- From: Julian Field To: MailScanner discussion Sent: Wednesday, 31 January, 2007 11:19:06 PM Subject: Re: Enable MCP Bounce, no such thing? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a feeling I decided there wasn't a use for such an option and didn't implement it. Michael Mansour wrote: > Hi, > > I'm using mailscanner-4.57.6-1 > > In MailScanner.conf, there's an option: > > Enable Spam Bounce > > which allows the bouncing of email to the sender. I'm after this option not for Spam, but for MCP. > > The closest I find in MailScanner.conf is: > > Bounce MCP As Attachment = yes > > but this doesn't work ie. no bounce is sent. > > I was expecting an equivalent MCP command like: > > Enable MCP Bounce > > based on the similarities between the Spam and MCP command set, but no such command exists. > > So my question is, if a message is MCP or high scoring MCP and I delete it, how do I organise to notify the sender that their message has been blocked - which is explained in these options: > > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > Thanks. > > Michael. > > > > > Send instant messages to your online friends http://au.messenger.yahoo.com > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwImHEfZZRxQVtlQRAkkWAJ9LWziks3jD+ovVfnQosZIDOjRK6wCgrQat wniBs4U7ry6VByvBC1m4y2g= =OVAg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Send instant messages to your online friends http://au.messenger.yahoo.com From micoots at yahoo.com Thu Feb 1 08:43:57 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 07:47:21 2007 Subject: spam blacklisted Message-ID: <745054.12199.qm@web33308.mail.mud.yahoo.com> Hi, I'm really baffled with this one. For the past day I have been seeing this in maillog sent to one particular domain: Jan 31 09:19:05 server MailScanner[21625]: Message l0UMK3pX001320 from xxx.xxx.xxx.xxx (example@example.com to example.com is spam (blacklisted) I've checked "example.com"'s blacklisting and the sender is not there. I have spent about an hour on the setup trying to track down where this is getting blacklisted, but no go. BTW, I have multiple MX mailservers which process mail and then deliver to another mail server which holds the user mailboxes. These messages pass through as "clean" on the MX mail server but when they reach the one that holds the user mailboxes it blacklists them (and as of a week ago all these mailscanner scanners are now identical in setup). I don't know where else to look. Does anyone have any suggestions? Thanks. Michael. Send instant messages to your online friends http://au.messenger.yahoo.com From micoots at yahoo.com Thu Feb 1 09:05:07 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 08:08:31 2007 Subject: spam blacklisted Message-ID: <362754.85645.qm@web33310.mail.mud.yahoo.com> Please ignore this one. After taking a break and coming back to it, I noticed that the user inadvertently blacklisted the IP of one of my mailservers, so anything coming from it to his domain would get blacklisted. Michael. ----- Original Message ---- From: Michael Mansour To: MailScanner discussion Sent: Thursday, 1 February, 2007 6:43:57 PM Subject: spam blacklisted Hi, I'm really baffled with this one. For the past day I have been seeing this in maillog sent to one particular domain: Jan 31 09:19:05 server MailScanner[21625]: Message l0UMK3pX001320 from xxx.xxx.xxx.xxx (example@example.com to example.com is spam (blacklisted) I've checked "example.com"'s blacklisting and the sender is not there. I have spent about an hour on the setup trying to track down where this is getting blacklisted, but no go. BTW, I have multiple MX mailservers which process mail and then deliver to another mail server which holds the user mailboxes. These messages pass through as "clean" on the MX mail server but when they reach the one that holds the user mailboxes it blacklists them (and as of a week ago all these mailscanner scanners are now identical in setup). I don't know where else to look. Does anyone have any suggestions? Thanks. Michael. Send instant messages to your online friends http://au.messenger.yahoo.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Send instant messages to your online friends http://au.messenger.yahoo.com From glenn.steen at gmail.com Thu Feb 1 11:10:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 1 10:14:00 2007 Subject: Performance In-Reply-To: <45C14692.2020704@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> Message-ID: <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> On 01/02/07, Peter Russell wrote: > > > Glenn Steen wrote: > > On 31/01/07, Peter Russell wrote: (snip even more) > >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > >> > Why is there no "companion" relay_recipient_maps? You should reject > >> > unknown recipients. > >> > > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> >> smtpd_helo_required = yes > >> > Here you should perhaps have a > >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > >> > hash:/etc/postfix/deny_domain_spoof > >> > Where the deny_domain_spoof is simply an access file detailing the > >> > domains and IP addresses you relay for like "katy.com REJECT". Will be > >> > perfectly safe to use. > >> > >> Glenn - should he have REJECT for domains he relays for? > > Yes. The thinking here is to REJECT anyone pretending to be either > > your domain (your MX) or any of the "internal/trusted" IP addresses, > > unless they really are... The permit_mynetworks take care of not > > rejecting things that shouldn't be rejected:). > > As said, perfectly safe;-). > > This one rejects a few every day. > > Sorry for the questions, but i am trying to stop some of the low scoring > spam i keep getting through - i am sure some tweaking will get it. Quite OK. > How do you check if these have blocked some spam? grep the maillog? Well more or less:-). It's the beauty of pflogsumm ... It'll summarize all rejections by at what stage and "reason"... like this (this is for yesterday): message reject detail --------------------- RCPT Helo command rejected: Access denied (total: 50) 3 83.173.153.170 (clients-865241583854se@nordea.se) 3 83.239.72.30 (wkihudxroacna@dirtydavid.every1.net) ... (The first one there is a Nordea Phish, or rather three... that I spend no more resources on;-) These "Access denied at helo" are the ones trying to pretend they are us. Similarily you'll get Helo command rejected: Invalid name (total: 9) Helo command rejected: need fully-qualified hostname (total: 374) Recipient address rejected: User unknown in relay recipient table (total: 233) Relay access denied (total: 41) Sender address rejected: Access denied (total: 35) ... All those 700-odd rejections on a total incoming of 3800. Most of teh above are pretty obviously from "reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient", and I also apply the deny_domain_spoof in the sender_restrictions, which accounts for those 35 rejections. To keep "on top of things" I've cron'd a couple of pflogsumm runs like this: 3 0 * * * /usr/local/bin/pflsum_yday 10 4 * * 0 /usr/local/bin/pflsum_week # cat /usr/local/bin/pflsum_yday #!/bin/bash # Postfix log summary analysis per yesterday /bin/cat /var/log/syslog | /usr/local/bin/pflogsumm -i -d yesterday --problems_first --rej_add_from --zero_fill > /var/www/html/pflogsumm/pflogsumm-$(date +%Y%m%d).txt 2>&1 # cat /usr/local/bin/pflsum_week #!/bin/bash # Postfix log summary analysis per last week /bin/zcat /var/log/syslog.1.gz | /usr/local/bin/pflogsumm -i --problems_first --rej_add_from --zero_fill > /var/www/html/pflogsumm/pflogsumm-week-$(date +%Y%m%d).txt 2>&1 # And I then have a small PHP script to present those on a webpage... For my disabled-by-windoze colleagues:-). > > > >> I am interested > >> in tweaking my postfix config myself. Any chance one fo the postfix > >> gurus like your self would post up your main.cf with some comments on > >> your anti spam settings? > > Will have to sanitise it a bit (don't want to spread any "secrets":-), > > but sure... It's really not that exciting reading... And sqeeze in a doctors > > appointment somewhere too):-). > > > > That's cool - just figured some already tested and explained MTA set ups > would stop some of the easier spam. Appreciate any help you can offer. > No rush :) :-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Thu Feb 1 11:56:29 2007 From: uxbod at splatnix.net (uxbod) Date: Thu Feb 1 11:00:21 2007 Subject: OT: Compile Error on Module Message-ID: <73decad418edbd44c482dcabd9ff1eed@62.49.223.244> Hi, I am currently trying to build a new server but hit problems with the module Convert-BinHex as I get the following error on make test :- [root@BRULNX02 Convert-BinHex-1.119]# make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/comp2bin....Can't locate package Exporter for @Checker::ISA at t/comp2bin.t line 3. Undefined subroutine &main::check called at t/comp2bin.t line 75. t/comp2bin....dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 1-9 Failed 9/9 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/comp2bin.t 255 65280 9 18 200.00% 1-9 Failed 1/1 test scripts, 0.00% okay. 9/9 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 Any ideas ? -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Thu Feb 1 12:20:20 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Feb 1 11:26:42 2007 Subject: Use of floating point on typical mailserver Message-ID: <45C1CCF4.1070100@nerc.ac.uk> I'm considering evaluating the "coolthreads" hardware from Sun, in particular the T2000. This utilises the first generation "Niagra" chips which can handle up to 32 threads per socket. The technology looks pretty good apart from the fact that they only have a single FPU per socket. My question is, how much FP does a typical mail server (sendmail/MS/MW etc) need? Is it even worth going through the evaluation procedure or should I wait until the Niagra2 chips arrive (May apparently) which will have one FPU per core? Anyone here using this hardware? GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solidstatelogic.com Thu Feb 1 12:41:24 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 1 11:45:26 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C1CCF4.1070100@nerc.ac.uk> Message-ID: <045ebd448d25a04980528e12f7467cad@solidstatelogic.com> Greg Got one here (4 core model) used for compiles etc...just added two new drives in, zero downtime...shiney. Incredibly noisy though (needs to be in a server room not near your desk! I'm sure there's an RB211 ) and if this is 'cool' threads I dunno what warm is like;-) Anyway a certain sys-admin at soton.ac.uk set one up as his email server on a big 8 core system...perhaps he can comment on his performance. A lot of this will be I/O based anyway so a BIG raid array/SAN with lots of spindles will win over lots of CPU anyday (unless you a lot of SSL connections going) BTW my new email server is a new Dell 2950 (Centos 4.4) with 6 x 73GB 10k SAS RAID 5 dfor mail store and hardly get a loadave reading 0.00 with 140 imap users...8 GB ram and 2 twin core 3.2 Xeons (I think can't remember exact CPUS). Going to do SIP and IM on it as well soon. A LOT cheaper than a T2000.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Greg Matthews > Sent: 01 February 2007 11:20 > To: MailScanner discussion > Subject: Use of floating point on typical mailserver > > I'm considering evaluating the "coolthreads" hardware from Sun, in > particular the T2000. This utilises the first generation "Niagra" chips > which can handle up to 32 threads per socket. > > The technology looks pretty good apart from the fact that they only have > a single FPU per socket. > > My question is, how much FP does a typical mail server (sendmail/MS/MW > etc) need? Is it even worth going through the evaluation procedure or > should I wait until the Niagra2 chips arrive (May apparently) which will > have one FPU per core? Anyone here using this hardware? > > GREG > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From gmatt at nerc.ac.uk Thu Feb 1 14:31:29 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Feb 1 13:35:04 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <045ebd448d25a04980528e12f7467cad@solidstatelogic.com> References: <045ebd448d25a04980528e12f7467cad@solidstatelogic.com> Message-ID: <45C1EBB1.2000907@nerc.ac.uk> Martin.Hepworth wrote: > > BTW my new email server is a new Dell 2950 (Centos 4.4) with 6 x 73GB > 10k SAS RAID 5 dfor mail store and hardly get a loadave reading 0.00 > with 140 imap users...8 GB ram and 2 twin core 3.2 Xeons (I think can't > remember exact CPUS). Going to do SIP and IM on it as well soon. A LOT > cheaper than a T2000.... maybe - we get the academic discounting of course. T2000s are likely to plummet once the new Niagra chips are shipping as well. Also, we deal with *lot* of email, currently split over 3 disparate machines. 32 concurrent threads sounded like good way to go with a mail relay but its going to be reeeal slow if it needs to do any amount of FP. I can also sell it to the money men on running cost! G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solidstatelogic.com Thu Feb 1 14:45:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 1 13:52:04 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C1EBB1.2000907@nerc.ac.uk> Message-ID: Gregg Thought the new N2's weren't due for another 12 months at least....could be wrong, usually am ! As regards functionality yeah the T2000/Solaris 10 is lovely...like I said I populated the spare disk slots and got the new filesystem RAID1 with zero downtime. Now combine this with your email sitting on ZFS and you're definitely onto a winner IHMO. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Greg Matthews > Sent: 01 February 2007 13:31 > To: MailScanner discussion > Subject: Re: Use of floating point on typical mailserver > > Martin.Hepworth wrote: > > > > BTW my new email server is a new Dell 2950 (Centos 4.4) with 6 x 73GB > > 10k SAS RAID 5 dfor mail store and hardly get a loadave reading 0.00 > > with 140 imap users...8 GB ram and 2 twin core 3.2 Xeons (I think can't > > remember exact CPUS). Going to do SIP and IM on it as well soon. A LOT > > cheaper than a T2000.... > > maybe - we get the academic discounting of course. T2000s are likely to > plummet once the new Niagra chips are shipping as well. Also, we deal > with *lot* of email, currently split over 3 disparate machines. 32 > concurrent threads sounded like good way to go with a mail relay but its > going to be reeeal slow if it needs to do any amount of FP. I can also > sell it to the money men on running cost! > > G > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Feb 1 16:38:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 15:43:21 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: <45C2098A.3070200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the latest stable version of MailScanner, 4.58.9. It is available for download directly from www.mailscanner.info as usual. The major changes for this release are: - -- Added a new configuration setting to control whether senders are notified about attachments are too big or too small. - -- When using the Custom Function plugin system, you can now calculate a ruleset from within your Custom Function. Very useful for large sites. - -- Improvements to the accuracy of the SpamAssassin cache results. - -- Startup scripts now make SpamAssassin run out of memory-based temporary files where possible, to improve speed. - -- Messages placed in multiple outgoing queues are now delivered immediately. - -- Fixed problems with a few users seeing extra "disarmed" or "fraud" tags appearing incorrectly. Best regards, Jules - -- Julian Field MEng CITP MBCS MIEEE MACM www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwgmfEfZZRxQVtlQRAgRgAKDeSs0GOzr7DQIL2gVlngZ9e8lM6ACeNCxN g6wOGvZWXVFPuz7fjLJ0mUA= =zNq1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Feb 1 16:46:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 15:55:12 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <45C14381.1000107@nkpanama.com> References: <20070131163457.B633.GERARD@seibercom.net> <45C14381.1000107@nkpanama.com> Message-ID: <45C20B66.8020309@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > > > Gerard Seibert wrote: >> I would be interested in why you make that statement regarding >> Postfix. I >> had used Sendmail for several years and found it confusing. Getting >> SASL, >> etc working on it can be a real chore. > SASL appears to work out-of-the-box on CentOS, at least for me. What > do you mean by " a real chore "? I only thing I know is wrong on RedHat is that /etc/sysconfig/saslauthd says MECH=shadow where MECH=pam is enormously more useful in a distributed environment. Other than that, it just works. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwgw/EfZZRxQVtlQRAmbdAKDY18fnvEPJ8dmSYLyLtxuKk87R8QCfdXan WHU68hILoTveDN0nmuZVY6Y= =d270 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Feb 1 16:49:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 15:55:16 2007 Subject: OT: Compile Error on Module In-Reply-To: <73decad418edbd44c482dcabd9ff1eed@62.49.223.244> References: <73decad418edbd44c482dcabd9ff1eed@62.49.223.244> Message-ID: <45C20C1A.7050404@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you're on a Linux box, make sure there are no mentions of utf in /etc/sysconfig/i18n. This can cause all sorts of odd errors with Makefiles. uxbod wrote: > Hi, > > I am currently trying to build a new server but hit problems with the module Convert-BinHex as I get the following error on make test :- > > [root@BRULNX02 Convert-BinHex-1.119]# make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/comp2bin....Can't locate package Exporter for @Checker::ISA at t/comp2bin.t line 3. > Undefined subroutine &main::check called at t/comp2bin.t line 75. > t/comp2bin....dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 1-9 > Failed 9/9 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > t/comp2bin.t 255 65280 9 18 200.00% 1-9 > Failed 1/1 test scripts, 0.00% okay. 9/9 subtests failed, 0.00% okay. > make: *** [test_dynamic] Error 2 > > Any ideas ? > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFFwgxEEfZZRxQVtlQRAqOhAKDcfWTn2wGtB5upEiL4woKcAYslDwCgmTei +GebnnfUCj6HwJszjkIe0j4= =yOp9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From wendiw at itasoftware.com Thu Feb 1 17:57:36 2007 From: wendiw at itasoftware.com (Wendi Whitsett) Date: Thu Feb 1 17:00:33 2007 Subject: Phishing whitelist entries not used by MS Message-ID: <45C21C00.6060202@itasoftware.com> I've got a MailScanner/Linux box here that seems to be failing the 'check for safe phishing sites' part of the scan. I clearly created two entries in my /etc/MailScanner/phishing.safe.sites.conf: www.domainone.com www.domaintwo.com Reloaded MS and sent through a message with an embedded A href tag. The message went through and got scanned positive for phishing fraud, even with my two domains listed in the safe sites. Anyone have any ideas why this is happening? Blurb from reload, you can see the phishing whitelist being loaded: Feb 1 09:37:30 mx1 MailScanner[7257]: MailScanner E-Mail Virus Scanner version 4.56.8 starting... Feb 1 09:37:30 mx1 MailScanner[7257]: Read 767 hostnames from the phishing whitelist Feb 1 09:37:30 mx1 MailScanner[7257]: Using SpamAssassin results cache Feb 1 09:37:30 mx1 MailScanner[7257]: Connected to SpamAssassin cache database Feb 1 09:37:30 mx1 MailScanner[7257]: Expired 6 records from the SpamAssassin cache Feb 1 09:37:30 mx1 MailScanner[7257]: Enabling SpamAssassin auto-whitelist functionality... Feb 1 09:37:35 mx1 MailScanner[7257]: Using locktype = flock Thanks for any help... -Wendi -- Wendi W. Sr Systems Engineer ITA Software wendiw@itasoftware.com 617.714.2193 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/747c36a9/smime.bin From ecasarero at gmail.com Thu Feb 1 20:17:01 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:20:27 2007 Subject: Need help, server running out of space!! Message-ID: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> hi MS gurus i need your help. I run Mscanner with spamassasing on a HPDL380, with 1 scsi disk. mscanner MailScanner-4.55.10, sendmail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/97a913fb/attachment.html From claude.gagne at multitech.qc.ca Thu Feb 1 20:28:32 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 19:30:28 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> Message-ID: <45C23F60.5010805@multitech.qc.ca> Empty the quarantine ? Eduardo Casarero a ?crit : > hi MS gurus i need your help. I run Mscanner with spamassasing on a > HPDL380, with 1 scsi disk. > > mscanner MailScanner-4.55.10, sendmail > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From ecasarero at gmail.com Thu Feb 1 20:28:16 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:31:44 2007 Subject: Out of disk space!!! Message-ID: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> hi MS gurus i need your help. I run Mscanner with spamassasing on a HPDL380, with 1 scsi disk. mscanner MailScanner-4.55.10, sendmail -8.13.7 SpamAssassin version 3.1.7running on Perl version 5.8.7 also use tmpfs for MS incomming directory. The problem is that im running out of disk space. Although the server saves 30Gb of quarantine there are a lot of space used that i lost without knowing what eat that. Filesystem Size Used Avail Use% Mounted on /dev/cciss/c0d0p3 57G 54G 3.0G 95% / /dev/cciss/c0d0p1 100M 39M 62M 39% /boot 1 problem i found was with the bayes database that for some reason did not delete the .expire but that was solved. What should i check? please any suggestion im also running out of ideas! thanks!!! Eduardo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/9e735246/attachment.html From claude.gagne at multitech.qc.ca Thu Feb 1 20:38:40 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 19:40:37 2007 Subject: Out of disk space!!! In-Reply-To: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> References: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> Message-ID: <45C241C0.10007@multitech.qc.ca> Do "du -h /your/quarantine/directory" and let me know the result. Eduardo Casarero a ?crit : > hi MS gurus i need your help. I run Mscanner with spamassasing on a > HPDL380, with 1 scsi disk. > > mscanner MailScanner-4.55.10, sendmail -8.13.7 SpamAssassin version > 3.1.7 running on Perl version 5.8.7 > also use tmpfs for MS incomming directory. > > The problem is that im running out of disk space. Although the server > saves 30Gb of quarantine there are a lot of space used that i lost > without knowing what eat that. > > Filesystem Size Used Avail Use% Mounted on > /dev/cciss/c0d0p3 57G 54G 3.0G 95% / > /dev/cciss/c0d0p1 100M 39M 62M 39% /boot > > 1 problem i found was with the bayes database that for some reason did > not delete the .expire but that was solved. > > What should i check? please any suggestion im also running out of ideas! > > thanks!!! > > Eduardo. > > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From ecasarero at gmail.com Thu Feb 1 20:48:23 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:51:50 2007 Subject: Out of disk space!!! In-Reply-To: <45C241C0.10007@multitech.qc.ca> References: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> <45C241C0.10007@multitech.qc.ca> Message-ID: <7d9b3cf20702011148p1bea77a0na81610ebc0a246a3@mail.gmail.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: logomulti.jpg Type: image/jpeg Size: 2807 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/6d26e2b8/logomulti.jpg From claude.gagne at multitech.qc.ca Thu Feb 1 20:53:08 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 19:55:10 2007 Subject: Out of disk space!!! In-Reply-To: <7d9b3cf20702011148p1bea77a0na81610ebc0a246a3@mail.gmail.com> References: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> <45C241C0.10007@multitech.qc.ca> <7d9b3cf20702011148p1bea77a0na81610ebc0a246a3@mail.gmail.com> Message-ID: <45C24524.60603@multitech.qc.ca> Try to clean a little ? :) Eduardo Casarero a ?crit : > > > 2007/2/1, Claude Gagn? >: > > Do "du -h /your/quarantine/directory" and let me know the result. > > > aprox 30Gb > > Eduardo Casarero a ?crit : >> hi MS gurus i need your help. I run Mscanner with spamassasing on >> a HPDL380, with 1 scsi disk. >> >> mscanner MailScanner-4.55.10, sendmail -8.13.7 SpamAssassin >> version 3.1.7 running on Perl version 5.8.7 >> also use tmpfs for MS incomming directory. >> >> The problem is that im running out of disk space. Although the >> server saves 30Gb of quarantine there are a lot of space used >> that i lost without knowing what eat that. >> >> Filesystem Size Used Avail Use% Mounted on >> /dev/cciss/c0d0p3 57G 54G 3.0G 95% / >> /dev/cciss/c0d0p1 100M 39M 62M 39% /boot >> >> 1 problem i found was with the bayes database that for some >> reason did not delete the .expire but that was solved. >> >> What should i check? please any suggestion im also running out of >> ideas! >> >> thanks!!! >> >> Eduardo. >> >> >> -- >> Ce message a ?t? v?rifi? par Multi Techniques >> pour des virus ou du contenu ? >> risque et rien de suspect n'a ?t? d?tect?. >> This message has been scanned for viruses and dangerous content >> by Multi Techniques , and is >> believed to be clean. > > -- > * Claude Gagn?* > / Technicien informatique/ > > claude.gagne@multitech.qc.ca > 226-A, chemin des Poirier > Montmagny (Qc) > G5V 3X8 > > T?l. : (418) 248-2247 > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > Rivi?re-du-Loup (Qc) > G5R 2P5 > > T?l. : (418) 867-3355 > T?l?c. : (418) 867-2775 > * > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > > > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From ecasarero at gmail.com Thu Feb 1 20:38:31 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:57:15 2007 Subject: Need help, server running out of space!! In-Reply-To: <45C23F60.5010805@multitech.qc.ca> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> Message-ID: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: logomulti.jpg Type: image/jpeg Size: 2807 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/3bd746bf/logomulti.jpg From jaearick at colby.edu Thu Feb 1 21:03:10 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 1 20:06:40 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C1CCF4.1070100@nerc.ac.uk> References: <45C1CCF4.1070100@nerc.ac.uk> Message-ID: On Thu, 1 Feb 2007, Greg Matthews wrote: > Date: Thu, 01 Feb 2007 11:20:20 +0000 > From: Greg Matthews > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Use of floating point on typical mailserver > > I'm considering evaluating the "coolthreads" hardware from Sun, in particular > the T2000. This utilises the first generation "Niagra" chips which can handle > up to 32 threads per socket. > > The technology looks pretty good apart from the fact that they only have a > single FPU per socket. > > My question is, how much FP does a typical mail server (sendmail/MS/MW etc) > need? Is it even worth going through the evaluation procedure or should I > wait until the Niagra2 chips arrive (May apparently) which will have one FPU > per core? Anyone here using this hardware? We have two 8-core T2000s and three 8-core T1000s onsite. The three T1000s handle our webmail front end (horde/imp and associated apache stuff). One T2000 is a web server, and the second T2000 came online a couple of weeks ago to handle our IMAP service (dovecot 1.0rc18 currently). This box has an HP MSA50 disk array with fourteen 72GB disks in a mirrored/ striped ZFS disk pool for homedirs. All of these systems do a great job, and barely break a sweat doing it. While I can't speak to the FPU issue directly, I got a bit of advice from a Sun engineer on which chipset to buy for what use in Sun-land. If you want floating-point computation speed, buy x86 boxes (Sun V20's, etc) because the clock cycle of the x86 chips is so much faster. If the work is non floating-point, then buy Coolthreads servers if the ratio of threads to processes is > 4. How to find out? Run "prstat" and look at the bottom line. Take the ratio of processes to LWPs. If the ratio is less than four, then buy standard Sparc. Sparc chips have the advantage that they are RISC chips while x86 aren't. His advice, passed along. Jeff Earickson Colby College From claude.gagne at multitech.qc.ca Thu Feb 1 21:07:45 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 20:09:48 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Message-ID: <45C24891.3010701@multitech.qc.ca> du -h /var Eduardo Casarero a ?crit : > 2007/2/1, Claude Gagn? >: > > Empty the quarantine ? > > > i've already done that and now i have some air, but something is > eating space very quick and its not the quarantine. > > > Eduardo Casarero a ?crit : >> hi MS gurus i need your help. I run Mscanner with spamassasing on >> a HPDL380, with 1 scsi disk. >> >> mscanner MailScanner-4.55.10, sendmail >> >> -- >> Ce message a ?t? v?rifi? par Multi Techniques >> pour des virus ou du contenu ? >> risque et rien de suspect n'a ?t? d?tect?. >> This message has been scanned for viruses and dangerous content >> by Multi Techniques , and is >> believed to be clean. > > -- > * Claude Gagn?* > / Technicien informatique/ > > claude.gagne@multitech.qc.ca > 226-A, chemin des Poirier > Montmagny (Qc) > G5V 3X8 > > T?l. : (418) 248-2247 > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > Rivi?re-du-Loup (Qc) > G5R 2P5 > > T?l. : (418) 867-3355 > T?l?c. : (418) 867-2775 > * > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > > > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From clacroix at cegep-ste-foy.qc.ca Thu Feb 1 21:09:25 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Thu Feb 1 20:11:18 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Message-ID: <200702011509.26215.clacroix@cegep-ste-foy.qc.ca> I would walk in my filesystem with something like this: cd / du -cks * | sort -rn | head -n 11 On Thursday 01 February 2007 14:38, Eduardo Casarero wrote: > 2007/2/1, Claude Gagn? : > > Empty the quarantine ? > > i've already done that and now i have some air, but something is eating > space very quick and its not the quarantine. > > Eduardo Casarero a ?crit : > > hi MS gurus i need your help. I run Mscanner with spamassasing on a > > HPDL380, with 1 scsi disk. > > > > mscanner MailScanner-4.55.10, sendmail > > > > -- > > Ce message a ?t? v?rifi? par Multi > > Techniquespour des virus ou du contenu ? > > risque et rien de suspect n'a ?t? d?tect?. This message has been scanned > > for viruses and dangerous content by Multi Techniques > > , and is believed to be clean. > > > > > > -- > > * Claude Gagn?* > > * Technicien informatique* > > > > claude.gagne@multitech.qc.ca 226-A, chemin des Poirier > > Montmagny (Qc) > > G5V 3X8 > > > > T?l. : (418) 248-2247 > > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > > Rivi?re-du-Loup (Qc) > > G5R 2P5 > > > > T?l. : (418) 867-3355 > > T?l?c. : (418) 867-2775 > > * > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! From micoots at yahoo.com Thu Feb 1 21:09:00 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 20:12:26 2007 Subject: Need help, server running out of space!! Message-ID: <190173.58045.qm@web33309.mail.mud.yahoo.com> Use "du -ks *|sort -n" on various parent directories and continue to drill down on the bigger directories, you will eventually find what is taking the space. Regards, Michael. ----- Original Message ---- From: Claude Gagn? To: MailScanner discussion Sent: Friday, 2 February, 2007 6:28:32 AM Subject: Re: Need help, server running out of space!! Empty the quarantine ? Eduardo Casarero a ?crit : hi MS gurus i need your help. I run Mscanner with spamassasing on a HPDL380, with 1 scsi disk. mscanner MailScanner-4.55.10, sendmail -- Ce message a ?t? v?rifi? par Multi Techniques pour des virus ou du contenu ? risque et rien de suspect n'a ?t? d?tect?. This message has been scanned for viruses and dangerous content by Multi Techniques, and is believed to be clean. -- Claude Gagn? Technicien informatique claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Send instant messages to your online friends http://au.messenger.yahoo.com -------------- next part -------------- Skipped content of type multipart/related From email at ace.net.au Thu Feb 1 22:16:16 2007 From: email at ace.net.au (Peter Nitschke) Date: Thu Feb 1 21:20:01 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Message-ID: <200702020746160185.28FFA111@smtp1.ace.net.au> Have you checked your logs? *********** REPLY SEPARATOR *********** On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: >2007/2/1, Claude Gagn? : >> >> Empty the quarantine ? >> > >i've already done that and now i have some air, but something is eating >space very quick and its not the quarantine. > > >Eduardo Casarero a ?crit : >> >> hi MS gurus i need your help. I run Mscanner with spamassasing on a >> HPDL380, with 1 scsi disk. >> >> mscanner MailScanner-4.55.10, sendmail >> >> -- >> Ce message a ?t? v?rifi? par Multi >Techniquespour des virus ou du contenu ? >risque et rien de suspect n'a ?t? d?tect?. >> This message has been scanned for viruses and dangerous content by Multi >> Techniques , and is believed to be clean. >> >> >> -- >> * Claude Gagn?* >> * Technicien informatique* >> >> claude.gagne@multitech.qc.ca 226-A, chemin des Poirier >> Montmagny (Qc) >> G5V 3X8 >> >> T?l. : (418) 248-2247 >> T?l?c. : (418) 248-2230 >> *8, rue du Domaine >> Rivi?re-du-Loup (Qc) >> G5R 2P5 >> >> T?l. : (418) 867-3355 >> T?l?c. : (418) 867-2775 >> * >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 1 22:41:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 21:46:24 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2098A.3070200@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: <45C25E72.4040602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? Julian Field wrote: > * PGP Signed: 02/01/07 at 15:39:11 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > -- When using the Custom Function plugin system, you can now calculate > a ruleset from within your Custom Function. Very useful for large sites. > -- Improvements to the accuracy of the SpamAssassin cache results. > -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > -- Messages placed in multiple outgoing queues are now delivered > immediately. > -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 QGoVAz6JCXa/wB5mY9i53jc= =tJ90 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From john at katy.com Thu Feb 1 22:50:26 2007 From: john at katy.com (John Schmerold) Date: Thu Feb 1 21:54:12 2007 Subject: Performance In-Reply-To: <45C07F76.5050409@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> Message-ID: <45C260A2.6040601@katy.com> MailScanner -changed is a great help. I promised to let the group know how things are going. Very well is the answer. Messages are getting processed in 4 to 10 seconds. The main problem I have now is responding to mal-formed HELO announcements. I am having to write a lot of "your critical emails aren't getting through because your correspondent's mail server is mis-configured. Of course, I'm keeping "check_helo_access hash:/etc/postfix/helo_access" in my back-pocket. When things quiet down, I'll deal with the scatterback issue. For now, I'm dumping them off the face of the earth by specifying a non-existant relay host. /etc/postfix/transport takes care of getting legitimate mail where it needs to go. Yes, I know this isn't optimal way of dealing with the problem. Kept Pyzor, since things are under control. It will be on my short list of things to eliminate if we get back to 2-6 hour queue times. Kept cbl.abuseat.org and zen.spamhaus.org due to Spamhaus TOS, and the fact that RBL checks do not seem to be the bottleneck. Added ws.surbl.org to list of RBLs Added combined.njabl.org to list of RBLs /dev/shm & /var/spool/MailScanner/incoming was a tmpfs dir. Added following to /etc/cron.hourly/check_MailScanner if [ -d /dev/shm ]; then TMPDIR=/dev/shm export TMPDIR fi Changes to MailScanner.conf: Max Children = 5 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Changes to main.cf smtpd_delay_reject=no smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access reject_invalid_hostname reject_unknown_hostname reject_non_fqdn_hostname reject_unauth_pipelining permit PolicyD was already giving me GreatPause, so I didn't add smtpd_client_restrictions as recommended For the record, my current configuration is as follows: [root@mx1 ~]# MailScanner -changed Table of Changed Values: Option Name Default Current Value =============================================================================== alwaysincludespamassassinreport no yes archivemail RULESET:Default= highscoringspamactions deliver header "X-Spam-Status: Yes" store highspamassassinscore 10 7 incomingqueuedir /var/spool/mqueue.in /var/spool/postfix/hold languagestrings /etc/MailScanner/reports/en/languages.conf logspam no yes logspeed no yes maxspamassassinsize 30000 20k mta sendmail postfix outgoingqueuedir /var/spool/mqueue /var/spool/postfix/incoming requiredspamassassinscore 6 4 restartevery 14400 7200 runasgroup 0 postfix runasuser 0 postfix signcleanmessages yes no spamactions deliver header "X-Spam-Status: Yes" deliver header "X-Spam-Status: Res" spamassassinsiterulesdir /etc/mail/spamassassin spamheader X-MailScanner-SpamCheck: X-Schmerold-MailScanner-SpamCheck: spamliststobespam 1 3 spamliststoreachhighscore 3 7 spamscoreheader X-MailScanner-SpamScore: X-Schmerold-MailScanner-SpamScore: virusscanners auto f-prot [root@mx1 ~]# [root@mx1 ~]# postconf -n canonical_maps = hash:/etc/postfix/canonical config_directory = /etc/postfix disable_vrfy_command = yes hash_queue_names = "" header_checks = regexp:/etc/postfix/header_checks masquerade_exceptions = root message_size_limit = 51200000 mydomain = schmerold.com myhostname = mx1.schmerold.com mynetworks = 127.0.0.0/8 65.16.251.208/29 relay_domains = katy.com katy.net katycomputer.com schmerold.com relayhost = [127.0.0.1]:8080 smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = no smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access reject_invalid_hostname reject_unknown_hostname reject_non_fqdn_hostname reject_unauth_pipelining permit smtpd_recipient_restrictions = check_helo_access hash:/etc/postfix/helo_access reject_invalid_hostname reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/whitelist check_policy_service inet:127.0.0.1:10031 reject_rbl_client combined.njabl.org reject_rbl_client cbl.abuseat.org reject_rbl_client ws.surbl.org reject_rbl_client zen.spamhaus.org permit smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual [root@mx1 ~]# Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Just a quick note of info: > > When asking users for settings like this, a very useful command is > MailScanner -changed > which will list all the configuration options that have been changed > from their supplied defaults. > You might want to do > MailScanner -changed | grep -v reports > to strip out all the report directories. From mkettler at evi-inc.com Thu Feb 1 22:52:11 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Feb 1 21:55:46 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: <45C2610B.80501@evi-inc.com> Julian Field wrote: > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > Apparently the script that detects these announcements, automatically downloads MailScanner to our test servers, tests it, and posts complaints about it to the list, is broken... You might want to look into fixing that part of the package J.. :) (sorry, couldn't resist) From jaearick at colby.edu Thu Feb 1 22:57:23 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 1 22:00:54 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: On Thu, 1 Feb 2007, Julian Field wrote: > Date: Thu, 01 Feb 2007 21:41:06 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? Yes, I noticed. Yes, I upgraded from 4.58.8. Yes, it is working great. I am a UNIX guy. Error (nonzero return code) = complaint. Success (zero return code) = silence. Hence my silence... Jeff Earickson Colby College From mrm at medicine.wisc.edu Thu Feb 1 22:57:36 2007 From: mrm at medicine.wisc.edu (Michael Masse) Date: Thu Feb 1 22:01:23 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2610B.80501@evi-inc.com> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> <45C2610B.80501@evi-inc.com> Message-ID: <45C20DEF.7FBE.00FC.3@medicine.wisc.edu> Julian Field wrote: > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > Have it installed on one server so far. So far so good! Mike From ssilva at sgvwater.com Thu Feb 1 23:03:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 1 22:07:28 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C20DEF.7FBE.00FC.3@medicine.wisc.edu> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> <45C2610B.80501@evi-inc.com> <45C20DEF.7FBE.00FC.3@medicine.wisc.edu> Message-ID: Michael Masse spake the following on 2/1/2007 1:57 PM: > Julian Field wrote: >> Has anyone noticed I produced a stable release this afternoon? >> Or is it just working okay? >> > > Have it installed on one server so far. > > So far so good! > > Mike > Beating a server into submission also! Got a little behind this morning, and not in a good way! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikea at mikea.ath.cx Thu Feb 1 23:06:46 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Feb 1 22:10:21 2007 Subject: Need help, server running out of space!! In-Reply-To: <200702020746160185.28FFA111@smtp1.ace.net.au>; from email@ace.net.au on Fri, Feb 02, 2007 at 07:46:16AM +1030 References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> <200702020746160185.28FFA111@smtp1.ace.net.au> Message-ID: <20070201160646.B61555@mikea.ath.cx> On Fri, Feb 02, 2007 at 07:46:16AM +1030, Peter Nitschke wrote: > Have you checked your logs? > > *********** REPLY SEPARATOR *********** > > On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: > > >2007/2/1, Claude Gagn? : > >> > >> Empty the quarantine ? > >> > > > >i've already done that and now i have some air, but something is eating > >space very quick and its not the quarantine. > > > > > >Eduardo Casarero a ?crit : > >> > >> hi MS gurus i need your help. I run Mscanner with spamassasing on a > >> HPDL380, with 1 scsi disk. > >> > >> mscanner MailScanner-4.55.10, sendmail I have seen some circumstances in which a large file, while consuming disk space, didn't show up in `ls -l` or in `du` while the process was running that was writing to the file. You may have to stop MailScanner and other tools to have a chance of seeing where the big file is. In the worst case, you'll have to boot to single-user mode, mount the disks in your fstab, and then examine them. Good luck! -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From ssilva at sgvwater.com Thu Feb 1 23:20:26 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 1 22:24:16 2007 Subject: Performance In-Reply-To: <45C260A2.6040601@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> Message-ID: John Schmerold spake the following on 2/1/2007 1:50 PM: > MailScanner -changed is a great help. > > I promised to let the group know how things are going. Very well is the > answer. Messages are getting processed in 4 to 10 seconds. > > The main problem I have now is responding to mal-formed HELO > announcements. I am having to write a lot of "your critical emails > aren't getting through because your correspondent's mail server is > mis-configured. Of course, I'm keeping "check_helo_access > hash:/etc/postfix/helo_access" in my back-pocket. > > When things quiet down, I'll deal with the scatterback issue. For now, > I'm dumping them off the face of the earth by specifying a non-existant > relay host. /etc/postfix/transport takes care of getting legitimate mail > where it needs to go. Yes, I know this isn't optimal way of dealing with > the problem. > > Kept Pyzor, since things are under control. It will be on my short list > of things to eliminate if we get back to 2-6 hour queue times. > Kept cbl.abuseat.org and zen.spamhaus.org due to Spamhaus TOS, and the > fact that RBL checks do not seem to be the bottleneck. > Added ws.surbl.org to list of RBLs > Added combined.njabl.org to list of RBLs > > /dev/shm & /var/spool/MailScanner/incoming was a tmpfs dir. Added > following to /etc/cron.hourly/check_MailScanner > if [ -d /dev/shm ]; then > TMPDIR=/dev/shm > export TMPDIR > fi > > Changes to MailScanner.conf: > Max Children = 5 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Changes to main.cf > smtpd_delay_reject=no > > smtpd_helo_restrictions = permit_mynetworks, > check_helo_access hash:/etc/postfix/helo_access > reject_invalid_hostname > reject_unknown_hostname > reject_non_fqdn_hostname > reject_unauth_pipelining > permit > > PolicyD was already giving me GreatPause, so I didn't add > smtpd_client_restrictions as recommended > > For the record, my current configuration is as follows: > [root@mx1 ~]# MailScanner -changed > Table of Changed Values: > > Option Name Default Current Value > =============================================================================== > > alwaysincludespamassassinreport no yes > archivemail RULESET:Default= > highscoringspamactions deliver header "X-Spam-Status: Yes" > store > highspamassassinscore 10 7 > incomingqueuedir /var/spool/mqueue.in > /var/spool/postfix/hold > languagestrings /etc/MailScanner/reports/en/languages.conf > logspam no yes > logspeed no yes > maxspamassassinsize 30000 20k This setting has gone in and out of errors. The k sometimes gives an error--keep an eye out or just change to 20000. Julian has probably fixed this, but I don't remember it in the changelog. > mta sendmail postfix > outgoingqueuedir /var/spool/mqueue > /var/spool/postfix/incoming > requiredspamassassinscore 6 4 > restartevery 14400 7200 > runasgroup 0 postfix > runasuser 0 postfix > signcleanmessages yes no > spamactions deliver header "X-Spam-Status: Yes" > deliver header "X-Spam-Status: Res" > spamassassinsiterulesdir /etc/mail/spamassassin > spamheader X-MailScanner-SpamCheck: > X-Schmerold-MailScanner-SpamCheck: > spamliststobespam 1 3 > spamliststoreachhighscore 3 7 > spamscoreheader X-MailScanner-SpamScore: > X-Schmerold-MailScanner-SpamScore: > virusscanners auto f-prot Clamav doesn't add much overhead, since the scanners run on batches of mail. But clam catches a lot of phishing spams. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ajos1 at onion.demon.co.uk Thu Feb 1 22:47:47 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Feb 1 22:51:16 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: - I am trying it now... so will report back... Just a quick one... the mailscanner website still says: "Version 4.56 10th October 2006" -- On another thing... ======================================================== I have a had long long term problem with dependencies... so tonight I thought I would see if I could get away with not using the --nodeps [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch ======================================================== Despite being on Version 5.420 of MIME-Tools : [root@www mailscanner]# perl ../perl_ext/modtest.pl MIME::Tools 5.412 Module: MIME::Tools - 5.420 (0) [Tested for 5.412] ###CHECK### ======================================================== I thought I would try: [root@www mailscanner]# rpm -ivh perl-MIME-tools-5.420-1.src.rpm 1:perl-MIME-tools ########################################### [100%] [root@www mailscanner]# rpm -Uvh perl-MIME-tools-5.420-1.src.rpm 1:perl-MIME-tools ########################################### [100%] ======================================================== And I still get... [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch ======================================================== -----Original Message----- From: MailScanner discussion References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: <45C27083.2090209@haigmail.com> It is working just fine here My download script does not work anymore but I manually downloaded it Thanks Julian Lance From ajos1 at onion.demon.co.uk Thu Feb 1 23:17:35 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Feb 1 23:21:05 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: - Okay the rpm was a source RPM... so hence why it not install in the usual way... Anys I have decided to try the install.sh method for the first time ever... For modules it wants to install... it says: Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.108-1.noarch.rpm. Maybe it did not build correctly? etc... -----Original Message----- From: ajos1@onion.demon.co.uk Subj: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released Date: Thu, 01 Feb 2007 22:47:47 (GMT/BST) I have a had long long term problem with dependencies... so tonight I thought I would see if I could get away with not using the --nodeps [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch From res at ausics.net Fri Feb 2 00:18:42 2007 From: res at ausics.net (Res) Date: Thu Feb 1 23:22:16 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: On Thu, 1 Feb 2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? Of course it just works :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From ssilva at sgvwater.com Fri Feb 2 00:21:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 1 23:27:06 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: References: Message-ID: ajos1@onion.demon.co.uk spake the following on 2/1/2007 2:47 PM: > - > > I am trying it now... so will report back... > > Just a quick one... the mailscanner website still says: > > "Version 4.56 10th October 2006" > > -- > > On another thing... > ======================================================== > I have a had long long term problem with dependencies... so tonight I thought I would see if I could get away with not using the --nodeps > > [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm > error: Failed dependencies: > perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch > > ======================================================== > > Despite being on Version 5.420 of MIME-Tools : > > [root@www mailscanner]# perl ../perl_ext/modtest.pl MIME::Tools 5.412 > Module: MIME::Tools - 5.420 (0) [Tested for 5.412] ###CHECK### > > ======================================================== > > I thought I would try: > > [root@www mailscanner]# rpm -ivh perl-MIME-tools-5.420-1.src.rpm > 1:perl-MIME-tools ########################################### [100%] > > [root@www mailscanner]# rpm -Uvh perl-MIME-tools-5.420-1.src.rpm > 1:perl-MIME-tools ########################################### [100%] Those commands will only install the source. You would need to rpmbuild --rebuild perl-MIME-tools-5.420-1.src.rpm, and install the resulting binary. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From pete at enitech.com.au Fri Feb 2 00:23:35 2007 From: pete at enitech.com.au (Peter Russell) Date: Thu Feb 1 23:27:09 2007 Subject: Performance In-Reply-To: <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> Message-ID: <45C27677.5070108@enitech.com.au> Glenn Steen wrote: > On 01/02/07, Peter Russell wrote: >> >> >> Glenn Steen wrote: >> > On 31/01/07, Peter Russell wrote: > (snip even more) >> >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com >> >> > Why is there no "companion" relay_recipient_maps? You should reject >> >> > unknown recipients. >> >> > >> >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> >> >> smtpd_helo_required = yes >> >> > Here you should perhaps have a >> >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> >> > hash:/etc/postfix/deny_domain_spoof >> >> > Where the deny_domain_spoof is simply an access file detailing the >> >> > domains and IP addresses you relay for like "katy.com REJECT". >> Will be >> >> > perfectly safe to use. >> >> >> >> Glenn - should he have REJECT for domains he relays for? >> > Yes. The thinking here is to REJECT anyone pretending to be either >> > your domain (your MX) or any of the "internal/trusted" IP addresses, >> > unless they really are... The permit_mynetworks take care of not >> > rejecting things that shouldn't be rejected:). >> > As said, perfectly safe;-). >> > This one rejects a few every day. Thanks Glenn, i implemented the changes you suggested and now i get legitimate hosts being blocked. postfix/smtpd[10874]: warning: 203.35.216.230: hostname gateway.davidjones.com.au verification failed: Name or service not known I will leave off making any more MTA changes until one of the clever cloggs can post up some tips... Thanks Pete From leiw324 at yahoo.com.hk Fri Feb 2 00:43:44 2007 From: leiw324 at yahoo.com.hk (Wilson Kwok) Date: Thu Feb 1 23:47:10 2007 Subject: HOWTO uninstall MailScanner Message-ID: <20070201234344.61928.qmail@web54405.mail.yahoo.com> FC4, MailScanner, MailScanner-4.53.8-1.rpm.tar.gz, clamav-0.88.4.tar.gz, spamassassin-3.0.6-1.fc4 Please help ! Thanks ! _______________________________________ YM - Â÷½u°T®§ ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C http://messenger.yahoo.com.hk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/66b85aea/attachment.html From prandal at herefordshire.gov.uk Fri Feb 2 01:07:06 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 2 00:10:46 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176822F@isabella.herefordshire.gov.uk> It's working fine thanks Julian. One thing I noticed was that clamav (module) had left some junk in /dev/shm after I'd done a "service MailScanner restart". I suspect clamavmodule's temp files are not cleaned out on shutdown of MailScanner. That doesn't matter so much when they are in /tmp, but it makes me a bit nervous to see growing amounts of junk in /dev/shm. I can live with it, though :-) Having clamavmodule's temp files in /dev/shm seems to speed things up a bit, so that hack is a definite plus. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 01, 2007 9:41 PM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? Julian Field wrote: > * PGP Signed: 02/01/07 at 15:39:11 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > -- When using the Custom Function plugin system, you can now calculate > a ruleset from within your Custom Function. Very useful for large sites. > -- Improvements to the accuracy of the SpamAssassin cache results. > -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > -- Messages placed in multiple outgoing queues are now delivered > immediately. > -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 QGoVAz6JCXa/wB5mY9i53jc= =tJ90 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Fri Feb 2 01:38:41 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 00:42:20 2007 Subject: HOWTO uninstall MailScanner In-Reply-To: <20070201234344.61928.qmail@web54405.mail.yahoo.com> References: <20070201234344.61928.qmail@web54405.mail.yahoo.com> Message-ID: Wilson Kwok spake the following on 2/1/2007 3:43 PM: > FC4, MailScanner, MailScanner-4.53.8-1.rpm.tar.gz, clamav-0.88.4.tar.gz, > > spamassassin-3.0.6-1.fc4 > > Please help ! > > Thanks ! rpm -e mailscanner -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Fri Feb 2 01:50:30 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Feb 2 00:54:06 2007 Subject: HOWTO uninstall MailScanner In-Reply-To: References: <20070201234344.61928.qmail@web54405.mail.yahoo.com> Message-ID: <45C28AD6.4030802@evi-inc.com> Scott Silva wrote: > Wilson Kwok spake the following on 2/1/2007 3:43 PM: >> FC4, MailScanner, MailScanner-4.53.8-1.rpm.tar.gz, clamav-0.88.4.tar.gz, >> >> spamassassin-3.0.6-1.fc4 >> >> Please help ! >> >> Thanks ! > rpm -e mailscanner > Side note: you'll also have to deal with getting your MTA started back up using the pre-mailscanner service, assuming you still want to run an MTA on the box. ie, assuming sendmail: service MailScanner stop rpm -e MailScanner service sendmail start chkconfig sendmail on From ka at pacific.net Fri Feb 2 01:58:59 2007 From: ka at pacific.net (Ken A) Date: Fri Feb 2 00:58:49 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: <45C28CD3.2070807@pacific.net> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > Yes! Working great as usual. Thanks, Ken A. Pacific.Net From glenn.steen at gmail.com Fri Feb 2 02:14:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 01:17:32 2007 Subject: Performance In-Reply-To: <45C27677.5070108@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> Message-ID: <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> On 02/02/07, Peter Russell wrote: > > > Glenn Steen wrote: > > On 01/02/07, Peter Russell wrote: > >> > >> > >> Glenn Steen wrote: > >> > On 31/01/07, Peter Russell wrote: > > (snip even more) > >> >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > >> >> > Why is there no "companion" relay_recipient_maps? You should reject > >> >> > unknown recipients. > >> >> > > >> >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> >> >> smtpd_helo_required = yes > >> >> > Here you should perhaps have a > >> >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > >> >> > hash:/etc/postfix/deny_domain_spoof > >> >> > Where the deny_domain_spoof is simply an access file detailing the > >> >> > domains and IP addresses you relay for like "katy.com REJECT". > >> Will be > >> >> > perfectly safe to use. > >> >> > >> >> Glenn - should he have REJECT for domains he relays for? > >> > Yes. The thinking here is to REJECT anyone pretending to be either > >> > your domain (your MX) or any of the "internal/trusted" IP addresses, > >> > unless they really are... The permit_mynetworks take care of not > >> > rejecting things that shouldn't be rejected:). > >> > As said, perfectly safe;-). > >> > This one rejects a few every day. > > Thanks Glenn, i implemented the changes you suggested and now i get > legitimate hosts being blocked. Um and you'er thanking me for this?-):-)... If the hosts being blocked should be in your mynetworks, but aren't, that would indeed reject messages from those machines. But other than that.... Nah, show me some logs:-). > postfix/smtpd[10874]: warning: 203.35.216.230: hostname > gateway.davidjones.com.au verification failed: Name or service not known This isn't a reject, merely a verification warning. You shouldn't be losing any mails by this. As you can gather, I'm not quite convinced you are missing out on anything relevant/having a real problem here. In this particular case, you can check it yourself... the reverse lookup leads to gateway.davidjones.com.au, and the forward lookup for that leads... nowhere. And that is all that log entry is about. If it bothers you and they are a business contact, go ahead and tell them to fix that leftover PTR (which is likely what it might be:). Look for the NOQUEUE lines in the log. Do these coreespond with any reported (by people:-) errors? > I will leave off making any more MTA changes until one of the clever > cloggs can post up some tips... Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? And a clever clogg is then an intelligent footwear? Sort of an AI for pedestrian appliances?:-) > Thanks > Pete -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From FStein at thehill.org Fri Feb 2 02:35:13 2007 From: FStein at thehill.org (Stein, Mr. Fred) Date: Fri Feb 2 01:39:19 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 01, 2007 4:41 PM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? Julian Field wrote: > * PGP Signed: 02/01/07 at 15:39:11 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > -- When using the Custom Function plugin system, you can now calculate > a ruleset from within your Custom Function. Very useful for large sites. > -- Improvements to the accuracy of the SpamAssassin cache results. > -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > -- Messages placed in multiple outgoing queues are now delivered > immediately. > -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 QGoVAz6JCXa/wB5mY9i53jc= =tJ90 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Works fine here. Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA 19464 fstein@thehill.org www.thehill.org From pete at pwdk.com Fri Feb 2 02:37:48 2007 From: pete at pwdk.com (pete@pwdk.com) Date: Fri Feb 2 01:41:23 2007 Subject: MailScanner - Run from PHP script Message-ID: <45C295EC.3030909@pwdk.com> Hi all, I was wondering if it was possible to run mailscanner from a PHP script? So it can be used to check the contents of a string or file, and score it the same as it would score an email. Thanks Pete From pete at enitech.com.au Fri Feb 2 02:40:39 2007 From: pete at enitech.com.au (Peter Russell) Date: Fri Feb 2 01:44:12 2007 Subject: Performance In-Reply-To: <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> Message-ID: <45C29697.4070209@enitech.com.au> Glenn Steen wrote: > On 02/02/07, Peter Russell wrote: >> >> >> Glenn Steen wrote: >> > On 01/02/07, Peter Russell wrote: >> >> >> >> >> >> Glenn Steen wrote: >> >> > On 31/01/07, Peter Russell wrote: >> > (snip even more) >> >> >> >> relay_domains = katy.com katy.net katycomputer.com >> schmerold.com >> >> >> > Why is there no "companion" relay_recipient_maps? You should >> reject >> >> >> > unknown recipients. >> >> >> > >> >> >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> >> >> >> smtpd_helo_required = yes >> >> >> > Here you should perhaps have a >> >> >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> >> >> > hash:/etc/postfix/deny_domain_spoof >> >> >> > Where the deny_domain_spoof is simply an access file detailing >> the >> >> >> > domains and IP addresses you relay for like "katy.com REJECT". >> >> Will be >> >> >> > perfectly safe to use. >> >> >> >> >> >> Glenn - should he have REJECT for domains he relays for? >> >> > Yes. The thinking here is to REJECT anyone pretending to be either >> >> > your domain (your MX) or any of the "internal/trusted" IP addresses, >> >> > unless they really are... The permit_mynetworks take care of not >> >> > rejecting things that shouldn't be rejected:). >> >> > As said, perfectly safe;-). >> >> > This one rejects a few every day. >> >> Thanks Glenn, i implemented the changes you suggested and now i get >> legitimate hosts being blocked. > Um and you'er thanking me for this?-):-)... If the hosts being blocked > should be in your mynetworks, but aren't, that would indeed reject > messages from those machines. But other than that.... Nah, show me > some logs:-). > >> postfix/smtpd[10874]: warning: 203.35.216.230: hostname >> gateway.davidjones.com.au verification failed: Name or service not known > This isn't a reject, merely a verification warning. You shouldn't be > losing any mails by this. > As you can gather, I'm not quite convinced you are missing out on > anything relevant/having a real problem here. In this particular > case, you can check it yourself... the reverse lookup leads to > gateway.davidjones.com.au, and the forward lookup for that leads... > nowhere. And that is all that log entry is about. If it bothers you > and they are a business contact, go ahead and tell them to fix that > leftover PTR (which is likely what it might be:). > Look for the NOQUEUE lines in the log. Do these coreespond with any > reported (by people:-) errors? > As you say, after i posted it i did some further research and found it was just a warning - thanks for the explanation. >> I will leave off making any more MTA changes until one of the clever >> cloggs can post up some tips... > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > And a clever clogg is then an intelligent footwear? Sort of an AI for > pedestrian appliances?:-) Well i didnt wanna say geeks - but there you go you have forced me. :) > >> Thanks >> Pete > I made some changes to my main.cf and then telnet in to my server from another network, i can get through helo, MAIL FROM with false info - no warnings, errors or disconnects. Any idea where i am going wrong? (i have exclude all my pre existing transport map, relay domains type config) Appreciate any tips or suggestions. Pete smtpd_client_restrictions = hash:/etc/postfix/access permit_mynetworks sleep 4 reject_unauth_pipelining permit smtpd_helo_required = yes smptd_helo_restrictions = sleep 1 permit_mynetworks check_helo_access hash:/etc/postfix/deny_domain_spoof reject_unauth_pipelining permit smtpd_recipient_restrictions = hash:/etc/postfix/access reject_invalid_hostname reject_non_fqdn_hostname permit_auth_destination reject_unauth_destination reject_non_fqdn_sender permit relay_recipient_maps = hash:/etc/postfix/Recipients-AD, hash:/etc/postfix/Recipients-AL, regexp:/etc/postfix/Recipients-Manual, From glenn.steen at gmail.com Fri Feb 2 02:59:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 02:02:37 2007 Subject: Performance In-Reply-To: <45C29697.4070209@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> Message-ID: <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> On 02/02/07, Peter Russell wrote: > > (snip) > As you say, after i posted it i did some further research and found it > was just a warning - thanks for the explanation. :-) > >> I will leave off making any more MTA changes until one of the clever > >> cloggs can post up some tips... > > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > > And a clever clogg is then an intelligent footwear? Sort of an AI for > > pedestrian appliances?:-) > > Well i didnt wanna say geeks - but there you go you have forced me. :) Why thank you... Such high praise...:-):-). > > I made some changes to my main.cf and then telnet in to my server from > another network, i can get through helo, MAIL FROM with false info - no > warnings, errors or disconnects. Any idea where i am going wrong? (i > have exclude all my pre existing transport map, relay domains type > config) Appreciate any tips or suggestions. > Pete To my tired eyes (it's almost 02.00 here) it looks ok, so it would depend on the content of the file I guess... You did remember to postmap it (and reload postfix after the changes to main.cf)? With a little luck (all the luck I didn't have today... SSL-X logged itself to death (audit f a failed message just kept repeating) and was ornery about the license file while updating on new HW, Oracle was just as Oracle can be, the doctor kept me waiting (well, nothing new there:-) and pesky users kept interrupting about me helping them with their *private* WLAN/DSL installs (as if I was going home to them and doing their LAN... Well, perhaps if sufficient amounts of finer booze was at the end of it:), so that I never got any time to install the latest and greatest MS... Grrr.) I'll have time to look at it again in the morning (today). Tired but kind regards -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Fri Feb 2 03:06:42 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 2 02:10:46 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <45C20B66.8020309@ecs.soton.ac.uk> References: <20070131163457.B633.GERARD@seibercom.net> <45C14381.1000107@nkpanama.com> <45C20B66.8020309@ecs.soton.ac.uk> Message-ID: <45C29CB2.6070405@nkpanama.com> Julian Field wrote: > I only thing I know is wrong on RedHat is that /etc/sysconfig/saslauthd says > MECH=shadow > where > MECH=pam > is enormously more useful in a distributed environment. > Other than that, it just works. My thoughts exactly. I wonder if the original poster meant "it's a pain to set it up so that it works with (insert something else here) instead of the default configs..." From john at katy.com Fri Feb 2 03:10:24 2007 From: john at katy.com (John Schmerold) Date: Fri Feb 2 02:13:59 2007 Subject: Performance In-Reply-To: <45C260A2.6040601@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> Message-ID: <45C29D90.8080901@katy.com> This list becomes an important archive of useful information, so I want to let everyone know we ended up eliminating the smtpd_helo_restrictions section. Too many mail servers are mis-configured. Besides, the RFC, states that the recipient server will accept the message regardless of whether or not the HELO statement is proper. John Schmerold John Schmerold wrote: > MailScanner -changed is a great help. > > I promised to let the group know how things are going. Very well is the > answer. Messages are getting processed in 4 to 10 seconds. > > The main problem I have now is responding to mal-formed HELO > announcements. I am having to write a lot of "your critical emails > aren't getting through because your correspondent's mail server is > mis-configured. Of course, I'm keeping "check_helo_access > hash:/etc/postfix/helo_access" in my back-pocket. > > When things quiet down, I'll deal with the scatterback issue. For now, > I'm dumping them off the face of the earth by specifying a non-existant > relay host. /etc/postfix/transport takes care of getting legitimate mail > where it needs to go. Yes, I know this isn't optimal way of dealing with > the problem. > > Kept Pyzor, since things are under control. It will be on my short list > of things to eliminate if we get back to 2-6 hour queue times. > Kept cbl.abuseat.org and zen.spamhaus.org due to Spamhaus TOS, and the > fact that RBL checks do not seem to be the bottleneck. > Added ws.surbl.org to list of RBLs > Added combined.njabl.org to list of RBLs > > /dev/shm & /var/spool/MailScanner/incoming was a tmpfs dir. Added > following to /etc/cron.hourly/check_MailScanner > if [ -d /dev/shm ]; then > TMPDIR=/dev/shm > export TMPDIR > fi > > Changes to MailScanner.conf: > Max Children = 5 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Changes to main.cf > smtpd_delay_reject=no > > smtpd_helo_restrictions = permit_mynetworks, > check_helo_access hash:/etc/postfix/helo_access > reject_invalid_hostname > reject_unknown_hostname > reject_non_fqdn_hostname > reject_unauth_pipelining > permit > > PolicyD was already giving me GreatPause, so I didn't add > smtpd_client_restrictions as recommended > > For the record, my current configuration is as follows: > [root@mx1 ~]# MailScanner -changed > Table of Changed Values: > > Option Name Default Current Value > =============================================================================== > > alwaysincludespamassassinreport no yes > archivemail RULESET:Default= > highscoringspamactions deliver header "X-Spam-Status: Yes" > store > highspamassassinscore 10 7 > incomingqueuedir /var/spool/mqueue.in > /var/spool/postfix/hold > languagestrings /etc/MailScanner/reports/en/languages.conf > logspam no yes > logspeed no yes > maxspamassassinsize 30000 20k > mta sendmail postfix > outgoingqueuedir /var/spool/mqueue > /var/spool/postfix/incoming > requiredspamassassinscore 6 4 > restartevery 14400 7200 > runasgroup 0 postfix > runasuser 0 postfix > signcleanmessages yes no > spamactions deliver header "X-Spam-Status: Yes" > deliver header "X-Spam-Status: Res" > spamassassinsiterulesdir /etc/mail/spamassassin > spamheader X-MailScanner-SpamCheck: > X-Schmerold-MailScanner-SpamCheck: > spamliststobespam 1 3 > spamliststoreachhighscore 3 7 > spamscoreheader X-MailScanner-SpamScore: > X-Schmerold-MailScanner-SpamScore: > virusscanners auto f-prot > [root@mx1 ~]# > > [root@mx1 ~]# postconf -n > canonical_maps = hash:/etc/postfix/canonical > config_directory = /etc/postfix > disable_vrfy_command = yes > hash_queue_names = "" > header_checks = regexp:/etc/postfix/header_checks > masquerade_exceptions = root > message_size_limit = 51200000 > mydomain = schmerold.com > myhostname = mx1.schmerold.com > mynetworks = 127.0.0.0/8 65.16.251.208/29 > relay_domains = katy.com katy.net katycomputer.com schmerold.com > relayhost = [127.0.0.1]:8080 > smtpd_data_restrictions = reject_unauth_pipelining, permit > smtpd_delay_reject = no > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > hash:/etc/postfix/helo_access reject_invalid_hostname > reject_unknown_hostname reject_non_fqdn_hostname > reject_unauth_pipelining permit > smtpd_recipient_restrictions = check_helo_access > hash:/etc/postfix/helo_access reject_invalid_hostname > reject_non_fqdn_hostname reject_non_fqdn_sender > reject_non_fqdn_recipient reject_unknown_sender_domain > permit_mynetworks reject_unauth_destination check_sender_access > hash:/etc/postfix/whitelist check_policy_service inet:127.0.0.1:10031 > reject_rbl_client combined.njabl.org reject_rbl_client cbl.abuseat.org > reject_rbl_client ws.surbl.org reject_rbl_client zen.spamhaus.org permit > smtpd_sender_restrictions = hash:/etc/postfix/access > transport_maps = hash:/etc/postfix/transport > virtual_alias_domains = hash:/etc/postfix/virtual > virtual_alias_maps = hash:/etc/postfix/virtual > [root@mx1 ~]# > > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Just a quick note of info: >> >> When asking users for settings like this, a very useful command is >> MailScanner -changed >> which will list all the configuration options that have been changed >> from their supplied defaults. >> You might want to do >> MailScanner -changed | grep -v reports >> to strip out all the report directories. From alex at nkpanama.com Fri Feb 2 03:18:48 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 2 02:22:56 2007 Subject: MailScanner - Run from PHP script In-Reply-To: <45C295EC.3030909@pwdk.com> References: <45C295EC.3030909@pwdk.com> Message-ID: <45C29F88.1050607@nkpanama.com> MailScanner doesn't score... SpamAssassin does. You may want to use exec with spamassassin to see how it goes. pete@pwdk.com wrote: > Hi all, > > I was wondering if it was possible to run mailscanner from a PHP script? > > So it can be used to check the contents of a string or file, and score > it the same as it would score an email. > > > Thanks > Pete From john at katy.com Fri Feb 2 04:35:52 2007 From: john at katy.com (John Schmerold) Date: Fri Feb 2 03:39:23 2007 Subject: Performance In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> Message-ID: <45C2B198.6060806@katy.com> I set Children & Messages per scan low after viewing: http://tinyurl.com/ypqot7 We've gone back to higher values now. John Schmerold Randal, Phil wrote: > Max Children = 2 > Max Unscanned Messages Per Scan = 10 > Max Unsafe Messages Per Scan = 10 > > These seem a bit on the low side to me. > > The defaults are: > > Max Children = 5 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Any reason why you so drastically changed them downwards? > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of John Schmerold >> Sent: 31 January 2007 06:13 >> To: mailscanner@lists.mailscanner.info >> Subject: Performance >> >> We're seeing significant backlogs, mail is taking 2-6 hours >> to get thru >> the Postfix/Mailscanner gauntlet we've setup. What's everyone else >> seeing in terms of mail processing time? >> >> I've looked at the home page & WIKI, so, I'm guessing I am missing >> something or there are new techniques not yet published on the >> mailscanner.info >> >> Some of my statistics are as follows: >> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD >> Mail volume: approx 7,500 messages per day >> Misc: We have set the noatime flag on spool and log >> partitions & use a >> local DNS caching nameserver. >> >> MS Configuration: >> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf >> # See http://www.mailscanner.info/MailScanner.conf.index.html for all >> options & defaults >> %etc-dir% = /etc/MailScanner >> %mcp-dir% = /etc/MailScanner/mcp >> %org-long-name% = Schmerold >> %org-name% = Schmerold >> %report-dir% = /etc/MailScanner/reports/en >> %rules-dir% = /etc/MailScanner/rules >> %web-site% = www.schmerold.com >> >> Always Include SpamAssassin Report = yes >> Archive Mail = /etc/MailScanner/rules/archive.rules >> High Scoring Spam Actions = store >> High SpamAssassin Score = 7 >> Incoming Queue Dir = /var/spool/postfix/hold >> Incoming Work Dir = /var/spool/MailScanner/incoming >> Language Strings = /etc/MailScanner/reports/en/languages.conf >> MTA = postfix >> Outgoing Queue Dir = /var/spool/postfix/incoming >> Required SpamAssassin Score = 4 >> Restart Every = 7200 >> Run As Group = postfix >> Run As User = postfix >> Sign Clean Messages = no >> SpamAssassin Site Rules Dir = /etc/mail/spamassassin >> >> Log Speed = yes >> Max Children = 2 >> Max Unscanned Messages Per Scan = 10 >> Max Unsafe Messages Per Scan = 10 >> Spam List = >> Virus Scanners = f-prot >> [root@mx1 ~]# >> >> PostFix Configuration: >> [root@mx1 ~]# postconf -n >> canonical_maps = hash:/etc/postfix/canonical >> config_directory = /etc/postfix >> disable_vrfy_command = yes >> hash_queue_names = "" >> header_checks = regexp:/etc/postfix/header_checks >> masquerade_exceptions = root >> message_size_limit = 51200000 >> mydomain = schmerold.com >> myhostname = mx1.schmerold.com >> mynetworks = 127.0.0.0/8 65.16.251.208/29 >> relay_domains = katy.com katy.net katycomputer.com schmerold.com >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> smtpd_helo_required = yes >> smtpd_recipient_restrictions = reject_invalid_hostname >> reject_non_fqdn_hostname reject_non_fqdn_sender >> reject_non_fqdn_recipient reject_unknown_sender_domain >> permit_mynetworks reject_unauth_destination check_sender_access >> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org >> reject_rbl_client zen.spamhaus.org permit >> smtpd_sender_restrictions = hash:/etc/postfix/access >> transport_maps = hash:/etc/postfix/transport >> virtual_alias_domains = hash:/etc/postfix/virtual >> virtual_alias_maps = hash:/etc/postfix/virtual >> [root@mx1 ~]# >> >> >> MS Log: >> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40" >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to >> 389AB894965 >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to >> A6D8289500D >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to >> 20327894942 >> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered >> 7 messages >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at >> 128844 bytes >> per second (8272398 / 64) >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) >> processed in >> 64.20 seconds >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 >> messages >> waiting >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning >> 10 messages, >> 169939 bytes >> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the >> SpamAssassin cache >> Jan 30 23:40:04 mx1 named[2116]: lame server resolving >> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53 >> Jan 30 23:40:08 mx1 named[2116]: lame server resolving >> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): >> 194.70.36.12#53 >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 >> spam messages >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 >> bytes per second >> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content >> Scanning: Starting >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at >> 156861 bytes per second >> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from >> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A >> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and >> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from >> www-data@balancetechnology.com >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to >> 6535E894D8C >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to >> DB04E894E55 >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to >> 0597D895371 >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to >> 0CB4B8953AD >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to >> AC1D989448D >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to >> A879089466A >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to >> 80A7B894E67 >> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered >> 7 messages >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at >> 650569 bytes per second >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes >> per second (86123 / 70) >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) >> processed in >> 70.85 seconds >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 >> messages >> waiting >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning >> 10 messages, >> 160591 bytes >> [root@mx1 ~]# >> From jcb at dream.com.ph Fri Feb 2 05:24:17 2007 From: jcb at dream.com.ph (jepoy) Date: Fri Feb 2 04:27:51 2007 Subject: Ruleset on Scanning Message-ID: <019301c74682$010eabe0$920bbdcb@pmsi.net> hi guys, can you give some rule tips on these things. im still experimenting on some of these powerful rulesets. 1. I dont want my trusted network to be scanned of content,filename(selected only) since i want them to send certain files without being quarantine and i want any incoming messages to be scanned for my trusted users. trusted users ---- any (no scanning for attachment) any --- trusted users (scan as usual) tnx. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/126c851f/attachment.html From pete at enitech.com.au Fri Feb 2 06:18:13 2007 From: pete at enitech.com.au (Pete Russell) Date: Fri Feb 2 05:22:07 2007 Subject: Performance In-Reply-To: <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> Message-ID: <45C2C995.30909@enitech.com.au> Glenn Steen wrote: > On 02/02/07, Peter Russell wrote: >> >> > (snip) >> As you say, after i posted it i did some further research and found it >> was just a warning - thanks for the explanation. > :-) >> >> I will leave off making any more MTA changes until one of the clever >> >> cloggs can post up some tips... >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? >> > And a clever clogg is then an intelligent footwear? Sort of an AI for >> > pedestrian appliances?:-) >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) > Why thank you... Such high praise...:-):-). > >> >> I made some changes to my main.cf and then telnet in to my server from >> another network, i can get through helo, MAIL FROM with false info - no >> warnings, errors or disconnects. Any idea where i am going wrong? (i >> have exclude all my pre existing transport map, relay domains type >> config) Appreciate any tips or suggestions. >> Pete > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > depend on the content of the file I guess... You did remember to > postmap it (and reload postfix after the changes to main.cf)? > With a little luck (all the luck I didn't have today... SSL-X logged > itself to death (audit f a failed message just kept repeating) and was > ornery about the license file while updating on new HW, Oracle was > just as Oracle can be, the doctor kept me waiting (well, nothing new > there:-) and pesky users kept interrupting about me helping them with > their *private* WLAN/DSL installs (as if I was going home to them and > doing their LAN... Well, perhaps if sufficient amounts of finer booze > was at the end of it:), so that I never got any time to install the > latest and greatest MS... Grrr.) I'll have time to look at it again in > the morning (today). > > Tired but kind regards OKay seem to have it working - unfortunately lots of folks have mis configured MTAs. Some of these people wont fix this anytime soon - is there way of 'whitelisting' some hosts/domains from the helo checks and client and recipient checks? What do you normally do when a client or vendor gets rejected by these tests? Thanks Pete From res at ausics.net Fri Feb 2 08:39:48 2007 From: res at ausics.net (Res) Date: Fri Feb 2 07:43:22 2007 Subject: Performance In-Reply-To: <45C2C995.30909@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> Message-ID: On Fri, 2 Feb 2007, Pete Russell wrote: > What do you normally do when a client or vendor gets rejected by these tests? Why on earth anyone would want to whitelist a domain because THAT domains admin is too clueless and incompetant to configure their machine correctly I'll never know. The solution is simple: 1: If its a host providor whinging... Tell them no mail accepted until they fix their configuration Tell them if they have no idea, to change root pass to somthing they can then give you, you login and fix it for them at a cost of $XXXX.00 and you want to EFT receipt faxed to you prior to this. -OR- 2: If regular host client useing that host server, tell them to take their custom to a host providor who has a clue. It's just not acceptable to have our machines exposed to higher risk of spam or other malicous actions because THEY are dimwits. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Fri Feb 2 10:13:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 09:16:49 2007 Subject: Performance In-Reply-To: <45C2C995.30909@enitech.com.au> References: <45C03361.5040903@katy.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> Message-ID: <223f97700702020113r3548e74dva482632180596cb5@mail.gmail.com> On 02/02/07, Pete Russell wrote: > > > Glenn Steen wrote: > > On 02/02/07, Peter Russell wrote: > >> > >> > > (snip) > >> As you say, after i posted it i did some further research and found it > >> was just a warning - thanks for the explanation. > > :-) > >> >> I will leave off making any more MTA changes until one of the clever > >> >> cloggs can post up some tips... > >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > >> > And a clever clogg is then an intelligent footwear? Sort of an AI for > >> > pedestrian appliances?:-) > >> > >> Well i didnt wanna say geeks - but there you go you have forced me. :) > > Why thank you... Such high praise...:-):-). > > > >> > >> I made some changes to my main.cf and then telnet in to my server from > >> another network, i can get through helo, MAIL FROM with false info - no > >> warnings, errors or disconnects. Any idea where i am going wrong? (i > >> have exclude all my pre existing transport map, relay domains type > >> config) Appreciate any tips or suggestions. > >> Pete > > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > > depend on the content of the file I guess... You did remember to > > postmap it (and reload postfix after the changes to main.cf)? > > With a little luck (all the luck I didn't have today... SSL-X logged > > itself to death (audit f a failed message just kept repeating) and was > > ornery about the license file while updating on new HW, Oracle was > > just as Oracle can be, the doctor kept me waiting (well, nothing new > > there:-) and pesky users kept interrupting about me helping them with > > their *private* WLAN/DSL installs (as if I was going home to them and > > doing their LAN... Well, perhaps if sufficient amounts of finer booze > > was at the end of it:), so that I never got any time to install the > > latest and greatest MS... Grrr.) I'll have time to look at it again in > > the morning (today). > > > > Tired but kind regards > > OKay seem to have it working - unfortunately lots of folks have mis > configured MTAs. Some of these people wont fix this anytime soon - is > there way of 'whitelisting' some hosts/domains from the helo checks and > client and recipient checks? > > What do you normally do when a client or vendor gets rejected by these > tests? I'm not running an ISP, or a big campus or somesuch, so ... my situation is perhaps simpler than mosts:-). In the very few cases where I had this with _business related communications_, and they "persisted in their folly";), I mailed their postmaster _and_ their public contact (usually some "information officer"...:-). Didn't take long for them to fix it. But I see very few FPs, almost none. If you need a "whitelist", simply detail whatever they are HELOing with in the file with an "OK" prior to the "REJECT" lines... Not that I'd do that:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 2 10:32:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 09:35:39 2007 Subject: Performance In-Reply-To: <45C29D90.8080901@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> Message-ID: <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> On 02/02/07, John Schmerold wrote: > This list becomes an important archive of useful information, so I want > to let everyone know we ended up eliminating the smtpd_helo_restrictions > section. Too many mail servers are mis-configured. Besides, the RFC, > states that the recipient server will accept the message regardless of > whether or not the HELO statement is proper. > You are quite correct that one can interprete RFC 2821 (section 4.1.4) that way (and that it was intended that way:-), but one has to take a few things into account... It was written 2001 (well, actually earlier) when spam wasn't that huge a problem, and this whole statement is aimed at minimizing problems... I'd say that someone intentionally using your "credentials" constitute violate the spirit of the "law", if not the letter. And indeed, this "feature" doesn't really break the letter of that "law" either... See the transcript below (I use smtpd_delay_rejects=yes ... And I don't use any greet_pause ... yet): # telnet mail 25 Trying 172.18.3.86... Connected to mail.ap1.se (172.18.3.86). Escape character is '^]'. 220 mail.ap1.se ESMTP Postfix ehlo mail.ap1.se 250-mail.ap1.se 250-PIPELINING 250-SIZE 16777216 250-ETRN 250 8BITMIME mail from:<> 250 Ok rcpt to: 554 : Helo command rejected: Access denied quit 221 Bye Connection closed by foreign host. Please note that we follow the RFCs stipulation (MUST) to only reject the EHLO and stick around in the same state... All ready to process any mails, provided a valid EHLO/HELO is given. This is _exactly_ by the letter of the RFC. So, there is litle to no risk with this. The sender _will_ get a somewhat informative reject code, and should be able to find the problem at their end... Forcing _them_ to comply to the RFC;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From tgc at statsbiblioteket.dk Fri Feb 2 10:39:14 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Fri Feb 2 09:42:41 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2098A.3070200@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: <45C306C2.7070505@statsbiblioteket.dk> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest stable version of MailScanner, 4.58.9. > The only change between 4.58.8 and 4.58.9 seems to be the unconditional setting of TMPDIR=/dev/shm in /usr/sbin/check_MailScanner. I don't think this is the right thing to do. It should be a local configuration choice not something that is forced and can only be disabled by hacking a script that is overwritten on every update. Perhaps you could make this a setting in /etc/sysconfig/MailScanner that defaults to "on" instead. Otherwise 4.58.9 seems to be doing fine here on RHEL 2.1. -tgc From gmatt at nerc.ac.uk Fri Feb 2 11:05:00 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Feb 2 10:08:39 2007 Subject: Use of floating point on typical mailserver In-Reply-To: References: <45C1CCF4.1070100@nerc.ac.uk> Message-ID: <45C30CCC.4030203@nerc.ac.uk> Jeff A. Earickson wrote: > We have two 8-core T2000s and three 8-core T1000s onsite. The three T1000s > handle our webmail front end (horde/imp and associated apache stuff). > One T2000 is a web server, and the second T2000 came online a couple of > weeks ago to handle our IMAP service (dovecot 1.0rc18 currently). This > box has an HP MSA50 disk array with fourteen 72GB disks in a mirrored/ > striped ZFS disk pool for homedirs. All of these systems do a great job, > and barely break a sweat doing it. > > While I can't speak to the FPU issue directly, I got a bit of advice from > a Sun engineer on which chipset to buy for what use in Sun-land. If you > want floating-point computation speed, buy x86 boxes (Sun V20's, etc) > because > the clock cycle of the x86 chips is so much faster. If the work is non > floating-point, then buy Coolthreads servers if the ratio of threads to > processes is > 4. How to find out? Run "prstat" and look at the bottom > line. Take the ratio of processes to LWPs. If the ratio is less than > four, then buy standard Sparc. Sparc chips have the advantage that they > are RISC chips while x86 aren't. His advice, passed along. thanks Jeff... the problem is how do I know if my MS/SA/AV/MW boxes use a lot of FP? It seems crazy looking back but our relays used to run on Sun Ultra 5s, they were replaced by v60z's (Sun Xeon boxes - not very popular) which have done a great job since then but are starting to look a bit long in the tooth. Tripling the memory gave them a new lease of life! Whatever we replace them with needs to have a reasonable chance of coping for another 4 years or so. most of the grunt work of MS and SA is perl text processing which I wouldnt expect to use a lot of FP. I would expect AV engines to be similar (searching for signature patterns etc) so my hunch is that there is little FP work going on... I'll try asking similar questions elsewhere to see if I can figure it out... Not sure I follow the threads/process argument as it seems to assume that you will have the same number of processes running on each box. But if I have a "32-way" host, I'll increase the maximum number of MS and MTA processes to fill the pipes. GREG > > Jeff Earickson > Colby College -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From prandal at herefordshire.gov.uk Fri Feb 2 11:28:35 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 2 10:32:25 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58125FF8C8@isabella.herefordshire.gov.uk> On closer examination this may be due to timeouts when virus scanning. I;'ve increased the max scan time per batch to see if that resolves it. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 02 February 2007 00:07 > To: 'MailScanner discussion' > Subject: RE: MailScanner ANNOUNCE: Stable version 4.58.9 released > > It's working fine thanks Julian. > > One thing I noticed was that clamav (module) had left some junk in > /dev/shm after I'd done a "service MailScanner restart". I suspect > clamavmodule's temp files are not cleaned out on shutdown of > MailScanner. That doesn't matter so much when they are in > /tmp, but it > makes me a bit nervous to see growing amounts of junk in /dev/shm. > > I can live with it, though :-) > > Having clamavmodule's temp files in /dev/shm seems to speed > things up a > bit, so that hack is a definite plus. > > Cheers, > > Phil > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > Julian Field wrote: > > * PGP Signed: 02/01/07 at 15:39:11 > > > > I have just released the latest stable version of > MailScanner, 4.58.9. > > > > It is available for download directly from > > www.mailscanner.info > > as usual. > > > > The major changes for this release are: > > > > -- Added a new configuration setting to control whether senders are > > notified about attachments are too big or too small. > > -- When using the Custom Function plugin system, you can > now calculate > > > a ruleset from within your Custom Function. Very useful for large > sites. > > -- Improvements to the accuracy of the SpamAssassin cache results. > > -- Startup scripts now make SpamAssassin run out of memory-based > > temporary files where possible, to improve speed. > > -- Messages placed in multiple outgoing queues are now delivered > > immediately. > > -- Fixed problems with a few users seeing extra "disarmed" > or "fraud" > > tags appearing incorrectly. > > > > Best regards, > > > > Jules > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > Comment: Fetch my public key foot-print from www.mailscanner.info > Charset: ISO-8859-1 > > wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 > QGoVAz6JCXa/wB5mY9i53jc= > =tJ90 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From support-lists at petdoctors.co.uk Fri Feb 2 12:36:09 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri Feb 2 11:39:56 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: <002801c746be$553c3c50$3c65a8c0@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 01, 2007 9:41 PM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? We are the Managers. You are the coding monkey - know your place. If we want to talk to you we'll send you a memo ;-) From glenn.steen at gmail.com Fri Feb 2 13:15:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 12:18:36 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <002801c746be$553c3c50$3c65a8c0@support01> References: <45C25E72.4040602@ecs.soton.ac.uk> <002801c746be$553c3c50$3c65a8c0@support01> Message-ID: <223f97700702020415p2b90ae0dp79dd075ef5209a5@mail.gmail.com> On 02/02/07, Nigel Kendrick wrote: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > > > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) > Eh ... Nigel... You should familiarise yourself with the writings of one S Travaglia ... That type of statement from "the Boss" or other management types unfailingly lead to bad accidents (electrocution, massive physical (kinetic/falling) damage, specifically designed code "only for you" etc) happening... :-D Take care;) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From support-lists at petdoctors.co.uk Fri Feb 2 13:37:20 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri Feb 2 13:05:36 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <223f97700702020415p2b90ae0dp79dd075ef5209a5@mail.gmail.com> Message-ID: <003e01c746c6$e1aa93f0$3c65a8c0@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, February 02, 2007 12:15 PM To: MailScanner discussion Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released On 02/02/07, Nigel Kendrick wrote: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > > > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) > Eh ... Nigel... You should familiarise yourself with the writings of one S Travaglia ... That type of statement from "the Boss" or other management types unfailingly lead to bad accidents (electrocution, massive physical (kinetic/falling) damage, specifically designed code "only for you" etc) happening... :-D Take care;) -- -- Glenn Trouble is, there's too many Managers / Directors who think like that - The Department Manager for which I once worked sat about 5m away from me (in his own office at the end of the open plan floor area, of course). I spent one entire Sunday installing network cables in a new area. On the Monday, my Team Supervisor called me into his office and read out a memo from his Line Manager saying that 'D' Had asked 'T' to instruct him ('M') to thank me for coming in on Sunday - so that's: 'D' (Dept Manager) --> Memo to 'T' (Line Manager) --> Passed memo to 'M' (Team Supervisor) --> Me! Wow, I really felt 'in my place'!! It made me determined to always know and speak to all the team members who work for me, regardless of 'rank'. From jaearick at colby.edu Fri Feb 2 14:18:11 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Feb 2 13:21:53 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <003e01c746c6$e1aa93f0$3c65a8c0@support01> References: <003e01c746c6$e1aa93f0$3c65a8c0@support01> Message-ID: Julian, The KickMessage() tweak in 4.58.x has been a great change. After you got the bugs worked out in 4.58.8, I noticed that my queues are nearly always empty or near empty. I wondered if you had just routed outbound email to /dev/null. :) Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Fri Feb 2 14:38:03 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 2 13:42:42 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: References: <003e01c746c6$e1aa93f0$3c65a8c0@support01> Message-ID: <45C33EBB.3080004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glad to hear that is working well. Any performance differences? One extra thing I have found is that putting the Bayes database files onto tmpfs helps a lot. But you need to set up a cron job that (a) Copies them to another directory on tmpfs (very fast snapshot) (b) then copies the new files onto disk (relatively slow, but that doesn't matter) You will probably want to do this every hour or so. Add this to the "start" subroutine in the init.d script: if [ -e /root/.spamassassin/bayes_toks ]; then : else cp /root/.spamassassin.copy/* /root/.spamassassin fi That copies the disk-based copy into the tmpfs copy, so you start with the last snapshot. Add this to a cron job that you run once an hour or so: #!/bin/sh if cd /root/.spamassassin ; then #ls -al mkdir -p copy cp * copy mkdir -p /root/.spamassassin.copy mv copy/* /root/.spamassassin.copy rm -rf copy fi And then just mount /root/.spamassassin using tmpfs. If you have a large number of "Max Children =" all competing for the same Bayes db, or even just a large Bayes db, this can make quite a difference to the SpamAssassin speed. Please let me know if you think this helps at all on your systems, or if it makes no discernible difference. Jeff A. Earickson wrote: > The KickMessage() tweak in 4.58.x has been a great change. After > you got the bugs worked out in 4.58.8, I noticed that my queues are > nearly always empty or near empty. I wondered if you had just > routed outbound email to /dev/null. :) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwz7nEfZZRxQVtlQRArRYAKC4hsu/KtJ+0jlHH+xYu9RA7U4NvQCg3pG2 GpW2LoQGwdZGdNHWg0rF+j0= =dX7Y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From jaearick at colby.edu Fri Feb 2 14:39:38 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Feb 2 13:43:14 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C30CCC.4030203@nerc.ac.uk> References: <45C1CCF4.1070100@nerc.ac.uk> <45C30CCC.4030203@nerc.ac.uk> Message-ID: n Fri, 2 Feb 2007, Greg Matthews wrote: > Date: Fri, 02 Feb 2007 10:05:00 +0000 > From: Greg Matthews > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Use of floating point on typical mailserver > > Jeff A. Earickson wrote: >> We have two 8-core T2000s and three 8-core T1000s onsite. The three T1000s >> handle our webmail front end (horde/imp and associated apache stuff). One >> T2000 is a web server, and the second T2000 came online a couple of >> weeks ago to handle our IMAP service (dovecot 1.0rc18 currently). This >> box has an HP MSA50 disk array with fourteen 72GB disks in a mirrored/ >> striped ZFS disk pool for homedirs. All of these systems do a great job, >> and barely break a sweat doing it. >> >> While I can't speak to the FPU issue directly, I got a bit of advice from >> a Sun engineer on which chipset to buy for what use in Sun-land. If you >> want floating-point computation speed, buy x86 boxes (Sun V20's, etc) >> because >> the clock cycle of the x86 chips is so much faster. If the work is non >> floating-point, then buy Coolthreads servers if the ratio of threads to >> processes is > 4. How to find out? Run "prstat" and look at the bottom >> line. Take the ratio of processes to LWPs. If the ratio is less than >> four, then buy standard Sparc. Sparc chips have the advantage that they >> are RISC chips while x86 aren't. His advice, passed along. > > thanks Jeff... the problem is how do I know if my MS/SA/AV/MW boxes use a lot > of FP? Some quick thoughts here. Search the source code that you compile (eg, sendmail code) for uses of "float", "double", or "math.h" (math lib): find . -name '*.[ch]' -print | xargs egrep 'math|float|double' I didn't find much in sendmail 8.13.8 source code. Examine the dynamic libraries that you use with ldd and look for libm (mathlib). Do an lsof as root and look to see if libm is in use by anything. These quick checks on my mail server didn't show much. Mathlib tends to be the heavy hitter for floating-point, since it has trig/log functions and the like in it. > It seems crazy looking back but our relays used to run on Sun Ultra 5s, they > were replaced by v60z's (Sun Xeon boxes - not very popular) which have done a > great job since then but are starting to look a bit long in the tooth. > Tripling the memory gave them a new lease of life! Whatever we replace them > with needs to have a reasonable chance of coping for another 4 years or so. > > most of the grunt work of MS and SA is perl text processing which I wouldnt > expect to use a lot of FP. I would expect AV engines to be similar (searching > for signature patterns etc) so my hunch is that there is little FP work going > on... I'll try asking similar questions elsewhere to see if I can figure it > out... > > Not sure I follow the threads/process argument as it seems to assume that you > will have the same number of processes running on each box. But if I have a > "32-way" host, I'll increase the maximum number of MS and MTA processes to > fill the pipes. The idea with threads/processes is that the current Niagara chips can run 4 threads per CPU. If the ratio of threads to processes is high, then you can keep the CPU busy with threads. If the ratio is low, then you are wasting your money on the CoolThreads CPUs, because you can't keep them busy. Buy regular Sparc chips instead. Jeff Earickson Colby College From dyioulos at firstbhph.com Fri Feb 2 14:58:16 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Feb 2 14:01:56 2007 Subject: MCP checks against outbound mail Message-ID: <200702020858.16809.dyioulos@firstbhph.com> Hello to all. Previously, I had implemented MCP checks on my system. After upgrading spamassassin, MCP was using SA rules to do the scoring. For example, a post from this list got an MCP score of 2.31, with Matching Rules being INVALID_DATE and NO_REAL_NAME (clearly SA rules. Upgrading MS today seems to have fixed that problem - now, my MCP .cf rules are used again. That's good. But now, my issue is this: I've set MS so that our outbound mail isn't scanned for spam. However, this setting also seems to keep the outbound stuff from being scanned for MCP. That's bad. What do I need to do to enable MCP checks only? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Fri Feb 2 16:26:09 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Feb 2 15:29:58 2007 Subject: Use of floating point on typical mailserver In-Reply-To: References: <45C1CCF4.1070100@nerc.ac.uk> <45C30CCC.4030203@nerc.ac.uk> Message-ID: <45C35811.80001@nerc.ac.uk> Jeff A. Earickson wrote: > Some quick thoughts here. Search the source code that you compile (eg, > sendmail code) for uses of "float", "double", or "math.h" (math lib): > > find . -name '*.[ch]' -print | xargs egrep 'math|float|double' > > I didn't find much in sendmail 8.13.8 source code. Examine the dynamic > libraries that you use with ldd and look for libm (mathlib). Do an lsof > as root and look to see if libm is in use by anything. These quick checks > on my mail server didn't show much. Mathlib tends to be the heavy hitter > for floating-point, since it has trig/log functions and the like in it. ah.. good suggestions, I'll have a poke around. > The idea with threads/processes is that the current Niagara chips can run > 4 threads per CPU. If the ratio of threads to processes is high, then > you can keep the CPU busy with threads. If the ratio is low, then you are > wasting your money on the CoolThreads CPUs, because you can't keep them > busy. Buy regular Sparc chips instead. perhaps I'm misunderstanding the technology. Yes each core can execute four threads "at once" (actually time sliced) but I dont see that there's much difference here between running 8 processes each with 4 threads or running 32 processes. Each core should still be able to context switch between the four processes in its 4 "run queues" whether they are threads of a process or separate processes, no? Or is the context switch between separate processes much more expensive? GREG > > Jeff Earickson > Colby College -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From technician at cenpac.net.nr Fri Feb 2 17:56:48 2007 From: technician at cenpac.net.nr (Jon Leeman) Date: Fri Feb 2 17:00:15 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> Message-ID: <45C36D50.7020507@cenpac.net.nr> Res wrote: > Why on earth anyone would want to whitelist a domain because THAT > domains admin is too clueless and incompetant to configure their machine > correctly I'll never know. > > The solution is simple: > 1: If its a host providor whinging... > Tell them no mail accepted until they fix their configuration > Tell them if they have no idea, to change root pass to somthing they > can then give you, you login and fix it for them at a cost of $XXXX.00 > and you want to EFT receipt faxed to you prior to this. > -OR- > 2: If regular host client useing that host server, tell them to take > their custom to a host providor who has a clue. > > > It's just not acceptable to have our machines exposed to higher risk of > spam or other malicous actions because THEY are dimwits. > Amen. Per some of Glenn's later posts...........anyone remember when open relay was the norm for MTA's {and SPAM was a in a tin}? I inherited one (Netscape messenger 3.) about 8 years ago. A regional Linux guru introduced me to PF (and eventually MS later on) about 4 years ago. At that time invoking PF *restrictions* meant that most MTA's in the region were not able to get through to here. Fortunately this has changed in what's known as PIC's (Pacific Island Countries). List, keep up the good work please and excuse my occassional OT comments. Jon (Nauru 0450 local....temp. coolish at around 24 deg. C) From ssilva at sgvwater.com Fri Feb 2 18:56:56 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:00:53 2007 Subject: Performance In-Reply-To: <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/1/2007 5:59 PM: > On 02/02/07, Peter Russell wrote: >> >> > (snip) >> As you say, after i posted it i did some further research and found it >> was just a warning - thanks for the explanation. > :-) >> >> I will leave off making any more MTA changes until one of the clever >> >> cloggs can post up some tips... >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? >> > And a clever clogg is then an intelligent footwear? Sort of an AI for >> > pedestrian appliances?:-) >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) > Why thank you... Such high praise...:-):-). > >> >> I made some changes to my main.cf and then telnet in to my server from >> another network, i can get through helo, MAIL FROM with false info - no >> warnings, errors or disconnects. Any idea where i am going wrong? (i >> have exclude all my pre existing transport map, relay domains type >> config) Appreciate any tips or suggestions. >> Pete > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > depend on the content of the file I guess... You did remember to > postmap it (and reload postfix after the changes to main.cf)? > With a little luck (all the luck I didn't have today... SSL-X logged > itself to death (audit f a failed message just kept repeating) and was > ornery about the license file while updating on new HW, Oracle was > just as Oracle can be, the doctor kept me waiting (well, nothing new > there:-) and pesky users kept interrupting about me helping them with > their *private* WLAN/DSL installs (as if I was going home to them and > doing their LAN... Well, perhaps if sufficient amounts of finer booze > was at the end of it:), so that I never got any time to install the > latest and greatest MS... Grrr.) I'll have time to look at it again in > the morning (today). > > Tired but kind regards I get a lot of that "personal" pestering, too. If you tell them up front you are going to charge them, and make the price high enough, you will stop about 90% of it. The other 10% is beer money! ;-) Just set your rate high enough to be worth your time. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From talora-listas at talora.com.br Fri Feb 2 18:56:58 2007 From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=) Date: Fri Feb 2 18:01:41 2007 Subject: Send copies of certain messages to other mail account Message-ID: <45C37B6A.2000201@talora.com.br> Fellows, To find out what kind of mailing lists my users are participating, I?d link to send a copy of all messages sent from or to any account with "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper analysis. Is it possible to do it with postfix and/or MailScanner? I thought about some "REDIRECT" rule on the "header_checks" table, but I?d like the users to continue recieving the messages, while we analyze that. Any suggestions? Thanks a lot! Luis Talora From ssilva at sgvwater.com Fri Feb 2 19:09:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:13:40 2007 Subject: Performance In-Reply-To: <45C2B198.6060806@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C2B198.6060806@katy.com> Message-ID: John Schmerold spake the following on 2/1/2007 7:35 PM: > I set Children & Messages per scan low after viewing: > http://tinyurl.com/ypqot7 > > We've gone back to higher values now. > Those recommendation are for a server that is struggling because it is (might be) underpowered. I didn't really like that one, but never had the time to edit or comment on it. I was going to write one on using mimedefang on a relay to check recipients, but can't get to that either. Besides, the mimedefang people don't seem to have much love for mailscanner lately, (not quite Wietse like yet), and it is a little bit overkill to use it just for that. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Feb 2 19:13:42 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:17:13 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> Message-ID: <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> On 02/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/1/2007 5:59 PM: > > On 02/02/07, Peter Russell wrote: > >> > >> > > (snip) > >> As you say, after i posted it i did some further research and found it > >> was just a warning - thanks for the explanation. > > :-) > >> >> I will leave off making any more MTA changes until one of the clever > >> >> cloggs can post up some tips... > >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > >> > And a clever clogg is then an intelligent footwear? Sort of an AI for > >> > pedestrian appliances?:-) > >> > >> Well i didnt wanna say geeks - but there you go you have forced me. :) > > Why thank you... Such high praise...:-):-). > > > >> > >> I made some changes to my main.cf and then telnet in to my server from > >> another network, i can get through helo, MAIL FROM with false info - no > >> warnings, errors or disconnects. Any idea where i am going wrong? (i > >> have exclude all my pre existing transport map, relay domains type > >> config) Appreciate any tips or suggestions. > >> Pete > > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > > depend on the content of the file I guess... You did remember to > > postmap it (and reload postfix after the changes to main.cf)? > > With a little luck (all the luck I didn't have today... SSL-X logged > > itself to death (audit f a failed message just kept repeating) and was > > ornery about the license file while updating on new HW, Oracle was > > just as Oracle can be, the doctor kept me waiting (well, nothing new > > there:-) and pesky users kept interrupting about me helping them with > > their *private* WLAN/DSL installs (as if I was going home to them and > > doing their LAN... Well, perhaps if sufficient amounts of finer booze > > was at the end of it:), so that I never got any time to install the > > latest and greatest MS... Grrr.) I'll have time to look at it again in > > the morning (today). > > > > Tired but kind regards > I get a lot of that "personal" pestering, too. If you tell them up front you > are going to charge them, and make the price high enough, you will stop about > 90% of it. The other 10% is beer money! ;-) > Just set your rate high enough to be worth your time. Trust me, I'm not cheap... The dang thing is that working in the financial sector... quite a few of them can actually afford it:-). So, since I really don't want to be straddled with their problems, I tend to ... exaggerate a bit more:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Fri Feb 2 19:16:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:20:38 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <002801c746be$553c3c50$3c65a8c0@support01> References: <45C25E72.4040602@ecs.soton.ac.uk> <002801c746be$553c3c50$3c65a8c0@support01> Message-ID: Nigel Kendrick spake the following on 2/2/2007 3:36 AM: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > > > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) > > Be careful!!! You know what monkeys throw at you when they get angry!! ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From vosburgh at dalsemi.com Fri Feb 2 19:24:02 2007 From: vosburgh at dalsemi.com (David Vosburgh) Date: Fri Feb 2 18:27:56 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C37B6A.2000201@talora.com.br> References: <45C37B6A.2000201@talora.com.br> Message-ID: <45C381C2.5020908@dalsemi.com> If I understand you correctly, you should be able to use the mail archiving feature of MS: In MailScanner.conf: Archive Mail = %rules-dir%/mail_archive.rules In mail_archive_rules: From: *yahoogrupos.com.br /var/spool/MailScanner/mail_archive/yahoo_groups yahoo_groups@your.domain.com The above line will archive a copy to a local mbox and also forward a copy to some other email account. I think. You'd obviously need to create the directory /var/spool/MailScanner/mail_archive first. Dave Lu?s Fernando C. Talora wrote: > Fellows, > > To find out what kind of mailing lists my users are participating, I?d > link to send a copy of all messages sent from or to any account with > "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper > analysis. Is it possible to do it with postfix and/or MailScanner? I > thought about some "REDIRECT" rule on the "header_checks" table, but > I?d like the users to continue recieving the messages, while we analyze > that. Any suggestions? > > Thanks a lot! > > Luis Talora From glenn.steen at gmail.com Fri Feb 2 19:26:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:30:26 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C37B6A.2000201@talora.com.br> References: <45C37B6A.2000201@talora.com.br> Message-ID: <223f97700702021026q1fcbee7bw69f93a03bc41a36a@mail.gmail.com> On 02/02/07, "Lu?s Fernando C. Talora" wrote: > Fellows, > > To find out what kind of mailing lists my users are participating, I?d > link to send a copy of all messages sent from or to any account with > "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper > analysis. Is it possible to do it with postfix and/or MailScanner? I > thought about some "REDIRECT" rule on the "header_checks" table, but > I?d like the users to continue recieving the messages, while we analyze > that. Any suggestions? > > Thanks a lot! > > Luis Talora Both should e possible to make work... Actually a very simple ruleset on Non Spam Actions would probably be best ... Look at the examples etc ... and just add a forward some.other.recipient@your.domain.tld to those matching. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jaearick at colby.edu Fri Feb 2 19:27:11 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Feb 2 18:30:49 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C37B6A.2000201@talora.com.br> References: <45C37B6A.2000201@talora.com.br> Message-ID: On Fri, 2 Feb 2007, "Lu?s Fernando C. Talora" wrote: > Date: Fri, 02 Feb 2007 15:56:58 -0200 > From: "Lu?s Fernando C. Talora" > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Send copies of certain messages to other mail account > > Fellows, > > To find out what kind of mailing lists my users are participating, I?d link > to send a copy of all messages sent from or to any account with > "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper > analysis. Is it possible to do it with postfix and/or MailScanner? I thought > about some "REDIRECT" rule on the "header_checks" table, but I?d like the > users to continue recieving the messages, while we analyze that. Any > suggestions? This is easy to do in MailScanner. Write rulesets for "Spam Actions =" and "Non Spam Actions =" that look like: From: grupos.com.br deliver forward postmaster@talora.com.br FromOrTo: default deliver I am doing this now to send email downstream to another system for test users on that machine. Jeff Earickson Colby College From wendiw at itasoftware.com Fri Feb 2 19:29:46 2007 From: wendiw at itasoftware.com (Wendi Whitsett) Date: Fri Feb 2 18:32:23 2007 Subject: Phishing whitelist entries not used by MS In-Reply-To: <45C21C00.6060202@itasoftware.com> References: <45C21C00.6060202@itasoftware.com> Message-ID: <45C3831A.2020602@itasoftware.com> Is anyone actually using Phishing White listing? With success? Thanks -Wendi -- Wendi W. Sr Systems Engineer ITA Software wendiw@itasoftware.com Wendi Whitsett wrote: > I've got a MailScanner/Linux box here that seems to be failing the > 'check for safe phishing sites' part of the scan. I clearly created > two entries in my /etc/MailScanner/phishing.safe.sites.conf: > www.domainone.com > www.domaintwo.com > > Reloaded MS and sent through a message with an embedded A href tag. > The message went through and got scanned positive for phishing fraud, > even with my two domains listed in the safe sites. Anyone have any > ideas why this is happening? > > Blurb from reload, you can see the phishing whitelist being loaded: > > Feb 1 09:37:30 mx1 MailScanner[7257]: MailScanner E-Mail Virus > Scanner version 4.56.8 starting... Feb 1 09:37:30 mx1 > MailScanner[7257]: Read 767 hostnames from the phishing whitelist Feb > 1 09:37:30 mx1 MailScanner[7257]: Using SpamAssassin results cache > Feb 1 09:37:30 mx1 MailScanner[7257]: Connected to SpamAssassin cache > database Feb 1 09:37:30 mx1 MailScanner[7257]: Expired 6 records from > the SpamAssassin cache Feb 1 09:37:30 mx1 MailScanner[7257]: Enabling > SpamAssassin auto-whitelist functionality... Feb 1 09:37:35 mx1 > MailScanner[7257]: Using locktype = flock > Thanks for any help... > -Wendi > > -- > Wendi W. > Sr Systems Engineer > ITA Software > wendiw@itasoftware.com > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/5298bb6c/smime.bin From ssilva at sgvwater.com Fri Feb 2 19:33:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:37:37 2007 Subject: Performance In-Reply-To: <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> References: <45C03361.5040903@katy.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/2/2007 10:13 AM: > On 02/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/1/2007 5:59 PM: >> > On 02/02/07, Peter Russell wrote: >> >> >> >> >> > (snip) >> >> As you say, after i posted it i did some further research and found it >> >> was just a warning - thanks for the explanation. >> > :-) >> >> >> I will leave off making any more MTA changes until one of the >> clever >> >> >> cloggs can post up some tips... >> >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? >> >> > And a clever clogg is then an intelligent footwear? Sort of an AI >> for >> >> > pedestrian appliances?:-) >> >> >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) >> > Why thank you... Such high praise...:-):-). >> > >> >> >> >> I made some changes to my main.cf and then telnet in to my server from >> >> another network, i can get through helo, MAIL FROM with false info >> - no >> >> warnings, errors or disconnects. Any idea where i am going wrong? (i >> >> have exclude all my pre existing transport map, relay domains type >> >> config) Appreciate any tips or suggestions. >> >> Pete >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would >> > depend on the content of the file I guess... You did remember to >> > postmap it (and reload postfix after the changes to main.cf)? >> > With a little luck (all the luck I didn't have today... SSL-X logged >> > itself to death (audit f a failed message just kept repeating) and was >> > ornery about the license file while updating on new HW, Oracle was >> > just as Oracle can be, the doctor kept me waiting (well, nothing new >> > there:-) and pesky users kept interrupting about me helping them with >> > their *private* WLAN/DSL installs (as if I was going home to them and >> > doing their LAN... Well, perhaps if sufficient amounts of finer booze >> > was at the end of it:), so that I never got any time to install the >> > latest and greatest MS... Grrr.) I'll have time to look at it again in >> > the morning (today). >> > >> > Tired but kind regards >> I get a lot of that "personal" pestering, too. If you tell them up >> front you >> are going to charge them, and make the price high enough, you will >> stop about >> 90% of it. The other 10% is beer money! ;-) >> Just set your rate high enough to be worth your time. > > Trust me, I'm not cheap... The dang thing is that working in the > financial sector... quite a few of them can actually afford it:-). So, > since I really don't want to be straddled with their problems, I tend > to ... exaggerate a bit more:-). > If your still getting too many, then your prices are still too low. Even a rich man has a price that he won't pay! I had a guy the other day that wanted me to do some work, and actually seemed offended that I wouldn't do it for free! Only my family gets work for free. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Feb 2 19:44:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:48:13 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C381C2.5020908@dalsemi.com> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> Message-ID: <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> On 02/02/07, David Vosburgh wrote: > If I understand you correctly, you should be able to use the mail > archiving feature of MS: > > In MailScanner.conf: > Archive Mail = %rules-dir%/mail_archive.rules > > In mail_archive_rules: > From: *yahoogrupos.com.br > /var/spool/MailScanner/mail_archive/yahoo_groups > yahoo_groups@your.domain.com > > The above line will archive a copy to a local mbox and also forward a > copy to some other email account. I think. > > You'd obviously need to create the directory > /var/spool/MailScanner/mail_archive first. > > Dave > Nah, archiving is overkill here:-). Forgot the obligatory "Make sure it's leagal/allowed by policy before implementing this" gripe... So there it is:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From DrewB at united-systems.com Fri Feb 2 19:47:14 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Fri Feb 2 18:51:06 2007 Subject: Phishing phraud Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> Where can I report a phishing email that managed to slip through Mailscanner? Also, is there something I can adjust to ensure that it doesn't slip through again? Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/fed81000/attachment.html From glenn.steen at gmail.com Fri Feb 2 19:48:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:51:50 2007 Subject: Phishing whitelist entries not used by MS In-Reply-To: <45C3831A.2020602@itasoftware.com> References: <45C21C00.6060202@itasoftware.com> <45C3831A.2020602@itasoftware.com> Message-ID: <223f97700702021048p4cee6c9em4b7cd7a226db681b@mail.gmail.com> On 02/02/07, Wendi Whitsett wrote: > Is anyone actually using Phishing White listing? With success? > Thanks > -Wendi > > -- > Wendi W. > Sr Systems Engineer > ITA Software > wendiw@itasoftware.com > Yes... Could uyou give a true example? Like the actual domain names you whitelist and the actual URL you tested with? Might be some insiduous bug, and Jules will need real data to work with to fix it (if it indeed needs fixing). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 2 19:51:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:55:05 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> Message-ID: <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> On 02/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/2/2007 10:13 AM: > > On 02/02/07, Scott Silva wrote: > >> Glenn Steen spake the following on 2/1/2007 5:59 PM: > >> > On 02/02/07, Peter Russell wrote: > >> >> > >> >> > >> > (snip) > >> >> As you say, after i posted it i did some further research and found it > >> >> was just a warning - thanks for the explanation. > >> > :-) > >> >> >> I will leave off making any more MTA changes until one of the > >> clever > >> >> >> cloggs can post up some tips... > >> >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > >> >> > And a clever clogg is then an intelligent footwear? Sort of an AI > >> for > >> >> > pedestrian appliances?:-) > >> >> > >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) > >> > Why thank you... Such high praise...:-):-). > >> > > >> >> > >> >> I made some changes to my main.cf and then telnet in to my server from > >> >> another network, i can get through helo, MAIL FROM with false info > >> - no > >> >> warnings, errors or disconnects. Any idea where i am going wrong? (i > >> >> have exclude all my pre existing transport map, relay domains type > >> >> config) Appreciate any tips or suggestions. > >> >> Pete > >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > >> > depend on the content of the file I guess... You did remember to > >> > postmap it (and reload postfix after the changes to main.cf)? > >> > With a little luck (all the luck I didn't have today... SSL-X logged > >> > itself to death (audit f a failed message just kept repeating) and was > >> > ornery about the license file while updating on new HW, Oracle was > >> > just as Oracle can be, the doctor kept me waiting (well, nothing new > >> > there:-) and pesky users kept interrupting about me helping them with > >> > their *private* WLAN/DSL installs (as if I was going home to them and > >> > doing their LAN... Well, perhaps if sufficient amounts of finer booze > >> > was at the end of it:), so that I never got any time to install the > >> > latest and greatest MS... Grrr.) I'll have time to look at it again in > >> > the morning (today). > >> > > >> > Tired but kind regards > >> I get a lot of that "personal" pestering, too. If you tell them up > >> front you > >> are going to charge them, and make the price high enough, you will > >> stop about > >> 90% of it. The other 10% is beer money! ;-) > >> Just set your rate high enough to be worth your time. > > > > Trust me, I'm not cheap... The dang thing is that working in the > > financial sector... quite a few of them can actually afford it:-). So, > > since I really don't want to be straddled with their problems, I tend > > to ... exaggerate a bit more:-). > > > If your still getting too many, then your prices are still too low. Even a > rich man has a price that he won't pay! > I had a guy the other day that wanted me to do some work, and actually seemed > offended that I wouldn't do it for free! Only my family gets work for free. Exactly... It's actually the richest of them that seem to think we're their personal IT-butlers and we should do this service as part of our normal work... After a few "explanations" it seem to have sunk in that we're not:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 2 19:58:18 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 19:01:48 2007 Subject: Phishing phraud In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> References: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> Message-ID: <223f97700702021058mbcc453bgbb408096527ad4c2@mail.gmail.com> On 02/02/07, Drew Burchett wrote: > > > > > Where can I report a phishing email that managed to slip through > Mailscanner? Also, is there something I can adjust to ensure that it > doesn't slip through again? This list and/or Jules wouldn't be wrong, or perhaps both...:-). As to what to do... well that depends on why, now doesn't it;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Fri Feb 2 20:20:47 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 2 19:24:38 2007 Subject: Need help, server running out of space!! In-Reply-To: <20070201160646.B61555@mikea.ath.cx> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> <200702020746160185.28FFA111@smtp1.ace.net.au> <20070201160646.B61555@mikea.ath.cx> Message-ID: <45C38F0F.1000802@USherbrooke.ca> mikea a ?crit : > On Fri, Feb 02, 2007 at 07:46:16AM +1030, Peter Nitschke wrote: > >> Have you checked your logs? >> >> *********** REPLY SEPARATOR *********** >> >> On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: >> >> >>> 2007/2/1, Claude Gagn? : >>> >>>> Empty the quarantine ? >>>> >>>> >>> i've already done that and now i have some air, but something is eating >>> space very quick and its not the quarantine. >>> >>> >>> Eduardo Casarero a ?crit : >>> >>>> hi MS gurus i need your help. I run Mscanner with spamassasing on a >>>> HPDL380, with 1 scsi disk. >>>> >>>> mscanner MailScanner-4.55.10, sendmail >>>> > > I have seen some circumstances in which a large file, while consuming > disk space, didn't show up in `ls -l` or in `du` while the process was > running that was writing to the file. You may have to stop MailScanner > and other tools to have a chance of seeing where the big file is. In > the worst case, you'll have to boot to single-user mode, mount the > disks in your fstab, and then examine them. > > If you don't see a file it's because a process is still writing to it but some other process (or even itself) has deleted the file. If the file has been deleted it won't show up on ls but as soon as the process writing to the file exits (or is killed) the file space will get released. So a simple reboot might release that space. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/3899f445/smime-0001.bin From MailScanner at ecs.soton.ac.uk Fri Feb 2 20:32:25 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 2 19:37:07 2007 Subject: Phishing phraud In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> References: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> Message-ID: <45C391C9.3040005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Burchett wrote: > > Where can I report a phishing email that managed to slip through > Mailscanner? > Can you show me the actual HTML source of the bit of text that was the phishing link? I can only stop phishing links that are bits of text that look like links, but which actually take you to somewhere else. If the displayed text is "Click here" or similar, then there's nothing I can do, you are better off talking to the SpamAssassin and ClamAV folks. > > Also, is there something I can adjust to ensure that it doesn?t slip > through again? > It all depends on exactly what it is. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: windows-1252 wj8DBQFFw5IFEfZZRxQVtlQRAuU7AKCA9geYI/WPHRkCX/tVqMteqd0X/gCguDnf ZqtFQWMuqdmKU6+UNWAsqbQ= =bMs1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Feb 2 20:34:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 2 19:38:38 2007 Subject: Performance In-Reply-To: <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> References: <45C03361.5040903@katy.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> Message-ID: <45C39243.6000807@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 02/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/2/2007 10:13 AM: >> > On 02/02/07, Scott Silva wrote: >> >> Glenn Steen spake the following on 2/1/2007 5:59 PM: >> >> > On 02/02/07, Peter Russell wrote: >> >> >> >> >> >> >> >> > (snip) >> >> >> As you say, after i posted it i did some further research and >> found it >> >> >> was just a warning - thanks for the explanation. >> >> > :-) >> >> >> >> I will leave off making any more MTA changes until one of the >> >> clever >> >> >> >> cloggs can post up some tips... >> >> >> > Um, english parser breakdown... Isn't a clogg a sort of >> wooden shoe? >> >> >> > And a clever clogg is then an intelligent footwear? Sort of >> an AI >> >> for >> >> >> > pedestrian appliances?:-) >> >> >> >> >> >> Well i didnt wanna say geeks - but there you go you have forced >> me. :) >> >> > Why thank you... Such high praise...:-):-). >> >> > >> >> >> >> >> >> I made some changes to my main.cf and then telnet in to my >> server from >> >> >> another network, i can get through helo, MAIL FROM with false info >> >> - no >> >> >> warnings, errors or disconnects. Any idea where i am going >> wrong? (i >> >> >> have exclude all my pre existing transport map, relay domains type >> >> >> config) Appreciate any tips or suggestions. >> >> >> Pete >> >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would >> >> > depend on the content of the file I guess... You did remember to >> >> > postmap it (and reload postfix after the changes to main.cf)? >> >> > With a little luck (all the luck I didn't have today... SSL-X >> logged >> >> > itself to death (audit f a failed message just kept repeating) >> and was >> >> > ornery about the license file while updating on new HW, Oracle was >> >> > just as Oracle can be, the doctor kept me waiting (well, nothing >> new >> >> > there:-) and pesky users kept interrupting about me helping them >> with >> >> > their *private* WLAN/DSL installs (as if I was going home to >> them and >> >> > doing their LAN... Well, perhaps if sufficient amounts of finer >> booze >> >> > was at the end of it:), so that I never got any time to install the >> >> > latest and greatest MS... Grrr.) I'll have time to look at it >> again in >> >> > the morning (today). >> >> > >> >> > Tired but kind regards >> >> I get a lot of that "personal" pestering, too. If you tell them up >> >> front you >> >> are going to charge them, and make the price high enough, you will >> >> stop about >> >> 90% of it. The other 10% is beer money! ;-) >> >> Just set your rate high enough to be worth your time. >> > >> > Trust me, I'm not cheap... The dang thing is that working in the >> > financial sector... quite a few of them can actually afford it:-). So, >> > since I really don't want to be straddled with their problems, I tend >> > to ... exaggerate a bit more:-). >> > >> If your still getting too many, then your prices are still too low. >> Even a >> rich man has a price that he won't pay! >> I had a guy the other day that wanted me to do some work, and >> actually seemed >> offended that I wouldn't do it for free! Only my family gets work for >> free. > > Exactly... It's actually the richest of them that seem to think we're > their personal IT-butlers and we should do this service as part of our > normal work... After a few "explanations" it seem to have sunk in that > we're not:-) Start by asking for at least $200 per hour. That usually separates out the chaff. And they realise that what they've asked you to do isn't the equivalent of building a flat-pack bookcase. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFw5JZEfZZRxQVtlQRAmzXAKDqU/ZBS7G2x1VL4dDzYb6+gNfHqACfarOU nIm0sitbaK8e8e1tNKj9M5k= =YZzL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From dnsadmin at 1bigthink.com Fri Feb 2 20:37:16 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Feb 2 19:41:00 2007 Subject: Phishing phraud In-Reply-To: <223f97700702021058mbcc453bgbb408096527ad4c2@mail.gmail.com > References: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> <223f97700702021058mbcc453bgbb408096527ad4c2@mail.gmail.com> Message-ID: <7.0.1.0.0.20070202143639.08f02ec0@1bigthink.com> At 01:58 PM 2/2/2007, you wrote: >On 02/02/07, Drew Burchett wrote: >> >> >> >> >>Where can I report a phishing email that managed to slip through >>Mailscanner? Also, is there something I can adjust to ensure that it >>doesn't slip through again? >This list and/or Jules wouldn't be wrong, or perhaps both...:-). >As to what to do... well that depends on why, now doesn't it;-). >-- >-- Glenn >email: glenn < dot > steen < at > gmail < dot > com >work: glenn < dot > steen < at > ap1 < dot > se >-- If you are using ClamAV, report it to them as well! http://www.clamav.org Cheers! From Denis.Beauchemin at USherbrooke.ca Fri Feb 2 20:54:16 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 2 19:58:03 2007 Subject: Use of floating point on typical mailserver In-Reply-To: References: <45C1CCF4.1070100@nerc.ac.uk> <45C30CCC.4030203@nerc.ac.uk> Message-ID: <45C396E8.7050601@USherbrooke.ca> Jeff A. Earickson a ?crit : > n Fri, 2 Feb 2007, Greg Matthews wrote: > >> Date: Fri, 02 Feb 2007 10:05:00 +0000 >> From: Greg Matthews >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: Use of floating point on typical mailserver >> > > Some quick thoughts here. Search the source code that you compile > (eg, sendmail code) for uses of "float", "double", or "math.h" (math > lib): > > find . -name '*.[ch]' -print | xargs egrep 'math|float|double' > > I didn't find much in sendmail 8.13.8 source code. Examine the > dynamic libraries that you use with ldd and look for libm (mathlib). IIRC Perl only use floats, no ints... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/75e3ecfd/smime.bin From Kevin_Miller at ci.juneau.ak.us Fri Feb 2 20:58:19 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 2 20:01:51 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <002801c746be$553c3c50$3c65a8c0@support01> Message-ID: Nigel Kendrick wrote: > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) Eh, you're new in these parts, ain't ya son... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Fri Feb 2 21:37:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 20:41:18 2007 Subject: Performance In-Reply-To: <45C39243.6000807@ecs.soton.ac.uk> References: <45C03361.5040903@katy.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> <45C39243.6000807@ecs.soton.ac.uk> Message-ID: <223f97700702021237u14906c02vc2a1bbab28e8bf66@mail.gmail.com> On 02/02/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Glenn Steen wrote: > > On 02/02/07, Scott Silva wrote: > >> Glenn Steen spake the following on 2/2/2007 10:13 AM: > >> > On 02/02/07, Scott Silva wrote: > >> >> Glenn Steen spake the following on 2/1/2007 5:59 PM: > >> >> > On 02/02/07, Peter Russell wrote: > >> >> >> > >> >> >> > >> >> > (snip) > >> >> >> As you say, after i posted it i did some further research and > >> found it > >> >> >> was just a warning - thanks for the explanation. > >> >> > :-) > >> >> >> >> I will leave off making any more MTA changes until one of the > >> >> clever > >> >> >> >> cloggs can post up some tips... > >> >> >> > Um, english parser breakdown... Isn't a clogg a sort of > >> wooden shoe? > >> >> >> > And a clever clogg is then an intelligent footwear? Sort of > >> an AI > >> >> for > >> >> >> > pedestrian appliances?:-) > >> >> >> > >> >> >> Well i didnt wanna say geeks - but there you go you have forced > >> me. :) > >> >> > Why thank you... Such high praise...:-):-). > >> >> > > >> >> >> > >> >> >> I made some changes to my main.cf and then telnet in to my > >> server from > >> >> >> another network, i can get through helo, MAIL FROM with false info > >> >> - no > >> >> >> warnings, errors or disconnects. Any idea where i am going > >> wrong? (i > >> >> >> have exclude all my pre existing transport map, relay domains type > >> >> >> config) Appreciate any tips or suggestions. > >> >> >> Pete > >> >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > >> >> > depend on the content of the file I guess... You did remember to > >> >> > postmap it (and reload postfix after the changes to main.cf)? > >> >> > With a little luck (all the luck I didn't have today... SSL-X > >> logged > >> >> > itself to death (audit f a failed message just kept repeating) > >> and was > >> >> > ornery about the license file while updating on new HW, Oracle was > >> >> > just as Oracle can be, the doctor kept me waiting (well, nothing > >> new > >> >> > there:-) and pesky users kept interrupting about me helping them > >> with > >> >> > their *private* WLAN/DSL installs (as if I was going home to > >> them and > >> >> > doing their LAN... Well, perhaps if sufficient amounts of finer > >> booze > >> >> > was at the end of it:), so that I never got any time to install the > >> >> > latest and greatest MS... Grrr.) I'll have time to look at it > >> again in > >> >> > the morning (today). > >> >> > > >> >> > Tired but kind regards > >> >> I get a lot of that "personal" pestering, too. If you tell them up > >> >> front you > >> >> are going to charge them, and make the price high enough, you will > >> >> stop about > >> >> 90% of it. The other 10% is beer money! ;-) > >> >> Just set your rate high enough to be worth your time. > >> > > >> > Trust me, I'm not cheap... The dang thing is that working in the > >> > financial sector... quite a few of them can actually afford it:-). So, > >> > since I really don't want to be straddled with their problems, I tend > >> > to ... exaggerate a bit more:-). > >> > > >> If your still getting too many, then your prices are still too low. > >> Even a > >> rich man has a price that he won't pay! > >> I had a guy the other day that wanted me to do some work, and > >> actually seemed > >> offended that I wouldn't do it for free! Only my family gets work for > >> free. > > > > Exactly... It's actually the richest of them that seem to think we're > > their personal IT-butlers and we should do this service as part of our > > normal work... After a few "explanations" it seem to have sunk in that > > we're not:-) > Start by asking for at least $200 per hour. That usually separates out > the chaff. And they realise that what they've asked you to do isn't the > equivalent of building a flat-pack bookcase. > > Jules I start at the equivalent to $230 - 250... 200 would be a "friendly" price... And real friends get it for free... not counting the booze:-). What shocks me is that some of these rich types actually consider it... I probably will have to raise it before too long:-). Problem whith that kind of job would be that I'd never get away from it ... Any insignificant&unrelated problem would suddenly be part of the deal ("Oh, and the broadband TV needs some adjusting"... "Sure, that will be another hour" ... Not my cup of $HOTBEVERAGE:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ecasarero at gmail.com Fri Feb 2 22:01:52 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Feb 2 21:05:22 2007 Subject: Need help, server running out of space!! In-Reply-To: <20070201160646.B61555@mikea.ath.cx> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> <200702020746160185.28FFA111@smtp1.ace.net.au> <20070201160646.B61555@mikea.ath.cx> Message-ID: <7d9b3cf20702021301j7f584671i9b25c59ff4752417@mail.gmail.com> thanks!!!! i've found the problem. other admin turned on the mailwatch debug and he forgot to turn it off, so the log eat all disk space. Thanks to everybody for your help! 2007/2/1, mikea : > > On Fri, Feb 02, 2007 at 07:46:16AM +1030, Peter Nitschke wrote: > > Have you checked your logs? > > > > *********** REPLY SEPARATOR *********** > > > > On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: > > > > >2007/2/1, Claude Gagn? : > > >> > > >> Empty the quarantine ? > > >> > > > > > >i've already done that and now i have some air, but something is eating > > >space very quick and its not the quarantine. > > > > > > > > >Eduardo Casarero a ?crit : > > >> > > >> hi MS gurus i need your help. I run Mscanner with spamassasing on a > > >> HPDL380, with 1 scsi disk. > > >> > > >> mscanner MailScanner-4.55.10, sendmail > > I have seen some circumstances in which a large file, while consuming > disk space, didn't show up in `ls -l` or in `du` while the process was > running that was writing to the file. You may have to stop MailScanner > and other tools to have a chance of seeing where the big file is. In > the worst case, you'll have to boot to single-user mode, mount the > disks in your fstab, and then examine them. > > Good luck! > > -- > Mike Andrews, W5EGO > mikea@mikea.ath.cx > Tired old sysadmin > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/0cba39c4/attachment.html From res at ausics.net Fri Feb 2 23:25:27 2007 From: res at ausics.net (Res) Date: Fri Feb 2 22:29:05 2007 Subject: Performance In-Reply-To: <45C36D50.7020507@cenpac.net.nr> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> <45C36D50.7020507@cenpac.net.nr> Message-ID: On Sat, 3 Feb 2007, Jon Leeman wrote: > Per some of Glenn's later posts...........anyone remember when open > relay was the norm for MTA's {and SPAM was a in a tin}? I inherited one > (Netscape messenger 3.) about 8 years ago. Yep, thats why early sendmail by default allowed it, back then you could 'trust thy neighbour' when the influx of unstrustworthy no good lamers started to pop up that changed (I think around '97) to not relay by default. Like most things in life "if you abuse it, you lose it". -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Fri Feb 2 23:26:57 2007 From: res at ausics.net (Res) Date: Fri Feb 2 22:30:34 2007 Subject: Phishing whitelist entries not used by MS In-Reply-To: <45C3831A.2020602@itasoftware.com> References: <45C21C00.6060202@itasoftware.com> <45C3831A.2020602@itasoftware.com> Message-ID: On Fri, 2 Feb 2007, Wendi Whitsett wrote: > Is anyone actually using Phishing White listing? With success? Definately -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From itdept at fractalweb.com Sat Feb 3 01:15:16 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Feb 3 00:19:51 2007 Subject: automated mail server stress testing? Message-ID: <45C3D414.9090900@fractalweb.com> Just wondering if there are any programs/scripts/whatever that can put an artificial high load on our new server so we can see if anything breaks *before* we start moving real users to this new box. Ideally, I'd like to create a hundred or so (fake) users, then hit this box with ridiculous amounts of mail (and artificial spam/viruses too) so we can make sure it handles the load without breaking, doesn't let viruses through, etc. Anyone aware of an automated server stress tester such as this? Thanks, Chris From sandrews at andrewscompanies.com Sat Feb 3 01:24:25 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Sat Feb 3 00:27:56 2007 Subject: automated mail server stress testing? References: <45C3D414.9090900@fractalweb.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB0429FC9@winchester.andrewscompanies.com> Have everyone on this list forward their high scoring spam to you? ;) Just kidding. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik Sent: Friday, February 02, 2007 7:15 PM To: MailScanner discussion Subject: automated mail server stress testing? Just wondering if there are any programs/scripts/whatever that can put an artificial high load on our new server so we can see if anything breaks *before* we start moving real users to this new box. Ideally, I'd like to create a hundred or so (fake) users, then hit this box with ridiculous amounts of mail (and artificial spam/viruses too) so we can make sure it handles the load without breaking, doesn't let viruses through, etc. Anyone aware of an automated server stress tester such as this? Thanks, Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Feb 3 01:44:55 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 3 00:48:27 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> <45C36D50.7020507@cenpac.net.nr> Message-ID: <223f97700702021644w2f6872e2id47e836f20886880@mail.gmail.com> On 02/02/07, Res wrote: > On Sat, 3 Feb 2007, Jon Leeman wrote: > > > Per some of Glenn's later posts...........anyone remember when open > > relay was the norm for MTA's {and SPAM was a in a tin}? I inherited one > > (Netscape messenger 3.) about 8 years ago. > > Yep, thats why early sendmail by default allowed it, back then you could > 'trust thy neighbour' when the influx of unstrustworthy no good lamers > started to pop up that changed (I think around '97) to not relay by > default. Like most things in life "if you abuse it, you lose it". > Early sendmail == early 80:ies.... UUCP anyone? Banged adresses (no, not fornication of any kind:-)... Those were the days.... not. Sure, there was a lot less things reminiscent of spam... but really, it wasn't better then (I remember thinking Taylor was such an improvement over HDB (that was sometime 94-ish,wasn't it?)... don't remember why though... active forgetfullness ... the mind is such a pliable thing:-). Back then, a luser could bring your MTA down in flames by using an 8-bit character (if they managed to create one:-)... Things have actually improved. Not spam, but other things:-). Many of you probably remember this more vividly than I:-D Cheers -- -- Glenn (Red this day, not amber) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Sat Feb 3 01:52:53 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 3 00:56:34 2007 Subject: Performance In-Reply-To: <223f97700702021237u14906c02vc2a1bbab28e8bf66@mail.gmail.com> References: <45C03361.5040903@katy.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> <45C39243.6000807@ecs.soton.ac.uk> <223f97700702021237u14906c02vc2a1bbab28e8bf66@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/2/2007 12:37 PM: > On 02/02/07, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Glenn Steen wrote: >> > On 02/02/07, Scott Silva wrote: >> >> Glenn Steen spake the following on 2/2/2007 10:13 AM: >> >> > On 02/02/07, Scott Silva wrote: >> >> >> Glenn Steen spake the following on 2/1/2007 5:59 PM: >> >> >> > On 02/02/07, Peter Russell wrote: >> >> >> >> >> >> >> >> >> >> >> > (snip) >> >> >> >> As you say, after i posted it i did some further research and >> >> found it >> >> >> >> was just a warning - thanks for the explanation. >> >> >> > :-) >> >> >> >> >> I will leave off making any more MTA changes until one of the >> >> >> clever >> >> >> >> >> cloggs can post up some tips... >> >> >> >> > Um, english parser breakdown... Isn't a clogg a sort of >> >> wooden shoe? >> >> >> >> > And a clever clogg is then an intelligent footwear? Sort of >> >> an AI >> >> >> for >> >> >> >> > pedestrian appliances?:-) >> >> >> >> >> >> >> >> Well i didnt wanna say geeks - but there you go you have forced >> >> me. :) >> >> >> > Why thank you... Such high praise...:-):-). >> >> >> > >> >> >> >> >> >> >> >> I made some changes to my main.cf and then telnet in to my >> >> server from >> >> >> >> another network, i can get through helo, MAIL FROM with false >> info >> >> >> - no >> >> >> >> warnings, errors or disconnects. Any idea where i am going >> >> wrong? (i >> >> >> >> have exclude all my pre existing transport map, relay domains >> type >> >> >> >> config) Appreciate any tips or suggestions. >> >> >> >> Pete >> >> >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it >> would >> >> >> > depend on the content of the file I guess... You did remember to >> >> >> > postmap it (and reload postfix after the changes to main.cf)? >> >> >> > With a little luck (all the luck I didn't have today... SSL-X >> >> logged >> >> >> > itself to death (audit f a failed message just kept repeating) >> >> and was >> >> >> > ornery about the license file while updating on new HW, Oracle >> was >> >> >> > just as Oracle can be, the doctor kept me waiting (well, nothing >> >> new >> >> >> > there:-) and pesky users kept interrupting about me helping them >> >> with >> >> >> > their *private* WLAN/DSL installs (as if I was going home to >> >> them and >> >> >> > doing their LAN... Well, perhaps if sufficient amounts of finer >> >> booze >> >> >> > was at the end of it:), so that I never got any time to >> install the >> >> >> > latest and greatest MS... Grrr.) I'll have time to look at it >> >> again in >> >> >> > the morning (today). >> >> >> > >> >> >> > Tired but kind regards >> >> >> I get a lot of that "personal" pestering, too. If you tell them up >> >> >> front you >> >> >> are going to charge them, and make the price high enough, you will >> >> >> stop about >> >> >> 90% of it. The other 10% is beer money! ;-) >> >> >> Just set your rate high enough to be worth your time. >> >> > >> >> > Trust me, I'm not cheap... The dang thing is that working in the >> >> > financial sector... quite a few of them can actually afford >> it:-). So, >> >> > since I really don't want to be straddled with their problems, I >> tend >> >> > to ... exaggerate a bit more:-). >> >> > >> >> If your still getting too many, then your prices are still too low. >> >> Even a >> >> rich man has a price that he won't pay! >> >> I had a guy the other day that wanted me to do some work, and >> >> actually seemed >> >> offended that I wouldn't do it for free! Only my family gets work for >> >> free. >> > >> > Exactly... It's actually the richest of them that seem to think we're >> > their personal IT-butlers and we should do this service as part of our >> > normal work... After a few "explanations" it seem to have sunk in that >> > we're not:-) >> Start by asking for at least $200 per hour. That usually separates out >> the chaff. And they realise that what they've asked you to do isn't the >> equivalent of building a flat-pack bookcase. >> >> Jules > > I start at the equivalent to $230 - 250... 200 would be a "friendly" > price... And real friends get it for free... not counting the > booze:-). What shocks me is that some of these rich types actually > consider it... I probably will have to raise it before too long:-). > Problem whith that kind of job would be that I'd never get away from > it ... Any insignificant&unrelated problem would suddenly be part of > the deal ("Oh, and the broadband TV needs some adjusting"... "Sure, > that will be another hour" ... Not my cup of $HOTBEVERAGE:-) I sometimes give away PC's to people without. People asked me why I didn't sell them. For the same reason... If I sell it I have to support it. But if it is free, you are on your own. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Sat Feb 3 01:57:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 3 01:01:09 2007 Subject: automated mail server stress testing? In-Reply-To: <45C3D414.9090900@fractalweb.com> References: <45C3D414.9090900@fractalweb.com> Message-ID: <223f97700702021657l4b456e87lea493e8e64ae0d1f@mail.gmail.com> On 03/02/07, Chris Yuzik wrote: > Just wondering if there are any programs/scripts/whatever that can put > an artificial high load on our new server so we can see if anything > breaks *before* we start moving real users to this new box. > > Ideally, I'd like to create a hundred or so (fake) users, then hit this > box with ridiculous amounts of mail (and artificial spam/viruses too) so > we can make sure it handles the load without breaking, doesn't let > viruses through, etc. > > Anyone aware of an automated server stress tester such as this? > Depends a bit... You could snarf a copy of yoour real data and feed into this new one (roundhouse, alwasys_bcc in PF etc), or you could use postal (http://www.coker.com.au/postal/)... or write your own:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Sat Feb 3 02:12:45 2007 From: res at ausics.net (Res) Date: Sat Feb 3 01:16:23 2007 Subject: Performance In-Reply-To: <223f97700702021644w2f6872e2id47e836f20886880@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> <45C36D50.7020507@cenpac.net.nr> <223f97700702021644w2f6872e2id47e836f20886880@mail.gmail.com> Message-ID: On Sat, 3 Feb 2007, Glenn Steen wrote: >> Yep, thats why early sendmail by default allowed it, back then you could >> 'trust thy neighbour' when the influx of unstrustworthy no good lamers >> started to pop up that changed (I think around '97) to not relay by >> default. Like most things in life "if you abuse it, you lose it". >> > Early sendmail == early 80:ies.... UUCP anyone? Banged adresses (no, > not fornication of any kind:-)... Those were the days.... not. Sure, About 84/85 I think? > there was a lot less things reminiscent of spam... but really, it Naturally, after all back then the internet was only then starting to be a public thing ('82?) and no bastard could afford it :) ARPANET really did the hard yards earlier for about 10 (?) years earlier, I think there was another around the same time but name escapes me. > Many of you probably remember this more vividly than I:-D If they do Glenn, it will I'm sure make at least yourself and I feel much younger than we are :D SO SPEAK UP someone :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From MailScanner at ecs.soton.ac.uk Sat Feb 3 14:18:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 3 13:23:02 2007 Subject: automated mail server stress testing? In-Reply-To: <45C3D414.9090900@fractalweb.com> References: <45C3D414.9090900@fractalweb.com> Message-ID: <45C48B9B.3010000@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do this by using a little milter that a friend (Matt) wrote for me. You can also use one of the milters on www.snertsoft.com as well, there is one there that will do it you. What you need is this basically a) Your real MXs have this filter installed to add (bcc) recipients to every message. For each recipient you add, you change the domain name to something made up, so in my case I add test@alegriatest1.com test@alegriatest2.com test@alegriatest3.com test@alegriatest4.com test@alegriatest5.com Then you have a mailertable that directs mail to all those domains to your test box, likethis: alegriatest1.com esmtp:[alegria.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] alegriatest2.com esmtp:[alegria2.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] alegriatest3.com esmtp:[alegria3.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] alegriatest4.com esmtp:[alegria4.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] I use different hostnames for each one so that sendmail cannot possibly realise that these messages are going to the same place, and therefore merge them back in 1 message with multiple recipients. Sendmail is very good at doing that, and you have to try quite hard to stop it. That gets 5 copies of your incoming mail going to your test server. You then turn that test server into a dumb relay that MailScanners all its mail and sends it all to another host, which sinks all incoming mail to /dev/null, which you can do with a sendmail.mc that includes define(`LUSER_RELAY', `local:nobody') and then has an alias in /etc/aliases "nobody" to "/dev/null". This all means that your test server does not only test the MailScanner load, but also all the SMTP traffic load of the mail coming in and mail going out. This is the best of building a test setup that I have found. Sorry if it sounds a bit complicated, just build and test it one step at a time. My incoming feed is about 200k messages and my test server can handle 16 times that with all MailScanner and SpamAssassin options switched on, using sendmail. That's 3.2m messages per day without the queue building up. Chris Yuzik wrote: > Just wondering if there are any programs/scripts/whatever that can put > an artificial high load on our new server so we can see if anything > breaks *before* we start moving real users to this new box. > > Ideally, I'd like to create a hundred or so (fake) users, then hit > this box with ridiculous amounts of mail (and artificial spam/viruses > too) so we can make sure it handles the load without breaking, doesn't > let viruses through, etc. > > Anyone aware of an automated server stress tester such as this? > > Thanks, > Chris Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFxIvJEfZZRxQVtlQRAutSAKCzP+oUYv/ekBotZfHlkLKagsS5+gCeLDDL 5kMjRKyVC/XGFk9VE7VD1oQ= =MjY+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From kimptoc at gmail.com Sat Feb 3 15:54:35 2007 From: kimptoc at gmail.com (Chris Kimpton) Date: Sat Feb 3 14:58:08 2007 Subject: More filesys df issues Message-ID: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> Hi, I think I am possibly posting on the wrong forum, but let me start here. And yes, I know I raised a similar issue a few weeks ago - but that was for a different box... I had mailscanner running on a gentoo linux box but this stopped working around 3-4 months and I am now trying to sort it out. I have gone through the steps I did for the other box that had a problem - it looks like Filesys::Df is missing from perl. This is the error I get when debugging MailScanner: ... [16331] dbg: check: is spam? score=2.906 required=5 [16331] dbg: check: tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [16331] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [16331] dbg: bayes: untie-ing [16331] dbg: bayes: untie-ing db_toks [16331] dbg: bayes: untie-ing db_seen Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 820 Undefined subroutine &MailScanner::Message::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1718. Line 1718 is this one: my $df = df($dir, 1024); On the other box, I could use g-cpan to install Filesys::Df with no problem. On this box, g-cpan just hangs. So I tried installing it via perl CPAN shell- which seems to install ok - but I still get the above error. Comparing the boxes, it seems the working one installs Filesys::Df into /usr/lib/.../vendor_perl directory, but my broken box has it in site_perl. I guess I probably need to learn more perl to fix the issue - but if someone does have any thoughts on this, it would be appreciated. Thanks in advance,. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070203/44c4c8cf/attachment.html From MailScanner at ecs.soton.ac.uk Sat Feb 3 17:34:03 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 3 16:37:54 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> Message-ID: <45C4B97B.5080102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Kimpton wrote: > Hi, > > I think I am possibly posting on the wrong forum, but let me start > here. And yes, I know I raised a similar issue a few weeks ago - but > that was for a different box... > > I had mailscanner running on a gentoo linux box but this stopped > working around 3-4 months and I am now trying to sort it out. I have > gone through the steps I did for the other box that had a problem - it > looks like Filesys::Df is missing from perl. > > This is the error I get when debugging MailScanner: > > ... > [16331] dbg: check: is spam? score=2.906 required=5 > [16331] dbg: check: > tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > [16331] dbg: check: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > [16331] dbg: bayes: untie-ing > [16331] dbg: bayes: untie-ing db_toks > [16331] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &MailScanner::Message::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1718. > > Line 1718 is this one: > > my $df = df($dir, 1024); Try changing that to my $df = Filesys::Df::df($dir, 1024); and let me know if this helps at all. > > On the other box, I could use g-cpan to install Filesys::Df with no > problem. On this box, g-cpan just hangs. So I tried installing it > via perl CPAN shell- which seems to install ok - but I still get the > above error. > > Comparing the boxes, it seems the working one installs Filesys::Df > into /usr/lib/.../vendor_perl directory, but my broken box has it in > site_perl. > > I guess I probably need to learn more perl to fix the issue - but if > someone does have any thoughts on this, it would be appreciated. > > Thanks in advance,. > Chris Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFxLl9EfZZRxQVtlQRAovaAKDGmbMuEww7OXFZQh1Z5Je1oeAxkACgprgn fsr3GfCNgnzG0Fo5kDzNgAE= =WoTQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From root at doctor.nl2k.ab.ca Sat Feb 3 18:29:55 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Feb 3 17:34:33 2007 Subject: More filesys df issues In-Reply-To: <45C4B97B.5080102@ecs.soton.ac.uk> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> Message-ID: <20070203172954.GA27669@doctor.nl2k.ab.ca> On Sat, Feb 03, 2007 at 04:34:03PM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Chris Kimpton wrote: > > Hi, > > > > I think I am possibly posting on the wrong forum, but let me start > > here. And yes, I know I raised a similar issue a few weeks ago - but > > that was for a different box... > > > > I had mailscanner running on a gentoo linux box but this stopped > > working around 3-4 months and I am now trying to sort it out. I have > > gone through the steps I did for the other box that had a problem - it > > looks like Filesys::Df is missing from perl. > > > > This is the error I get when debugging MailScanner: > > > > ... > > [16331] dbg: check: is spam? score=2.906 required=5 > > [16331] dbg: check: > > tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > > [16331] dbg: check: > > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > > > [16331] dbg: bayes: untie-ing > > [16331] dbg: bayes: untie-ing db_toks > > [16331] dbg: bayes: untie-ing db_seen > > Ignore errors about failing to find EOCD signature > > format error: can't find EOCD signature > > at /usr/sbin/MailScanner line 820 > > Undefined subroutine &MailScanner::Message::df called at > > /usr/lib/MailScanner/MailScanner/Message.pm line 1718. > > > > Line 1718 is this one: > > > > my $df = df($dir, 1024); > Try changing that to > my $df = Filesys::Df::df($dir, 1024); > and let me know if this helps at all. > > > > On the other box, I could use g-cpan to install Filesys::Df with no > > problem. On this box, g-cpan just hangs. So I tried installing it > > via perl CPAN shell- which seems to install ok - but I still get the > > above error. > > > > Comparing the boxes, it seems the working one installs Filesys::Df > > into /usr/lib/.../vendor_perl directory, but my broken box has it in > > site_perl. > > > > I guess I probably need to learn more perl to fix the issue - but if > > someone does have any thoughts on this, it would be appreciated. > > > > Thanks in advance,. > > Chris > So we be delaying implementation of the latest because of this? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kimptoc at gmail.com Sat Feb 3 18:33:37 2007 From: kimptoc at gmail.com (Chris Kimpton) Date: Sat Feb 3 17:37:11 2007 Subject: More filesys df issues In-Reply-To: <45C4B97B.5080102@ecs.soton.ac.uk> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> Message-ID: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Hi Julian, Thanks for the quick reply. Tried the setting but the error is largely the same: [17119] dbg: bayes: untie-ing [17119] dbg: bayes: untie-ing db_toks [17119] dbg: bayes: untie-ing db_seen Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 820 Undefined subroutine &Filesys::Df::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1719. My line now looks like this (just double checking) my $df = Filesys::Df::df($dir, 1024); Probably not related but it does just sit there for 5-10 minutes before it gives the error. Thanks, Chris On 2/3/07, Julian Field wrote: > > Try changing that to > my $df = Filesys::Df::df($dir, 1024); > and let me know if this helps at all. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070203/b51ee8c8/attachment.html From uxbod at splatnix.net Sat Feb 3 21:57:34 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 20:57:42 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Message-ID: <20070203205734.602a1c74@uxbod.splatnix.net> Chris, I am running on Gentoo so what would be useful is the following :- 1) emerge gentoolkit 2) equery list | grep perl and post the result. Thanks, On Sat, 3 Feb 2007 17:33:37 +0000 "Chris Kimpton" wrote: > Hi Julian, > > Thanks for the quick reply. > > Tried the setting but the error is largely the same: > > [17119] dbg: bayes: untie-ing > [17119] dbg: bayes: untie-ing db_toks > [17119] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &Filesys::Df::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1719. > > My line now looks like this (just double checking) > > my $df = Filesys::Df::df($dir, 1024); > > Probably not related but it does just sit there for 5-10 minutes before it > gives the error. > > Thanks, > Chris > > > On 2/3/07, Julian Field wrote: > > > > Try changing that to > > my $df = Filesys::Df::df($dir, 1024); > > and let me know if this helps at all. > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sat Feb 3 22:00:48 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 21:00:56 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Message-ID: <20070203210048.2814b8bd@uxbod.splatnix.net> Hmmm, you probably want to emerge dev-perl/Filesys-DiskSpace but what is strange is that I don't have that module installed, yet my system works fine. Is there a condition on that module being used Julian ? On Sat, 3 Feb 2007 17:33:37 +0000 "Chris Kimpton" wrote: > Hi Julian, > > Thanks for the quick reply. > > Tried the setting but the error is largely the same: > > [17119] dbg: bayes: untie-ing > [17119] dbg: bayes: untie-ing db_toks > [17119] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &Filesys::Df::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1719. > > My line now looks like this (just double checking) > > my $df = Filesys::Df::df($dir, 1024); > > Probably not related but it does just sit there for 5-10 minutes before it > gives the error. > > Thanks, > Chris > > > On 2/3/07, Julian Field wrote: > > > > Try changing that to > > my $df = Filesys::Df::df($dir, 1024); > > and let me know if this helps at all. > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sat Feb 3 22:05:25 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 21:05:33 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Message-ID: <20070203210525.1fb5a23a@uxbod.splatnix.net> Arghh, what version of perl are you running ? I am on 5.8.8 ~x86_64 branch, and I reckon that this has now been included in the default installation of Perl. Just emerge the last package I said and you should be okay. UxBoD On Sat, 3 Feb 2007 17:33:37 +0000 "Chris Kimpton" wrote: > Hi Julian, > > Thanks for the quick reply. > > Tried the setting but the error is largely the same: > > [17119] dbg: bayes: untie-ing > [17119] dbg: bayes: untie-ing db_toks > [17119] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &Filesys::Df::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1719. > > My line now looks like this (just double checking) > > my $df = Filesys::Df::df($dir, 1024); > > Probably not related but it does just sit there for 5-10 minutes before it > gives the error. > > Thanks, > Chris > > > On 2/3/07, Julian Field wrote: > > > > Try changing that to > > my $df = Filesys::Df::df($dir, 1024); > > and let me know if this helps at all. > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nerijusb at dtiltas.lt Sat Feb 3 22:37:18 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Sat Feb 3 21:43:40 2007 Subject: New Beta 4.58.6 released In-Reply-To: <223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com> References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com><223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com><45BFD212.6090204@rogers.com> <223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com> Message-ID: <20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> On Wed, 31 Jan 2007 10:08:03 +0100 Glenn Steen wrote: > > Thanks for the details Glenn. Am i correct in understanding that this > > will only affect users of milters? > > > Yes. Seems you don't have to have it actually "edit" anything though, > the p record "placeholders" will be added just by enabling it... Then > again, why would one have a milter that was in effect a "dummy":-). Why not? For example milter-greylist accepts or rejects message (and can add a header, but it's not important and can be disabled), so if Postfix didn't add p placeholders in such case, milter-greylist would have worked without modifying MS... > Seems most people don't use the milter option in 2.3 in conjunction > with MailScanner, since we've had one (1) request in this area > (Nerijus:) for all the time 2.3 has eben around. :) Thanks Glenn for your patches! Regards, Nerijus From glenn.steen at gmail.com Sat Feb 3 22:49:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 3 21:53:26 2007 Subject: New Beta 4.58.6 released In-Reply-To: <20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com> <223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com> <45BFD212.6090204@rogers.com> <223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com> <20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> Message-ID: <223f97700702031349w4e9be3a6meee9118a8b7cddaa@mail.gmail.com> On 03/02/07, Nerijus Baliunas wrote: > On Wed, 31 Jan 2007 10:08:03 +0100 Glenn Steen wrote: > > > > Thanks for the details Glenn. Am i correct in understanding that this > > > will only affect users of milters? > > > > > Yes. Seems you don't have to have it actually "edit" anything though, > > the p record "placeholders" will be added just by enabling it... Then > > again, why would one have a milter that was in effect a "dummy":-). > > Why not? For example milter-greylist accepts or rejects message (and > can add a header, but it's not important and can be disabled), so if > Postfix didn't add p placeholders in such case, milter-greylist would > have worked without modifying MS... Not quite, since it actually adds a header... In the spirit of "Kilroy was here";-) > > Seems most people don't use the milter option in 2.3 in conjunction > > with MailScanner, since we've had one (1) request in this area > > (Nerijus:) for all the time 2.3 has eben around. > > :) Thanks Glenn for your patches! You're welcome... Still working OK for you? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kimptoc at gmail.com Sun Feb 4 00:17:56 2007 From: kimptoc at gmail.com (Chris Kimpton) Date: Sat Feb 3 23:21:32 2007 Subject: More filesys df issues In-Reply-To: <20070203210525.1fb5a23a@uxbod.splatnix.net> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> <20070203210525.1fb5a23a@uxbod.splatnix.net> Message-ID: <655b3580702031517s225ab519i7f80d620f5c083c2@mail.gmail.com> Hi, I had dev-perl/Filesys-DiskSpace-0.05 installed. So I removed it and tried again and that seemed to fix it - seems like it was causing a conflict. Its now working its way through the backlog ;-) For the record the perl version is this: quarks2 ~ # perl -v This is perl, v5.8.8 built for i686-linux The equery list gives these: quarks2 ~ # equery list | grep perl app-admin/perl-cleaner-1.04.3 dev-lang/perl-5.8.8-r2 dev-perl/Archive-Tar-1.28 dev-perl/Archive-Zip-1.16 dev-perl/Bit-Vector-6.4 dev-perl/Carp-Clan-5.3 dev-perl/Class-MethodMaker-2.08 dev-perl/Compress-Raw-Zlib-2.001 dev-perl/Compress-Zlib-2.001 dev-perl/Convert-BinHex-1.119 dev-perl/Convert-TNEF-0.17-r2 dev-perl/Crypt-SSLeay-0.51-r1 dev-perl/DBD-SQLite-1.11 dev-perl/DBD-mysql-2.9007 dev-perl/DBI-1.50 dev-perl/Date-Calc-5.4 dev-perl/Digest-HMAC-1.01-r1 dev-perl/Digest-SHA1-2.11 dev-perl/ExtUtils-CBuilder-0.15 dev-perl/HTML-Parser-3.48 dev-perl/HTML-Tagset-3.10 dev-perl/HTML-Tree-3.19.01 dev-perl/IO-Compress-Base-2.001 dev-perl/IO-Compress-Zlib-2.001 dev-perl/IO-Socket-INET6-2.51 dev-perl/IO-Socket-SSL-0.97 dev-perl/IO-String-1.08 dev-perl/IO-Zlib-1.04 dev-perl/IO-stringy-2.110 dev-perl/Locale-gettext-1.05 dev-perl/Log-Agent-0.307 dev-perl/MIME-tools-5.417 dev-perl/MailTools-1.67 dev-perl/Net-CIDR-0.11 dev-perl/Net-DNS-0.53-r1 dev-perl/Net-Daemon-0.38 dev-perl/Net-IP-1.24 dev-perl/Net-SSLeay-1.25 dev-perl/PlRPC-0.2018 dev-perl/Shell-EnvImporter-1.04 dev-perl/Socket6-0.17 dev-perl/Sys-Hostname-Long-1.2 dev-perl/Tie-IxHash-1.21-r1 dev-perl/TimeDate-1.16 dev-perl/URI-1.35 dev-perl/XML-NamespaceSupport-1.09 dev-perl/XML-Parser-2.34 dev-perl/XML-SAX-0.14-r1 dev-perl/XML-Simple-2.14 dev-perl/extutils-parsexs-2.15 dev-perl/libwww- perl-5.803-r1 dev-perl/module-build-0.28 dev-perl/yaml-0.39 perl-core/DB_File-1.814 perl-core/Digest-MD5-2.33 perl-core/File-Spec-3.12 perl-core/File-Temp-0.16 perl-core/Getopt-Long-2.34 perl-core/MIME- Base64-3.05 perl-core/PodParser-1.32 perl-core/Storable-2.15 perl-core/Sys-Syslog-0.18 perl-core/Test-Harness-2.56 perl-core/Test-Simple-0.64 perl-core/digest-base-1.13 perl-core/libnet-1.19 sys-devel/libperl- 5.8.8-r1 virtual/perl-DB_File-1.814 virtual/perl-Digest-MD5-2.36 virtual/perl-File-Spec-3.12 virtual/perl-File-Temp-0.16 virtual/perl-Getopt-Long-2.35 virtual/perl-MIME-Base64-3.07 virtual/perl-PodParser-1.34 virtual/perl-Scalar-List-Utils-1.18 virtual/perl-Storable-2.15 virtual/perl-Sys-Syslog-0.18 virtual/perl-Test-Harness-2.56 virtual/perl-Test-Simple-0.64 virtual/perl-Time-HiRes-1.86 virtual/perl-digest-base-1.13 virtual/perl-libnet-1.19 Many Thanks for the help, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070203/47b28494/attachment.html From uxbod at splatnix.net Sun Feb 4 00:35:31 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 23:35:42 2007 Subject: More filesys df issues In-Reply-To: <655b3580702031517s225ab519i7f80d620f5c083c2@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> <20070203210525.1fb5a23a@uxbod.splatnix.net> <655b3580702031517s225ab519i7f80d620f5c083c2@mail.gmail.com> Message-ID: <20070203233531.08c8ac1a@uxbod.splatnix.net> On Sat, 3 Feb 2007 23:17:56 +0000 "Chris Kimpton" wrote: > Hi, > > I had dev-perl/Filesys-DiskSpace-0.05 installed. So I removed it and > tried again and that seemed to fix it - seems like it was causing a > conflict. Its now working its way through the backlog ;-) > > For the record the perl version is this: > > quarks2 ~ # perl -v > This is perl, v5.8.8 built for i686-linux > > The equery list gives these: > > quarks2 ~ # equery list | grep perl > app-admin/perl-cleaner-1.04.3 > dev-lang/perl-5.8.8-r2 > dev-perl/Archive-Tar-1.28 > dev-perl/Archive-Zip-1.16 > dev-perl/Bit-Vector-6.4 > dev-perl/Carp-Clan-5.3 > dev-perl/Class-MethodMaker-2.08 > dev-perl/Compress-Raw-Zlib-2.001 > dev-perl/Compress-Zlib-2.001 > dev-perl/Convert-BinHex-1.119 > dev-perl/Convert-TNEF-0.17-r2 > dev-perl/Crypt-SSLeay-0.51-r1 > dev-perl/DBD-SQLite-1.11 > dev-perl/DBD-mysql-2.9007 > dev-perl/DBI-1.50 > dev-perl/Date-Calc-5.4 > dev-perl/Digest-HMAC-1.01-r1 > dev-perl/Digest-SHA1-2.11 > dev-perl/ExtUtils-CBuilder-0.15 > dev-perl/HTML-Parser-3.48 > dev-perl/HTML-Tagset-3.10 > dev-perl/HTML-Tree-3.19.01 > dev-perl/IO-Compress-Base-2.001 > dev-perl/IO-Compress-Zlib-2.001 > dev-perl/IO-Socket-INET6-2.51 > dev-perl/IO-Socket-SSL-0.97 > dev-perl/IO-String-1.08 > dev-perl/IO-Zlib-1.04 > dev-perl/IO-stringy-2.110 > dev-perl/Locale-gettext-1.05 > dev-perl/Log-Agent-0.307 > dev-perl/MIME-tools-5.417 > dev-perl/MailTools-1.67 > dev-perl/Net-CIDR-0.11 > dev-perl/Net-DNS-0.53-r1 > dev-perl/Net-Daemon-0.38 > dev-perl/Net-IP-1.24 > dev-perl/Net-SSLeay-1.25 > dev-perl/PlRPC-0.2018 > dev-perl/Shell-EnvImporter-1.04 > dev-perl/Socket6-0.17 > dev-perl/Sys-Hostname-Long-1.2 > dev-perl/Tie-IxHash-1.21-r1 > dev-perl/TimeDate-1.16 > dev-perl/URI-1.35 > dev-perl/XML-NamespaceSupport-1.09 > dev-perl/XML-Parser-2.34 > dev-perl/XML-SAX-0.14-r1 > dev-perl/XML-Simple-2.14 > dev-perl/extutils-parsexs-2.15 > dev-perl/libwww- perl-5.803-r1 > dev-perl/module-build-0.28 > dev-perl/yaml-0.39 > perl-core/DB_File-1.814 > perl-core/Digest-MD5-2.33 > perl-core/File-Spec-3.12 > perl-core/File-Temp-0.16 > perl-core/Getopt-Long-2.34 > perl-core/MIME- Base64-3.05 > perl-core/PodParser-1.32 > perl-core/Storable-2.15 > perl-core/Sys-Syslog-0.18 > perl-core/Test-Harness-2.56 > perl-core/Test-Simple-0.64 > perl-core/digest-base-1.13 > perl-core/libnet-1.19 > sys-devel/libperl- 5.8.8-r1 > virtual/perl-DB_File-1.814 > virtual/perl-Digest-MD5-2.36 > virtual/perl-File-Spec-3.12 > virtual/perl-File-Temp-0.16 > virtual/perl-Getopt-Long-2.35 > virtual/perl-MIME-Base64-3.07 > virtual/perl-PodParser-1.34 > virtual/perl-Scalar-List-Utils-1.18 > virtual/perl-Storable-2.15 > virtual/perl-Sys-Syslog-0.18 > virtual/perl-Test-Harness-2.56 > virtual/perl-Test-Simple-0.64 > virtual/perl-Time-HiRes-1.86 > virtual/perl-digest-base-1.13 > virtual/perl-libnet-1.19 > > > Many Thanks for the help, > Chris > No problem - Glad ya back up and running :) UxBoD -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Feb 4 02:03:01 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun Feb 4 01:03:12 2007 Subject: NOD32 Message-ID: <20070204010301.5803209f@uxbod.splatnix.net> Hi, Just purchased NOD32 and all is working fine apart from the auto-update. Looking at the virus-scanners.conf file the scripts in the lib directory are the same for both pre 1.99 and post 1.99 versions. Is this correct ? TIA, UxBoD -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Sun Feb 4 05:07:15 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Feb 4 04:11:17 2007 Subject: OT: migrate email users from FC2 to Centos? Message-ID: <45C55BF3.7010603@fractalweb.com> Hi everyone, Sorry to bother the list with this question, but I have been googling for at least an hour; additionally, nobody on IRC this evening seems to have any idea. Furthermore, the people on this list have historically proven to be far more knowledgeable with matters such as this than the general population. I'm going to need to migrate all of my users from an old Fedora Core 2 server (about to be put out to pasture) to a Centos 4.4 server. I had hoped to create a script to move the users and encrypted passwords to the new box, but much to my chagrin, it seems that there's a difference with the password hash algorithm between the two boxes. I tested with a sample account and the same password appears very differently in the passwd files on the two systems. For example, the same password "asdf" appears as this: FC2 box: $1$jGZoIM.O$uuiSTyDSdRx000EhzA.gi1 Centos box: $1$70559337$sp1596qcHpI06I2lH1fhI0 I would really rather not have to go through the hassle and inconvenience creating new passwords for everyone and manually changing the users' email client settings. Does anyone know of a utility or script that can convert passwords from Fedora to Centos? Thanks, Chris From doc at maddoc.net Sun Feb 4 05:45:25 2007 From: doc at maddoc.net (Doc Schneider) Date: Sun Feb 4 04:49:01 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C55BF3.7010603@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> Message-ID: <45C564E5.3010700@maddoc.net> Chris Yuzik wrote: > Hi everyone, > > Sorry to bother the list with this question, but I have been googling > for at least an hour; additionally, nobody on IRC this evening seems to > have any idea. Furthermore, the people on this list have historically > proven to be far more knowledgeable with matters such as this than the > general population. > > I'm going to need to migrate all of my users from an old Fedora Core 2 > server (about to be put out to pasture) to a Centos 4.4 server. I had > hoped to create a script to move the users and encrypted passwords to > the new box, but much to my chagrin, it seems that there's a difference > with the password hash algorithm between the two boxes. > > I tested with a sample account and the same password appears very > differently in the passwd files on the two systems. For example, the > same password "asdf" appears as this: > > FC2 box: $1$jGZoIM.O$uuiSTyDSdRx000EhzA.gi1 > Centos box: $1$70559337$sp1596qcHpI06I2lH1fhI0 > > I would really rather not have to go through the hassle and > inconvenience creating new passwords for everyone and manually changing > the users' email client settings. Does anyone know of a utility or > script that can convert passwords from Fedora to Centos? > > Thanks, > Chris I just did a server upgrade new MB/CPU/RAM and moved from RH 7.2 (I know it was old) to CentOS 4.4 64 bit and just copied over the /etc/passwd group gshadow and shadow and no problems. Of course I had to merge them somewhat for system users but that was pretty easy. You could always take the old files and put them in /etc but of course you would need to keep the new ones made by CentOS and add in any uses the system needs. This is what I did. no need to convert anything.. they're both RH based systems. Of course, YMMV. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From jon at radel.com Sun Feb 4 06:26:37 2007 From: jon at radel.com (Jon Radel) Date: Sun Feb 4 05:30:18 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C55BF3.7010603@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> Message-ID: <45C56E8D.10601@radel.com> Chris Yuzik wrote: > > I tested with a sample account and the same password appears very > differently in the passwd files on the two systems. For example, the > same password "asdf" appears as this: > > FC2 box: $1$jGZoIM.O$uuiSTyDSdRx000EhzA.gi1 > Centos box: $1$70559337$sp1596qcHpI06I2lH1fhI0 > > I would really rather not have to go through the hassle and > inconvenience creating new passwords for everyone and manually changing > the users' email client settings. Does anyone know of a utility or > script that can convert passwords from Fedora to Centos? Not needed. Suggest you copy your FC2 entry above to the CentOS just to convince yourself. Then set two accounts on FC2 to the same password and compare the hashes on those. Google on "MD5 salt" for info on what is happening. Short version: If the same password always gave the same MD5 hash, an attacker would simply build a dictionary of the hash resulting from all "common" passwords, do a simple lookup of each entry from your /etc, and probably own your box in mere seconds. It would also be possible to tell if two people had the same password because they'd have the same hash. All very bad. So you use what are supposed to be 8 random characters to "salt" the hash. It drastically slows certain attacks. Very short version: $1$jGZoIM.O$ <> $1$70559337$ --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070204/928dddd8/smime.bin From leiw324 at yahoo.com.hk Sun Feb 4 09:22:22 2007 From: leiw324 at yahoo.com.hk (Wilson Kwok) Date: Sun Feb 4 08:26:00 2007 Subject: How to block domain ? Message-ID: <614018.84183.qm@web54404.mail.yahoo.com> Hi, Where can define to block domain in MailScanner.conf ? Thanks _______________________________________ YM - Â÷½u°T®§ ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C http://messenger.yahoo.com.hk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070204/3e186c7a/attachment.html From ms-list at alexb.ch Sun Feb 4 10:06:35 2007 From: ms-list at alexb.ch (Alex Broens) Date: Sun Feb 4 09:10:19 2007 Subject: NOD32 In-Reply-To: <20070204010301.5803209f@uxbod.splatnix.net> References: <20070204010301.5803209f@uxbod.splatnix.net> Message-ID: <45C5A21B.70906@alexb.ch> On 2/4/2007 2:03 AM, --[ UxBoD ]-- wrote: > Hi, > > Just purchased NOD32 and all is working fine apart from the auto-update. Looking at the virus-scanners.conf file the > scripts in the lib directory are the same for both pre 1.99 and post 1.99 versions. Is this correct ? > Did you enter your user name & passwd in /etc/nod32/nod32.auth all MS should do is run nod32_update (can't check the scritp in lib, atm) Alex From res at ausics.net Sun Feb 4 12:11:04 2007 From: res at ausics.net (Res) Date: Sun Feb 4 11:14:49 2007 Subject: How to block domain ? In-Reply-To: <614018.84183.qm@web54404.mail.yahoo.com> References: <614018.84183.qm@web54404.mail.yahoo.com> Message-ID: Hi, On Sun, 4 Feb 2007, Wilson Kwok wrote: > Where can define to block domain in MailScanner.conf ? If you need to block domain, that's best done in your MTA. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From email at ace.net.au Sun Feb 4 12:24:04 2007 From: email at ace.net.au (Peter Nitschke) Date: Sun Feb 4 11:29:14 2007 Subject: add high scoring spam to my rbl list In-Reply-To: References: Message-ID: <200702042154040364.365488E3@smtp1.ace.net.au> >> Although not exactly what you're looking for, the Vispan project does >> essentially what I think you are looking to do. It simply examines >> MailScanner's log and keeps track of spammers. If a certain spammer >> sends more spams within a specified amount of time then what you >allow, >> then it automatically adds that sender to your access list so that >it's >> denied at the MTA level. >> >Looks like your reply has really hit the jackpot. After searching along >these lines, I've found a gentleman who has patched vispan to do exactly >that. Add them to a rbldns! I will be installing vispan tonight along >with the patches. On a futher note, the author of vispan has implemented >the patch into the main program and is testing as we speak! Any more news on this? From alex at nkpanama.com Sun Feb 4 16:45:37 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 4 15:50:50 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C55BF3.7010603@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> Message-ID: <45C5FFA1.6060304@nkpanama.com> Chris Yuzik wrote: > I tested with a sample account and the same password appears very > differently in the passwd files on the two systems. For example, the > same password "asdf" appears as this: As mentioned by Jon in an earlier post, the different hashes all are valid for the same password. What I usually do is copy all *real* users (uid 500 and up) from one place to the other (watch out for permission issues), but you can also use Webmin to transfer from one to the other. From itdept at fractalweb.com Sun Feb 4 17:27:45 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Feb 4 16:31:52 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C56E8D.10601@radel.com> References: <45C55BF3.7010603@fractalweb.com> <45C56E8D.10601@radel.com> Message-ID: <45C60981.1020704@fractalweb.com> Jon Radel wrote: > Not needed. Suggest you copy your FC2 entry above to the CentOS just to > convince yourself. Then set two accounts on FC2 to the same password > and compare the hashes on those. > > Google on "MD5 salt" for info on what is happening. Short version: If > the same password always gave the same MD5 hash, an attacker would > simply build a dictionary of the hash resulting from all "common" > passwords, do a simple lookup of each entry from your /etc, and probably > own your box in mere seconds. It would also be possible to tell if two > people had the same password because they'd have the same hash. All > very bad. So you use what are supposed to be 8 random characters to > "salt" the hash. It drastically slows certain attacks. > > Very short version: > > $1$jGZoIM.O$ <> $1$70559337$ Jon, Thank you. This makes perfect sense. I appreciate the quick response. Chris From glenn.steen at gmail.com Mon Feb 5 10:26:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 09:29:55 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C60981.1020704@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> <45C56E8D.10601@radel.com> <45C60981.1020704@fractalweb.com> Message-ID: <223f97700702050126t2d649834q69bec405c58d61b9@mail.gmail.com> On 04/02/07, Chris Yuzik wrote: > Jon Radel wrote: > > Not needed. Suggest you copy your FC2 entry above to the CentOS just to > > convince yourself. Then set two accounts on FC2 to the same password > > and compare the hashes on those. > > > > Google on "MD5 salt" for info on what is happening. Short version: If > > the same password always gave the same MD5 hash, an attacker would > > simply build a dictionary of the hash resulting from all "common" > > passwords, do a simple lookup of each entry from your /etc, and probably > > own your box in mere seconds. It would also be possible to tell if two > > people had the same password because they'd have the same hash. All > > very bad. So you use what are supposed to be 8 random characters to > > "salt" the hash. It drastically slows certain attacks. > > > > Very short version: > > > > $1$jGZoIM.O$ <> $1$70559337$ > Jon, > > Thank you. This makes perfect sense. I appreciate the quick response. > > Chris If you want another short explanation of all the various formats (well, er, the two different...:-) your passwords can take, see "man crypt" on your system. The MD5 passwords/salt (the $1$$ string) is a GNU extension, so the only thing you'd need convince yourself about is that the system you are moving to can handle that (all semi-modern Linix distros do...:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Mon Feb 5 11:06:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 10:10:32 2007 Subject: Performance In-Reply-To: <45C2B198.6060806@katy.com> Message-ID: <4b994302c58eed488f2a5ff7eb2dade5@solidstatelogic.com> John Normally a good starting point is 5 children per CPU core and 20 messages per batch...tune the Messages per batch to suit your machine (ie play with value and see whats best in your setup_). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of John Schmerold > Sent: 02 February 2007 03:36 > To: MailScanner discussion > Subject: Re: Performance > > I set Children & Messages per scan low after viewing: > http://tinyurl.com/ypqot7 > > We've gone back to higher values now. > > John Schmerold > > Randal, Phil wrote: > > Max Children = 2 > > Max Unscanned Messages Per Scan = 10 > > Max Unsafe Messages Per Scan = 10 > > > > These seem a bit on the low side to me. > > > > The defaults are: > > > > Max Children = 5 > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > > > Any reason why you so drastically changed them downwards? > > > > Phil > > -- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of John Schmerold > >> Sent: 31 January 2007 06:13 > >> To: mailscanner@lists.mailscanner.info > >> Subject: Performance > >> > >> We're seeing significant backlogs, mail is taking 2-6 hours > >> to get thru > >> the Postfix/Mailscanner gauntlet we've setup. What's everyone else > >> seeing in terms of mail processing time? > >> > >> I've looked at the home page & WIKI, so, I'm guessing I am missing > >> something or there are new techniques not yet published on the > >> mailscanner.info > >> > >> Some of my statistics are as follows: > >> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD > >> Mail volume: approx 7,500 messages per day > >> Misc: We have set the noatime flag on spool and log > >> partitions & use a > >> local DNS caching nameserver. > >> > >> MS Configuration: > >> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf > >> # See http://www.mailscanner.info/MailScanner.conf.index.html for all > >> options & defaults > >> %etc-dir% = /etc/MailScanner > >> %mcp-dir% = /etc/MailScanner/mcp > >> %org-long-name% = Schmerold > >> %org-name% = Schmerold > >> %report-dir% = /etc/MailScanner/reports/en > >> %rules-dir% = /etc/MailScanner/rules > >> %web-site% = www.schmerold.com > >> > >> Always Include SpamAssassin Report = yes > >> Archive Mail = /etc/MailScanner/rules/archive.rules > >> High Scoring Spam Actions = store > >> High SpamAssassin Score = 7 > >> Incoming Queue Dir = /var/spool/postfix/hold > >> Incoming Work Dir = /var/spool/MailScanner/incoming > >> Language Strings = /etc/MailScanner/reports/en/languages.conf > >> MTA = postfix > >> Outgoing Queue Dir = /var/spool/postfix/incoming > >> Required SpamAssassin Score = 4 > >> Restart Every = 7200 > >> Run As Group = postfix > >> Run As User = postfix > >> Sign Clean Messages = no > >> SpamAssassin Site Rules Dir = /etc/mail/spamassassin > >> > >> Log Speed = yes > >> Max Children = 2 > >> Max Unscanned Messages Per Scan = 10 > >> Max Unsafe Messages Per Scan = 10 > >> Spam List = > >> Virus Scanners = f-prot > >> [root@mx1 ~]# > >> > >> PostFix Configuration: > >> [root@mx1 ~]# postconf -n > >> canonical_maps = hash:/etc/postfix/canonical > >> config_directory = /etc/postfix > >> disable_vrfy_command = yes > >> hash_queue_names = "" > >> header_checks = regexp:/etc/postfix/header_checks > >> masquerade_exceptions = root > >> message_size_limit = 51200000 > >> mydomain = schmerold.com > >> myhostname = mx1.schmerold.com > >> mynetworks = 127.0.0.0/8 65.16.251.208/29 > >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> smtpd_helo_required = yes > >> smtpd_recipient_restrictions = reject_invalid_hostname > >> reject_non_fqdn_hostname reject_non_fqdn_sender > >> reject_non_fqdn_recipient reject_unknown_sender_domain > >> permit_mynetworks reject_unauth_destination check_sender_access > >> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org > >> reject_rbl_client zen.spamhaus.org permit > >> smtpd_sender_restrictions = hash:/etc/postfix/access > >> transport_maps = hash:/etc/postfix/transport > >> virtual_alias_domains = hash:/etc/postfix/virtual > >> virtual_alias_maps = hash:/etc/postfix/virtual > >> [root@mx1 ~]# > >> > >> > >> MS Log: > >> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40" > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to > >> 389AB894965 > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to > >> A6D8289500D > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to > >> 20327894942 > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered > >> 7 messages > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at > >> 128844 bytes > >> per second (8272398 / 64) > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) > >> processed in > >> 64.20 seconds > >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 > >> messages > >> waiting > >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning > >> 10 messages, > >> 169939 bytes > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the > >> SpamAssassin cache > >> Jan 30 23:40:04 mx1 named[2116]: lame server resolving > >> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53 > >> Jan 30 23:40:08 mx1 named[2116]: lame server resolving > >> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): > >> 194.70.36.12#53 > >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 > >> spam messages > >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 > >> bytes per second > >> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content > >> Scanning: Starting > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at > >> 156861 bytes per second > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from > >> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and > >> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from > >> www-data@balancetechnology.com > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to > >> 6535E894D8C > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to > >> DB04E894E55 > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to > >> 0597D895371 > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to > >> 0CB4B8953AD > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to > >> AC1D989448D > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to > >> A879089466A > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to > >> 80A7B894E67 > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered > >> 7 messages > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at > >> 650569 bytes per second > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes > >> per second (86123 / 70) > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) > >> processed in > >> 70.85 seconds > >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 > >> messages > >> waiting > >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning > >> 10 messages, > >> 160591 bytes > >> [root@mx1 ~]# > >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From talora-listas at talora.com.br Mon Feb 5 13:32:38 2007 From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=) Date: Mon Feb 5 12:37:38 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> Message-ID: <45C723E6.6010303@talora.com.br> Thanks guys. This achieving option seems really to rock!!! :D Just another thing: if I use: From or To: *yahoogroups.com.br (...) Will MailScanner recognize messages where "*yahoogroups.com.br" appears only on the CC (carbon copy) field? Thanks! Luis Talora Glenn Steen escreveu: > On 02/02/07, David Vosburgh wrote: >> If I understand you correctly, you should be able to use the mail >> archiving feature of MS: >> >> In MailScanner.conf: >> Archive Mail = %rules-dir%/mail_archive.rules >> >> In mail_archive_rules: >> From: *yahoogrupos.com.br >> /var/spool/MailScanner/mail_archive/yahoo_groups >> yahoo_groups@your.domain.com >> >> The above line will archive a copy to a local mbox and also forward a >> copy to some other email account. I think. >> >> You'd obviously need to create the directory >> /var/spool/MailScanner/mail_archive first. >> >> Dave >> > Nah, archiving is overkill here:-). > > Forgot the obligatory "Make sure it's leagal/allowed by policy before > implementing this" gripe... So there it is:-). > > Cheers From alex at nkpanama.com Mon Feb 5 14:18:05 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 13:23:14 2007 Subject: Performance In-Reply-To: <4b994302c58eed488f2a5ff7eb2dade5@solidstatelogic.com> References: <4b994302c58eed488f2a5ff7eb2dade5@solidstatelogic.com> Message-ID: <45C72E8D.7060900@nkpanama.com> Martin.Hepworth wrote: > John > > Normally a good starting point is 5 children per CPU core and 20 > messages per batch...tune the Messages per batch to suit your machine > (ie play with value and see whats best in your setup_). > From experience, does this also apply with HyperThreading cpu's, or should these count as one? From alex at nkpanama.com Mon Feb 5 14:19:08 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 13:24:18 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C723E6.6010303@talora.com.br> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> <45C723E6.6010303@talora.com.br> Message-ID: <45C72ECC.3000007@nkpanama.com> Lu?s Fernando C. Talora wrote: > Thanks guys. This achieving option seems really to rock!!! :D > > Just another thing: if I use: > > From or To: *yahoogroups.com.br (...) > > Will MailScanner recognize messages where "*yahoogroups.com.br" appears > only on the CC (carbon copy) field? AFAIK, it cares who "receives" the message in the end, not if the recipient was in To: or CC: or even BCC: - but could someone correct me if this isn't the case? Thanks... From martinh at solidstatelogic.com Mon Feb 5 14:27:03 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 13:30:55 2007 Subject: Performance In-Reply-To: <45C72E8D.7060900@nkpanama.com> Message-ID: <0889cecfced38a4fad9ba7b3179ea522@solidstatelogic.com> Alex For CPU as count these as 1, for memory I count as 1.5. Ie we normally recommend 1GB per CPU core.. Tune to taste, but 5 is a good starting point, then tune the batch size... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: 05 February 2007 13:18 > To: MailScanner discussion > Subject: Re: Performance > > Martin.Hepworth wrote: > > John > > > > Normally a good starting point is 5 children per CPU core and 20 > > messages per batch...tune the Messages per batch to suit your machine > > (ie play with value and see whats best in your setup_). > > > > From experience, does this also apply with HyperThreading cpu's, or > should these count as one? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From uxbod at splatnix.net Mon Feb 5 14:39:50 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 13:43:36 2007 Subject: Deliver SPAM too IMAP folder Message-ID: Hi All, How easy would it be add additional code to MailScanner to be able to deliver email direct to users IMAP folders, instead of injecting back into the MTA queue? Cheers, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Mon Feb 5 14:45:54 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 13:49:45 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: Message-ID: Depends on how good you perl is to write a custom function.... MailScanner isn't either a MTA or a MDA... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of uxbod > Sent: 05 February 2007 13:40 > To: mailscanner@lists.mailscanner.info > Subject: Deliver SPAM too IMAP folder > Importance: Low > > Hi All, > > How easy would it be add additional code to MailScanner to be able to > deliver email direct to users IMAP folders, instead of injecting back into > the MTA queue? > > Cheers, > > -- > --[ UxBoD ]-- > // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 > // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From edwardbruce at sbcglobal.net Mon Feb 5 14:58:15 2007 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Mon Feb 5 14:01:59 2007 Subject: Performance In-Reply-To: <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> Message-ID: <45C737F7.3060606@sbcglobal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > > So, there is litle to no risk with this. The sender _will_ get a > somewhat informative reject code, and should be able to find the > problem at their end... Forcing _them_ to comply to the RFC;-). > One would hope. A major software vendor whose accounting software my company uses has a misconfigured MTA. I've told them and told them. I've whitelisted them and then volunteered to help configure it correctly. There response is please keep whitelisting us. This is a company that develops software and they can't configure their Exchange Server. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxzf3pdNaP9x3McgRAgewAKCFY18hcj/gPkYkYyWVKFX4BXpioACdEE0q yaJdkuhe6gUZrKWDFoU7MKM= =tzJx -----END PGP SIGNATURE----- From alex at nkpanama.com Mon Feb 5 15:17:51 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 14:23:09 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <45C73C8F.6010101@nkpanama.com> Martin.Hepworth wrote: > Depends on how good you perl is to write a custom function.... > > MailScanner isn't either a MTA or a MDA... It would involve supporting several different methods and possible configurations, file locking issues, etc. - although I *think* it could be done the way it is now - after a fashion. What do I mean? Well, since you can "Archive Mail =" by ruleset, you can selectively archive mail to an IMAP-readable folder - which is what I've done for some clients. Of course, this would be an archive and not a "delivery" per se - but you could set both spam and nonspam actions to delete and *then* archive to an IMAP-readable folder on a user's home directory (permissions permitting). Wouldn't be much useful as a delivery method per se, but for archiving it's quite handy. Now, if the original poster meant "deliver *only spam* to an IMAP folder", you could set spam actions to forward to a specific mailbox, which would then be readable using IMAP. From uxbod at splatnix.net Mon Feb 5 15:39:40 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 14:43:51 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <45C73C8F.6010101@nkpanama.com> References: <45C73C8F.6010101@nkpanama.com> Message-ID: <7a4199611015c92948781e8ca9354df7@62.49.223.244> On Mon, 05 Feb 2007 09:17:51 -0500, Alex Neuman van der Hans wrote: > Martin.Hepworth wrote: >> Depends on how good you perl is to write a custom function.... >> >> MailScanner isn't either a MTA or a MDA... > > It would involve supporting several different methods and possible > configurations, file locking issues, etc. - although I *think* it could > be done the way it is now - after a fashion. > > What do I mean? Well, since you can "Archive Mail =" by ruleset, you can > selectively archive mail to an IMAP-readable folder - which is what I've > done for some clients. Of course, this would be an archive and not a > "delivery" per se - but you could set both spam and nonspam actions to > delete and *then* archive to an IMAP-readable folder on a user's home > directory (permissions permitting). > > Wouldn't be much useful as a delivery method per se, but for archiving > it's quite handy. > > Now, if the original poster meant "deliver *only spam* to an IMAP > folder", you could set spam actions to forward to a specific mailbox, > which would then be readable using IMAP. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 Okay, the rationale behind this thought is that I have seen some commercial AV solutions that deliver SPAM too a specific Exchange folder within a users account. Therefore, would like to be able to do this using OSS and deliver to a IMAP folder. I am already using MailWatch so I know I could create individual user accounts, but thought it may be nice to do it this way, instead of making the user setup rules based on tags. I am not to bad at Perl so will take a look at it. Thanks all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Feb 5 15:54:07 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 14:59:19 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <7a4199611015c92948781e8ca9354df7@62.49.223.244> References: <45C73C8F.6010101@nkpanama.com> <7a4199611015c92948781e8ca9354df7@62.49.223.244> Message-ID: <45C7450F.4020901@nkpanama.com> uxbod wrote: Okay, the rationale behind this thought is that I have seen some commercial AV solutions that deliver SPAM too a specific Exchange folder within a users account. Therefore, would like to be able to do this using OSS and deliver to a IMAP folder. - Well, you can do that with procmail. Since MS will add a header that some clients (like Thunderbird) respect, you can filter on that and move messages to a folder. My setup is: /home/alex/.procmailrc : :0: * ^X-Spam-Status: Yes mail/Junk That way all junk mail goes there. Substitute mail/Junk for something else (like a communal spam folder, for example). From martinh at solidstatelogic.com Mon Feb 5 16:01:57 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 15:05:47 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <45C7450F.4020901@nkpanama.com> Message-ID: This is down to the MDA and MTA......if you're using MS-Exch you should be able to use that to redirect as required... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: 05 February 2007 14:54 > To: MailScanner discussion > Subject: Re: Deliver SPAM too IMAP folder > > > > uxbod wrote: > Okay, the rationale behind this thought is that I have seen some > commercial AV solutions that deliver SPAM too a specific Exchange folder > within a users account. Therefore, would like to be able to do this > using OSS and deliver to a IMAP folder. > > > - Well, you can do that with procmail. Since MS will add a header that > some clients (like Thunderbird) respect, you can filter on that and move > messages to a folder. My setup is: > > /home/alex/.procmailrc : > > :0: > * ^X-Spam-Status: Yes > mail/Junk > > That way all junk mail goes there. Substitute mail/Junk for something > else (like a communal spam folder, for example). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From chandler.lists at chapman.edu Mon Feb 5 16:43:06 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Mon Feb 5 15:46:52 2007 Subject: New Version of Postfix Message-ID: <45C7508A.40103@chapman.edu> Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. Any reason I shouldn't install this vis a vis MailScanner? I'd ask on that list, but you all know by now the response I'd get... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: We're upgrading /dev/null From glenn.steen at gmail.com Mon Feb 5 17:10:45 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 16:14:30 2007 Subject: Performance In-Reply-To: <45C737F7.3060606@sbcglobal.net> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> <45C737F7.3060606@sbcglobal.net> Message-ID: <223f97700702050810g4f189256w5c8d9aec1cc1a3ff@mail.gmail.com> On 05/02/07, Ed Bruce wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > > > > > So, there is litle to no risk with this. The sender _will_ get a > > somewhat informative reject code, and should be able to find the > > problem at their end... Forcing _them_ to comply to the RFC;-). > > > > One would hope. A major software vendor whose accounting software my > company uses has a misconfigured MTA. I've told them and told them. I've > whitelisted them and then volunteered to help configure it correctly. > There response is please keep whitelisting us. This is a company that > develops software and they can't configure their Exchange Server. Yes? Did you explain to them that this is loosing them money, potentially? And they still persist? I'm assuming you mean they HELO/EHLO with something strange, like your IP address or domain name ... Else it's a bit non-relevant to this subthread:-):-) Then again... I suppose there are fools all over the world (and sometimes even we could be seen as such:-), but... "Helping" them remain fools isn't really helping anyone, now is it?;) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Feb 5 17:14:13 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 16:17:57 2007 Subject: New Version of Postfix In-Reply-To: <45C7508A.40103@chapman.edu> References: <45C7508A.40103@chapman.edu> Message-ID: <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> On 05/02/07, Jay Chandler wrote: > Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. > > Any reason I shouldn't install this vis a vis MailScanner? I'd ask on > that list, but you all know by now the response I'd get... > Not that I can see... The only known problem with PF<>MS (ATM) is the milter support adding p records (well, a bit more involved, but that is the one that breaks things)... And you likely don't use that, so ... it should be safe. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Mon Feb 5 17:16:40 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 16:21:49 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: We are not using Exchange which is why I said about IMAP. I thought Postfix, which I use, would just deliver to the Maildir and it is down to the client software to either move automatically or via input to a folder. With respect to procmail then this surely would require a batch job to execute for each user, and I though procmail was used to pull mail from a remote source and distribute, not on the same server. On Mon, 05 Feb 2007 15:01:57 +0000, "Martin.Hepworth" wrote: > > This is down to the MDA and MTA......if you're using MS-Exch you should > be able to use that to redirect as required... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans >> Sent: 05 February 2007 14:54 >> To: MailScanner discussion >> Subject: Re: Deliver SPAM too IMAP folder >> >> >> >> uxbod wrote: >> Okay, the rationale behind this thought is that I have seen some >> commercial AV solutions that deliver SPAM too a specific Exchange > folder >> within a users account. Therefore, would like to be able to do this >> using OSS and deliver to a IMAP folder. >> >> >> - Well, you can do that with procmail. Since MS will add a header that >> some clients (like Thunderbird) respect, you can filter on that and > move >> messages to a folder. My setup is: >> >> /home/alex/.procmailrc : >> >> :0: >> * ^X-Spam-Status: Yes >> mail/Junk >> >> That way all junk mail goes there. Substitute mail/Junk for something >> else (like a communal spam folder, for example). >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Feb 5 17:34:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 16:37:57 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <223f97700702050834q5f37d62od2c51379c8604f9c@mail.gmail.com> On 05/02/07, uxbod wrote: > We are not using Exchange which is why I said about IMAP. I thought Postfix, which I use, would just deliver to the Maildir and it is down to the client software to either move automatically or via input to a folder. > > With respect to procmail then this surely would require a batch job to execute for each user, and I though procmail was used to pull mail from a remote source and distribute, not on the same server. > Eh. No. I think you have it confised with fetchmail;-). Procmail is used to "process" mail in a variety of ways... Read the procmailex manpage to see some nice examples. You can use procmail to do the local mailbox delivery by way of the mailbox_command. This is good, since you'll have procmail run for each delivered mail without having to fiddle with any (fake) .forward file, as you would if you only wanted procmail for _some_ users... This is snipped from a main.cf.dist on one of my Mandriva systems... Explains it better than I do:-): ---- # The mailbox_command parameter specifies the optional external # command to use instead of mailbox delivery. The command is run as # the recipient with proper HOME, SHELL and LOGNAME environment settings. # Exception: delivery for root is done as $default_user. # # Other environment variables of interest: USER (recipient username), # EXTENSION (address extension), DOMAIN (domain part of address), # and LOCAL (the address localpart). # # Unlike other Postfix configuration parameters, the mailbox_command # parameter is not subjected to $parameter substitutions. This is to # make it easier to specify shell syntax (see example below). # # Avoid shell meta characters because they will force Postfix to run # an expensive shell process. Procmail alone is expensive enough. # # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. # #mailbox_command = /some/where/procmail #mailbox_command = /some/where/procmail -a "$EXTENSION" ---- HtH Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Mon Feb 5 17:44:23 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Feb 5 16:48:16 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <45C75EE7.2010701@alexb.ch> On 2/5/2007 2:39 PM, uxbod wrote: > Hi All, > > How easy would it be add additional code to MailScanner to be able to > deliver email direct to users IMAP folders, instead of injecting back > into the MTA queue? > > Cheers, Julian started writing a custom function to do this some time ago. It never really worked and required a MS hack so I dropped its use. If he reads this he might pickup where he stopped and make it usable Alex From uxbod at splatnix.net Mon Feb 5 17:46:33 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 16:51:48 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <223f97700702050834q5f37d62od2c51379c8604f9c@mail.gmail.com> References: <223f97700702050834q5f37d62od2c51379c8604f9c@mail.gmail.com> Message-ID: Doh! Slaps self around head with wet fish ;) Must sleep more. On Mon, 5 Feb 2007 17:34:12 +0100, "Glenn Steen" wrote: > On 05/02/07, uxbod wrote: >> We are not using Exchange which is why I said about IMAP. I thought > Postfix, which I use, would just deliver to the Maildir and it is down to > the client software to either move automatically or via input to a folder. >> >> With respect to procmail then this surely would require a batch job to > execute for each user, and I though procmail was used to pull mail from a > remote source and distribute, not on the same server. >> > Eh. No. I think you have it confised with fetchmail;-). Procmail is > used to "process" mail in a variety of ways... Read the procmailex > manpage to see some nice examples. > > You can use procmail to do the local mailbox delivery by way of the > mailbox_command. This is good, since you'll have procmail run for each > delivered mail without having to fiddle with any (fake) .forward file, > as you would if you only wanted procmail for _some_ users... > This is snipped from a main.cf.dist on one of my Mandriva systems... > Explains it better than I do:-): > ---- > # The mailbox_command parameter specifies the optional external > # command to use instead of mailbox delivery. The command is run as > # the recipient with proper HOME, SHELL and LOGNAME environment settings. > # Exception: delivery for root is done as $default_user. > # > # Other environment variables of interest: USER (recipient username), > # EXTENSION (address extension), DOMAIN (domain part of address), > # and LOCAL (the address localpart). > # > # Unlike other Postfix configuration parameters, the mailbox_command > # parameter is not subjected to $parameter substitutions. This is to > # make it easier to specify shell syntax (see example below). > # > # Avoid shell meta characters because they will force Postfix to run > # an expensive shell process. Procmail alone is expensive enough. > # > # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN > # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. > # > #mailbox_command = /some/where/procmail > #mailbox_command = /some/where/procmail -a "$EXTENSION" > ---- > > HtH > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Mon Feb 5 17:58:02 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 5 17:01:54 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <45C7621A.8030703@yeticomputers.com> uxbod wrote: > How easy would it be add additional code to MailScanner to be able to deliver email direct to users IMAP folders, instead of injecting back into the MTA queue? I use sieve to do this on the IMAP server after the message is scanned, scored and tagged. I set up the "default" rules for everyone myself and then showed a few competent power users how to use the avelsieve plugin for SquirrelMail to modify their server side filters. Of course, this technique will not be of much use if you're not using Cyrus or DBMail, but it's quite flexible and powerful if you are. Rick From chandler.lists at chapman.edu Mon Feb 5 18:00:38 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Mon Feb 5 17:04:23 2007 Subject: New Version of Postfix In-Reply-To: <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> References: <45C7508A.40103@chapman.edu> <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> Message-ID: <45C762B6.7090104@chapman.edu> Glenn Steen wrote: > On 05/02/07, Jay Chandler wrote: >> Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. >> >> Any reason I shouldn't install this vis a vis MailScanner? I'd ask on >> that list, but you all know by now the response I'd get... >> > Not that I can see... The only known problem with PF<>MS (ATM) is the > milter support adding p records (well, a bit more involved, but that > is the one that breaks things)... And you likely don't use that, so > ... it should be safe. > Thanks, Glenn. Given the peculiar reaction I get over there talking about MailScanner, I wouldn't put it past a developer to intentionally start mucking around with the queue files just to screw with MailScanner. Kinda sad, really. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: We're upgrading /dev/null From rpoe at plattesheriff.org Mon Feb 5 18:07:14 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Feb 5 17:11:29 2007 Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes Of Spam) In-Reply-To: <45B32087.7030109@taz-mania.com> References: <20070119220533.A4014@tmp.com.br> <45B32087.7030109@taz-mania.com> Message-ID: <45C70FE4.65ED.00A2.0@plattesheriff.org> >> The problem with your annoyance at your paying customers who dont want >> greylisting comment here is, business emails are time critical, it is >> unacceptable to delay email destined for lawyers, real estates, >> accountants and every other company where time is crucial, like those >> vying for multi-million dollar contracts. >minutes. I have my greylisting set to only force a 2 minute delay AND >this only occurs on the very first send form one user to another, each >additional email is not delayed at all. >This is really not a valid excuse... Actually, it is, yes. I do MailScanning for a law firm that does business with .. err .. multi billion dollar companies. You'd KNOW the name if I said it (which I won't - it's not necessary). I run GL on my servers, and have been seeing more and more corporate mails getting delayed for very long periods of time ( > 1 day) because people are using server that round-robin outgoing messages via multiple SMTP servers ... and the GL module I use keeps everything in memory (not disk / sql) so if I have to restart it for (whatever) reason it loses the GL tuple - then everything starts over again. Is the round robin sending a bad thing? Yeah, it probably is. But it's not something *I* can control. And I'm sorry, I'm not going to lose a contract with that law firm because they missed a filing deadline with the court because an email was delayed. Email delivery isn't guaranteed - but we (sysadmins across the globe) have made damn sure that it makes it as QUICKLY as it can .. and the (l)users have gotten used to it. From prandal at herefordshire.gov.uk Mon Feb 5 18:14:20 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Feb 5 17:18:11 2007 Subject: Sendmail 8.14.0 is out Message-ID: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> Sendmail 8.14.0 was released on February 1st - release notes here: http://www.sendmail.org/releases/8.14.0.php RPMs for Redhat-based Linux distros can be found over at http://www.city-fan.org/ftp/contrib/mail/ Of particular interest are these new features: CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP clients whose IP address does not have proper reverse DNS. Contributed by Neil Rickert of Northern Illinois University and John Beck of Sun Microsystems. CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP clients which provide a HELO/EHLO argument which is either unqualified, or is one of our own names (i.e., the server name instead of the client name). Contributed by Neil Rickert of Northern Illinois University and John Beck of Sun Microsystems. CONFIG: New FEATURE(`badmx') to reject envelope sender addresses (MAIL) whose domain part resolves to a "bad" MX record. Based on contribution from William Dell Wisner. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From rpoe at plattesheriff.org Mon Feb 5 18:16:15 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Feb 5 17:20:32 2007 Subject: Question on attachment defang??! Message-ID: <45C71201.65ED.00A2.0@plattesheriff.org> I saw (somewhere) where they had a MailScanner chaning a double extension from bad file name example.reallybad.doc to bad file name example.defanged-doc so that the receiver would GET the message but would have to RENAME it to actually run it .. instead of it getting stuck in the quarantine. Looked around in the documentation / faqs but didn't see anything about it .. anyone have any good pointers? thanks! From mrm at medicine.wisc.edu Mon Feb 5 18:47:04 2007 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Feb 5 17:51:23 2007 Subject: Question on attachment defang??! In-Reply-To: <45C71201.65ED.00A2.0@plattesheriff.org> References: <45C71201.65ED.00A2.0@plattesheriff.org> Message-ID: <45C71932.7FBE.00FC.3@medicine.wisc.edu> >>> On 2/5/2007 at 11:16 AM, in message <45C71201.65ED.00A2.0@plattesheriff.org>, "Rob Poe" wrote: > I saw (somewhere) where they had a MailScanner chaning a double > extension from > > bad file name example.reallybad.doc > > to > > bad file name example.defanged-doc > > so that the receiver would GET the message but would have to RENAME it > to actually run it .. instead of it getting stuck in the quarantine. > > Looked around in the documentation / faqs but didn't see anything about > it .. anyone have any good pointers? > > thanks! > I don't know if MailScanner can do it or not, but I used to run this procmail tool alongside MailScanner: http://www.impsec.org/email-tools/procmail-security.html Which does exactly what you want, among many other things. The last build of email servers I did for us did not include the procmail sanitizer because I felt it was impacting performance too much, and was also overlapping a lot of what MailScanner does, so I am no longer using this and haven't really missed it either. Mike From email at ace.net.au Mon Feb 5 19:03:48 2007 From: email at ace.net.au (Peter Nitschke) Date: Mon Feb 5 18:08:12 2007 Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes Of Spam) In-Reply-To: <45C70FE4.65ED.00A2.0@plattesheriff.org> References: <20070119220533.A4014@tmp.com.br> <45B32087.7030109@taz-mania.com> <45C70FE4.65ED.00A2.0@plattesheriff.org> Message-ID: <200702060433480629.3CE8DD6B@smtp1.ace.net.au> >Actually, it is, yes. I do MailScanning for a law firm that does >business with .. err .. multi billion dollar companies. You'd KNOW the >name if I said it (which I won't - it's not necessary). I run GL on my >servers, and have been seeing more and more corporate mails getting >delayed for very long periods of time ( > 1 day) because people are >using server that round-robin outgoing messages via multiple SMTP >servers ... and the GL module I use keeps everything in memory (not disk >/ sql) so if I have to restart it for (whatever) reason it loses the GL >tuple - then everything starts over again. > >Is the round robin sending a bad thing? Yeah, it probably is. But >it's not something *I* can control. And I'm sorry, I'm not going to >lose a contract with that law firm because they missed a filing deadline >with the court because an email was delayed. Email delivery isn't >guaranteed - but we (sysadmins across the globe) have made damn sure >that it makes it as QUICKLY as it can .. and the (l)users have gotten >used to it. This one may be your answer. http://smfs.takm.com/ SMF-Grey+tym Here is the extended version of smf-grey, the original of which is here. This version adds the following features: Shades of grey (variable delay) via DNS white and block lists. Auto reload of configuration file Export and reload of in-memory greylist cache Frequent (configurable) incremental exports of cache with daily cleanup Configurable auto whitelist of sender networks Configurable auto blocking of sender networks From MailScanner at ecs.soton.ac.uk Mon Feb 5 19:24:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 5 18:30:37 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <45C75EE7.2010701@alexb.ch> References: <45C75EE7.2010701@alexb.ch> Message-ID: <45C77653.4040705@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > On 2/5/2007 2:39 PM, uxbod wrote: >> Hi All, >> >> How easy would it be add additional code to MailScanner to be able to >> deliver email direct to users IMAP folders, instead of injecting back >> into the MTA queue? >> >> Cheers, > > Julian started writing a custom function to do this some time ago. > It never really worked and required a MS hack so I dropped its use. > > If he reads this he might pickup where he stopped and make it usable I've got no recollection of that at all, which doesn't surprise me. What did it do and how far did I get? I like someone's suggestion of using default Sieve scripts. One of the guys who works for me is currently writing a Sieve script generator and installer in PHP, as apparently the protocol used to install Sieve scripts is trivial. For all the users who don't have a Sieve script (or are using one you didn't generate), you generate and install a script that looks for the X-Spam-Status: header and moves the mail into a Junk folder. Using that header means you are doing the same that SpamAssassin would do if called by spamc/spamd. Always a good idea to use something someone else already does, no point in reinventing the wheel. I like Cyrus more every time I use it :-) If you are going to have to use procmail then you will need to be using a mail-base architecture that procmail understands, which I believe are mbox and maildir. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFx3bfEfZZRxQVtlQRAoJCAKCx5QX/o9IHgZt+btcRO2Mt9uk6GwCg32KY Z0K+Y+uDd6v9N6dS7WI/zf0= =5uWY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From edwardbruce at sbcglobal.net Mon Feb 5 19:34:17 2007 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Mon Feb 5 18:38:03 2007 Subject: Performance In-Reply-To: <223f97700702050810g4f189256w5c8d9aec1cc1a3ff@mail.gmail.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> <45C737F7.3060606@sbcglobal.net> <223f97700702050810g4f189256w5c8d9aec1cc1a3ff@mail.gmail.com> Message-ID: <45C778A9.3060105@sbcglobal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 05/02/07, Ed Bruce wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Glenn Steen wrote: >> >> > >> > So, there is litle to no risk with this. The sender _will_ get a >> > somewhat informative reject code, and should be able to find the >> > problem at their end... Forcing _them_ to comply to the RFC;-). >> > >> >> One would hope. A major software vendor whose accounting software my >> company uses has a misconfigured MTA. I've told them and told them. I've >> whitelisted them and then volunteered to help configure it correctly. >> There response is please keep whitelisting us. This is a company that >> develops software and they can't configure their Exchange Server. > > Yes? Did you explain to them that this is loosing them money, > potentially? And they still persist? I'm assuming you mean they > HELO/EHLO with something strange, like your IP address or domain name > ... Else it's a bit non-relevant to this subthread:-):-) > Then again... I suppose there are fools all over the world (and > sometimes even we could be seen as such:-), but... "Helping" them > remain fools isn't really helping anyone, now is it?;) > They had a malformed HELO/EHLO. I just searched through our mail logs and I couldn't find anything. Started to get worried then found out they changed their company name. With the change they seem to have gotten a clue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFx3ippdNaP9x3McgRAkEvAKCylN4bUJwNYyQxpcAzCRdx4914TgCeO48J BGUUYeDhC2gUiu8bmJvhF30= =H84O -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Mon Feb 5 19:34:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 5 18:40:37 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> Message-ID: <45C778B2.8020004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > CONFIG: New FEATURE(`badmx') to reject envelope sender addresses > (MAIL) whose domain part resolves to a "bad" MX record. > Based on contribution from William Dell Wisner. > Sorry for being lazy, but can someone define "bad" please? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFx3k3EfZZRxQVtlQRAixFAKDKL1GJ2M/PY0cxlC96mBoXhRqg0gCdFH0r oAHeqc3V1Yr+8ufSvtegObw= =gWB0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Mon Feb 5 19:51:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 5 18:55:46 2007 Subject: New Version of Postfix In-Reply-To: <45C762B6.7090104@chapman.edu> References: <45C7508A.40103@chapman.edu> <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> <45C762B6.7090104@chapman.edu> Message-ID: Jay Chandler spake the following on 2/5/2007 9:00 AM: > Glenn Steen wrote: >> On 05/02/07, Jay Chandler wrote: >>> Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. >>> >>> Any reason I shouldn't install this vis a vis MailScanner? I'd ask on >>> that list, but you all know by now the response I'd get... >>> >> Not that I can see... The only known problem with PF<>MS (ATM) is the >> milter support adding p records (well, a bit more involved, but that >> is the one that breaks things)... And you likely don't use that, so >> ... it should be safe. >> > Thanks, Glenn. > > Given the peculiar reaction I get over there talking about MailScanner, > I wouldn't put it past a developer to intentionally start mucking around > with the queue files just to screw with MailScanner. Kinda sad, really. > It has been suggested, but I doubt you would get anyone to admit it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Feb 5 20:03:35 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 5 19:07:36 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <45C778B2.8020004@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> <45C778B2.8020004@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 2/5/2007 10:34 AM: > Randal, Phil wrote: >> CONFIG: New FEATURE(`badmx') to reject envelope sender addresses >> (MAIL) whose domain part resolves to a "bad" MX record. >> Based on contribution from William Dell Wisner. > > Sorry for being lazy, but can someone define "bad" please? > > Jules > When you get cheeky with a girl, but don't buy her dinner first? ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jaearick at colby.edu Mon Feb 5 20:30:49 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Feb 5 19:34:52 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <45C778B2.8020004@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> <45C778B2.8020004@ecs.soton.ac.uk> Message-ID: On Mon, 5 Feb 2007, Julian Field wrote: > Date: Mon, 05 Feb 2007 18:34:26 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Sendmail 8.14.0 is out > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Randal, Phil wrote: >> CONFIG: New FEATURE(`badmx') to reject envelope sender addresses >> (MAIL) whose domain part resolves to a "bad" MX record. >> Based on contribution from William Dell Wisner. >> > Sorry for being lazy, but can someone define "bad" please? Per the features README: badmx Reject envelope sender addresses (MAIL) whose domain part resolves to a "bad" MX record. By default these are MX records which resolve to A records that match the regular expression: ^(127\.|10\.|0\.0\.0\.0) This default regular expression can be overridden by specifying an argument, e.g., FEATURE(`badmx', `^127\.0\.0\.1') Note: this feature requires that the sendmail binary has been compiled with the options MAP_REGEX and DNSMAP. In googling around, I saw where others got a bit fancier: ^(127\.[0-9]+\.[0-9]+\.[0-9]+|10\.[0-9]+\.[0-9]+\.[0-9]+|172\.20\.[0-9]+\.[0-9]+|192\.168\.[0-9]+\.[0-9]+)$ So, it looks like unroutable/private address blocks per RFC 1918. Jeff Earickson Colby College From ka at pacific.net Mon Feb 5 20:38:04 2007 From: ka at pacific.net (Ken A) Date: Mon Feb 5 19:38:09 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> <45C778B2.8020004@ecs.soton.ac.uk> Message-ID: <45C7879C.3090700@pacific.net> Scott Silva wrote: > Julian Field spake the following on 2/5/2007 10:34 AM: >> Randal, Phil wrote: >>> CONFIG: New FEATURE(`badmx') to reject envelope sender addresses >>> (MAIL) whose domain part resolves to a "bad" MX record. >>> Based on contribution from William Dell Wisner. >> Sorry for being lazy, but can someone define "bad" please? >> >> Jules >> > When you get cheeky with a girl, but don't buy her dinner first? ;-D > > From doc: > badmx Reject envelope sender addresses (MAIL) whose domain part > resolves to a "bad" MX record. By default these are > MX records which resolve to A records that match the > regular expression: > > ^(127\.|10\.|0\.0\.0\.0) > > This default regular expression can be overridden by > specifying an argument, e.g., > > FEATURE(`badmx', `^127\.0\.0\.1') > > Note: this feature requires that the sendmail binary > has been compiled with the options MAP_REGEX and > DNSMAP. From ecasarero at gmail.com Mon Feb 5 20:38:24 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Feb 5 19:42:10 2007 Subject: add high scoring spam to my rbl list In-Reply-To: <200702042154040364.365488E3@smtp1.ace.net.au> References: <200702042154040364.365488E3@smtp1.ace.net.au> Message-ID: <7d9b3cf20702051138r65b376c8l462ec0af7ae6b9b3@mail.gmail.com> 2007/2/4, Peter Nitschke : > > >> Although not exactly what you're looking for, the Vispan project does > >> essentially what I think you are looking to do. It simply examines > >> MailScanner's log and keeps track of spammers. If a certain spammer > >> sends more spams within a specified amount of time then what you > >allow, > >> then it automatically adds that sender to your access list so that > >it's > >> denied at the MTA level. > >> > >Looks like your reply has really hit the jackpot. After searching along > >these lines, I've found a gentleman who has patched vispan to do exactly > >that. Add them to a rbldns! I will be installing vispan tonight along > >with the patches. On a futher note, the author of vispan has implemented > >the patch into the main program and is testing as we speak! > > Any more news on this? i'd like to test that pacht! do you have a public link? -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070205/a6ab4b7f/attachment.html From nerijusb at dtiltas.lt Mon Feb 5 21:16:35 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Mon Feb 5 20:23:48 2007 Subject: New Beta 4.58.6 released In-Reply-To: <223f97700702031349w4e9be3a6meee9118a8b7cddaa@mail.gmail.com> References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com><223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com><45BFD212.6090204@rogers.com><223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com><20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> <223f97700702031349w4e9be3a6meee9118a8b7cddaa@mail.gmail.com> Message-ID: <20070205202002.5BFF5FF08@mx-a.vdnet.lt> On Sat, 3 Feb 2007 22:49:50 +0100 Glenn Steen wrote: > > > Yes. Seems you don't have to have it actually "edit" anything though, > > > the p record "placeholders" will be added just by enabling it... Then > > > again, why would one have a milter that was in effect a "dummy":-). > > > > Why not? For example milter-greylist accepts or rejects message (and > > can add a header, but it's not important and can be disabled), so if > > Postfix didn't add p placeholders in such case, milter-greylist would > > have worked without modifying MS... > > Not quite, since it actually adds a header... In the spirit of "Kilroy > was here";-) Yes, but header is only informational and can be disabled in config file. > > > Seems most people don't use the milter option in 2.3 in conjunction > > > with MailScanner, since we've had one (1) request in this area > > > (Nerijus:) for all the time 2.3 has eben around. > > > > :) Thanks Glenn for your patches! > > You're welcome... Still working OK for you? Yes, no more complains about broken messages. Regards, Nerijus From Carl.Andrews at crackerbarrel.com Mon Feb 5 21:49:12 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Mon Feb 5 20:53:01 2007 Subject: Greylisting .. nice .. In-Reply-To: <200611071939.kA7JdC2f025282@smtpgw1.crackerbarrel.com> Message-ID: <113A0DFC086C984AB9EFDF6B8614F0750125129E@exchange03.CBOCS.com> How did you get these numbers? Do you have a shell script or perl script that parses your logs? Thanks, Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rob Poe Sent: Tuesday, November 07, 2006 1:26 PM To: MailScanner discussion; Jim Holland Subject: Re: Greylisting .. nice .. >> > My thoughts so far are this: Why didn't I do this sooner. > >> Its going to be pointless soon, problem is, as more and more people do >> this, it wont be long before the common garden variety spammers smtp >> engine will also retry on 4xx errors, id give it a year tops (if some of >> them are not already doing it) >My objection to it is not that it doesn't work, but that it makes all >genuine mail servers work twice as hard to deliver mail. I like having an I agree, that the spammers MIGHT try to adapt to this, but at THIS MOMENT, it works. Computer tech is moment based. Since when have we used virus scanners on Microsoft OS'es that only scan on demand (real time scanning). Why? Because the virus writers adapted. The viruses are far nastier. Spam will get far, far nastier. I have a mailserver I admin that gets the following in spam statistics .. for yesterday at midnight. 1040 blocked yesterday due to sendmail access.db blocks (the worst subnet offenders from foreign countries) 20,000 blocked for invalid recipient 124 blocked by RBLs, of which I cannot use all of because their clients host email servers on DSL / Cable modem connections. 68 blocked by spamassassin for high spam score 2000 greylist 1st attempts 204 greylist passes They STILL get spam .. but it's blocked almost ALL of the image based spams, and almost ALL of the pharmaceutical messages, and most of the nasty porn stuff. And with the bayes poisioning they get, SA wasn't touching it .. I agree, greylisting isn't the best thing since sliced bread .. but with the wild state of things on the Internet, it sure comes close IMO. Not everyone has a 2.8ghz dual xeon with 4 gigs of ram to dedicate to spamassassin with OCR recognition. This email domain name is 10 years old. It used to run Groupwise 5.2 (ok, so maybe it still does) which the GWIA is so horribly broken that it will accept email to ANY user (doesn't relay it, but DOES accept it even if invalid). So the spammers have dictionary attacked it for SO long that they all think that asuidewiuwer@thatdomainname is a vaild recipient, while it is not. Rob -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Mon Feb 5 22:15:54 2007 From: res at ausics.net (Res) Date: Mon Feb 5 21:19:44 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> Message-ID: On Mon, 5 Feb 2007, Randal, Phil wrote: > CONFIG: New FEATURE(`block_bad_helo') to reject messages from Just a warning on this feature, having an OK/RELAY in access is soley not enough, you need include your IP ranges in /etc/mail/relay-domains (this addition might be avoided in a future release) if you want those users of yours who connect with helo=home.lappy ...etc. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From itdept at fractalweb.com Mon Feb 5 22:38:25 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Mon Feb 5 21:44:40 2007 Subject: extract all images from spam folder? Message-ID: <45C7A3D1.80503@fractalweb.com> We have MailScanner set to quarantine all the spam messages, and in /var/spool/MailScanner/quarantine//spam there are all the messages as one file for each. What I would like to do is extract all of the attached images from all the messages in the folder and have a look at them. Would also be useful for testing fuzzyocr. Is there an easy way to accomplish this from the shell? Thanks. From glenn.steen at gmail.com Tue Feb 6 01:15:00 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 00:18:45 2007 Subject: extract all images from spam folder? In-Reply-To: <45C7A3D1.80503@fractalweb.com> References: <45C7A3D1.80503@fractalweb.com> Message-ID: <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> On 05/02/07, Chris Yuzik wrote: > We have MailScanner set to quarantine all the spam messages, and in > /var/spool/MailScanner/quarantine//spam there are all the messages > as one file for each. > > What I would like to do is extract all of the attached images from all > the messages in the folder and have a look at them. Would also be useful > for testing fuzzyocr. Is there an easy way to accomplish this from the > shell? > > Thanks. A) Don't quarantine the queue files, let MS save the rfc822 format message file and all attachments... Kind of makes this excercise almost too simple:-). B) Use MailWatch (which happen to need the above settings anyway, so you can look it up there:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From itdept at fractalweb.com Tue Feb 6 04:30:44 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Feb 6 03:35:35 2007 Subject: extract all images from spam folder? In-Reply-To: <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> References: <45C7A3D1.80503@fractalweb.com> <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> Message-ID: <45C7F664.4020709@fractalweb.com> Glenn Steen wrote: > A) Don't quarantine the queue files, let MS save the rfc822 format > message file and all attachments... Kind of makes this excercise > almost too simple:-). > B) Use MailWatch (which happen to need the above settings anyway, so > you can look it up there:-). Glenn, I presume you mean this section of MailScanner.conf? # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = no This is what I've already got, and it doesn't store the queue files but a single file containing the header, body, and any mime encoded attachments. I'd like a quick way to extract all of those mime attachments for analysis and testing (with things like FuzzyOCR). The interesting part is that MS already seems to store virus-infected messages with the attachments as separate files. Is there a way to get spam stored the same way? Any ideas? Cheers, Chris From MailScanner at ecs.soton.ac.uk Mon Feb 5 18:06:00 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 6 08:37:58 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C72ECC.3000007@nkpanama.com> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> <45C723E6.6010303@talora.com.br> <45C72ECC.3000007@nkpanama.com> Message-ID: <45C763F8.5060509@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > > Lu?s Fernando C. Talora wrote: >> Thanks guys. This achieving option seems really to rock!!! :D >> >> Just another thing: if I use: >> >> From or To: *yahoogroups.com.br (...) >> >> Will MailScanner recognize messages where "*yahoogroups.com.br" >> appears only on the CC (carbon copy) field? > > AFAIK, it cares who "receives" the message in the end, not if the > recipient was in To: or CC: or even BCC: - but could someone correct > me if this isn't the case? Thanks... Quite correct. The headers are totally ignored when making decisions about who the sender and recipients are. For info, "Bcc" means this to the MTA: "Add these to the recipients list and then delete this header from the message". Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFyD1fEfZZRxQVtlQRAuSqAJ0V9x+OiVGwpI5Opk9kzgdOszTDzwCeOuYy +55JBneksju+QHsX1W3bmo0= =y2vR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Tue Feb 6 10:31:13 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 09:35:05 2007 Subject: extract all images from spam folder? In-Reply-To: <45C7F664.4020709@fractalweb.com> References: <45C7A3D1.80503@fractalweb.com> <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> <45C7F664.4020709@fractalweb.com> Message-ID: <223f97700702060131m5a7d0715y62d8c1a0f465d945@mail.gmail.com> On 06/02/07, Chris Yuzik wrote: > Glenn Steen wrote: > > A) Don't quarantine the queue files, let MS save the rfc822 format > > message file and all attachments... Kind of makes this excercise > > almost too simple:-). > > B) Use MailWatch (which happen to need the above settings anyway, so > > you can look it up there:-). > Glenn, > > I presume you mean this section of MailScanner.conf? > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or > # as human-readable files (header then body in 1 file)? > Quarantine Whole Messages As Queue Files = no > > This is what I've already got, and it doesn't store the queue files but > a single file containing the header, body, and any mime encoded attachments. Ah good. > I'd like a quick way to extract all of those mime attachments for > analysis and testing (with things like FuzzyOCR). > > The interesting part is that MS already seems to store virus-infected > messages with the attachments as separate files. Is there a way to get > spam stored the same way? > > Any ideas? Yes, I didn't think that through entirely... It involving the spam quarantine too, which is just the rfc822 message file, as you say. Unpacking this into its constituent parts could be done in a number of ways... If you have MailWatch too, you'd see that this already does this "unpacking" on the fly when you inspect a spam message (look at the details page of the message, click on the filename at the bottom). Using that will have the good thing with it that you are already using a program capable of displaying the information (your browser:). Or you could feed the file through mimencode (metamail package)... Might need a bit of scripting... Or better yet, get ripmime (http://www.pldaniels.com/ripmime/) and script around that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 6 13:12:15 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 12:16:03 2007 Subject: Performance In-Reply-To: <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> Message-ID: <223f97700702060412h65b6bb4t6a9f93db6954eb4a@mail.gmail.com> Somewhat off-topic, but interresting for those willing to explore pflogsumm (and want to use the cron snippets I showed earlier). So, mainly for Postfix admins...:-). On 01/02/07, Glenn Steen wrote: > On 01/02/07, Peter Russell wrote: > > > > > > Glenn Steen wrote: > > > On 31/01/07, Peter Russell wrote: > (snip even more) > > >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > > >> > Why is there no "companion" relay_recipient_maps? You should reject > > >> > unknown recipients. > > >> > > > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit > > >> >> smtpd_helo_required = yes > > >> > Here you should perhaps have a > > >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > > >> > hash:/etc/postfix/deny_domain_spoof > > >> > Where the deny_domain_spoof is simply an access file detailing the > > >> > domains and IP addresses you relay for like "katy.com REJECT". Will be > > >> > perfectly safe to use. > > >> > > >> Glenn - should he have REJECT for domains he relays for? > > > Yes. The thinking here is to REJECT anyone pretending to be either > > > your domain (your MX) or any of the "internal/trusted" IP addresses, > > > unless they really are... The permit_mynetworks take care of not > > > rejecting things that shouldn't be rejected:). > > > As said, perfectly safe;-). > > > This one rejects a few every day. > > > > Sorry for the questions, but i am trying to stop some of the low scoring > > spam i keep getting through - i am sure some tweaking will get it. > Quite OK. > > How do you check if these have blocked some spam? grep the maillog? > Well more or less:-). It's the beauty of pflogsumm ... It'll summarize > all rejections by at what stage and "reason"... like this (this is for > yesterday): > message reject detail > --------------------- > RCPT > Helo command rejected: Access denied (total: 50) > 3 83.173.153.170 (clients-865241583854se@nordea.se) > 3 83.239.72.30 (wkihudxroacna@dirtydavid.every1.net) > ... > (The first one there is a Nordea Phish, or rather three... that I > spend no more resources on;-) > These "Access denied at helo" are the ones trying to pretend they are > us. Similarily you'll get > Helo command rejected: Invalid name (total: 9) > Helo command rejected: need fully-qualified hostname (total: 374) > Recipient address rejected: User unknown in relay recipient table > (total: 233) > Relay access denied (total: 41) > Sender address rejected: Access denied (total: 35) > ... All those 700-odd rejections on a total incoming of 3800. Most of > teh above are pretty obviously from "reject_invalid_hostname, > reject_non_fqdn_hostname, reject_non_fqdn_sender, > reject_non_fqdn_recipient", and I also apply the deny_domain_spoof in > the sender_restrictions, which accounts for those 35 rejections. > > To keep "on top of things" I've cron'd a couple of pflogsumm runs like this: > 3 0 * * * /usr/local/bin/pflsum_yday > 10 4 * * 0 /usr/local/bin/pflsum_week > # cat /usr/local/bin/pflsum_yday > #!/bin/bash > # Postfix log summary analysis per yesterday > /bin/cat /var/log/syslog | /usr/local/bin/pflogsumm -i -d yesterday > --problems_first --rej_add_from --zero_fill > > /var/www/html/pflogsumm/pflogsumm-$(date +%Y%m%d).txt 2>&1 > # cat /usr/local/bin/pflsum_week > #!/bin/bash > # Postfix log summary analysis per last week > /bin/zcat /var/log/syslog.1.gz | /usr/local/bin/pflogsumm -i > --problems_first --rej_add_from --zero_fill > > /var/www/html/pflogsumm/pflogsumm-week-$(date +%Y%m%d).txt 2>&1 > # > And I then have a small PHP script to present those on a webpage... > For my disabled-by-windoze colleagues:-). > Just for completeness (and since Pete bugged me to actually look at it:-), here is the exceptionally Q&D (not horrid, but then... not beautiful either... I'm sure it depends on how my php.ini is set:) PHP script I use to present those logfile summaries... I've got it linked from the tools page of MailWatch too for easy access, but it is standalone. The colourscheme is due to it being part of a set of "webified admin tools" (and me being colourblind:), but it should be easy enough to change. The CONF_pfls_dir is the only variable one should need touch if one moves things elsewhere. Enhoy:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- A non-text attachment was scrubbed... Name: index.php Type: application/x-php Size: 2234 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070206/4c67d160/index.bin From uxbod at splatnix.net Tue Feb 6 13:32:49 2007 From: uxbod at splatnix.net (uxbod) Date: Tue Feb 6 12:37:14 2007 Subject: Performance In-Reply-To: <223f97700702060412h65b6bb4t6a9f93db6954eb4a@mail.gmail.com> References: <223f97700702060412h65b6bb4t6a9f93db6954eb4a@mail.gmail.com> Message-ID: <96c53352f0531efe38ee973fdf0777de@62.49.223.244> In a similar vain I modified the mailgraph tool by David Schweikert and came up with the following :- Regards, On Tue, 6 Feb 2007 13:12:15 +0100, "Glenn Steen" wrote: > Somewhat off-topic, but interresting for those willing to explore > pflogsumm (and want to use the cron snippets I showed earlier). > So, mainly for Postfix admins...:-). > > On 01/02/07, Glenn Steen wrote: >> On 01/02/07, Peter Russell wrote: >> > >> > >> > Glenn Steen wrote: >> > > On 31/01/07, Peter Russell wrote: >> (snip even more) >> > >> >> relay_domains = katy.com katy.net katycomputer.com > schmerold.com >> > >> > Why is there no "companion" relay_recipient_maps? You should > reject >> > >> > unknown recipients. >> > >> > >> > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> > >> >> smtpd_helo_required = yes >> > >> > Here you should perhaps have a >> > >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> > >> > hash:/etc/postfix/deny_domain_spoof >> > >> > Where the deny_domain_spoof is simply an access file detailing > the >> > >> > domains and IP addresses you relay for like "katy.com REJECT". > Will be >> > >> > perfectly safe to use. >> > >> >> > >> Glenn - should he have REJECT for domains he relays for? >> > > Yes. The thinking here is to REJECT anyone pretending to be either >> > > your domain (your MX) or any of the "internal/trusted" IP addresses, >> > > unless they really are... The permit_mynetworks take care of not >> > > rejecting things that shouldn't be rejected:). >> > > As said, perfectly safe;-). >> > > This one rejects a few every day. >> > >> > Sorry for the questions, but i am trying to stop some of the low > scoring >> > spam i keep getting through - i am sure some tweaking will get it. >> Quite OK. >> > How do you check if these have blocked some spam? grep the maillog? >> Well more or less:-). It's the beauty of pflogsumm ... It'll summarize >> all rejections by at what stage and "reason"... like this (this is for >> yesterday): >> message reject detail >> --------------------- >> RCPT >> Helo command rejected: Access denied (total: 50) >> 3 83.173.153.170 (clients-865241583854se@nordea.se) >> 3 83.239.72.30 (wkihudxroacna@dirtydavid.every1.net) >> ... >> (The first one there is a Nordea Phish, or rather three... that I >> spend no more resources on;-) >> These "Access denied at helo" are the ones trying to pretend they are >> us. Similarily you'll get >> Helo command rejected: Invalid name (total: 9) >> Helo command rejected: need fully-qualified hostname (total: 374) >> Recipient address rejected: User unknown in relay recipient table >> (total: 233) >> Relay access denied (total: 41) >> Sender address rejected: Access denied (total: 35) >> ... All those 700-odd rejections on a total incoming of 3800. Most of >> teh above are pretty obviously from "reject_invalid_hostname, >> reject_non_fqdn_hostname, reject_non_fqdn_sender, >> reject_non_fqdn_recipient", and I also apply the deny_domain_spoof in >> the sender_restrictions, which accounts for those 35 rejections. >> >> To keep "on top of things" I've cron'd a couple of pflogsumm runs like > this: >> 3 0 * * * /usr/local/bin/pflsum_yday >> 10 4 * * 0 /usr/local/bin/pflsum_week >> # cat /usr/local/bin/pflsum_yday >> #!/bin/bash >> # Postfix log summary analysis per yesterday >> /bin/cat /var/log/syslog | /usr/local/bin/pflogsumm -i -d yesterday >> --problems_first --rej_add_from --zero_fill > >> /var/www/html/pflogsumm/pflogsumm-$(date +%Y%m%d).txt 2>&1 >> # cat /usr/local/bin/pflsum_week >> #!/bin/bash >> # Postfix log summary analysis per last week >> /bin/zcat /var/log/syslog.1.gz | /usr/local/bin/pflogsumm -i >> --problems_first --rej_add_from --zero_fill > >> /var/www/html/pflogsumm/pflogsumm-week-$(date +%Y%m%d).txt 2>&1 >> # >> And I then have a small PHP script to present those on a webpage... >> For my disabled-by-windoze colleagues:-). >> > > Just for completeness (and since Pete bugged me to actually look at > it:-), here is the exceptionally Q&D (not horrid, but then... not > beautiful either... I'm sure it depends on how my php.ini is set:) PHP > script I use to present those logfile summaries... I've got it linked > from the tools page of MailWatch too for easy access, but it is > standalone. > > The colourscheme is due to it being part of a set of "webified admin > tools" (and me being colourblind:), but it should be easy enough to > change. The CONF_pfls_dir is the only variable one should need touch > if one moves things elsewhere. > > Enhoy:-) > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: mailgraph.png Type: image/png Size: 70006 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070206/483928e9/mailgraph-0001.png From DrewB at united-systems.com Tue Feb 6 14:31:06 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Tue Feb 6 13:35:06 2007 Subject: New phishing strategy Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: hb1.zip Type: application/x-zip-compressed Size: 1364 bytes Desc: hb1.zip Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070206/3439ef65/hb1.bin From cobalt-users1 at fishnet.co.uk Tue Feb 6 14:49:57 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 6 13:53:57 2007 Subject: New phishing strategy In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> References: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> Message-ID: <45C88785.29186.1F3C07A4@cobalt-users1.fishnet.co.uk> On 6 Feb 2007 at 7:31, Drew Burchett wrote: > The attached email is an example of a number of recent phishing attempts that my users and I > have been receiving over the past several days. As you can see, it isn?t like your normal phishing > attempt because the link that it?s sending you to isn?t masked by another link in any way. This > allows it to slip right through MailScanner?s phishing filter. The site seems to have been already > taken down, and I?ve fed these into my spam filter to identify them as spam, but I?m wondering if > there?s anything else that can be done within mailscanner or spamassassin to stop them? Hi, Not really as this would rely on MailScanner knowing that the Heritage Bank's website is 'bankwithheritage.com' and not bankwith-heritage.com. MailScanner can only detect that the title of the link doesn't match the target. Your best course of action is to educate users not to trust anything sent in an email, no matter what it is. If in any doubt they should pick up a printed phone book, look up the number for their financial institution, call and ask. Regards Ian -- From am.lists at gmail.com Tue Feb 6 15:43:37 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 14:47:25 2007 Subject: Problems with some 'add-on' apps... Message-ID: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> I've inherited a system that's being used as a spam proxy/gateway. I'm getting my head around it. Prior to getting this system we'd been using some commercial stuff called Declude and Message Sniffer. We're moving away from that in favor of something that's OSS and more effective. The system itself is s using MailScanner, currently ver 4.55.10, SpamAssassin version 3.1.5, with a slew of add-ons, including FuzzyOcr, Rules Du Jour, Pyzor, Razor, and a few other things. PostGrey 1.27, and PostFix 2.2.2. I'm running into a couple issues, and I see newer versions out. I normally would guess that upgrading is simply the answer, but that's almost like saying the fix to /every/ Windows(r) problem is to reboot. (e.g. most of the time yes, but not every time). For example. FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't complain in the logs about not finding the image (stock alerts, etc.) spam, but in MailWatch, I view the messages that MS is catching, and none of them are showing the hits from Fuzzy OCR. I am still catching a large number of the image spam messages in quarantine (/var/spool/MailScanner/quarantine/[date]/spam) that I can use to test. I know how to use spamassassin -t < (messageid) -- and it will show things like the Fuzzy OCR hits. But is there a way to test the message from MailScanner's point of view? Here's an example: >From the web gui (mailwatch) on a message that has image spam: cached not score=19.406 4 required autolearn=spam -0.18 BAYES_40 Bayesian spam probability is 20 to 40% 3.07 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 4.20 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 0.50 HTML_40_50 Message is 40% to 50% HTML 3.13 HTML_IMAGE_ONLY_08 HTML: images with 400-800 bytes of words 0.00 HTML_MESSAGE HTML included in message 0.00 MIME_HTML_ONLY Message only has text/html MIME parts 1.56 RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net 2.05 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address 3.90 RCVD_IN_XBL Received via a relay in Spamhaus XBL 1.20 TVD_FW_GRAPHIC_NAME_MID And the same message with spamassassin -t < the message id reports the following: Content analysis details: (33.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 0.5 HTML_40_50 BODY: Message is 40% to 50% HTML 1.2 TVD_FW_GRAPHIC_NAME_MID BODY: TVD_FW_GRAPHIC_NAME_MID 0.0 HTML_MESSAGE BODY: HTML included in message 3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 10 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: "buy" in 1 lines "symbol" in 1 lines "tuesday" in 1 lines "news" in 2 lines (7.5 word occurrences found) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [72.225.192.40 listed in dnsbl.sorbs.net] 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [72.225.192.40 listed in zen.spamhaus.org] Some things jump out to me. One is that in the command line test, SA says 5.0 points are required, but MS is only looking for 4. Is this because I'm running the CLI test of SA as root and it's seeing a different prefs file? The one test called "TVD_FW_GRAPHIC_NAME_MID appears in the MailWatch/MailScanner test but not the FuzzyOCR test. Yet, the Fuzzy_OCR test appears int he CLI test but not in the MW/MS test. Thanks in advance for any assistance in looking at this and getting straightened out. Angelo From Q.G.Campbell at newcastle.ac.uk Tue Feb 6 15:47:28 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Tue Feb 6 14:51:25 2007 Subject: New phishing strategy In-Reply-To: <45C88785.29186.1F3C07A4@cobalt-users1.fishnet.co.uk> References: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> <45C88785.29186.1F3C07A4@cobalt-users1.fishnet.co.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB905864709435B4E@largo.campus.ncl.ac.uk> Drew The most effective way to deal with bogus URIs is to reject mail, during the SMTP exchange, that contains such URIs. You do this using SURBLs (Spam URI Real Time Block Lists), which detect bad URIs in the message body, in much the same way that you reject mail if the sending IP is listed in a DNSBL. For more info on SURLs see http://www.surbl.org/. Your MTA needs to be able to access one or more SURBLs and act on their results. In the case of Sendmail you can do this easily with an appropriate milter. We use the excellent "milter-link" milter from SnertSoft (see http://www.milter.info/). Quentin >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ian >Sent: 06 February 2007 13:50 >To: MailScanner discussion >Subject: Re: New phishing strategy > >On 6 Feb 2007 at 7:31, Drew Burchett wrote: > >> The attached email is an example of a number of recent >phishing attempts that my users and I >> have been receiving over the past several days. As you can >see, it isn?t like your normal phishing >> attempt because the link that it?s sending you to isn?t >masked by another link in any way. This >> allows it to slip right through MailScanner?s phishing >filter. The site seems to have been already >> taken down, and I?ve fed these into my spam filter to >identify them as spam, but I?m wondering if >> there?s anything else that can be done within mailscanner or >spamassassin to stop them? > >Hi, > >Not really as this would rely on MailScanner knowing that the >Heritage Bank's website is >'bankwithheritage.com' and not bankwith-heritage.com. >MailScanner can only detect that the >title of the link doesn't match the target. > >Your best course of action is to educate users not to trust >anything sent in an email, no >matter what it is. If in any doubt they should pick up a >printed phone book, look up the >number for their financial institution, call and ask. > >Regards > >Ian >-- > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From cobalt-users1 at fishnet.co.uk Tue Feb 6 15:55:37 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 6 14:59:35 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> Message-ID: <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> On 6 Feb 2007 at 9:43, am.lists wrote: > FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't > complain in the logs about not finding the image (stock alerts, etc.) > spam, but in MailWatch, I view the messages that MS is catching, and > none of them are showing the hits from Fuzzy OCR. Hi, I think FuzzyOCR will not scan a message if it has already got a score above a certain threshold (10?). This is to reduce the load on your system. Regards Ian -- From ljosnet at gmail.com Tue Feb 6 15:57:44 2007 From: ljosnet at gmail.com (emm1) Date: Tue Feb 6 15:01:32 2007 Subject: Exclude email adresss from being scanned for viruses/attachments? Message-ID: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> How would I do this? Thanks! From glenn.steen at gmail.com Tue Feb 6 16:02:15 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 15:06:03 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> Message-ID: <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> On 06/02/07, Ian wrote: > On 6 Feb 2007 at 9:43, am.lists wrote: > > > > > FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't > > complain in the logs about not finding the image (stock alerts, etc.) > > spam, but in MailWatch, I view the messages that MS is catching, and > > none of them are showing the hits from Fuzzy OCR. > > Hi, > > I think FuzzyOCR will not scan a message if it has already got a score above a certain > threshold (10?). This is to reduce the load on your system. > > Regards > > Ian Yep. Also, do the "spamassassin -t ...." test as the user postfix is running as... and add the -D flag to see all the nitgritty details of what it is doing:-)... something like: su - postfix -s /bin/bash spamassassin -D -t &1 | less -e ... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From am.lists at gmail.com Tue Feb 6 16:03:48 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 15:07:41 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> Message-ID: <25a66d840702060703i681948ebg1360aed559d7f38d@mail.gmail.com> Thanks for jumping in Ian... I saw that setting of 10, and thought that maybe it was getting skipped, so to test, I raised that skip-if already scored score up to 30 so that most things would still get routed to Fuzzy OCR. Any other ideas? I know within MailWatch, there's an administrative link to update MailScanner with new rules from SpamAssassin... Is it possible that one of the cron'ed updates has run and taken F-OCR out of what MailScanner sees? It's like SA sees the plugin but MS/MW does not. A MailScanner equivalent to "spamassassin -t < msgid file" would be nice. Do we have such a thing? Angelo On 2/6/07, Ian wrote: > On 6 Feb 2007 at 9:43, am.lists wrote: > > > > > FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't > > complain in the logs about not finding the image (stock alerts, etc.) > > spam, but in MailWatch, I view the messages that MS is catching, and > > none of them are showing the hits from Fuzzy OCR. > > Hi, > > I think FuzzyOCR will not scan a message if it has already got a score above a certain > threshold (10?). This is to reduce the load on your system. > > Regards > > Ian > -- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rpoe at plattesheriff.org Tue Feb 6 16:14:14 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 6 15:18:33 2007 Subject: Greylisting .. nice .. In-Reply-To: <113A0DFC086C984AB9EFDF6B8614F0750125129E@exchange03.CBOCS.com> References: <200611071939.kA7JdC2f025282@smtpgw1.crackerbarrel.com> <113A0DFC086C984AB9EFDF6B8614F0750125129E@exchange03.CBOCS.com> Message-ID: <45C846E9.65ED.00A2.0@plattesheriff.org> >>1040 blocked yesterday due to sendmail access.db blocks (the worst >>subnet offenders from foreign countries) >>20,000 blocked for invalid recipient >>124 blocked by RBLs, of which I cannot use all of because their clients >>host email servers on DSL / Cable modem connections. >>68 blocked by spamassassin for high spam score >>2000 greylist 1st attempts >>204 greylist passes >How did you get these numbers? Do you have a shell script or perl script >that parses your logs? Yup. PHP shell scripts (don't ask, lol) doing grep -wc commands against the maillog for the specific day only. Why did I do it in PHP? Quick and dirty, didn't want to have to remember how to do it in BASH .. don't know PERL well enough to do it there. Example script below.. One for each. I'm sure, that it could be done more prettily - but this does work.. #!/usr/bin/php -q From DrewB at united-systems.com Tue Feb 6 16:23:06 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Tue Feb 6 15:27:33 2007 Subject: Exclude email adresss from being scanned for viruses/attachments? In-Reply-To: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F77149@uss2k01.united-systems.local> The easiest way is to set "Is Definitely Not Spam = " in Mailscanner.conf to point to a file. In this file, place the following lines: From: domain.to.be.excluded.com yes FromOrTo: default no Restart Mailscanner and you're off. Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of emm1 Sent: Tuesday, February 06, 2007 8:58 AM To: MailScanner discussion Subject: Exclude email adresss from being scanned for viruses/attachments? How would I do this? Thanks! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From dhawal at netmagicsolutions.com Tue Feb 6 16:25:30 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 6 15:29:36 2007 Subject: Exclude email adresss from being scanned for viruses/attachments? In-Reply-To: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> References: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> Message-ID: <45C89DEA.4030308@netmagicsolutions.com> emm1 wrote: > How would I do this? > > Thanks! See the relevant parts of MailScanner.conf for these and create rulesets acconrdingly: a. Dangerous Content Scanning b. Virus Scanning Read up the wiki on rulesets if required. - dhawal From am.lists at gmail.com Tue Feb 6 17:35:45 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 16:39:33 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> Message-ID: <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> OK... Thanks for the tip to su as postfix... I think I figured it out... I was led down the path of why it would work for root and not for postfix. I started looking at things such as file ownership and file mode. I was looking at things that were updated when I ran them as root... /etc/mail/spamassassin/FuzzyOcr.db (and associated lock files) tend to be updated each time root successfully scans a message, but the files were owned root:root, and mode 755. That meant the user postfix would be able to scan against the hash table but not update it. (For what its worth, with verbosity turned up, FuzzyOcr did not complain about the permissions issue, it just died.) I fixed that issue, and am now seeing Fuzzy OCR hits when testing as user postfix. I will let some real messages come through over the lunch hour, but I bet this will fix my image spam... at least for today :) Thanks to Glenn and Ian for your leadership and pointing me in the right direction. From KGoods at AIAInsurance.com Tue Feb 6 18:10:29 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Tue Feb 6 17:14:17 2007 Subject: New phishing strategy Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C2916C@aiainsurance.com> Ian wrote: > On 6 Feb 2007 at 7:31, Drew Burchett wrote: > >> The attached email is an example of a number of recent phishing >> attempts that my users and I >> have been receiving over the past several days. As you can see, it >> isn?t like your normal phishing attempt because the link that it?s >> sending you to isn?t masked by another link in any way. This allows >> it to slip right through MailScanner?s phishing filter. The site >> seems to have been already taken down, and I?ve fed these into my >> spam filter to identify them as spam, but I?m wondering if there?s >> anything else that can be done within mailscanner or spamassassin to >> stop them? > > Hi, > > Not really as this would rely on MailScanner knowing that the > Heritage Bank's website is 'bankwithheritage.com' and not > bankwith-heritage.com. MailScanner can only detect that the title of > the link doesn't match the target. > > Your best course of action is to educate users not to trust anything > sent in an email, no matter what it is. If in any doubt they should > pick up a printed phone book, look up the number for their financial > institution, call and ask. > > Regards > > Ian > -- Or... you can use ClamAV to catch these nasties like this.... (Sorry I couldn't reply to the OP but since it was caught by ClamAV it didn't make it to me! :) The following e-mails were found to have: Virus Detected Sender: mailscanner-bounces@lists.mailscanner.info IP Address: 83.98.192.7 Recipient: kgoods@mydomain.com Subject: New phishing strategy MessageID: l16DiWNd014477 Quarantine: /var/spool/MailScanner/quarantine/20070206/l16DiWNd014477 Report: ClamAV: hb1.txt contains HTML.Phishing.Bank-1074 Report: ClamAV: hb1.zip contains HTML.Phishing.Bank-1074 Full headers are: Return-Path: Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7]) by gw-mail.aiainsurance.com (8.13.1/8.13.1) with ESMTP id l16DiWNd014477 for ; Tue, 6 Feb 2007 05:44:35 -0800 Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id l16DZ7ac007105; Tue, 6 Feb 2007 13:36:25 GMT X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from spamfilter.onlineky.net (spamfilter2.onlineky.net [65.241.66.9]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id l16DZ5MF007100 for ; Tue, 6 Feb 2007 14:35:05 +0100 Received: from united-systems.local (intranet.united-systems.com [65.241.66.2]) by spamfilter.onlineky.net (Postfix) with ESMTP id 0EBC852F0D for ; Tue, 6 Feb 2007 07:31:10 -0600 (CST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C749F3.0EAC3688" Date: Tue, 6 Feb 2007 07:31:06 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.5 Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: New phishing strategy Thread-Index: AcdJ8w5HFpUKOPp2SLWUYlJyEYZGEg== From: "Drew Burchett" To: "MailScanner discussion" X-USS-MailScanner-Information: Please contact the ISP for more information X-USS-MailScanner: Found to be clean X-USS-MailScanner-From: drewb@united-systems.com Subject: New phishing strategy X-BeenThere: mailscanner@lists.mailscanner.info X-Mailman-Version: 2.1.5 Precedence: list Reply-To: MailScanner discussion List-Id: MailScanner discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mailscanner-bounces@lists.mailscanner.info Errors-To: mailscanner-bounces@lists.mailscanner.info Pretty slick really.... :) HTH, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From glenn.steen at gmail.com Tue Feb 6 18:49:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 17:52:55 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> Message-ID: <223f97700702060949i1c6455c7wc7d8a900a9195869@mail.gmail.com> On 06/02/07, am.lists wrote: > OK... Thanks for the tip to su as postfix... > > I think I figured it out... I was led down the path of why it would > work for root and not for postfix. > > I started looking at things such as file ownership and file mode. I > was looking at things that were updated when I ran them as root... > /etc/mail/spamassassin/FuzzyOcr.db (and associated lock files) tend to > be updated each time root successfully scans a message, but the files > were owned root:root, and mode 755. That meant the user postfix would > be able to scan against the hash table but not update it. (For what > its worth, with verbosity turned up, FuzzyOcr did not complain about > the permissions issue, it just died.) > > I fixed that issue, and am now seeing Fuzzy OCR hits when testing as > user postfix. > > I will let some real messages come through over the lunch hour, but I > bet this will fix my image spam... at least for today :) > > Thanks to Glenn and Ian for your leadership and pointing me in the > right direction. You're wellcome. When you've convinced yourself everything is working OK, remember to turn that setting down to 10 again for FuzzyOCR... Pointless to waste the resources on things already determined to be spam:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From am.lists at gmail.com Tue Feb 6 18:55:31 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 17:59:18 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <223f97700702060949i1c6455c7wc7d8a900a9195869@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> <223f97700702060949i1c6455c7wc7d8a900a9195869@mail.gmail.com> Message-ID: <25a66d840702060955r7cc00554p45e7baf1a7cb3661@mail.gmail.com> You're absolutely correct. I did think of leaving it high enough to kick in for the sake of getting the image hashes into the db, but but since everything else is usually malformed enough, and since focr gets it right on the first time, I figure 10 is still fine. -Angelo On 2/6/07, Glenn Steen wrote: > On 06/02/07, am.lists wrote: > > OK... Thanks for the tip to su as postfix... > > > > I think I figured it out... I was led down the path of why it would > > work for root and not for postfix. > > > > I started looking at things such as file ownership and file mode. I > > was looking at things that were updated when I ran them as root... > > /etc/mail/spamassassin/FuzzyOcr.db (and associated lock files) tend to > > be updated each time root successfully scans a message, but the files > > were owned root:root, and mode 755. That meant the user postfix would > > be able to scan against the hash table but not update it. (For what > > its worth, with verbosity turned up, FuzzyOcr did not complain about > > the permissions issue, it just died.) > > > > I fixed that issue, and am now seeing Fuzzy OCR hits when testing as > > user postfix. > > > > I will let some real messages come through over the lunch hour, but I > > bet this will fix my image spam... at least for today :) > > > > Thanks to Glenn and Ian for your leadership and pointing me in the > > right direction. > You're wellcome. > When you've convinced yourself everything is working OK, remember to > turn that setting down to 10 again for FuzzyOCR... Pointless to waste > the resources on things already determined to be spam:-). > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From r.berber at computer.org Wed Feb 7 01:58:58 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 01:02:59 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable Message-ID: Hi, As the subject says, the new version has a check_mail with line 123: echo -n 'Starting MailScanner...' the problem is that "echo -n" does not work everywhere, specifically it doesn't work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. Alternatives are, in order of preference: 1. printf 'Starting MailScanner...' 2. echo 'Starting MailScanner...\c' The first one is probably portable, the second is what we use in Solaris and probably doesn't work anywhere else. -- Ren? Berber From r.berber at computer.org Wed Feb 7 02:23:07 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 01:27:15 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: Ren? Berber wrote: > Hi, > > As the subject says, the new version has a check_mail with line 123: s/check_mail/check_mailscanner/ > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > > Alternatives are, in order of preference: > > 1. printf 'Starting MailScanner...' > > 2. echo 'Starting MailScanner...\c' > > The first one is probably portable, the second is what we use in Solaris and > probably doesn't work anywhere else. -- Ren? Berber From carlos.pastorino at gmail.com Wed Feb 7 02:30:15 2007 From: carlos.pastorino at gmail.com (Carlos Pastorino) Date: Wed Feb 7 01:34:21 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: References: Message-ID: I have noticed that MailScanner checks for viruses even if the spam has been marked for deletion. Here's one example: Feb 6 01:20:03 mailserver MailScanner[3368]: New Batch: Scanning 1 messages, 1655 bytes Feb 6 01:20:03 mailserver MailScanner[3368]: Spam Checks: Starting Feb 6 01:20:04 mailserver MailScanner[3368]: RBL checks: 0338C2C0F7.99CBE found in SORBS-DNSBL, SBL+XBL, spamhaus-XBL, spamcop.net Feb 6 01:20:04 mailserver MailScanner[3368]: Message 0338C2C0F7.99CBE from 219.150.57.14 (xpisig@spammer.domain) to mydomain.com.br is SORBS-DNSBL, SBL+XBL, spamhaus-XBL, spamcop.net Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks: Found 1 spam messages Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Actions: message 0338C2C0F7.99CBE actions are delete Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks completed at 1579 bytes per second Feb 6 01:20:04 mailserver MailScanner[3368]: Virus and Content Scanning: Starting Feb 6 01:20:09 mailserver MailScanner[3368]: Virus Scanning completed at 334 bytes per second Feb 6 01:20:09 mailserver MailScanner[3368]: Batch completed at 275 bytes per second (1655 / 5) Feb 6 01:20:09 mailserver MailScanner[3368]: Batch (1 message) processed in 6.00 seconds If the virus scanning were to be skipped in this case -- since the message was going to be deleted anyway -- the processing time should've been 1 second, instead of 6 seconds. My suggestion is that MailScanner.conf gives us an option to only check for viruses in the e-mails which are going to be delivered or stored in the quarantine. Any thoughts? Best regards, Pastorino From res at ausics.net Wed Feb 7 02:30:51 2007 From: res at ausics.net (Res) Date: Wed Feb 7 01:34:55 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: On Tue, 6 Feb 2007, Ren? Berber wrote: > As the subject says, the new version has a check_mail with line 123: > > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. This works fine on Linux, unfortunately I can't test Solaris > The first one is probably portable, the second is what we use in Solaris and > probably doesn't work anywhere else. :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 7 02:36:45 2007 From: res at ausics.net (Res) Date: Wed Feb 7 01:40:40 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: On Wed, 7 Feb 2007, Res wrote: >> the problem is that "echo -n" does not work everywhere, specifically it >> doesn't >> work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell >> echo. > This works fine on Linux, unfortunately I can't test Solaris looks around..... SunOS5.9 The echo utility writes its arguments, separated by BLANKs and terminated by a NEWLINE, to the standard output. If there are no arguments, only the NEWLINE character will be written. We use the -n to avoid the newline output so we can have the result on the same line, so if solaris we'd need use \c to avoid it it seems. \c Print line without new-line. All characters fol- lowing the \c in the argument are ignored. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 7 02:50:29 2007 From: res at ausics.net (Res) Date: Wed Feb 7 01:54:33 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: Jules, bin/check_mailscanner Line 117 echo -n to avoid the issue with Solaris can you please replace the echo -n _with_ printf on line 117 Cheers On Wed, 7 Feb 2007, Res wrote: > On Wed, 7 Feb 2007, Res wrote: > >>> the problem is that "echo -n" does not work everywhere, specifically it >>> doesn't >>> work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne >>> shell echo. > >> This works fine on Linux, unfortunately I can't test Solaris > > looks around..... > > SunOS5.9 > The echo utility writes its arguments, separated by BLANKs > and terminated by a NEWLINE, to the standard output. If > there are no arguments, only the NEWLINE character will be > written. > > We use the -n to avoid the newline output so we can have the result on the > same line, so if solaris we'd need use \c to avoid it it seems. > \c Print line without new-line. All characters fol- > lowing the \c in the argument are ignored. > > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From tgc at statsbiblioteket.dk Wed Feb 7 08:35:54 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Wed Feb 7 07:39:44 2007 Subject: extract all images from spam folder? In-Reply-To: <45C7A3D1.80503@fractalweb.com> References: <45C7A3D1.80503@fractalweb.com> Message-ID: <45C9815A.5020902@statsbiblioteket.dk> Chris Yuzik wrote: > We have MailScanner set to quarantine all the spam messages, and in > /var/spool/MailScanner/quarantine//spam there are all the messages > as one file for each. > > What I would like to do is extract all of the attached images from all > the messages in the folder and have a look at them. Would also be useful > for testing fuzzyocr. Is there an easy way to accomplish this from the > shell? > # cd # for i in *; do uudeview -i -m +e .jpg.gif.png -p /tmp/spampics $i; done The key is ofcourse uudeview that does uu/yenc/base64 decoding. -tgc From tgc at statsbiblioteket.dk Wed Feb 7 08:43:14 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Wed Feb 7 07:47:04 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: <45C98312.3000702@statsbiblioteket.dk> Ren? Berber wrote: > Hi, > > As the subject says, the new version has a check_mail with line 123: > > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > /usr/ucb/echo will do this on Solaris. $ /usr/bin/echo -n -n $ /usr/ucb/echo -n $ -tgc From martinh at solidstatelogic.com Wed Feb 7 10:39:53 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 09:44:17 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: Message-ID: <950d4078a9a40645a2c9c74f4cfdf9bd@solidstatelogic.com> Carlos Not a good idea. Even if it's spam you need to check if there's a virus in there so you don't release malware by accident. AV checks are quite quick in comparison to Spamassassin checks..assuming you're doing SA which it doesn't look like you are.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Carlos Pastorino > Sent: 07 February 2007 01:30 > To: mailscanner@lists.mailscanner.info > Subject: Suggestion to speed MailScanner up > > I have noticed that MailScanner checks for viruses even if the spam > has been marked for deletion. > > Here's one example: > > Feb 6 01:20:03 mailserver MailScanner[3368]: New Batch: Scanning 1 > messages, 1655 bytes > Feb 6 01:20:03 mailserver MailScanner[3368]: Spam Checks: Starting > Feb 6 01:20:04 mailserver MailScanner[3368]: RBL checks: > 0338C2C0F7.99CBE found in SORBS-DNSBL, SBL+XBL, spamhaus-XBL, > spamcop.net > Feb 6 01:20:04 mailserver MailScanner[3368]: Message 0338C2C0F7.99CBE > from 219.150.57.14 (xpisig@spammer.domain) to mydomain.com.br is > SORBS-DNSBL, SBL+XBL, spamhaus-XBL, spamcop.net > Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks: Found 1 spam > messages > Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Actions: message > 0338C2C0F7.99CBE actions are delete > Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks completed at > 1579 bytes per second > Feb 6 01:20:04 mailserver MailScanner[3368]: Virus and Content > Scanning: Starting > Feb 6 01:20:09 mailserver MailScanner[3368]: Virus Scanning completed > at 334 bytes per second > Feb 6 01:20:09 mailserver MailScanner[3368]: Batch completed at 275 > bytes per second (1655 / 5) > Feb 6 01:20:09 mailserver MailScanner[3368]: Batch (1 message) > processed in 6.00 seconds > > > If the virus scanning were to be skipped in this case -- since the > message was going to be deleted anyway -- the processing time > should've been 1 second, instead of 6 seconds. > > My suggestion is that MailScanner.conf gives us an option to only > check for viruses in the e-mails which are going to be delivered or > stored in the quarantine. > > Any thoughts? > > Best regards, > > Pastorino > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From steve.freegard at fsl.com Wed Feb 7 10:48:42 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Feb 7 09:52:48 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: References: Message-ID: <45C9A07A.4020603@fsl.com> Hi Carlos, Carlos Pastorino wrote: > My suggestion is that MailScanner.conf gives us an option to only > check for viruses in the e-mails which are going to be delivered or > stored in the quarantine. > > Any thoughts? Yes - check your settings for 'Keep Spam and MCP quarantine clean', if it is set to 'Yes', then change it to 'No' and I think you'll get the desired result. Kind regards, Steve. From glenn.steen at gmail.com Wed Feb 7 12:32:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 11:35:56 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <45C98312.3000702@statsbiblioteket.dk> References: <45C98312.3000702@statsbiblioteket.dk> Message-ID: <223f97700702070332k3df084c3mb681fb3f56fb6527@mail.gmail.com> On 07/02/07, Tom G. Christensen wrote: > Ren? Berber wrote: > > Hi, > > > > As the subject says, the new version has a check_mail with line 123: > > > > echo -n 'Starting MailScanner...' > > > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > > > /usr/ucb/echo will do this on Solaris. > > $ /usr/bin/echo -n > -n > $ /usr/ucb/echo -n > $ > Exactly right... echo has _never_ been portable as such, due to there being the two incarnations (BSD with -n etc, sysV with escape sequences). So if one is to use it one has to test which version one gets and act accordingly, or use something completely different (and hope that that is a) present on all "dialects", b) more portable...:-). If the aim is to use -n everywhere, and it is only Solaris that is ... problematic, the test one should do is if this is Solaris arch, and then use /usr/ucb equivalents (which are present on every solaris back to at least 2.5 (my memory of SunOS earlier than that has become more ... foggy... than I'd care to admit... Didn't one have the sysV stuff in /usr/5bin back then? And the /usr/ucb thing too?). One could also _force_ /usr/ucb to be prepended to the PATH prior to the call to echo, which would perhaps be the most elegant way of doing things... Something like if [ -d /usr/ucb ] then PATH=/usr/ucb:$PATH fi ... Since this would work on any arch/dialect/distro:-):-) PS. Am I the only one still hating Sun for what they did when they moved to Slolaris 5? IMO the only usable version is 10, where they seem to have been influenced heavily by ... the competition:-). I know, this arguement is dead and buried in ancient history.... Still, that COSE thing really dampened my enthusiasm for the company and their products... Still consider it every time we're out to buy new stuff... Nah, I'm not bearing a grudge:-):-). And no Res, don't answer that I'm the only one who remembers it:-D. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 7 12:37:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 7 11:44:36 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: <45C9B9E4.1040104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My best attempt to solve this one is this: printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting MailScanner...' Then you just have to have one or the other. Or even this? printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting MailScanner...' 2>/dev/null || echo 'Starting MailScanner...' Thoughts? Ren? Berber wrote: > Hi, > > As the subject says, the new version has a check_mail with line 123: > > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > > Alternatives are, in order of preference: > > 1. printf 'Starting MailScanner...' > > 2. echo 'Starting MailScanner...\c' > > The first one is probably portable, the second is what we use in Solaris and > probably doesn't work anywhere else. > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFybqUEfZZRxQVtlQRAieRAKDZltU+h0MJSl0lIUkuf5aaI9K1SACg51/G 9Ltv5KyCxjUPkbevnAarSBg= =cL44 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Wed Feb 7 12:44:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 11:48:43 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: <45C9A07A.4020603@fsl.com> References: <45C9A07A.4020603@fsl.com> Message-ID: <223f97700702070344k79c9f68ahb0d71828a0f7d1d2@mail.gmail.com> On 07/02/07, Steve Freegard wrote: > Hi Carlos, > > Carlos Pastorino wrote: > > My suggestion is that MailScanner.conf gives us an option to only > > check for viruses in the e-mails which are going to be delivered or > > stored in the quarantine. > > > > Any thoughts? > > Yes - check your settings for 'Keep Spam and MCP quarantine clean', if > it is set to 'Yes', then change it to 'No' and I think you'll get the > desired result. > > Kind regards, > Steve. Um, yes and no Steve. That would leave him with potential viruses in the low scoring spam he might quarantine, while letting the "already slated for deletion" spam avoid being scanned for viruses. One would think that one should be able to enhance the logic behind the "Keep Spam and MCP quarantine clean" setting a bit, so that it actually checks whether the message would be delivered at all, anywhere... As an intermediary, one could set the above to no, as per your suggestion, and then implement the "forward to alias to /dev/null" trick we used to do before (with the sideeffects that had... dual quarantine (both spam and virus) etc.) for the Spam Actions ... Or please correct me if I'm completely off on this... Not quite awake here yet, so I might've missed some fine nuance:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 7 12:51:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 11:54:58 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <45C9B9E4.1040104@ecs.soton.ac.uk> References: <45C9B9E4.1040104@ecs.soton.ac.uk> Message-ID: <223f97700702070351u55a2bc3fr386bffb216af84c6@mail.gmail.com> On 07/02/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > My best attempt to solve this one is this: > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > MailScanner...' this should work, but might still result in the ugly: "-n Startin MailScanner... " > Then you just have to have one or the other. > Or even this? > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > MailScanner...' 2>/dev/null || echo 'Starting MailScanner...' This is useless, since you will never fail in the first echo, you will always produce "Starting MailScanner... " If you are to use any of this, don't test it at "use time", know it beforehand;-). Or do as I suggested, futz with the PATH:-D -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 7 13:22:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 12:26:31 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <223f97700702070351u55a2bc3fr386bffb216af84c6@mail.gmail.com> References: <45C9B9E4.1040104@ecs.soton.ac.uk> <223f97700702070351u55a2bc3fr386bffb216af84c6@mail.gmail.com> Message-ID: <223f97700702070422r68dbb94bv486f933cdb45baa1@mail.gmail.com> On 07/02/07, Glenn Steen wrote: (snip) > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > > MailScanner...' 2>/dev/null || echo 'Starting MailScanner...' > > This is useless, since you will never fail in the first echo, you will > always produce > "Starting MailScanner... > " "Think before you type..." :-) You would always behave as in the first ... potentially producing "-n Starting....", the last echo would only come into play if echo as such borked out... And then that would likely not be your primary problem:-D... You'd probably have far more basic things breaking right left and center then. So it'd basically be useless anyway;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From housey at sme-ecom.co.uk Wed Feb 7 15:34:25 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Wed Feb 7 14:38:20 2007 Subject: OT: Sendmail rbl Message-ID: Hi Very off topic so will be brief, just been tearing my hair out trying to find a way to do this and im sure its straight forward. Im using FEATURE(`dnsbl','sbl-xbl.spamhaus.org',`"554 Rejected " $&{client_addr} " - listed in rbl"')dnl Which works fine, what im trying to do is include the senders address in the 554 Reject message i.e. 554 Rejected x.x.x.x From - abc@test.com - listed in rbl Is there a sendmail macro (not sure if thats the correct term) for the senders address the same as there is for the clients address i.e. $&{client_addr} The reason I want to do this, is so its easier for me to parse and log the info when I have all the info on one line. Any help appreciated. Thanks Paul From mikael.kermorgant at gmail.com Wed Feb 7 16:06:11 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Wed Feb 7 15:10:04 2007 Subject: reject mails unknown users at smtp stage (postfix & relay_recipient_maps) Message-ID: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> Hello We're using mailscanner and postfix on our smtp frontend. In order to improve it, we'd like to reject mails to unknown users by setting up a relay_recipient_maps parameter in postfix. However, my changes don't seem to be taken into account because mails are still presented to our backend server. I would welcome any suggestion about that. Thanks in advance, -- Mikael Kermorgant PS : here's the /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no myhostname = amxpub.paris.iufm.fr inet_interfaces = $myhostname localhost myorigin = $mydomain transport_maps = hash:/etc/postfix/transport mydestination = $myhostname localhost.$mydomain $mydomain local_recipient_maps = local_transport = error:local mail delivery is disabled virtual_alias_maps = hash:/etc/postfix/virtual relay_domains = paris.iufm.fr relay_recipient_maps = hash:/etc/mail/ldap.relay hash:/etc/mail/sympa.relay hash:/etc/mail/anciens.relay hash:/etc/mail/anciens2.relay mynetworks = 127.0.0.0/8 ip-of-backend-server recipient_delimiter = + header_checks = regexp:/etc/postfix/header_checks unknown_local_recipient_reject_code = 450 fast_flush_domains = smtpd_helo_required = yes disable_vrfy_command = yes smtpd_client_restrictions = smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname permit smtpd_sender_restrictions = smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_sender reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unauth_pipelining check_recipient_access hash:/etc/postfix/recipient_access smtpd_restriction_classes = greylist greylist = check_policy_service inet:ip-of-backend-server:60000 smtpd_etrn_restrictions = reject message_size_limit = 4194304 qmgr_message_recipient_limit = 20000 default_process_limit = 100 qmgr_message_active_limit = 20000 smtpd_recipient_limit = 128 smtpd_timeout = 180 smtpd_error_sleep_time = 50s smtpd_hard_error_limit = 10 From rabollinger at gmail.com Wed Feb 7 16:14:08 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Wed Feb 7 15:18:01 2007 Subject: Message never gets out of mqueue.in Message-ID: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Running MailScanner-4.57.6, recently upgraded from ancient version 4.21-9. Also just upgraded from SpamAssassin 2.63 to 3.1.7 with the latest image spam detection gadgets. All working nicely, except certain messages get reprocessed infinitely until I manually move them from mqueue.in to mqueue or if I whitelist the sender. File sizes: -rw------- 1 root 25 1412851 Feb 7 06:51 dfl17Bo8oL007167 -rw------- 1 root 25 1978 Feb 7 06:51 qfl17Bo8oL007167 Partial message headers: This is a multi-part message in MIME format. --=_Boundary_vtyTzqRBAvaD1M8pLSjI Content-Type: message/rfc822 Content-Disposition: attachment; filename=originalmail.eml Received: from zzz ([a.b.c.d])by x.com (8.12.8/8.12.8) with SMTP id l17B1k0i009927;Wed, 7 Feb 2007 16:31:47 +05 30 From: To: Subject: Date: Wed, 7 Feb 2007 16:37:36 +0530 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0027_01C74AD6.4639D340" X-Priority: 3 (Normal) X-MSMail-Priority: Normal Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-MS-TNEF-Correlator: X-imss-version: 2.046 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) This is a multi-part message in MIME format. ------=_NextPart_000_0027_01C74AD6.4639D340 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit ... ------=_NextPart_000_0027_01C74AD6.4639D340 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" I thought perhaps there was a problem with TNEF decoding, so I tried changing to the Internal decoder.. but that didn't help. /var/adm/messages indicates that it gets most of the way through processing, but the files never get moved or sent. You'll see that one batch works on it... then another does it all over... and so on... Feb 7 06:51:49 mail sendmail[7167]: l17Bo8oL007167: from=, size=1414089, class=0, nrcpts=2, msgid=, proto=ESMTP, daemon=MTA, relay=[] Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 from (i@in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, WATCH_STORE 0.50) Feb 7 06:51:53 mail MailScanner[31038]: Expanding TNEF archive at /usr/local/MailScanner-4.57.6/var/incoming/31038/l17Bo8oL007167/winmail.dat Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 added TNEF contents msg-31038-2891.txt,msg-31038-2901.txt,Untitled Attac,PBU Rev1 1 Feb.xls,LOS_pdf1 Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 has had TNEF winmail.dat removed Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 msg-31038-289.txt Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 msg-31038-290.txt Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 Untitled Attachment (no rule matched) Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no rule matched) Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 msg-31038-291.txt Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 Untitled Attachment (no match found) Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 msg-31038-291.txt Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no match found) Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 msg-31038-289.txt Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 msg-31038-290.txt Feb 7 06:52:18 mail MailScanner[30832]: Message l17Bo8oL007167 from (in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, WATCH_STORE 0.50) Feb 7 06:52:24 mail MailScanner[30832]: Expanding TNEF archive at /usr/local/MailScanner-4.57.6/var/incoming/30832/l17Bo8oL007167/winmail.dat Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 added TNEF contents msg-30832-3431.txt,msg-30832-3441.txt,Untitled Attac,PBU Rev1 1 Feb.xls,LOS_pdf1 Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 has had TNEF winmail.dat removed Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 msg-30832-343.txt Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 msg-30832-344.txt Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 Untitled Attachment (no rule matched) Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no rule matched) Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 msg-30832-345.txt Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 Untitled Attachment (no match found) Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 msg-30832-344.txt Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no match found) Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 msg-30832-343.txt Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 msg-30832-345.txt Any ideas? Thanks, Rich Bollinger From martinh at solidstatelogic.com Wed Feb 7 16:26:41 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 15:31:05 2007 Subject: Message never gets out of mqueue.in In-Reply-To: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Message-ID: <4649690655b5dc4188b88aca53f71ccd@solidstatelogic.com> Richard Wow big leap...did you do them at the same time???? Anyway with a known 'bad' message in the in queue Stop mailscanner Run "mailscanner -debug" This should help find out where its going wrong.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Bollinger > Sent: 07 February 2007 15:14 > To: MailScanner discussion > Subject: Message never gets out of mqueue.in > > Running MailScanner-4.57.6, recently upgraded from ancient version 4.21-9. > > Also just upgraded from SpamAssassin 2.63 to 3.1.7 with the latest > image spam detection gadgets. > > All working nicely, except certain messages get reprocessed infinitely > until I manually move them from mqueue.in to mqueue or if I whitelist > the sender. File sizes: > > -rw------- 1 root 25 1412851 Feb 7 06:51 dfl17Bo8oL007167 > -rw------- 1 root 25 1978 Feb 7 06:51 qfl17Bo8oL007167 > > Partial message headers: > > This is a multi-part message in MIME format. > > --=_Boundary_vtyTzqRBAvaD1M8pLSjI > Content-Type: message/rfc822 > Content-Disposition: attachment; > filename=originalmail.eml > > Received: from zzz ([a.b.c.d])by x.com > (8.12.8/8.12.8) with SMTP id l17B1k0i009927;Wed, 7 Feb 2007 > 16:31:47 +05 > 30 > From: > To: > Subject: > Date: Wed, 7 Feb 2007 16:37:36 +0530 > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0027_01C74AD6.4639D340" > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Importance: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > X-MS-TNEF-Correlator: > X-imss-version: 2.046 > X-imss-result: Passed > X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 > X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > ... > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="winmail.dat" > > > I thought perhaps there was a problem with TNEF decoding, so I tried > changing to the Internal decoder.. but that didn't help. > > /var/adm/messages indicates that it gets most of the way through > processing, but the files never get moved or sent. > > You'll see that one batch works on it... then another does it all > over... and so on... > > Feb 7 06:51:49 mail sendmail[7167]: l17Bo8oL007167: from=, > size=1414089, class=0, nrcpts=2, msgid=, > proto=ESMTP, daemon=MTA, relay=[] > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 from > (i@in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:51:53 mail MailScanner[31038]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/31038/l17Bo8oL007167/winmail.dat > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 added > TNEF contents msg-31038-2891.txt,msg-31038-2901.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:18 mail MailScanner[30832]: Message l17Bo8oL007167 from > (in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:52:24 mail MailScanner[30832]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/30832/l17Bo8oL007167/winmail.dat > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 added > TNEF contents msg-30832-3431.txt,msg-30832-3441.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > > Any ideas? > > Thanks, Rich Bollinger > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Wed Feb 7 16:29:00 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 15:33:36 2007 Subject: Message never gets out of mqueue.in In-Reply-To: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Message-ID: Richard Bother I hate doing this.. When you upgraded did you force the locktype in MailScanner.conf. recent MailScanner versions assume sendmail is 8.13+ and posix locktype rather than older versions with assume sendmail is 8.12 or previous and flock locktype. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Bollinger > Sent: 07 February 2007 15:14 > To: MailScanner discussion > Subject: Message never gets out of mqueue.in > > Running MailScanner-4.57.6, recently upgraded from ancient version 4.21-9. > > Also just upgraded from SpamAssassin 2.63 to 3.1.7 with the latest > image spam detection gadgets. > > All working nicely, except certain messages get reprocessed infinitely > until I manually move them from mqueue.in to mqueue or if I whitelist > the sender. File sizes: > > -rw------- 1 root 25 1412851 Feb 7 06:51 dfl17Bo8oL007167 > -rw------- 1 root 25 1978 Feb 7 06:51 qfl17Bo8oL007167 > > Partial message headers: > > This is a multi-part message in MIME format. > > --=_Boundary_vtyTzqRBAvaD1M8pLSjI > Content-Type: message/rfc822 > Content-Disposition: attachment; > filename=originalmail.eml > > Received: from zzz ([a.b.c.d])by x.com > (8.12.8/8.12.8) with SMTP id l17B1k0i009927;Wed, 7 Feb 2007 > 16:31:47 +05 > 30 > From: > To: > Subject: > Date: Wed, 7 Feb 2007 16:37:36 +0530 > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0027_01C74AD6.4639D340" > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Importance: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > X-MS-TNEF-Correlator: > X-imss-version: 2.046 > X-imss-result: Passed > X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 > X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > ... > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="winmail.dat" > > > I thought perhaps there was a problem with TNEF decoding, so I tried > changing to the Internal decoder.. but that didn't help. > > /var/adm/messages indicates that it gets most of the way through > processing, but the files never get moved or sent. > > You'll see that one batch works on it... then another does it all > over... and so on... > > Feb 7 06:51:49 mail sendmail[7167]: l17Bo8oL007167: from=, > size=1414089, class=0, nrcpts=2, msgid=, > proto=ESMTP, daemon=MTA, relay=[] > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 from > (i@in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:51:53 mail MailScanner[31038]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/31038/l17Bo8oL007167/winmail.dat > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 added > TNEF contents msg-31038-2891.txt,msg-31038-2901.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:18 mail MailScanner[30832]: Message l17Bo8oL007167 from > (in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:52:24 mail MailScanner[30832]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/30832/l17Bo8oL007167/winmail.dat > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 added > TNEF contents msg-30832-3431.txt,msg-30832-3441.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > > Any ideas? > > Thanks, Rich Bollinger > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From DrewB at united-systems.com Wed Feb 7 16:51:46 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Feb 7 15:55:55 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> You didn't mention what sort of backend you're delivering to, but here's the way I did it with Exchange 2000 & 2003: Local_recipient_maps = hash:/etc/postfix/db/local,ldap:/etc/postfix/ldap/users.ldap The file /etc/postfix/db/local contains a list of domains that I can relay for, but can't be contacted via ldap. This could also be a list of individual users if you wanted to keep it synched with your list of valid email addresses. The file /etc/postfix/ldap/users.ldap looks like this: server_host = ip.of.my.exchange search_base = dc=my,dc=domain bind_dn = cn=LDAP Query,ou=my.ou,dc=my,dc=domain bind_pw = password domain = hash:/etc/postfix/db/mydestination query_filter = (|(mail=%s)(proxyAddresses=smtp:%s)) result_attribute = mail version = 3 Since I have multiple domains, I pointed the domain entry above to a file that I also use for the mydestination entry in main.cf. If I'm not mistaken, you could list multiple ldap files in your local_recipient_maps, but keep in mind that each one is going to take time to connect and query. If you list too many, you may bring your mail delivery to its knees. -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From clacroix at cegep-ste-foy.qc.ca Wed Feb 7 16:54:39 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Feb 7 15:56:37 2007 Subject: MailScanner Pid file FreeBSD Message-ID: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Hi, i run freebsd 6.1 and once in a while like every day, i end up getting the string MailScanner in my /var/run/MailScanner.pid file. I got my pid file setup in MailScanner.conf PID file = /var/run/MailScanner.pid version 4.57.6 I can upgrade to latest as no one yellled any major bugs. But i haven't seen anything about this in the fixes. Anyone else is getting this problem ? Later, Charles From gerard at seibercom.net Wed Feb 7 16:57:07 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Wed Feb 7 16:00:45 2007 Subject: reject mails unknown users at smtp stage (postfix & relay_recipient_maps) In-Reply-To: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> Message-ID: <20070207105537.452F.GERARD@seibercom.net> On Wednesday February 07, 2007 at 10:06:11 (AM) Mikael Kermorgant wrote: > We're using mailscanner and postfix on our smtp frontend. > In order to improve it, we'd like to reject mails to unknown users by > setting up a relay_recipient_maps parameter in postfix. > > However, my changes don't seem to be taken into account because mails > are still presented to our backend server. > > I would welcome any suggestion about that. Personally, I think your message might be better suited for the Postfix forum: http://www.postfix.com/lists.html -- Gerard From ewallig at aerocontractors.com Wed Feb 7 17:23:54 2007 From: ewallig at aerocontractors.com (Ed Wallig) Date: Wed Feb 7 16:27:51 2007 Subject: Version of Sophos to use Message-ID: Hi, Per the docs, looking at using Sophos for a new install of MailScanner - which specific product should I use - the Enterprise version for Linux? MailMonitor? The SAV Interface? Help please! Thanks, Ed Wallig -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070207/97dccc37/attachment.html From martinh at solidstatelogic.com Wed Feb 7 17:27:25 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 16:31:37 2007 Subject: Version of Sophos to use In-Reply-To: Message-ID: <73aaa3071285cd44835d1a5aa2c5224a@solidstatelogic.com> Ed Savi is the cheapest and all you need.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ed Wallig > Sent: 07 February 2007 16:24 > To: mailscanner@lists.mailscanner.info > Subject: Version of Sophos to use > > Hi, > > Per the docs, looking at using Sophos for a new install of MailScanner - > which specific product should I use - the Enterprise version for Linux? > MailMonitor? The SAV Interface? Help please! > > > Thanks, > > Ed Wallig > > > > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mikael.kermorgant at gmail.com Wed Feb 7 18:14:49 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Wed Feb 7 17:18:42 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> Message-ID: <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> 2007/2/7, Drew Burchett : > You didn't mention what sort of backend you're delivering to, but here's > the way I did it with Exchange 2000 & 2003: > > Local_recipient_maps = > hash:/etc/postfix/db/local,ldap:/etc/postfix/ldap/users.ldap > > The file /etc/postfix/db/local contains a list of domains that I can > relay for, but can't be contacted via ldap. This could also be a list > of individual users if you wanted to keep it synched with your list of > valid email addresses. Thank you, that worked ! Sorry for being offtopic, I suspected there would be something linked to postfix's configuration with the hold queue which is a bit mailscanner specific. Regards, -- Mikael Kermorgant From sandrews at andrewscompanies.com Wed Feb 7 18:59:16 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed Feb 7 18:03:12 2007 Subject: Sendmail rbl References: Message-ID: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> Check here: http://www.sendmail.org/doc/sendmail-current/doc/op/op.pdf Somewhere about page 42 it list all the macros. I think you're looking for $f Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: Wednesday, February 07, 2007 9:34 AM To: mailscanner@lists.mailscanner.info Subject: OT: Sendmail rbl Hi Very off topic so will be brief, just been tearing my hair out trying to find a way to do this and im sure its straight forward. Im using FEATURE(`dnsbl','sbl-xbl.spamhaus.org',`"554 Rejected " $&{client_addr} " - listed in rbl"')dnl Which works fine, what im trying to do is include the senders address in the 554 Reject message i.e. 554 Rejected x.x.x.x From - abc@test.com - listed in rbl Is there a sendmail macro (not sure if thats the correct term) for the senders address the same as there is for the clients address i.e. $&{client_addr} The reason I want to do this, is so its easier for me to parse and log the info when I have all the info on one line. Any help appreciated. Thanks Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From itdept at fractalweb.com Wed Feb 7 20:45:21 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 7 19:51:58 2007 Subject: extract all images from spam folder? In-Reply-To: <45C9815A.5020902@statsbiblioteket.dk> References: <45C7A3D1.80503@fractalweb.com> <45C9815A.5020902@statsbiblioteket.dk> Message-ID: <45CA2C51.70204@fractalweb.com> Tom G. Christensen wrote: > # cd > # for i in *; do uudeview -i -m +e .jpg.gif.png -p /tmp/spampics $i; done > > The key is ofcourse uudeview that does uu/yenc/base64 decoding. Tom, This is precisely what I was after. Couldn't have possibly been a better solution. Perfect. Thank you! Chris From ewallig at aerocontractors.com Wed Feb 7 20:49:26 2007 From: ewallig at aerocontractors.com (Ed Wallig) Date: Wed Feb 7 19:53:23 2007 Subject: Version of Sophos to use In-Reply-To: <73aaa3071285cd44835d1a5aa2c5224a@solidstatelogic.com> References: <73aaa3071285cd44835d1a5aa2c5224a@solidstatelogic.com> Message-ID: Thanks! :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: Wednesday, February 07, 2007 11:27 AM To: MailScanner discussion Subject: RE: Version of Sophos to use Ed Savi is the cheapest and all you need.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ed Wallig > Sent: 07 February 2007 16:24 > To: mailscanner@lists.mailscanner.info > Subject: Version of Sophos to use > > Hi, > > Per the docs, looking at using Sophos for a new install of MailScanner - > which specific product should I use - the Enterprise version for Linux? > MailMonitor? The SAV Interface? Help please! > > > Thanks, > > Ed Wallig > > > > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jfagan at firstlightnetworks.com Wed Feb 7 20:53:10 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Wed Feb 7 19:55:40 2007 Subject: Sendmail rbl In-Reply-To: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F0841@FLN1.fln.local> > Check here: > http://www.sendmail.org/doc/sendmail-current/doc/op/op.pdf > > Somewhere about page 42 it list all the macros. I think > you're looking for $f > > Steve Thanks Steve. This is a good idea and I just tested it with an rbl and seems to work like a charm. sendmail.mc line: (all one line) FEATURE(enhdnsbl, `sbl-xbl.spamhaus.org', `"550 - Email "`$&f'" rejected from "`$&{client_addr}'" check it: http://www.spamhaus.org/query/bl?ip="`$&{client_addr}'"')dnl (It is zen, I just didnt rename the zone) results: (all one line) reject=550 5.7.1 ... - Email cnkbmnne@txu.com rejected from 82.1.101.168 check it: http://www.spamhaus.org/query/bl?ip=82.1.101.168 Seems there is alot of information that can be added to the rejection message. I think this could definatly be usefull. James > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Paul Houselander > Sent: Wednesday, February 07, 2007 9:34 AM > To: mailscanner@lists.mailscanner.info > Subject: OT: Sendmail rbl > > Hi > > Very off topic so will be brief, just been tearing my hair > out trying to find a way to do this and im sure its straight forward. > > Im using > > FEATURE(`dnsbl','sbl-xbl.spamhaus.org',`"554 Rejected " > $&{client_addr} " - listed in rbl"')dnl > > Which works fine, what im trying to do is include the senders > address in the > 554 Reject message i.e. > > 554 Rejected x.x.x.x From - abc@test.com - listed in rbl > > Is there a sendmail macro (not sure if thats the correct > term) for the senders address the same as there is for the > clients address i.e. > $&{client_addr} > > The reason I want to do this, is so its easier for me to > parse and log the info when I have all the info on one line. > > Any help appreciated. > > Thanks > > Paul > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From r.berber at computer.org Wed Feb 7 21:09:50 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 20:14:41 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <45C9B9E4.1040104@ecs.soton.ac.uk> References: <45C9B9E4.1040104@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > My best attempt to solve this one is this: > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > MailScanner...' > > Then you just have to have one or the other. Looks good, and works fine in Solaris and Linux. -- Ren? Berber From r.berber at computer.org Wed Feb 7 21:12:57 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 20:19:03 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: <950d4078a9a40645a2c9c74f4cfdf9bd@solidstatelogic.com> References: <950d4078a9a40645a2c9c74f4cfdf9bd@solidstatelogic.com> Message-ID: Martin.Hepworth wrote: > Not a good idea. Even if it's spam you need to check if there's a virus > in there so you don't release malware by accident. The point was: the message is marked for deletion, is any more work useful? no, so can MS shortcut the processing? -- Ren? Berber From pete at enitech.com.au Wed Feb 7 22:09:08 2007 From: pete at enitech.com.au (Peter Russell) Date: Wed Feb 7 21:13:08 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> Message-ID: <45CA3FF4.60304@enitech.com.au> Mikael Kermorgant wrote: > 2007/2/7, Drew Burchett : >> You didn't mention what sort of backend you're delivering to, but here's >> the way I did it with Exchange 2000 & 2003: >> >> Local_recipient_maps = >> hash:/etc/postfix/db/local,ldap:/etc/postfix/ldap/users.ldap >> >> The file /etc/postfix/db/local contains a list of domains that I can >> relay for, but can't be contacted via ldap. This could also be a list >> of individual users if you wanted to keep it synched with your list of >> valid email addresses. > > Thank you, that worked ! > Sorry for being offtopic, I suspected there would be something linked > to postfix's configuration with the hold queue which is a bit > mailscanner specific. > > Regards, > Any have any thoughts on performance difference between the method suggested by Drew Vs a local hashed recipient map? I am concerned about the quality of the network connection from my GW to the Exchange - Exchange is unreachable is mail rejected or deferred? From Carl.Andrews at crackerbarrel.com Wed Feb 7 22:38:35 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Wed Feb 7 21:42:33 2007 Subject: Greylisting .. nice .. In-Reply-To: <200702061517.l16FH5U3008986@smtpgw1.crackerbarrel.com> Message-ID: <113A0DFC086C984AB9EFDF6B8614F0750125131F@exchange03.CBOCS.com> Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rob Poe Sent: Tuesday, February 06, 2007 9:14 AM To: MailScanner discussion Subject: RE: Greylisting .. nice .. >>1040 blocked yesterday due to sendmail access.db blocks (the worst >>subnet offenders from foreign countries) >>20,000 blocked for invalid recipient >>124 blocked by RBLs, of which I cannot use all of because their clients >>host email servers on DSL / Cable modem connections. >>68 blocked by spamassassin for high spam score >>2000 greylist 1st attempts >>204 greylist passes >How did you get these numbers? Do you have a shell script or perl script >that parses your logs? Yup. PHP shell scripts (don't ask, lol) doing grep -wc commands against the maillog for the specific day only. Why did I do it in PHP? Quick and dirty, didn't want to have to remember how to do it in BASH .. don't know PERL well enough to do it there. Example script below.. One for each. I'm sure, that it could be done more prettily - but this does work.. #!/usr/bin/php -q -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Wed Feb 7 23:14:42 2007 From: res at ausics.net (Res) Date: Wed Feb 7 22:18:46 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: On Wed, 7 Feb 2007, Charles Lacroix wrote: > i run freebsd 6.1 and once in a while like every day, i end up getting the > string MailScanner in my /var/run/MailScanner.pid file. I assume this is a ports version and not a real source? Never seen that before. > I can upgrade to latest as no one yellled any major bugs. But i haven't seen > anything about this in the fixes. It is rare any bug gets into a stable release, because theres enough of us here to find any in betas, 99% of the time the betas are stable enough to run on production anyway, but of course just like any beta, I don't recommend it, unless its a sec mx or something where it doesnt really matter as much since 99% of mail that hits them are spam anyway :) Grab the latest tarball and throw it on. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From garry at glendown.de Wed Feb 7 23:21:33 2007 From: garry at glendown.de (Garry Glendown) Date: Wed Feb 7 22:25:31 2007 Subject: OT: Automatic signature attached? Message-ID: <45CA50ED.7090306@glendown.de> due to law changes here in Germany, we have received inquiries about automatic adding of pre-specified signatures to outgoing mails. In one case, the customer mail server has to add one of four different signatures depending on the sender address domain ... does anybody have any pointer towards a tool that would allow something like this? Thanks! -gg -- Orwell was an Optimist From res at ausics.net Wed Feb 7 23:22:33 2007 From: res at ausics.net (Res) Date: Wed Feb 7 22:26:32 2007 Subject: Sendmail rbl In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0841@FLN1.fln.local> References: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> <59E4A3A1069C2640959AD0F7518C48122F0841@FLN1.fln.local> Message-ID: Just some cosmetics.. On Wed, 7 Feb 2007, James Fagan wrote: > > FEATURE(enhdnsbl, `sbl-xbl.spamhaus.org', `"550 - Email "`$&f'" rejected > from "`$&{client_addr}'" check it: > http://www.spamhaus.org/query/bl?ip="`$&{client_addr}'"')dnl You dont need all those extra commas, in fact you might confuse sendmail with fields. The correct way would be to use something like... FEATURE(`enhdnsbl', `sbl-xbl.spamhaus.org', `"550 - Email "$&f" rejected from "$&{client_addr}" check it: http://www.spamhaus.org/query/bl?ip="$&{client_addr}',`')dnl ..remember it is not the macros you are enclosing, it is only the text. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From carlos.pastorino at gmail.com Wed Feb 7 23:44:23 2007 From: carlos.pastorino at gmail.com (Carlos Pastorino) Date: Wed Feb 7 22:48:19 2007 Subject: Suggestion to speed MailScanner up Message-ID: Hi everyone, I receive this list in Digest mode, so I will answer everyone in one go. Martin Hepworth wrote: > Not a good idea. Even if it's spam you need to check if there's a > virus in there so you don't release malware by accident. Martin, I agree with you. If I choose "Spam Actions = store" or "High Scoring Spam Actions = store", then yes, by all means, I want MailScanner to continue on checking for viruses. But, if I choose "Spam Actions = delete" or "High Scoring Spam Actions = delete", then I believe that the virus scanning is a burden. > AV checks are quite quick in comparison to Spamassassin checks.. > assuming you're doing SA which it doesn't look like you are.. Martin, actually I am using SA, but since I am setting "Check SpamAssassin If On Spam List = no", MailScanner skips SA if the spam has already been found on a RBL. Steve Freegard wrote: > Yes - check your settings for 'Keep Spam and MCP quarantine clean', > if it is set to 'Yes', then change it to 'No' and I think you'll > get the desired result. Steve, the "Keep Spam and MCP quarantine clean" is already set to "no". I left it in the default setting. So, makes no difference to set it to yes or no as far as the desired result is concerned. Glenn Steen wrote: > One would think that one should be able to enhance the logic > behind the "Keep Spam and MCP quarantine clean" setting a bit, > so that it actually checks whether the message would be delivered > at all, anywhere... Glenn, I totally agree. Rene Berber wrote > The point was: the message is marked for deletion, is any more work > useful? no, so can MS shortcut the processing? Rene, you got the idea. Best regards to all, Carlos From alex at nkpanama.com Wed Feb 7 23:49:46 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 7 22:55:19 2007 Subject: OT: Automatic signature attached? In-Reply-To: <45CA50ED.7090306@glendown.de> References: <45CA50ED.7090306@glendown.de> Message-ID: <45CA578A.3000202@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: OT: Automatic signature attached? is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 BOTNET_BADDNS IP address doesn't have full circle DNS 0.8 INFO_TLD URI: Contains an URL in the INFO top-level domain 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [200.75.226.223 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [200.75.226.223 listed in combined.njabl.org] 2.0 BOTNET Any Botnet rule hit -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman van der Hans Subject: Re: OT: Automatic signature attached? Date: Wed, 07 Feb 2007 17:49:46 -0500 Size: 1627 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070207/f7b416f9/attachment.mht From ssilva at sgvwater.com Wed Feb 7 23:52:19 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 7 22:56:41 2007 Subject: OT: Automatic signature attached? In-Reply-To: <45CA50ED.7090306@glendown.de> References: <45CA50ED.7090306@glendown.de> Message-ID: Garry Glendown spake the following on 2/7/2007 2:21 PM: > due to law changes here in Germany, we have received inquiries about > automatic adding of pre-specified signatures to outgoing mails. In one > case, the customer mail server has to add one of four different > signatures depending on the sender address domain ... does anybody have > any pointer towards a tool that would allow something like this? > > Thanks! > > -gg > Use this section of mailscanner.conf with a ruleset. # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt and enable sign clean messages. Be prepared to have some problems with some signed mail, as it will sometimes alter the message and break the signature. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rabollinger at gmail.com Thu Feb 8 00:05:21 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Wed Feb 7 23:09:16 2007 Subject: Message never gets out of mqueue.in In-Reply-To: References: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Message-ID: <7744a2840702071505q6f1b93fdg7baedf54a6a91f8a@mail.gmail.com> On 2/7/07, Martin.Hepworth wrote: > Richard > > Bother I hate doing this.. > > > When you upgraded did you force the locktype in MailScanner.conf. recent > MailScanner versions assume sendmail is 8.13+ and posix locktype rather > than older versions with assume sendmail is 8.12 or previous and flock > locktype. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > We're running sendmail-8.13.8 MailScanner.conf has this line in it: Lock Type = Here's the output of the -debug run: /root@rb-ls1:/u/tmp/looping# /opt/bin/MailScanner -debug In Debugging mode, not forking... [28597] warn: FuzzyOcr: Cannot find executable for ocrad Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 read-open /var/spool/MailScanner/incoming/28597/l17Bo8oL007167/LOS_pdf: No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm line 435. My first guess would be that the problem may be related to foreign language attachment names and the TNEF decoders.... this email was from an partner in India. Thanks, Rich B From jaearick at colby.edu Thu Feb 8 02:58:08 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 8 02:02:09 2007 Subject: anybody know about vendaregroup.com? Message-ID: Gang, I've noticed over the last couple of weeks that a lot of the outbound email sitting in my delay queue (ie, the stuff that isn't moving) was to be returned to vendaregroup.com. I started investigating. The source addresses varied widely, but the common thread was that when I did a dig on the domain name, the CNAME always pointed to them, eg: dig kingofjeans.com ... ;; ANSWER SECTION: kingofjeans.com. 35815 IN CNAME dpweb.vendaregroup.com. dpweb.vendaregroup.com. 713 IN A 72.5.175.90 (etc) I googled on vendare and didn't really find much nefarious info on them. They just seem to be squatting on lots of domain names. So... I then added the following to my sendmail access db file: vendaregroup.com "550 Domain does not exist." rebuilt my access.db file, and started watching the syslogs. Whoohoo!! I am rejecting a fair amount of what is obviously spam right at my MTA, stuff that gets noted as "may be forged" and the like. Anybody else notice this? Anybody know anything more about vendaregroup.com? Jeff Earickson Colby College From nats at sscrmnl.edu.ph Thu Feb 8 03:25:47 2007 From: nats at sscrmnl.edu.ph (Jose Nathaniel Nengasca) Date: Thu Feb 8 02:30:17 2007 Subject: rejecting emails by country origin Message-ID: <001b01c74b28$71ea6430$3d64a8c0@NATS> hi, is the file contry.domains.conf is for rejecting or accepting? I really want to block emails from country like russia for exmaple and based on the ip address not just on their headers. Tia -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From keith at 12345678.org Thu Feb 8 03:51:32 2007 From: keith at 12345678.org (keith) Date: Thu Feb 8 02:55:38 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? Message-ID: <20070208023714.M32928@12345678.org> Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode for Exchange behind, my manager need me to auto forward his in/out mail to yahoo mail, I try to turn on the "Archive Mail" function in MS , the maillog displayed the mail is accept and queued mail for delivery but it cannot forward to specify mail account , the following is my setting, would anyone can tell me the "Archive Mail" can work with gateway mode or my syntax have something wrong ? --- Config File ---- /etc/MailScanner/MailScanner.conf ## Archive Mail = %rules-dir%/archive.rules ## ------------------------------------- /etc/MailScanner/rules/archive.rules ## FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com ## ---------------------------------------- Thank you very much Keith -- From res at ausics.net Thu Feb 8 04:41:55 2007 From: res at ausics.net (Res) Date: Thu Feb 8 03:46:00 2007 Subject: rejecting emails by country origin In-Reply-To: <001b01c74b28$71ea6430$3d64a8c0@NATS> References: <001b01c74b28$71ea6430$3d64a8c0@NATS> Message-ID: Jose, On Thu, 8 Feb 2007, Jose Nathaniel Nengasca wrote: > is the file contry.domains.conf is for rejecting or accepting? I really want > to block emails from country like russia for exmaple and based on the ip > address not just on their headers. This is used in relation to phishing and is not used for accepting/rejecting mail based on country. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From keith at 12345678.org Thu Feb 8 07:57:03 2007 From: keith at 12345678.org (keith) Date: Thu Feb 8 07:01:09 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? (Problem fixed) In-Reply-To: <20070208023714.M32928@12345678.org> References: <20070208023714.M32928@12345678.org> Message-ID: <20070208065255.M94504@12345678.org> Sorry for all, I found my fault is the syntax of the ruleset file, between the email address and "FromOrTo" without a space, after I insert a space the function is ok now. Sorry for my foolish. On Thu, 8 Feb 2007 10:51:32 +0800, keith wrote > Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode > for Exchange behind, my manager need me to auto forward his in/out > mail to yahoo mail, I try to turn on the "Archive Mail" function in > MS , the maillog displayed the mail is accept and queued mail for > delivery but it cannot forward to specify mail account , the > following is my setting, would anyone can tell me the "Archive Mail" > can work with gateway mode or my syntax have something wrong ? > > --- Config File ---- > /etc/MailScanner/MailScanner.conf > ## > Archive Mail = %rules-dir%/archive.rules > ## > ------------------------------------- > /etc/MailScanner/rules/archive.rules > ## > FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com > ## > ---------------------------------------- > > Thank you very much > Keith > -- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- From glenn.steen at gmail.com Thu Feb 8 09:02:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 8 08:06:06 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? In-Reply-To: <20070208023714.M32928@12345678.org> References: <20070208023714.M32928@12345678.org> Message-ID: <223f97700702080002r2b587dc9g9b4080139b71286e@mail.gmail.com> On 08/02/07, keith wrote: > Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode for > Exchange behind, my manager need me to auto forward his in/out mail to yahoo > mail, I try to turn on the "Archive Mail" function in MS , the maillog > displayed the mail is accept and queued mail for delivery but it cannot > forward to specify mail account , the following is my setting, would anyone > can tell me the "Archive Mail" can work with gateway mode or my syntax have > something wrong ? > > --- Config File ---- > /etc/MailScanner/MailScanner.conf > ## > Archive Mail = %rules-dir%/archive.rules > ## > ------------------------------------- > /etc/MailScanner/rules/archive.rules > ## > FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com > ## > ---------------------------------------- > > Thank you very much > Keith Try putting some whitespace between the "FromOrTo:" and the address you match, remove the "yes" and restart/reload MailScanner... Should make a difference. Why are you doing this on Archive Mail (which will give him/her the "bad stuff" like viruses and spam too), instead of the "cleaner" Non Spam Actions etc? Seems like an unhealthy thing to be "originating" spam and viruses sent to yahoo...;-). When you move over to that, remember to set a default entry with the normal actions (deliver and whatever else)....:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dimavo at gmail.com Thu Feb 8 10:10:09 2007 From: dimavo at gmail.com (Dimitri Volski) Date: Thu Feb 8 09:14:05 2007 Subject: X-Relay-Countries Message-ID: <574ff8c30702080110l667c2438ic4418446e2b9f441@mail.gmail.com> Hi All, I am having troubles getting the SpamAssassin scores based on Relay Countries. A snip of the log: debug: received-header: relay 84.56.164.42 trusted? no internal? no debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: [ ip=84.56.164.42 rdns= dslb-084-056-164-042.pools.arcor-ip.net helo=callaria.com by=mx.google.comident= envfrom= intl=0 id= p4si1743305qba.2007.02.05.02.02.53 auth= ] debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x931059c) implements 'extract_metadata' debug: metadata: X-Relay-Countries: DE debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x99dd4c8) implements 'parsed_metadata' Here I can see that the country is detected as Denmark, but when I insert header RELAY_DE X-Relay-Countries =~/\bDE\b/ describe RELAY_DE Relayed through Germany score RELAY_DE 1.0 into /etc/MailScanner/spam.assassin.prefs.conf , I cannot see it in theSpamAssassin report (if run manually on source of the message above) or the MailScanner report. If run manually, SpamAssassin gives this header in the end: X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on exmail X-Spam-Level: **** X-Spam-Status: No, score=4.4 required=5.0 tests=FORGED_RCVD_HELO,RCVD_BY_IP, RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no version=3.0.5 In which I cannot see the RELAY_DE Please help ! :) Cheers, dim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070208/1ca068a4/attachment.html From nats at sscrmnl.edu.ph Thu Feb 8 10:17:23 2007 From: nats at sscrmnl.edu.ph (Jose Nathaniel Nengasca) Date: Thu Feb 8 09:22:02 2007 Subject: rejecting emails by country origin In-Reply-To: Message-ID: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> Thanks for that info Res. Anyway is there plugins that I could use that blocks certain country domains and/or geographical origin based on ip address of the sender? Thanks for any info on this. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Thursday, February 08, 2007 11:42 AM To: MailScanner discussion Subject: Re: rejecting emails by country origin Jose, On Thu, 8 Feb 2007, Jose Nathaniel Nengasca wrote: > is the file contry.domains.conf is for rejecting or accepting? I > really want to block emails from country like russia for exmaple and > based on the ip address not just on their headers. This is used in relation to phishing and is not used for accepting/rejecting mail based on country. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Thu Feb 8 10:38:04 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 8 09:42:17 2007 Subject: {Disarmed} X-Relay-Countries In-Reply-To: <574ff8c30702080110l667c2438ic4418446e2b9f441@mail.gmail.com> Message-ID: Dimitri Some on the IRC channel was having a similar problem a couple of days ago - you?? MailScanner will NOT insert SA headers into the email It will put the info in the MailScanner-SpamScore header if you tell to be verbose. Given running SA on its own doesn't insert info either I suggest you lint check the SA config and fix any issues first.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dimitri Volski > Sent: 08 February 2007 09:10 > To: mailscanner@lists.mailscanner.info > Subject: {Disarmed} X-Relay-Countries > > Hi All, > > I am having troubles getting the SpamAssassin scores based on Relay > Countries. > > A snip of the log: > > debug: received-header: relay MailScanner warning: numerical links are > often malicious: 84.56.164.42 trusted? no internal? > no > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: [ ip=MailScanner warning: > numerical links are often malicious: 84.56.164.42 > rdns=dslb-084-056-164-042.pools.arcor-ip.net helo=callaria.com > by=mx.google.com ident= envfrom= intl=0 > id=p4si1743305qba.2007.02.05.02.02.53 auth= ] > debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x931059c) > implements 'extract_metadata' > debug: metadata: X-Relay-Countries: DE > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x99dd4c8) > implements 'parsed_metadata' > > Here I can see that the country is detected as Denmark, but when I insert > > header RELAY_DE X-Relay-Countries =~/\bDE\b/ > describe RELAY_DE Relayed through Germany > score RELAY_DE 1.0 > > into /etc/MailScanner/spam.assassin.prefs.conf , I cannot see it in > theSpamAssassin report (if run manually on source of the message above) or > the MailScanner report. > > If run manually, SpamAssassin gives this header in the end: > > X-Spam-Flag: NO > X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on exmail > X-Spam-Level: **** > X-Spam-Status: No, score=4.4 required= 5.0 > tests=FORGED_RCVD_HELO,RCVD_BY_IP, > RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no > version=3.0.5 > > In which I cannot see the RELAY_DE > > Please help ! :) > > Cheers, > dim > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From res at ausics.net Thu Feb 8 10:43:29 2007 From: res at ausics.net (Res) Date: Thu Feb 8 09:47:32 2007 Subject: rejecting emails by country origin In-Reply-To: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> Message-ID: Hi, On Thu, 8 Feb 2007, Jose Nathaniel Nengasca wrote: > Thanks for that info Res. Anyway is there plugins that I could use that > blocks certain country domains and/or geographical origin based on ip > address of the sender? I believe spamassassin might, try the spamassassin web site for help on it. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From drew at technologytiger.net Thu Feb 8 11:51:44 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu Feb 8 10:55:46 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <45CA3FF4.60304@enitech.com.au> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> <45CA3FF4.60304@enitech.com.au> Message-ID: <12F76A8B-6CC3-4217-A102-6E6A5BD2CAE2@technologytiger.net> On 7 Feb 2007, at 21:09, Peter Russell wrote: > Any have any thoughts on performance difference between the method > suggested by Drew Vs a local hashed recipient map? > > I am concerned about the quality of the network connection from my > GW to the Exchange - Exchange is unreachable is mail rejected or > deferred? It will be rejected with a 421 (I think from memory) error as being unable to look up against the ldap database. Personally, I prefer a local database so I have the mail even when the Microsoft kit fails. Performance wise you won't notice much difference unless you Exchange server is on the end of a 56k modem or possible on a high latency satellite link Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From vlad at univap.br Thu Feb 8 13:07:59 2007 From: vlad at univap.br (Vladimir M Costa) Date: Thu Feb 8 12:12:16 2007 Subject: rejecting emails by country origin In-Reply-To: <001b01c74b28$71ea6430$3d64a8c0@NATS> References: <001b01c74b28$71ea6430$3d64a8c0@NATS> Message-ID: <45CB129F.6080500@univap.br> Jose, If you want to block at the MTA level, use a DNSBL list. See http://countries.nerd.dk/ , this is an IP-to-country DNS mapping service. Vladimir Jose Nathaniel Nengasca wrote: > hi, > > is the file contry.domains.conf is for rejecting or accepting? I really want > to block emails from country like russia for exmaple and based on the ip > address not just on their headers. > > Tia > > From tmartins at gmail.com Thu Feb 8 13:15:49 2007 From: tmartins at gmail.com (Thiago Martins) Date: Thu Feb 8 12:19:45 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: I have MailScanner-4.56.8 port here in a FBSD 6.1 box. I have no problems like that. But as you can see my port version is older then yours. Report your problem to the port maintainer and maybe he can help you. http://www.freebsd.org/cgi/ports.cgi?query=mailscanner-4.57.6_1&stype=all&sektion=all On 2/7/07, Charles Lacroix wrote: > Hi, > > i run freebsd 6.1 and once in a while like every day, i end up getting the > string > MailScanner in my /var/run/MailScanner.pid file. > > I got my pid file setup in MailScanner.conf > PID file = /var/run/MailScanner.pid > > version 4.57.6 > > I can upgrade to latest as no one yellled any major bugs. But i haven't seen > anything about this in the fixes. > > Anyone else is getting this problem? From roger at rudnick.com.br Thu Feb 8 13:47:48 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Feb 8 12:52:18 2007 Subject: Out of Topic: IMAP References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: <020c01c74b7f$5692f5b0$0600a8c0@roger> Since almost everyone here nows a lot about e-mail, server configuration, and that kind of stuff, I was wondering: how many of you use IMAP instead of POP3 for mail access? I allways used POP3 on my server, and reading about IMAP shows me a lot of advantages... A problem would be the server disk size, but since disks are not so expansive nowadays, I'm considering changing the protocol when I upgrade my server. Any ideas or sugestions about it? Any of you that already had an experience with this could give me some tips, some impressions about it? Regards Roger Jochem From martinh at solidstatelogic.com Thu Feb 8 13:53:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 8 12:57:38 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Yup imap has many advantages, chief amongst then is backup/restore, ie one less reason to backup the desktops. Also means you can start sharing info better with shared folders than just every modern imap server does - may I recommend Dovecot. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Roger Jochem > Sent: 08 February 2007 12:48 > To: MailScanner discussion > Subject: Out of Topic: IMAP > > Since almost everyone here nows a lot about e-mail, server configuration, > and that kind of stuff, I was wondering: how many of you use IMAP instead > of > POP3 for mail access? > > I allways used POP3 on my server, and reading about IMAP shows me a lot of > advantages... A problem would be the server disk size, but since disks are > not so expansive nowadays, I'm considering changing the protocol when I > upgrade my server. > > Any ideas or sugestions about it? Any of you that already had an > experience > with this could give me some tips, some impressions about it? > > Regards > > Roger Jochem > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From rabellino at di.unito.it Thu Feb 8 14:26:33 2007 From: rabellino at di.unito.it (Rabellino Sergio) Date: Thu Feb 8 13:31:58 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <45CB2509.4030305@di.unito.it> Roger Jochem wrote: > Since almost everyone here nows a lot about e-mail, server > configuration, and that kind of stuff, I was wondering: how many of > you use IMAP instead of POP3 for mail access? > > I allways used POP3 on my server, and reading about IMAP shows me a > lot of advantages... A problem would be the server disk size, but > since disks are not so expansive nowadays, I'm considering changing > the protocol when I upgrade my server. > > Any ideas or sugestions about it? Any of you that already had an > experience with this could give me some tips, some impressions about it? > > Regards > > Roger Jochem For users, IMAP is definitely a better solution than POP3. You can choose to download or not the messages to your MailClient, reducing considerably the download time, as you can get out from your server only the subjects.On the other side you need more disk space on the server, because the users left the Inbox (and the other mailboxes) onto the server: more simple to do a mail backup, but more space needed at all. We're using imap since '99 - the classic wu-imap Washington University - an opensource solution, but simple to compile and install, but I think that many commercial solution - maybe simpler than wu - are available around the world. Feel free to ask me directly other info, if you need. bye. -- Ing. Sergio Rabellino Head of ICT Services Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From amoore at dekalbmemorial.com Thu Feb 8 14:38:04 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Feb 8 13:42:01 2007 Subject: rejecting emails by country origin In-Reply-To: References: <001b01c74b28$71ea6430$3d64a8c0@NATS> Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F342A2@exch1.dekalbmemorial.local> Vladimir M Costa wrote: > > If you want to block at the MTA level, use a DNSBL list. > > See http://countries.nerd.dk/ , this is an IP-to-country DNS > mapping service. > http://blackholes.us/ has a good list. They supply it in rbldnsd format. I use it to bump up my greylisting intervals in milter-greylist. It's a fairly straight forward install. The hardest part I had the first time I set this up was with getting bind to query the local rbldnsd daemon, but that was due to a missing symlink in the bind package of the distro I was using. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From jaearick at colby.edu Thu Feb 8 14:38:25 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 8 13:42:28 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: ZOn Thu, 8 Feb 2007, Roger Jochem wrote: > Date: Thu, 8 Feb 2007 10:47:48 -0200 > From: Roger Jochem > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Out of Topic: IMAP > > Since almost everyone here nows a lot about e-mail, server configuration, and > that kind of stuff, I was wondering: how many of you use IMAP instead of POP3 > for mail access? We use both. We used to use UW IMAP but switched to dovecot maybe 1.5 years ago, just about the time the first beta of 1.0 came out. It was a huge win over UW IMAP in terms of performance even then. It has just gotten better since, despite "not 1.0" yet. Timo's rc code is way better than most 2.0 version code I have seen. We use mbox format. To get the true advantages of IMAP, you need to use maildir format, not a trivial switch. We warn users to pick IMAP or POP, but don't use both at the same time (mailbox corruption will occur, people learn). Most of our students use IMAP via horde/imp webmail, others use it via Eudora or Pine (eg, me). The older staffers use POP mostly. We hope to make POP disappear eventually. > > I allways used POP3 on my server, and reading about IMAP shows me a lot of > advantages... A problem would be the server disk size, but since disks are > not so expansive nowadays, I'm considering changing the protocol when I > upgrade my server. Yup, IMAP gobbles up disk. If you go to maildir format, it will also gobble up inodes. Consider using a filesystem that avoids fixed inode counts, like UFS. We use ZFS (Solaris 10) for our IMAP/home directory space. Jeff Earickson Colby College From Richard.Frovarp at sendit.nodak.edu Thu Feb 8 16:26:09 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 8 15:30:06 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <45CB4111.2070205@sendit.nodak.edu> Roger Jochem wrote: > Since almost everyone here nows a lot about e-mail, server > configuration, and that kind of stuff, I was wondering: how many of > you use IMAP instead of POP3 for mail access? > > I allways used POP3 on my server, and reading about IMAP shows me a > lot of advantages... A problem would be the server disk size, but > since disks are not so expansive nowadays, I'm considering changing > the protocol when I upgrade my server. > > Any ideas or sugestions about it? Any of you that already had an > experience with this could give me some tips, some impressions about it? > > Regards > > Roger Jochem IMAP MAY use more disk space. This is due to the fact that both protocols can download and delete message, or leave messages on the server, just their defaults are opposite. I've always configured my POP3 clients to leave the messages on the server, as I usually want to access them from multiple locations. In that scenario, POP3 is actually going to use more network and disk resources (reads) than IMAP, since the client will waste time downloading messages I won't be reading. I'm guessing most people don't do this. However, if your setup instructions tell the user to check that little box, then that is a different story. With people checking email from work and home, this may be more common. We run IMAP and use mbx format. There are occasional issues when the index is corrupted, but there are tools to fix it. Using mbx over maildir prevents the system from having to read n files for the required information, where n is the number of messages in the folder. As you might expect n can grow to be quite large. From campbell at cnpapers.com Thu Feb 8 16:38:14 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 8 15:43:22 2007 Subject: Out of Topic: IMAP References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> Message-ID: <005601c74b97$25a47bf0$0705000a@ddf5dw71> > We run IMAP and use mbx format. There are occasional issues when the > index is corrupted, but there are tools to fix it. Using mbx over maildir > prevents the system from having to read n files for the required > information, where n is the number of messages in the folder. As you might > expect n can grow to be quite large. > -- Would you care to provide the tool you use to repair the corruption, please? I have looked (half-heartedly) for a tool that would do this, and although I have found a few, none seem to be really all that great. Thanks, Steve Campbell campbell@cnpapers.com Charleston Newspapers From mikea at mikea.ath.cx Thu Feb 8 16:42:18 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Feb 8 15:46:21 2007 Subject: anybody know about vendaregroup.com? In-Reply-To: References: Message-ID: <20070208154218.GD7892@mikea.ath.cx> On Wed, Feb 07, 2007 at 08:58:08PM -0500, Jeff A. Earickson wrote: > Gang, > > I've noticed over the last couple of weeks that a lot of the outbound > email sitting in my delay queue (ie, the stuff that isn't moving) was > to be returned to vendaregroup.com. I started investigating. The > source addresses varied widely, but the common thread was that when I > did a dig on the domain name, the CNAME always pointed to them, eg: > > dig kingofjeans.com > ... > ;; ANSWER SECTION: > kingofjeans.com. 35815 IN CNAME dpweb.vendaregroup.com. > dpweb.vendaregroup.com. 713 IN A 72.5.175.90 > (etc) > > I googled on vendare and didn't really find much nefarious info on > them. They just seem to be squatting on lots of domain names. > > So... I then added the following to my sendmail access db file: > > vendaregroup.com "550 Domain does not exist." > > rebuilt my access.db file, and started watching the syslogs. > Whoohoo!! I am rejecting a fair amount of what is obviously spam > right at my MTA, stuff that gets noted as "may be forged" and the > like. > > Anybody else notice this? Anybody know anything more about > vendaregroup.com? You might want to use Google Groups, concentrating on the news.admin.net-abuse.* newsgroups, to search for vendaregroup. I blocked them long ago, as sturdy and unregenerate spam-sources, both at home and at work, with no complaints whatsoever about the block from any of my users at work. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From bob.jones at usg.edu Thu Feb 8 17:00:29 2007 From: bob.jones at usg.edu (Bob Jones) Date: Thu Feb 8 16:05:14 2007 Subject: Out of Topic: IMAP In-Reply-To: <45CB4111.2070205@sendit.nodak.edu> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> Message-ID: <45CB491D.706@usg.edu> Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: > > We run IMAP and use mbx format. There are occasional issues when the > index is corrupted, but there are tools to fix it. Using mbx over > maildir prevents the system from having to read n files for the required > information, where n is the number of messages in the folder. As you > might expect n can grow to be quite large. While this may be true in UW-IMAP (not sure, never tried maildir with it), if you use something like dovecot that has an index cache of each mailbox, the system only has to read all those individual files once to create the cache. In fact, if you use the LDA that comes with dovecot, when the message is delivered it is added to the index automatically, so the filesystem never has to worry about reading all those individual files, just each one as the client accesses to actually read the mail. Also, even if you are using mbox format, I highly recommend dovecot as it blows the doors off of UW even with that format. Bob From Richard.Frovarp at sendit.nodak.edu Thu Feb 8 17:03:06 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 8 16:07:03 2007 Subject: Out of Topic: IMAP In-Reply-To: <005601c74b97$25a47bf0$0705000a@ddf5dw71> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <005601c74b97$25a47bf0$0705000a@ddf5dw71> Message-ID: <45CB49BA.4080902@sendit.nodak.edu> Steve Campbell wrote: > >> We run IMAP and use mbx format. There are occasional issues when the >> index is corrupted, but there are tools to fix it. Using mbx over >> maildir prevents the system from having to read n files for the >> required information, where n is the number of messages in the >> folder. As you might expect n can grow to be quite large. >> -- > Would you care to provide the tool you use to repair the corruption, > please? I have looked (half-heartedly) for a tool that would do this, > and although I have found a few, none seem to be really all that great. > > Thanks, > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > We use Mark Clement's recovermbx script to convert the file over to mbox format. We then use mailutil to convert from mbox to mbx. There is of course glue to ship parameters around and do error checking. However, this isn't my work, so I don't want to post it to the list. You may want to check out this out: http://www.opensubscriber.com/message/c-client@u.washington.edu/1108849.html The one down side of our method is that it tends to mark all messages as unread. From jstevens at athensdistributing.com Thu Feb 8 17:13:28 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Thu Feb 8 16:18:27 2007 Subject: Out of Topic: IMAP Message-ID: <1A65E6BAEADF9B4F865314484A13ECF16087FD@atlas.athensdistributing.com> To provide my 2 cents worth we looked at using secure certificates and digital signatures in an IMAP environment which looked very promising(Cyrus and WU implementations) but we were getting confused with the process of deleting mail(messages) a person (Client) had marked for deletion. Hope that made sense. If I remember there were scripted routines that would do the 'actual' delete function of messages that had been flagged for that purpose by the IMAP client. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Thursday, February 08, 2007 9:38 AM To: MailScanner discussion Subject: Re: Out of Topic: IMAP > We run IMAP and use mbx format. There are occasional issues when the > index is corrupted, but there are tools to fix it. Using mbx over maildir > prevents the system from having to read n files for the required > information, where n is the number of messages in the folder. As you might > expect n can grow to be quite large. > -- Would you care to provide the tool you use to repair the corruption, please? I have looked (half-heartedly) for a tool that would do this, and although I have found a few, none seem to be really all that great. Thanks, Steve Campbell campbell@cnpapers.com Charleston Newspapers -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From Richard.Frovarp at sendit.nodak.edu Thu Feb 8 17:19:06 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 8 16:23:04 2007 Subject: Out of Topic: IMAP In-Reply-To: <45CB491D.706@usg.edu> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <45CB491D.706@usg.edu> Message-ID: <45CB4D7A.8030603@sendit.nodak.edu> Bob Jones wrote: > Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: >> >> We run IMAP and use mbx format. There are occasional issues when the >> index is corrupted, but there are tools to fix it. Using mbx over >> maildir prevents the system from having to read n files for the >> required information, where n is the number of messages in the >> folder. As you might expect n can grow to be quite large. > > While this may be true in UW-IMAP (not sure, never tried maildir with > it), if you use something like dovecot that has an index cache of each > mailbox, the system only has to read all those individual files once > to create the cache. In fact, if you use the LDA that comes with > dovecot, when the message is delivered it is added to the index > automatically, so the filesystem never has to worry about reading all > those individual files, just each one as the client accesses to > actually read the mail. > > Also, even if you are using mbox format, I highly recommend dovecot as > it blows the doors off of UW even with that format. > > Bob > Quota handling seems to be a little odd in it. It says it doesn't play well with file system quotas. The Maildir++ quota seems to be a bit more difficult to work with than file system quotas. On first look, I don't see any easy way to tell if a user is over quota or support for grace periods. From MailScanner at ecs.soton.ac.uk Thu Feb 8 17:26:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 8 16:36:07 2007 Subject: OT: Hiring Message-ID: <45CB4F4D.8060304@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We need to hire some additional part time staff who can help with support for MailScanner, MailScanner related applications, MTAs and our DefenderMX application. We will train you on DefenderMX. Salary is commensurate with qualifications and location anywhere is the world is just fine, you just need a high speed Internet link. Hour are flexible and the working environment is great J. Reasonable English skill is required and an additional language would be useful but not necessary. Please send you qualifications and desired compensation level directly to hiring@fsl.com Thanks - -- Steve Swaney President Fort Systems Ltd. steve@fsl.com - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf 7sxp1o/rT/ptelv7aiTtLfs= =D4j/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Feb 8 17:37:22 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 16:41:55 2007 Subject: Out of Topic: IMAP In-Reply-To: <45CB4D7A.8030603@sendit.nodak.edu> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <45CB491D.706@usg.edu> <45CB4D7A.8030603@sendit.nodak.edu> Message-ID: Richard Frovarp spake the following on 2/8/2007 8:19 AM: > Bob Jones wrote: >> Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: >>> >>> We run IMAP and use mbx format. There are occasional issues when the >>> index is corrupted, but there are tools to fix it. Using mbx over >>> maildir prevents the system from having to read n files for the >>> required information, where n is the number of messages in the >>> folder. As you might expect n can grow to be quite large. >> >> While this may be true in UW-IMAP (not sure, never tried maildir with >> it), if you use something like dovecot that has an index cache of each >> mailbox, the system only has to read all those individual files once >> to create the cache. In fact, if you use the LDA that comes with >> dovecot, when the message is delivered it is added to the index >> automatically, so the filesystem never has to worry about reading all >> those individual files, just each one as the client accesses to >> actually read the mail. >> >> Also, even if you are using mbox format, I highly recommend dovecot as >> it blows the doors off of UW even with that format. >> >> Bob >> > > Quota handling seems to be a little odd in it. It says it doesn't play > well with file system quotas. The Maildir++ quota seems to be a bit more > difficult to work with than file system quotas. On first look, I don't > see any easy way to tell if a user is over quota or support for grace > periods. That is one negative. If a user goes over quota, they will get locked out with a cryptic and very terse message. The first time it happened to me, it took me hours to figure out what happened. Especially when the message from the quota daemon tries to go to an already over-quota user. Another thing I miss about UW-imap is its logging of box accesses and activity. You got a nice message on when a user got their mail, and even if they left it or cleared it. I can't find any equivalent in dovecot. It is handy when a user says they didn't get something, and you can see that they did, but either deleted it or have a bad rule in their MUA. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 8 17:41:25 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 16:55:08 2007 Subject: anybody know about vendaregroup.com? In-Reply-To: References: Message-ID: Jeff A. Earickson spake the following on 2/7/2007 5:58 PM: > Gang, > > I've noticed over the last couple of weeks that a lot of the outbound > email sitting in my delay queue (ie, the stuff that isn't moving) was > to be returned to vendaregroup.com. I started investigating. The > source addresses varied widely, but the common thread was that when I > did a dig on the domain name, the CNAME always pointed to them, eg: > > dig kingofjeans.com > ... > ;; ANSWER SECTION: > kingofjeans.com. 35815 IN CNAME dpweb.vendaregroup.com. > dpweb.vendaregroup.com. 713 IN A 72.5.175.90 > (etc) > > I googled on vendare and didn't really find much nefarious info on > them. They just seem to be squatting on lots of domain names. > > So... I then added the following to my sendmail access db file: > > vendaregroup.com "550 Domain does not exist." > > rebuilt my access.db file, and started watching the syslogs. > Whoohoo!! I am rejecting a fair amount of what is obviously spam > right at my MTA, stuff that gets noted as "may be forged" and the > like. > > Anybody else notice this? Anybody know anything more about > vendaregroup.com? > > Jeff Earickson > Colby College The only log entries I have for them are getting dropped by spamhaus. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bob.jones at usg.edu Thu Feb 8 18:20:55 2007 From: bob.jones at usg.edu (Bob Jones) Date: Thu Feb 8 17:25:06 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <45CB491D.706@usg.edu> <45CB4D7A.8030603@sendit.nodak.edu> Message-ID: <45CB5BF7.8060101@usg.edu> Thus spake Scott Silva, with impeccable timing on 2/8/2007 11:37 AM: > Richard Frovarp spake the following on 2/8/2007 8:19 AM: >> Bob Jones wrote: >>> Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: >>>> We run IMAP and use mbx format. There are occasional issues when the >>>> index is corrupted, but there are tools to fix it. Using mbx over >>>> maildir prevents the system from having to read n files for the >>>> required information, where n is the number of messages in the >>>> folder. As you might expect n can grow to be quite large. >>> While this may be true in UW-IMAP (not sure, never tried maildir with >>> it), if you use something like dovecot that has an index cache of each >>> mailbox, the system only has to read all those individual files once >>> to create the cache. In fact, if you use the LDA that comes with >>> dovecot, when the message is delivered it is added to the index >>> automatically, so the filesystem never has to worry about reading all >>> those individual files, just each one as the client accesses to >>> actually read the mail. >>> >>> Also, even if you are using mbox format, I highly recommend dovecot as >>> it blows the doors off of UW even with that format. >>> >>> Bob >>> >> Quota handling seems to be a little odd in it. It says it doesn't play >> well with file system quotas. The Maildir++ quota seems to be a bit more >> difficult to work with than file system quotas. On first look, I don't >> see any easy way to tell if a user is over quota or support for grace >> periods. > That is one negative. If a user goes over quota, they will get locked out with > a cryptic and very terse message. The first time it happened to me, it took me > hours to figure out what happened. Especially when the message from the quota > daemon tries to go to an already over-quota user. We don't have mail quotas here, so I've never had to worry about that, but I can see that as a negative. > Another thing I miss about UW-imap is its logging of box accesses and > activity. You got a nice message on when a user got their mail, and even if > they left it or cleared it. I can't find any equivalent in dovecot. It is > handy when a user says they didn't get something, and you can see that they > did, but either deleted it or have a bad rule in their MUA. Timo recently added (maybe via a plugin) an imap logging option that logs ever imap command a client issues. I don't remember it exactly, but it was within the past few weeks. Bob From sandrews at andrewscompanies.com Thu Feb 8 20:52:30 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Feb 8 19:56:29 2007 Subject: Hiring References: <45CB4F4D.8060304@ecs.soton.ac.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> Qualifications... On mailscanner list....check! Contributed to mailscanner list....check! Contribution was more than "me too"....check! I fall down on the reasonable english skills though; public school and all. ;) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 08, 2007 11:27 AM To: MailScanner discussion Subject: OT: Hiring -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We need to hire some additional part time staff who can help with support for MailScanner, MailScanner related applications, MTAs and our DefenderMX application. We will train you on DefenderMX. Salary is commensurate with qualifications and location anywhere is the world is just fine, you just need a high speed Internet link. Hour are flexible and the working environment is great J. Reasonable English skill is required and an additional language would be useful but not necessary. Please send you qualifications and desired compensation level directly to hiring@fsl.com Thanks - -- Steve Swaney President Fort Systems Ltd. steve@fsl.com - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf 7sxp1o/rT/ptelv7aiTtLfs= =D4j/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Phil.Udel at SalemCorp.com Thu Feb 8 21:43:22 2007 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Thu Feb 8 20:47:33 2007 Subject: Hiring In-Reply-To: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> Message-ID: <200702082043.l18KhM0q022266@mail.salemcorp.com> Me To :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of sandrews@andrewscompanies.com Sent: Thursday, February 08, 2007 2:53 PM To: mailscanner@lists.mailscanner.info Subject: RE: Hiring Qualifications... On mailscanner list....check! Contributed to mailscanner list....check! Contribution was more than "me too"....check! I fall down on the reasonable english skills though; public school and all. ;) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 08, 2007 11:27 AM To: MailScanner discussion Subject: OT: Hiring -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We need to hire some additional part time staff who can help with support for MailScanner, MailScanner related applications, MTAs and our DefenderMX application. We will train you on DefenderMX. Salary is commensurate with qualifications and location anywhere is the world is just fine, you just need a high speed Internet link. Hour are flexible and the working environment is great J. Reasonable English skill is required and an additional language would be useful but not necessary. Please send you qualifications and desired compensation level directly to hiring@fsl.com Thanks - -- Steve Swaney President Fort Systems Ltd. steve@fsl.com - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf 7sxp1o/rT/ptelv7aiTtLfs= =D4j/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Thu Feb 8 21:51:21 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 20:56:18 2007 Subject: Hiring In-Reply-To: <200702082043.l18KhM0q022266@mail.salemcorp.com> References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> Message-ID: Phil Udel spake the following on 2/8/2007 12:43 PM: > Me To :) > I already have 3 jobs to support my drinking and carousing with wild women! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dyioulos at firstbhph.com Thu Feb 8 21:56:41 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Feb 8 21:00:53 2007 Subject: Hiring In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> Message-ID: <200702081556.42435.dyioulos@firstbhph.com> On Thursday 08 February 2007 3:51 pm, Scott Silva wrote: > Phil Udel spake the following on 2/8/2007 12:43 PM: > > Me To :) > > I already have 3 jobs to support my drinking and carousing with wild women! > You work 3 jobs and have time to drink and carouse with wild women? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sailer at bnl.gov Thu Feb 8 22:02:59 2007 From: sailer at bnl.gov (Tim Sailer) Date: Thu Feb 8 21:07:08 2007 Subject: Hiring In-Reply-To: <200702081556.42435.dyioulos@firstbhph.com> References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> <200702081556.42435.dyioulos@firstbhph.com> Message-ID: <20070208210259.GA28108@bnl.gov> On Thu, Feb 08, 2007 at 03:56:41PM -0500, Dimitri Yioulos wrote: > On Thursday 08 February 2007 3:51 pm, Scott Silva wrote: > > Phil Udel spake the following on 2/8/2007 12:43 PM: > > > Me To :) > > > > I already have 3 jobs to support my drinking and carousing with wild women! > > > > You work 3 jobs and have time to drink and carouse with wild women? Maybe those *are* his jobs! Tim From am.lists at gmail.com Thu Feb 8 22:24:19 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 8 21:28:18 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages Message-ID: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> I use MS/PF/PG as a gateway. I'm not sure if this is the right place to ask this question, but I had a slew of messages not arriving today for a period of a few hours. It's still too early to tell if they were rejected permanently or just deferred and I should see them arriving later. My config is as per the subject line... My /etc/resolf.conf contains three DNS servers: for discussion, they are nameserver 1.1.5.5 nameserver 2.2.6.6 nameserver 2.2.7.7 (e.g. at least two of them are on separate networks...) In the above example, server 1.1.5.5 went offline (crashed). With only the first DNS server down, why did the appropriate piece (again, not sure which application is responsible for managing DNS lookups on domains) did not failover to the next nameserver on the list? If you guys redirect me to another list, I'll understand, but I'd be very surprised if I'm the first one to see this problem. Best, Angelo From doc at maddoc.net Thu Feb 8 22:33:41 2007 From: doc at maddoc.net (Doc Schneider) Date: Thu Feb 8 21:37:46 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages In-Reply-To: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> References: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> Message-ID: <45CB9735.7060309@maddoc.net> am.lists wrote: > I use MS/PF/PG as a gateway. > > I'm not sure if this is the right place to ask this question, but I > had a slew of messages not arriving today for a period of a few hours. > It's still too early to tell if they were rejected permanently or just > deferred and I should see them arriving later. > > My config is as per the subject line... > > My /etc/resolf.conf contains three DNS servers: > > for discussion, they are > > nameserver 1.1.5.5 > nameserver 2.2.6.6 > nameserver 2.2.7.7 > > (e.g. at least two of them are on separate networks...) > > In the above example, server 1.1.5.5 went offline (crashed). > > With only the first DNS server down, why did the appropriate piece > (again, not sure which application is responsible for managing DNS > lookups on domains) did not failover to the next nameserver on the > list? > > If you guys redirect me to another list, I'll understand, but I'd be > very surprised if I'm the first one to see this problem. > > Best, > Angelo I'd recommend moving that 1.1.5.5 to the end of that file and let the secondary pick up the slack. While most DNS lookups should fall to the next server I've seen it happen that the first one is the only one that is ever tried. I seem to recall this was something to do with one of the perl DNS package (though I could be mistaken). Anyway that's what I'd do. 8*) -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From amoore at dekalbmemorial.com Thu Feb 8 22:48:01 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Feb 8 21:52:02 2007 Subject: Feature request for when using the ClamAV Module Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F344E5@exch1.dekalbmemorial.local> Julian, Could you add an entry where we can list anti-virus messages to ignore with the ClamAV module like you have for Sophos? It's marks encrypted zip files as viruses, which prevents releasing them easily from MailWatch. I'd be more than happy to test a release with that feature. Thanks. Aaron -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070208/eaf4d939/attachment.html From glenn.steen at gmail.com Thu Feb 8 22:48:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 8 21:52:51 2007 Subject: Hiring In-Reply-To: <20070208210259.GA28108@bnl.gov> References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> <200702081556.42435.dyioulos@firstbhph.com> <20070208210259.GA28108@bnl.gov> Message-ID: <223f97700702081348x548df81je139407b753fd3fc@mail.gmail.com> On 08/02/07, Tim Sailer wrote: > On Thu, Feb 08, 2007 at 03:56:41PM -0500, Dimitri Yioulos wrote: > > On Thursday 08 February 2007 3:51 pm, Scott Silva wrote: > > > Phil Udel spake the following on 2/8/2007 12:43 PM: > > > > Me To :) > > > > > > I already have 3 jobs to support my drinking and carousing with wild women! > > > > > > > You work 3 jobs and have time to drink and carouse with wild women? > > Maybe those *are* his jobs! > Nah, that'd not be it.... Scott just _dreams_ about carousing and women while drinking on the job(s).....I guess....:-D Myself I'd probably have to claim the same as Steve Andrews.... me being swedish and all:-). These days though.... the offer is tempting, os so very tempting... Question is if they could afford me:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From christian at columbiafuels.com Thu Feb 8 23:28:09 2007 From: christian at columbiafuels.com (Christian Rasmussen) Date: Thu Feb 8 22:32:12 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages In-Reply-To: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> References: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> Message-ID: <2023D81BC0235143A46589958FF543F502F5DC82@bigbird.columbiafuels.com> You can set the timeout to whatever you want (man resolv.conf). Some programs don't want to wait the 5 seconds (I think that's the default) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of am.lists Sent: Thursday, February 08, 2007 1:24 PM To: MailScanner discussion Subject: MailScanner w/Postfix and Postgrey Question on rejected messages I use MS/PF/PG as a gateway. I'm not sure if this is the right place to ask this question, but I had a slew of messages not arriving today for a period of a few hours. It's still too early to tell if they were rejected permanently or just deferred and I should see them arriving later. My config is as per the subject line... My /etc/resolf.conf contains three DNS servers: for discussion, they are nameserver 1.1.5.5 nameserver 2.2.6.6 nameserver 2.2.7.7 (e.g. at least two of them are on separate networks...) In the above example, server 1.1.5.5 went offline (crashed). With only the first DNS server down, why did the appropriate piece (again, not sure which application is responsible for managing DNS lookups on domains) did not failover to the next nameserver on the list? If you guys redirect me to another list, I'll understand, but I'd be very surprised if I'm the first one to see this problem. Best, Angelo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Thu Feb 8 23:31:47 2007 From: res at ausics.net (Res) Date: Thu Feb 8 22:35:49 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: On Thu, 8 Feb 2007, Roger Jochem wrote: > Since almost everyone here nows a lot about e-mail, server configuration, and > that kind of stuff, I was wondering: how many of you use IMAP instead of POP3 > for mail access? > We use imap on localhost only for webmail, remote users don't have access to it and use pop3. On other servers that use maildir format, no imap, they use sqwebmail and pop3 which serves very well. A downside to imap is the constant login-do_request-logout so you'd need some sort of proxy on heavy use servers or your log spool will be full in a day :) If I have to build more? It would be pop3. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From waytotheweb at googlemail.com Thu Feb 8 23:32:26 2007 From: waytotheweb at googlemail.com (Sarah Trayser) Date: Thu Feb 8 22:36:25 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2098A.3070200@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: On 01/02/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > - -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > - -- When using the Custom Function plugin system, you can now calculate a > ruleset from within your Custom Function. Very useful for large sites. > - -- Improvements to the accuracy of the SpamAssassin cache results. > - -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > - -- Messages placed in multiple outgoing queues are now delivered > immediately. > - -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > The change to force SpamAssassin to run out of memory-based files has broken MailScanner on VPS systems using clamavmodule. The check_mailscanner script checks for the existence of /dev/shm, which is there on a VPS but there is no actual mount point for the tmpfs file system, and since you can't create files in /dev/, MailScanner fails to start with a bogus error message of "ClamAV Module ERROR:: Could not load databases from /usr/local/share/clamav". -- Regards, Sarah Trayser Way to the Web Ltd Server Management Services: http://www.configserver.com Web Hosting: http://www.waytotheweb.com From res at ausics.net Thu Feb 8 23:38:19 2007 From: res at ausics.net (Res) Date: Thu Feb 8 22:42:37 2007 Subject: Out of Topic: IMAP In-Reply-To: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> References: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Message-ID: On Thu, 8 Feb 2007, Martin.Hepworth wrote: > Also means you can start sharing info better with shared folders than > just every modern imap server does - may I recommend Dovecot. The problem with dovecot is, theres a new rc fixing bugs every second week, in fact recently 2 in one day, its up to what rc20 now? That's scarey, on the mbox machines I recently removed the last dovecot server and went back to UW's imap (pop3 on those boxes use popa3d), sure UW imapd might be a microsecond slower, but its *stable* and very reliable. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From nerijusb at dtiltas.lt Thu Feb 8 23:58:43 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu Feb 8 23:04:01 2007 Subject: rejecting emails by country origin In-Reply-To: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> Message-ID: <20070208230001.51C9CFF09@mx-a.vdnet.lt> On Thu, 8 Feb 2007 17:17:23 +0800 Jose Nathaniel Nengasca wrote: > Thanks for that info Res. Anyway is there plugins that I could use that > blocks certain country domains and/or geographical origin based on ip > address of the sender? This might be OT, but milter-greylist (cvs version or the next development version) supports it (it uses GeoIP for this). Regards, Nerijus From ssilva at sgvwater.com Thu Feb 8 23:57:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 23:05:30 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Message-ID: Res spake the following on 2/8/2007 2:38 PM: > On Thu, 8 Feb 2007, Martin.Hepworth wrote: > >> Also means you can start sharing info better with shared folders than >> just every modern imap server does - may I recommend Dovecot. > > The problem with dovecot is, theres a new rc fixing bugs every second > week, in fact recently 2 in one day, its up to what rc20 now? > > That's scarey, on the mbox machines I recently removed the last dovecot > server and went back to UW's imap (pop3 on those boxes use popa3d), sure > UW imapd might be a microsecond slower, but its *stable* and very reliable. > > That's why I am still using the patched .99 version included with CentOS 4 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From am.lists at gmail.com Fri Feb 9 00:19:58 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 8 23:24:02 2007 Subject: Scanning for Spam Message-ID: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> We've all seen the "investor alert" messages. Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning is picking them all up is very effective. But now, I'm seeing the plain text ones coming in. I know, I'm getting pretty greedy to expect a 100% effectiveness rate of my spam filtering, but it seems it should be possible to stop this stuff. My question for the list.... What is the consensus method for rolling these to a halt? -- Are you tweaking existing rules that center on dial-up lists, bogus helo, invalid reverse dns? -- Are you using MCP for words like "investor" and other keywords? I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr (with all [or most] of its plugin/helper apps). Thanks in advance. Angelo From rabollinger at gmail.com Fri Feb 9 00:29:02 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Thu Feb 8 23:33:01 2007 Subject: Fwd: Message never gets out of mqueue.in In-Reply-To: <7744a2840702081527j152cb84bm256679a74d52f63e@mail.gmail.com> References: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> <7744a2840702071505q6f1b93fdg7baedf54a6a91f8a@mail.gmail.com> <7744a2840702081527j152cb84bm256679a74d52f63e@mail.gmail.com> Message-ID: <7744a2840702081529h3c855e4djae14d9bf0b4b3fe7@mail.gmail.com> ---------- Forwarded message ---------- From: Richard Bollinger Date: Feb 8, 2007 6:27 PM Subject: Fwd: Message never gets out of mqueue.in To: "Martin. Hepworth" Cc: MAILSCANNER@jiscmail.ac.uk Not sure if you caught my reply.... any further thoughts based on my test results? ---------- Forwarded message ---------- From: Richard Bollinger Date: Feb 7, 2007 6:05 PM Subject: Re: Message never gets out of mqueue.in To: MailScanner discussion On 2/7/07, Martin.Hepworth wrote: > Richard > > Bother I hate doing this.. > > > When you upgraded did you force the locktype in MailScanner.conf. recent > MailScanner versions assume sendmail is 8.13+ and posix locktype rather > than older versions with assume sendmail is 8.12 or previous and flock > locktype. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > We're running sendmail-8.13.8 MailScanner.conf has this line in it: Lock Type = Here's the output of the -debug run: /root@rb-ls1:/u/tmp/looping# /opt/bin/MailScanner -debug In Debugging mode, not forking... [28597] warn: FuzzyOcr: Cannot find executable for ocrad Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 read-open /var/spool/MailScanner/incoming/28597/l17Bo8oL007167/LOS_pdf: No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm line 435. My first guess would be that the problem may be related to foreign language attachment names and the TNEF decoders.... this email was from an partner in India. Thanks, Rich B From ssilva at sgvwater.com Fri Feb 9 00:39:04 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 23:43:30 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: am.lists spake the following on 2/8/2007 3:19 PM: > We've all seen the "investor alert" messages. > > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning > is picking them all up is very effective. > > But now, I'm seeing the plain text ones coming in. I know, I'm getting > pretty greedy to expect a 100% effectiveness rate of my spam > filtering, but it seems it should be possible to stop this stuff. > > My question for the list.... > > What is the consensus method for rolling these to a halt? > > -- Are you tweaking existing rules that center on dial-up lists, bogus > helo, invalid reverse dns? > -- Are you using MCP for words like "investor" and other keywords? > > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr > (with all [or most] of its plugin/helper apps). > > Thanks in advance. > > > Angelo With good rules and the digests you have enabled, you should be catching most of them. You might get a few at first until the they get reported to the digests. The only other thing you could do is use a good blacklist or two at the MTA. I think you would be closer to unreasonable to expect 100% spam blocking, but there is one way. Reach behind the server and unplug the network cable. That is probably the only way to reach 100%, although you should easily be able to get into the low to mid 90's. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Fri Feb 9 00:41:16 2007 From: res at ausics.net (Res) Date: Thu Feb 8 23:45:32 2007 Subject: rejecting emails by country origin In-Reply-To: <20070208230001.51C9CFF09@mx-a.vdnet.lt> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> <20070208230001.51C9CFF09@mx-a.vdnet.lt> Message-ID: On Fri, 9 Feb 2007, Nerijus Baliunas wrote: > This might be OT, but milter-greylist (cvs version or the next development version) > supports it (it uses GeoIP for this). GeoIP is dangerous, it's so often been so very very wrong - use this with extreme care -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Fri Feb 9 00:45:39 2007 From: res at ausics.net (Res) Date: Thu Feb 8 23:49:43 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Message-ID: On Thu, 8 Feb 2007, Scott Silva wrote: > Res spake the following on 2/8/2007 2:38 PM: >> On Thu, 8 Feb 2007, Martin.Hepworth wrote: >> >>> Also means you can start sharing info better with shared folders than >>> just every modern imap server does - may I recommend Dovecot. >> >> The problem with dovecot is, theres a new rc fixing bugs every second >> week, in fact recently 2 in one day, its up to what rc20 now? >> >> That's scarey, on the mbox machines I recently removed the last dovecot >> server and went back to UW's imap (pop3 on those boxes use popa3d), sure >> UW imapd might be a microsecond slower, but its *stable* and very reliable. >> >> > That's why I am still using the patched .99 version included with CentOS 4 Still a worry though :) You have to make sure its always patched.. On the hosting boxes I dont have to worry about it, they use maildir with vpopmail, never ever misses a beat, amazing since its NFS based. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From dimavo at gmail.com Fri Feb 9 01:16:27 2007 From: dimavo at gmail.com (Dimitri Volski) Date: Fri Feb 9 00:20:25 2007 Subject: X-Relay-Countries Message-ID: <574ff8c30702081616l7e634f61wc7c437b2841c2081@mail.gmail.com> Hi Martin, Thanks for your reply. No that wasn't me, I only ran into this problem yesterday, trying to implement some more spam blocking. I understand that MailScanner does not put any SpamAssassin headers - I was actually looking at the SA log when I ran SA manually on the source of the spam message. Both snips of log below belong to the same log produced by SA. I understand that SA produces a Pseudo Header for X-Relay-Countries, which, even if you ran SA without MailScanner will still not be displayed. What I was loooking for though is the indication that it picked up the country of origin based on the rules that I created with SA. Thanks for your help, dim Date: Thu, 08 Feb 2007 09:38:04 +0000 From: "Martin.Hepworth" Subject: RE: {Disarmed} X-Relay-Countries To: "MailScanner discussion" Message-ID: Content-Type: text/plain; charset="us-ascii" Dimitri Some on the IRC channel was having a similar problem a couple of days ago - you?? MailScanner will NOT insert SA headers into the email It will put the info in the MailScanner-SpamScore header if you tell to be verbose. Given running SA on its own doesn't insert info either I suggest you lint check the SA config and fix any issues first.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dimitri Volski > Sent: 08 February 2007 09:10 > To: mailscanner@lists.mailscanner.info > Subject: {Disarmed} X-Relay-Countries > > Hi All, > > I am having troubles getting the SpamAssassin scores based on Relay > Countries. > > A snip of the log: > > debug: received-header: relay MailScanner warning: numerical links are > often malicious: 84.56.164.42 trusted? no internal? > no > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: [ ip=MailScanner warning: > numerical links are often malicious: 84.56.164.42 > rdns=dslb-084-056-164-042.pools.arcor-ip.net helo=callaria.com > by=mx.google.com ident= envfrom= intl=0 > id=p4si1743305qba.2007.02.05.02.02.53 auth= ] > debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x931059c) > implements 'extract_metadata' > debug: metadata: X-Relay-Countries: DE > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x99dd4c8) > implements 'parsed_metadata' > > Here I can see that the country is detected as Denmark, but when I insert > > header RELAY_DE X-Relay-Countries =~/\bDE\b/ > describe RELAY_DE Relayed through Germany > score RELAY_DE 1.0 > > into /etc/MailScanner/spam.assassin.prefs.conf , I cannot see it in > theSpamAssassin report (if run manually on source of the message above) or > the MailScanner report. > > If run manually, SpamAssassin gives this header in the end: > > X-Spam-Flag: NO > X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on exmail > X-Spam-Level: **** > X-Spam-Status: No, score=4.4 required= 5.0 > tests=FORGED_RCVD_HELO,RCVD_BY_IP, > RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no > version=3.0.5 > > In which I cannot see the RELAY_DE > > Please help ! :) > > Cheers, > dim > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070209/37645ac5/attachment.html From am.lists at gmail.com Fri Feb 9 03:07:04 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 02:11:03 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages In-Reply-To: <45CB9735.7060309@maddoc.net> References: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> <45CB9735.7060309@maddoc.net> Message-ID: <25a66d840702081807o863e5cag5a1226a56ded6d30@mail.gmail.com> Unfortunately, the 1.1.5.5 is a NS cache that I can control, while the 2.2.6.6 and 2.2.7.7 are the ones provided by my co-lo facility. They are also the ones that seem less reliable (shrug)... Now, I know the difference between authoritative and cache dns servers, and these are all caches that I point to, but my co-lo owns the reverse lookup on their authoritative servers. My inbound SMTP usually is able to successfully reverse-lookup my gateway's IP, but I've seen historically a time in the 5am hour where the SMTP is getting "received from unknown" where it should be saying "received from mail-gw" -- I know, it's not the "correct" answer, but it's at least my reasoning. I thought about turning on nscd. But I await feedback from those that might see this first and either warn or praise the idea. Angelo On 2/8/07, Doc Schneider wrote: > am.lists wrote: > > I use MS/PF/PG as a gateway. > > > > I'm not sure if this is the right place to ask this question, but I > > had a slew of messages not arriving today for a period of a few hours. > > It's still too early to tell if they were rejected permanently or just > > deferred and I should see them arriving later. > > > > My config is as per the subject line... > > > > My /etc/resolf.conf contains three DNS servers: > > > > for discussion, they are > > > > nameserver 1.1.5.5 > > nameserver 2.2.6.6 > > nameserver 2.2.7.7 > > > > (e.g. at least two of them are on separate networks...) > > > > In the above example, server 1.1.5.5 went offline (crashed). > > > > With only the first DNS server down, why did the appropriate piece > > (again, not sure which application is responsible for managing DNS > > lookups on domains) did not failover to the next nameserver on the > > list? > > > > If you guys redirect me to another list, I'll understand, but I'd be > > very surprised if I'm the first one to see this problem. > > > > Best, > > Angelo > > I'd recommend moving that 1.1.5.5 to the end of that file and let the > secondary pick up the slack. While most DNS lookups should fall to the > next server I've seen it happen that the first one is the only one that > is ever tried. I seem to recall this was something to do with one of the > perl DNS package (though I could be mistaken). Anyway that's what I'd > do. 8*) > > -- > -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From am.lists at gmail.com Fri Feb 9 03:11:29 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 02:15:29 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> Scott- I agree with you, but if I'm scoring one of those at (let's say for example) a 2.4 when I'm requiring 4.0, I'm passing this as good mail. I'm also assuming that this same message is getting through most others' too (at least those running with the same un-touched rules as me). So how would this get learned as spam? Also, these messages have a way of loading the junk portion up front, followed by a couple of line feeds, then some "harmless" filler below. Probably to make the scoring acceptable to have investor in there if it's only mentioned in one out of 500 words, versus one out of 40 words. Any ideas on how to take this into account? e.g. Formulate a rule that if any of these high-profile words are caught in the first 50 words of the message, be twice as prejudicial towards them? Angelo On 2/8/07, Scott Silva wrote: > am.lists spake the following on 2/8/2007 3:19 PM: > > We've all seen the "investor alert" messages. > > > > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning > > is picking them all up is very effective. > > > > But now, I'm seeing the plain text ones coming in. I know, I'm getting > > pretty greedy to expect a 100% effectiveness rate of my spam > > filtering, but it seems it should be possible to stop this stuff. > > > > My question for the list.... > > > > What is the consensus method for rolling these to a halt? > > > > -- Are you tweaking existing rules that center on dial-up lists, bogus > > helo, invalid reverse dns? > > -- Are you using MCP for words like "investor" and other keywords? > > > > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr > > (with all [or most] of its plugin/helper apps). > > > > Thanks in advance. > > > > > > Angelo > With good rules and the digests you have enabled, you should be catching most > of them. You might get a few at first until the they get reported to the > digests. The only other thing you could do is use a good blacklist or two at > the MTA. > I think you would be closer to unreasonable to expect 100% spam blocking, but > there is one way. Reach behind the server and unplug the network cable. That > is probably the only way to reach 100%, although you should easily be able to > get into the low to mid 90's. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From am.lists at gmail.com Fri Feb 9 04:16:15 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 03:20:17 2007 Subject: rejecting emails by country origin In-Reply-To: References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> <20070208230001.51C9CFF09@mx-a.vdnet.lt> Message-ID: <25a66d840702081916i35072d16l6cce41efe8964164@mail.gmail.com> I'd like to share a brief encounter with the dark side of GeoIP. I had a host at a facility where we had so many IP addresses in so many different blocks, some of them would occasionally return a "RIPE - Corrupt Country Data" error when we were reverse-lookup'ed as mail senders. And as it was the case for us, corrupt country data may as well have listed us as being in Nigeria or North Korea in terms of how we scored. (If I had written this, I would treat corrupt as a lookup error, not negatively score it, but then I didn't write it.) Turns out that our provider would go to ARIN and tag our block as "reassigned" and show us as the true owner of the IP block. Not that that's a bad thing, but whatever tool the mail server software on the remote side was using to query our IP would get that "reassigned" bit of information about our IP and would choke on that response. We took this up with our provider, and learned that anytime they assigned a block larger than 5 IPs to a customer they were compelled to register the actual owner of that block with ARIN. (I'm not sure if that was the hosting company's policy or ARIN's.) We had several blocks, some contiguous (which were registered as 'reassigned') and some that were in small blocks of non-contiguous ranges. Our solution was to move the mail server over to a block of IPs that was not listed as reassigned, and that took care of the problem for us. I'm not proclaiming tthat all GeoIP lookup services [mis]behave this way, but you may run into this if you're on a 'reassigned' block of IP space. Angelo On 2/8/07, Res wrote: > On Fri, 9 Feb 2007, Nerijus Baliunas wrote: > > > This might be OT, but milter-greylist (cvs version or the next development version) > > supports it (it uses GeoIP for this). > > GeoIP is dangerous, it's so often been so very very wrong - use this with > extreme care > > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From res at ausics.net Fri Feb 9 05:23:22 2007 From: res at ausics.net (Res) Date: Fri Feb 9 04:27:27 2007 Subject: rejecting emails by country origin In-Reply-To: <25a66d840702081916i35072d16l6cce41efe8964164@mail.gmail.com> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> <20070208230001.51C9CFF09@mx-a.vdnet.lt> <25a66d840702081916i35072d16l6cce41efe8964164@mail.gmail.com> Message-ID: On Thu, 8 Feb 2007, am.lists wrote: > I'd like to share a brief encounter with the dark side of GeoIP. I had > a host at a facility where we had so many IP addresses in so many > different blocks, some of them would occasionally return a "RIPE - > Corrupt Country Data" error when we were reverse-lookup'ed as mail Thats pretty typical, it thinks one of our ranges is in India, nothing wrong with that, apart from the fact it's only about 25,000 or so miles away :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From a.peacock at chime.ucl.ac.uk Fri Feb 9 09:46:53 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 08:51:05 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> Message-ID: <45CC34FD.2060904@chime.ucl.ac.uk> Hi, am.lists wrote: > Scott- I agree with you, but if I'm scoring one of those at (let's say > for example) a 2.4 when I'm requiring 4.0, I'm passing this as good > mail. I'm also assuming that this same message is getting through most > others' too (at least those running with the same un-touched rules as > me). So how would this get learned as spam? > > Also, these messages have a way of loading the junk portion up front, > followed by a couple of line feeds, then some "harmless" filler below. > Probably to make the scoring acceptable to have investor in there if > it's only mentioned in one out of 500 words, versus one out of 40 > words. Any ideas on how to take this into account? e.g. Formulate a > rule that if any of these high-profile words are caught in the first > 50 words of the message, be twice as prejudicial towards them? Put an example of these emails somewhere where the list users can find it (web page) with full headers, and I am sure people will tell you what scores the get and which rules hit. Out of interest I currently catch 99.5% of my spam. > > Angelo > > On 2/8/07, Scott Silva wrote: >> am.lists spake the following on 2/8/2007 3:19 PM: >> > We've all seen the "investor alert" messages. >> > >> > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning >> > is picking them all up is very effective. >> > >> > But now, I'm seeing the plain text ones coming in. I know, I'm getting >> > pretty greedy to expect a 100% effectiveness rate of my spam >> > filtering, but it seems it should be possible to stop this stuff. >> > >> > My question for the list.... >> > >> > What is the consensus method for rolling these to a halt? >> > >> > -- Are you tweaking existing rules that center on dial-up lists, bogus >> > helo, invalid reverse dns? >> > -- Are you using MCP for words like "investor" and other keywords? >> > >> > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr >> > (with all [or most] of its plugin/helper apps). >> > >> > Thanks in advance. >> > >> > >> > Angelo >> With good rules and the digests you have enabled, you should be >> catching most >> of them. You might get a few at first until the they get reported to the >> digests. The only other thing you could do is use a good blacklist or >> two at >> the MTA. >> I think you would be closer to unreasonable to expect 100% spam >> blocking, but >> there is one way. Reach behind the server and unplug the network >> cable. That >> is probably the only way to reach 100%, although you should easily be >> able to >> get into the low to mid 90's. >> >> -- >> >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From jan-peter at koopmann.eu Fri Feb 9 10:01:41 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Feb 9 09:04:55 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: On Wednesday, February 07, 2007 4:55 PM Charles Lacroix wrote: > I can upgrade to latest as no one yellled any major bugs. But i > haven't seen anything about this in the fixes. Let me install the latest version myself and see how it behaves. However my productive system is 5.5 stable... Kind regards, JP From jan-peter at koopmann.eu Fri Feb 9 10:35:01 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Feb 9 09:38:16 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: On Wednesday, February 07, 2007 4:55 PM Charles Lacroix wrote: > i run freebsd 6.1 and once in a while like every day, i end up > getting the string MailScanner in my /var/run/MailScanner.pid file. > > I got my pid file setup in MailScanner.conf PID file = > /var/run/MailScanner.pid > > version 4.57.6 Just upgraded to 4.58.9 and cannot reproduce the problem (yet). /var/run/MailScanner.pid contains the pid of the parent process. From martinh at solidstatelogic.com Fri Feb 9 10:47:18 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Feb 9 09:51:26 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: Angelo What 'extra' rules have you in /etc/mail/spamassassin. Ones from www.rulesemporium.com/rules.html and www.rulesemporium.com/other-rules.htm ? Are you running DCC/razor2? Have you got SA version 3.1.7 AND run sa-update recently? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of am.lists > Sent: 08 February 2007 23:20 > To: MailScanner discussion > Subject: Scanning for Spam > > We've all seen the "investor alert" messages. > > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning > is picking them all up is very effective. > > But now, I'm seeing the plain text ones coming in. I know, I'm getting > pretty greedy to expect a 100% effectiveness rate of my spam > filtering, but it seems it should be possible to stop this stuff. > > My question for the list.... > > What is the consensus method for rolling these to a halt? > > -- Are you tweaking existing rules that center on dial-up lists, bogus > helo, invalid reverse dns? > -- Are you using MCP for words like "investor" and other keywords? > > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr > (with all [or most] of its plugin/helper apps). > > Thanks in advance. > > > Angelo > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jan-peter at koopmann.eu Fri Feb 9 13:52:40 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Feb 9 12:55:54 2007 Subject: condition virus and SA Score>6? Message-ID: Hi, I want to not deliver mails if a virus is detected and the SA score is above 6 (but lower than high scoring spam). Any quick idea of how to achieve this? If SA score is below the threashold the virus should be disarmed and the mail still delivered with virus warning. Regards, JP From maillists at conactive.com Fri Feb 9 14:43:45 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Feb 9 13:47:49 2007 Subject: Allowing password-protected archives Message-ID: Hi everything, long time no talk :-) I find that I have a problem with Allowing password-protected archives = no It seems that the version I use doesn't do anything with them if "no" is set. Mailwatch shows "deliver, header, "X-Spam-Status:, No"" as actions, but what actually happens is that the mail doesn't reach the mailbox. And it doesn't get put in the quarantine. And no notify either. So, it just "vanishes". This is version 4.54.6 I assume this behavior depends on: Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no I think All-Viruses should *not* contain Zip-Password because there's no guarantee it's a virus. If you want it to be a silent virus then use: Silent Viruses = HTML-IFrame All-Viruses Zip-Password And if it's not in that list then the password-protected archive should be quarantined and the recipient notified, so he can release it if he wants. I checked here http://www.mailscanner.info/MailScanner.conf.index.html and it doesn't seem there was a change in any recent version, so I would like to propose this change. Unless there is some other way to cater for this. Allowing password-protected archives = yes is obviously not the solution since it then sends all protected archives right thru. And a ruleset is not very adaptive. I would have to add any sender or recipient and then they would still get all protected archives right thru no matter if expected or not. Thanks, Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dhawal at netmagicsolutions.com Fri Feb 9 14:48:04 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 9 13:52:19 2007 Subject: condition virus and SA Score>6? In-Reply-To: References: Message-ID: <45CC7B94.5060904@netmagicsolutions.com> Koopmann, Jan-Peter wrote: > Hi, > > I want to not deliver mails if a virus is detected and the SA score is above 6 (but lower than high scoring spam). Any quick idea of how to achieve this? > > If SA score is below the threashold the virus should be disarmed and the mail still delivered with virus warning. Try using a ruleset for 'Spam Actions'.. Spam Actions = %rules-dir%/spam.action.rules Virus: default store/delete/whatever FromOrTo: default deliver The other option is to use newer MS releases, which have this feature "New example Custom Function to show how to evaluate a ruleset from within a Custom Function." Maybe you could try this.. - dhawal From dhawal at netmagicsolutions.com Fri Feb 9 14:55:33 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 9 13:59:36 2007 Subject: condition virus and SA Score>6? In-Reply-To: <45CC7B94.5060904@netmagicsolutions.com> References: <45CC7B94.5060904@netmagicsolutions.com> Message-ID: <45CC7D55.4080004@netmagicsolutions.com> Dhawal Doshy wrote: > Koopmann, Jan-Peter wrote: >> Hi, >> >> I want to not deliver mails if a virus is detected and the SA score is >> above 6 (but lower than high scoring spam). Any quick idea of how to >> achieve this? >> >> If SA score is below the threashold the virus should be disarmed and >> the mail still delivered with virus warning. > > Try using a ruleset for 'Spam Actions'.. > Spam Actions = %rules-dir%/spam.action.rules > > Virus: default store/delete/whatever > FromOrTo: default deliver However this will deliver the virus without disinfecting (if this idea ever works in the first place). methinks you also ought to change to 'Deliver Disinfected Files = yes' and 'Deliver Cleaned Messages = yes' - dhawal (replying to myself.. confirmed postfix user) From maillists at conactive.com Fri Feb 9 15:36:54 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Feb 9 14:40:57 2007 Subject: Allowing password-protected archives In-Reply-To: References: Message-ID: Kai Schaetzl wrote on Fri, 09 Feb 2007 14:43:45 +0100: > Hi everything, *one*, of course ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From am.lists at gmail.com Fri Feb 9 16:07:11 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 15:11:14 2007 Subject: Scanning for Spam In-Reply-To: <45CC34FD.2060904@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> Message-ID: <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> On 2/9/07, Anthony Peacock wrote: > Put an example of these emails somewhere where the list users can find > it (web page) with full headers, and I am sure people will tell you what > scores the get and which rules hit. Anthony: I will leave this up for a while for discussion: http://mailgw.evokeemail.com/q/20070208.htm From am.lists at gmail.com Fri Feb 9 16:10:42 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 15:14:44 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: <25a66d840702090710n46062347ne78d45dcbcf7f712@mail.gmail.com> On 2/9/07, Martin.Hepworth wrote: > What 'extra' rules have you in /etc/mail/spamassassin. > Ones from www.rulesemporium.com/rules.html and I'm running the rules du jour script, which pulls this package down 1x/day. > www.rulesemporium.com/other-rules.htm ? No, none of these... > Are you running DCC/razor2? Yes. > Have you got SA version 3.1.7 AND run sa-update recently? SA is 3.1.5 :-( But I have sa-update 'ed recently. From iarteaga at cwpanama.net Fri Feb 9 16:14:11 2007 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Fri Feb 9 15:18:25 2007 Subject: How to check MS version Message-ID: Hello List, Can somebody please let me know the linux command in order to check the MS version I am running on? Will appreciate any help. --Ivan. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070209/d1966182/attachment.html From dhawal at netmagicsolutions.com Fri Feb 9 16:19:51 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 9 15:24:22 2007 Subject: How to check MS version In-Reply-To: References: Message-ID: Ivan Arteaga wrote: > Hello List, > > Can somebody please let me know the linux command in order to check the > MS version I am running on? > > Will appreciate any help. > > --Ivan. MailScanner -v | grep "MailScanner version" From rob at robhq.com Fri Feb 9 16:21:07 2007 From: rob at robhq.com (rob) Date: Fri Feb 9 15:25:25 2007 Subject: How to check MS version In-Reply-To: References: Message-ID: <20070209152100.M17493@robhq.com> On Fri, 9 Feb 2007 10:14:11 -0500, Ivan Arteaga wrote > Hello List, > > Can somebody please let me know the linux command in order to check the MS > version I am running on? > > Will appreciate any help. > > --Ivan. MailScanner -v From a.peacock at chime.ucl.ac.uk Fri Feb 9 16:22:44 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 15:26:54 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> Message-ID: <45CC91C4.10509@chime.ucl.ac.uk> Hi, am.lists wrote: > On 2/9/07, Anthony Peacock wrote: >> Put an example of these emails somewhere where the list users can find >> it (web page) with full headers, and I am sure people will tell you what >> scores the get and which rules hit. > > Anthony: > > I will leave this up for a while for discussion: > > http://mailgw.evokeemail.com/q/20070208.htm Well the first one scored 7 for me: Content analysis details: (7.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.1 FROM_NO_LOWER From address has no lower-case characters 0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.0 RCVD_IN_JANET_RBL RBL: Relay in JANET MAPS RBL+ RBL [1.2.3.163 listed in rbl-plus.mail-abuse.ja.net] [95.198.49.57 listed in rbl-plus.mail-abuse.ja.net] 0.1 TO_CC_NONE No To: or Cc: header -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From iarteaga at cwpanama.net Fri Feb 9 16:22:49 2007 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Fri Feb 9 15:27:02 2007 Subject: How to check MS version In-Reply-To: Message-ID: Thanx!! --Ivan. "Look both ways before crossing the Net" -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dhawal Doshy Sent: Friday, February 09, 2007 10:20 AM To: mailscanner@lists.mailscanner.info Subject: Re: How to check MS version Ivan Arteaga wrote: > Hello List, > > Can somebody please let me know the linux command in order to check the > MS version I am running on? > > Will appreciate any help. > > --Ivan. MailScanner -v | grep "MailScanner version" -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dyioulos at firstbhph.com Fri Feb 9 16:25:23 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Feb 9 15:29:36 2007 Subject: How to check MS version In-Reply-To: References: Message-ID: <200702091025.24106.dyioulos@firstbhph.com> On Friday 09 February 2007 10:14 am, Ivan Arteaga wrote: > Hello List, > > > > Can somebody please let me know the linux command in order to check the MS > version I am running on? > > > > Will appreciate any help. > > > > --Ivan. If it's running on a Redhat or Redhat-derived system, try rpm -q mailscanner. You can also check down toward the bottom of MailScanner.conf (directive is "MailScanner Version Number"). Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Fri Feb 9 16:35:16 2007 From: dave.list at pixelhammer.com (DAve) Date: Fri Feb 9 15:39:24 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> Message-ID: <45CC94B4.3090102@pixelhammer.com> am.lists wrote: > On 2/9/07, Anthony Peacock wrote: >> Put an example of these emails somewhere where the list users can find >> it (web page) with full headers, and I am sure people will tell you what >> scores the get and which rules hit. > > Anthony: > > I will leave this up for a while for discussion: > > http://mailgw.evokeemail.com/q/20070208.htm First message scored; Content analysis details: (2.3 points, 5.0 required) pts rule name description ------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5483] 0.1 TO_CC_NONE No To: or Cc: header Second message scored; Content analysis details: (17.3 points, 5.0 required) pts rule name description ------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 15 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.1 TO_CC_NONE No To: or Cc: header DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From am.lists at gmail.com Fri Feb 9 16:57:01 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 16:01:07 2007 Subject: Scanning for Spam In-Reply-To: <45CC91C4.10509@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> Message-ID: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Anthony, When I obfuscated my real IP in the htm, I added 1.3 to that score (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. I looked on RE and don't see which group that's part of. It seems very effective. UPDATE: I just received another text-only one, and it's on the URL below. I didn't obfuscate any IPs this time, so the THIRD message would be an interesting test. http://mailgw.evokeemail.com/q/20070208.htm From rabollinger at gmail.com Fri Feb 9 17:00:39 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Fri Feb 9 16:04:41 2007 Subject: Message never gets out of mqueue.in In-Reply-To: <7744a2840702081529h3c855e4djae14d9bf0b4b3fe7@mail.gmail.com> References: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> <7744a2840702071505q6f1b93fdg7baedf54a6a91f8a@mail.gmail.com> <7744a2840702081527j152cb84bm256679a74d52f63e@mail.gmail.com> <7744a2840702081529h3c855e4djae14d9bf0b4b3fe7@mail.gmail.com> Message-ID: <7744a2840702090800o369ff1f9xe4a7821613b6b75a@mail.gmail.com> On 2/8/07, Richard Bollinger wrote: > ---------- Forwarded message ---------- > From: Richard Bollinger > Date: Feb 8, 2007 6:27 PM > Subject: Fwd: Message never gets out of mqueue.in > To: "Martin. Hepworth" > Cc: MAILSCANNER@jiscmail.ac.uk > > > Not sure if you caught my reply.... any further thoughts based on my > test results? > > ---------- Forwarded message ---------- > From: Richard Bollinger > Date: Feb 7, 2007 6:05 PM > Subject: Re: Message never gets out of mqueue.in > To: MailScanner discussion > > > On 2/7/07, Martin.Hepworth wrote: > > Richard > > > > Bother I hate doing this.. > > > > > > When you upgraded did you force the locktype in MailScanner.conf. recent > > MailScanner versions assume sendmail is 8.13+ and posix locktype rather > > than older versions with assume sendmail is 8.12 or previous and flock > > locktype. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > We're running sendmail-8.13.8 > MailScanner.conf has this line in it: Lock Type = > > Here's the output of the -debug run: > /root@rb-ls1:/u/tmp/looping# /opt/bin/MailScanner -debug > In Debugging mode, not forking... > [28597] warn: FuzzyOcr: Cannot find executable for ocrad > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > read-open /var/spool/MailScanner/incoming/28597/l17Bo8oL007167/LOS_pdf: > No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm > line 435. > > My first guess would be that the problem may be related to foreign > language attachment names and the TNEF decoders.... this email was > from an partner in India. > > Thanks, Rich B Working the bug further, I tried upgrading to the latest stable MailScanner-4.58.9. That didn't change anything, so I tried changing TNEF processing to internal and it ran to completion... and I see the problem.... maybe. Using the external converter, it says the name of one of the attachments is LOS_pdf1, and sure enough that is one of the files broken out in the incoming folder before it does looking for LOS_pdf (the name missing its last character). read-open /var/spool/MailScanner/incoming/12862/l17Bo8oL007167/LOS_pdf: No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm line 435. root@rb-ls1:~# ls /var/spool/MailScanner/incoming/12862/l17Bo8oL007167 LOS_pdf1 Untitled Attachment msg-12862-2.txt PBU Rev1 1 Feb,2007.xls msg-12862-1.txt msg-12862-3.txt Using the internal converter, it runs to completion, calling that attachment "LOS_pdf" (missing its last character). Somewhere in the process, MailScanner is dropping the last byte of the file name and thereby getting confused. Looks like my temporary cure is to use the internal TNEF converter. Someone who groks perl better than I should be able to find the error now. Thanks, Rich B From a.peacock at chime.ucl.ac.uk Fri Feb 9 17:06:58 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 16:11:26 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: <45CC9C22.9010800@chime.ucl.ac.uk> Hi, am.lists wrote: > Anthony, > > When I obfuscated my real IP in the htm, I added 1.3 to that score > (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was > the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. Actually the kicker is Bayes, my Bayes is scoring 99% which gives it a whole 3.5 points, added to the SARE stocks rules that is enough, ignoring any network tests (see below) > I looked on RE and don't see which group that's part of. It seems very > effective. That is in 70_SARE_STOCKS > > UPDATE: I just received another text-only one, and it's on the URL below. > > I didn't obfuscate any IPs this time, so the THIRD message would be an > interesting test. > > http://mailgw.evokeemail.com/q/20070208.htm Still get that one, Content analysis details: (8.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.1 FROM_NO_LOWER From address has no lower-case characters 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.1 TO_CC_NONE No To: or Cc: header 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From a.peacock at chime.ucl.ac.uk Fri Feb 9 17:11:18 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 16:15:47 2007 Subject: Scanning for Spam In-Reply-To: <45CC9C22.9010800@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> Message-ID: <45CC9D26.3070301@chime.ucl.ac.uk> Anthony Peacock wrote: > Hi, > > am.lists wrote: >> Anthony, >> >> When I obfuscated my real IP in the htm, I added 1.3 to that score >> (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was >> the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. > > Actually the kicker is Bayes, my Bayes is scoring 99% which gives it a > whole 3.5 points, added to the SARE stocks rules that is enough, > ignoring any network tests (see below) I also meant to point out that your Bayes was only hitting 50% which add nothing to the score. Start feeding these emails into the Bayes learning system, and it will start to match these emails. > >> I looked on RE and don't see which group that's part of. It seems very >> effective. > > > That is in 70_SARE_STOCKS > >> >> UPDATE: I just received another text-only one, and it's on the URL below. >> >> I didn't obfuscate any IPs this time, so the THIRD message would be an >> interesting test. >> >> http://mailgw.evokeemail.com/q/20070208.htm > > Still get that one, > > > Content analysis details: (8.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.3 TO_EMPTY To: is empty > 0.1 FROM_NO_LOWER From address has no lower-case characters > 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam > 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 1.0000] > 0.1 TO_CC_NONE No To: or Cc: header > 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 > > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From Richard.Frovarp at sendit.nodak.edu Fri Feb 9 17:14:50 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri Feb 9 16:18:53 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <45CC9DFA.6040105@sendit.nodak.edu> Res wrote: > On Thu, 8 Feb 2007, Roger Jochem wrote: > >> Since almost everyone here nows a lot about e-mail, server >> configuration, and that kind of stuff, I was wondering: how many of >> you use IMAP instead of POP3 for mail access? >> > > We use imap on localhost only for webmail, remote users don't have > access to it and use pop3. > > On other servers that use maildir format, no imap, they use sqwebmail > and pop3 which serves very well. > > A downside to imap is the constant login-do_request-logout > so you'd need some sort of proxy on heavy use servers or your log > spool will be full in a day :) > > If I have to build more? It would be pop3. > We run imapproxy on our webmail boxes. This is a requirement just due to how webmail works. We have a moderate horse powered box (Dual 2.4 Xeon, 2GB of RAM) handling 13K users all running IMAP via webmail or stand alone client. The one that handles 19K users has slightly more power behind it, only due to the fact it used to be the oldest and was up for replacement. The boxes were heavily overloaded back when they were calling SpamAssassin. Having MailScanner on machines in front has fixed that problem. Indexed (mbx format) inboxes also helped. From dave.list at pixelhammer.com Fri Feb 9 17:17:24 2007 From: dave.list at pixelhammer.com (DAve) Date: Fri Feb 9 16:21:32 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: <45CC9E94.8070904@pixelhammer.com> am.lists wrote: > Anthony, > > When I obfuscated my real IP in the htm, I added 1.3 to that score > (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was > the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. > > I looked on RE and don't see which group that's part of. It seems very > effective. > > UPDATE: I just received another text-only one, and it's on the URL below. > > I didn't obfuscate any IPs this time, so the THIRD message would be an > interesting test. > > http://mailgw.evokeemail.com/q/20070208.htm Message 3 scored; Content analysis details: (19.5 points, 5.0 required) pts rule name description -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 15 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 0.1 TO_CC_NONE No To: or Cc: header The fact I have been training on missed spam seems to be the kicker for me. I apparently have seen many of the same messages as you. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From am.lists at gmail.com Fri Feb 9 17:22:56 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 16:27:02 2007 Subject: Scanning for Spam In-Reply-To: <45CC9D26.3070301@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> Message-ID: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> > I also meant to point out that your Bayes was only hitting 50% which add > nothing to the score. Start feeding these emails into the Bayes > learning system, and it will start to match these emails. So, I guess that's the question. Is there a way to make Bayes learn this when it's not currently tagged as spam? PS: I did get the additional SARE rules added to my rdj config. I hope the admins over there don't ban me since I've downloaded some files than 1x/day today. :-/ Angelo From dave.list at pixelhammer.com Fri Feb 9 17:33:19 2007 From: dave.list at pixelhammer.com (DAve) Date: Fri Feb 9 16:37:29 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> Message-ID: <45CCA24F.40004@pixelhammer.com> am.lists wrote: >> I also meant to point out that your Bayes was only hitting 50% which add >> nothing to the score. Start feeding these emails into the Bayes >> learning system, and it will start to match these emails. > > So, I guess that's the question. > > Is there a way to make Bayes learn this when it's not currently tagged > as spam? There are many many ways to make that happen depending on your network, your policies, your users. We simply keep messages that we feel are spam and once a day I ftp the mailbox up to my MS servers and run sa-learn on them. I can run through our Postmaster mailboxes and gleen 50 a day easily (we have no spam scanning on postmaster or abuse). A simplistic approach, but so far seems to be working. We may have to get serious about it farther down the road. DAve > > PS: I did get the additional SARE rules added to my rdj config. I hope > the admins over there don't ban me since I've downloaded some files > than 1x/day today. :-/ > > Angelo -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From a.peacock at chime.ucl.ac.uk Fri Feb 9 17:40:57 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 16:45:12 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> Message-ID: <45CCA419.4000804@chime.ucl.ac.uk> am.lists wrote: >> I also meant to point out that your Bayes was only hitting 50% which add >> nothing to the score. Start feeding these emails into the Bayes >> learning system, and it will start to match these emails. > > So, I guess that's the question. > > Is there a way to make Bayes learn this when it's not currently tagged > as spam? > > PS: I did get the additional SARE rules added to my rdj config. I hope > the admins over there don't ban me since I've downloaded some files > than 1x/day today. :-/ > > Angelo Use the sa-learn feature http://spamassassin.apache.org/full/3.1.x/doc/sa-learn.html -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From roger at rudnick.com.br Fri Feb 9 17:44:06 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Feb 9 16:48:43 2007 Subject: Out of Topic: IMAP References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CC9DFA.6040105@sendit.nodak.edu> Message-ID: <03a801c74c69$83911930$0600a8c0@roger> Just curoius... How much of disk space have you for that use? ----- Original Message ----- From: "Richard Frovarp" To: "MailScanner discussion" Sent: Friday, February 09, 2007 2:14 PM Subject: Re: Out of Topic: IMAP > Res wrote: >> On Thu, 8 Feb 2007, Roger Jochem wrote: >> >>> Since almost everyone here nows a lot about e-mail, server >>> configuration, and that kind of stuff, I was wondering: how many of >>> you use IMAP instead of POP3 for mail access? >>> >> >> We use imap on localhost only for webmail, remote users don't have >> access to it and use pop3. >> >> On other servers that use maildir format, no imap, they use sqwebmail >> and pop3 which serves very well. >> >> A downside to imap is the constant login-do_request-logout >> so you'd need some sort of proxy on heavy use servers or your log >> spool will be full in a day :) >> >> If I have to build more? It would be pop3. >> > We run imapproxy on our webmail boxes. This is a requirement just due to > how webmail works. We have a moderate horse powered box (Dual 2.4 Xeon, > 2GB of RAM) handling 13K users all running IMAP via webmail or stand > alone client. The one that handles 19K users has slightly more power > behind it, only due to the fact it used to be the oldest and was up for > replacement. > > The boxes were heavily overloaded back when they were calling > SpamAssassin. Having MailScanner on machines in front has fixed that > problem. Indexed (mbx format) inboxes also helped. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From doc at maddoc.net Fri Feb 9 17:44:53 2007 From: doc at maddoc.net (Doc Schneider) Date: Fri Feb 9 16:48:58 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> Message-ID: <45CCA505.7030802@maddoc.net> am.lists wrote: > PS: I did get the additional SARE rules added to my rdj config. I hope > the admins over there don't ban me since I've downloaded some files > than 1x/day today. :-/ > > Angelo Most SARE rules aren't changed too much so we advise folks to grab anythng new with RDJ a couple times a day. BTW: I just released a new 70_sare_stocks.cf nothing majot just needed to comment out some un-used rules. And yes I am also maddoc@maddoc.net who maintains a lot of the rule sets for SARE. 8*) -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From MailScanner at ecs.soton.ac.uk Fri Feb 9 20:19:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 9 19:25:40 2007 Subject: How to check MS version In-Reply-To: <20070209152100.M17493@robhq.com> References: <20070209152100.M17493@robhq.com> Message-ID: <45CCC930.1060004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rob wrote: > On Fri, 9 Feb 2007 10:14:11 -0500, Ivan Arteaga wrote > >> Hello List, >> >> Can somebody please let me know the linux command in order to check the MS >> version I am running on? >> >> Will appreciate any help. >> >> --Ivan. >> > > > MailScanner -v > Or even the more obvious "MailScanner -version" or "MailScanner - --version" for the GNU-ers among you. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFzMm0EfZZRxQVtlQRAnQDAKD0TeamS8+A+zp0Gb133XWyDoHQowCgs1T0 QbBC9qiftH/a1DOr7gZ5x/k= =2NLN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Fri Feb 9 20:37:07 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 9 19:41:32 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: am.lists spake the following on 2/9/2007 7:57 AM: > Anthony, > > When I obfuscated my real IP in the htm, I added 1.3 to that score > (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was > the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. > > I looked on RE and don't see which group that's part of. It seems very > effective. > > UPDATE: I just received another text-only one, and it's on the URL below. > > I didn't obfuscate any IPs this time, so the THIRD message would be an > interesting test. > > http://mailgw.evokeemail.com/q/20070208.htm Here is how I hit #3 Content analysis details: (11.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.1 FROM_NO_LOWER From address has no lower-case characters 1.0 L_DRUGS12 L_DRUGS12 2.5 FORGED_RCVD_HELO Received: contains a forged HELO 2.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9972] 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 0.1 TO_CC_NONE No To: or Cc: header Excluding the botnet plugin, that is still a "9" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From am.lists at gmail.com Fri Feb 9 20:45:28 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 19:49:38 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Scott, Just curious why I got dinged for my IP being a spambot/virus... I have proper reverse and forward dns, not on any RBLs, etc. Angelo On 2/9/07, Scott Silva wrote: > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.0 BOTNET Relay might be a spambot or virusbot > [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] From gborders at jlewiscooper.com Fri Feb 9 22:17:10 2007 From: gborders at jlewiscooper.com (Greg Borders) Date: Fri Feb 9 21:21:23 2007 Subject: Scanning for Spam In-Reply-To: <45CCA24F.40004@pixelhammer.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> <45CCA24F.40004@pixelhammer.com> Message-ID: <45CCE4D6.1080009@jlewiscooper.com> DAve wrote: > am.lists wrote: >>> I also meant to point out that your Bayes was only hitting 50% which >>> add >>> nothing to the score. Start feeding these emails into the Bayes >>> learning system, and it will start to match these emails. >> >> So, I guess that's the question. >> >> Is there a way to make Bayes learn this when it's not currently >> tagged as spam? > > There are many many ways to make that happen depending on your > network, your policies, your users. We simply keep messages that we > feel are spam and once a day I ftp the mailbox up to my MS servers and > run sa-learn on them. > > I can run through our Postmaster mailboxes and gleen 50 a day easily > (we have no spam scanning on postmaster or abuse). A simplistic > approach, but so far seems to be working. We may have to get serious > about it farther down the road. > > DAve > >> >> PS: I did get the additional SARE rules added to my rdj config. I hope >> the admins over there don't ban me since I've downloaded some files >> than 1x/day today. :-/ >> >> Angelo > > Here I made a "spam" mail box, and created SYM links to it for users within their mail folders. As folks find spam that leak thru, they drag it over the "universal" spam box, and then I feed them via a daily cron job to sa-learn script which reads them, and then deletes them. Also handy is the Mailwatch interface, where I can run searches/reports, and then checkbox the bad ones for instant SA learning. Works great! Greg. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Sat Feb 10 00:49:02 2007 From: res at ausics.net (Res) Date: Fri Feb 9 23:53:13 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: On Fri, 9 Feb 2007, am.lists wrote: > Scott, > Just curious why I got dinged for my IP being a spambot/virus... > > I have proper reverse and forward dns, not on any RBLs, etc. > ~$ host 64.44.11.163 163.11.44.64.in-addr.arpa domain name pointer mailgw.evokemail.com. ~$ host mailgw.evokemail.com Host mailgw.evokemail.com not found: 2(SERVFAIL) ~$ whois evokemail.com getaddrinfo(whois.crsnic.net): Temporary failure in name resolution This might be why :) > Angelo > > On 2/9/07, Scott Silva wrote: >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 2.0 BOTNET Relay might be a spambot or virusbot >> [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From yossimor at hotmail.com Sat Feb 10 00:50:13 2007 From: yossimor at hotmail.com (yossi mor) Date: Fri Feb 9 23:54:18 2007 Subject: Scanning for Spam Message-ID: Hi Greg, What should i do in case that the mail box on the exchange? Can i simply copy those emails to a folder on a linux machine and run sa-learn? Thanks, Yossi > Date: Fri, 9 Feb 2007 16:17:10 -0500> From: gborders@jlewiscooper.com> To: mailscanner@lists.mailscanner.info> Subject: Re: Scanning for Spam> > DAve wrote:> > am.lists wrote:> >>> I also meant to point out that your Bayes was only hitting 50% which > >>> add> >>> nothing to the score. Start feeding these emails into the Bayes> >>> learning system, and it will start to match these emails.> >>> >> So, I guess that's the question.> >>> >> Is there a way to make Bayes learn this when it's not currently > >> tagged as spam?> >> > There are many many ways to make that happen depending on your > > network, your policies, your users. We simply keep messages that we > > feel are spam and once a day I ftp the mailbox up to my MS servers and > > run sa-learn on them.> >> > I can run through our Postmaster mailboxes and gleen 50 a day easily > > (we have no spam scanning on postmaster or abuse). A simplistic > > approach, but so far seems to be working. We may have to get serious > > about it farther down the road.> >> > DAve> >> >>> >> PS: I did get the additional SARE rules added to my rdj config. I hope> >> the admins over there don't ban me since I've downloaded some files> >> than 1x/day today. :-/> >>> >> Angelo> >> >> Here I made a "spam" mail box, and created SYM links to it for users > within their mail folders. As folks find spam that leak thru, they drag > it over the "universal" spam box, and then I feed them via a daily cron > job to sa-learn script which reads them, and then deletes them.> > Also handy is the Mailwatch interface, where I can run searches/reports, > and then checkbox the bad ones for instant SA learning. Works great!> > Greg.> > > > > --> This transmission may contain information that is privileged, confidential> and/or exempt from disclosure under applicable law. If you are not the> intended recipient, you are hereby notified that any disclosure, copying,> distribution, or use of the information contained herein (including any> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission> in error, please immediately contact the sender and destroy the material in> its entirety, whether in electronic or hard copy format. Thank you.> > -- > This message has been scanned for viruses and> dangerous content by MailScanner, and is> believed to be clean.> > -- > MailScanner mailing list> mailscanner@lists.mailscanner.info> http://lists.mailscanner.info/mailman/listinfo/mailscanner> > Before posting, read http://wiki.mailscanner.info/posting> > Support MailScanner development - buy the book off the website! _________________________________________________________________ Get the new Windows Live Messenger! http://get.live.com/messenger/overview -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070209/15e97e6a/attachment-0001.html From res at ausics.net Sat Feb 10 00:58:37 2007 From: res at ausics.net (Res) Date: Sat Feb 10 00:02:50 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: On followup, I recall several root servers under DoS in recent days, perhaps its still ongoing, in past few hours my server has 4.5.1'd redhat.com and sourceforge, so I wouldn't think it is your problem On Sat, 10 Feb 2007, Res wrote: > On Fri, 9 Feb 2007, am.lists wrote: > >> Scott, >> Just curious why I got dinged for my IP being a spambot/virus... >> >> I have proper reverse and forward dns, not on any RBLs, etc. >> > > ~$ host 64.44.11.163 > 163.11.44.64.in-addr.arpa domain name pointer mailgw.evokemail.com. > ~$ host mailgw.evokemail.com > Host mailgw.evokemail.com not found: 2(SERVFAIL) > > > ~$ whois evokemail.com > getaddrinfo(whois.crsnic.net): Temporary failure in name resolution > > > This might be why :) > > > >> Angelo >> >> On 2/9/07, Scott Silva wrote: >>> pts rule name description >>> ---- ---------------------- >>> -------------------------------------------------- >>> 2.0 BOTNET Relay might be a spambot or virusbot >>> [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] >> > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From ssilva at sgvwater.com Sat Feb 10 01:13:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 10 00:18:12 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: Res spake the following on 2/9/2007 3:49 PM: > On Fri, 9 Feb 2007, am.lists wrote: > >> Scott, >> Just curious why I got dinged for my IP being a spambot/virus... >> >> I have proper reverse and forward dns, not on any RBLs, etc. >> > > ~$ host 64.44.11.163 > 163.11.44.64.in-addr.arpa domain name pointer mailgw.evokemail.com. > ~$ host mailgw.evokemail.com > Host mailgw.evokemail.com not found: 2(SERVFAIL) > > > ~$ whois evokemail.com > getaddrinfo(whois.crsnic.net): Temporary failure in name resolution > > > This might be why :) > > That is what I got also -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From am.lists at gmail.com Sat Feb 10 03:16:35 2007 From: am.lists at gmail.com (am.lists) Date: Sat Feb 10 02:20:42 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: <25a66d840702091816j63296756p6cc48b76285ad91e@mail.gmail.com> Duh. My co-lo has spelled the domain name wrong in my revdns entry! Should be evokeemail.com, not evokemail.com as they have it: mailgw.evokemail.com <> mailgw.evokeemail.com !! I will have them fix it. Not that we send out mail from there, but it is nice to have the option to do so if we should choose to down the road. Thanks for helping me spot this. It's one of those darned obscure things that you could sit and look at for hours and not figure out. From res at ausics.net Sat Feb 10 03:57:32 2007 From: res at ausics.net (Res) Date: Sat Feb 10 03:01:44 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702091816j63296756p6cc48b76285ad91e@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> <25a66d840702091816j63296756p6cc48b76285ad91e@mail.gmail.com> Message-ID: On Fri, 9 Feb 2007, am.lists wrote: > Duh. > > My co-lo has spelled the domain name wrong in my revdns entry! > > Should be evokeemail.com, not evokemail.com as they have it: > > mailgw.evokemail.com <> mailgw.evokeemail.com !! > > I will have them fix it. > > Not that we send out mail from there, but it is nice to have the > option to do so if we should choose to down the road. > > Thanks for helping me spot this. It's one of those darned obscure > things that you could sit and look at for hours and not figure out. We aim to please :) > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From correiob at yahoo.com.br Sun Feb 11 01:37:24 2007 From: correiob at yahoo.com.br (correiob) Date: Sat Feb 10 23:39:27 2007 Subject: How to filter just incoming not outcoming emails? Message-ID: <7.0.1.0.1.20070210213706.01d14b38@yahoo.com.br> Hi: I have a Centos Linux, running Apache, Sendmail, Spam Assassin and MailScanner. This Server is POP as well as SMTP for all the mailboxes of my customers. Actually, the SpamAssassin and MailScanner at this Server filters / scan both, the emails that are being received and the emails that are being sent as well. This is giving my Server a really heavy load. I think I don't have neither the need (nor the obligation) to filter / scan the outgoing emails. This is a task up to the users at their own desktops and networks. But I undertand I have to filter just the incoming emails. So, my question is: is it possible to set Sendmail / Mail Scanner so that just the incoming emails are scanned agains virus and sent to Spam Assassin to be filtered? If so, please, tell me what to do. But, please, tell me like a cooking recipe, because I am not quite experienced with operating systems. Thanks a lot. Mario./ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.17.33/678 - Release Date: 9/2/2007 16:06 _______________________________________________________ Yahoo! Mail - Sempre a melhor opção para você! Experimente já e veja as novidades. http://br.yahoo.com/mailbeta/tudonovo/ From res at ausics.net Sun Feb 11 02:02:22 2007 From: res at ausics.net (Res) Date: Sun Feb 11 01:06:36 2007 Subject: How to filter just incoming not outcoming emails? In-Reply-To: <7.0.1.0.1.20070210213706.01d14b38@yahoo.com.br> References: <7.0.1.0.1.20070210213706.01d14b38@yahoo.com.br> Message-ID: On Sat, 10 Feb 2007, correiob wrote: > I think I don't have neither the need (nor the obligation) to filter / scan > the outgoing emails. This is a task up to the users at their own desktops and > networks. But I undertand I have to filter just the incoming emails. Wrong... You have an obligation to the rest of the internet to make sure your users dont send spam/viruses. Never rely on users to do it, because most wouldnt know how to, not to mention all the 0 day worms out there that disable local antivirus then go to work spamming. Not to mention the far higher risk of your server being blacklisted because it sends this crud. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From andrew.frazer at sententia.co.nz Sun Feb 11 04:05:33 2007 From: andrew.frazer at sententia.co.nz (Andrew Frazer) Date: Sun Feb 11 03:09:47 2007 Subject: File Name Checking - How to disable. Message-ID: If I want to disable filename checking, do I simply remove set the parameter 'Attachment Filename Checking' from %etc-dir%/filename.rules.conf to just blank? From glenn.steen at gmail.com Sun Feb 11 14:21:28 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 13:25:40 2007 Subject: File Name Checking - How to disable. In-Reply-To: References: Message-ID: <223f97700702110521x4da03baah68dc9947cea4ce2c@mail.gmail.com> On 11/02/07, Andrew Frazer wrote: > If I want to disable filename checking, do I simply remove set the parameter > 'Attachment Filename Checking' from %etc-dir%/filename.rules.conf to just > blank? You change Filename Rules = %....... to Filename Rules = #%.... to disable filename checking, and File Command = /what/ever to File Command = #/what/ever to disable filetype checking. All changes in MailScanner.conf ;-) Cheers -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jan-peter at koopmann.eu Sun Feb 11 14:24:58 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sun Feb 11 13:28:20 2007 Subject: Setting Exchange SCL from MailScanner Message-ID: Hi, there was a discussion about this back in October I think. I want to set Exchange SCL to 9 when MailScanner/SA detects spam. The discussion suggested it would be enough to add the following header: X-MS-Exchange-Organization-SCL: 9 unfortunatly the SCL is not set here. Any suggestions? Mit freundlichen Gr??en Jan-Peter Koopmann From jan-peter at koopmann.eu Sun Feb 11 15:10:39 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sun Feb 11 14:13:55 2007 Subject: Performance In-Reply-To: <45C0A5D3.4000408@katy.com> Message-ID: On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: > I'll get these suggestions implemented, only one I have problem > implementing is the relay_recipient_maps suggestions. This box is a > filter for several endpoints. If you are using Exim, why not use recipient callouts? That should work nicely and no scripting is necessary. Kind regards, JP From jan-peter at koopmann.eu Sun Feb 11 15:20:33 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sun Feb 11 14:23:45 2007 Subject: DSPAM? Message-ID: Hi, has anyone gotten DSPAM integrated into MailScanner with the GenericSpamScanner option? Anyone using it at all? For what? Just curious... :-) Kind regards, JP From keith at 12345678.org Sun Feb 11 17:32:12 2007 From: keith at 12345678.org (keith) Date: Sun Feb 11 16:36:36 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? In-Reply-To: <223f97700702080002r2b587dc9g9b4080139b71286e@mail.gmail.com> References: <20070208023714.M32928@12345678.org> <223f97700702080002r2b587dc9g9b4080139b71286e@mail.gmail.com> Message-ID: <20070211163014.M35318@12345678.org> Thank you for your kindly help, now is work great, because he afraid the mailscanner filter some clean message as spam, so he want a full original copy. On Thu, 8 Feb 2007 09:02:10 +0100, Glenn Steen wrote > On 08/02/07, keith wrote: > > Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode for > > Exchange behind, my manager need me to auto forward his in/out mail to yahoo > > mail, I try to turn on the "Archive Mail" function in MS , the maillog > > displayed the mail is accept and queued mail for delivery but it cannot > > forward to specify mail account , the following is my setting, would anyone > > can tell me the "Archive Mail" can work with gateway mode or my syntax have > > something wrong ? > > > > --- Config File ---- > > /etc/MailScanner/MailScanner.conf > > ## > > Archive Mail = %rules-dir%/archive.rules > > ## > > ------------------------------------- > > /etc/MailScanner/rules/archive.rules > > ## > > FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com > > ## > > ---------------------------------------- > > > > Thank you very much > > Keith > Try putting some whitespace between the "FromOrTo:" and the address > you match, remove the "yes" and restart/reload MailScanner... Should > make a difference. > Why are you doing this on Archive Mail (which will give him/her the > "bad stuff" like viruses and spam too), instead of the "cleaner" Non > Spam Actions etc? Seems like an unhealthy thing to be "originating" > spam and viruses sent to yahoo...;-). > When you move over to that, remember to set a default entry with the > normal actions (deliver and whatever else)....:-) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- From brent.bolin at gmail.com Sun Feb 11 18:37:12 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 17:41:23 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam Message-ID: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> Have these set in MailScanner.conf Always Include SpamAssassin Report = yes Detailed Spam Report = yes What am I missing ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/6b0b50c2/attachment.html From glenn.steen at gmail.com Sun Feb 11 18:42:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 17:47:01 2007 Subject: Performance In-Reply-To: References: <45C0A5D3.4000408@katy.com> Message-ID: <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> On 11/02/07, Koopmann, Jan-Peter wrote: > On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: > > > I'll get these suggestions implemented, only one I have problem > > implementing is the relay_recipient_maps suggestions. This box is a > > filter for several endpoints. > > If you are using Exim, why not use recipient callouts? That should work > nicely and no scripting is necessary. > > Kind regards, > JP The Postfix he is using should be able to do that too (in a way), but ... well, it's more "work" than a nice local hash lookup:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Feb 11 18:44:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 17:48:41 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> Message-ID: <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> On 11/02/07, BB wrote: > Have these set in MailScanner.conf > > Always Include SpamAssassin Report = yes > Detailed Spam Report = yes > > What am I missing ? > What does the logs tell you about them? are they "spam" due to BLs or spam chache hits perhaps? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brent.bolin at gmail.com Sun Feb 11 19:15:36 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 18:19:48 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> Message-ID: <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> I assume you are talking about all the log options in MailScanner.conf Turned on all that I could find. Stopped and restarted MailScaner Really haven't ever looked at the files in - /var/spool/MailScaner/quarantine/spam/* I just know I could view the spam scores etc... when using MailWatch I am in the middle of rebuilding a box. MailWatch isn't installed yet. FreeBSD 6.2 MailScanner-4.57.6_1 On 2/11/07, Glenn Steen wrote: > > On 11/02/07, BB wrote: > > Have these set in MailScanner.conf > > > > Always Include SpamAssassin Report = yes > > Detailed Spam Report = yes > > > > What am I missing ? > > > What does the logs tell you about them? are they "spam" due to BLs or > spam chache hits perhaps? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/ec9f0e9b/attachment.html From brent.bolin at gmail.com Sun Feb 11 19:20:29 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 18:24:41 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> Message-ID: <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore services.com is spam, SpamAssassin (not cached, score=6.943, required 3, ALL_TRUSTED -1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) /var/log/maillog Looks like it's there On 2/11/07, BB wrote: > > I assume you are talking about all the log options in MailScanner.conf > > Turned on all that I could find. Stopped and restarted MailScaner > > Really haven't ever looked at the files in - > > /var/spool/MailScaner/quarantine/spam/* > > I just know I could view the spam scores etc... when using MailWatch > > I am in the middle of rebuilding a box. MailWatch isn't installed yet. > > FreeBSD 6.2 > MailScanner-4.57.6_1 > > > > > > On 2/11/07, Glenn Steen wrote: > > > > On 11/02/07, BB wrote: > > > Have these set in MailScanner.conf > > > > > > Always Include SpamAssassin Report = yes > > > Detailed Spam Report = yes > > > > > > What am I missing ? > > > > > What does the logs tell you about them? are they "spam" due to BLs or > > spam chache hits perhaps? > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > ACK and you shall receive -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/567cdbdb/attachment.html From jstevens at athensdistributing.com Sun Feb 11 19:54:06 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Sun Feb 11 18:58:30 2007 Subject: OT: LookOUT 2007 Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> MaliScanner group, Around here MicroSoft stopped licensing Outlook 2003 last week. We use it in our Exchange/Outlook MailScanner gateway environment. In looking at messages within the 2007 LookOut client (R & D) I can't see how to find the full message Header. Before you would Choose VIEW | Options and get the message Id etc.. Is this removed or moved..Anyone? -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From glenn.steen at gmail.com Sun Feb 11 20:03:54 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 19:08:07 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> Message-ID: <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> On 11/02/07, BB wrote: > Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from > 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore > services.com is spam, SpamAssassin (not cached, score=6.943, required 3, > ALL_TRUSTED -1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM > S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) > > /var/log/maillog > > Looks like it's there > And this one does not get the report attached? On another note, perhaps you should have a look at why ALL_TRUSTED has fired, perhaps setting a correct trusted_networks for SpamAssassin... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.swaney at fsl.com Sun Feb 11 20:10:22 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun Feb 11 19:13:44 2007 Subject: LookOUT 2007 In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: <0a4001c74e10$47558a20$d6009e60$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of James R. Stevens > Sent: Sunday, February 11, 2007 1:54 PM > To: MailScanner discussion > Subject: OT: LookOUT 2007 > > MaliScanner group, > Around here MicroSoft stopped licensing Outlook 2003 last week. We use > it in our Exchange/Outlook MailScanner gateway environment. > > In looking at messages within the 2007 LookOut client (R & D) I can't > see how to find the full message Header. Before you would Choose VIEW > | Options and get the message Id etc.. > Is this removed or moved..Anyone? > In the Message reading window. Click on the tiny arrow in the lower left corner of the Options group. Not very obvious. Steve Steve Swaney steve@fsl.com From brent.bolin at gmail.com Sun Feb 11 20:14:40 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 19:18:51 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> Message-ID: <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> That's correct. I have made the changes you suggest trusted_networks my_rfc1918 in mailscanner.cf that is a symbolic link to spam.assassin.prefs.conf file On 2/11/07, Glenn Steen wrote: > > On 11/02/07, BB wrote: > > Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from > > 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore > > services.com is spam, SpamAssassin (not cached, score=6.943, required > 3, > > ALL_TRUSTED -1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM > > S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) > > > > /var/log/maillog > > > > Looks like it's there > > > And this one does not get the report attached? > > On another note, perhaps you should have a look at why ALL_TRUSTED has > fired, perhaps setting a correct trusted_networks for SpamAssassin... > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/1fa56a3d/attachment.html From drew at technologytiger.net Sun Feb 11 20:16:49 2007 From: drew at technologytiger.net (Drew Marshall) Date: Sun Feb 11 19:21:07 2007 Subject: Performance In-Reply-To: <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> References: <45C0A5D3.4000408@katy.com> <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> Message-ID: On 11 Feb 2007, at 17:42, Glenn Steen wrote: > On 11/02/07, Koopmann, Jan-Peter wrote: >> On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: >> >> > I'll get these suggestions implemented, only one I have problem >> > implementing is the relay_recipient_maps suggestions. This box is a >> > filter for several endpoints. >> >> If you are using Exim, why not use recipient callouts? That should >> work >> nicely and no scripting is necessary. >> >> Kind regards, >> JP > The Postfix he is using should be able to do that too (in a way), but > ... well, it's more "work" than a nice local hash lookup:-). It's not more work to set up, it's just a reject_unverified_recipient in smtpd_recipient_restrictions. The disadvantages (Which is where the work load comes in) is the gateway to mailbox server traffic, which will increase and the fact it only will work with MTAs that know how to reject unknown senders (>Exchange 2000) and it won't work if the mailbox server that you are 'gatewaying' for is off line so in that instance all mail destined for that box will be rejected with a 421 unable to verify type message. All in all if you can keep a copy of the users on the gateway this is usually better (If harder work to maintain). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From glenn.steen at gmail.com Sun Feb 11 20:59:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 20:04:10 2007 Subject: Performance In-Reply-To: References: <45C0A5D3.4000408@katy.com> <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> Message-ID: <223f97700702111159y3f314747gbb23addfd4e1ebc6@mail.gmail.com> On 11/02/07, Drew Marshall wrote: > On 11 Feb 2007, at 17:42, Glenn Steen wrote: > > > On 11/02/07, Koopmann, Jan-Peter wrote: > >> On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: > >> > >> > I'll get these suggestions implemented, only one I have problem > >> > implementing is the relay_recipient_maps suggestions. This box is a > >> > filter for several endpoints. > >> > >> If you are using Exim, why not use recipient callouts? That should > >> work > >> nicely and no scripting is necessary. > >> > >> Kind regards, > >> JP > > The Postfix he is using should be able to do that too (in a way), but > > ... well, it's more "work" than a nice local hash lookup:-). > > It's not more work to set up, it's just a reject_unverified_recipient > in smtpd_recipient_restrictions. The disadvantages (Which is where > the work load comes in) is the gateway to mailbox server traffic, > which will increase and the fact it only will work with MTAs that > know how to reject unknown senders (>Exchange 2000) and it won't work > if the mailbox server that you are 'gatewaying' for is off line so in > that instance all mail destined for that box will be rejected with a > 421 unable to verify type message. All in all if you can keep a copy > of the users on the gateway this is usually better (If harder work to > maintain). > > Drew Exactly.... Thanks for the eloquence Drew:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mike at vesol.com Sun Feb 11 21:20:04 2007 From: mike at vesol.com (Mike Kercher) Date: Sun Feb 11 20:27:38 2007 Subject: LookOUT 2007 In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: : -----Original Message----- : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- : bounces@lists.mailscanner.info] On Behalf Of James R. Stevens : Sent: Sunday, February 11, 2007 12:54 PM : To: MailScanner discussion : Subject: OT: LookOUT 2007 : : MaliScanner group, : Around here MicroSoft stopped licensing Outlook 2003 last week. We use : it in our Exchange/Outlook MailScanner gateway environment. : : In looking at messages within the 2007 LookOut client (R & D) I can't : see how to find the full message Header. Before you would Choose VIEW : | Options and get the message Id etc.. : Is this removed or moved..Anyone? : : -- Right click the message itself and select Message Options. I find Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista or Office 2007 so far. Mike From res at ausics.net Sun Feb 11 22:04:54 2007 From: res at ausics.net (Res) Date: Sun Feb 11 21:09:23 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: On Sun, 11 Feb 2007, Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. The add slogan goes "the wow starts now" they're right, "wow, we really gota use another OS, and now" ..and one don't have to pay several hundreds of dollars for :P Just about every list im on many people have bagged it. I still enjoy an M$ free zone :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From brent.bolin at gmail.com Sun Feb 11 22:28:18 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 21:32:31 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> Message-ID: <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Looking through some old archives of MailScanner. A question was asked similar to mine. Julian responded Mailscanner only reports to maillog. Apparently MailWatch stores the report in Mysql. Someone please correct me if I'm wrong. Do any of your quarantine messages have Spamassassin reports in them ? On 2/11/07, BB wrote: > > That's correct. > > I have made the changes you suggest trusted_networks my_rfc1918 in > mailscanner.cf that is a symbolic link to spam.assassin.prefs.conf file > > On 2/11/07, Glenn Steen wrote: > > > > On 11/02/07, BB wrote: > > > Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from > > > 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore > > > services.com is spam, SpamAssassin (not cached, score=6.943, required > > 3, > > > ALL_TRUSTED - 1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM > > > S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > > > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) > > > > > > /var/log/maillog > > > > > > Looks like it's there > > > > > And this one does not get the report attached? > > > > On another note, perhaps you should have a look at why ALL_TRUSTED has > > fired, perhaps setting a correct trusted_networks for SpamAssassin... > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > ACK and you shall receive > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/96c03146/attachment.html From res at ausics.net Sun Feb 11 22:46:55 2007 From: res at ausics.net (Res) Date: Sun Feb 11 21:51:24 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Message-ID: On Sun, 11 Feb 2007, BB wrote: > Someone please correct me if I'm wrong. Do any of your quarantine messages > have Spamassassin reports in them ? No they don't. IIRC this is deliberate. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Sun Feb 11 23:27:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 22:32:11 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Message-ID: <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> On 11/02/07, Res wrote: > > On Sun, 11 Feb 2007, BB wrote: > > > Someone please correct me if I'm wrong. Do any of your quarantine messages > > have Spamassassin reports in them ? > > No they don't. IIRC this is deliberate. > Correct that the messages in the quarantine themselves will not have them.... But _NailWatch_ should still display them in the details page for the message. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Feb 11 23:28:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 22:33:10 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> Message-ID: <223f97700702111428k6d1f037ds86f7235ec185ddd4@mail.gmail.com> On 11/02/07, Glenn Steen wrote: > On 11/02/07, Res wrote: > > > > On Sun, 11 Feb 2007, BB wrote: > > > > > Someone please correct me if I'm wrong. Do any of your quarantine messages > > > have Spamassassin reports in them ? > > > > No they don't. IIRC this is deliberate. > > > Correct that the messages in the quarantine themselves will not have > them.... But _NailWatch_ should still display them in the details page > for the message. > NailWatch == MailWatch.... I shouldn't do this when I'm somewhat ill....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brent.bolin at gmail.com Sun Feb 11 23:30:57 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 22:35:09 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Message-ID: <787dcac20702111430p5a4f2eadgd02083d6e367a3c0@mail.gmail.com> Could you please explain the reasoning why is deliberate ? On 2/11/07, Res wrote: > > > On Sun, 11 Feb 2007, BB wrote: > > > Someone please correct me if I'm wrong. Do any of your quarantine > messages > > have Spamassassin reports in them ? > > No they don't. IIRC this is deliberate. > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/7ccfa622/attachment.html From brent.bolin at gmail.com Sun Feb 11 23:54:40 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 22:58:52 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. Message-ID: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> It's messing up my total scores causing spam not to be caught ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/48c4545a/attachment.html From res at ausics.net Mon Feb 12 00:32:27 2007 From: res at ausics.net (Res) Date: Sun Feb 11 23:36:54 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702111428k6d1f037ds86f7235ec185ddd4@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> <223f97700702111428k6d1f037ds86f7235ec185ddd4@mail.gmail.com> Message-ID: On Sun, 11 Feb 2007, Glenn Steen wrote: > On 11/02/07, Glenn Steen wrote: >> On 11/02/07, Res wrote: >> > >> > On Sun, 11 Feb 2007, BB wrote: >> > >> > > Someone please correct me if I'm wrong. Do any of your quarantine >> messages >> > > have Spamassassin reports in them ? >> > >> > No they don't. IIRC this is deliberate. >> > >> Correct that the messages in the quarantine themselves will not have >> them.... But _NailWatch_ should still display them in the details page >> for the message. >> > NailWatch == MailWatch.... I shouldn't do this when I'm somewhat ill....:-) hehehe I know the feeling, big cricket day yesterday/last_night/early hours_of_today and I'm still paying for it :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From matt at coders.co.uk Mon Feb 12 00:42:24 2007 From: matt at coders.co.uk (Matt Hampton) Date: Sun Feb 11 23:46:54 2007 Subject: Slightly OT: Milter that uses the SA cache database Message-ID: <45CFA9E0.1050408@coders.co.uk> Good evening.... Would anyone be interested in a a milter that uses the SA cache that MailScanner generates and TEMPFAILS or REJECTS messages when the cache score is greater than a threshold? Very rough and ready - alpha code really but I am currently running it on a live box.... cheers Matt From febrianto at sioenasia.com Mon Feb 12 04:53:26 2007 From: febrianto at sioenasia.com (Budi Febrianto) Date: Mon Feb 12 03:52:48 2007 Subject: DNS White List, is a good thing? Message-ID: I just heard about dns white list (DNSWL), the purpose is to decrease the false positive detection. There is some hack for sendmail to use it. Spamassassin also can use it by giving a very low score when listed in dnswl. Anybody using it? And what dnswl server to be use? Best Regards From deanm at ispone.com.au Mon Feb 12 06:59:32 2007 From: deanm at ispone.com.au (Dean Manners) Date: Mon Feb 12 06:04:51 2007 Subject: Attachment-Warning variables with inline warnings Message-ID: <200702120600.l1C60WhI023012@relay01.ispone.net.au> Is it possible to use the $datenumber and $id variables in the inline.warning reports ? I am trying to display a "Click here to release" URL, however the report line containing the URL seems to be removed. Regards __________________________________________ Dean Manners -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/7392d1a7/attachment.html From maillists at conactive.com Mon Feb 12 12:15:36 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 12 11:19:51 2007 Subject: Attachment-Warning variables with inline warnings In-Reply-To: <200702120600.l1C60WhI023012@relay01.ispone.net.au> References: <200702120600.l1C60WhI023012@relay01.ispone.net.au> Message-ID: Dean Manners wrote on Mon, 12 Feb 2007 16:59:32 +1100: > Is it possible to use the $datenumber and $id variables in the > inline.warning reports ? ?I am trying to display a "Click here to release" > URL, however the report line containing the URL seems to be removed. It would be nice if you could convince yourself to not send HTML to a mailing list, thanks :-) This could also be the reason why you don't get the text you expect. There's a text and an HTML version. Did you change both? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From amoore at dekalbmemorial.com Mon Feb 12 14:44:58 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Mon Feb 12 13:49:15 2007 Subject: Setting Exchange SCL from MailScanner In-Reply-To: References: Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F34846@exch1.dekalbmemorial.local> Koopmann, Jan-Peter wrote: > Hi, > > there was a discussion about this back in October I think. I want to > set Exchange SCL to 9 when MailScanner/SA detects spam. The > discussion suggested it would be enough to add the following header: > > X-MS-Exchange-Organization-SCL: 9 > > unfortunatly the SCL is not set here. Any suggestions? > What does your spam actions configuration look like in MailScanner.conf? -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From m.anderlini at database.it Mon Feb 12 14:44:21 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 13:59:14 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700701251106o7f1911a6sa8951034ca44b279@mail.gmail.com> Message-ID: <200702121344.l1CDiSMc007588@netra.database.it> Hello to all, I'm still unable to resolve by myself this problem and my mqueue.in is stil huge. I've just tried to use spamassassin -D -t and I get this : ======================================== [31512] dbg: uridnsbl: query for ilbanner.com took 1 seconds to look up (sbl.spamhaus.org.:2.246.22.217) [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up (sbl.spamhaus.org.:10.196.64.217) ======================================== But in my MailScanner.conf I set to use CBL and in my normal log I get this : ============== RBL checks: l1CDWguL030057 found in CBL ============== So how can I to be sure what spamlist I'm using ? Maybe spamassassin -D -t just use a different .conf ? How can I be sure spamassassin -D -t would use my current configuration ? Thanks a lot for any suggestion Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: giovedì 25 gennaio 2007 20.07 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 25/01/07, Jay Chandler wrote: > > Marcello Anderlini wrote: > > > Sorry, if I answer just today but I way busy. > > > > > > I've checked In /etc/mail/spamassassin/mailscanner.cf but I found > > > just this lines nothing else ============================= # > > > MailScanner # MailScanner users, please > > > ============================= It's correct ? But If I add > the lines > > > you suggested the spam controls will stoped at all ? > > > > > > Sorry again for my worst english and thanks for any kind > of help you > > > will give me.. > > > > > > bye > > > > > > > > > > Howdy. > > > > MailScanner.conf is a couple of thousand lines long-- that's not > > correct at all. > > > > I'd suggest getting a fresh copy out of the tar file at > > www.mailscanner.info-- I'd also wonder what else is > corrupted on your > > installation. > > > Hi Jay & Marcello, > > First... Jay: MailScanner.conf != mailscanner.cf (which is > just a symlink to spam.assassin.prefs.conf)... You knew that;-) > > Second, Marcello: I assume the lines you are asking about are > the score lines as suggested by Martin (simply turning off > some RBLs in SpamAssassin). > The reason to turn these of is _if_ you can see (with a test > message run through spamassassin manually) that some BL or > other is taking a long time to finish... If a few of them do > SA might take a rather long while to finish, in turn leading > to MailScanner killing it off and logging the incident. *If* > you see this, it might be a good idea to do this. And yes, it > would perhaps affect the scoring a bit, if you turned them all off. > You should also check over any digest checks... All this > would probably be very obvious (one would hope, at least:-) > if you do a spamassassin -D -t < /path/to/test/file > > Hopefully this all is passing the language barrier OK... I > think we'll stick with english though... I suspect your > Swedish is even worse;-):-)... And that are the two languages > I'm really fluent in, so...:/ > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From glenn.steen at gmail.com Mon Feb 12 15:19:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 12 14:24:07 2007 Subject: Mqueue.in huge In-Reply-To: <200702121344.l1CDiSMc007588@netra.database.it> References: <223f97700701251106o7f1911a6sa8951034ca44b279@mail.gmail.com> <200702121344.l1CDiSMc007588@netra.database.it> Message-ID: <223f97700702120619j12a44279o7699e2ceb5484d44@mail.gmail.com> On 12/02/07, Marcello Anderlini wrote: > Hello to all, > I'm still unable to resolve by myself this problem and my mqueue.in is stil > huge. > I've just tried to use spamassassin -D -t and I get this : > ======================================== > [31512] dbg: uridnsbl: query for ilbanner.com took 1 seconds to look up > (sbl.spamhaus.org.:2.246.22.217) > [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up > (sbl.spamhaus.org.:10.196.64.217) > ======================================== > > But in my MailScanner.conf I set to use CBL and in my normal log I get this > : > ============== > RBL checks: l1CDWguL030057 found in CBL > ============== > > So how can I to be sure what spamlist I'm using ? Maybe spamassassin -D -t > just use a different .conf ? How can I be sure spamassassin -D -t would use > my current configuration ? > > Thanks a lot for any suggestion > > Best regards Marcello, If you've set to use CBL in Spam Lists, then _MailScanner_ will do that lookup and _unconditionally use the result for tagging the message as spam or not_... SpamAssassin has _nothing_ to do with this. SpamAssassin uses its own list of BLs by default... all the advice earlier (from Martin mostly;) is about "tuning" that list. Now, since MailScanner is a bit ... categoric... about the BL results, and the fact that MailScanner will do lookups _serialized_ (first list, second list etc) make many not use MailScanner for that at all. The reasoning is that if you trust the few lists you do in MailScanner so much, why then use them in the MTA to reject the mails out of hand instead. Having said that, if one has a situation like mine where laws (yes, laws) and to some extent policy prevent you from using BLs for rejections at the MTA level, then keeping one (at the most two) solid BLs (like SBL-XBL) in MS might be a good idea, and let the rest score through SA. Then be prepared that some messages will look like non-spam (low score) and still get tagged/quarantined as spam. I hope you don't have ORDB in MailScanners Spam Lists anymore, since that has gone offline (could cause the type of problem you describe). Hope this clears any confusion. When you did the spamassassin -D -t < /path/to/message ... did you see any noticeable pauses? If you disable SpamAssassin altogether, does that clear out your queues? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Mon Feb 12 16:54:57 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 16:06:44 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702120619j12a44279o7699e2ceb5484d44@mail.gmail.com> Message-ID: <200702121554.l1CFstxS028730@netra.database.it> I beg your pardon but how can set my MTA (I use sendmail) to use blacklist and to reject automaticaly email ? And also how can I turn off spamassin in Mailscanner.conf ? Thanks again for your help. Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: lunedì 12 febbraio 2007 15.20 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 12/02/07, Marcello Anderlini wrote: > > Hello to all, > > I'm still unable to resolve by myself this problem and my > mqueue.in is > > stil huge. > > I've just tried to use spamassassin -D -t and I get this : > > ======================================== > > [31512] dbg: uridnsbl: query for ilbanner.com took 1 > seconds to look > > up > > (sbl.spamhaus.org.:2.246.22.217) > > [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up > > (sbl.spamhaus.org.:10.196.64.217) > > ======================================== > > > > But in my MailScanner.conf I set to use CBL and in my > normal log I get > > this > > : > > ============== > > RBL checks: l1CDWguL030057 found in CBL ============== > > > > So how can I to be sure what spamlist I'm using ? Maybe > spamassassin > > -D -t just use a different .conf ? How can I be sure > spamassassin -D > > -t would use my current configuration ? > > > > Thanks a lot for any suggestion > > > > Best regards > Marcello, > > If you've set to use CBL in Spam Lists, then _MailScanner_ > will do that lookup and _unconditionally use the result for > tagging the message as spam or not_... SpamAssassin has > _nothing_ to do with this. > SpamAssassin uses its own list of BLs by default... all the > advice earlier (from Martin mostly;) is about "tuning" that list. > > Now, since MailScanner is a bit ... categoric... about the BL > results, and the fact that MailScanner will do lookups > _serialized_ (first list, second list etc) make many not use > MailScanner for that at all. > The reasoning is that if you trust the few lists you do in > MailScanner so much, why then use them in the MTA to reject > the mails out of hand instead. > > Having said that, if one has a situation like mine where laws (yes, > laws) and to some extent policy prevent you from using BLs > for rejections at the MTA level, then keeping one (at the > most two) solid BLs (like SBL-XBL) in MS might be a good > idea, and let the rest score through SA. Then be prepared > that some messages will look like non-spam (low score) and > still get tagged/quarantined as spam. > > I hope you don't have ORDB in MailScanners Spam Lists > anymore, since that has gone offline (could cause the type of > problem you describe). > > Hope this clears any confusion. > > When you did the spamassassin -D -t < /path/to/message ... > did you see any noticeable pauses? If you disable > SpamAssassin altogether, does that clear out your queues? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From m.anderlini at database.it Mon Feb 12 17:12:22 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 16:21:15 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702120619j12a44279o7699e2ceb5484d44@mail.gmail.com> Message-ID: <200702121612.l1CGCKRG013926@netra.database.it> I beg your pardon but how can set my MTA (I use sendmail) to use blacklist and to reject automaticaly email ? I found how to disable spamassasin and yes disabling it the queue clear, so ? Now I'm using again SBL-XBL as you suggested but I did not notice any improvement. Looking the log of spammassasin -D -t it seems it take a relative lot of time to... ================================================================== [11306] dbg: locker: safe_lock: created /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 1 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 2 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 3 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 4 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 5 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 6 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 7 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 8 retries ================================================================== Could be this my problem ? Should I turn off this feature and how this would impact spam detection ? Thanks again for your help. Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: lunedì 12 febbraio 2007 15.20 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 12/02/07, Marcello Anderlini wrote: > > Hello to all, > > I'm still unable to resolve by myself this problem and my > mqueue.in is > > stil huge. > > I've just tried to use spamassassin -D -t and I get this : > > ======================================== > > [31512] dbg: uridnsbl: query for ilbanner.com took 1 > seconds to look > > up > > (sbl.spamhaus.org.:2.246.22.217) > > [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up > > (sbl.spamhaus.org.:10.196.64.217) > > ======================================== > > > > But in my MailScanner.conf I set to use CBL and in my > normal log I get > > this > > : > > ============== > > RBL checks: l1CDWguL030057 found in CBL ============== > > > > So how can I to be sure what spamlist I'm using ? Maybe > spamassassin > > -D -t just use a different .conf ? How can I be sure > spamassassin -D > > -t would use my current configuration ? > > > > Thanks a lot for any suggestion > > > > Best regards > Marcello, > > If you've set to use CBL in Spam Lists, then _MailScanner_ > will do that lookup and _unconditionally use the result for > tagging the message as spam or not_... SpamAssassin has > _nothing_ to do with this. > SpamAssassin uses its own list of BLs by default... all the > advice earlier (from Martin mostly;) is about "tuning" that list. > > Now, since MailScanner is a bit ... categoric... about the BL > results, and the fact that MailScanner will do lookups > _serialized_ (first list, second list etc) make many not use > MailScanner for that at all. > The reasoning is that if you trust the few lists you do in > MailScanner so much, why then use them in the MTA to reject > the mails out of hand instead. > > Having said that, if one has a situation like mine where laws (yes, > laws) and to some extent policy prevent you from using BLs > for rejections at the MTA level, then keeping one (at the > most two) solid BLs (like SBL-XBL) in MS might be a good > idea, and let the rest score through SA. Then be prepared > that some messages will look like non-spam (low score) and > still get tagged/quarantined as spam. > > I hope you don't have ORDB in MailScanners Spam Lists > anymore, since that has gone offline (could cause the type of > problem you describe). > > Hope this clears any confusion. > > When you did the spamassassin -D -t < /path/to/message ... > did you see any noticeable pauses? If you disable > SpamAssassin altogether, does that clear out your queues? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From Denis.Beauchemin at USherbrooke.ca Mon Feb 12 17:19:02 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 12 16:23:40 2007 Subject: Slightly OT: Milter that uses the SA cache database In-Reply-To: <45CFA9E0.1050408@coders.co.uk> References: <45CFA9E0.1050408@coders.co.uk> Message-ID: <45D09376.5070404@USherbrooke.ca> Matt Hampton a ?crit : > Good evening.... > > Would anyone be interested in a a milter that uses the SA cache that > MailScanner generates and TEMPFAILS or REJECTS messages when the cache > score is greater than a threshold? > > Very rough and ready - alpha code really but I am currently running it > on a live box.... Matt, If I understand correctly the messages would have been detected as spam anyhow by MS but after some more processing. I think I would like to give it a try. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/1182d573/smime.bin From Denis.Beauchemin at USherbrooke.ca Mon Feb 12 17:24:41 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 12 16:29:13 2007 Subject: Mqueue.in huge In-Reply-To: <200702121612.l1CGCKRG013926@netra.database.it> References: <200702121612.l1CGCKRG013926@netra.database.it> Message-ID: <45D094C9.3090806@USherbrooke.ca> Marcello Anderlini a ?crit : > I beg your pardon but how can set my MTA (I use sendmail) to use blacklist > and to reject automaticaly email ? > I found how to disable spamassasin and yes disabling it the queue clear, so > ? > Now I'm using again SBL-XBL as you suggested but I did not notice any > improvement. > > Looking the log of spammassasin -D -t it seems it take a relative lot of > time to... > ================================================================== > [11306] dbg: locker: safe_lock: created > /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 0 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 1 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 2 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 3 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 4 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 5 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 6 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 7 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 8 retries > ================================================================== > Could be this my problem ? Should I turn off this feature and how this would > impact spam detection ? > Marcello, I use the following in my spam.assassin.prefs.conf file: use_auto_whitelist 0 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/1340a1dd/smime.bin From brian.duncan at kattenlaw.com Mon Feb 12 17:44:52 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 16:49:35 2007 Subject: Setting Exchange SCL from MailScanner References: Message-ID: <65234743FE1555428435CE39E6AC4078B38CDB@CHI-US-EXCH-01.us.kmz.com> I already replied to you directly. Figured I would reply to the list if anyone else was looking to do the same. >From everything I could find before, the way MS exchange and IMF works is that the SCL value that Exchange acts on is an extended MS attribute that is added to the message. It does NOT act upon the X-Header alone. At least I could NEVER get Exchange to act on ANY x-header I sent with a message.. At the time I was experimenting with this, I also found a way to add to the Outlook view a tab that would show SCL values of messages. Any of the X-headers I added, never seemed to effect this. This means that you should not be able to force Exchange to put something in the Junkmail folder by adding an X-Header. (I know you can with rules and stuff, but I mean by using SCL x-headers) We are doing this now, but only by using a product that sits on the Exchange servers called smtptracker. http://smtptracker.com It was like 25.00 for the product. They even sell the source code.. We have a few servers that all Exchange mail routes through for multiple locations. So we have it loaded on each. (It's not loaded on each users Echange server) Any messages that fail MailScanner/SpamAssassin have a failed x-header put in, when this message passed through the Exchange server that has SMTP Tracker loaded on it, it adds whatever MS specific data that assigns it an SCL of 9. (Thereby forcing it into a users JunkMail folder) This also means we can now truly have users take care of their own white listing. They can add anyone to their "Safe Sender" list and we don't have to whitelist anything any more at the MailScanner/SpamAssassin/Sendmail boxes. What is even better is that it also works for OWA use also for all of our users that access mail externally. Since the Junk Mail rules are server side. So anyone they add to their "safe sender list" when in the office also is applied when using OWA externally. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Koopmann, Jan-Peter > Sent: Sunday, February 11, 2007 7:25 AM > To: MailScanner discussion > Subject: Setting Exchange SCL from MailScanner > > Hi, > > there was a discussion about this back in October I think. I > want to set Exchange SCL to 9 when MailScanner/SA detects > spam. The discussion suggested it would be enough to add the > following header: > > X-MS-Exchange-Organization-SCL: 9 > > unfortunatly the SCL is not set here. Any suggestions? > > > > Mit freundlichen Gr??en > > Jan-Peter Koopmann > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From brian.duncan at kattenlaw.com Mon Feb 12 17:51:20 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 16:55:40 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> I sent this out back in December of 06 without any replies. Figured I would try again now. People were probably out on vacation.. I am seeing in the logs that when a message is determined to be Spam because of RBL checks it does NOT output the right info on the log but when it fails because of Spam Assassin analysis of the message it does print the right info in the logs. I see this on all 3 of my Mailscanner servers in my logs. (I recently updated to current MailScanner version with same results) Correct log notation: (ONLY occurs when SpamAssassin is involved) MailScanner[29410]: Message kBJ96Lbp009914 from 195.22.235.12 (ikfrjqvpvd@mdl.net ) to kattenlaw.com is spam, SpamAssassin (not cached, score=19.049, required 6.5, BAYES_99 6.00, HTML_40_ 50 0.50, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 1.10, NO_RDNS2 0.01, SARE_CSBIG 1.66, SARE_MLB_Stock1 2. 00, SARE_MLH_Stock1 1.66, SARE_RMML_Stock26 1.12, STCK_SPAM_BODY17 2.00, STCK_SPAM_BODY21 1.50, STCK_ SPAM_BODY28 1.50) Incorrect log notation: (message failed RBL) MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 (econnors@afr.com.au ) to kattenlaw.com is dnsbl it should actually read: MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 (econnors@afr.com.au ) to kattenlaw.com is spam, dnsbl Another incorrect log notation: MailScanner[31970]: Message kBJHT94h004055 from 221.200.186.157 (cwkomvq@broward.org) to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org I see this behavior on ALL of my mail servers. Is this only me? All my RBL checks work fine, it is just the notation in the log that is messed up. Thanks for any info =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From ssilva at sgvwater.com Mon Feb 12 17:54:06 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 16:59:00 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> Message-ID: BB spake the following on 2/11/2007 9:37 AM: > Have these set in MailScanner.conf > > Always Include SpamAssassin Report = yes > Detailed Spam Report = yes > > What am I missing ? > The messages only go to the log, and into the "passed on" copy of the mail. The quarantined messages are untouched, and will be as they came in. If you want to see the scores on quarantined stuff, you need to get that from the logs with something like Mailwatch, or forward a copy of the spam messages to an admin box. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Mon Feb 12 17:56:05 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 12 17:00:57 2007 Subject: OT: Hiring In-Reply-To: <45CB4F4D.8060304@ecs.soton.ac.uk> References: <45CB4F4D.8060304@ecs.soton.ac.uk> Message-ID: <45D09C25.6090307@nkpanama.com> Could you describe the needs/wants you would have from this staffer? What would they(me?) need to accomplish? Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We need to hire some additional part time staff who can help with > support for MailScanner, MailScanner related applications, MTAs and our > DefenderMX application. We will train you on DefenderMX. > > Salary is commensurate with qualifications and location anywhere is the > world is just fine, you just need a high speed Internet link. Hour are > flexible and the working environment is great J. Reasonable English > skill is required and an additional language would be useful but not > necessary. > > Please send you qualifications and desired compensation level directly > to hiring@fsl.com > > Thanks > > - -- > Steve Swaney > President > Fort Systems Ltd. > steve@fsl.com > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > 7sxp1o/rT/ptelv7aiTtLfs= > =D4j/ > -----END PGP SIGNATURE----- > From ka at pacific.net Mon Feb 12 18:00:52 2007 From: ka at pacific.net (Ken A) Date: Mon Feb 12 17:01:25 2007 Subject: Slightly OT: Milter that uses the SA cache database In-Reply-To: <45D09376.5070404@USherbrooke.ca> References: <45CFA9E0.1050408@coders.co.uk> <45D09376.5070404@USherbrooke.ca> Message-ID: <45D09D44.6030506@pacific.net> Send me a link. I'll give it a try. Sounds quite useful. Thanks, Ken A. Pacific.Net Denis Beauchemin wrote: > Matt Hampton a ?crit : >> Good evening.... >> >> Would anyone be interested in a a milter that uses the SA cache that >> MailScanner generates and TEMPFAILS or REJECTS messages when the cache >> score is greater than a threshold? >> >> Very rough and ready - alpha code really but I am currently running it >> on a live box.... > > Matt, > > If I understand correctly the messages would have been detected as spam > anyhow by MS but after some more processing. > > I think I would like to give it a try. > > Denis > From ssilva at sgvwater.com Mon Feb 12 17:58:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 17:04:35 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111430p5a4f2eadgd02083d6e367a3c0@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> <787dcac20702111430p5a4f2eadgd02083d6e367a3c0@mail.gmail.com> Message-ID: BB spake the following on 2/11/2007 2:30 PM: > Could you please explain the reasoning why is deliberate ? > The quarantine represents an untouched original. If you marked up and removed things in the quarantined message, you would not be able to release the original if it were deemed a false positive. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From m.anderlini at database.it Mon Feb 12 18:02:28 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 17:08:30 2007 Subject: Mqueue.in huge In-Reply-To: <45D094C9.3090806@USherbrooke.ca> Message-ID: <200702121702.l1CH2QN0026233@netra.database.it> Ok, let me try this changes. thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: lunedì 12 febbraio 2007 17.25 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > Marcello Anderlini a écrit : > > I beg your pardon but how can set my MTA (I use sendmail) to use > > blacklist and to reject automaticaly email ? > > I found how to disable spamassasin and yes disabling it the queue > > clear, so ? > > Now I'm using again SBL-XBL as you suggested but I did not > notice any > > improvement. > > > > Looking the log of spammassasin -D -t it seems it take a > relative lot > > of time to... > > ================================================================== > > [11306] dbg: locker: safe_lock: created > > /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 > > [11306] dbg: locker: safe_lock: trying to get lock on > > /root/.spamassassin/auto-whitelist with 0 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 1 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 2 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 3 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 4 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 5 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 6 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 7 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 8 retries > > ================================================================== > > Could be this my problem ? Should I turn off this feature > and how this > > would impact spam detection ? > > > Marcello, > > I use the following in my spam.assassin.prefs.conf file: > use_auto_whitelist 0 > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- Messaggio verificato dal servizio antivirus di Database Informatica From ssilva at sgvwater.com Mon Feb 12 18:00:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 17:09:23 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: Res spake the following on 2/11/2007 1:04 PM: > On Sun, 11 Feb 2007, Mike Kercher wrote: > >> Right click the message itself and select Message Options. I find >> Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista >> or Office 2007 so far. > > > The add slogan goes "the wow starts now" > > they're right, "wow, we really gota use another OS, and now" > ..and one don't have to pay several hundreds of dollars for :P > > Just about every list im on many people have bagged it. > I still enjoy an M$ free zone :P > > It might even get the PHB's here interested in a Linux / Openoffice deployment. We'll see...... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From m.anderlini at database.it Mon Feb 12 18:12:50 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 17:26:10 2007 Subject: Mqueue.in huge In-Reply-To: <45D094C9.3090806@USherbrooke.ca> Message-ID: <200702121712.l1CHCm1M001418@netra.database.it> I put use_auto_whitelist 0 in my spam.assassin.prefs.conf but not is changed ? I'm still getting spamassassin timeout, what else can I do ? I'm in panic :-( Thanks again Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: lunedì 12 febbraio 2007 17.25 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > Marcello Anderlini a écrit : > > I beg your pardon but how can set my MTA (I use sendmail) to use > > blacklist and to reject automaticaly email ? > > I found how to disable spamassasin and yes disabling it the queue > > clear, so ? > > Now I'm using again SBL-XBL as you suggested but I did not > notice any > > improvement. > > > > Looking the log of spammassasin -D -t it seems it take a > relative lot > > of time to... > > ================================================================== > > [11306] dbg: locker: safe_lock: created > > /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 > > [11306] dbg: locker: safe_lock: trying to get lock on > > /root/.spamassassin/auto-whitelist with 0 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 1 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 2 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 3 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 4 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 5 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 6 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 7 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 8 retries > > ================================================================== > > Could be this my problem ? Should I turn off this feature > and how this > > would impact spam detection ? > > > Marcello, > > I use the following in my spam.assassin.prefs.conf file: > use_auto_whitelist 0 > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- Messaggio verificato dal servizio antivirus di Database Informatica From shuttlebox at gmail.com Mon Feb 12 18:30:18 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 12 17:34:35 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. In-Reply-To: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> References: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> Message-ID: <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> On 2/11/07, BB wrote: > > It's messing up my total scores causing spam not to be caught ? You could always reassign the score to any value you like: score BAYES_00 -0.5 Put that in a .cf file in the /etc/mail/spamassassin folder. -- /peter From ssilva at sgvwater.com Mon Feb 12 18:42:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 17:46:37 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> Message-ID: Duncan, Brian M. spake the following on 2/12/2007 8:51 AM: > I sent this out back in December of 06 without any replies. Figured I > would try again now. People were probably out on vacation.. > > > I am seeing in the logs that when a message is determined to be Spam > because of RBL checks it does NOT output the right info > on the log but when it fails because of Spam Assassin analysis of the > message it does print the right info in the logs. > > > I see this on all 3 of my Mailscanner servers in my logs. (I recently > updated to current MailScanner version with same results) > > > Correct log notation: (ONLY occurs when SpamAssassin is involved) > > MailScanner[29410]: Message kBJ96Lbp009914 from 195.22.235.12 > (ikfrjqvpvd@mdl.net ) to kattenlaw.com is > spam, SpamAssassin (not cached, score=19.049, required 6.5, BAYES_99 > 6.00, HTML_40_ > 50 0.50, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 1.10, NO_RDNS2 0.01, > SARE_CSBIG 1.66, SARE_MLB_Stock1 2. > 00, SARE_MLH_Stock1 1.66, SARE_RMML_Stock26 1.12, STCK_SPAM_BODY17 2.00, > STCK_SPAM_BODY21 1.50, STCK_ > SPAM_BODY28 1.50) > > > Incorrect log notation: (message failed RBL) > MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 > (econnors@afr.com.au ) to kattenlaw.com is > dnsbl > > > it should actually read: > MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 > (econnors@afr.com.au ) to kattenlaw.com is > spam, dnsbl > > > Another incorrect log notation: > MailScanner[31970]: Message kBJHT94h004055 from 221.200.186.157 > (cwkomvq@broward.org) to kattenlaw.com is cbl, MAPS-ALL, > zen.spamhaus.org > > > I see this behavior on ALL of my mail servers. > > > Is this only me? > > > All my RBL checks work fine, it is just the notation in the log that is > messed up. > > > Thanks for any info It looks as if it is telling you which list it hit. Do you have anything set in the following? # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as spam and so the "Spam # Actions" will happen, unless the message reaches the levels for "High # Scoring Spam". By default this is set to 1 to mimic the previous # behaviour, which means that appearing in any "Spam Lists" will cause # the message to be treated as spam. # This can also be the filename of a ruleset. Spam Lists To Be Spam = 0 Also look here; # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as "High Scoring Spam" and so # the "High Scoring Spam Actions" will happen. You probably want to set # this to 2 if you are actually using this feature. 5 is high enough that # it will never happen unless you use lots of "Spam Lists". # This can also be the filename of a ruleset. Spam Lists To Reach High Score = 0 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gerard at seibercom.net Mon Feb 12 18:50:16 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 12 17:54:26 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: <20070212124502.4E16.GERARD@seibercom.net> On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. I just tried Vista with the latest MS Office. It ran quite well. Of course, you have to have a system with the nuts to handle it. This was on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of memory. I would never use it on an outdated single core system with 512 memory. Just my 2¢Â¢. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois From brian.duncan at kattenlaw.com Mon Feb 12 18:56:15 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 18:00:39 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> > It looks as if it is telling you which list it hit. > Do you have anything set in the following? > # If a message appears in at least this number of "Spam > Lists" (as defined # above), then the message will be treated > as spam and so the "Spam # Actions" will happen, unless the > message reaches the levels for "High # Scoring Spam". By > default this is set to 1 to mimic the previous # behavior, > which means that appearing in any "Spam Lists" will cause # > the message to be treated as spam. > # This can also be the filename of a ruleset. > Spam Lists To Be Spam = 0 > Thanks for the info, I do understand that. The problem is it's missing text in the maillog. (At least I think it is) Let me show examples, but shorten them to get my point across better: Portion of message in mail log that fails due to SpamAssassin: to kattenlaw.com is spam, SpamAssassin (not cached, score=19.049 Portion of message in mail log that fails due to RBL: to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org Notice that the word spam is missing in the RBL failure message? Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, zen.spamhaus.org I hope that makes it more clear. Thanks, Brian =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From mike at vesol.com Mon Feb 12 19:11:29 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Feb 12 18:20:18 2007 Subject: LookOUT 2007 References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> <20070212124502.4E16.GERARD@seibercom.net> Message-ID: Sorry for top posting...OWA! I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with 4G of RAM and it still drags arse. Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Gerard Seibert Sent: Mon 2/12/2007 11:50 AM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. I just tried Vista with the latest MS Office. It ran quite well. Of course, you have to have a system with the nuts to handle it. This was on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of memory. I would never use it on an outdated single core system with 512 memory. Just my 2?. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Sorry for top posting...OWA! I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with 4G of RAM and it still drags arse. Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Gerard Seibert Sent: Mon 2/12/2007 11:50 AM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. I just tried Vista with the latest MS Office. It ran quite well. Of course, you have to have a system with the nuts to handle it. This was on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of memory. I would never use it on an outdated single core system with 512 memory. Just my 2?. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Mon Feb 12 19:26:43 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 12 18:31:35 2007 Subject: Mqueue.in huge In-Reply-To: <200702121712.l1CHCm1M001418@netra.database.it> References: <200702121712.l1CHCm1M001418@netra.database.it> Message-ID: <45D0B163.6090603@USherbrooke.ca> Marcello Anderlini a ?crit : > I put use_auto_whitelist 0 in my spam.assassin.prefs.conf but not is changed > ? > I'm still getting spamassassin timeout, what else can I do ? I'm in panic > :-( > > Marcello, I haven't followed this thread from the beginning so: 1. have you restarted MS after the change ? 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf ? 3. after restarting MS, do you get any error/warning messages in your maillog? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/7cea1369/smime.bin From Kevin_Miller at ci.juneau.ak.us Mon Feb 12 19:29:58 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Feb 12 18:34:12 2007 Subject: LookOUT 2007 In-Reply-To: Message-ID: Mike Kercher wrote: > Sorry for top posting...OWA! > > I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with > 4G of RAM and it still drags arse. Have you tried Pine? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From mailscanner at yeticomputers.com Mon Feb 12 19:49:34 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 12 18:54:00 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> Message-ID: <45D0B6BE.7020809@yeticomputers.com> Duncan, Brian M. wrote: > Notice that the word spam is missing in the RBL failure message? > > Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, > zen.spamhaus.org > > > > I hope that makes it more clear. > It is my understanding that the "is spam" designation is to distinguish messages that have failed SpamAssassin checks from messages that have failed other checks. If I'm wrong, someone please correct me. Rick From ssilva at sgvwater.com Mon Feb 12 19:46:39 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 18:57:34 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> Message-ID: Duncan, Brian M. spake the following on 2/12/2007 9:56 AM: > > >> It looks as if it is telling you which list it hit. >> Do you have anything set in the following? >> # If a message appears in at least this number of "Spam > >> Lists" (as defined # above), then the message will be treated > >> as spam and so the "Spam # Actions" will happen, unless the > >> message reaches the levels for "High # Scoring Spam". By > >> default this is set to 1 to mimic the previous # behavior, > >> which means that appearing in any "Spam Lists" will cause # > >> the message to be treated as spam. >> # This can also be the filename of a ruleset. >> Spam Lists To Be Spam = 0 >> > > > Thanks for the info, I do understand that. > > > The problem is it's missing text in the maillog. (At least I think it > is) > > Let me show examples, but shorten them to get my point across better: > > Portion of message in mail log that fails due to SpamAssassin: > > to kattenlaw.com is spam, SpamAssassin (not cached, score=19.049 > > Portion of message in mail log that fails due to RBL: > > to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org > > Notice that the word spam is missing in the RBL failure message? > > > Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, > zen.spamhaus.org > > > > I hope that makes it more clear. OK. Have a look at this setting; # If the message sender is on any of the Spam Lists, do you still want # to do the SpamAssassin checks? Setting this to "no" will reduce the load # on your server, but will stop the High Scoring Spam Actions from ever # happening. # This can also be the filename of a ruleset. Check SpamAssassin If On Spam List = yes -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brian.duncan at kattenlaw.com Mon Feb 12 20:07:08 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 19:11:35 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> > > I hope that makes it more clear. > OK. Have a look at this setting; > # If the message sender is on any of the Spam Lists, do you > still want # to do the SpamAssassin checks? Setting this to > "no" will reduce the load # on your server, but will stop the > High Scoring Spam Actions from ever # happening. > # This can also be the filename of a ruleset. > Check SpamAssassin If On Spam List = yes Thanks, I understand the directives and what they accomplish. (I thought I did at least) Isn't the log notation missing something still though? My log for RBL'ed messages says: to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org It looks like something needs to come after the "is" other then the RBL services that were hit. Something like, is high scoring Spam, cbl, MAPS-ALL, zen.spamhaus.org or is RBL'ed, cbl, MAPS-ALL, zen.spamhaus.org. Etc.. I was really only asking about this because I wanted to know if others had the same type of notation in their logs. Since it's cosmetic, and does not effect my servers I am not that worried about it. Thanks =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From brian.duncan at kattenlaw.com Mon Feb 12 20:11:28 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 19:16:02 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> <45D0B6BE.7020809@yeticomputers.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CE1@CHI-US-EXCH-01.us.kmz.com> OK I can understand that if it was meant to be that way. For RBL it should then be something like: to kattenlaw.com is spam(RBL), cbl, MAPS-ALL, zen.spamhaus.org Otherwise grammatically it does not make sense. I really just brought this up to see if this was only happening to me. Thanks > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rick Chadderdon > Sent: Monday, February 12, 2007 12:50 PM > To: MailScanner discussion > Subject: Re: Do others see this effect in their maillogs? > > Duncan, Brian M. wrote: > > Notice that the word spam is missing in the RBL failure message? > > > > Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, > > zen.spamhaus.org > > > > > > > > I hope that makes it more clear. > > > It is my understanding that the "is spam" designation is to > distinguish messages that have failed SpamAssassin checks > from messages that have failed other checks. If I'm wrong, > someone please correct me. > > Rick > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From mkettler at evi-inc.com Mon Feb 12 20:19:49 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 12 19:24:37 2007 Subject: DNS White List, is a good thing? In-Reply-To: References: Message-ID: <45D0BDD5.6010803@evi-inc.com> Budi Febrianto wrote: > I just heard about dns white list (DNSWL), the purpose is to decrease the > false positive detection. > There is some hack for sendmail to use it. > Spamassassin also can use it by giving a very low score when listed in > dnswl. > Anybody using it? And what dnswl server to be use? By default SpamAssassin uses bondedsender, and habeas SOI/COI dnswls. (note Habeas SWE is dead, and the above habeas DNSWLs have nothing to do with the old haiku-in-the-headers method that Habeas no longer supports.) From mailscanner at yeticomputers.com Mon Feb 12 20:45:26 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 12 19:49:58 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> Message-ID: <45D0C3D6.3090605@yeticomputers.com> Duncan, Brian M. wrote: > Thanks, > > I understand the directives and what they accomplish. (I thought I did > at least) > > Isn't the log notation missing something still though? > > My log for RBL'ed messages says: > > to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org > > It looks like something needs to come after the "is" other then the RBL > services that were hit. > > Something like, is high scoring Spam, cbl, MAPS-ALL, zen.spamhaus.org or > is RBL'ed, cbl, MAPS-ALL, zen.spamhaus.org. Etc.. > > > I was really only asking about this because I wanted to know if others > had the same type of notation in their logs. Since it's cosmetic, and > does not effect my servers I am not that worried about it. Yes, this is how things are noted in my logs as well. I understand where you're coming from, but since logs are almost never grammatically correct, I've never really considered it a problem. In fact, I'd rather a log file give me information as concisely as possible, as long as the information is complete enough to derive the missing info. Grammatically correct is usually not concise. I prefer to reject from RBLs at the MTA, and my particular business model allows me to make this decision for my customers - so I don't use RBL checks in MailScanner. Still, if I did, I would not need my logs to preface every entry with "is spam" when rejecting/marking/quarantining a message, nor, if space was at a premium, would I want them to. Spam is stuff that SpamAssassin scored, cbl is cbl, etc. I already *know* it's all "spam". I suppose that if it were done the way you suggest, it might make it easier to grep your logfile for a count of "is spam" lines and get a quick total of all of your spam. Hmmm... Well, it's not something I need, but I can see why it would bother someone. :) Rick From brian.duncan at kattenlaw.com Mon Feb 12 20:57:37 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 20:01:56 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> <45D0C3D6.3090605@yeticomputers.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CE3@CHI-US-EXCH-01.us.kmz.com> > I suppose that if it were done the way you suggest, it might > make it easier to grep your logfile for a count of "is spam" > lines and get a quick total of all of your spam. Hmmm... > Well, it's not something I need, but I can see why it would > bother someone. :) That was exactly how I even noticed it :) Someone asked for a quick count on RBL Vs Spam content. I can live with it, I just wanted to make sure it was not JUST me and bring it to the MailScanner developers attention. So thanks for confirming that for me. I also think it was fine several versions ago. (year or so ago) I have no old logs to reference though to verify that. Thanks =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From am.lists at gmail.com Mon Feb 12 22:31:17 2007 From: am.lists at gmail.com (am.lists) Date: Mon Feb 12 21:35:38 2007 Subject: "not cached, timed out" in spam that scored 0. Message-ID: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> I was browsing my mailwatch "recent 50" messages and spotted a 0.00 score message that I could tell right away was junk spam. It was 39k in size and was routed from RR residential, and direct from a cable modem. Obvious botnet picture spam... But looking at the header, for the spam report, it simply said: not cached timed out --- Then I started looking deeper, and for today, I found this: [root@mailgw log]# grep "timed out" maillog Feb 12 13:07:46 mailgw MailScanner[1006]: SpamAssassin timed out and was killed, failure 1 of 10 Feb 12 14:44:04 mailgw MailScanner[15377]: SpamAssassin timed out and was killed, failure 1 of 10 Feb 12 14:47:40 mailgw MailScanner[2613]: SpamAssassin timed out and was killed, failure 1 of 10 Only three lines out of 160K lines of maillog for the day so far. Where would I look for this timeout setting? If I'm only getting stuck three times a day on this, I'd like to be a little more forgiving if possible. Thanks, Angelo From ljosnet at gmail.com Mon Feb 12 22:37:09 2007 From: ljosnet at gmail.com (emm1) Date: Mon Feb 12 21:41:25 2007 Subject: OT: Hiring In-Reply-To: <45D09C25.6090307@nkpanama.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> Message-ID: <910ee2ac0702121337k43da7d2fsdf232ff1c0cffc2d@mail.gmail.com> Service provided by FSL is a joke. We've had nothing but problems with this DefenderMX, it was poorly setup, they didn't optimize the server to it's fullest and now we noticed that when they installed it in december they used a DEMO licence which expired today and no reply from them yet to fix this. On 2/12/07, Alex Neuman van der Hans wrote: > Could you describe the needs/wants you would have from this staffer? > What would they(me?) need to accomplish? > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > We need to hire some additional part time staff who can help with > > support for MailScanner, MailScanner related applications, MTAs and our > > DefenderMX application. We will train you on DefenderMX. > > > > Salary is commensurate with qualifications and location anywhere is the > > world is just fine, you just need a high speed Internet link. Hour are > > flexible and the working environment is great J. Reasonable English > > skill is required and an additional language would be useful but not > > necessary. > > > > Please send you qualifications and desired compensation level directly > > to hiring@fsl.com > > > > Thanks > > > > - -- > > Steve Swaney > > President > > Fort Systems Ltd. > > steve@fsl.com > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.5.3 (Build 5003) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > > 7sxp1o/rT/ptelv7aiTtLfs= > > =D4j/ > > -----END PGP SIGNATURE----- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mike at vesol.com Mon Feb 12 22:36:35 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Feb 12 21:44:14 2007 Subject: LookOUT 2007 In-Reply-To: References: Message-ID: : -----Original Message----- : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- : bounces@lists.mailscanner.info] On Behalf Of Kevin Miller : Sent: Monday, February 12, 2007 12:30 PM : To: MailScanner discussion : Subject: RE: LookOUT 2007 : : Mike Kercher wrote: : > Sorry for top posting...OWA! : > : > I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with : > 4G of RAM and it still drags arse. : : Have you tried Pine? : : I have NOT tried Pine to connect to Exchange ;) Mike From ssilva at sgvwater.com Mon Feb 12 22:50:39 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 21:56:13 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> Message-ID: am.lists spake the following on 2/12/2007 1:31 PM: > I was browsing my mailwatch "recent 50" messages and spotted a 0.00 > score message that I could tell right away was junk spam. > > It was 39k in size and was routed from RR residential, and direct from > a cable modem. > > Obvious botnet picture spam... > > But looking at the header, for the spam report, it simply said: > > not cached > timed out > > --- > > Then I started looking deeper, and for today, I found this: > > [root@mailgw log]# grep "timed out" maillog > Feb 12 13:07:46 mailgw MailScanner[1006]: SpamAssassin timed out and > was killed, failure 1 of 10 > Feb 12 14:44:04 mailgw MailScanner[15377]: SpamAssassin timed out and > was killed, failure 1 of 10 > Feb 12 14:47:40 mailgw MailScanner[2613]: SpamAssassin timed out and > was killed, failure 1 of 10 > > > Only three lines out of 160K lines of maillog for the day so far. > > Where would I look for this timeout setting? If I'm only getting stuck > three times a day on this, I'd like to be a little more forgiving if > possible. > > Thanks, > Angelo You can increase the spamassasin timeout in mailscanner.conf, since you aren't getting hit a lot in a day. More timeouts are usually an indication of resolver problems or bayes rebuild attempts. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Mon Feb 12 22:56:26 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Feb 12 22:00:43 2007 Subject: OT: Hiring In-Reply-To: <910ee2ac0702121337k43da7d2fsdf232ff1c0cffc2d@mail.gmail.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> <910ee2ac0702121337k43da7d2fsdf232ff1c0cffc2d@mail.gmail.com> Message-ID: <006a01c74ef0$a4b71d10$ee255730$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of emm1 > Sent: Monday, February 12, 2007 4:37 PM > To: MailScanner discussion > Subject: Re: OT: Hiring > > Service provided by FSL is a joke. We've had nothing but problems with > this DefenderMX, it was poorly setup, they didn't optimize the server > to it's fullest and now we noticed that when they installed it in > december they used a DEMO licence which expired today and no reply > from them yet to fix this. > Please email directly to support@fsl.com and let us know which system this is. Also please send the RT ticket tracking number so we can see where out where support went wrong. I'd like to find out what happened. I have not seen a request for this in the RT system but I may have missed it. There are no support requests from ljosnet@gmail.com We do try to provide the best support available but obviously something went wrong. My sincere apologies, Steve Steve Swaney steve@fsl.com From res at ausics.net Mon Feb 12 22:56:24 2007 From: res at ausics.net (Res) Date: Mon Feb 12 22:00:48 2007 Subject: LookOUT 2007 In-Reply-To: <20070212124502.4E16.GERARD@seibercom.net> References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> <20070212124502.4E16.GERARD@seibercom.net> Message-ID: On Mon, 12 Feb 2007, Gerard Seibert wrote: > On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > >> Right click the message itself and select Message Options. I find >> Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista >> or Office 2007 so far. > > I just tried Vista with the latest MS Office. It ran quite well. Of > course, you have to have a system with the nuts to handle it. This was > on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of > memory. I would never use it on an outdated single core system with 512 > memory. > Yeah, and what will be the requirment in the next version on winblows, a supercomputer, and thats just for basics :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From am.lists at gmail.com Mon Feb 12 22:59:10 2007 From: am.lists at gmail.com (am.lists) Date: Mon Feb 12 22:03:28 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> Message-ID: <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> Scott: I felt the same way -- only seeing 3 timeouts, its probably ok to bump up the timeout, but wasn't sure where the setting was. If I had seen a bunch of timeouts, I'd be investigating what was causing the individual timeouts. I found the setting in /etc/MailScanner/mailscanner.conf... It was 75, I bumped it to 90. FWIW, I did the lint test of SA through MailWatch GUI to see if there were any apparent issues, the elapsed time on that comes in at 5.97865sec. Having nothing to compare that to, is that good, bad, horrible, etc? Angelo From res at ausics.net Mon Feb 12 23:05:33 2007 From: res at ausics.net (Res) Date: Mon Feb 12 22:10:07 2007 Subject: Mqueue.in huge In-Reply-To: <200702121554.l1CFstxS028730@netra.database.it> References: <200702121554.l1CFstxS028730@netra.database.it> Message-ID: Hi, On Mon, 12 Feb 2007, Marcello Anderlini wrote: > I beg your pardon but how can set my MTA (I use sendmail) to use blacklist > and to reject automaticaly email ? Add this to your sendmail.mc file in sendmail-source/cf/cf The 'FEATURE' to 'dnl' is all on one line FEATURE(`blacklist_recipients')dnl # <--- this should be already there FEATURE(`enhdnsbl', `zen.spamhaus.org', `"553 rejected - see http://www.spamhaus.org/query/bl?ip="$&{client_addr}', `')dnl FEATURE(`enhdnsbl', `bl.spamcop.net', `"553 rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}', `')dnl FEATURE(`enhdnsbl',`dnsbl.sorbs.net',`"553 rejected - " $&{client_addr} " found in dnsbl.sorbs.net"', `')dnl FEATURE(`enhdnsbl', `combined.njabl.org', `"553 rejected - see http://njabl.org/lookup?"$&{client_addr}', `')dnl Then ./Build install-cf and restart sendmail > And also how can I turn off spamassin in Mailscanner.conf ? Use SpamAssassin = yes to Use SpamAssassin = no then killall -HUP MailScanner -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From gerard at seibercom.net Mon Feb 12 23:11:27 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 12 22:15:39 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net> Message-ID: <20070212170051.722F.GERARD@seibercom.net> On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > Yeah, and what will be the requirment in the next version on winblows, > a supercomputer, and thats just for basics :P Are you suggesting that we all go back to using 8086 based PC's? Seriously, Every few years I buy another PC. I then add the older one to my network; however, that is another story. I was just waiting for the new Vista to be released before I purchased a new PC. that way I can get both at the same time. If it weren't for MicroSoft virtually forcing hardware developers to improve their offerings, we would probably still be stuck with 386's and 12mb. of memory. Somebody has got to push the envelope, and MicroSoft is the only OS doing it. Besides, if I remember correctly, my first PC was an 8086 that cost approximately $2000. with everything. My last was a Dell 4550, 3.1 GHZ HT, 1024 memory and 120Gig HD. It cost just $1950. Considering that my pay scale is higher now than it was in 1983, I consider that a 'good deal'. Anyway, what ever floats you boat! -- Gerard The greatest trick the devil ever played was convincing the world he didn't exist. From ssilva at sgvwater.com Mon Feb 12 23:12:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 22:17:46 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> Message-ID: am.lists spake the following on 2/12/2007 1:59 PM: > Scott: > > I felt the same way -- only seeing 3 timeouts, its probably ok to bump > up the timeout, but wasn't sure where the setting was. If I had seen a > bunch of timeouts, I'd be investigating what was causing the > individual timeouts. > > I found the setting in /etc/MailScanner/mailscanner.conf... > > It was 75, I bumped it to 90. > > FWIW, I did the lint test of SA through MailWatch GUI to see if there > were any apparent issues, the elapsed time on that comes in at > 5.97865sec. Having nothing to compare that to, is that good, bad, > horrible, etc? > > Angelo Not too bad. You probably are just getting an occasional timeout on an rbl list. I think I went to 90 seconds a while back also. I got about 3.33 sec. on a lint test, but since spamassassin 3.17 doesn't do network tests anymore, that is just your servers response time. You need some actual messages to get network times. spamassassin -D References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> Message-ID: On Mon, 12 Feb 2007, Gerard Seibert wrote: > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > >> Yeah, and what will be the requirment in the next version on winblows, >> a supercomputer, and thats just for basics :P > > Are you suggesting that we all go back to using 8086 based PC's? no im talking about like the big muthars in Sandiego SCC :) > Seriously, Every few years I buy another PC. I then add the older one Whats the point? many people, especially businesses dont want to do that you are the type of person Bill Gates has aimed at vista then, he;ll be happy :) > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what a load of rot. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From dnsadmin at 1bigthink.com Mon Feb 12 23:23:24 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Feb 12 22:27:54 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> <20070212124502.4E16.GERARD@seibercom.net> Message-ID: <7.0.1.0.0.20070212172056.091d1340@1bigthink.com> At 04:56 PM 2/12/2007, you wrote: >On Mon, 12 Feb 2007, Gerard Seibert wrote: > >>On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: >> >>>Right click the message itself and select Message Options. I find >>>Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista >>>or Office 2007 so far. >> >>I just tried Vista with the latest MS Office. It ran quite well. Of >>course, you have to have a system with the nuts to handle it. This was >>on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of >>memory. I would never use it on an outdated single core system with 512 >>memory. > >Yeah, and what will be the requirment in the next version on winblows, >a supercomputer, and thats just for basics :P > Quad processor, 4 GB ram, 2GB will be used upon successful bootup. In order to have the cool graphics as MacOS XII, you will need an SLI-2x4 4 - GPU video card that costs twice as much as the motherboard and processor chip. ;)D From chandler.lists at chapman.edu Mon Feb 12 23:31:45 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Mon Feb 12 22:36:01 2007 Subject: [OT] LookOUT 2007 In-Reply-To: <20070212170051.722F.GERARD@seibercom.net> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> Message-ID: <45D0EAD1.1000604@chapman.edu> Gerard Seibert wrote: > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > > >> Yeah, and what will be the requirment in the next version on winblows, >> a supercomputer, and thats just for basics :P >> > > Are you suggesting that we all go back to using 8086 based PC's? > No. I'm suggesting that a modern OS shouldn't need three quarters of your hardware resources just to BOOT. > Seriously, Every few years I buy another PC. I then add the older one > to my network; however, that is another story. I was just waiting for > the new Vista to be released before I purchased a new PC. that way I can > get both at the same time. > I used Vista for a week on a laptop that was purchased within the last six months and branded as "Vista Ready!" It ran like crap, the driver support for the touchpad was abysmal, and it lived in virtual memory. I'll run XP until I can't anymore. After that, FreeBSD on the desktop is looking more and more attractive. > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and > MicroSoft is the only OS doing it. Are you seriously suggesting that their inefficient coding style is a GOOD thing? Try benchmarking any machine running Vista to the same hardware platform on ANY OTHER OS you can think of. I'd bet quite a bit that Vista comes out the loser each time. "Pushing the envelope" doesn't equate to "coding for crap" in my world. > Besides, if I remember correctly, my first PC was an 8086 that cost approximately $2000. with everything. My last was a Dell 4550, 3.1 GHZ HT, 1024 memory and 120Gig HD. It cost > just $1950. Considering that my pay scale is higher now than it was in > 1983, I consider that a 'good deal'. > > Back then, computers were specialty items-- now, they're commodities. Let's not skirt the issue too much... > Anyway, what ever floats you boat! Agreed, but MAN, Vista is crap. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Dyslexics retyping hosts file on servers From gerard at seibercom.net Mon Feb 12 23:40:50 2007 From: gerard at seibercom.net (Gerard) Date: Mon Feb 12 22:45:00 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212170051.722F.GERARD@seibercom.net> Message-ID: <20070212174038.7234.GERARD@seibercom.net> On Monday February 12, 2007 at 05:16:12 (PM) Res wrote: > On Mon, 12 Feb 2007, Gerard Seibert wrote: > > > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > > > >> Yeah, and what will be the requirment in the next version on winblows, > >> a supercomputer, and thats just for basics :P > > > > Are you suggesting that we all go back to using 8086 based PC's? > > no im talking about like the big muthars in Sandiego SCC :) I have no idea what yu are referring to > > > Seriously, Every few years I buy another PC. I then add the older one > > Whats the point? many people, especially businesses dont want to do that > > you are the type of person Bill Gates has aimed at vista then, he;ll be > happy :) Actually, quite a few people. Especially those who want to use their PC as a virtual entertainment units. Besides, if an individual is going to invest in a new PC, they might as well get the latest OS available. You might want to reinvestigate that 'business' remark. I use to work for a consulting firm that routinely replaced PC's for business as soon as the the depreciation value was reached. Once you reach the tax write off point, there is not a lot of point in keeping an obsolete unit. > > > If it weren't for MicroSoft virtually forcing hardware developers to > > improve their offerings, we would probably still be stuck with 386's > > and 12mb. of memory. Somebody has got to push the envelope, and > > Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what > a load of rot. Again, I do not comprehend what you are trying to convey. By the way, are you an adult or a child? -- Gerard From gerard at seibercom.net Mon Feb 12 23:58:01 2007 From: gerard at seibercom.net (Gerard) Date: Mon Feb 12 23:02:14 2007 Subject: [OT] LookOUT 2007 In-Reply-To: <45D0EAD1.1000604@chapman.edu> References: <20070212170051.722F.GERARD@seibercom.net> <45D0EAD1.1000604@chapman.edu> Message-ID: <20070212175751.7238.GERARD@seibercom.net> On Monday February 12, 2007 at 05:31:45 (PM) Jay Chandler wrote: > Gerard Seibert wrote: > > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > > > > > >> Yeah, and what will be the requirment in the next version on winblows, > >> a supercomputer, and thats just for basics :P > >> > > > > Are you suggesting that we all go back to using 8086 based PC's? > > > No. I'm suggesting that a modern OS shouldn't need three quarters of > your hardware resources just to BOOT. > > > Seriously, Every few years I buy another PC. I then add the older one > > to my network; however, that is another story. I was just waiting for > > the new Vista to be released before I purchased a new PC. that way I can > > get both at the same time. > > > I used Vista for a week on a laptop that was purchased within the last > six months and branded as "Vista Ready!" It ran like crap, the driver > support for the touchpad was abysmal, and it lived in virtual memory. > I'll run XP until I can't anymore. After that, FreeBSD on the desktop > is looking more and more attractive. It might have been nice if you had included the system specs. Anyway, I have never been impressed with the performance of any laptop with any OS installed. I consider them toys, although I have been forced to use them occasionally. The size of my fingers make the use of 'touch pads' virtually unfathomable. I use FreeBSD on two of my machines. One is a mail server, the other a dedicated work station. I love the OS; however, try and get 'Flash', Java, etc all working and you are in for a workout. The FBSD forum is filled with individuals who cannot get drivers for hardware to either work, or just find one that is available. Most cutting edge hardware just does not work on FBSD or other *.nix systems. It is just the nature of the beast. > > > If it weren't for MicroSoft virtually forcing hardware developers to > > improve their offerings, we would probably still be stuck with 386's > > and 12mb. of memory. Somebody has got to push the envelope, and > > MicroSoft is the only OS doing it. > Are you seriously suggesting that their inefficient coding style is a > GOOD thing? Try benchmarking any machine running Vista to the same > hardware platform on ANY OTHER OS you can think of. I'd bet quite a bit > that Vista comes out the loser each time. "Pushing the envelope" > doesn't equate to "coding for crap" in my world. Define 'inefficient coding style'. I have seen code from FBSD and Linux that looks like it was written by a child. Wait, it probably was written by one. > > > Besides, if I remember correctly, my first PC was an 8086 that cost approximately $2000. with everything. My last was a Dell 4550, 3.1 GHZ HT, 1024 memory and 120Gig HD. It cost > > just $1950. Considering that my pay scale is higher now than it was in > > 1983, I consider that a 'good deal'. > > > > > Back then, computers were specialty items-- now, they're commodities. > Let's not skirt the issue too much... > > Anyway, what ever floats you boat! > Agreed, but MAN, Vista is crap. -- Gerard From mailscanner at yeticomputers.com Tue Feb 13 00:00:05 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 12 23:04:28 2007 Subject: LookOUT 2007 In-Reply-To: <20070212170051.722F.GERARD@seibercom.net> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> Message-ID: <45D0F175.2050808@yeticomputers.com> Gerard Seibert wrote: > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and > MicroSoft is the only OS doing it. I agree with your overall sentiment that we shouldn't allow our computers to stagnate, but my experience with my own clients is that people don't upgrade their hardware for new OSes or new application software. I've had very, very few clients ask me what kind of new computer they'll need in order to move up to the next version of Windows, or the newest version of Office. In fact, nearly all of my customers want to *avoid* upgrading either their OS or their application software for as long as possible. No, I do upgrade consults for *gamers*. (Or their parents... "Tommy tried to install this game, but it wouldn't run. What do we need to do?") This was somewhat true even in the old days... I upgraded a lot of Windows 3.1 users to Windows 95 because of new "Windows 95 only" games. I will freely admit that I didn't take x86 PCs seriously until Windows 95, though. I don't object to Microsoft taking advantage of the power of newer machines, but I do find it rather annoying in the case of Vista that the *requirements* for the OS are so high. I've seen nothing in Vista that justifies using so much machine for just the OS. I do need to run a Vista box so that I can be familiar with the thing when my clients call with questions about it. Currently I'm running Vista Ultimate on a Core 2 Extreme X6800 with 2G of very nice RAM and an X1950XTX graphics card. I have a very fast array of 3G SATA drives, and Vista does look pretty and it's quite snappy. But... The same box feels faster with XP SP2. And, to stay on topic, Outlook 2007 runs quite poorly on this box. Well, for what I do. My current IMAP archive of this list begins in August 2005. The IMAP archive for my primary address holds all of my mail since 1998. That's a lot of mail, in case you're wondering. The SPAM folder alone contains more than 114,000 messages (I keep them for sentimental reasons... :) ), and there are probably 150 folders of sorted (and unsorted) mail. I added only those 2 accounts to Outlook for testing purposes, and synchronized them via a LAN connection. Outlook feels a *lot* slower than Thunderbird with those same (and seven other) accounts active and synchronized (on the same machine). Actually, Thunderbird on my office machine, running Gentoo Linux with far less power (2.4G P4, 1.5G RAM, decent SATA hard drives) feels faster than Outlook 2007 does on the more powerful machine, again with the same accounts and more. I recognize that Outlook 2007 is more than just an email client, but *as* an email client, it stinks. And, in my opinion, one would be better suited to run (gasp) separate apps for each of the things Outlook does rather than use that bloated, slow application and compromise on *everything* it does. Rick From gerard at seibercom.net Tue Feb 13 00:08:49 2007 From: gerard at seibercom.net (Gerard) Date: Mon Feb 12 23:13:00 2007 Subject: LookOUT 2007 In-Reply-To: <45D0F175.2050808@yeticomputers.com> References: <20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> Message-ID: <20070212180839.8A11.GERARD@seibercom.net> On Monday February 12, 2007 at 06:00:05 (PM) Rick Chadderdon wrote: > And, to stay on topic, Outlook 2007 runs quite poorly on this box. > Well, for what I do. > > My current IMAP archive of this list begins in August 2005. The IMAP > archive for my primary address holds all of my mail since 1998. That's > a lot of mail, in case you're wondering. The SPAM folder alone contains > more than 114,000 messages (I keep them for sentimental reasons... :) ), > and there are probably 150 folders of sorted (and unsorted) mail. I > added only those 2 accounts to Outlook for testing purposes, and > synchronized them via a LAN connection. Outlook feels a *lot* slower > than Thunderbird with those same (and seven other) accounts active and > synchronized (on the same machine). Actually, Thunderbird on my office > machine, running Gentoo Linux with far less power (2.4G P4, 1.5G RAM, > decent SATA hard drives) feels faster than Outlook 2007 does on the more > powerful machine, again with the same accounts and more. > > I recognize that Outlook 2007 is more than just an email client, but > *as* an email client, it stinks. And, in my opinion, one would be > better suited to run (gasp) separate apps for each of the things Outlook > does rather than use that bloated, slow application and compromise on > *everything* it does. That is quite a large number of messages indeed. I agree, I use Becky Internet Mail on my Win boxes and KMail on the FreeBSD ones. I have never had any real problem with OutLook. I just don't need all it offers. However, MS Office is another story. It is still the finest single office product that I have used, and I have tried dozens of them. It appears to work fine under Vista, although I have not given it a through workout yet. Heck, I haven't even purchased my new unit yet. I want to wait until after 4/15 to do that. -- Gerard The greatest trick the devil ever played was convincing the world he didn't exist. From am.lists at gmail.com Tue Feb 13 00:58:00 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 13 00:02:18 2007 Subject: LookOUT 2007 In-Reply-To: <20070212180839.8A11.GERARD@seibercom.net> References: <20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> <20070212180839.8A11.GERARD@seibercom.net> Message-ID: <25a66d840702121558y625df1cek9ee50a5883996acd@mail.gmail.com> Not pointed at any particular quote or comment, but in general, I've heard some very intelligent people relay something like the following when asked about why M$ products are so bloated and buggy: Microsoft can't expect everyone to write the most efficient and perfect code. The talent is just too hard to find and the timelines are too tight, but if they can provide decent [GUI] IDEs to enough decent code developers, the hardware performance will cover up for the lack of good solid code. Granted, that's a "hearsay" paragraph of something I totally disagree with, but it's more than likely the reality in which we live. From sandrews at andrewscompanies.com Tue Feb 13 02:26:04 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Feb 13 01:30:27 2007 Subject: LookOUT 2007 References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> Message-ID: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Not a load of rot. Linus didn't go playing around until 1991. At that point, it was pretty much Microsoft and OS2; and they were both pushing intel on the hardware side. Both of them were dog slow compared to DOS and at that time, everyone thought it just fine if all you did was connect to a netware box. During that time, AS400s were thought to be the next big thing because they weren't the big cost of S390s. Hell, I had a 9401 series at home during that period. It was insanely expensive, but all good RPG programmers had them, so what the heck. If it weren't for MS and OS2 pushing Intel to develop faster microprocessors, the whole thing could have been lost to 390s and minis connected to dumb terminals. The agruement that Unix in it's non-linux form existed before that time is accurate; however, it was a huge cost and few trusted it on x86 hardware at the time; oh yeah, and let's not forget that the 390s and the AS400s beat the crap out of it in raw performance AND the cost per transaction related to that performance. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Monday, February 12, 2007 5:16 PM To: MailScanner discussion Subject: Re: LookOUT 2007 On Mon, 12 Feb 2007, Gerard Seibert wrote: > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > >> Yeah, and what will be the requirment in the next version on >> winblows, a supercomputer, and thats just for basics :P > > Are you suggesting that we all go back to using 8086 based PC's? no im talking about like the big muthars in Sandiego SCC :) > Seriously, Every few years I buy another PC. I then add the older one Whats the point? many people, especially businesses dont want to do that you are the type of person Bill Gates has aimed at vista then, he;ll be happy :) > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what a load of rot. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at yeticomputers.com Tue Feb 13 05:19:32 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Tue Feb 13 04:23:56 2007 Subject: LookOUT 2007 In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: <45D13C54.70708@yeticomputers.com> sandrews@andrewscompanies.com wrote: > If it weren't for MS and OS2 pushing Intel to develop faster > microprocessors, the whole thing could have been lost to 390s and minis > connected to dumb terminals. > This argument relies on the assumption that if the x86 PC clones hadn't taken off none of the competing technologies of the time would have adapted. "What if" scenarios aside, that's a bit much for me to swallow. Hell, the Macintosh is still around *in spite* of the competition. I doubt very much that if a PC clone market had failed to develop that the competition would have quietly died. (I'd love to explore a few possible outcomes, but for the purposes of this discussion such speculation would be pointless.) Anyway, what point are we trying to make here? I think all Res was trying to say was that even without Microsoft, technology would have progressed to the point of those "huge servers". I tend to agree. While it is undebatable that MS contributed mightily to the current state of home (and other non-mainframe) computing, it is quite unreasonable to assume that without them technology would have stood still or that small computers based on x86, 680x0 or other alternative technologies would not have become just as popular with other OSes in their stead. > The agruement that Unix in it's non-linux form existed before that time > is accurate; however, it was a huge cost and few trusted it on x86 > hardware at the time; oh yeah, and let's not forget that the 390s and > the AS400s beat the crap out of it in raw performance AND the cost per > transaction related to that performance. > In 1993 I was considering starting an ISP based on home-made x86 equipment and SCO Unix. I was a bit late with the idea, however, and the market in my area became saturated before I'd secured enough funding to get under way. The Unix/x86 solution came in at a tiny fraction of the cost of any of the mainframe solutions I evaluated, and I didn't really care about: A. Raw performance far in excess of what I needed, or B. The cost per transaction related to performance I didn't need. Microsoft did not have a competitive server solution at the time which would have been suitable (in my opinion), better tested (NT4 was brand new at the time) or less expensive for the same feature set. If you're trying to make the point that Microsoft provided the only x86 alternative of the day, or even the best one for businesses, or was responsible in some way for inexpensive servers, I have to disagree. In fact, at the time I saw almost no *servers* running a Microsoft operating system. Again, while it's clear that Microsoft's contributions are a large part of where we are now, it's impossible to say where we'd be if MS had not existed, and I certainly don't see MS as having made a huge impact on the existence of inexpensive x86 servers. In the early-to-mid nineties, when x86 servers started appearing, very few of those that I encountered had a Microsoft OS on them. Rick From mailscanner at yeticomputers.com Tue Feb 13 05:40:28 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Tue Feb 13 04:44:51 2007 Subject: LookOUT 2007 In-Reply-To: <20070212180839.8A11.GERARD@seibercom.net> References: <20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> <20070212180839.8A11.GERARD@seibercom.net> Message-ID: <45D1413C.2060703@yeticomputers.com> Gerard wrote: > However, MS Office is another story. It is still the finest single > office product that I have used, and I have tried dozens of them. > I'm not a fan of the Office suite of programs, but as Gerard already said, "Whatever floats your boat." I would, however, like to see *everyone* use an open standard for office documents. I don't think that holding communication hostage in order to ensure the proliferation of your own software is ethical. Sell your software because of things like feature set, performance and reliability, not based on the fact that businesses need to exchange documents, and as long as you have the dominant format you can secure your market position. Rick From res at ausics.net Tue Feb 13 05:54:56 2007 From: res at ausics.net (Res) Date: Tue Feb 13 04:59:30 2007 Subject: LookOUT 2007 In-Reply-To: <20070212174038.7234.GERARD@seibercom.net> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> Message-ID: On Mon, 12 Feb 2007, Gerard wrote: >> no im talking about like the big muthars in Sandiego SCC :) > > I have no idea what yu are referring to Might have guessed with your original comment, much like the rest of your comments. > Actually, quite a few people. Especially those who want to use their PC > as a virtual entertainment units. Besides, if an individual is going to > invest in a new PC, they might as well get the latest OS available. True, this is why we install Fedora 6 on desktops, and slackware on servers. > You might want to reinvestigate that 'business' remark. I use to work > for a consulting firm that routinely replaced PC's for business as soon Maybe "used to work" is the operative word. > as the the depreciation value was reached. Once you reach the tax write > off point, there is not a lot of point in keeping an obsolete unit. So I should replace my ford, even though theres nothing wrong with it, its in mint condition, but its 6 years old this year, so we should go buy me another one? *sigh* >> Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what >> a load of rot. > Again, I do not comprehend what you are trying to convey. By the way, are I thought as much. > you an adult or a child? I think you are on the wrong list, open your lookout program and select news server, I'm sure you have lot of your kind on the microflop groups You remind me of the guy who came and wanted to do some work, a 25yo all hyped up with his M$ certs, and when I told him they meant nothing to me he almost went white as a ghost in disbelief, I also added and I quote "Hell will freeze over before that shit is used in my company" I really thought he _was_ going to faint :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From deanm at ispone.com.au Tue Feb 13 06:02:49 2007 From: deanm at ispone.com.au (Dean Manners) Date: Tue Feb 13 05:08:12 2007 Subject: Attachment-Warning variables with inline warnings In-Reply-To: Message-ID: <200702130503.l1D53otq000454@relay01.ispone.net.au> Kai, apologies for the html. Yes, changed both inline.warning.txt and inline.warning.html. Seems that $datenumber $id are stripped regardless, maybe deliberately? Regards __________________________________________ Dean Manners > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kai Schaetzl > Sent: Monday, February 12, 2007 10:16 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Attachment-Warning variables with inline warnings > > Dean Manners wrote on Mon, 12 Feb 2007 16:59:32 +1100: > > > Is it possible to use the $datenumber and $id variables in the > > inline.warning reports ? ?I am trying to display a "Click > here to release" > > URL, however the report line containing the URL seems to be removed. > > It would be nice if you could convince yourself to not send > HTML to a mailing list, thanks :-) This could also be the > reason why you don't get the text you expect. There's a text > and an HTML version. Did you change both? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From res at ausics.net Tue Feb 13 06:06:06 2007 From: res at ausics.net (Res) Date: Tue Feb 13 05:10:28 2007 Subject: LookOUT 2007 In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: On Mon, 12 Feb 2007, sandrews@andrewscompanies.com wrote: > Not a load of rot. Linus didn't go playing around until 1991. At that > point, it was pretty much Microsoft and OS2; and they were both pushing on servers? errrr I think ull find unix was around long before then :) we used SunOS where I was back then, but thats over 20 years ago, and before that we used somthing else, (memory faded cant recall what) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From csweeney at osubucks.org Tue Feb 13 06:11:11 2007 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Feb 13 05:15:45 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: <45D1486F.40606@osubucks.org> Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) Res wrote: > On Mon, 12 Feb 2007, sandrews@andrewscompanies.com wrote: > >> Not a load of rot. Linus didn't go playing around until 1991. At that >> point, it was pretty much Microsoft and OS2; and they were both pushing > > on servers? errrr I think ull find unix was around long before then :) > we used SunOS where I was back then, but thats over 20 years ago, and > before that we used somthing else, (memory faded cant recall what) > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5188 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/f0d662f7/smime.bin From res at ausics.net Tue Feb 13 06:14:02 2007 From: res at ausics.net (Res) Date: Tue Feb 13 05:18:27 2007 Subject: LookOUT 2007 In-Reply-To: <45D1486F.40606@osubucks.org> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> Message-ID: On Tue, 13 Feb 2007, Chris Sweeney wrote: > Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) Xenix LOL i bet M$ regret not going forward and sticking with that, more proof they can't get anything right :D -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From jon at radel.com Tue Feb 13 06:20:02 2007 From: jon at radel.com (Jon Radel) Date: Tue Feb 13 05:24:42 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: <45D14A82.3080602@radel.com> Res wrote: > > On Mon, 12 Feb 2007, sandrews@andrewscompanies.com wrote: > >> Not a load of rot. Linus didn't go playing around until 1991. At that >> point, it was pretty much Microsoft and OS2; and they were both pushing > > on servers? errrr I think ull find unix was around long before then :) > we used SunOS where I was back then, but thats over 20 years ago, and > before that we used somthing else, (memory faded cant recall what) > > Oh, don't tell me you used VMS before it went all Open on us.... I've still got a MicroVAX sitting in the garage; really should throw it out someday. I was also going to note earlier that amid all this talk about MS bloat, that I've noticed certain Linux distributions are getting tad heavy these days. Time to move to OpenBSD. :-) --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/2d5438ec/smime.bin From res at ausics.net Tue Feb 13 06:40:23 2007 From: res at ausics.net (Res) Date: Tue Feb 13 05:44:50 2007 Subject: LookOUT 2007 In-Reply-To: <45D14A82.3080602@radel.com> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> Message-ID: On Tue, 13 Feb 2007, Jon Radel wrote: >> on servers? errrr I think ull find unix was around long before then :) >> we used SunOS where I was back then, but thats over 20 years ago, and >> before that we used somthing else, (memory faded cant recall what) > > Oh, don't tell me you used VMS before it went all Open on us.... I've VMS might have been it, but I doubt we had anything special (it was only a print media company I worked for at the time) but I was only there for a short time before we moved to SunOS bout 84? I woulda been 18 then so sounds around that era. > still got a MicroVAX sitting in the garage; really should throw it out > someday. Donate it to a museum :) > I was also going to note earlier that amid all this talk about MS bloat, > that I've noticed certain Linux distributions are getting tad heavy > these days. Time to move to OpenBSD. :-) Nah :) I have been thinking of getting a copy of openslowaris and running that for a few weeks on a spare dekstop at home to see how it measures up. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Tue Feb 13 09:00:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 08:04:26 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> Message-ID: <223f97700702130000s29dc59aas7a13f0d9b089181b@mail.gmail.com> Hi Angelo, Look below.... On 12/02/07, am.lists wrote: > Scott: > > I felt the same way -- only seeing 3 timeouts, its probably ok to bump > up the timeout, but wasn't sure where the setting was. If I had seen a > bunch of timeouts, I'd be investigating what was causing the > individual timeouts. > > I found the setting in /etc/MailScanner/mailscanner.conf... > > It was 75, I bumped it to 90. Some on this list feel that those settings would *always* be too low:-)... And would tell you to bump it up to 600 (or so) seconds... If it is the "bayes expire"-problem, 75 or 90 will not make much difference;-)... but 600 would:-D. The reasoning here is along the lines that SA should *never* timeout (and be killed). > FWIW, I did the lint test of SA through MailWatch GUI to see if there > were any apparent issues, the elapsed time on that comes in at > 5.97865sec. Having nothing to compare that to, is that good, bad, > horrible, etc? > Well, if you are using SA 3.1.7, then the MailWatch lint doesn't include the network tests anymore (earlier versions of SA did), so that doesn't really say much, unfortunately. Time a "spamassassin -D -t < /path/to/test/message" instead, and you'll likely see some longer times... (If you're using 3.1.7, that is:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Tue Feb 13 09:06:10 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 08:10:34 2007 Subject: Mqueue.in huge In-Reply-To: <45D0B163.6090603@USherbrooke.ca> Message-ID: <200702130806.l1D869b6010246@netra.database.it> > 1. have you restarted MS after the change ? Yes > 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf > -> /etc/MailScanner/spam.assassin.prefs.conf ? They are not symlink but two differents files >3. after restarting MS, do you get any error/warning > messages in your > maillog? No Thanks for your help. Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: lunedì 12 febbraio 2007 19.27 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > Marcello Anderlini a écrit : > > I put use_auto_whitelist 0 in my spam.assassin.prefs.conf > but not is > > changed ? > > I'm still getting spamassassin timeout, what else can I do ? I'm in > > panic :-( > > > > > > Marcello, > > I haven't followed this thread from the beginning so: > > 1. have you restarted MS after the change ? > 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf > -> /etc/MailScanner/spam.assassin.prefs.conf ? > 3. after restarting MS, do you get any error/warning > messages in your > maillog? > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- Messaggio verificato dal servizio antivirus di Database Informatica From glenn.steen at gmail.com Tue Feb 13 09:43:31 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 08:47:50 2007 Subject: LookOUT 2007 In-Reply-To: <45D14A82.3080602@radel.com> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> Message-ID: <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> On 13/02/07, Jon Radel wrote: (snip) > I was also going to note earlier that amid all this talk about MS bloat, > that I've noticed certain Linux distributions are getting tad heavy > these days. Time to move to OpenBSD. :-) > Well... Before the _closing_ comment on this _useless_ thread, let me note that I just the other week took one of the "bloated" distros (Mandriva 2007, with (Hopefully) AIGLX/Xgl, compiz and all) and installed it without a hitch on an old Compaq SFF (1.0 GHz, 512 MiB RAM, 20 GiB HDD, integrated graphics... Junk, but not that bad:-) and it runs really OK... Sure, not as snappy as on a more modern box, but still more than enough for the relatives I'm donating it to;-). Bloated indeed... A matter of relativity, I'd say:-):-). (Hopefully:-) Final note on this thread: Although I do enjoy the banter and all, has any of you reflected on this thread going from slightly off-topic (LookOut is at best tangent to MailScanner) to not related to anything at all (Vista performance and HW "policies".... Have much to do with MailScanner has it? No.).... Please desist, and take anything firther off-list will you? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 13 09:56:21 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 09:00:40 2007 Subject: Mqueue.in huge In-Reply-To: <200702130806.l1D869b6010246@netra.database.it> References: <45D0B163.6090603@USherbrooke.ca> <200702130806.l1D869b6010246@netra.database.it> Message-ID: <223f97700702130056n3f34f982g52983ec8d6e0ea0a@mail.gmail.com> On 13/02/07, Marcello Anderlini wrote: (snip) > > 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf > > -> /etc/MailScanner/spam.assassin.prefs.conf ? > > They are not symlink but two differents files Hm, they should be one and the same, by way of a symbolic link... Could you please refresh our memories with what version of MailScanner and SpamAssassin you use, as well as MTA (Sendmail was it? version please...), what plugins to SA you have loaded etc...? Also provide the output of ls -l /etc/MailScanner/spam.assassin.prefs.conf /etc/mail/spamassassin/mailscanner.cf (that was all on one line, of course) ... so that we can be certain they really are two different files, and not a file and a symlink:-). Depending on version of SA, you might disable certain functions "easier" by way of not loading them (since they might be plugins) instead of loading them and then disabling them... Provide the info and we'll likely be more capable of helping you. Cheers -- -- Glenn (who is home with the flu, hence the not-so-frequent "presence" on the list:) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmatt at nerc.ac.uk Tue Feb 13 10:05:21 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Feb 13 09:09:52 2007 Subject: automated mail server stress testing? In-Reply-To: <45C48B9B.3010000@ecs.soton.ac.uk> References: <45C3D414.9090900@fractalweb.com> <45C48B9B.3010000@ecs.soton.ac.uk> Message-ID: <45D17F51.80502@nerc.ac.uk> > Chris Yuzik wrote: >> Just wondering if there are any programs/scripts/whatever that can put >> an artificial high load on our new server so we can see if anything >> breaks *before* we start moving real users to this new box. set up a real mail relay exactly as your production system and give it a high MX (low priority) in the DNS. We have one like this and it attracts as much junk as it can process and then some! As Julian says, you then send everything to /dev/null G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From cobalt-users1 at fishnet.co.uk Tue Feb 13 11:16:28 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 13 10:21:02 2007 Subject: Help debugging false positives with SURBL Message-ID: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> Skipped content of type multipart/alternative-------------- next part -------------- The following section of this message contains a file attachment prepared for transmission using the Internet MIME message format. If you are using Pegasus Mail, or any other MIME-compliant system, you should be able to save it or view it from within your mailer. If you cannot, please ask your system administrator for assistance. ---- File information ----------- File: message.txt Date: 13 Feb 2007, 10:02 Size: 1146 bytes. Type: Text -------------- next part -------------- A non-text attachment was scrubbed... Name: message.txt Type: application/octet-stream Size: 1146 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/822939ba/message.obj From stef at aoc-uk.com Tue Feb 13 11:32:32 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Tue Feb 13 10:36:50 2007 Subject: OT - RE: LookOUT 2007 Message-ID: <2861F1B24EB21D4EBD8A2A72DD8219050CE7DD@flatulous.aoc-uk.com> Jon Radel wrote: > I was also going to note earlier that amid all this talk > about MS bloat, that I've noticed certain Linux distributions > are getting tad heavy these days. Time to move to OpenBSD. :-) Nothing wrong with OpenBSD, but then again, why not roll your own Linux Distro. Lightweight as you like! http://www.linuxfromscratch.org is a great starting place. Great engineer training resource too. Stef From ms-list at alexb.ch Tue Feb 13 11:34:55 2007 From: ms-list at alexb.ch (Alex Broens) Date: Tue Feb 13 10:39:21 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> Message-ID: <45D1944F.6020802@alexb.ch> Would be very useful and even more appreciated if Julian could implement the vanilla SA responses which are two liners. I've banged my head very often when trying to find out what URL was hit. Alex On 2/13/2007 11:16 AM, Ian wrote: > Hi, > > I am having trouble with the spamassassin SURBL tests and cron emails. For some strange > reason I am getting this score on an email delivered via MailScanner: > > cached > score=12.718 > 6 required > -1.80 ALL_TRUSTED Passed through trusted hosts only via SMTP > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > -0.00 SPF_HELO_PASS SPF: HELO matches SPF record > 3.81 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist > 3.00 URIBL_BLACK > 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > 2.80 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist > 4.50 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist > > When I run the message manually with the following command line, non of the SURBL tests > show up: > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -t > Content analysis details: (-4.4 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > > I have tested all domain names (even partial ones) with the RulesEmporium SURBL checker > and none of them show up. I have attached the email as a txt file. > > Can someone point me the right direction to debug this. I have switched on SpamAssassin > debugging in MailScanner but have no idea where to look for the debug output. Also, am I > using the right command line to test this? > > > Thanks > > Ian > > > ------------------------------------------------------------------------ > > The following section of this message contains a file attachment > prepared for transmission using the Internet MIME message format. > If you are using Pegasus Mail, or any other MIME-compliant system, > you should be able to save it or view it from within your mailer. > If you cannot, please ask your system administrator for assistance. > > ---- File information ----------- > File: message.txt > Date: 13 Feb 2007, 10:02 > Size: 1146 bytes. > Type: Text > From res at ausics.net Tue Feb 13 12:25:55 2007 From: res at ausics.net (Res) Date: Tue Feb 13 11:30:29 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> Message-ID: On Tue, 13 Feb 2007, Glenn Steen wrote: > No.).... Please desist, and take anything firther off-list will you? no more on topic then 90 %of the rest of the stuff around here unless we have renamed this list to postmix/sendmail/mailwatch/spam assassin list as well From glenn.steen at gmail.com Tue Feb 13 13:07:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 12:12:19 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> Message-ID: <223f97700702130407u696ecc90gb47e4609aec9f528@mail.gmail.com> On 13/02/07, Res wrote: > On Tue, 13 Feb 2007, Glenn Steen wrote: > > > No.).... Please desist, and take anything firther off-list will you? > > no more on topic then 90 %of the rest of the stuff around here unless we > have renamed this list to postmix/sendmail/mailwatch/spam assassin list as > well > Yeah I know, but ... well, I'm certainly not "the list guardian" in any way shape or form, but going from MUA to OS/HW/... "point of view" discussions stretches things very thin indeed:-):-). Oh well, keep at it then:-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Tue Feb 13 14:04:44 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 13 13:09:06 2007 Subject: OT: Postfix Masquerading Message-ID: <45D1B76C.2030908@haigmail.com> Hi, Apologies for the off topic here. Can someone give me a (l)user explanation or point me in the right direction to setup outgoing *Masquerading * I have a smtp relay that is relaying our system notifications from multiple internal hosts. these hosts attach the internal domain ot all their e-mail and this natrually does not have any dns records in the public domain. How would I setup postfix to "formfill" the domains with a valid external domain? Thanks Lance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/7a5821cb/attachment.html From tim.sattler at nordcapital.com Tue Feb 13 14:06:55 2007 From: tim.sattler at nordcapital.com (Sattler, Tim) Date: Tue Feb 13 13:11:37 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> Message-ID: Hi, > I am having trouble with the spamassassin SURBL tests and cron emails. > For some strange reason I am getting this score on an email delivered > via MailScanner: You should check to see whether your setup matches one of the following conditions mentioned on surbl.org: DNS bugs and incompabilities leading to false positives There is a bug (#3997) in versions of SpamAssassin older than 3.1 where the responses to DNS queries occasionally get mixed up, resulting in very rare false positives (non-spam tagged as spam). This can be seen when SpamAssassin shows a domain as blacklisted but it is not blacklisted when checking with a manual DNS query or on the lookup page. The solution is to upgrade to SpamAssassin version 3.1 or later. Another issue for users of DNS or proxy services that modify the results of DNS queries is that some of those changes may not compatible with SURBL applications. In particular, modification of NXDOMAIN responses can result in false positives due to the changed Address bits in the response. The solution is to not use DNS or proxy services that modify query results on your systems running SURBL applications. These cases are very rare, but worth mentioning if it prevents some confusion. We had a similar issue when using OpenDNS as DNS forwarder. Regards Tim From m.anderlini at database.it Tue Feb 13 14:11:25 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 13:16:41 2007 Subject: Mqueue.in huge In-Reply-To: Message-ID: <200702131311.l1DDBNab012570@netra.database.it> Thank you very much, I'd like just to know if in this way sendmail will notify the sender of email tag as spam ? Eventualy in this case how is it possible to turn off this ? I will try and I let you know. Thanks again Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: lunedì 12 febbraio 2007 23.06 > To: MailScanner discussion > Subject: RE: Mqueue.in huge > > Hi, > > On Mon, 12 Feb 2007, Marcello Anderlini wrote: > > > I beg your pardon but how can set my MTA (I use sendmail) to use > > blacklist and to reject automaticaly email ? > > Add this to your sendmail.mc file in sendmail-source/cf/cf > The 'FEATURE' to 'dnl' is all on one line > > FEATURE(`blacklist_recipients')dnl # <--- this should be already there > > > FEATURE(`enhdnsbl', `zen.spamhaus.org', `"553 rejected - see > http://www.spamhaus.org/query/bl?ip="$&{client_addr}', `')dnl > > FEATURE(`enhdnsbl', `bl.spamcop.net', `"553 rejected - see > http://spamcop.net/bl.shtml?"$&{client_addr}', `')dnl > > FEATURE(`enhdnsbl',`dnsbl.sorbs.net',`"553 rejected - " > $&{client_addr} " > found in dnsbl.sorbs.net"', `')dnl > > FEATURE(`enhdnsbl', `combined.njabl.org', `"553 rejected - > see http://njabl.org/lookup?"$&{client_addr}', `')dnl > > Then ./Build install-cf > and restart sendmail > > > And also how can I turn off spamassin in Mailscanner.conf ? > > Use SpamAssassin = yes > to > Use SpamAssassin = no > then > killall -HUP MailScanner > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From m.anderlini at database.it Tue Feb 13 14:16:01 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 13:21:06 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130056n3f34f982g52983ec8d6e0ea0a@mail.gmail.com> Message-ID: <200702131315.l1DDFxsb016562@netra.database.it> Mailscanner 4.50.15.1 Spammassasin Version : 3.1.7 Release : 1.el4.rf Name : sendmail Version : 8.13.1 Vendor: CentOS Release : 3.RHEL4.5 I do not use any plugins for SA and this is the output of ls -l /etc/MailScanner/spam.assassin.prefs.conf /etc/mail/spamassassin/mailscanner.cf -rw-r--r-- 1 root root 11361 Feb 12 18:00 /etc/MailScanner/spam.assassin.prefs.conf -rw-r--r-- 1 root root 41 Jan 21 2005 /etc/mail/spamassassin/mailscanner.cf Thanks again Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: martedì 13 febbraio 2007 9.56 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 13/02/07, Marcello Anderlini wrote: > (snip) > > > 2. do you have a symlink from > /etc/mail/spamassassin/mailscanner.cf > > > -> /etc/MailScanner/spam.assassin.prefs.conf ? > > > > They are not symlink but two differents files > Hm, they should be one and the same, by way of a symbolic link... > Could you please refresh our memories with what version of > MailScanner and SpamAssassin you use, as well as MTA > (Sendmail was it? version please...), what plugins to SA you > have loaded etc...? Also provide the output of ls -l > /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > (that was all on one line, of course) ... so that we can be > certain they really are two different files, and not a file > and a symlink:-). > > Depending on version of SA, you might disable certain > functions "easier" by way of not loading them (since they > might be plugins) instead of loading them and then disabling > them... Provide the info and we'll likely be more capable of > helping you. > > Cheers > -- > -- Glenn (who is home with the flu, hence the not-so-frequent > "presence" on the list:) > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From drew at technologytiger.net Tue Feb 13 14:19:40 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue Feb 13 13:24:13 2007 Subject: OT: Postfix Masquerading In-Reply-To: <45D1B76C.2030908@haigmail.com> References: <45D1B76C.2030908@haigmail.com> Message-ID: <62919.194.70.180.170.1171372780.squirrel@www.technologytiger.net> On Tue, February 13, 2007 13:04, Lance Haig wrote: > Hi, > > Apologies for the off topic here. > > Can someone give me a (l)user explanation or point me in the right > direction to setup outgoing *Masquerading > * > I have a smtp relay that is relaying our system notifications from > multiple internal hosts. > these hosts attach the internal domain ot all their e-mail and this > natrually does not have any dns records in the public domain. > > How would I setup postfix to "formfill" the domains with a valid > external domain? Have a look at this http://www.postfix.org/ADDRESS_REWRITING_README.html it covers every possible variation for you (Sorry, can't be more specific with out more details of your domain set up etc). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From lhaig at haigmail.com Tue Feb 13 14:24:57 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 13 13:29:18 2007 Subject: OT: Postfix Masquerading In-Reply-To: <62919.194.70.180.170.1171372780.squirrel@www.technologytiger.net> References: <45D1B76C.2030908@haigmail.com> <62919.194.70.180.170.1171372780.squirrel@www.technologytiger.net> Message-ID: <45D1BC29.9040303@haigmail.com> Hi Drew, I must be blind. I could not find that at all. Thanks a million. Lance Drew Marshall wrote: > On Tue, February 13, 2007 13:04, Lance Haig wrote: > >> Hi, >> >> Apologies for the off topic here. >> >> Can someone give me a (l)user explanation or point me in the right >> direction to setup outgoing *Masquerading >> * >> I have a smtp relay that is relaying our system notifications from >> multiple internal hosts. >> these hosts attach the internal domain ot all their e-mail and this >> natrually does not have any dns records in the public domain. >> >> How would I setup postfix to "formfill" the domains with a valid >> external domain? >> > > Have a look at this http://www.postfix.org/ADDRESS_REWRITING_README.html > it covers every possible variation for you (Sorry, can't be more specific > with out more details of your domain set up etc). > > Drew > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/1e171b84/attachment.html From res at ausics.net Tue Feb 13 14:43:31 2007 From: res at ausics.net (Res) Date: Tue Feb 13 13:47:56 2007 Subject: Mqueue.in huge In-Reply-To: <200702131311.l1DDBNab012570@netra.database.it> References: <200702131311.l1DDBNab012570@netra.database.it> Message-ID: Hi, On Tue, 13 Feb 2007, Marcello Anderlini wrote: > Thank you very much, I'd like just to know if in this way sendmail will > notify the sender of email tag as spam ? They will get a rejection notice, pointing to where they can lookup why they were blocked by the RBL > Eventualy in this case how is it possible to turn off this ? > most cases you wont want to :) but all you need do is put a dnl in front of those lines and re make the cf file again -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From sailer at bnl.gov Tue Feb 13 14:48:49 2007 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 13 13:53:26 2007 Subject: LookOUT 2007 In-Reply-To: <45D1486F.40606@osubucks.org> References: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> Message-ID: <20070213134849.GB29603@bnl.gov> On Tue, Feb 13, 2007 at 12:11:11AM -0500, Chris Sweeney wrote: > Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) Strangely enough, if you have an old copy of SCO Xenix (/86, /286, /386, I still have at least the manuals from each somewhere), you'll unfortunately find Microsoft's name on the pages. They bought like a 20% stake in SCO way back when. MS was hedging their bets way back. I wonder if this is why they keep saying that if you are running Linux, you owe them money?? Tim -- Tim Sailer DoE Intelligence and Counterintelligence - Cyber Division Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From sailer at bnl.gov Tue Feb 13 14:52:37 2007 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 13 13:57:12 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> Message-ID: <20070213135237.GC29603@bnl.gov> On Tue, Feb 13, 2007 at 02:54:56PM +1000, Res wrote: > You remind me of the guy who came and wanted to do some work, a 25yo > all hyped up with his M$ certs, and when I told him they meant nothing to Remember: MCSE - Must Consult Someone Experienced :) Tim -- Tim Sailer DoE Intelligence and Counterintelligence - Cyber Division Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From cobalt-users1 at fishnet.co.uk Tue Feb 13 15:06:50 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 13 14:11:18 2007 Subject: Help debugging false positives with SURBL In-Reply-To: References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, Message-ID: <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk> On 13 Feb 2007 at 14:06, Sattler, Tim wrote: > Hi, > > > I am having trouble with the spamassassin SURBL tests and cron emails. > > > For some strange reason I am getting this score on an email delivered > > via MailScanner: > > You should check to see whether your setup matches one of the following > conditions mentioned on surbl.org: > > > DNS bugs and incompabilities leading to false positives > > We had a similar issue when using OpenDNS as DNS forwarder. Hi, Thanks Tim, yes I did check the spamassassin archives before posting here so I saw that one. This is a brand new install with version 3.1.7 and we woulnd't touch OpenDNS in a business environment, anything that modifies dns queries/responses would only cause problems in my opinion. I posted to this list because it only happens when the mail is passed through MailScanner, so I actually need help on debugging on what happens to the message when it is passed to spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin thinks is the bad url. Is it the domain name of the server? The name of the perl script? Something else I'm not seeing? What does the MailScanner option: Debug SpamAssassin = yes actually do? Where do I read the debug output? Any help would be appreciated. Ian -- From glenn.steen at gmail.com Tue Feb 13 15:07:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 14:12:17 2007 Subject: LookOUT 2007 In-Reply-To: <20070213134849.GB29603@bnl.gov> References: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> <20070213134849.GB29603@bnl.gov> Message-ID: <223f97700702130607j52301f4ble16e843d05d9a473@mail.gmail.com> On 13/02/07, Tim Sailer wrote: > On Tue, Feb 13, 2007 at 12:11:11AM -0500, Chris Sweeney wrote: > > Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) > > Strangely enough, if you have an old copy of SCO Xenix (/86, /286, > /386, I still have at least the manuals from each somewhere), you'll > unfortunately find Microsoft's name on the pages. They bought like a > 20% stake in SCO way back when. MS was hedging their bets way back. > I wonder if this is why they keep saying that if you are running Linux, > you owe them money?? > Only in a fevered dream ... Linux has virtually nothing in common with Xenix, and Caldera-turned-SCO based their idiocy on other (almost equally loose) allegations. M$ has nothing much to do with that idiocy though (unless you are into conspiration theories:-). Ooww, lets not go further in this direction, this thread is shite enough as it is:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From stef at aoc-uk.com Tue Feb 13 15:08:24 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Tue Feb 13 14:12:43 2007 Subject: OT - RE: LookOUT 2007 Message-ID: <2861F1B24EB21D4EBD8A2A72DD8219050CE7E3@flatulous.aoc-uk.com> Tim Sailer wrote: > Strangely enough, if you have an old copy of SCO Xenix (/86, > /286, /386, I still have at least the manuals from each > somewhere), you'll unfortunately find Microsoft's name on the If you have a *current* SCO Openserver it still tells you about Microsoft's copyright when you log in. Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. UK734421454 From csweeney at osubucks.org Tue Feb 13 15:16:40 2007 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Feb 13 14:21:16 2007 Subject: LookOUT 2007 In-Reply-To: <20070213134849.GB29603@bnl.gov> References: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> <20070213134849.GB29603@bnl.gov> Message-ID: <4391.70.60.69.215.1171376200.squirrel@webmail.osubucks.org> > On Tue, Feb 13, 2007 at 12:11:11AM -0500, Chris Sweeney wrote: >> Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) > > Strangely enough, if you have an old copy of SCO Xenix (/86, /286, > /386, I still have at least the manuals from each somewhere), you'll > unfortunately find Microsoft's name on the pages. They bought like a > 20% stake in SCO way back when. MS was hedging their bets way back. > I wonder if this is why they keep saying that if you are running Linux, > you owe them money?? > You know thats funny, I did not realize MS had a stake in SCO. Unfortunatly I don't have any copies of SCO Xenix around anymore, but I still love to say it :) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Feb 13 15:24:47 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 14:29:11 2007 Subject: Mqueue.in huge In-Reply-To: <200702131315.l1DDFxsb016562@netra.database.it> References: <223f97700702130056n3f34f982g52983ec8d6e0ea0a@mail.gmail.com> <200702131315.l1DDFxsb016562@netra.database.it> Message-ID: <223f97700702130624g162f2accl4a201e30143c9423@mail.gmail.com> On 13/02/07, Marcello Anderlini wrote: > Mailscanner 4.50.15.1 > Spammassasin Version : 3.1.7 Release : 1.el4.rf > > Name : sendmail > Version : 8.13.1 Vendor: CentOS > Release : 3.RHEL4.5 > > I do not use any plugins for SA and this is the output of > ls -l /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > -rw-r--r-- 1 root root 11361 Feb 12 18:00 > /etc/MailScanner/spam.assassin.prefs.conf > -rw-r--r-- 1 root root 41 Jan 21 2005 > /etc/mail/spamassassin/mailscanner.cf > > Thanks again > > Best regards Ok, not the freshest MailScanner version one has seen... Consider an update. it is fairly easy and well-documented in the MAQ how to do that on RPM-based systems like yours (http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm). What does the 41 bytes of /etc/mail/spamassassin/mailscanner.cf say? Looks almost like a symlink-turned-normal-file, just from the size of it. Try moving that mailscanner.cf out of the way and doing ln -s /etc/MailScanner/spam.assassin.prefs.conf /etc/mail/spamassassin/mailscanner.cf ... just to make sure it is a link. Hm, come to think of it, I don't rightly remember at which version MailScanner switched to assuming that symlink to be there... If you update to the latest stable version (which I think you should), you _will_ need it. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue Feb 13 15:31:16 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Feb 13 14:35:45 2007 Subject: Attachment-Warning variables with inline warnings In-Reply-To: <200702130503.l1D53otq000454@relay01.ispone.net.au> References: <200702130503.l1D53otq000454@relay01.ispone.net.au> Message-ID: Dean Manners wrote on Tue, 13 Feb 2007 16:02:49 +1100: > Seems that $datenumber $id are stripped regardless, > maybe deliberately? Hm, that I don't know, sorry. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Denis.Beauchemin at USherbrooke.ca Tue Feb 13 15:40:36 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 13 14:45:19 2007 Subject: Mqueue.in huge In-Reply-To: <200702131315.l1DDFxsb016562@netra.database.it> References: <200702131315.l1DDFxsb016562@netra.database.it> Message-ID: <45D1CDE4.1010800@USherbrooke.ca> Marcello Anderlini a ?crit : > Mailscanner 4.50.15.1 > Spammassasin Version : 3.1.7 Release : 1.el4.rf > > Name : sendmail > Version : 8.13.1 Vendor: CentOS > Release : 3.RHEL4.5 > > I do not use any plugins for SA and this is the output of > ls -l /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > -rw-r--r-- 1 root root 11361 Feb 12 18:00 > /etc/MailScanner/spam.assassin.prefs.conf > -rw-r--r-- 1 root root 41 Jan 21 2005 > /etc/mail/spamassassin/mailscanner.cf > > Marcello, Please do the following: 1. mv /etc/mail/spamassassin/mailscanner.cf /etc/mail/spamassassin/mailscanner.cf.old 2. ln -s /etc/mail/spamassassin/mailscanner.cf /etc/mail/spamassassin/mailscanner.cf 3. make sure you have the "use_auto_whitelist 0" in both files (they should now be the same file) then restart MS and look for your SA whitelist error messages. They should be gone. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/886d0267/smime.bin From dyioulos at firstbhph.com Tue Feb 13 15:43:11 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue Feb 13 14:47:29 2007 Subject: MCP (again) Message-ID: <200702130943.12172.dyioulos@firstbhph.com> Good morning (in most of the Western Hemisphere anyway). Several days ago I asked for help regarding MCP. At the risk of angering folks, I wanted to ask again, as getting this set up and running is very important to me, and I'm just having no success. My setup: CentOS 3.8, sendmail-8.12.11-4, mailscanner-4.58.9.1, spamassassin-3.1.7, clamav-0.88.7, and mailwatch-1.0.3. Firstly, I want to keep my users' mail from being scanned for spam. I can accomplish this successfully either by using MailWatch's SQLBlackWhiteList, or by using MS's spam.whitelist.rules/scan.messages.rules. The problem is, when spam whitelisting is enabled, MCP doesn't work. Once spam whitelisting is disabled, voila, MCP works (messages are tagged and visible in MailWatch). I've tried every combination of rules I can think of with no success. Is there no way for both spam whitelisting and MCP to work together? Does anyone have this enabled and can give me some assistance? It would be most appreciated. Thanks. Dimitri From glenn.steen at gmail.com Tue Feb 13 15:55:29 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 14:59:49 2007 Subject: Mqueue.in huge In-Reply-To: <45D1CDE4.1010800@USherbrooke.ca> References: <200702131315.l1DDFxsb016562@netra.database.it> <45D1CDE4.1010800@USherbrooke.ca> Message-ID: <223f97700702130655u78d97ac7wb82a2091e01854e6@mail.gmail.com> On 13/02/07, Denis Beauchemin wrote: (snip) > 2. ln -s /etc/mail/spamassassin/mailscanner.cf > /etc/mail/spamassassin/mailscanner.cf Eh, no. Not good to try link to oneself:-). This would (of course) just raise an error. Do the link as I suggested it though and things should be fine:-). > 3. make sure you have the "use_auto_whitelist 0" in both files (they > should now be the same file) One could of course put this in local.cf as well...:-) > then restart MS and look for your SA whitelist error messages. They > should be gone. > > Denis > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Tue Feb 13 16:05:55 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 15:12:25 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130624g162f2accl4a201e30143c9423@mail.gmail.com> Message-ID: <200702131505.l1DF5rbq018374@netra.database.it> I make the symlink but the problem seem to be still presents. Now my mqueue.in is running about 120/130 msg waiting and is growing. The only way to decrease it is to not use spamassassin. I notice anyway that msg are still marked spam using black-list, I suppose directly by Mailscanner and I can delete it if I change "Spam Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = delete. Could this be a solution ? But How can I understand where spamassassin is slowing ? Can spamassassin -D -t generate a log with timing ? I'll update mailscanner as soon as possible. Best regards and thanks again for your help Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: martedì 13 febbraio 2007 15.25 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 13/02/07, Marcello Anderlini wrote: > > Mailscanner 4.50.15.1 > > Spammassasin Version : 3.1.7 Release : 1.el4.rf > > > > Name : sendmail > > Version : 8.13.1 Vendor: CentOS > > Release : 3.RHEL4.5 > > > > I do not use any plugins for SA and this is the output of ls -l > > /etc/MailScanner/spam.assassin.prefs.conf > > /etc/mail/spamassassin/mailscanner.cf > > -rw-r--r-- 1 root root 11361 Feb 12 18:00 > > /etc/MailScanner/spam.assassin.prefs.conf > > -rw-r--r-- 1 root root 41 Jan 21 2005 > > /etc/mail/spamassassin/mailscanner.cf > > > > Thanks again > > > > Best regards > > Ok, not the freshest MailScanner version one has seen... > Consider an update. it is fairly easy and well-documented in > the MAQ how to do that on RPM-based systems like yours > (http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm). > > What does the 41 bytes of /etc/mail/spamassassin/mailscanner.cf say? > Looks almost like a symlink-turned-normal-file, just from the > size of it. > Try moving that mailscanner.cf out of the way and doing ln -s > /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > ... just to make sure it is a link. Hm, come to think of it, > I don't rightly remember at which version MailScanner > switched to assuming that symlink to be there... If you > update to the latest stable version (which I think you > should), you _will_ need it. > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From Sylvain.Phaneuf at imsu.ox.ac.uk Tue Feb 13 16:09:17 2007 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Tue Feb 13 15:13:48 2007 Subject: reject (bounce) message References: <45D1C99E020000EB00012924@gwmail.jr2.ox.ac.uk> <45D1CC6F020000EB00012927@gwmail.jr2.ox.ac.uk> <45D1D068020000EB0001292A@gwmail.jr2.ox.ac.uk> <45D1D18F020000EB0001292D@gwmail.jr2.ox.ac.uk> <45D1D26D020000EB00012930@gwmail.jr2.ox.ac.uk> <45D1D395020000EB00012933@gwmail.jr2.ox.ac.uk> <45D1D49D020000EB00012936@gwmail.jr2.ox.ac.uk> Message-ID: <45D1D49D.FEA8.00EB.0@imsu.ox.ac.uk> Hi everyone, I know this isn't the most popular feature of MailScanner, but if a brave soul can help, I would be very grateful. I am playing with the Rejection report and I would need help customising it (/etc/MailScanner/reports/en/rejection.report.txt). The problem I have is that the rejection message is sent "From: $to " which would work normally but our ISP forwards the messages to us not to the aliases our users are know under but to their username. For example firstname.lastname@department.domain is forwarded to us as username@server.domain. The rejection report that MailScanner produces will come from username@server.domain which the sender will never be able to reconcile with the address they originally sent to, i.e. firstname.lastname@department.domain . How can I get the correct information in the rejection.report.txt file? How do I get the real RCPT TO in the report? Or how can I include the whole incoming message in the report (that sounds a very bad idea..., forget I said that). Anyone who can help out there? And before somebody asks... I want to use that feature for very specific cases, nothing to do with bouncing spam... Thanks in advance, Sylvain MailScanner: 4.55.10 MTA: sendmail 8.13.6 MailWatch: 1.0.3 -- ============================================ Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford, OX3 9DU, UK ============================================ From Denis.Beauchemin at USherbrooke.ca Tue Feb 13 16:09:43 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 13 15:14:26 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130655u78d97ac7wb82a2091e01854e6@mail.gmail.com> References: <200702131315.l1DDFxsb016562@netra.database.it> <45D1CDE4.1010800@USherbrooke.ca> <223f97700702130655u78d97ac7wb82a2091e01854e6@mail.gmail.com> Message-ID: <45D1D4B7.7060404@USherbrooke.ca> Glenn Steen a ?crit : > On 13/02/07, Denis Beauchemin wrote: > (snip) >> 2. ln -s /etc/mail/spamassassin/mailscanner.cf >> /etc/mail/spamassassin/mailscanner.cf > Eh, no. > Not good to try link to oneself:-). This would (of course) just raise > an error. Do the link as I suggested it though and things should be > fine:-). Oops! Thanks for pointing that out. I messed up with my copy/paste... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/fa61e2e9/smime.bin From steve.swaney at fsl.com Tue Feb 13 16:29:35 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Feb 13 15:33:56 2007 Subject: OT: Hiring In-Reply-To: <45D09C25.6090307@nkpanama.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> Message-ID: <010301c74f83$c4b69a80$4e23cf80$@swaney@fsl.com> Thanks for inquiring about the opening but we were able to fill this opening with the very first applicant. I was amazed at how many very talented and qualified applicants we had. The MailScanner list members are a very sharp group! Best regards, Steve Steve Swaney steve@fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: Monday, February 12, 2007 11:56 AM > To: MailScanner discussion > Subject: Re: OT: Hiring > > Could you describe the needs/wants you would have from this staffer? > What would they(me?) need to accomplish? > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > We need to hire some additional part time staff who can help with > > support for MailScanner, MailScanner related applications, MTAs and > our > > DefenderMX application. We will train you on DefenderMX. > > > > Salary is commensurate with qualifications and location anywhere is > the > > world is just fine, you just need a high speed Internet link. Hour > are > > flexible and the working environment is great J. Reasonable English > > skill is required and an additional language would be useful but not > > necessary. > > > > Please send you qualifications and desired compensation level > directly > > to hiring@fsl.com > > > > Thanks > > > > - -- > > Steve Swaney > > President > > Fort Systems Ltd. > > steve@fsl.com > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.5.3 (Build 5003) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > > 7sxp1o/rT/ptelv7aiTtLfs= > > =D4j/ > > -----END PGP SIGNATURE----- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Feb 13 16:35:25 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Feb 13 15:39:46 2007 Subject: OT: Hiring In-Reply-To: <010301c74f83$c4b69a80$4e23cf80$@swaney@fsl.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> <010301c74f83$c4b69a80$4e23cf80$@swaney@fsl.com> Message-ID: <010c01c74f84$952fe590$bf8fb0b0$@swaney@fsl.com> Sorry this went out to the list by mistake. It was meant to go the sender. However the part about "The MailScanner list members are a very sharp group!" is certainly true :) Steve Steve Swaney steve@fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: Tuesday, February 13, 2007 10:30 AM > To: 'MailScanner discussion' > Subject: RE: OT: Hiring > > Thanks for inquiring about the opening but we were able to fill this > opening > with the very first applicant. I was amazed at how many very talented > and > qualified applicants we had. The MailScanner list members are a very > sharp > group! > > Best regards, > > Steve > > Steve Swaney > steve@fsl.com > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > > Sent: Monday, February 12, 2007 11:56 AM > > To: MailScanner discussion > > Subject: Re: OT: Hiring > > > > Could you describe the needs/wants you would have from this staffer? > > What would they(me?) need to accomplish? > > > > Julian Field wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > We need to hire some additional part time staff who can help with > > > support for MailScanner, MailScanner related applications, MTAs and > > our > > > DefenderMX application. We will train you on DefenderMX. > > > > > > Salary is commensurate with qualifications and location anywhere is > > the > > > world is just fine, you just need a high speed Internet link. Hour > > are > > > flexible and the working environment is great J. Reasonable English > > > skill is required and an additional language would be useful but > not > > > necessary. > > > > > > Please send you qualifications and desired compensation level > > directly > > > to hiring@fsl.com > > > > > > Thanks > > > > > > - -- > > > Steve Swaney > > > President > > > Fort Systems Ltd. > > > steve@fsl.com > > > > > > - -- > > > Julian Field MEng CITP > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP Desktop 9.5.3 (Build 5003) > > > Comment: (pgp-secured) > > > Charset: ISO-8859-1 > > > > > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > > > 7sxp1o/rT/ptelv7aiTtLfs= > > > =D4j/ > > > -----END PGP SIGNATURE----- > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Feb 13 17:22:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 16:27:10 2007 Subject: Mqueue.in huge In-Reply-To: <200702131505.l1DF5rbq018374@netra.database.it> References: <223f97700702130624g162f2accl4a201e30143c9423@mail.gmail.com> <200702131505.l1DF5rbq018374@netra.database.it> Message-ID: <223f97700702130822s7d97ceeaw20802ce942d2d74c@mail.gmail.com> On 13/02/07, Marcello Anderlini wrote: > I make the symlink but the problem seem to be still presents. > Now my mqueue.in is running about 120/130 msg waiting and is growing. The > only way to decrease it is to not use spamassassin. Ok. > I notice anyway that msg are still marked spam using black-list, I suppose > directly by Mailscanner and I can delete it if I change > "Spam Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > delete. Could this be a solution ? Only a temporary one, IMO. You do want SA to have its say:-). > But How can I understand where spamassassin is slowing ? Can spamassassin -D > -t generate a log with timing ? Like the MailWatch thing? Unfortunately I know of no such thing (doesn't necessarily mean there is none:-). One could probably just change the MailWatch thing a bit so that it'd use a message and not really the --lint thing... Looking at that.... In sa_lint.php around line 24 you could probably change if(!$fp = popen(SA_DIR.'spamassassin -x -D -p '.SA_PREFS.' --lint 2>&1','r')) { to something like if(!$fp = popen(SA_DIR.'spamassassin -x -D -t /path/to/your/test/message 2>&1','r')) { ... and then restart apache and your browser. When you the run the "SA lint" on the Tools page, you should get a timed variant of that ... in theory, I've not tested this:-). Keep a copy of the original file, just in case:-):-). > I'll update mailscanner as soon as possible. > Good plan. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Tue Feb 13 17:27:25 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Feb 13 16:31:47 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk> Message-ID: <45D1E6ED.1040908@fsl.com> Hi Ian, Ian wrote: > I posted to this list because it only happens when the mail is passed through MailScanner, so > I actually need help on debugging on what happens to the message when it is passed to > spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin > thinks is the bad url. > > Is it the domain name of the server? The name of the perl script? Something else I'm not > seeing? > > What does the MailScanner option: > > Debug SpamAssassin = yes > > actually do? Where do I read the debug output? > > Any help would be appreciated. Try this: Place the attached file into your CustomFunctions directory (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), then in MailScanner.conf set: Always Looked Up Last = &SALongReport Then do a full restart of MailScanner and run the message in question through MailScanner again. You will now see the full SpamAssassin report in the mail log which should contain all the information that you need. Hope this helps. Please report back your findings to the list if it does. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. -------------- next part -------------- A non-text attachment was scrubbed... Name: SALongReport.pm Type: application/x-perl Size: 1604 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/ce3bd22c/SALongReport.bin From chandler.lists at chapman.edu Tue Feb 13 17:42:43 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 16:47:17 2007 Subject: Slow MailScanner Message-ID: <45D1EA83.9070906@chapman.edu> I have two servers. Here's one: aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) processed in 12.81 seconds Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed in 6.56 seconds Here's the other: > spacecowboy# tail -f /var/log/maillog |grep rocessed > Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) > processed in 252.21 seconds > Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) > processed in 61.60 seconds > Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) > processed in 86.83 seconds > Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) > processed in 31.38 seconds > Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) > processed in 166.69 seconds > Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) > processed in 531.03 seconds > Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) > processed in 384.67 seconds > Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) > processed in 97.58 seconds > Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) > processed in 62.52 seconds > Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) > processed in 24.16 seconds > Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) > processed in 647.57 seconds > Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) > processed in 68.93 seconds Any idea what would be causing this? Same configuration, same MX priority. The one with delays has built quite the queue backlog. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From cobalt-users1 at fishnet.co.uk Tue Feb 13 17:51:18 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 13 16:55:47 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D1E6ED.1040908@fsl.com> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk>, <45D1E6ED.1040908@fsl.com> Message-ID: <45D1EC86.12755.4EA2927@cobalt-users1.fishnet.co.uk> On 13 Feb 2007 at 16:27, Steve Freegard wrote: > Hi Ian, > > Ian wrote: > > I posted to this list because it only happens when the mail is passed through MailScanner, so > > I actually need help on debugging on what happens to the message when it is passed to > > spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin > > thinks is the bad url. > > > > Is it the domain name of the server? The name of the perl script? Something else I'm not > > seeing? > > > > What does the MailScanner option: > > > > Debug SpamAssassin = yes > > > > actually do? Where do I read the debug output? > > > > Any help would be appreciated. > > Try this: > > Place the attached file into your CustomFunctions directory > (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), > then in MailScanner.conf set: > > Always Looked Up Last = &SALongReport Hi Steve, Thanks for this. I already have: Always Looked Up Last = &MailWatchLogging So I did a bit of hacking and added the line: MailScanner::Log::InfoLog($message->{salongreport}); to the 'MailWatchLogging' subrouting after: # Don't bother trying to do an insert if no message is passed-in return unless $message; I'll let you know how I go on. Thanks for your help Ian -- > Then do a full restart of MailScanner and run the message in question > through MailScanner again. You will now see the full SpamAssassin > report in the mail log which should contain all the information that you > need. > > Hope this helps. Please report back your findings to the list if it does. > > Kind regards, > Steve. > > -- > Steve Freegard > Development Director > Fort Systems Ltd. > From m.anderlini at database.it Tue Feb 13 17:56:06 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 17:00:45 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130822s7d97ceeaw20802ce942d2d74c@mail.gmail.com> Message-ID: <200702131656.l1DGu3BA014506@netra.database.it> But I have not MailWatch installed. I think now the best things it's to upgrade Mailscanner and see if things get better or not. Let me try. Thanks again. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: martedì 13 febbraio 2007 17.23 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 13/02/07, Marcello Anderlini wrote: > > I make the symlink but the problem seem to be still presents. > > Now my mqueue.in is running about 120/130 msg waiting and > is growing. > > The only way to decrease it is to not use spamassassin. > Ok. > > > I notice anyway that msg are still marked spam using black-list, I > > suppose directly by Mailscanner and I can delete it if I > change "Spam > > Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > > delete. Could this be a solution ? > Only a temporary one, IMO. You do want SA to have its say:-). > > > But How can I understand where spamassassin is slowing ? Can > > spamassassin -D -t generate a log with timing ? > Like the MailWatch thing? Unfortunately I know of no such > thing (doesn't necessarily mean there is none:-). One could > probably just change the MailWatch thing a bit so that it'd > use a message and not really the --lint thing... Looking at > that.... In sa_lint.php around line 24 you could probably > change if(!$fp = popen(SA_DIR.'spamassassin -x -D -p > '.SA_PREFS.' --lint 2>&1','r')) { to something like if(!$fp = > popen(SA_DIR.'spamassassin -x -D -t > /path/to/your/test/message 2>&1','r')) { ... and then restart > apache and your browser. When you the run the "SA lint" on > the Tools page, you should get a timed variant of that ... in > theory, I've not tested this:-). Keep a copy of the original > file, just in case:-):-). > > > I'll update mailscanner as soon as possible. > > > Good plan. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From Howard at harper-adams.ac.uk Tue Feb 13 17:57:18 2007 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Tue Feb 13 17:02:40 2007 Subject: Diskspace on redhat ent 3 Message-ID: Dear List I had what amounts to a DOS attack on Friday when one of our users decided to email 900+ external accounts with a 4.2mb attachment. Given that our normal total daily through put is <1gb it was an unusual load for our box. After a while the server ran out of space on /var, where all the spool queues are, and whilst it didn't actually stop it went VERY slowly. After releasing some disk space it ran with a load of 7 for quite some time. What would be the best option that will allow me to put the queues somewhere else so that there is a bit more of a cushion? I could use part of the /usr directory as it has quite a bit of free space or create a new partition. If I do this is it better to recompile Sendmail to look at the new directory or use a link pointing to the new location? Same with MailScanner - editing MailScanner.conf or using link to the new location? Thanks Regards Howard Robinson, (Senior Technical Development Officer), Harper Adams University College, Edgmond, Newport, Shropshire , TF10 8NB. Tel. Direct 01952 815253 Tel. Switch Board 01952 820280 Fax 01952 814783 Email hrobinson@harper-adams.ac.uk Web www.harper-adams.ac.uk From m.anderlini at database.it Tue Feb 13 17:58:47 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 17:03:07 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <45D1CDE4.1010800@USherbrooke.ca> Message-ID: <200702131658.l1DGwjhc017170@netra.database.it> Hello,is there any rpm repository for mailscanner on centos ? It would be great just install or update all with a simple yum update. Best regards. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From naolson at gmail.com Tue Feb 13 18:03:05 2007 From: naolson at gmail.com (Nathan Olson) Date: Tue Feb 13 17:07:29 2007 Subject: Slow MailScanner In-Reply-To: <45D1EA83.9070906@chapman.edu> References: <45D1EA83.9070906@chapman.edu> Message-ID: <8f54b4330702130903j28d9911ag91afa7e47d8865cf@mail.gmail.com> Local caching nameserver isn't running on the second one? Nate From chandler.lists at chapman.edu Tue Feb 13 18:11:18 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 17:15:43 2007 Subject: Slow MailScanner In-Reply-To: <8f54b4330702130903j28d9911ag91afa7e47d8865cf@mail.gmail.com> References: <45D1EA83.9070906@chapman.edu> <8f54b4330702130903j28d9911ag91afa7e47d8865cf@mail.gmail.com> Message-ID: <45D1F136.9050101@chapman.edu> Nathan Olson wrote: > Local caching nameserver isn't running on the second one? > > Nate Good guess, but no. I've got a few blacklists running on a local DNS server, but I didn't configure a local caching DNS server for either box. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dave.list at pixelhammer.com Tue Feb 13 18:13:22 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 13 17:18:09 2007 Subject: Slow MailScanner In-Reply-To: <45D1EA83.9070906@chapman.edu> References: <45D1EA83.9070906@chapman.edu> Message-ID: <45D1F1B2.2020708@pixelhammer.com> Jay Chandler wrote: > I have two servers. > > Here's one: > > aconcagua# tail -f /var/log/maillog |grep rocessed > Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) > processed in 6.66 seconds > Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) > processed in 10.06 seconds > Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.11 seconds > Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) > processed in 6.70 seconds > Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) > processed in 8.74 seconds > Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) > processed in 12.81 seconds > Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) > processed in 7.75 seconds > Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) > processed in 6.53 seconds > Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.41 seconds > Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) > processed in 6.56 seconds > > Here's the other: > >> spacecowboy# tail -f /var/log/maillog |grep rocessed >> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) >> processed in 252.21 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) >> processed in 61.60 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) >> processed in 86.83 seconds >> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >> processed in 31.38 seconds >> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) >> processed in 166.69 seconds >> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >> processed in 531.03 seconds >> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) >> processed in 384.67 seconds >> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >> processed in 97.58 seconds >> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) >> processed in 62.52 seconds >> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >> processed in 24.16 seconds >> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) >> processed in 647.57 seconds >> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >> processed in 68.93 seconds > > Any idea what would be causing this? Same configuration, same MX > priority. The one with delays has built quite the queue backlog. > Can both machines resolve DNS with the same speed? Do you have a caching name server on both machines? Is the Bays DB the same size on both machines? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From ecasarero at gmail.com Tue Feb 13 18:17:04 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Feb 13 17:21:27 2007 Subject: Slow MailScanner In-Reply-To: <45D1F1B2.2020708@pixelhammer.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> Message-ID: <7d9b3cf20702130917v59c7a0fax226e43a06684ba31@mail.gmail.com> how is your expire bayes conf? 2007/2/13, DAve : > > Jay Chandler wrote: > > I have two servers. > > > > Here's one: > > > > aconcagua# tail -f /var/log/maillog |grep rocessed > > Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) > > processed in 6.66 seconds > > Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) > > processed in 10.06 seconds > > Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) > > processed in 6.11 seconds > > Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) > > processed in 6.84 seconds > > Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) > > processed in 6.70 seconds > > Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) > > processed in 8.74 seconds > > Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) > > processed in 12.81 seconds > > Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) > > processed in 7.75 seconds > > Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) > > processed in 6.53 seconds > > Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) > > processed in 6.41 seconds > > Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) > > processed in 6.84 seconds > > Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) > > processed in 6.56 seconds > > > > Here's the other: > > > >> spacecowboy# tail -f /var/log/maillog |grep rocessed > >> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) > >> processed in 252.21 seconds > >> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) > >> processed in 61.60 seconds > >> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) > >> processed in 86.83 seconds > >> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) > >> processed in 31.38 seconds > >> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) > >> processed in 166.69 seconds > >> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) > >> processed in 531.03 seconds > >> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) > >> processed in 384.67 seconds > >> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) > >> processed in 97.58 seconds > >> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) > >> processed in 62.52 seconds > >> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) > >> processed in 24.16 seconds > >> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) > >> processed in 647.57 seconds > >> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) > >> processed in 68.93 seconds > > > > Any idea what would be causing this? Same configuration, same MX > > priority. The one with delays has built quite the queue backlog. > > > > Can both machines resolve DNS with the same speed? > Do you have a caching name server on both machines? > Is the Bays DB the same size on both machines? > > DAve > > > -- > Three years now I've asked Google why they don't have a > logo change for Memorial Day. Why do they choose to do logos > for other non-international holidays, but nothing for > Veterans? > > Maybe they forgot who made that choice possible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/30373174/attachment.html From ssilva at sgvwater.com Tue Feb 13 18:30:38 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 17:35:29 2007 Subject: Slow MailScanner In-Reply-To: <45D1EA83.9070906@chapman.edu> References: <45D1EA83.9070906@chapman.edu> Message-ID: Jay Chandler spake the following on 2/13/2007 8:42 AM: > I have two servers. > > Here's one: > > aconcagua# tail -f /var/log/maillog |grep rocessed > Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) > processed in 6.66 seconds > Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) > processed in 10.06 seconds > Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.11 seconds > Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) > processed in 6.70 seconds > Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) > processed in 8.74 seconds > Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) > processed in 12.81 seconds > Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) > processed in 7.75 seconds > Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) > processed in 6.53 seconds > Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.41 seconds > Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) > processed in 6.56 seconds > > Here's the other: > >> spacecowboy# tail -f /var/log/maillog |grep rocessed >> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) >> processed in 252.21 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) >> processed in 61.60 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) >> processed in 86.83 seconds >> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >> processed in 31.38 seconds >> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) >> processed in 166.69 seconds >> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >> processed in 531.03 seconds >> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) >> processed in 384.67 seconds >> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >> processed in 97.58 seconds >> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) >> processed in 62.52 seconds >> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >> processed in 24.16 seconds >> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) >> processed in 647.57 seconds >> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >> processed in 68.93 seconds > > Any idea what would be causing this? Same configuration, same MX > priority. The one with delays has built quite the queue backlog. > There could be any number of things going wrong. Have you tried the obvious such as linting or debugging each server? Check that both are really identical? Maybe a perl module difference. Have you done any basic hardware tests like hdparm -tT or bonnie++? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From chandler.lists at chapman.edu Tue Feb 13 18:37:53 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 17:42:17 2007 Subject: Slow MailScanner In-Reply-To: <45D1F1B2.2020708@pixelhammer.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> Message-ID: <45D1F771.2020608@chapman.edu> DAve wrote: > Jay Chandler wrote: >> I have two servers. >> >> Here's one: >> >> aconcagua# tail -f /var/log/maillog |grep rocessed >> Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) >> processed in 6.66 seconds >> Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) >> processed in 10.06 seconds >> Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) >> processed in 6.11 seconds >> Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) >> processed in 6.84 seconds >> Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) >> processed in 6.70 seconds >> Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) >> processed in 8.74 seconds >> Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >> processed in 12.81 seconds >> Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) >> processed in 7.75 seconds >> Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) >> processed in 6.53 seconds >> Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) >> processed in 6.41 seconds >> Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) >> processed in 6.84 seconds >> Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) >> processed in 6.56 seconds >> >> Here's the other: >> >>> spacecowboy# tail -f /var/log/maillog |grep rocessed >>> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) >>> processed in 252.21 seconds >>> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) >>> processed in 61.60 seconds >>> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) >>> processed in 86.83 seconds >>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>> processed in 31.38 seconds >>> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) >>> processed in 166.69 seconds >>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>> processed in 531.03 seconds >>> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) >>> processed in 384.67 seconds >>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>> processed in 97.58 seconds >>> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) >>> processed in 62.52 seconds >>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>> processed in 24.16 seconds >>> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) >>> processed in 647.57 seconds >>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>> processed in 68.93 seconds >> >> Any idea what would be causing this? Same configuration, same MX >> priority. The one with delays has built quite the queue backlog. >> > > Can both machines resolve DNS with the same speed? > Do you have a caching name server on both machines? > Is the Bays DB the same size on both machines? > > I've been wrestling with this a bit. A few questions: 1. How do I set up a caching nameserver? Can someone throw me a link? 2. I've searched high and low, but I can't find the bayes DB location. I never explicitly set it up, but it's apparently running... Output of mailscanner --lint below: spacecowboy# mailscanner --lint Read 759 hostnames from the phishing whitelist Checking version numbers... Version number in MailScanner.conf (4.58.9) is correct. MailScanner setting GID to (125) MailScanner setting UID to (125) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error SpamAssassin reported no errors. Using locktype = flock MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: bitdefender, clamavmodule -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From ssilva at sgvwater.com Tue Feb 13 18:35:13 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 17:44:25 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: Message-ID: Howard Robinson spake the following on 2/13/2007 8:57 AM: > Dear List > I had what amounts to a DOS attack on Friday when one of our users > decided to email 900+ external accounts with a 4.2mb attachment. Given > that our normal total daily through put is <1gb it was an unusual load > for our box. After a while the server ran out of space on /var, where > all the spool queues are, and whilst it didn't actually stop it went > VERY slowly. After releasing some disk space it ran with a load of 7 > for quite some time. > > What would be the best option that will allow me to put the queues > somewhere else so that there is a bit more of a cushion? I could use > part of the /usr directory as it has quite a bit of free space or create > a new partition. > If I do this is it better to recompile Sendmail to look at the new > directory or use a link pointing to the new location? > Same with MailScanner - editing MailScanner.conf or using link to the > new location? > > Thanks You could symlink in some space from another partition, maybe the quarantine directory or /var/tmp. Or you could move some of the queue into a different partition and move it back a little at a time. I try to leave 5 or 10 gigs free somewhere to have space I can toss in for emergencies. You could also use some space on a usb2 hard drive in an emergency, although it could be slow. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From sandrews at andrewscompanies.com Tue Feb 13 18:48:24 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Feb 13 17:52:45 2007 Subject: Slow MailScanner References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> Bayes dbs are typically in ./root or /etc/MailScanner/bayes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay Chandler Sent: Tuesday, February 13, 2007 12:38 PM To: MailScanner discussion Subject: Re: Slow MailScanner DAve wrote: > Jay Chandler wrote: >> I have two servers. >> >> Here's one: >> >> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed >> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed >> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed >> in 6.56 seconds >> >> Here's the other: >> >>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 08:38:57 >>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch >>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 spacecowboy >>> MailScanner[53408]: Batch (4 messages) processed in 86.83 seconds >>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>> processed in 31.38 seconds Feb 13 08:39:17 spacecowboy >>> MailScanner[54987]: Batch (8 messages) processed in 166.69 seconds >>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>> processed in 531.03 seconds Feb 13 08:39:21 spacecowboy >>> MailScanner[53398]: Batch (14 messages) processed in 384.67 seconds >>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>> processed in 97.58 seconds Feb 13 08:39:32 spacecowboy >>> MailScanner[54123]: Batch (2 messages) processed in 62.52 seconds >>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>> processed in 24.16 seconds Feb 13 08:39:39 spacecowboy >>> MailScanner[55686]: Batch (30 messages) processed in 647.57 seconds >>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>> processed in 68.93 seconds >> >> Any idea what would be causing this? Same configuration, same MX >> priority. The one with delays has built quite the queue backlog. >> > > Can both machines resolve DNS with the same speed? > Do you have a caching name server on both machines? > Is the Bays DB the same size on both machines? > > I've been wrestling with this a bit. A few questions: 1. How do I set up a caching nameserver? Can someone throw me a link? 2. I've searched high and low, but I can't find the bayes DB location. I never explicitly set it up, but it's apparently running... Output of mailscanner --lint below: spacecowboy# mailscanner --lint Read 759 hostnames from the phishing whitelist Checking version numbers... Version number in MailScanner.conf (4.58.9) is correct. MailScanner setting GID to (125) MailScanner setting UID to (125) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error SpamAssassin reported no errors. Using locktype = flock MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: bitdefender, clamavmodule -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From chandler.lists at chapman.edu Tue Feb 13 18:56:53 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 18:02:10 2007 Subject: Slow MailScanner In-Reply-To: <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> Message-ID: <45D1FBE5.8040203@chapman.edu> sandrews@andrewscompanies.com wrote: > Bayes dbs are typically in ./root or /etc/MailScanner/bayes > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay > Chandler > Sent: Tuesday, February 13, 2007 12:38 PM > To: MailScanner discussion > Subject: Re: Slow MailScanner > > DAve wrote: > >> Jay Chandler wrote: >> >>> I have two servers. >>> >>> Here's one: >>> >>> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >>> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >>> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >>> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >>> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >>> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed >>> > > >>> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >>> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >>> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >>> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >>> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >>> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >>> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed >>> > > >>> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >>> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >>> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >>> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed >>> > > >>> in 6.56 seconds >>> >>> Here's the other: >>> >>> >>>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 08:38:57 >>>> > > >>>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch >>>> > > >>>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 spacecowboy >>>> MailScanner[53408]: Batch (4 messages) processed in 86.83 seconds >>>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>>> processed in 31.38 seconds Feb 13 08:39:17 spacecowboy >>>> MailScanner[54987]: Batch (8 messages) processed in 166.69 seconds >>>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>>> processed in 531.03 seconds Feb 13 08:39:21 spacecowboy >>>> MailScanner[53398]: Batch (14 messages) processed in 384.67 seconds >>>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>>> processed in 97.58 seconds Feb 13 08:39:32 spacecowboy >>>> MailScanner[54123]: Batch (2 messages) processed in 62.52 seconds >>>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>>> processed in 24.16 seconds Feb 13 08:39:39 spacecowboy >>>> MailScanner[55686]: Batch (30 messages) processed in 647.57 seconds >>>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>>> processed in 68.93 seconds >>>> >>> Any idea what would be causing this? Same configuration, same MX >>> priority. The one with delays has built quite the queue backlog. >>> >>> >> Can both machines resolve DNS with the same speed? >> Do you have a caching name server on both machines? >> Is the Bays DB the same size on both machines? >> >> >> > I've been wrestling with this a bit. > > A few questions: > > 1. How do I set up a caching nameserver? Can someone throw me a link? > > 2. I've searched high and low, but I can't find the bayes DB location. > I never explicitly set it up, but it's apparently running... > > Output of mailscanner --lint below: > > spacecowboy# mailscanner --lint > Read 759 hostnames from the phishing whitelist Checking version > numbers... > Version number in MailScanner.conf (4.58.9) is correct. > MailScanner setting GID to (125) > MailScanner setting UID to (125) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error > SpamAssassin reported no errors. > Using locktype = flock > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: bitdefender, clamavmodule > > > > -- > Jay Chandler > Network Administrator, Chapman University > 714.628.7249 / chandler@chapman.edu > Today's Excuse: Processes running slowly due to weak power supply > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since this is from the FreeBSD ports tree). So, getting desperate to clear the backlog, I ran sa-learn --clear on the troubled box, and went to get myself a cup of coffee from the break room. On the plus side, I now have coffee. On the downside, it's still taking upwards of 20 seconds per message. The nameserver config is the same. The hardware SHOULD be good-- these boxes are identical, and a month old. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From chandler.lists at chapman.edu Tue Feb 13 19:05:29 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 18:10:24 2007 Subject: Slow MailScanner In-Reply-To: <45D1FBE5.8040203@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> Message-ID: <45D1FDE9.2080601@chapman.edu> Jay Chandler wrote: > sandrews@andrewscompanies.com wrote: >> Bayes dbs are typically in ./root or /etc/MailScanner/bayes >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay >> Chandler >> Sent: Tuesday, February 13, 2007 12:38 PM >> To: MailScanner discussion >> Subject: Re: Slow MailScanner >> >> DAve wrote: >> >>> Jay Chandler wrote: >>> >>>> I have two servers. >>>> >>>> Here's one: >>>> >>>> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >>>> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >>>> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >>>> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >>>> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >>>> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed >>>> >> >> >>>> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >>>> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >>>> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >>>> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >>>> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >>>> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >>>> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed >>>> >> >> >>>> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >>>> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >>>> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >>>> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed >>>> >> >> >>>> in 6.56 seconds >>>> >>>> Here's the other: >>>> >>>> >>>>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 08:38:57 >>>>> >> >> >>>>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>>>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch >>>>> >> >> >>>>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 >>>>> spacecowboy MailScanner[53408]: Batch (4 messages) processed in >>>>> 86.83 seconds Feb 13 08:39:14 spacecowboy MailScanner[53430]: >>>>> Batch (2 messages) processed in 31.38 seconds Feb 13 08:39:17 >>>>> spacecowboy MailScanner[54987]: Batch (8 messages) processed in >>>>> 166.69 seconds Feb 13 08:39:18 spacecowboy MailScanner[53490]: >>>>> Batch (19 messages) processed in 531.03 seconds Feb 13 08:39:21 >>>>> spacecowboy MailScanner[53398]: Batch (14 messages) processed in >>>>> 384.67 seconds Feb 13 08:39:30 spacecowboy MailScanner[53412]: >>>>> Batch (8 messages) processed in 97.58 seconds Feb 13 08:39:32 >>>>> spacecowboy MailScanner[54123]: Batch (2 messages) processed in >>>>> 62.52 seconds Feb 13 08:39:38 spacecowboy MailScanner[53430]: >>>>> Batch (1 message) processed in 24.16 seconds Feb 13 08:39:39 >>>>> spacecowboy MailScanner[55686]: Batch (30 messages) processed in >>>>> 647.57 seconds Feb 13 08:39:48 spacecowboy MailScanner[56780]: >>>>> Batch (5 messages) processed in 68.93 seconds >>>>> >>>> Any idea what would be causing this? Same configuration, same MX >>>> priority. The one with delays has built quite the queue backlog. >>>> >>>> >>> Can both machines resolve DNS with the same speed? >>> Do you have a caching name server on both machines? >>> Is the Bays DB the same size on both machines? >>> >>> >>> >> I've been wrestling with this a bit. >> >> A few questions: >> >> 1. How do I set up a caching nameserver? Can someone throw me a link? >> >> 2. I've searched high and low, but I can't find the bayes DB >> location. I never explicitly set it up, but it's apparently running... >> >> Output of mailscanner --lint below: >> >> spacecowboy# mailscanner --lint >> Read 759 hostnames from the phishing whitelist Checking version >> numbers... >> Version number in MailScanner.conf (4.58.9) is correct. >> MailScanner setting GID to (125) >> MailScanner setting UID to (125) >> >> Checking for SpamAssassin errors (if you use it)... >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> pyzor: check failed: internal error >> SpamAssassin reported no errors. >> Using locktype = flock >> MailScanner.conf says "Virus Scanners = auto" >> Found these virus scanners installed: bitdefender, clamavmodule >> >> >> >> -- >> Jay Chandler >> Network Administrator, Chapman University >> 714.628.7249 / chandler@chapman.edu >> Today's Excuse: Processes running slowly due to weak power supply >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since > this is from the FreeBSD ports tree). > > So, getting desperate to clear the backlog, I ran sa-learn --clear on > the troubled box, and went to get myself a cup of coffee from the > break room. > On the plus side, I now have coffee. On the downside, it's still > taking upwards of 20 seconds per message. > > The nameserver config is the same. The hardware SHOULD be good-- > these boxes are identical, and a month old. > Very interesting. A restart of the box, and the queue is gone, and load times are reasonable. I suspect there's something stealing all the RAM after a few days-- possibly MailScanner. I'll have to investigate this the next time it happens. Thanks to all who helped-- I'm still debating the merits of a caching nameserver. Also-- would there be any benefit to setting up bayes in a SQL environment to share between the two servers? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From doc at maddoc.net Tue Feb 13 19:15:51 2007 From: doc at maddoc.net (Doc Schneider) Date: Tue Feb 13 18:20:13 2007 Subject: Slow MailScanner In-Reply-To: <45D1FDE9.2080601@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> Message-ID: <45D20057.2000902@maddoc.net> Jay Chandler wrote: [massive snip] >> Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since >> this is from the FreeBSD ports tree). >> >> So, getting desperate to clear the backlog, I ran sa-learn --clear on >> the troubled box, and went to get myself a cup of coffee from the >> break room. >> On the plus side, I now have coffee. On the downside, it's still >> taking upwards of 20 seconds per message. >> >> The nameserver config is the same. The hardware SHOULD be good-- >> these boxes are identical, and a month old. >> > Very interesting. A restart of the box, and the queue is gone, and load > times are reasonable. I suspect there's something stealing all the RAM > after a few days-- possibly MailScanner. I'll have to investigate this > the next time it happens. > > Thanks to all who helped-- I'm still debating the merits of a caching > nameserver. > > Also-- would there be any benefit to setting up bayes in a SQL > environment to share between the two servers? > That is the way I do my MailScanner. Using MySQL for everything and also running a DNS server on the boxen itself. So, yes, there are a lot of benefits to going DNS and MySQL for MailScanner. And a plus is you can share the MySQL between servers. 8*) -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ssilva at sgvwater.com Tue Feb 13 19:19:48 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 18:24:38 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702131658.l1DGwjhc017170@netra.database.it> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> Message-ID: Marcello Anderlini spake the following on 2/13/2007 8:58 AM: > Hello,is there any rpm repository for mailscanner on centos ? It would be > great just install or update all with a simple yum update. > > Best regards. > That would be great, but no one has stepped up to create one that I know of. The install packages that Julian has work great already. The download is larger, but it works. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Tue Feb 13 19:22:19 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 13 18:27:15 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> Message-ID: <45D201DB.4080807@nkpanama.com> How can I contribute? Scott Silva wrote: > Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >> Hello,is there any rpm repository for mailscanner on centos ? It would be >> great just install or update all with a simple yum update. >> >> Best regards. >> > That would be great, but no one has stepped up to create one that I know of. > The install packages that Julian has work great already. The download is > larger, but it works. > From dhawal at netmagicsolutions.com Tue Feb 13 19:26:40 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 18:31:13 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702131658.l1DGwjhc017170@netra.database.it> References: <200702131658.l1DGwjhc017170@netra.database.it> Message-ID: <45D202E0.4090102@netmagicsolutions.com> Marcello Anderlini wrote: > Hello,is there any rpm repository for mailscanner on centos ? It would be > great just install or update all with a simple yum update. it shouldn't be too difficult to create one.. just 'rpmbuild' all the src.rpms from MailScanner-version.rpm.tar.gz and move it to a RPMS folder on any webserver. Also copy any other non-source rpms that are a part of MailScanner-version.rpm.tar.gz to the same location. Next run 'createrepo' in the parent folder (../RPMS) and you now have a yum repository ready for use. Now create a local Centos-MailScanner.repo in /etc/yum.repos.d/ ########## [mailscanner] name=CentOS-\$releasever - MailScanner Updates baseurl=http://your.web.server/path/to/mailscanner/RPMS gpgcheck=0 # the next line is important enabled=0 ########## Finally make sure that you do not enable this repo by default.. but enable it only when required. /usr/bin/yum --enablerepo=mailscanner update You can't/shouldn't automate this since languages.conf and MailScanner.conf need to be updated with most stable releases. - dhawal From dhawal at netmagicsolutions.com Tue Feb 13 19:51:22 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 18:55:56 2007 Subject: Slow MailScanner In-Reply-To: <45D1FDE9.2080601@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> Message-ID: <45D208AA.40605@netmagicsolutions.com> Jay Chandler wrote: > Very interesting. A restart of the box, and the queue is gone, and load > times are reasonable. I suspect there's something stealing all the RAM > after a few days-- possibly MailScanner. I'll have to investigate this > the next time it happens. > > Thanks to all who helped-- I'm still debating the merits of a caching > nameserver. http://wiki.mailscanner.info/doku.php?id=documentation:related_software:caching_nameserver:djbdns > Also-- would there be any benefit to setting up bayes in a SQL > environment to share between the two servers? http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql Both wikis were originally written by me / with a lot of help from others. A SQL storage for bayes will help you.. since now more than one server is contributing to both spam and ham learning. For SQL bayes learning is fast and so is expiry.. plus the SA devs recommend it as the preferred storage back-end. For the caching nameserver a low-end box with a gig (or 2) ram thrown in and good connectivity would be great. You could also simply install the caching-nameserver RPM if you are on redhat/centos.. - dhawal From brent.bolin at gmail.com Tue Feb 13 19:53:33 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 13 18:57:54 2007 Subject: Mailscanner talking to Mysql database Message-ID: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> This is probably not a question for MailScanner folk but I'm hoping someone can help. Trying to get MailWatch working. FBSD 6.2 MailScanner-4.57.6_1 mysql-server-5.0.33 p5-DBD-mysql50-4.0000 p5-DBI-1.53 This server is a recovery from a server crash. The old boxen was FBSD 5.4this is 6.2 Have been able to recover the old mysql database (mysql References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> Message-ID: <45D20AD5.6020600@chapman.edu> Dhawal Doshy wrote: > [snippetry] > > > For the caching nameserver a low-end box with a gig (or 2) ram thrown > in and good connectivity would be great. You could also simply install > the caching-nameserver RPM if you are on redhat/centos.. > > - dhawal Very interesting. Should the caching nameserver be run on the mailservers themselves, or on a different box, and the sole nameserver entry for this box would be the caching box? Building the MySQL server up now... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dhawal at netmagicsolutions.com Tue Feb 13 20:13:42 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 19:18:16 2007 Subject: Slow MailScanner In-Reply-To: <45D20AD5.6020600@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> <45D20AD5.6020600@chapman.edu> Message-ID: <45D20DE6.1020802@netmagicsolutions.com> Jay Chandler wrote: > Dhawal Doshy wrote: >> [snippetry] >> >> For the caching nameserver a low-end box with a gig (or 2) ram thrown >> in and good connectivity would be great. You could also simply install >> the caching-nameserver RPM if you are on redhat/centos.. >> >> - dhawal > Very interesting. Should the caching nameserver be run on the > mailservers themselves, or on a different box, and the sole nameserver > entry for this box would be the caching box? if you can afford a separate server as mentioned above.. great!! else run a local cache with say 100MB size. > Building the MySQL server up now... cool.. give extra attention to the 'bayes_sql_override_username' parameter.. that is where most users get stuck. The old jiscmail link no longer works.. use this one instead: http://article.gmane.org/gmane.mail.virus.mailscanner/29437 - dhawal From chandler.lists at chapman.edu Tue Feb 13 20:26:42 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 19:31:09 2007 Subject: Slow MailScanner In-Reply-To: <45D20DE6.1020802@netmagicsolutions.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> <45D20AD5.6020600@chapman.edu> <45D20DE6.1020802@netmagicsolutions.com> Message-ID: <45D210F2.5030000@chapman.edu> Dhawal Doshy wrote: > Jay Chandler wrote: >> Dhawal Doshy wrote: >>> [snippetry] >>> >>> For the caching nameserver a low-end box with a gig (or 2) ram >>> thrown in and good connectivity would be great. You could also >>> simply install the caching-nameserver RPM if you are on redhat/centos.. >>> >>> - dhawal >> Very interesting. Should the caching nameserver be run on the >> mailservers themselves, or on a different box, and the sole >> nameserver entry for this box would be the caching box? > > if you can afford a separate server as mentioned above.. great!! else > run a local cache with say 100MB size. > >> Building the MySQL server up now... > > cool.. give extra attention to the 'bayes_sql_override_username' > parameter.. that is where most users get stuck. The old jiscmail link > no longer works.. use this one instead: > http://article.gmane.org/gmane.mail.virus.mailscanner/29437 > > - dhawal Funny you should mention that! Followed the Wiki precisely, but got this error: [99745] dbg: bayes: using username: root [99745] dbg: bayes: database connection established [99745] dbg: bayes: found bayes db version 3 [99745] dbg: bayes: unable to initialize database for root user, aborting! I haven't yet found a fix. The root user has a password assigned (particularly from remote machines!) that I haven't put into the config. If you can point me to a fix I'll gladly update the wiki. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dave.list at pixelhammer.com Tue Feb 13 20:27:41 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 13 19:32:27 2007 Subject: Slow MailScanner In-Reply-To: <45D1F771.2020608@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> Message-ID: <45D2112D.2060900@pixelhammer.com> Jay Chandler wrote: > DAve wrote: >> Jay Chandler wrote: >>> I have two servers. >>> >>>>lScanner[55686]: Batch (30 messages) >>>> processed in 647.57 seconds >>>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>>> processed in 68.93 seconds >>> >>> Any idea what would be causing this? Same configuration, same MX >>> priority. The one with delays has built quite the queue backlog. >>> >> >> Can both machines resolve DNS with the same speed? >> Do you have a caching name server on both machines? >> Is the Bays DB the same size on both machines? >> >> > I've been wrestling with this a bit. > > A few questions: > > 1. How do I set up a caching nameserver? Can someone throw me a link? > I highly recommend djbdns. You will need to install tcpserver but it is all very simple. http://cr.yp.to/djbdns.html http://cr.yp.to/daemontools/install.html http://cr.yp.to/ucspi-tcp/install.html Once dbjdns is installed, follow these instructions. http://cr.yp.to/djbdns/run-cache.html That will get a simple dnscache running that will pretty much be bullet proof. We run it on all our servers, web, ftp, pop toasters, mail gateways, and media servers. It makes a considerable difference in DNS lookup times. It is light, simple, efficient, and code small. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From chandler.lists at chapman.edu Tue Feb 13 20:29:59 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 19:34:34 2007 Subject: Slow MailScanner In-Reply-To: <45D2112D.2060900@pixelhammer.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <45D2112D.2060900@pixelhammer.com> Message-ID: <45D211B7.3050406@chapman.edu> DAve wrote: > I highly recommend djbdns. You will need to install tcpserver but it > is all very simple. > http://cr.yp.to/djbdns.html > http://cr.yp.to/daemontools/install.html > http://cr.yp.to/ucspi-tcp/install.html > > Once dbjdns is installed, follow these instructions. > > http://cr.yp.to/djbdns/run-cache.html > > That will get a simple dnscache running that will pretty much be > bullet proof. We run it on all our servers, web, ftp, pop toasters, > mail gateways, and media servers. It makes a considerable difference > in DNS lookup times. It is light, simple, efficient, and code small. > > DAve > The server I'd nominally use as a caching nameserver already runs rbldnsd. I suspect this would cause a conflict, correct? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dhawal at netmagicsolutions.com Tue Feb 13 20:31:03 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 19:35:43 2007 Subject: Slow MailScanner In-Reply-To: <45D210F2.5030000@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> <45D20AD5.6020600@chapman.edu> <45D20DE6.1020802@netmagicsolutions.com> <45D210F2.5030000@chapman.edu> Message-ID: <45D211F7.1080907@netmagicsolutions.com> Jay Chandler wrote: > Dhawal Doshy wrote: >> Jay Chandler wrote: >>> Dhawal Doshy wrote: >>>> [snippetry] >>>> >>>> For the caching nameserver a low-end box with a gig (or 2) ram >>>> thrown in and good connectivity would be great. You could also >>>> simply install the caching-nameserver RPM if you are on redhat/centos.. >>>> >>>> - dhawal >>> Very interesting. Should the caching nameserver be run on the >>> mailservers themselves, or on a different box, and the sole >>> nameserver entry for this box would be the caching box? >> >> if you can afford a separate server as mentioned above.. great!! else >> run a local cache with say 100MB size. >> >>> Building the MySQL server up now... >> >> cool.. give extra attention to the 'bayes_sql_override_username' >> parameter.. that is where most users get stuck. The old jiscmail link >> no longer works.. use this one instead: >> http://article.gmane.org/gmane.mail.virus.mailscanner/29437 >> >> - dhawal > Funny you should mention that! > > Followed the Wiki precisely, but got this error: > > [99745] dbg: bayes: using username: root > [99745] dbg: bayes: database connection established > [99745] dbg: bayes: found bayes db version 3 > [99745] dbg: bayes: unable to initialize database for root user, aborting! > > I haven't yet found a fix. The root user has a password assigned > (particularly from remote machines!) that I haven't put into the > config. If you can point me to a fix I'll gladly update the wiki. > From TFL.. http://article.gmane.org/gmane.mail.virus.mailscanner/29437 mysql> SELECT id, username, spam_count, ham_count, token_count FROM bayes_vars; +----+----------+------------+-----------+-------------+ | id | username | spam_count | ham_count | token_count | +----+----------+------------+-----------+-------------+ | 2 | root | 190707 | 168166 | 124113 | | 3 | apache | 0 | 0 | 0 | +----+----------+------------+-----------+-------------+ 2 rows in set (0.02 sec) Maybe you'll also see a postfix line there.. use the one which has the most tokens. From dhawal at netmagicsolutions.com Tue Feb 13 20:32:55 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 19:37:18 2007 Subject: Slow MailScanner In-Reply-To: <45D211B7.3050406@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <45D2112D.2060900@pixelhammer.com> <45D211B7.3050406@chapman.edu> Message-ID: <45D21267.70208@netmagicsolutions.com> Jay Chandler wrote: > DAve wrote: >> I highly recommend djbdns. You will need to install tcpserver but it >> is all very simple. >> http://cr.yp.to/djbdns.html >> http://cr.yp.to/daemontools/install.html >> http://cr.yp.to/ucspi-tcp/install.html >> >> Once dbjdns is installed, follow these instructions. >> >> http://cr.yp.to/djbdns/run-cache.html >> >> That will get a simple dnscache running that will pretty much be >> bullet proof. We run it on all our servers, web, ftp, pop toasters, >> mail gateways, and media servers. It makes a considerable difference >> in DNS lookup times. It is light, simple, efficient, and code small. >> >> DAve >> > > The server I'd nominally use as a caching nameserver already runs > rbldnsd. I suspect this would cause a conflict, correct? Not on different IP address.. both rbldnsd and djbdns can be bound to different IPs From email at ace.net.au Tue Feb 13 20:38:15 2007 From: email at ace.net.au (Peter Nitschke) Date: Tue Feb 13 19:45:40 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: Message-ID: <200702140608150527.667374BA@smtp1.ace.net.au> Is it still valid to even have a lot of seperate partitions these days? If the hard drive dies you are usually pretty well stuffed no matter how many partitions you have. Mostly our mail servers are single purpose machines, so I just have a 1Gb swap partition and give the rest to /. No problems with partitions running out of space. Or is this still Unix/Linux heresy? Peter *********** REPLY SEPARATOR *********** On 13/02/2007 at 9:35 AM Scott Silva wrote: >Howard Robinson spake the following on 2/13/2007 8:57 AM: >> Dear List >> I had what amounts to a DOS attack on Friday when one of our users >> decided to email 900+ external accounts with a 4.2mb attachment. Given >> that our normal total daily through put is <1gb it was an unusual load >> for our box. After a while the server ran out of space on /var, where >> all the spool queues are, and whilst it didn't actually stop it went >> VERY slowly. After releasing some disk space it ran with a load of 7 >> for quite some time. >> >> What would be the best option that will allow me to put the queues >> somewhere else so that there is a bit more of a cushion? I could use >> part of the /usr directory as it has quite a bit of free space or create >> a new partition. >> If I do this is it better to recompile Sendmail to look at the new >> directory or use a link pointing to the new location? >> Same with MailScanner - editing MailScanner.conf or using link to the >> new location? >> >> Thanks >You could symlink in some space from another partition, maybe the >quarantine >directory or /var/tmp. Or you could move some of the queue into a different >partition and move it back a little at a time. I try to leave 5 or 10 gigs >free somewhere to have space I can toss in for emergencies. You could also >use >some space on a usb2 hard drive in an emergency, although it could be slow. > >-- > >MailScanner is like deodorant... >You hope everybody uses it, and >you notice quickly if they don't!!!! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From jfagan at firstlightnetworks.com Tue Feb 13 20:55:21 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Tue Feb 13 19:58:21 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: References: <45D1CDE4.1010800@USherbrooke.ca><200702131658.l1DGwjhc017170@netra.database.it> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> > Marcello Anderlini spake the following on 2/13/2007 8:58 AM: > > Hello,is there any rpm repository for mailscanner on centos ? It would > be > > great just install or update all with a simple yum update. > > > > Best regards. > > > That would be great, but no one has stepped up to create one that I know > of. > The install packages that Julian has work great already. The download is > larger, but it works. > > I have a couple boxes (1 for sure) that could be used for a repo, but Im not that good at building packages. I have setup repos for CentOS in the past, it would be a little bit a project if people are intersted I can start getting things together on my end in the next week or two. Will be on vacation for a little bit starting today. Im guessing we would need: 1. boxes 2. DNS 3. packager(s) 4. testors 5. victory beers Anything else? Any interest? James From dave.list at pixelhammer.com Tue Feb 13 21:11:03 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 13 20:15:48 2007 Subject: Slow MailScanner In-Reply-To: <45D211B7.3050406@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <45D2112D.2060900@pixelhammer.com> <45D211B7.3050406@chapman.edu> Message-ID: <45D21B57.90802@pixelhammer.com> Jay Chandler wrote: > DAve wrote: >> I highly recommend djbdns. You will need to install tcpserver but it >> is all very simple. >> http://cr.yp.to/djbdns.html >> http://cr.yp.to/daemontools/install.html >> http://cr.yp.to/ucspi-tcp/install.html >> >> Once dbjdns is installed, follow these instructions. >> >> http://cr.yp.to/djbdns/run-cache.html >> >> That will get a simple dnscache running that will pretty much be >> bullet proof. We run it on all our servers, web, ftp, pop toasters, >> mail gateways, and media servers. It makes a considerable difference >> in DNS lookup times. It is light, simple, efficient, and code small. >> >> DAve >> > > The server I'd nominally use as a caching nameserver already runs > rbldnsd. I suspect this would cause a conflict, correct? > We install a copy on each server and replace the root servers entries with our own DNS servers. That way each server does it's lookups off our own DNS which is a bit quicker via our private network. PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND 40588 smmsp 98 0 273M 253M CPU2 0 415.9H 13.04% 13.04% milter-greylist 19620 root 113 0 27484K 26920K CPU3 3 0:03 52.47% 9.52% clamscan 19629 root 116 0 23068K 22448K RUN 1 0:02 54.97% 7.67% clamscan 16584 root -8 0 31740K 30168K piperd 1 0:04 0.39% 0.39% perl5.6.2 16647 root 8 0 29296K 27888K nanslp 3 0:03 0.15% 0.15% perl5.6.2 19487 root 4 0 2696K 2132K connec 2 0:00 0.18% 0.15% sendmail 86396 Gdnscache 76 0 2588K 1916K select 2 698:49 0.05% 0.05% dnscache It uses no resources to speak of yet makes DNS queries very rapidly. Especially where recurring queries for things like URIBL are concerned. DNScache will run locally on 127.0.0.1 in this manner. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From brent.bolin at gmail.com Tue Feb 13 21:12:39 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 13 20:17:03 2007 Subject: Mailscanner talking to Mysql database In-Reply-To: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> References: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> Message-ID: <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> I give up. Scrambling around for an answer for the last 5 hours. Go back and look at the web interface and it's working. wtf On 2/13/07, BB wrote: > > This is probably not a question for MailScanner folk but I'm hoping > someone can help. > > Trying to get MailWatch working. > > FBSD 6.2 > MailScanner-4.57.6_1 > mysql-server-5.0.33 > p5-DBD-mysql50-4.0000 > p5-DBI-1.53 > > This server is a recovery from a server crash. The old boxen was FBSD 5.4this is > 6.2 > > Have been able to recover the old mysql database (mysql > I have all my white/blacklists displayed in MailWatch, but there is > nothing logging to current messages in MailWatch. For that matter nothing > to mysql database. I am able to add/delete white/black lists however. > > Always Looked Up Last = &MailWatchLogging > Detailed Spam Report = yes > Quarantine Whole Message = yes > Quarantine Whole Message As Queue Files = no > Include Scores In SpamAssassin Report = yes > > Definitely Not Spam = &SQLBlacklist > Is Definitely Spam = &SQLBlacklist > > I have made the modifications to - > MailWatch.pm > conf.php > SQLBlackWhiteList.pm > > Anybody have any ideas ? > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/3b4443f1/attachment.html From ssilva at sgvwater.com Tue Feb 13 21:31:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 20:35:42 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702140608150527.667374BA@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> Message-ID: Peter Nitschke spake the following on 2/13/2007 11:38 AM: > Is it still valid to even have a lot of seperate partitions these days? > > If the hard drive dies you are usually pretty well stuffed no matter how > many partitions you have. > > Mostly our mail servers are single purpose machines, so I just have a 1Gb > swap partition and give the rest to /. No problems with partitions running > out of space. > > Or is this still Unix/Linux heresy? > > Peter It is still handy for process separation, I still set up with separate /home /var /usr and sometimes /opt. And I still make the first partition a small /boot (100Megs or so) just because I have seen bootloader problems in the past. I don't think there is any real heresy in linux. It is your system, do what you feel best with it. That is why I like the choice with linux. You can have a large root partition, or make every partition on a separate filesystem. Or in LVM like the current default installers do. Whatever floats your boat! Another thing you can do with separate partitions is mount /usr read only and also do a bind mount and mount the same partition as rw in another place. Not that you would need to, but it is all about the choice! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 13 21:32:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 20:39:24 2007 Subject: Mailscanner talking to Mysql database In-Reply-To: <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> References: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> Message-ID: BB spake the following on 2/13/2007 12:12 PM: > I give up. > > Scrambling around for an answer for the last 5 hours. Go back and look > at the web interface and it's working. > > wtf The server saw you coming with the sledge hammer! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.bolin at gmail.com Tue Feb 13 21:43:47 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 13 20:48:09 2007 Subject: Mailscanner talking to Mysql database In-Reply-To: References: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> Message-ID: <787dcac20702131243u1c8ad943nb5d25f401f06d2c8@mail.gmail.com> :) On 2/13/07, Scott Silva wrote: > > BB spake the following on 2/13/2007 12:12 PM: > > I give up. > > > > Scrambling around for an answer for the last 5 hours. Go back and look > > at the web interface and it's working. > > > > wtf > The server saw you coming with the sledge hammer! > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/5e511dcd/attachment.html From sandrews at andrewscompanies.com Tue Feb 13 22:46:57 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Feb 13 21:51:19 2007 Subject: Slow MailScanner References: <45D1EA83.9070906@chapman.edu><45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu><1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A0D1@winchester.andrewscompanies.com> Turn off bayes and see what happens. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay Chandler Sent: Tuesday, February 13, 2007 12:57 PM To: MailScanner discussion Subject: Re: Slow MailScanner sandrews@andrewscompanies.com wrote: > Bayes dbs are typically in ./root or /etc/MailScanner/bayes > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay > Chandler > Sent: Tuesday, February 13, 2007 12:38 PM > To: MailScanner discussion > Subject: Re: Slow MailScanner > > DAve wrote: > >> Jay Chandler wrote: >> >>> I have two servers. >>> >>> Here's one: >>> >>> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >>> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >>> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >>> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >>> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >>> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) >>> processed >>> > > >>> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >>> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >>> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >>> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >>> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >>> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >>> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) >>> processed >>> > > >>> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >>> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >>> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >>> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) >>> processed >>> > > >>> in 6.56 seconds >>> >>> Here's the other: >>> >>> >>>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 >>>> 08:38:57 >>>> > > >>>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: >>>> Batch >>>> > > >>>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 spacecowboy >>>> MailScanner[53408]: Batch (4 messages) processed in 86.83 seconds >>>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>>> processed in 31.38 seconds Feb 13 08:39:17 spacecowboy >>>> MailScanner[54987]: Batch (8 messages) processed in 166.69 seconds >>>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>>> processed in 531.03 seconds Feb 13 08:39:21 spacecowboy >>>> MailScanner[53398]: Batch (14 messages) processed in 384.67 seconds >>>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>>> processed in 97.58 seconds Feb 13 08:39:32 spacecowboy >>>> MailScanner[54123]: Batch (2 messages) processed in 62.52 seconds >>>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>>> processed in 24.16 seconds Feb 13 08:39:39 spacecowboy >>>> MailScanner[55686]: Batch (30 messages) processed in 647.57 seconds >>>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>>> processed in 68.93 seconds >>>> >>> Any idea what would be causing this? Same configuration, same MX >>> priority. The one with delays has built quite the queue backlog. >>> >>> >> Can both machines resolve DNS with the same speed? >> Do you have a caching name server on both machines? >> Is the Bays DB the same size on both machines? >> >> >> > I've been wrestling with this a bit. > > A few questions: > > 1. How do I set up a caching nameserver? Can someone throw me a link? > > 2. I've searched high and low, but I can't find the bayes DB location. > I never explicitly set it up, but it's apparently running... > > Output of mailscanner --lint below: > > spacecowboy# mailscanner --lint > Read 759 hostnames from the phishing whitelist Checking version > numbers... > Version number in MailScanner.conf (4.58.9) is correct. > MailScanner setting GID to (125) > MailScanner setting UID to (125) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error > SpamAssassin reported no errors. > Using locktype = flock > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: bitdefender, clamavmodule > > > > -- > Jay Chandler > Network Administrator, Chapman University > 714.628.7249 / chandler@chapman.edu > Today's Excuse: Processes running slowly due to weak power supply > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since this is from the FreeBSD ports tree). So, getting desperate to clear the backlog, I ran sa-learn --clear on the troubled box, and went to get myself a cup of coffee from the break room. On the plus side, I now have coffee. On the downside, it's still taking upwards of 20 seconds per message. The nameserver config is the same. The hardware SHOULD be good-- these boxes are identical, and a month old. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Tue Feb 13 23:00:56 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 13 22:05:43 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702140608150527.667374BA@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> Message-ID: <45D1E0B9.65ED.00A2.0@plattesheriff.org> That's what I do .. right or wrong .. Got tired of older installs that ran out of space on (wherever).. One vendor I work with requires their directory be on a different partition. They insisted that if someone did a rm * -Rf from the / that it wouldn't delete the stuff in their directory .. Never tried it honestly probably should .. >>> "Peter Nitschke" 2/13/2007 1:38 PM >>> Is it still valid to even have a lot of seperate partitions these days? If the hard drive dies you are usually pretty well stuffed no matter how many partitions you have. Mostly our mail servers are single purpose machines, so I just have a 1Gb swap partition and give the rest to /. No problems with partitions running out of space. Or is this still Unix/Linux heresy? Peter *********** REPLY SEPARATOR *********** On 13/02/2007 at 9:35 AM Scott Silva wrote: >Howard Robinson spake the following on 2/13/2007 8:57 AM: >> Dear List >> I had what amounts to a DOS attack on Friday when one of our users >> decided to email 900+ external accounts with a 4.2mb attachment. Given >> that our normal total daily through put is <1gb it was an unusual load >> for our box. After a while the server ran out of space on /var, where >> all the spool queues are, and whilst it didn't actually stop it went >> VERY slowly. After releasing some disk space it ran with a load of 7 >> for quite some time. >> >> What would be the best option that will allow me to put the queues >> somewhere else so that there is a bit more of a cushion? I could use >> part of the /usr directory as it has quite a bit of free space or create >> a new partition. >> If I do this is it better to recompile Sendmail to look at the new >> directory or use a link pointing to the new location? >> Same with MailScanner - editing MailScanner.conf or using link to the >> new location? >> >> Thanks >You could symlink in some space from another partition, maybe the >quarantine >directory or /var/tmp. Or you could move some of the queue into a different >partition and move it back a little at a time. I try to leave 5 or 10 gigs >free somewhere to have space I can toss in for emergencies. You could also >use >some space on a usb2 hard drive in an emergency, although it could be slow. > >-- > >MailScanner is like deodorant... >You hope everybody uses it, and >you notice quickly if they don't!!!! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Tue Feb 13 23:08:19 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 13 22:13:09 2007 Subject: LookOUT 2007 In-Reply-To: <45D0F175.2050808@yeticomputers.com> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> Message-ID: <45D1E273.65ED.00A2.0@plattesheriff.org> >I don't object to Microsoft taking advantage of the power of newer >machines, but I do find it rather annoying in the case of Vista that the >*requirements* for the OS are so high. I've seen nothing in Vista that >justifies using so much machine for just the OS. I do need to run a >Vista box so that I can be familiar with the thing when my clients call >with questions about it. The reason I hate Vista is .. on a Vista Business install .. running NOTHING but what the OS put in place takes 350+ mb of ram. This XP machine im on is running XPsp2 Google Chat Groupwise + Notify Groupwise Messenger Daemon Tools iPrint VNC Server Novell Client 32.. and it's humpin along at about 227mb.. From res at ausics.net Tue Feb 13 23:13:33 2007 From: res at ausics.net (Res) Date: Tue Feb 13 22:18:03 2007 Subject: LookOUT 2007 In-Reply-To: <20070213135237.GC29603@bnl.gov> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> Message-ID: On Tue, 13 Feb 2007, Tim Sailer wrote: > On Tue, Feb 13, 2007 at 02:54:56PM +1000, Res wrote: >> You remind me of the guy who came and wanted to do some work, a 25yo >> all hyped up with his M$ certs, and when I told him they meant nothing to > > Remember: MCSE - Must Consult Someone Experienced :) ROFLMFAO :) I gota remember that one, thanks Tim :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From sailer at bnl.gov Tue Feb 13 23:18:59 2007 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 13 22:23:31 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> Message-ID: <20070213221859.GA18386@bnl.gov> On Wed, Feb 14, 2007 at 08:13:33AM +1000, Res wrote: > On Tue, 13 Feb 2007, Tim Sailer wrote: > > >On Tue, Feb 13, 2007 at 02:54:56PM +1000, Res wrote: > >>You remind me of the guy who came and wanted to do some work, a 25yo > >>all hyped up with his M$ certs, and when I told him they meant nothing to > > > >Remember: MCSE - Must Consult Someone Experienced :) > > ROFLMFAO :) > > I gota remember that one, thanks Tim :P :) My brother, who is an MCSE, told me that one. He's actually MCSE+I, so he claims that the +I stands for "and Intelligent". :) Tim -- Tim Sailer DoE Intelligence and Counterintelligence - Cyber Division Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From res at ausics.net Tue Feb 13 23:22:03 2007 From: res at ausics.net (Res) Date: Tue Feb 13 22:26:32 2007 Subject: LookOUT 2007 In-Reply-To: <20070213221859.GA18386@bnl.gov> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> <20070213221859.GA18386@bnl.gov> Message-ID: On Tue, 13 Feb 2007, Tim Sailer wrote: > :) My brother, who is an MCSE, told me that one. He's actually MCSE+I, > so he claims that the +I stands for "and Intelligent". :) hahahaha hang on.... you cant use MSCE and intelligxxx in the same sentance, tst tst norti :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From penguin at dhcp.net Tue Feb 13 23:32:12 2007 From: penguin at dhcp.net (A. Eijkhoudt) Date: Tue Feb 13 22:36:48 2007 Subject: LookOUT 2007 In-Reply-To: <20070213135237.GC29603@bnl.gov> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> Message-ID: <45D23C6C.8080108@dhcp.net> Tim Sailer wrote: > Remember: MCSE - Must Consult Someone Experienced :) Actually, I'm sure it's: "Minesweeper Consultant and Solitaire Expert" :) Incidentally, if you want something 'clean' like LFS *and* still some ease-of-use package management (at least, once you get the hang of it - it's just like ports @ FreeBSD), I recommend Gentoo Linux. It's served me well over the years. AE From glenn.steen at gmail.com Wed Feb 14 00:11:39 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:16:01 2007 Subject: Slow MailScanner In-Reply-To: <45D1FBE5.8040203@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> Message-ID: <223f97700702131511m6cedb5e7pafec278dbe4d0ad6@mail.gmail.com> On 13/02/07, Jay Chandler wrote: (snip) > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since > this is from the FreeBSD ports tree). > > So, getting desperate to clear the backlog, I ran sa-learn --clear on > the troubled box, and went to get myself a cup of coffee from the break > room. And you did this as UID/GID 125 (whatever that translates to on your system.... Perhaps Postfix?)? If not you likely cleared the wrong bayes db:-). Look for it in /var/spool/MailScanner/spamassassin (if you have that declared in MailScanner.conf) or ~/.spamassassin for the user with UID 125... > On the plus side, I now have coffee. On the downside, it's still taking > upwards of 20 seconds per message. Coffee's always a good start;-). > The nameserver config is the same. The hardware SHOULD be good-- these > boxes are identical, and a month old. > And they've been running some kind of load during that time? Else... well, insiduous HW problems are _always_ a reality...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 00:21:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:26:05 2007 Subject: Slow MailScanner In-Reply-To: <223f97700702131511m6cedb5e7pafec278dbe4d0ad6@mail.gmail.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <223f97700702131511m6cedb5e7pafec278dbe4d0ad6@mail.gmail.com> Message-ID: <223f97700702131521n2870a5c2r370eef8d5744ccaa@mail.gmail.com> On 14/02/07, Glenn Steen wrote: > On 13/02/07, Jay Chandler wrote: > (snip) > > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since > > this is from the FreeBSD ports tree). > > > > So, getting desperate to clear the backlog, I ran sa-learn --clear on > > the troubled box, and went to get myself a cup of coffee from the break > > room. > And you did this as UID/GID 125 (whatever that translates to on your > system.... Perhaps Postfix?)? > If not you likely cleared the wrong bayes db:-). > > Look for it in /var/spool/MailScanner/spamassassin (if you have that > declared in MailScanner.conf) or ~/.spamassassin for the user with UID > 125... > > > On the plus side, I now have coffee. On the downside, it's still taking > > upwards of 20 seconds per message. > Coffee's always a good start;-). > > > The nameserver config is the same. The hardware SHOULD be good-- these > > boxes are identical, and a month old. > > > And they've been running some kind of load during that time? Else... > well, insiduous HW problems are _always_ a reality...:-) > > Cheers Ah, I see (from reading on in the thread:-) you are going the SQL route, which is good. Still, one more thing... I noted the pyzor error in your --lint... Check that the user with UID 125 has a valid setup for that too, else that might slow things down. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 00:29:55 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:34:17 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <45D1E0B9.65ED.00A2.0@plattesheriff.org> References: <200702140608150527.667374BA@smtp1.ace.net.au> <45D1E0B9.65ED.00A2.0@plattesheriff.org> Message-ID: <223f97700702131529t14228114m3fcd1b3b168431ab@mail.gmail.com> On 13/02/07, Rob Poe wrote: > That's what I do .. right or wrong .. > > Got tired of older installs that ran out of space on (wherever).. > > One vendor I work with requires their directory be on a different partition. They insisted that if someone did a rm * -Rf from the / that it wouldn't delete the stuff in their directory .. > > Never tried it honestly probably should .. > The real kicker is to do a depth-first find -exec rm -f ..... Did I convince one of the professors back in shool (sometime just after the dinosaurs got extinct:) to do that on a research box, containing virtually all the ongoing work... And did he really do it,,,, and let it run for _hours_ (slow disks back then:), until someone got a "/dev/tty01: file not found"... Nah, I'm probably remembering wrong:-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 00:39:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:44:27 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702140608150527.667374BA@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> Message-ID: <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> On 13/02/07, Peter Nitschke wrote: > Is it still valid to even have a lot of seperate partitions these days? Yes and no. Modern OS/filesystems make the choices available to you much more flexible... > If the hard drive dies you are usually pretty well stuffed no matter how > many partitions you have. It is those times when the complete filesystem goes bonkers on you (be that from HW problems like head crashes or whatever) that you start regretting the one-for-all strategy. Or if you have a somewhat modern backup system that relies on multiplexing for efficiency (smallest "unit" is usually the filesystem level)... Having one-for-all shoots your backup performance out the window (not that important if one has D2D2T-like setup, I know), but actually will help total recovery-time (for directed recovery, the multpiple filesystem approach might still be beneficial)... > Mostly our mail servers are single purpose machines, so I just have a 1Gb > swap partition and give the rest to /. No problems with partitions running > out of space. If you've considered things like the above, why... Nothing wrong with that, no. Your box, your choice;). > Or is this still Unix/Linux heresy? Not really no. Some Unices still hold fast to a more rigid scheme, but most can be coaxed in this direction. The way to go is more a function of what you are doing with the box, number of actual spindles etc etc. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Wed Feb 14 01:18:23 2007 From: res at ausics.net (Res) Date: Wed Feb 14 00:22:53 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: On Wed, 14 Feb 2007, Glenn Steen wrote: > It is those times when the complete filesystem goes bonkers on you (be > that from HW problems like head crashes or whatever) that you start > regretting the one-for-all strategy. Or if you have a somewhat modern Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), well 2 off in raid 1, then the other 4 drives (or many more if SAN) in raid 10, works very well, basic redundancy, but excellent speed. One thing though, if it's an Email server, I'd recommend use reiserfs, it leaves ext2/ext3 for dead especially in Maildir setups but even mbox has substantial benefits. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From chandler.lists at chapman.edu Wed Feb 14 01:44:41 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 14 00:49:03 2007 Subject: [OT]Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: <45D25B79.9020407@chapman.edu> Res wrote: > One thing though, if it's an Email server, I'd recommend use reiserfs, > it leaves ext2/ext3 for dead ...much like the inventor did his wife. *rimshot* But yes, the performance boost is... non-trivial. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From res at ausics.net Wed Feb 14 01:49:20 2007 From: res at ausics.net (Res) Date: Wed Feb 14 00:53:48 2007 Subject: [OT]Diskspace on redhat ent 3 In-Reply-To: <45D25B79.9020407@chapman.edu> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <45D25B79.9020407@chapman.edu> Message-ID: On Tue, 13 Feb 2007, Jay Chandler wrote: > Res wrote: >> One thing though, if it's an Email server, I'd recommend use reiserfs, it >> leaves ext2/ext3 for dead > ...much like the inventor did his wife. *rimshot* lol, now now, last I heard hes not been found guilty... > > But yes, the performance boost is... non-trivial. > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From jcb at dream.com.ph Wed Feb 14 01:51:03 2007 From: jcb at dream.com.ph (jepoy) Date: Wed Feb 14 00:55:35 2007 Subject: OT:Strange warning Message-ID: <037c01c74fd2$33c20bf0$960bbdcb@winxp> guys, just seen these warning, any idea? postdrop: warning: uid=0: File too large send-mail: fatal: root(0): Message file too big Tnx. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/fa918380/attachment-0001.html From glenn.steen at gmail.com Wed Feb 14 02:41:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 01:45:34 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: <223f97700702131741q1111255cw9e1967b017d5f906@mail.gmail.com> On 14/02/07, Res wrote: > On Wed, 14 Feb 2007, Glenn Steen wrote: > > > It is those times when the complete filesystem goes bonkers on you (be > > that from HW problems like head crashes or whatever) that you start > > regretting the one-for-all strategy. Or if you have a somewhat modern > > Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), > well 2 off in raid 1, then the other 4 drives (or many more if SAN) in > raid 10, works very well, basic redundancy, but excellent speed. And then you have that spiffy RAID controller write cache memory go bad and/or some bloody firmware bug kick in and it starts to scribble doodles all over your raidset(s)... :-) Not that I'm disagreeing, basically I do agree, the reasons for using non-monolithic filesystem installs are getting more scarce:-). > One thing though, if it's an Email server, I'd recommend use reiserfs, it > leaves ext2/ext3 for dead especially in Maildir setups but even mbox has > substantial benefits. Most any journalised/logging FS _other_ than ext3 will have that benefit (ext3 is a dawg:-). And ReiserFS is no bad choice. There are reasons for using ext3, but most of those have little bearing on anything:-P Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 02:55:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 02:00:21 2007 Subject: OT:Strange warning In-Reply-To: <037c01c74fd2$33c20bf0$960bbdcb@winxp> References: <037c01c74fd2$33c20bf0$960bbdcb@winxp> Message-ID: <223f97700702131755k8743b9bj377146eba98c4ba5@mail.gmail.com> On 14/02/07, jepoy wrote: > > > guys, > > just seen these warning, any idea? > > > postdrop: warning: uid=0: File too large > send-mail: fatal: root(0): Message file too big > > > Tnx. You're hitting the message size limit of your MTA (Postfix isn't it?).... up the limit or make the mail that trigger this smaller and you should be fine. Someone else has had this problem when mailing logwatch results... Look at the nice suggestions, if your situation is similar... http://comments.gmane.org/gmane.comp.log.logwatch.general/437 Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From email at ace.net.au Wed Feb 14 04:29:19 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 03:36:45 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> Message-ID: <200702141359190478.6822BACA@smtp1.ace.net.au> I have an interest in this. I have written a script to take a clean hard drive and the CentOS 4.2 Single CD server and convert it to a fully operation MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The slowest part is the MailScanner install, so some RPM's would be very handy. Peter *********** REPLY SEPARATOR *********** On 13/02/2007 at 11:55 AM James Fagan wrote: >> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >> > Hello,is there any rpm repository for mailscanner on centos ? It >would >> be >> > great just install or update all with a simple yum update. >> > >> > Best regards. >> > >> That would be great, but no one has stepped up to create one that I >know >> of. >> The install packages that Julian has work great already. The download >is >> larger, but it works. >> >> > >I have a couple boxes (1 for sure) that could be used for a repo, but Im >not that good at building packages. I have setup repos for CentOS in the >past, it would be a little bit a project if people are intersted I can >start getting things together on my end in the next week or two. Will be >on vacation for a little bit starting today. > >Im guessing we would need: > >1. boxes >2. DNS >3. packager(s) >4. testors >5. victory beers > >Anything else? Any interest? > >James > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From email at ace.net.au Wed Feb 14 04:31:12 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 03:37:59 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: <200702141401120581.68247498@smtp1.ace.net.au> On 14/02/2007 at 10:18 AM Res wrote: >On Wed, 14 Feb 2007, Glenn Steen wrote: > >> It is those times when the complete filesystem goes bonkers on you (be >> that from HW problems like head crashes or whatever) that you start >> regretting the one-for-all strategy. Or if you have a somewhat modern > >Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), >well 2 off in raid 1, then the other 4 drives (or many more if SAN) in >raid 10, works very well, basic redundancy, but excellent speed. > >One thing though, if it's an Email server, I'd recommend use reiserfs, it >leaves ext2/ext3 for dead especially in Maildir setups but even mbox has >substantial benefits. What about for a mail gateway? I don't actually store the mail on that box. Still worth looking into? Peter From res at ausics.net Wed Feb 14 04:57:10 2007 From: res at ausics.net (Res) Date: Wed Feb 14 04:01:43 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702141401120581.68247498@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> Message-ID: On Wed, 14 Feb 2007, Peter Nitschke wrote: >> Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), >> well 2 off in raid 1, then the other 4 drives (or many more if SAN) in >> raid 10, works very well, basic redundancy, but excellent speed. >> >> One thing though, if it's an Email server, I'd recommend use reiserfs, it >> leaves ext2/ext3 for dead especially in Maildir setups but even mbox has >> substantial benefits. > > What about for a mail gateway? I don't actually store the mail on that > box. Still worth looking into? > In your case I've used this, on the front ends, 2x36G (can be 18G if you have them spare) 10K rpm scsi in raid 1 for the OS (ext2). Then 1x36G 10k rpm for /var/log (ext2) and 1x72G 15K rpm for /var/spool (reiser). No need for raid on those two disks. I also use a ramdrive for /var/spool/MailScanner. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From email at ace.net.au Wed Feb 14 05:03:02 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 04:09:48 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> Message-ID: <200702141433020728.68419A1B@smtp1.ace.net.au> On 14/02/2007 at 1:57 PM Res wrote: >On Wed, 14 Feb 2007, Peter Nitschke wrote: >>> One thing though, if it's an Email server, I'd recommend use reiserfs, >it >>> leaves ext2/ext3 for dead especially in Maildir setups but even mbox has >>> substantial benefits. >> >> What about for a mail gateway? I don't actually store the mail on that >> box. Still worth looking into? >> > >In your case I've used this, on the front ends, 2x36G (can be 18G if you >have them spare) 10K rpm scsi in raid 1 for the OS (ext2). Then 1x36G 10k >rpm for /var/log (ext2) and 1x72G 15K rpm for /var/spool (reiser). >No need for raid on those two disks. >I also use a ramdrive for /var/spool/MailScanner. Serious stuff! Fortunately most junk gets blocked at the MTA level, so my processing load isn't too bad on a fairly ordinary PC. However if I can get a gain just from changing file systems, then I would be happy to look into it. As it's a gateway it only needs a handful of Gb as long as I don't let quarantine build up too much. Peter From res at ausics.net Wed Feb 14 06:00:16 2007 From: res at ausics.net (Res) Date: Wed Feb 14 05:04:44 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702141433020728.68419A1B@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> Message-ID: On Wed, 14 Feb 2007, Peter Nitschke wrote: >> In your case I've used this, on the front ends, 2x36G (can be 18G if you >> have them spare) 10K rpm scsi in raid 1 for the OS (ext2). Then 1x36G 10k >> rpm for /var/log (ext2) and 1x72G 15K rpm for /var/spool (reiser). >> No need for raid on those two disks. >> I also use a ramdrive for /var/spool/MailScanner. > > Serious stuff! Fortunately most junk gets blocked at the MTA level, so my Serious hardware needed, it ensures things run smooth... and when things run smooth, I'm happy, and I get to sit here and drink bloody decaf and annoy you mob ;) > processing load isn't too bad on a fairly ordinary PC. However if I can > get a gain just from changing file systems, then I would be happy to look > into it. I'm sure you'd notice the difference, but it depends on your traffic. > As it's a gateway it only needs a handful of Gb as long as I don't let > quarantine build up too much. So long as you use scsi you should be right, ide and sata are just not in the race, even the smallest of colo boxes can made to hissy fit if someone spam bombs it. I use 72G on those drives because of the volume of mail and if something breaks and goes un-noticed overnight (like it has before courtesy of dcc failing and blowing the batch out, also when clamavmodule kept bailing in middle of night for no reason and mail only got queued) nothing can be rejected for disk space, once bitten... there will never be a second :) It wouldn't be so bad if the gaymers who seem to be the only ones up all night checked their mail and reported problems, even at 2am is better than the normal people finding out at 7-8 am... especially if you find out it shat itself at 11pm :D -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From abraxis at metroweb.co.za Wed Feb 14 07:50:53 2007 From: abraxis at metroweb.co.za (Neil Thompson) Date: Wed Feb 14 06:55:24 2007 Subject: [Semi-OT] Advice on large webmail setup Message-ID: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> Hi all, As the resident Linux guru, I've just been tasked with costing a webmail setup for about 600 000 users. They each have 10MiB (small, I know) mailboxes. The current setup has about 40 million web page accesses per month. No more info available (typical :-( ). Has anyone here any experience with this kind of thing? If so, any pointers as to software and hardware used, and any other advice would be appreciated. Obviously, we'll have to also do virus and spam checking, so sizing on mailscanner stuff would also help. TIA -- Cheers! (Relax...have a homebrew) Neil THEOREM: VI is perfect. PROOF: VI in roman numerals is 6. The natural numbers < 6 which divide 6 are 1, 2, and 3. 1+2+3 = 6. So 6 is a perfect number. Therefore, VI is perfect. QED -- Arthur Tateishi From drew at technologytiger.net Wed Feb 14 09:29:27 2007 From: drew at technologytiger.net (Drew Marshall) Date: Wed Feb 14 08:33:58 2007 Subject: OT:Strange warning In-Reply-To: <037c01c74fd2$33c20bf0$960bbdcb@winxp> References: <037c01c74fd2$33c20bf0$960bbdcb@winxp> Message-ID: <4DF3B9A9-A108-43AC-B359-3C1ED5B27907@technologytiger.net> On 14 Feb 2007, at 00:51, jepoy wrote: > guys, > > just seen these warning, any idea? > > > postdrop: warning: uid=0: File too large > send-mail: fatal: root(0): Message file too big > As Glenn says, you have hit the maximum message size for Postfix but for mail submitted through the 'Sendmail' binary (As opposed to the smtpd interface) hence you get a cryptic log message rather than a straight rejection. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/cefcbad8/attachment.html From cobalt-users1 at fishnet.co.uk Wed Feb 14 10:54:34 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Wed Feb 14 09:59:12 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2A8D1.3040404@alexb.ch> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1EC86.12755.4EA2927@cobalt-users1.fishnet.co.uk>, <45D2A8D1.3040404@alexb.ch> Message-ID: <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk> On 14 Feb 2007 at 7:14, Alex Broens wrote: > On 2/13/2007 5:51 PM, Ian wrote: > > On 13 Feb 2007 at 16:27, Steve Freegard wrote: > > > >> Hi Ian, > >> > >> Ian wrote: > >>> I posted to this list because it only happens when the mail is passed through MailScanner, so > >>> I actually need help on debugging on what happens to the message when it is passed to > >>> spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin > >>> thinks is the bad url. > >>> > >>> Is it the domain name of the server? The name of the perl script? Something else I'm not > >>> seeing? > >>> > >>> What does the MailScanner option: > >>> > >>> Debug SpamAssassin = yes > >>> > >>> actually do? Where do I read the debug output? > >>> > >>> Any help would be appreciated. > >> Try this: > >> > >> Place the attached file into your CustomFunctions directory > >> (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), > >> then in MailScanner.conf set: > >> > >> Always Looked Up Last = &SALongReport > > > > Hi Steve, > > > > Thanks for this. > > > > I already have: > > > > Always Looked Up Last = &MailWatchLogging > > > > So I did a bit of hacking and added the line: > > > > MailScanner::Log::InfoLog($message->{salongreport}); > > > > to the 'MailWatchLogging' subrouting after: > > > > # Don't bother trying to do an insert if no message is passed-in > > return unless $message; > > > > I'll let you know how I go on. Thanks for your help > > Hi Ian > > Is this working? > > Which file did you modify to do it? Hi Alex, I have attached the file Mailwatch.pm. I simply added the lines: # log full spamassassin report to syslong MailScanner::Log::InfoLog($message->{salongreport}); at line 199-200. This worked great but did not help me debug the false positives as they stopped after I fixed the cron script to not print any output unless there was an error. Even after I changed the script back to the original, it no longer gets tagged. I now suspect that one of our domain names got into SURBL for a short period and then the cron email was cached by spamassassin. Does this sound likely? The cron email was identical (apart from the Date: field) each time. Regards Ian -- -------------- next part -------------- The following section of this message contains a file attachment prepared for transmission using the Internet MIME message format. If you are using Pegasus Mail, or any other MIME-compliant system, you should be able to save it or view it from within your mailer. If you cannot, please ask your system administrator for assistance. ---- File information ----------- File: MailWatch.new.pm Date: 14 Feb 2007, 9:54 Size: 10940 bytes. Type: Unknown -------------- next part -------------- A non-text attachment was scrubbed... Name: MailWatch.new.pm Type: application/octet-stream Size: 10940 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/2315bb10/MailWatch.new.obj From ms-list at alexb.ch Wed Feb 14 11:45:56 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Feb 14 10:50:21 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1EC86.12755.4EA2927@cobalt-users1.fishnet.co.uk>, <45D2A8D1.3040404@alexb.ch> <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk> Message-ID: <45D2E864.5070600@alexb.ch> On 2/14/2007 10:54 AM, Ian wrote: > On 14 Feb 2007 at 7:14, Alex Broens wrote: > >> On 2/13/2007 5:51 PM, Ian wrote: >>> On 13 Feb 2007 at 16:27, Steve Freegard wrote: >>> >>>> Hi Ian, >>>> >>>> Ian wrote: >>>>> I posted to this list because it only happens when the mail is passed through MailScanner, so >>>>> I actually need help on debugging on what happens to the message when it is passed to >>>>> spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin >>>>> thinks is the bad url. >>>>> >>>>> Is it the domain name of the server? The name of the perl script? Something else I'm not >>>>> seeing? >>>>> >>>>> What does the MailScanner option: >>>>> >>>>> Debug SpamAssassin = yes >>>>> >>>>> actually do? Where do I read the debug output? >>>>> >>>>> Any help would be appreciated. >>>> Try this: >>>> >>>> Place the attached file into your CustomFunctions directory >>>> (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), >>>> then in MailScanner.conf set: >>>> >>>> Always Looked Up Last = &SALongReport >>> Hi Steve, >>> >>> Thanks for this. >>> >>> I already have: >>> >>> Always Looked Up Last = &MailWatchLogging >>> >>> So I did a bit of hacking and added the line: >>> >>> MailScanner::Log::InfoLog($message->{salongreport}); >>> >>> to the 'MailWatchLogging' subrouting after: >>> >>> # Don't bother trying to do an insert if no message is passed-in >>> return unless $message; >>> >>> I'll let you know how I go on. Thanks for your help >> Hi Ian >> >> Is this working? >> >> Which file did you modify to do it? > > Hi Alex, > > I have attached the file Mailwatch.pm. > > I simply added the lines: > > # log full spamassassin report to syslong > MailScanner::Log::InfoLog($message->{salongreport}); > > at line 199-200. I'm not seeing the full 2 line SA report in MAilwatch so I must be missing something Asked Steve Freegard if he has any idea... > This worked great but did not help me debug the false positives as they stopped after I > fixed the cron script to not print any output unless there was an error. Even after I > changed the script back to the original, it no longer gets tagged. > > I now suspect that one of our domain names got into SURBL for a short period and then > the cron email was cached by spamassassin. Does this sound likely? The cron email was > identical (apart from the Date: field) each time. I've stopped using the SA cache as it created me more headaches with long expiration time than it was worth it. hmmm Alex From prandal at herefordshire.gov.uk Wed Feb 14 11:54:26 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 14 10:59:14 2007 Subject: ClamAV 0.90 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> Folks, Good news and bad news. First the good news - ClamAV 0.90 is now officially releases. And the bad - Mail::ClamAV has yet to be updated to work with it. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From glenn.steen at gmail.com Wed Feb 14 11:57:51 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 11:02:15 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> Message-ID: <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> On 14/02/07, Res wrote: (snip) > It wouldn't be so bad if the gaymers who seem to be the only ones up all > night checked their mail and reported problems, even at 2am is better than > the normal people finding out at 7-8 am... especially if you find out it > shat itself at 11pm :D Hahaha, and you think they're interrested in their mail when they're up through the night!? Not realistic:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From cobalt-users1 at fishnet.co.uk Wed Feb 14 12:34:19 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Wed Feb 14 11:38:55 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2E864.5070600@alexb.ch> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk>, <45D2E864.5070600@alexb.ch> Message-ID: <45D2F3BB.8748.8EE574D@cobalt-users1.fishnet.co.uk> On 14 Feb 2007 at 11:45, Alex Broens wrote: > > # log full spamassassin report to syslong > > MailScanner::Log::InfoLog($message->{salongreport}); > > > > at line 199-200. > > I'm not seeing the full 2 line SA report in MAilwatch so I must be > missing something Hi, The report is printed to syslog, so depending on your setup, this could be /var/log/maillog or somewhere else if you've modified it. I have not had time to look at adding the report to MailWatch yet, but I will drop a line to the list if I get it working. > > I now suspect that one of our domain names got into SURBL for a short period and then > > the cron email was cached by spamassassin. Does this sound likely? The cron email was > > identical (apart from the Date: field) each time. > > I've stopped using the SA cache as it created me more headaches with > long expiration time than it was worth it. I think I might do the same after this incident, even though I can't specifically point the finger at it, the risk doesn't seem worth it. Regards Ian -- From ms-list at alexb.ch Wed Feb 14 12:52:19 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Feb 14 11:56:47 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2F3BB.8748.8EE574D@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk>, <45D2E864.5070600@alexb.ch> <45D2F3BB.8748.8EE574D@cobalt-users1.fishnet.co.uk> Message-ID: <45D2F7F3.1060801@alexb.ch> On 2/14/2007 12:34 PM, Ian wrote: > On 14 Feb 2007 at 11:45, Alex Broens wrote: > > > >>> # log full spamassassin report to syslong >>> MailScanner::Log::InfoLog($message->{salongreport}); >>> >>> at line 199-200. >> I'm not seeing the full 2 line SA report in MAilwatch so I must be >> missing something > > Hi, > > The report is printed to syslog, so depending on your setup, this could be /var/log/maillog or > somewhere else if you've modified it. I'm seeing the full report in maillog but not the full URL. Vanilla SA places that in a second line and I have the feeling MailScanner cuts it off in MailScanner::Log::InfoLog or am I tottaly off clue? (my Perl knowledge is =0) Alex From cobalt-users1 at fishnet.co.uk Wed Feb 14 12:56:46 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Wed Feb 14 12:01:16 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> References: <45D1CDE4.1010800@USherbrooke.ca>, , <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> Message-ID: <45D2F8FE.21174.902E570@cobalt-users1.fishnet.co.uk> On 13 Feb 2007 at 11:55, James Fagan wrote: > Anything else? Any interest? > > James Hi, I've just built a kickstart cd with MailScanner on for CentOS 4.4 I have the rpm's here if anyones interested: mailscanner-4.58.9-1.noarch.rpm MailScanner-perl-MIME-Base64-3.05-5.i386.rpm perl-Archive-Zip-1.16-1.noarch.rpm perl-Compress-Zlib-1.41-1.i386.rpm perl-Convert-BinHex-1.119-2.noarch.rpm perl-Convert-TNEF-0.17-1.noarch.rpm perl-DBD-SQLite-1.12-1.noarch.rpm perl-DBI-1.50-2.noarch.rpm perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm perl-File-Temp-0.16-1.noarch.rpm perl-Filesys-Df-0.90-1.noarch.rpm perl-Getopt-Long-2.35-1.noarch.rpm perl-HTML-Parser-3.54-1.i386.rpm perl-IO-stringy-2.108-1.noarch.rpm perl-Mail-SpamAssassin-3.1.7-1.i386.rpm perl-MailTools-1.71-1.noarch.rpm perl-MIME-tools-5.420-1.noarch.rpm perl-Net-CIDR-0.10-1.noarch.rpm perl-Net-IP-1.24-1.noarch.rpm perl-Sys-Hostname-Long-1.4-1.noarch.rpm perl-Sys-Syslog-0.18-1.noarch.rpm perl-Time-HiRes-1.86-1.noarch.rpm perl-TimeDate-1.16-3.noarch.rpm tnef-1.4.3-1.i386.rpm They are simply the ones created by running the install script. Regards Ian -- From claude.gagne at multitech.qc.ca Wed Feb 14 14:28:56 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Wed Feb 14 13:31:28 2007 Subject: ClamAV 0.90 released In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> Message-ID: <45D30E98.1030101@multitech.qc.ca> Hope it will be updated soon. I got up this morning thinking "I'm gonna try the new ClamAV this morning !!". Randal, Phil a ?crit : > Folks, > > Good news and bad news. > > First the good news - ClamAV 0.90 is now officially releases. > > And the bad - Mail::ClamAV has yet to be updated to work with it. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From lance at uklinux.net Wed Feb 14 14:28:01 2007 From: lance at uklinux.net (Lance Davis) Date: Wed Feb 14 13:32:25 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: Message-ID: On Tue, 13 Feb 2007, Howard Robinson wrote: > What would be the best option that will allow me to put the queues > somewhere else so that there is a bit more of a cushion? I could use > part of the /usr directory as it has quite a bit of free space or create > a new partition. > If I do this is it better to recompile Sendmail to look at the new > directory or use a link pointing to the new location? You dont need to do either, just configure a copy of sendmail.cf eg sendmail.cf.new with the new location and then use sendmail -C sendmail.cf.new -q etc That also lets you tweak how the delivery happens for that queue. Regards Lance -- uklinux.net - The ISP of choice for the discerning Linux user. From lance at uklinux.net Wed Feb 14 14:35:20 2007 From: lance at uklinux.net (Lance Davis) Date: Wed Feb 14 13:39:45 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> References: <45D1CDE4.1010800@USherbrooke.ca><200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> Message-ID: >> The install packages that Julian has work great already. The download > is >> larger, but it works. We could maybe add the mailscanner packages to CentOS extras repo - if someone is prepared to maintain them Regards Lance CentOS Project Leader -- uklinux.net - The ISP of choice for the discerning Linux user. From m.anderlini at database.it Wed Feb 14 14:46:35 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 13:51:05 2007 Subject: Mqueue.in huge In-Reply-To: <200702131656.l1DGu3BA014506@netra.database.it> Message-ID: <200702141346.l1EDkYCU020707@netra.database.it> I've just upgrade mailscanner but I still have the problem. Let me refresh my configuration CentOS release 4.4 (Final) Kernel: 2.6.9-42.0.8.Elsmp Version : 4.58.9 Vendor: Electronics and Computer Science, University of Southampton Release : 1 Build Date: Thu Feb 1 16:02:58 2007 I still can't understand why but sometime (now often), spamassassin become slow and my mqueue.in grow until 2000 msg or more. The only solution I've found it's not use Spamasssin. If I have understood how mailscanner work, the blacklist set in mailscanner.conf are indipendent wich the ones used by spamassassin. Could be that some of this blacklist get to time to be connected ? I've attach my conf, I hope someone could finaly help me. Thanks again... Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marcello Anderlini > Sent: martedì 13 febbraio 2007 17.56 > To: 'MailScanner discussion' > Subject: RE: Mqueue.in huge > > But I have not MailWatch installed. > I think now the best things it's to upgrade Mailscanner and > see if things get better or not. > > Let me try. > > Thanks again. > > > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn > > Steen > > Sent: martedì 13 febbraio 2007 17.23 > > To: MailScanner discussion > > Subject: Re: Mqueue.in huge > > > > On 13/02/07, Marcello Anderlini wrote: > > > I make the symlink but the problem seem to be still presents. > > > Now my mqueue.in is running about 120/130 msg waiting and > > is growing. > > > The only way to decrease it is to not use spamassassin. > > Ok. > > > > > I notice anyway that msg are still marked spam using > black-list, I > > > suppose directly by Mailscanner and I can delete it if I > > change "Spam > > > Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > > > delete. Could this be a solution ? > > Only a temporary one, IMO. You do want SA to have its say:-). > > > > > But How can I understand where spamassassin is slowing ? Can > > > spamassassin -D -t generate a log with timing ? > > Like the MailWatch thing? Unfortunately I know of no such thing > > (doesn't necessarily mean there is none:-). One could probably just > > change the MailWatch thing a bit so that it'd use a message and not > > really the --lint thing... Looking at that.... In > sa_lint.php around > > line 24 you could probably change if(!$fp = > popen(SA_DIR.'spamassassin > > -x -D -p '.SA_PREFS.' --lint 2>&1','r')) { to something > like if(!$fp = > > popen(SA_DIR.'spamassassin -x -D -t /path/to/your/test/message > > 2>&1','r')) { ... and then restart apache and your browser. > When you > > the run the "SA lint" on the Tools page, you should get a timed > > variant of that ... in theory, I've not tested this:-). > Keep a copy of > > the original file, just in case:-):-). > > > > > I'll update mailscanner as soon as possible. > > > > > Good plan. > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Messaggio verificato dal servizio antivirus di Database Informatica > > > > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.zip Type: application/octet-stream Size: 29131 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/04284e84/MailScanner.obj From brent.bolin at gmail.com Wed Feb 14 14:53:43 2007 From: brent.bolin at gmail.com (BB) Date: Wed Feb 14 13:58:09 2007 Subject: What is the point of long rambling spam with gif attachments ? Message-ID: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> Who in the world would actually purchase(Viagra etc...) from these places ? Harvesting valid email address ? Bug the heck out of people like us ? Malicious payload if not already ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/6fbd4da2/attachment.html From root at doctor.nl2k.ab.ca Wed Feb 14 15:13:19 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Feb 14 14:18:16 2007 Subject: ClamAV 0.90 released In-Reply-To: <45D30E98.1030101@multitech.qc.ca> References: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> <45D30E98.1030101@multitech.qc.ca> Message-ID: <20070214141319.GA18312@doctor.nl2k.ab.ca> On Wed, Feb 14, 2007 at 08:28:56AM -0500, Claude Gagn? wrote: > Hope it will be updated soon. I got up this morning thinking "I'm gonna > try the new ClamAV this morning !!". > > Randal, Phil a ?crit : > >Folks, > > > >Good news and bad news. > > > >First the good news - ClamAV 0.90 is now officially releases. > > > >And the bad - Mail::ClamAV has yet to be updated to work with it. > > > >Cheers, > > > >Phil > >-- > >Phil Randal > >Network Engineer > >Herefordshire Council > >Hereford, UK > > > > -- > * Claude Gagn?* > / Technicien informatique/ > > claude.gagne@multitech.qc.ca > 226-A, chemin des Poirier > Montmagny (Qc) > G5V 3X8 > > T?l. : (418) 248-2247 > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > Rivi?re-du-Loup (Qc) > G5R 2P5 > > T?l. : (418) 867-3355 > T?l?c. : (418) 867-2775 > * > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Stand by please. Do not give up on clamav 0.88.7 From res at ausics.net Wed Feb 14 15:48:36 2007 From: res at ausics.net (Res) Date: Wed Feb 14 14:53:06 2007 Subject: [Semi-OT] Advice on large webmail setup In-Reply-To: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> References: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> Message-ID: On Wed, 14 Feb 2007, Neil Thompson wrote: > As the resident Linux guru, I've just been tasked with costing a webmail setup > for about 600 000 users. They each have 10MiB (small, I know) mailboxes. The > current setup has about 40 million web page accesses per month. No more info I hope your sitting down :) You'd be looking at, as a base, 6x HP RX8640 servers, on your figures thats little over 900 hits per minute so 6 of these load balanced should do the trick with plenty to spare incase of failure of one or two of them. An SFS20 storage unit would be recommended which from memory is at least 2PB. Definately use MailDir, vpopmail, it will handle 23 million users per domain (times 23 million domains as well) with its structure so its by far best suited, you could use qmail on backends since vpopmail is designed around it. You could use squirrelmail or sqwebmail, sqwebmail is simplest and IMHO more secure, but it depends on what features you want your users to have. Use hardware based load balancers, Foundry, also use Foundry switches if you can, the quality is superior to anything else on the market. Cost is hard to say as it varies country to country, but nothing short of 1 million as a very base starting budget, but for 600K users $1m should be nothing... Talk to HP about your needs. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 14 15:58:28 2007 From: res at ausics.net (Res) Date: Wed Feb 14 15:03:02 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> Message-ID: On Wed, 14 Feb 2007, Glenn Steen wrote: > On 14/02/07, Res wrote: > (snip) >> It wouldn't be so bad if the gaymers who seem to be the only ones up all >> night checked their mail and reported problems, even at 2am is better than >> the normal people finding out at 7-8 am... especially if you find out it >> shat itself at 11pm :D > Hahaha, and you think they're interrested in their mail when they're > up through the night!? > Not realistic:-) I know, i teach them to get a life :) # int gigabitethernet 2/0 shut <........go make coffee....drink coffee......> noshut # -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 14 16:06:22 2007 From: res at ausics.net (Res) Date: Wed Feb 14 15:10:55 2007 Subject: Mqueue.in huge In-Reply-To: <200702141346.l1EDkYCU020707@netra.database.it> References: <200702141346.l1EDkYCU020707@netra.database.it> Message-ID: On Wed, 14 Feb 2007, Marcello Anderlini wrote: > I've just upgrade mailscanner but I still have the problem. > > Let me refresh my configuration If you use dcc/pyzor/razor, disable them, it was the only way I could keep SA under control, I had the same problems as you a year ago, within 10 mins I had about a thousand in the batch, once I removed those 3, SA could easily keep up despite it having a lot of local rules and all from rules_du_jour. In your conf I would change the number of processes to 5 unless you have 2 real CPU's, hyperthreaded cpu's show up as two, but must only be counted as one in MailScanner, also the batch scan time, I'd pop that back to 5. Its very late here, so I may have missed other things you need to correct, I'll leave the rest for others to proof read :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 14 16:12:30 2007 From: res at ausics.net (Res) Date: Wed Feb 14 15:17:02 2007 Subject: Mqueue.in huge In-Reply-To: References: <200702141346.l1EDkYCU020707@netra.database.it> Message-ID: On Thu, 15 Feb 2007, Res wrote: > On Wed, 14 Feb 2007, Marcello Anderlini wrote: > >> I've just upgrade mailscanner but I still have the problem. >> >> Let me refresh my configuration > > If you use dcc/pyzor/razor, disable them, it was the only way I could keep SA > under control, I had the same problems as you a year ago, within 10 mins I > had about a thousand in the batch, once I removed those 3, SA could easily > keep up despite it having a lot of local rules and all from rules_du_jour. Just to add something... SA does not do blacklist checks here, thats all done at the MTA's, I also disable S.A's SPF tests, we do that at MTA level as well, we also enforce forward and reverse DNS tests, no need to match, but they must exist, and also block on bad helos, these two tests alone reduced the noise level by 80% with no noticable legitmite signal loss and I've been doing that for many years. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Wed Feb 14 16:14:53 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 15:19:19 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> Message-ID: <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> On 14/02/07, BB wrote: > > Who in the world would actually purchase(Viagra etc...) from these places ? > > Harvesting valid email address ? > > Bug the heck out of people like us ? > > Malicious payload if not already ? > As you say, it is moronic at best... But you could well compare it to Nigerian scams... The cost for sending is _very_ low/message. So to make a buck, they don't need more than ppm-type "fallout"... If one in a million do buy the coloured sugar pills, they will make a profit. And it seems there are several "stages" involved, where the actual botnet herder get paid for services, and so doesn't really depend upon the outcome. All in all, it just takes a few idiots to make it a profitable deal. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Wed Feb 14 16:15:40 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 14 15:20:43 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702141359190478.6822BACA@smtp1.ace.net.au> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <200702141359190478.6822BACA@smtp1.ace.net.au> Message-ID: <45D3279C.3060803@nkpanama.com> Care to share? :-) Peter Nitschke wrote: > I have an interest in this. > > I have written a script to take a clean hard drive and the CentOS 4.2 > Single CD server and convert it to a fully operation > MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The > slowest part is the MailScanner install, so some RPM's would be very handy. > > Peter > > *********** REPLY SEPARATOR *********** > > On 13/02/2007 at 11:55 AM James Fagan wrote: > >>> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >>>> Hello,is there any rpm repository for mailscanner on centos ? It >> would >>> be >>>> great just install or update all with a simple yum update. >>>> >>>> Best regards. >>>> >>> That would be great, but no one has stepped up to create one that I >> know >>> of. >>> The install packages that Julian has work great already. The download >> is >>> larger, but it works. >>> >>> >> I have a couple boxes (1 for sure) that could be used for a repo, but Im >> not that good at building packages. I have setup repos for CentOS in the >> past, it would be a little bit a project if people are intersted I can >> start getting things together on my end in the next week or two. Will be >> on vacation for a little bit starting today. >> >> Im guessing we would need: >> >> 1. boxes >> 2. DNS >> 3. packager(s) >> 4. testors >> 5. victory beers >> >> Anything else? Any interest? >> >> James >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > From alex at nkpanama.com Wed Feb 14 16:16:32 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 14 15:21:36 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <45D2F8FE.21174.902E570@cobalt-users1.fishnet.co.uk> References: <45D1CDE4.1010800@USherbrooke.ca>, , <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <45D2F8FE.21174.902E570@cobalt-users1.fishnet.co.uk> Message-ID: <45D327D0.8010903@nkpanama.com> I'd host it if needed... Ian wrote: > On 13 Feb 2007 at 11:55, James Fagan wrote: > >> Anything else? Any interest? >> >> James > > Hi, > > I've just built a kickstart cd with MailScanner on for CentOS 4.4 I have the rpm's here if > anyones interested: > > mailscanner-4.58.9-1.noarch.rpm > MailScanner-perl-MIME-Base64-3.05-5.i386.rpm > perl-Archive-Zip-1.16-1.noarch.rpm > perl-Compress-Zlib-1.41-1.i386.rpm > perl-Convert-BinHex-1.119-2.noarch.rpm > perl-Convert-TNEF-0.17-1.noarch.rpm > perl-DBD-SQLite-1.12-1.noarch.rpm > perl-DBI-1.50-2.noarch.rpm > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > perl-File-Temp-0.16-1.noarch.rpm > perl-Filesys-Df-0.90-1.noarch.rpm > perl-Getopt-Long-2.35-1.noarch.rpm > perl-HTML-Parser-3.54-1.i386.rpm > perl-IO-stringy-2.108-1.noarch.rpm > perl-Mail-SpamAssassin-3.1.7-1.i386.rpm > perl-MailTools-1.71-1.noarch.rpm > perl-MIME-tools-5.420-1.noarch.rpm > perl-Net-CIDR-0.10-1.noarch.rpm > perl-Net-IP-1.24-1.noarch.rpm > perl-Sys-Hostname-Long-1.4-1.noarch.rpm > perl-Sys-Syslog-0.18-1.noarch.rpm > perl-Time-HiRes-1.86-1.noarch.rpm > perl-TimeDate-1.16-3.noarch.rpm > tnef-1.4.3-1.i386.rpm > > They are simply the ones created by running the install script. > > Regards > > Ian From m.anderlini at database.it Wed Feb 14 16:27:26 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 15:41:01 2007 Subject: Mqueue.in huge In-Reply-To: Message-ID: <200702141527.l1EFROJH011703@netra.database.it> But I do not use dcc/pyzor/razor, could you send me your MailScanner.conf to compare with me ? thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: mercoledì 14 febbraio 2007 16.06 > To: MailScanner discussion > Subject: RE: Mqueue.in huge > > On Wed, 14 Feb 2007, Marcello Anderlini wrote: > > > I've just upgrade mailscanner but I still have the problem. > > > > Let me refresh my configuration > > If you use dcc/pyzor/razor, disable them, it was the only way > I could keep SA under control, I had the same problems as you > a year ago, within 10 mins I had about a thousand in the > batch, once I removed those 3, SA could easily keep up > despite it having a lot of local rules and all from rules_du_jour. > > In your conf I would change the number of processes to 5 > unless you have 2 real CPU's, hyperthreaded cpu's show up as > two, but must only be counted as one in MailScanner, also the > batch scan time, I'd pop that back to 5. > > Its very late here, so I may have missed other things you > need to correct, I'll leave the rest for others to proof read :) > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From prandal at herefordshire.gov.uk Wed Feb 14 16:46:04 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 14 15:51:28 2007 Subject: Mailscanner repository for centos 4.x Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5812AD8624@isabella.herefordshire.gov.uk> But what about the manual step of running upgrade_mailscanner_conf upgrade_languages_conf AND CHECKING.... This will be completely overlooked in an automated "yum update" context. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ian > Sent: 14 February 2007 11:57 > To: MailScanner discussion > Subject: RE: Mailscanner repository for centos 4.x > > On 13 Feb 2007 at 11:55, James Fagan wrote: > > > Anything else? Any interest? > > > > James > > Hi, > > I've just built a kickstart cd with MailScanner on for CentOS > 4.4 I have the rpm's here if > anyones interested: > > mailscanner-4.58.9-1.noarch.rpm > MailScanner-perl-MIME-Base64-3.05-5.i386.rpm > perl-Archive-Zip-1.16-1.noarch.rpm > perl-Compress-Zlib-1.41-1.i386.rpm > perl-Convert-BinHex-1.119-2.noarch.rpm > perl-Convert-TNEF-0.17-1.noarch.rpm > perl-DBD-SQLite-1.12-1.noarch.rpm > perl-DBI-1.50-2.noarch.rpm > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > perl-File-Temp-0.16-1.noarch.rpm > perl-Filesys-Df-0.90-1.noarch.rpm > perl-Getopt-Long-2.35-1.noarch.rpm > perl-HTML-Parser-3.54-1.i386.rpm > perl-IO-stringy-2.108-1.noarch.rpm > perl-Mail-SpamAssassin-3.1.7-1.i386.rpm > perl-MailTools-1.71-1.noarch.rpm > perl-MIME-tools-5.420-1.noarch.rpm > perl-Net-CIDR-0.10-1.noarch.rpm > perl-Net-IP-1.24-1.noarch.rpm > perl-Sys-Hostname-Long-1.4-1.noarch.rpm > perl-Sys-Syslog-0.18-1.noarch.rpm > perl-Time-HiRes-1.86-1.noarch.rpm > perl-TimeDate-1.16-3.noarch.rpm > tnef-1.4.3-1.i386.rpm > > They are simply the ones created by running the install script. > > Regards > > Ian > -- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Wed Feb 14 16:51:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 15:56:25 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> Message-ID: <223f97700702140751y1f01d167i375ad193656be4e@mail.gmail.com> On 14/02/07, Res wrote: > On Wed, 14 Feb 2007, Glenn Steen wrote: > > > On 14/02/07, Res wrote: > > (snip) > >> It wouldn't be so bad if the gaymers who seem to be the only ones up all > >> night checked their mail and reported problems, even at 2am is better than > >> the normal people finding out at 7-8 am... especially if you find out it > >> shat itself at 11pm :D > > > Hahaha, and you think they're interrested in their mail when they're > > up through the night!? > > Not realistic:-) > > I know, i teach them to get a life :) > > # > int gigabitethernet 2/0 > shut > <........go make coffee....drink coffee......> > noshut > # Ah .... LOL... evil...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ka at pacific.net Wed Feb 14 17:00:43 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 14 16:01:22 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> Message-ID: <45D3322B.2060602@pacific.net> Glenn Steen wrote: > On 14/02/07, BB wrote: >> >> Who in the world would actually purchase(Viagra etc...) from these >> places ? >> >> Harvesting valid email address ? >> >> Bug the heck out of people like us ? >> >> Malicious payload if not already ? >> > As you say, it is moronic at best... But you could well compare it to > Nigerian scams... The cost for sending is _very_ low/message. So to > make a buck, they don't need more than ppm-type "fallout"... If one in > a million do buy the coloured sugar pills, they will make a profit. > And it seems there are several "stages" involved, where the actual > botnet herder get paid for services, and so doesn't really depend upon > the outcome. > All in all, it just takes a few idiots to make it a profitable deal. Yep. in this morning's email: -- snip Get all your favorite RX Meds Online! With discreet fast FEDEX shipping! No Prescription Needed! Order Now - japena . com -- snip All it hit was DATE_IN_PAST_06_12 :-( It's hitting DCC and RAZOR and yet another local rule now as well. You gotta have a sense of humor about this spam stuff. It really is just background noise.. oh.. and job security. Ken A. Pacific.Net > > Cheers From email at ace.net.au Wed Feb 14 16:59:57 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 16:07:24 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <45D3279C.3060803@nkpanama.com> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <200702141359190478.6822BACA@smtp1.ace.net.au> <45D3279C.3060803@nkpanama.com> Message-ID: <200702150229570930.6AD1F63E@smtp1.ace.net.au> One condition, you actually try it and give me some feedback, be it good, bad or otherwise :-) I just knocked up a quick and dirty website for it, hopefully it explains it all. http://az.com.au Peter *********** REPLY SEPARATOR *********** On 14/02/2007 at 10:15 AM Alex Neuman van der Hans wrote: >Care to share? :-) > >Peter Nitschke wrote: >> I have an interest in this. >> >> I have written a script to take a clean hard drive and the CentOS 4.2 >> Single CD server and convert it to a fully operation >> MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The >> slowest part is the MailScanner install, so some RPM's would be very >handy. >> >> Peter >> >> *********** REPLY SEPARATOR *********** >> >> On 13/02/2007 at 11:55 AM James Fagan wrote: >> >>>> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >>>>> Hello,is there any rpm repository for mailscanner on centos ? It >>> would >>>> be >>>>> great just install or update all with a simple yum update. >>>>> >>>>> Best regards. >>>>> >>>> That would be great, but no one has stepped up to create one that I >>> know >>>> of. >>>> The install packages that Julian has work great already. The download >>> is >>>> larger, but it works. >>>> >>>> >>> I have a couple boxes (1 for sure) that could be used for a repo, but Im >>> not that good at building packages. I have setup repos for CentOS in the >>> past, it would be a little bit a project if people are intersted I can >>> start getting things together on my end in the next week or two. Will be >>> on vacation for a little bit starting today. >>> >>> Im guessing we would need: >>> >>> 1. boxes >>> 2. DNS >>> 3. packager(s) >>> 4. testors >>> 5. victory beers >>> >>> Anything else? Any interest? >>> >>> James >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From ka at pacific.net Wed Feb 14 17:10:27 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 14 16:11:04 2007 Subject: Mqueue.in huge In-Reply-To: <200702141527.l1EFROJH011703@netra.database.it> References: <200702141527.l1EFROJH011703@netra.database.it> Message-ID: <45D33473.3030909@pacific.net> Marcello Anderlini wrote: > But I do not use dcc/pyzor/razor, could you send me your MailScanner.conf to > compare with me ? they are disabled in /etc/mail/spamassassin/init.pre, or in /etc/MailScanner/spam.assassin.prefs.conf, (or both!), not in MailScanner.conf Ken A. Pacific.Net > > thanks > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res >> Sent: mercoled? 14 febbraio 2007 16.06 >> To: MailScanner discussion >> Subject: RE: Mqueue.in huge >> >> On Wed, 14 Feb 2007, Marcello Anderlini wrote: >> >>> I've just upgrade mailscanner but I still have the problem. >>> >>> Let me refresh my configuration >> If you use dcc/pyzor/razor, disable them, it was the only way >> I could keep SA under control, I had the same problems as you >> a year ago, within 10 mins I had about a thousand in the >> batch, once I removed those 3, SA could easily keep up >> despite it having a lot of local rules and all from rules_du_jour. >> >> In your conf I would change the number of processes to 5 >> unless you have 2 real CPU's, hyperthreaded cpu's show up as >> two, but must only be counted as one in MailScanner, also the >> batch scan time, I'd pop that back to 5. >> >> Its very late here, so I may have missed other things you >> need to correct, I'll leave the rest for others to proof read :) >> >> -- >> Cheers >> Res >> >> "We can be Heroes, just for one day" - Davey (Jones) Bowie >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Messaggio verificato dal servizio antivirus di Database Informatica >> > > > From jaearick at colby.edu Wed Feb 14 17:10:00 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Feb 14 16:14:35 2007 Subject: ClamAV 0.90, another bummer Message-ID: More sad news on ClamAV 0.90 for you Solaris users... You have to configure it with --disable-bzip2, even if you have the latest bzip2, version 1.0.4 installed. Clam expects a shared library for bzip2, but the default makefile for bzip2 just builds an archive lib. The "make -f Makefile-libbz2_so" failed for me with Solaris 10 and gcc 4.1.0 so no shared bzip2 lib, ergo no bzip2 in Clam. Jeff Earickson Colby College From alex at nkpanama.com Wed Feb 14 17:14:59 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 14 16:20:01 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702150229570930.6AD1F63E@smtp1.ace.net.au> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <200702141359190478.6822BACA@smtp1.ace.net.au> <45D3279C.3060803@nkpanama.com> <200702150229570930.6AD1F63E@smtp1.ace.net.au> Message-ID: <45D33583.7010108@nkpanama.com> I'll look at the script and see what I can contribute (additional plugins, other stuff, etc.) Peter Nitschke wrote: > One condition, you actually try it and give me some feedback, be it good, > bad or otherwise :-) > > I just knocked up a quick and dirty website for it, hopefully it explains > it all. > > http://az.com.au > > Peter > > *********** REPLY SEPARATOR *********** > > On 14/02/2007 at 10:15 AM Alex Neuman van der Hans wrote: > >> Care to share? :-) >> >> Peter Nitschke wrote: >>> I have an interest in this. >>> >>> I have written a script to take a clean hard drive and the CentOS 4.2 >>> Single CD server and convert it to a fully operation >>> MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The >>> slowest part is the MailScanner install, so some RPM's would be very >> handy. >>> Peter >>> >>> *********** REPLY SEPARATOR *********** >>> >>> On 13/02/2007 at 11:55 AM James Fagan wrote: >>> >>>>> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >>>>>> Hello,is there any rpm repository for mailscanner on centos ? It >>>> would >>>>> be >>>>>> great just install or update all with a simple yum update. >>>>>> >>>>>> Best regards. >>>>>> >>>>> That would be great, but no one has stepped up to create one that I >>>> know >>>>> of. >>>>> The install packages that Julian has work great already. The download >>>> is >>>>> larger, but it works. >>>>> >>>>> >>>> I have a couple boxes (1 for sure) that could be used for a repo, but > Im >>>> not that good at building packages. I have setup repos for CentOS in > the >>>> past, it would be a little bit a project if people are intersted I can >>>> start getting things together on my end in the next week or two. Will > be >>>> on vacation for a little bit starting today. >>>> >>>> Im guessing we would need: >>>> >>>> 1. boxes >>>> 2. DNS >>>> 3. packager(s) >>>> 4. testors >>>> 5. victory beers >>>> >>>> Anything else? Any interest? >>>> >>>> James >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > From m.anderlini at database.it Wed Feb 14 17:15:38 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 16:27:37 2007 Subject: Mqueue.in huge In-Reply-To: <45D33473.3030909@pacific.net> Message-ID: <200702141615.l1EGFabw021719@netra.database.it> Opss, anyway this is my spam.assassin.prefs.conf ============== # skip_rbl_checks 1 ########################################################################### # Add your own customised scores for some tests below. The default scores are # read from the installed "spamassassin.cf" file, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html . # MailScanner: Comment out the next line to enable DCC checking if you # have dcc installed (optional part of SpamAssassin) # JKF Commented out as it no longer generates maillog warnings #score DCC_CHECK 0.0 dcc_path /usr/local/bin/dccproc # # Added for MailScanner 23/5/2003 # The timeouts for blacklists and Razor are rather generous in the default # state that SpamAssassin is shipped. Reducing these stops a lot of timeouts # from removing SpamAssassin scores altogether. # rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 ============== I've checked and I've not /usr/local/bin/dccproc, could I try to set skip_rbl_checks 0 or decrease this timeout ?: rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 Thanks again Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: mercoledì 14 febbraio 2007 17.10 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > > > > Marcello Anderlini wrote: > > But I do not use dcc/pyzor/razor, could you send me your > > MailScanner.conf to compare with me ? > > they are disabled in /etc/mail/spamassassin/init.pre, or in > /etc/MailScanner/spam.assassin.prefs.conf, (or both!), not in > MailScanner.conf > > Ken A. > Pacific.Net > > > > > thanks > > > > Dr. Marcello Anderlini > > m.anderlini@database.it > > --------------------------------------------- > > Database Informatica S.r.l. > > Microsoft Certified Partner > > Tel. +39059775070 > > Fax. +39059779545 > > http://www.database.it > > --------------------------------------------- > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Res > >> Sent: mercoledì 14 febbraio 2007 16.06 > >> To: MailScanner discussion > >> Subject: RE: Mqueue.in huge > >> > >> On Wed, 14 Feb 2007, Marcello Anderlini wrote: > >> > >>> I've just upgrade mailscanner but I still have the problem. > >>> > >>> Let me refresh my configuration > >> If you use dcc/pyzor/razor, disable them, it was the only > way I could > >> keep SA under control, I had the same problems as you a year ago, > >> within 10 mins I had about a thousand in the batch, once I removed > >> those 3, SA could easily keep up despite it having a lot of local > >> rules and all from rules_du_jour. > >> > >> In your conf I would change the number of processes to 5 > unless you > >> have 2 real CPU's, hyperthreaded cpu's show up as two, but > must only > >> be counted as one in MailScanner, also the batch scan > time, I'd pop > >> that back to 5. > >> > >> Its very late here, so I may have missed other things you need to > >> correct, I'll leave the rest for others to proof read :) > >> > >> -- > >> Cheers > >> Res > >> > >> "We can be Heroes, just for one day" - Davey (Jones) Bowie > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Messaggio verificato dal servizio antivirus di Database Informatica > >> > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- A non-text attachment was scrubbed... Name: spam.assassin.prefs.zip Type: application/octet-stream Size: 4388 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/ffabba92/spam.assassin.prefs.obj From m.anderlini at database.it Wed Feb 14 17:23:56 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 16:28:26 2007 Subject: Mqueue.in huge In-Reply-To: <45D33473.3030909@pacific.net> Message-ID: <200702141623.l1EGNsNT029412@netra.database.it> This instead it's my init.pre =========================== ########################################################################### # RelayCountry - add metadata for Bayes learning, marking the countries # a message was relayed through # # Note: This requires the IP::Country::Fast Perl module # # loadplugin Mail::SpamAssassin::Plugin::RelayCountry # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF =========================== Could I remove someone and still have a good spam detection ? Thanks again and again :-) Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: mercoledì 14 febbraio 2007 17.10 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > > > > Marcello Anderlini wrote: > > But I do not use dcc/pyzor/razor, could you send me your > > MailScanner.conf to compare with me ? > > they are disabled in /etc/mail/spamassassin/init.pre, or in > /etc/MailScanner/spam.assassin.prefs.conf, (or both!), not in > MailScanner.conf > > Ken A. > Pacific.Net > > > > > thanks > > > > Dr. Marcello Anderlini > > m.anderlini@database.it > > --------------------------------------------- > > Database Informatica S.r.l. > > Microsoft Certified Partner > > Tel. +39059775070 > > Fax. +39059779545 > > http://www.database.it > > --------------------------------------------- > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Res > >> Sent: mercoledì 14 febbraio 2007 16.06 > >> To: MailScanner discussion > >> Subject: RE: Mqueue.in huge > >> > >> On Wed, 14 Feb 2007, Marcello Anderlini wrote: > >> > >>> I've just upgrade mailscanner but I still have the problem. > >>> > >>> Let me refresh my configuration > >> If you use dcc/pyzor/razor, disable them, it was the only > way I could > >> keep SA under control, I had the same problems as you a year ago, > >> within 10 mins I had about a thousand in the batch, once I removed > >> those 3, SA could easily keep up despite it having a lot of local > >> rules and all from rules_du_jour. > >> > >> In your conf I would change the number of processes to 5 > unless you > >> have 2 real CPU's, hyperthreaded cpu's show up as two, but > must only > >> be counted as one in MailScanner, also the batch scan > time, I'd pop > >> that back to 5. > >> > >> Its very late here, so I may have missed other things you need to > >> correct, I'll leave the rest for others to proof read :) > >> > >> -- > >> Cheers > >> Res > >> > >> "We can be Heroes, just for one day" - Davey (Jones) Bowie > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Messaggio verificato dal servizio antivirus di Database Informatica > >> > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From rcooper at dwford.com Wed Feb 14 17:33:49 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 14 16:38:22 2007 Subject: ClamAV 0.90 released In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> Message-ID: <023501c75055$e88f5be0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: Wednesday, February 14, 2007 5:54 AM > To: MailScanner discussion > Subject: ClamAV 0.90 released > > Folks, > > Good news and bad news. > > First the good news - ClamAV 0.90 is now officially releases. > > And the bad - Mail::ClamAV has yet to be updated to work with it. > > Cheers, > > Phil > -- I would think an update will take a while, they removed some entire functions, and some have changed pretty major. Although notes inside the last Mail::ClamAV dist would tend to make one believe the author was aware of some of them at the time of the 0.90RCxx releases the changed yet again. For instance the cl_scanbuffer was changed to cli_scanbuffer and now it appears to have been replaced with cl_scanfile and no longer takes the same arguments. I did manage to fix up the Mail::ClamAV package to a working version but was going to need MS changes also. I ended up opting to use clamd and clamdscan instead. If you decide to go that route you need to remove the ExtraScanOptions from the wrapper, and remove the -r option from SweepVirues.pm (or you will get a harmless error message telling you the -r option was ignored). The clamdscan option seems to be pretty quick and works well. A Note to Julian: I was using the 0.90RC version on one server so I had to add some code to SweepViruses to check the clamav version and modify the $Scanners{clamav}->{CommonOptions} .= " --unrar=$rarcmd"; portion of SweepViruses to check versions and if major is >= 0.90 then don't add the --unrarcmd as 0.90 has a working unrar function. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Wed Feb 14 17:34:06 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Feb 14 16:38:49 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <45D3322B.2060602@pacific.net> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> <45D3322B.2060602@pacific.net> Message-ID: <7.0.1.0.0.20070214112915.073a8eb0@1bigthink.com> At 11:00 AM 2/14/2007, you wrote: >Glenn Steen wrote: >>On 14/02/07, BB wrote: >>> >>>Who in the world would actually purchase(Viagra etc...) from these places ? >>> >>>Harvesting valid email address ? >>> >>>Bug the heck out of people like us ? >>> >>>Malicious payload if not already ? >>As you say, it is moronic at best... But you could well compare it to >>Nigerian scams... The cost for sending is _very_ low/message. So to >>make a buck, they don't need more than ppm-type "fallout"... If one in >>a million do buy the coloured sugar pills, they will make a profit. >>And it seems there are several "stages" involved, where the actual >>botnet herder get paid for services, and so doesn't really depend upon >>the outcome. >>All in all, it just takes a few idiots to make it a profitable deal. > >Yep. in this morning's email: > >-- snip >Get all your favorite RX Meds Online! >With discreet fast FEDEX shipping! No Prescription Needed! >Order Now - japena . com >-- snip > >All it hit was DATE_IN_PAST_06_12 :-( > >It's hitting DCC and RAZOR and yet another local rule now as well. >You gotta have a sense of humor about this spam stuff. >It really is just background noise.. oh.. and job security. Keep your SARE rules up to date. Make sure it gets tagged as spam properly and then forward to: US Pharma Spam: webcomplaints@ora.fda.gov UK Pharma Spam: info@mhra.gsi.gov.uk Intl Pharma Spam: drugs@interpol.int Use accordingly with IP and WhoIs. Mailing to these will not result in instant gratification.. but rest assured, if they can use your reports to tie in with an investigation, you may have helped nail one of these scum to the wall! Cheers! From damian at workgroupsolutions.com Wed Feb 14 17:51:55 2007 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Wed Feb 14 16:56:24 2007 Subject: Mqueue.in huge In-Reply-To: <200702141346.l1EDkYCU020707@netra.database.it> Message-ID: <0C941442AC84A8449448BA2207DD4F4D215CA4@core01.workgroupsolutions.com> You need to block more messages at the MTA level with tools like Sender Authentication which includes greylisting and recipient address validation - search for spamfree or milter-spamblocker which work great and are worth the money. Regards, Damian -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini Sent: Wednesday, February 14, 2007 5:47 AM To: 'MailScanner discussion' Subject: RE: Mqueue.in huge I've just upgrade mailscanner but I still have the problem. Let me refresh my configuration CentOS release 4.4 (Final) Kernel: 2.6.9-42.0.8.Elsmp Version : 4.58.9 Vendor: Electronics and Computer Science, University of Southampton Release : 1 Build Date: Thu Feb 1 16:02:58 2007 I still can't understand why but sometime (now often), spamassassin become slow and my mqueue.in grow until 2000 msg or more. The only solution I've found it's not use Spamasssin. If I have understood how mailscanner work, the blacklist set in mailscanner.conf are indipendent wich the ones used by spamassassin. Could be that some of this blacklist get to time to be connected ? I've attach my conf, I hope someone could finaly help me. Thanks again... Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marcello Anderlini > Sent: marted? 13 febbraio 2007 17.56 > To: 'MailScanner discussion' > Subject: RE: Mqueue.in huge > > But I have not MailWatch installed. > I think now the best things it's to upgrade Mailscanner and > see if things get better or not. > > Let me try. > > Thanks again. > > > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn > > Steen > > Sent: marted? 13 febbraio 2007 17.23 > > To: MailScanner discussion > > Subject: Re: Mqueue.in huge > > > > On 13/02/07, Marcello Anderlini wrote: > > > I make the symlink but the problem seem to be still presents. > > > Now my mqueue.in is running about 120/130 msg waiting and > > is growing. > > > The only way to decrease it is to not use spamassassin. > > Ok. > > > > > I notice anyway that msg are still marked spam using > black-list, I > > > suppose directly by Mailscanner and I can delete it if I > > change "Spam > > > Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > > > delete. Could this be a solution ? > > Only a temporary one, IMO. You do want SA to have its say:-). > > > > > But How can I understand where spamassassin is slowing ? Can > > > spamassassin -D -t generate a log with timing ? > > Like the MailWatch thing? Unfortunately I know of no such thing > > (doesn't necessarily mean there is none:-). One could probably just > > change the MailWatch thing a bit so that it'd use a message and not > > really the --lint thing... Looking at that.... In > sa_lint.php around > > line 24 you could probably change if(!$fp = > popen(SA_DIR.'spamassassin > > -x -D -p '.SA_PREFS.' --lint 2>&1','r')) { to something > like if(!$fp = > > popen(SA_DIR.'spamassassin -x -D -t /path/to/your/test/message > > 2>&1','r')) { ... and then restart apache and your browser. > When you > > the run the "SA lint" on the Tools page, you should get a timed > > variant of that ... in theory, I've not tested this:-). > Keep a copy of > > the original file, just in case:-):-). > > > > > I'll update mailscanner as soon as possible. > > > > > Good plan. > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Messaggio verificato dal servizio antivirus di Database Informatica > > > > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Messaggio verificato dal servizio antivirus di Database Informatica From glenn.steen at gmail.com Wed Feb 14 17:54:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 16:58:54 2007 Subject: Mqueue.in huge In-Reply-To: <200702141623.l1EGNsNT029412@netra.database.it> References: <45D33473.3030909@pacific.net> <200702141623.l1EGNsNT029412@netra.database.it> Message-ID: <223f97700702140854g118d4f1wdd7411e8f7fbd8a8@mail.gmail.com> On 14/02/07, Marcello Anderlini wrote: > This instead it's my init.pre > =========================== > ########################################################################### > > # RelayCountry - add metadata for Bayes learning, marking the countries > # a message was relayed through > # > # Note: This requires the IP::Country::Fast Perl module > # > # loadplugin Mail::SpamAssassin::Plugin::RelayCountry > > # URIDNSBL - look up URLs found in the message against several DNS > # blocklists. > # > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > # Hashcash - perform hashcash verification. > # > loadplugin Mail::SpamAssassin::Plugin::Hashcash > > # SPF - perform SPF verification. > # > loadplugin Mail::SpamAssassin::Plugin::SPF > =========================== > > Could I remove someone and still have a good spam detection ? > Sort of, yes. At least you can determine if it is what is slowing things down (start with the URIBL plugin, just comment it and restart MS)... But is that the only .pre file you have in /etc/mail/spamassassin? Likely not, and all will be read/used... Check them all. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From krgehlba at lexairinc.com Wed Feb 14 17:59:31 2007 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Wed Feb 14 17:04:04 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. In-Reply-To: <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> References: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> Message-ID: <45D33FF3.30002@lexairinc.com> shuttlebox wrote: > On 2/11/07, BB wrote: >> >> It's messing up my total scores causing spam not to be caught ? > > You could always reassign the score to any value you like: > > score BAYES_00 -0.5 > > Put that in a .cf file in the /etc/mail/spamassassin folder. > Or better yet, use sa-learn to relearn any spam marked BAYES_00. Or, for even better results, any spam not scoring BAYES_99. (While learning suitable ham, too.) The goal is not simply to lower the amount Bayes filtering messes up your scoring when it's wrong, continuing to permit it to assess spam incorrectly (if you don't want bayes to affect your scores, why use up the resources it requires?), but instead to have it actually correctly assess whether a message is in fact spam. Renee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Feb 14 18:22:52 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 14 17:27:19 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. In-Reply-To: <45D33FF3.30002@lexairinc.com> References: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> <45D33FF3.30002@lexairinc.com> Message-ID: <625385e30702140922i33c99fbfk51f588dfb8ef91ca@mail.gmail.com> On 2/14/07, Renee Gehlbach wrote: > Or better yet, use sa-learn to relearn any spam marked BAYES_00. Or, > for even better results, any spam not scoring BAYES_99. (While learning > suitable ham, too.) The goal is not simply to lower the amount Bayes > filtering messes up your scoring when it's wrong, continuing to permit > it to assess spam incorrectly (if you don't want bayes to affect your > scores, why use up the resources it requires?), but instead to have it > actually correctly assess whether a message is in fact spam. I agree with you on principle but to me Bayes is not as important as it used to be. With spammers using real text it's hard for it to do a good job. I would rather avoid the hassle of training it, to me it's not worth the effort but YMMV. -- /peter From r.berber at computer.org Wed Feb 14 18:48:52 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 14 17:53:40 2007 Subject: ClamAV 0.90, another bummer In-Reply-To: References: Message-ID: Jeff A. Earickson wrote: > More sad news on ClamAV 0.90 for you Solaris users... > > You have to configure it with --disable-bzip2, even if you have > the latest bzip2, version 1.0.4 installed. Clam expects a > shared library for bzip2, but the default makefile for bzip2 > just builds an archive lib. The "make -f Makefile-libbz2_so" > failed for me with Solaris 10 and gcc 4.1.0 so no shared bzip2 > lib, ergo no bzip2 in Clam. Solaris 10 ships with a shared bzip2 library, under /usr/lib, ClamAV compiles out of the box after you install gmp... only with other bzip2 installations there is a small problem: there is no symbolic link from libbz2.so to libbz2.so.1 or to the real library. -- Ren? Berber From Richard.Hall at ingenta.com Wed Feb 14 19:17:55 2007 From: Richard.Hall at ingenta.com (Richard.Hall) Date: Wed Feb 14 18:22:21 2007 Subject: ClamAV 0.90, another bummer In-Reply-To: Message-ID: On Wed, 14 Feb 2007, Ren? Berber wrote: > Jeff A. Earickson wrote: > > > More sad news on ClamAV 0.90 for you Solaris users... > > > > You have to configure it with --disable-bzip2, even if you have > > the latest bzip2, version 1.0.4 installed. Clam expects a > > shared library for bzip2, but the default makefile for bzip2 > > just builds an archive lib. The "make -f Makefile-libbz2_so" > > failed for me with Solaris 10 and gcc 4.1.0 so no shared bzip2 > > lib, ergo no bzip2 in Clam. > > Solaris 10 ships with a shared bzip2 library, under /usr/lib, ClamAV compiles > out of the box after you install gmp... only with other bzip2 installations > there is a small problem: there is no symbolic link from libbz2.so to > libbz2.so.1 or to the real library. > -- Is it just me?? My Solaris 8 and Solaris 9 machines also have this. I'm left wondering why anyone is installing it from SunFreeware in the first place? Now, if I could just understand this iconv stuff ... Richard From john at katy.com Wed Feb 14 19:25:53 2007 From: john at katy.com (John Schmerold) Date: Wed Feb 14 18:30:28 2007 Subject: OTBR: Is mail really getting through Message-ID: <45D35431.3000903@katy.com> Systems like Nagios do a fine job of making sure that an SMTP server is up, however it does not confirm mail is flowing. This morning, something was causing Postfix to throw "450 Server configuration problems" rejections (I think policyd died), a quick reboot solved the problem. I want to know about this before the phone rings. To me: a logical solution would be a program that sends emails every 10 minutes to itself through a relay, then checks its account via POP3 to make sure it got the message. If it doesn't get the email with 5 minutes it starts alerting me through SMS, fax, phone call whatever. Anyone know of such a beast? BTW: OTRB is OT But Related From john at netdirect.ca Wed Feb 14 19:35:14 2007 From: john at netdirect.ca (John Van Ostrand) Date: Wed Feb 14 18:39:46 2007 Subject: OTBR: Is mail really getting through In-Reply-To: <45D35431.3000903@katy.com> References: <45D35431.3000903@katy.com> Message-ID: <1171478114.7512.153.camel@venture.office.netdirect.ca> On Wed, 2007-02-14 at 12:25 -0600, John Schmerold wrote: > Systems like Nagios do a fine job of making sure that an SMTP server is > up, however it does not confirm mail is flowing. This morning, something > was causing Postfix to throw "450 Server configuration problems" > rejections (I think policyd died), a quick reboot solved the problem. > > I want to know about this before the phone rings. > > To me: a logical solution would be a program that sends emails every 10 > minutes to itself through a relay, then checks its account via POP3 to > make sure it got the message. If it doesn't get the email with 5 minutes > it starts alerting me through SMS, fax, phone call whatever. > > Anyone know of such a beast? > > BTW: OTRB is OT But Related Couldn't that be a Nagios script? Have a cron job submit the email at 1/5 (cron-speak) minutes, then have a Nagios script pull in at 0/5 to verify. That would give a full 4 minutes for the email server to process it. It would make sense to put a distinct tag in the email to make sure it sees the correct message. -- John Van Ostrand Net Direct Inc. CTO, co-CEO 564 Weber St. N. Unit 12 Waterloo, ON N2L 5C6 john@netdirect.ca