From MailScanner at ecs.soton.ac.uk Thu Feb 1 00:04:47 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 31 23:08:47 2007 Subject: RBL performance: caching nameserver vs RBL mirroring In-Reply-To: <45C10660.2070101@nkpanama.com> References: <45C09F0F.7FBE.00FC.3@medicine.wisc.edu> <45C10660.2070101@nkpanama.com> Message-ID: <45C1208F.90108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > Michael Masse wrote: >> Can someone explain the pro's and con's of each with respect to >> performance and accuracy, or am I confused and they are not actually >> mutually exclusive, and have nothing to do with eachother? >> >> Mike >> > Caching nameserver means "keep a copy of DNS lookups so I don't have > to do it again for some time". RBL Mirroring means "don't ask a remote > RBL every time I get a message; download the changes to the list > periodically". As a general rule, you don't need your own mirror of an RBL unless you are doing well over 100,000 messages per day. Below that figure, most of the RBL managers won't give you a feed for a mirror anyway. Get a caching nameserver going first (essential) and see how you get on and measure your message throughput. If you are well into 6 or 7 figures, then think about asking the RBL managers for a direct feed. "rbldns" is the best thing to use for big RBLs, not BIND. Run rbldnsd on a different port and just tell BIND to feed requests for the domain to the port used by rbldnsd. I can supply config snippets if necessary. I have a mirror feed for the SURBLs. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwSCYEfZZRxQVtlQRAkBbAKC8KgFkdczsi2vrhkZMjI4q6/ze8ACfVFzb Psu9Ib3zogMHLRLnJunQ0xs= =QgLD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From res at ausics.net Thu Feb 1 01:37:04 2007 From: res at ausics.net (Res) Date: Thu Feb 1 00:40:36 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <20070131163457.B633.GERARD@seibercom.net> References: <20070131163457.B633.GERARD@seibercom.net> Message-ID: On Wed, 31 Jan 2007, Gerard Seibert wrote: > On Wednesday January 31, 2007 at 03:53:47 (PM) Res wrote: > >> Thats very obvious by the posts in here. Sendmail is easiest, followed by >> Exim and then Postfix (which is the most problematic because of its author) > > > I would be interested in why you make that statement regarding Postfix. I You're kidding me right? Just read the archives, and the fact way he speaks of mailscanner alone not only now but in recent years. His attitude is alike DJB, prolly half the reason I despise Qmail ( only half because DJB has no problem with mailscanner) and why i despise postfix, I have NO time for arrogant people who have such narrow vision. > had used Sendmail for several years and found it confusing. Getting SASL, Some people do, some don't. I will agree in the early days Sendmails documentation was poor (might stil be I have not looked at it in years) > trait. I will agree through that milters work far better on Sendmail > than Postfix. The problem is that they were written with Sendmail in As Julian pointed out, they were created by Sendmail so it should :) > Even the clamav milter does not work correctly. I spoke to its I fail to see the need for anti virus milter when I use MailScanner on every mail server. The only milters I use are spf, and on some machines the look-ahead user lookup milter to back end machines. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Thu Feb 1 02:17:18 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 1 01:20:44 2007 Subject: Performance In-Reply-To: <45C11A25.5010407@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> Message-ID: <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> On 31/01/07, Peter Russell wrote: (snip) > >> PostFix Configuration: > >> [root@mx1 ~]# postconf -n > >> canonical_maps = hash:/etc/postfix/canonical > >> config_directory = /etc/postfix > >> disable_vrfy_command = yes > >> hash_queue_names = "" > >> header_checks = regexp:/etc/postfix/header_checks > >> masquerade_exceptions = root > >> message_size_limit = 51200000 > >> mydomain = schmerold.com > >> myhostname = mx1.schmerold.com > >> mynetworks = 127.0.0.0/8 65.16.251.208/29 > >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > > Why is there no "companion" relay_recipient_maps? You should reject > > unknown recipients. > > > >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> smtpd_helo_required = yes > > Here you should perhaps have a > > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > > hash:/etc/postfix/deny_domain_spoof > > Where the deny_domain_spoof is simply an access file detailing the > > domains and IP addresses you relay for like "katy.com REJECT". Will be > > perfectly safe to use. > > Glenn - should he have REJECT for domains he relays for? Yes. The thinking here is to REJECT anyone pretending to be either your domain (your MX) or any of the "internal/trusted" IP addresses, unless they really are... The permit_mynetworks take care of not rejecting things that shouldn't be rejected:). As said, perfectly safe;-). This one rejects a few every day. > I am interested > in tweaking my postfix config myself. Any chance one fo the postfix > gurus like your self would post up your main.cf with some comments on > your anti spam settings? Will have to sanitise it a bit (don't want to spread any "secrets":-), but sure... It's really not that exciting reading... I got a lot of it from the UCE links over at www.postfix.org, with some slight adaptations to my needs... And to complete the picture one would have to have some other files too (access maps, perhaps some scripts). I'll see what I can do over the next few days (am pretty busy with real work... Providing SSL Explorer (yay!) to the "unwashed masses" at work (inc yet another upgrade), fiddling a bit with Oracle, testing the latest MS beta/stable... all for tomorrow. And sqeeze in a doctors appointment somewhere too):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Thu Feb 1 02:33:53 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 1 01:37:48 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <20070131163457.B633.GERARD@seibercom.net> References: <20070131163457.B633.GERARD@seibercom.net> Message-ID: <45C14381.1000107@nkpanama.com> Gerard Seibert wrote: > I would be interested in why you make that statement regarding Postfix. I > had used Sendmail for several years and found it confusing. Getting SASL, > etc working on it can be a real chore. SASL appears to work out-of-the-box on CentOS, at least for me. What do you mean by " a real chore "? From pete at enitech.com.au Thu Feb 1 02:46:58 2007 From: pete at enitech.com.au (Peter Russell) Date: Thu Feb 1 01:50:25 2007 Subject: Performance In-Reply-To: <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> Message-ID: <45C14692.2020704@enitech.com.au> Glenn Steen wrote: > On 31/01/07, Peter Russell wrote: > (snip) >> >> PostFix Configuration: >> >> [root@mx1 ~]# postconf -n >> >> canonical_maps = hash:/etc/postfix/canonical >> >> config_directory = /etc/postfix >> >> disable_vrfy_command = yes >> >> hash_queue_names = "" >> >> header_checks = regexp:/etc/postfix/header_checks >> >> masquerade_exceptions = root >> >> message_size_limit = 51200000 >> >> mydomain = schmerold.com >> >> myhostname = mx1.schmerold.com >> >> mynetworks = 127.0.0.0/8 65.16.251.208/29 >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com >> > Why is there no "companion" relay_recipient_maps? You should reject >> > unknown recipients. >> > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> >> smtpd_helo_required = yes >> > Here you should perhaps have a >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> > hash:/etc/postfix/deny_domain_spoof >> > Where the deny_domain_spoof is simply an access file detailing the >> > domains and IP addresses you relay for like "katy.com REJECT". Will be >> > perfectly safe to use. >> >> Glenn - should he have REJECT for domains he relays for? > Yes. The thinking here is to REJECT anyone pretending to be either > your domain (your MX) or any of the "internal/trusted" IP addresses, > unless they really are... The permit_mynetworks take care of not > rejecting things that shouldn't be rejected:). > As said, perfectly safe;-). > This one rejects a few every day. Sorry for the questions, but i am trying to stop some of the low scoring spam i keep getting through - i am sure some tweaking will get it. How do you check if these have blocked some spam? grep the maillog? > >> I am interested >> in tweaking my postfix config myself. Any chance one fo the postfix >> gurus like your self would post up your main.cf with some comments on >> your anti spam settings? > Will have to sanitise it a bit (don't want to spread any "secrets":-), > but sure... It's really not that exciting reading... And sqeeze in a doctors > appointment somewhere too):-). > That's cool - just figured some already tested and explained MTA set ups would stop some of the easier spam. Appreciate any help you can offer. No rush :) From Richard.Frovarp at sendit.nodak.edu Thu Feb 1 03:03:43 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 1 02:07:13 2007 Subject: RBL performance: caching nameserver vs RBL mirroring In-Reply-To: <45C1208F.90108@ecs.soton.ac.uk> References: <45C09F0F.7FBE.00FC.3@medicine.wisc.edu> <45C10660.2070101@nkpanama.com> <45C1208F.90108@ecs.soton.ac.uk> Message-ID: <45C14A7F.4000308@sendit.nodak.edu> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alex Neuman van der Hans wrote: > >> Michael Masse wrote: >> >>> Can someone explain the pro's and con's of each with respect to >>> performance and accuracy, or am I confused and they are not actually >>> mutually exclusive, and have nothing to do with eachother? >>> >>> Mike >>> >>> >> Caching nameserver means "keep a copy of DNS lookups so I don't have >> to do it again for some time". RBL Mirroring means "don't ask a remote >> RBL every time I get a message; download the changes to the list >> periodically". >> > As a general rule, you don't need your own mirror of an RBL unless you > are doing well over 100,000 messages per day. Below that figure, most of > the RBL managers won't give you a feed for a mirror anyway. Get a > caching nameserver going first (essential) and see how you get on and > measure your message throughput. If you are well into 6 or 7 figures, > then think about asking the RBL managers for a direct feed. "rbldns" is > the best thing to use for big RBLs, not BIND. Run rbldnsd on a different > port and just tell BIND to feed requests for the domain to the port used > by rbldnsd. > You want to be running a caching nameserver no matter what. I know a certain server that was running MailScanner and for some reason the caching nameserver failed on it. It had to make a trip all the way to the local DNS (same room), and it got very very very backed up. Of course this is a server that probably handles a 100,000 alone on a light day. No wonder the end-to-end monitor kept paging all weekend. From pascal.maes at elec.ucl.ac.be Thu Feb 1 07:50:52 2007 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Feb 1 06:54:21 2007 Subject: Question about headers In-Reply-To: <20070129072647.3B08.GERARD@seibercom.net> References: <45BD7919.1020009@rogers.com> <223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com> <20070129072647.3B08.GERARD@seibercom.net> Message-ID: hello, In /etc/mail/spamassassin/local.cf I have : clear_headers add_header all Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_S(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ When I use spamassassin -D I get the following headers in the result : X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on smtp-1.dynsipr.ucl.ac.be X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=unavailable version=3.1.7S(*)_ But when the mail goes through MailScanner I get only : X-Sgsi-Mailscanner: Found to be clean X-Sgsi-Mailscanner-Spamcheck: n'est pas un polluriel, SpamAssassin (cached, score=-22.6, requis 5, autolearn=not spam, BAYES_00 -2.60, RCVD_AUTH_OK -20.00, SPF_HELO_PASS -0.00) X-Sgsi-Mailscanner-From: pascal.maes@elec.ucl.ac.be X-Spam-Status: No In MailScanner.conf, I have the following settings : Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Spam Score Character = s Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: What could I do to get all the SpamAssassin headers ? Thanks -- Pascal From micoots at yahoo.com Thu Feb 1 08:11:50 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 07:15:14 2007 Subject: Enable MCP Bounce, no such thing? Message-ID: <404490.91616.qm@web33305.mail.mud.yahoo.com> Hi Julian, :) I had one of my clients ask me "so if the senders message is blocked, they should know why otherwise they'll think the message successfully went through". I've implemented MCP scanning for this client, who has used the feature to enable regex for "bad words" which he basically doesn't want to see. f words, p words, c words, you get what I mean, things that are commonly part of adult spam but he's going one step further, if a real person emails him those words (swear words etc) then he doesn't even want to know the email was sent. I use MailWatch and various SARE rules, so this means mailwatch to also not log the stuff (which I'm able to do quite easily). So when the MCP rule kicks in and /dev/null's the message, it would be good for the sender to know why their message was rejected/blocked and never sent. They're a church group btw and I host for a couple of churches which would benefit from the same types of services. Can you complete the implementation of this feature Julian? Michael. ----- Original Message ---- From: Julian Field To: MailScanner discussion Sent: Wednesday, 31 January, 2007 11:19:06 PM Subject: Re: Enable MCP Bounce, no such thing? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a feeling I decided there wasn't a use for such an option and didn't implement it. Michael Mansour wrote: > Hi, > > I'm using mailscanner-4.57.6-1 > > In MailScanner.conf, there's an option: > > Enable Spam Bounce > > which allows the bouncing of email to the sender. I'm after this option not for Spam, but for MCP. > > The closest I find in MailScanner.conf is: > > Bounce MCP As Attachment = yes > > but this doesn't work ie. no bounce is sent. > > I was expecting an equivalent MCP command like: > > Enable MCP Bounce > > based on the similarities between the Spam and MCP command set, but no such command exists. > > So my question is, if a message is MCP or high scoring MCP and I delete it, how do I organise to notify the sender that their message has been blocked - which is explained in these options: > > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > Thanks. > > Michael. > > > > > Send instant messages to your online friends http://au.messenger.yahoo.com > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwImHEfZZRxQVtlQRAkkWAJ9LWziks3jD+ovVfnQosZIDOjRK6wCgrQat wniBs4U7ry6VByvBC1m4y2g= =OVAg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Send instant messages to your online friends http://au.messenger.yahoo.com From micoots at yahoo.com Thu Feb 1 08:43:57 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 07:47:21 2007 Subject: spam blacklisted Message-ID: <745054.12199.qm@web33308.mail.mud.yahoo.com> Hi, I'm really baffled with this one. For the past day I have been seeing this in maillog sent to one particular domain: Jan 31 09:19:05 server MailScanner[21625]: Message l0UMK3pX001320 from xxx.xxx.xxx.xxx (example@example.com to example.com is spam (blacklisted) I've checked "example.com"'s blacklisting and the sender is not there. I have spent about an hour on the setup trying to track down where this is getting blacklisted, but no go. BTW, I have multiple MX mailservers which process mail and then deliver to another mail server which holds the user mailboxes. These messages pass through as "clean" on the MX mail server but when they reach the one that holds the user mailboxes it blacklists them (and as of a week ago all these mailscanner scanners are now identical in setup). I don't know where else to look. Does anyone have any suggestions? Thanks. Michael. Send instant messages to your online friends http://au.messenger.yahoo.com From micoots at yahoo.com Thu Feb 1 09:05:07 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 08:08:31 2007 Subject: spam blacklisted Message-ID: <362754.85645.qm@web33310.mail.mud.yahoo.com> Please ignore this one. After taking a break and coming back to it, I noticed that the user inadvertently blacklisted the IP of one of my mailservers, so anything coming from it to his domain would get blacklisted. Michael. ----- Original Message ---- From: Michael Mansour To: MailScanner discussion Sent: Thursday, 1 February, 2007 6:43:57 PM Subject: spam blacklisted Hi, I'm really baffled with this one. For the past day I have been seeing this in maillog sent to one particular domain: Jan 31 09:19:05 server MailScanner[21625]: Message l0UMK3pX001320 from xxx.xxx.xxx.xxx (example@example.com to example.com is spam (blacklisted) I've checked "example.com"'s blacklisting and the sender is not there. I have spent about an hour on the setup trying to track down where this is getting blacklisted, but no go. BTW, I have multiple MX mailservers which process mail and then deliver to another mail server which holds the user mailboxes. These messages pass through as "clean" on the MX mail server but when they reach the one that holds the user mailboxes it blacklists them (and as of a week ago all these mailscanner scanners are now identical in setup). I don't know where else to look. Does anyone have any suggestions? Thanks. Michael. Send instant messages to your online friends http://au.messenger.yahoo.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Send instant messages to your online friends http://au.messenger.yahoo.com From glenn.steen at gmail.com Thu Feb 1 11:10:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 1 10:14:00 2007 Subject: Performance In-Reply-To: <45C14692.2020704@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> Message-ID: <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> On 01/02/07, Peter Russell wrote: > > > Glenn Steen wrote: > > On 31/01/07, Peter Russell wrote: (snip even more) > >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > >> > Why is there no "companion" relay_recipient_maps? You should reject > >> > unknown recipients. > >> > > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> >> smtpd_helo_required = yes > >> > Here you should perhaps have a > >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > >> > hash:/etc/postfix/deny_domain_spoof > >> > Where the deny_domain_spoof is simply an access file detailing the > >> > domains and IP addresses you relay for like "katy.com REJECT". Will be > >> > perfectly safe to use. > >> > >> Glenn - should he have REJECT for domains he relays for? > > Yes. The thinking here is to REJECT anyone pretending to be either > > your domain (your MX) or any of the "internal/trusted" IP addresses, > > unless they really are... The permit_mynetworks take care of not > > rejecting things that shouldn't be rejected:). > > As said, perfectly safe;-). > > This one rejects a few every day. > > Sorry for the questions, but i am trying to stop some of the low scoring > spam i keep getting through - i am sure some tweaking will get it. Quite OK. > How do you check if these have blocked some spam? grep the maillog? Well more or less:-). It's the beauty of pflogsumm ... It'll summarize all rejections by at what stage and "reason"... like this (this is for yesterday): message reject detail --------------------- RCPT Helo command rejected: Access denied (total: 50) 3 83.173.153.170 (clients-865241583854se@nordea.se) 3 83.239.72.30 (wkihudxroacna@dirtydavid.every1.net) ... (The first one there is a Nordea Phish, or rather three... that I spend no more resources on;-) These "Access denied at helo" are the ones trying to pretend they are us. Similarily you'll get Helo command rejected: Invalid name (total: 9) Helo command rejected: need fully-qualified hostname (total: 374) Recipient address rejected: User unknown in relay recipient table (total: 233) Relay access denied (total: 41) Sender address rejected: Access denied (total: 35) ... All those 700-odd rejections on a total incoming of 3800. Most of teh above are pretty obviously from "reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient", and I also apply the deny_domain_spoof in the sender_restrictions, which accounts for those 35 rejections. To keep "on top of things" I've cron'd a couple of pflogsumm runs like this: 3 0 * * * /usr/local/bin/pflsum_yday 10 4 * * 0 /usr/local/bin/pflsum_week # cat /usr/local/bin/pflsum_yday #!/bin/bash # Postfix log summary analysis per yesterday /bin/cat /var/log/syslog | /usr/local/bin/pflogsumm -i -d yesterday --problems_first --rej_add_from --zero_fill > /var/www/html/pflogsumm/pflogsumm-$(date +%Y%m%d).txt 2>&1 # cat /usr/local/bin/pflsum_week #!/bin/bash # Postfix log summary analysis per last week /bin/zcat /var/log/syslog.1.gz | /usr/local/bin/pflogsumm -i --problems_first --rej_add_from --zero_fill > /var/www/html/pflogsumm/pflogsumm-week-$(date +%Y%m%d).txt 2>&1 # And I then have a small PHP script to present those on a webpage... For my disabled-by-windoze colleagues:-). > > > >> I am interested > >> in tweaking my postfix config myself. Any chance one fo the postfix > >> gurus like your self would post up your main.cf with some comments on > >> your anti spam settings? > > Will have to sanitise it a bit (don't want to spread any "secrets":-), > > but sure... It's really not that exciting reading... And sqeeze in a doctors > > appointment somewhere too):-). > > > > That's cool - just figured some already tested and explained MTA set ups > would stop some of the easier spam. Appreciate any help you can offer. > No rush :) :-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Thu Feb 1 11:56:29 2007 From: uxbod at splatnix.net (uxbod) Date: Thu Feb 1 11:00:21 2007 Subject: OT: Compile Error on Module Message-ID: <73decad418edbd44c482dcabd9ff1eed@62.49.223.244> Hi, I am currently trying to build a new server but hit problems with the module Convert-BinHex as I get the following error on make test :- [root@BRULNX02 Convert-BinHex-1.119]# make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/comp2bin....Can't locate package Exporter for @Checker::ISA at t/comp2bin.t line 3. Undefined subroutine &main::check called at t/comp2bin.t line 75. t/comp2bin....dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 1-9 Failed 9/9 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/comp2bin.t 255 65280 9 18 200.00% 1-9 Failed 1/1 test scripts, 0.00% okay. 9/9 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 Any ideas ? -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Thu Feb 1 12:20:20 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Feb 1 11:26:42 2007 Subject: Use of floating point on typical mailserver Message-ID: <45C1CCF4.1070100@nerc.ac.uk> I'm considering evaluating the "coolthreads" hardware from Sun, in particular the T2000. This utilises the first generation "Niagra" chips which can handle up to 32 threads per socket. The technology looks pretty good apart from the fact that they only have a single FPU per socket. My question is, how much FP does a typical mail server (sendmail/MS/MW etc) need? Is it even worth going through the evaluation procedure or should I wait until the Niagra2 chips arrive (May apparently) which will have one FPU per core? Anyone here using this hardware? GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solidstatelogic.com Thu Feb 1 12:41:24 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 1 11:45:26 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C1CCF4.1070100@nerc.ac.uk> Message-ID: <045ebd448d25a04980528e12f7467cad@solidstatelogic.com> Greg Got one here (4 core model) used for compiles etc...just added two new drives in, zero downtime...shiney. Incredibly noisy though (needs to be in a server room not near your desk! I'm sure there's an RB211 ) and if this is 'cool' threads I dunno what warm is like;-) Anyway a certain sys-admin at soton.ac.uk set one up as his email server on a big 8 core system...perhaps he can comment on his performance. A lot of this will be I/O based anyway so a BIG raid array/SAN with lots of spindles will win over lots of CPU anyday (unless you a lot of SSL connections going) BTW my new email server is a new Dell 2950 (Centos 4.4) with 6 x 73GB 10k SAS RAID 5 dfor mail store and hardly get a loadave reading 0.00 with 140 imap users...8 GB ram and 2 twin core 3.2 Xeons (I think can't remember exact CPUS). Going to do SIP and IM on it as well soon. A LOT cheaper than a T2000.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Greg Matthews > Sent: 01 February 2007 11:20 > To: MailScanner discussion > Subject: Use of floating point on typical mailserver > > I'm considering evaluating the "coolthreads" hardware from Sun, in > particular the T2000. This utilises the first generation "Niagra" chips > which can handle up to 32 threads per socket. > > The technology looks pretty good apart from the fact that they only have > a single FPU per socket. > > My question is, how much FP does a typical mail server (sendmail/MS/MW > etc) need? Is it even worth going through the evaluation procedure or > should I wait until the Niagra2 chips arrive (May apparently) which will > have one FPU per core? Anyone here using this hardware? > > GREG > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From gmatt at nerc.ac.uk Thu Feb 1 14:31:29 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Feb 1 13:35:04 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <045ebd448d25a04980528e12f7467cad@solidstatelogic.com> References: <045ebd448d25a04980528e12f7467cad@solidstatelogic.com> Message-ID: <45C1EBB1.2000907@nerc.ac.uk> Martin.Hepworth wrote: > > BTW my new email server is a new Dell 2950 (Centos 4.4) with 6 x 73GB > 10k SAS RAID 5 dfor mail store and hardly get a loadave reading 0.00 > with 140 imap users...8 GB ram and 2 twin core 3.2 Xeons (I think can't > remember exact CPUS). Going to do SIP and IM on it as well soon. A LOT > cheaper than a T2000.... maybe - we get the academic discounting of course. T2000s are likely to plummet once the new Niagra chips are shipping as well. Also, we deal with *lot* of email, currently split over 3 disparate machines. 32 concurrent threads sounded like good way to go with a mail relay but its going to be reeeal slow if it needs to do any amount of FP. I can also sell it to the money men on running cost! G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solidstatelogic.com Thu Feb 1 14:45:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 1 13:52:04 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C1EBB1.2000907@nerc.ac.uk> Message-ID: Gregg Thought the new N2's weren't due for another 12 months at least....could be wrong, usually am ! As regards functionality yeah the T2000/Solaris 10 is lovely...like I said I populated the spare disk slots and got the new filesystem RAID1 with zero downtime. Now combine this with your email sitting on ZFS and you're definitely onto a winner IHMO. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Greg Matthews > Sent: 01 February 2007 13:31 > To: MailScanner discussion > Subject: Re: Use of floating point on typical mailserver > > Martin.Hepworth wrote: > > > > BTW my new email server is a new Dell 2950 (Centos 4.4) with 6 x 73GB > > 10k SAS RAID 5 dfor mail store and hardly get a loadave reading 0.00 > > with 140 imap users...8 GB ram and 2 twin core 3.2 Xeons (I think can't > > remember exact CPUS). Going to do SIP and IM on it as well soon. A LOT > > cheaper than a T2000.... > > maybe - we get the academic discounting of course. T2000s are likely to > plummet once the new Niagra chips are shipping as well. Also, we deal > with *lot* of email, currently split over 3 disparate machines. 32 > concurrent threads sounded like good way to go with a mail relay but its > going to be reeeal slow if it needs to do any amount of FP. I can also > sell it to the money men on running cost! > > G > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Feb 1 16:38:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 15:43:21 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: <45C2098A.3070200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the latest stable version of MailScanner, 4.58.9. It is available for download directly from www.mailscanner.info as usual. The major changes for this release are: - -- Added a new configuration setting to control whether senders are notified about attachments are too big or too small. - -- When using the Custom Function plugin system, you can now calculate a ruleset from within your Custom Function. Very useful for large sites. - -- Improvements to the accuracy of the SpamAssassin cache results. - -- Startup scripts now make SpamAssassin run out of memory-based temporary files where possible, to improve speed. - -- Messages placed in multiple outgoing queues are now delivered immediately. - -- Fixed problems with a few users seeing extra "disarmed" or "fraud" tags appearing incorrectly. Best regards, Jules - -- Julian Field MEng CITP MBCS MIEEE MACM www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwgmfEfZZRxQVtlQRAgRgAKDeSs0GOzr7DQIL2gVlngZ9e8lM6ACeNCxN g6wOGvZWXVFPuz7fjLJ0mUA= =zNq1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Feb 1 16:46:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 15:55:12 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <45C14381.1000107@nkpanama.com> References: <20070131163457.B633.GERARD@seibercom.net> <45C14381.1000107@nkpanama.com> Message-ID: <45C20B66.8020309@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > > > Gerard Seibert wrote: >> I would be interested in why you make that statement regarding >> Postfix. I >> had used Sendmail for several years and found it confusing. Getting >> SASL, >> etc working on it can be a real chore. > SASL appears to work out-of-the-box on CentOS, at least for me. What > do you mean by " a real chore "? I only thing I know is wrong on RedHat is that /etc/sysconfig/saslauthd says MECH=shadow where MECH=pam is enormously more useful in a distributed environment. Other than that, it just works. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwgw/EfZZRxQVtlQRAmbdAKDY18fnvEPJ8dmSYLyLtxuKk87R8QCfdXan WHU68hILoTveDN0nmuZVY6Y= =d270 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Feb 1 16:49:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 15:55:16 2007 Subject: OT: Compile Error on Module In-Reply-To: <73decad418edbd44c482dcabd9ff1eed@62.49.223.244> References: <73decad418edbd44c482dcabd9ff1eed@62.49.223.244> Message-ID: <45C20C1A.7050404@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you're on a Linux box, make sure there are no mentions of utf in /etc/sysconfig/i18n. This can cause all sorts of odd errors with Makefiles. uxbod wrote: > Hi, > > I am currently trying to build a new server but hit problems with the module Convert-BinHex as I get the following error on make test :- > > [root@BRULNX02 Convert-BinHex-1.119]# make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/comp2bin....Can't locate package Exporter for @Checker::ISA at t/comp2bin.t line 3. > Undefined subroutine &main::check called at t/comp2bin.t line 75. > t/comp2bin....dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 1-9 > Failed 9/9 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > t/comp2bin.t 255 65280 9 18 200.00% 1-9 > Failed 1/1 test scripts, 0.00% okay. 9/9 subtests failed, 0.00% okay. > make: *** [test_dynamic] Error 2 > > Any ideas ? > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFFwgxEEfZZRxQVtlQRAqOhAKDcfWTn2wGtB5upEiL4woKcAYslDwCgmTei +GebnnfUCj6HwJszjkIe0j4= =yOp9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From wendiw at itasoftware.com Thu Feb 1 17:57:36 2007 From: wendiw at itasoftware.com (Wendi Whitsett) Date: Thu Feb 1 17:00:33 2007 Subject: Phishing whitelist entries not used by MS Message-ID: <45C21C00.6060202@itasoftware.com> I've got a MailScanner/Linux box here that seems to be failing the 'check for safe phishing sites' part of the scan. I clearly created two entries in my /etc/MailScanner/phishing.safe.sites.conf: www.domainone.com www.domaintwo.com Reloaded MS and sent through a message with an embedded A href tag. The message went through and got scanned positive for phishing fraud, even with my two domains listed in the safe sites. Anyone have any ideas why this is happening? Blurb from reload, you can see the phishing whitelist being loaded: Feb 1 09:37:30 mx1 MailScanner[7257]: MailScanner E-Mail Virus Scanner version 4.56.8 starting... Feb 1 09:37:30 mx1 MailScanner[7257]: Read 767 hostnames from the phishing whitelist Feb 1 09:37:30 mx1 MailScanner[7257]: Using SpamAssassin results cache Feb 1 09:37:30 mx1 MailScanner[7257]: Connected to SpamAssassin cache database Feb 1 09:37:30 mx1 MailScanner[7257]: Expired 6 records from the SpamAssassin cache Feb 1 09:37:30 mx1 MailScanner[7257]: Enabling SpamAssassin auto-whitelist functionality... Feb 1 09:37:35 mx1 MailScanner[7257]: Using locktype = flock Thanks for any help... -Wendi -- Wendi W. Sr Systems Engineer ITA Software wendiw@itasoftware.com 617.714.2193 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/747c36a9/smime.bin From ecasarero at gmail.com Thu Feb 1 20:17:01 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:20:27 2007 Subject: Need help, server running out of space!! Message-ID: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> hi MS gurus i need your help. I run Mscanner with spamassasing on a HPDL380, with 1 scsi disk. mscanner MailScanner-4.55.10, sendmail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/97a913fb/attachment.html From claude.gagne at multitech.qc.ca Thu Feb 1 20:28:32 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 19:30:28 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> Message-ID: <45C23F60.5010805@multitech.qc.ca> Empty the quarantine ? Eduardo Casarero a ?crit : > hi MS gurus i need your help. I run Mscanner with spamassasing on a > HPDL380, with 1 scsi disk. > > mscanner MailScanner-4.55.10, sendmail > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From ecasarero at gmail.com Thu Feb 1 20:28:16 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:31:44 2007 Subject: Out of disk space!!! Message-ID: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> hi MS gurus i need your help. I run Mscanner with spamassasing on a HPDL380, with 1 scsi disk. mscanner MailScanner-4.55.10, sendmail -8.13.7 SpamAssassin version 3.1.7running on Perl version 5.8.7 also use tmpfs for MS incomming directory. The problem is that im running out of disk space. Although the server saves 30Gb of quarantine there are a lot of space used that i lost without knowing what eat that. Filesystem Size Used Avail Use% Mounted on /dev/cciss/c0d0p3 57G 54G 3.0G 95% / /dev/cciss/c0d0p1 100M 39M 62M 39% /boot 1 problem i found was with the bayes database that for some reason did not delete the .expire but that was solved. What should i check? please any suggestion im also running out of ideas! thanks!!! Eduardo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/9e735246/attachment.html From claude.gagne at multitech.qc.ca Thu Feb 1 20:38:40 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 19:40:37 2007 Subject: Out of disk space!!! In-Reply-To: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> References: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> Message-ID: <45C241C0.10007@multitech.qc.ca> Do "du -h /your/quarantine/directory" and let me know the result. Eduardo Casarero a ?crit : > hi MS gurus i need your help. I run Mscanner with spamassasing on a > HPDL380, with 1 scsi disk. > > mscanner MailScanner-4.55.10, sendmail -8.13.7 SpamAssassin version > 3.1.7 running on Perl version 5.8.7 > also use tmpfs for MS incomming directory. > > The problem is that im running out of disk space. Although the server > saves 30Gb of quarantine there are a lot of space used that i lost > without knowing what eat that. > > Filesystem Size Used Avail Use% Mounted on > /dev/cciss/c0d0p3 57G 54G 3.0G 95% / > /dev/cciss/c0d0p1 100M 39M 62M 39% /boot > > 1 problem i found was with the bayes database that for some reason did > not delete the .expire but that was solved. > > What should i check? please any suggestion im also running out of ideas! > > thanks!!! > > Eduardo. > > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From ecasarero at gmail.com Thu Feb 1 20:48:23 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:51:50 2007 Subject: Out of disk space!!! In-Reply-To: <45C241C0.10007@multitech.qc.ca> References: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> <45C241C0.10007@multitech.qc.ca> Message-ID: <7d9b3cf20702011148p1bea77a0na81610ebc0a246a3@mail.gmail.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: logomulti.jpg Type: image/jpeg Size: 2807 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/6d26e2b8/logomulti.jpg From claude.gagne at multitech.qc.ca Thu Feb 1 20:53:08 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 19:55:10 2007 Subject: Out of disk space!!! In-Reply-To: <7d9b3cf20702011148p1bea77a0na81610ebc0a246a3@mail.gmail.com> References: <7d9b3cf20702011128s7d17c5c7ua5f4c59433a238d4@mail.gmail.com> <45C241C0.10007@multitech.qc.ca> <7d9b3cf20702011148p1bea77a0na81610ebc0a246a3@mail.gmail.com> Message-ID: <45C24524.60603@multitech.qc.ca> Try to clean a little ? :) Eduardo Casarero a ?crit : > > > 2007/2/1, Claude Gagn? >: > > Do "du -h /your/quarantine/directory" and let me know the result. > > > aprox 30Gb > > Eduardo Casarero a ?crit : >> hi MS gurus i need your help. I run Mscanner with spamassasing on >> a HPDL380, with 1 scsi disk. >> >> mscanner MailScanner-4.55.10, sendmail -8.13.7 SpamAssassin >> version 3.1.7 running on Perl version 5.8.7 >> also use tmpfs for MS incomming directory. >> >> The problem is that im running out of disk space. Although the >> server saves 30Gb of quarantine there are a lot of space used >> that i lost without knowing what eat that. >> >> Filesystem Size Used Avail Use% Mounted on >> /dev/cciss/c0d0p3 57G 54G 3.0G 95% / >> /dev/cciss/c0d0p1 100M 39M 62M 39% /boot >> >> 1 problem i found was with the bayes database that for some >> reason did not delete the .expire but that was solved. >> >> What should i check? please any suggestion im also running out of >> ideas! >> >> thanks!!! >> >> Eduardo. >> >> >> -- >> Ce message a ?t? v?rifi? par Multi Techniques >> pour des virus ou du contenu ? >> risque et rien de suspect n'a ?t? d?tect?. >> This message has been scanned for viruses and dangerous content >> by Multi Techniques , and is >> believed to be clean. > > -- > * Claude Gagn?* > / Technicien informatique/ > > claude.gagne@multitech.qc.ca > 226-A, chemin des Poirier > Montmagny (Qc) > G5V 3X8 > > T?l. : (418) 248-2247 > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > Rivi?re-du-Loup (Qc) > G5R 2P5 > > T?l. : (418) 867-3355 > T?l?c. : (418) 867-2775 > * > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > > > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From ecasarero at gmail.com Thu Feb 1 20:38:31 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Feb 1 19:57:15 2007 Subject: Need help, server running out of space!! In-Reply-To: <45C23F60.5010805@multitech.qc.ca> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> Message-ID: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: logomulti.jpg Type: image/jpeg Size: 2807 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070201/3bd746bf/logomulti.jpg From jaearick at colby.edu Thu Feb 1 21:03:10 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 1 20:06:40 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C1CCF4.1070100@nerc.ac.uk> References: <45C1CCF4.1070100@nerc.ac.uk> Message-ID: On Thu, 1 Feb 2007, Greg Matthews wrote: > Date: Thu, 01 Feb 2007 11:20:20 +0000 > From: Greg Matthews > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Use of floating point on typical mailserver > > I'm considering evaluating the "coolthreads" hardware from Sun, in particular > the T2000. This utilises the first generation "Niagra" chips which can handle > up to 32 threads per socket. > > The technology looks pretty good apart from the fact that they only have a > single FPU per socket. > > My question is, how much FP does a typical mail server (sendmail/MS/MW etc) > need? Is it even worth going through the evaluation procedure or should I > wait until the Niagra2 chips arrive (May apparently) which will have one FPU > per core? Anyone here using this hardware? We have two 8-core T2000s and three 8-core T1000s onsite. The three T1000s handle our webmail front end (horde/imp and associated apache stuff). One T2000 is a web server, and the second T2000 came online a couple of weeks ago to handle our IMAP service (dovecot 1.0rc18 currently). This box has an HP MSA50 disk array with fourteen 72GB disks in a mirrored/ striped ZFS disk pool for homedirs. All of these systems do a great job, and barely break a sweat doing it. While I can't speak to the FPU issue directly, I got a bit of advice from a Sun engineer on which chipset to buy for what use in Sun-land. If you want floating-point computation speed, buy x86 boxes (Sun V20's, etc) because the clock cycle of the x86 chips is so much faster. If the work is non floating-point, then buy Coolthreads servers if the ratio of threads to processes is > 4. How to find out? Run "prstat" and look at the bottom line. Take the ratio of processes to LWPs. If the ratio is less than four, then buy standard Sparc. Sparc chips have the advantage that they are RISC chips while x86 aren't. His advice, passed along. Jeff Earickson Colby College From claude.gagne at multitech.qc.ca Thu Feb 1 21:07:45 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Thu Feb 1 20:09:48 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Message-ID: <45C24891.3010701@multitech.qc.ca> du -h /var Eduardo Casarero a ?crit : > 2007/2/1, Claude Gagn? >: > > Empty the quarantine ? > > > i've already done that and now i have some air, but something is > eating space very quick and its not the quarantine. > > > Eduardo Casarero a ?crit : >> hi MS gurus i need your help. I run Mscanner with spamassasing on >> a HPDL380, with 1 scsi disk. >> >> mscanner MailScanner-4.55.10, sendmail >> >> -- >> Ce message a ?t? v?rifi? par Multi Techniques >> pour des virus ou du contenu ? >> risque et rien de suspect n'a ?t? d?tect?. >> This message has been scanned for viruses and dangerous content >> by Multi Techniques , and is >> believed to be clean. > > -- > * Claude Gagn?* > / Technicien informatique/ > > claude.gagne@multitech.qc.ca > 226-A, chemin des Poirier > Montmagny (Qc) > G5V 3X8 > > T?l. : (418) 248-2247 > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > Rivi?re-du-Loup (Qc) > G5R 2P5 > > T?l. : (418) 867-3355 > T?l?c. : (418) 867-2775 > * > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > > > > -- > Ce message a ?t? v?rifi? par Multi Techniques > pour des virus ou du contenu ? risque et > rien de suspect n'a ?t? d?tect?. > This message has been scanned for viruses and dangerous content by > Multi Techniques , and is believed to be > clean. -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From clacroix at cegep-ste-foy.qc.ca Thu Feb 1 21:09:25 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Thu Feb 1 20:11:18 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Message-ID: <200702011509.26215.clacroix@cegep-ste-foy.qc.ca> I would walk in my filesystem with something like this: cd / du -cks * | sort -rn | head -n 11 On Thursday 01 February 2007 14:38, Eduardo Casarero wrote: > 2007/2/1, Claude Gagn? : > > Empty the quarantine ? > > i've already done that and now i have some air, but something is eating > space very quick and its not the quarantine. > > Eduardo Casarero a ?crit : > > hi MS gurus i need your help. I run Mscanner with spamassasing on a > > HPDL380, with 1 scsi disk. > > > > mscanner MailScanner-4.55.10, sendmail > > > > -- > > Ce message a ?t? v?rifi? par Multi > > Techniquespour des virus ou du contenu ? > > risque et rien de suspect n'a ?t? d?tect?. This message has been scanned > > for viruses and dangerous content by Multi Techniques > > , and is believed to be clean. > > > > > > -- > > * Claude Gagn?* > > * Technicien informatique* > > > > claude.gagne@multitech.qc.ca 226-A, chemin des Poirier > > Montmagny (Qc) > > G5V 3X8 > > > > T?l. : (418) 248-2247 > > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > > Rivi?re-du-Loup (Qc) > > G5R 2P5 > > > > T?l. : (418) 867-3355 > > T?l?c. : (418) 867-2775 > > * > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! From micoots at yahoo.com Thu Feb 1 21:09:00 2007 From: micoots at yahoo.com (Michael Mansour) Date: Thu Feb 1 20:12:26 2007 Subject: Need help, server running out of space!! Message-ID: <190173.58045.qm@web33309.mail.mud.yahoo.com> Use "du -ks *|sort -n" on various parent directories and continue to drill down on the bigger directories, you will eventually find what is taking the space. Regards, Michael. ----- Original Message ---- From: Claude Gagn? To: MailScanner discussion Sent: Friday, 2 February, 2007 6:28:32 AM Subject: Re: Need help, server running out of space!! Empty the quarantine ? Eduardo Casarero a ?crit : hi MS gurus i need your help. I run Mscanner with spamassasing on a HPDL380, with 1 scsi disk. mscanner MailScanner-4.55.10, sendmail -- Ce message a ?t? v?rifi? par Multi Techniques pour des virus ou du contenu ? risque et rien de suspect n'a ?t? d?tect?. This message has been scanned for viruses and dangerous content by Multi Techniques, and is believed to be clean. -- Claude Gagn? Technicien informatique claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Send instant messages to your online friends http://au.messenger.yahoo.com -------------- next part -------------- Skipped content of type multipart/related From email at ace.net.au Thu Feb 1 22:16:16 2007 From: email at ace.net.au (Peter Nitschke) Date: Thu Feb 1 21:20:01 2007 Subject: Need help, server running out of space!! In-Reply-To: <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> Message-ID: <200702020746160185.28FFA111@smtp1.ace.net.au> Have you checked your logs? *********** REPLY SEPARATOR *********** On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: >2007/2/1, Claude Gagn? : >> >> Empty the quarantine ? >> > >i've already done that and now i have some air, but something is eating >space very quick and its not the quarantine. > > >Eduardo Casarero a ?crit : >> >> hi MS gurus i need your help. I run Mscanner with spamassasing on a >> HPDL380, with 1 scsi disk. >> >> mscanner MailScanner-4.55.10, sendmail >> >> -- >> Ce message a ?t? v?rifi? par Multi >Techniquespour des virus ou du contenu ? >risque et rien de suspect n'a ?t? d?tect?. >> This message has been scanned for viruses and dangerous content by Multi >> Techniques , and is believed to be clean. >> >> >> -- >> * Claude Gagn?* >> * Technicien informatique* >> >> claude.gagne@multitech.qc.ca 226-A, chemin des Poirier >> Montmagny (Qc) >> G5V 3X8 >> >> T?l. : (418) 248-2247 >> T?l?c. : (418) 248-2230 >> *8, rue du Domaine >> Rivi?re-du-Loup (Qc) >> G5R 2P5 >> >> T?l. : (418) 867-3355 >> T?l?c. : (418) 867-2775 >> * >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 1 22:41:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 1 21:46:24 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2098A.3070200@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: <45C25E72.4040602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? Julian Field wrote: > * PGP Signed: 02/01/07 at 15:39:11 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > -- When using the Custom Function plugin system, you can now calculate > a ruleset from within your Custom Function. Very useful for large sites. > -- Improvements to the accuracy of the SpamAssassin cache results. > -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > -- Messages placed in multiple outgoing queues are now delivered > immediately. > -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 QGoVAz6JCXa/wB5mY9i53jc= =tJ90 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From john at katy.com Thu Feb 1 22:50:26 2007 From: john at katy.com (John Schmerold) Date: Thu Feb 1 21:54:12 2007 Subject: Performance In-Reply-To: <45C07F76.5050409@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> Message-ID: <45C260A2.6040601@katy.com> MailScanner -changed is a great help. I promised to let the group know how things are going. Very well is the answer. Messages are getting processed in 4 to 10 seconds. The main problem I have now is responding to mal-formed HELO announcements. I am having to write a lot of "your critical emails aren't getting through because your correspondent's mail server is mis-configured. Of course, I'm keeping "check_helo_access hash:/etc/postfix/helo_access" in my back-pocket. When things quiet down, I'll deal with the scatterback issue. For now, I'm dumping them off the face of the earth by specifying a non-existant relay host. /etc/postfix/transport takes care of getting legitimate mail where it needs to go. Yes, I know this isn't optimal way of dealing with the problem. Kept Pyzor, since things are under control. It will be on my short list of things to eliminate if we get back to 2-6 hour queue times. Kept cbl.abuseat.org and zen.spamhaus.org due to Spamhaus TOS, and the fact that RBL checks do not seem to be the bottleneck. Added ws.surbl.org to list of RBLs Added combined.njabl.org to list of RBLs /dev/shm & /var/spool/MailScanner/incoming was a tmpfs dir. Added following to /etc/cron.hourly/check_MailScanner if [ -d /dev/shm ]; then TMPDIR=/dev/shm export TMPDIR fi Changes to MailScanner.conf: Max Children = 5 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Changes to main.cf smtpd_delay_reject=no smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access reject_invalid_hostname reject_unknown_hostname reject_non_fqdn_hostname reject_unauth_pipelining permit PolicyD was already giving me GreatPause, so I didn't add smtpd_client_restrictions as recommended For the record, my current configuration is as follows: [root@mx1 ~]# MailScanner -changed Table of Changed Values: Option Name Default Current Value =============================================================================== alwaysincludespamassassinreport no yes archivemail RULESET:Default= highscoringspamactions deliver header "X-Spam-Status: Yes" store highspamassassinscore 10 7 incomingqueuedir /var/spool/mqueue.in /var/spool/postfix/hold languagestrings /etc/MailScanner/reports/en/languages.conf logspam no yes logspeed no yes maxspamassassinsize 30000 20k mta sendmail postfix outgoingqueuedir /var/spool/mqueue /var/spool/postfix/incoming requiredspamassassinscore 6 4 restartevery 14400 7200 runasgroup 0 postfix runasuser 0 postfix signcleanmessages yes no spamactions deliver header "X-Spam-Status: Yes" deliver header "X-Spam-Status: Res" spamassassinsiterulesdir /etc/mail/spamassassin spamheader X-MailScanner-SpamCheck: X-Schmerold-MailScanner-SpamCheck: spamliststobespam 1 3 spamliststoreachhighscore 3 7 spamscoreheader X-MailScanner-SpamScore: X-Schmerold-MailScanner-SpamScore: virusscanners auto f-prot [root@mx1 ~]# [root@mx1 ~]# postconf -n canonical_maps = hash:/etc/postfix/canonical config_directory = /etc/postfix disable_vrfy_command = yes hash_queue_names = "" header_checks = regexp:/etc/postfix/header_checks masquerade_exceptions = root message_size_limit = 51200000 mydomain = schmerold.com myhostname = mx1.schmerold.com mynetworks = 127.0.0.0/8 65.16.251.208/29 relay_domains = katy.com katy.net katycomputer.com schmerold.com relayhost = [127.0.0.1]:8080 smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = no smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access reject_invalid_hostname reject_unknown_hostname reject_non_fqdn_hostname reject_unauth_pipelining permit smtpd_recipient_restrictions = check_helo_access hash:/etc/postfix/helo_access reject_invalid_hostname reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/whitelist check_policy_service inet:127.0.0.1:10031 reject_rbl_client combined.njabl.org reject_rbl_client cbl.abuseat.org reject_rbl_client ws.surbl.org reject_rbl_client zen.spamhaus.org permit smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual [root@mx1 ~]# Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Just a quick note of info: > > When asking users for settings like this, a very useful command is > MailScanner -changed > which will list all the configuration options that have been changed > from their supplied defaults. > You might want to do > MailScanner -changed | grep -v reports > to strip out all the report directories. From mkettler at evi-inc.com Thu Feb 1 22:52:11 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Feb 1 21:55:46 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: <45C2610B.80501@evi-inc.com> Julian Field wrote: > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > Apparently the script that detects these announcements, automatically downloads MailScanner to our test servers, tests it, and posts complaints about it to the list, is broken... You might want to look into fixing that part of the package J.. :) (sorry, couldn't resist) From jaearick at colby.edu Thu Feb 1 22:57:23 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 1 22:00:54 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: On Thu, 1 Feb 2007, Julian Field wrote: > Date: Thu, 01 Feb 2007 21:41:06 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? Yes, I noticed. Yes, I upgraded from 4.58.8. Yes, it is working great. I am a UNIX guy. Error (nonzero return code) = complaint. Success (zero return code) = silence. Hence my silence... Jeff Earickson Colby College From mrm at medicine.wisc.edu Thu Feb 1 22:57:36 2007 From: mrm at medicine.wisc.edu (Michael Masse) Date: Thu Feb 1 22:01:23 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2610B.80501@evi-inc.com> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> <45C2610B.80501@evi-inc.com> Message-ID: <45C20DEF.7FBE.00FC.3@medicine.wisc.edu> Julian Field wrote: > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > Have it installed on one server so far. So far so good! Mike From ssilva at sgvwater.com Thu Feb 1 23:03:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 1 22:07:28 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C20DEF.7FBE.00FC.3@medicine.wisc.edu> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> <45C2610B.80501@evi-inc.com> <45C20DEF.7FBE.00FC.3@medicine.wisc.edu> Message-ID: Michael Masse spake the following on 2/1/2007 1:57 PM: > Julian Field wrote: >> Has anyone noticed I produced a stable release this afternoon? >> Or is it just working okay? >> > > Have it installed on one server so far. > > So far so good! > > Mike > Beating a server into submission also! Got a little behind this morning, and not in a good way! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikea at mikea.ath.cx Thu Feb 1 23:06:46 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Feb 1 22:10:21 2007 Subject: Need help, server running out of space!! In-Reply-To: <200702020746160185.28FFA111@smtp1.ace.net.au>; from email@ace.net.au on Fri, Feb 02, 2007 at 07:46:16AM +1030 References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> <200702020746160185.28FFA111@smtp1.ace.net.au> Message-ID: <20070201160646.B61555@mikea.ath.cx> On Fri, Feb 02, 2007 at 07:46:16AM +1030, Peter Nitschke wrote: > Have you checked your logs? > > *********** REPLY SEPARATOR *********** > > On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: > > >2007/2/1, Claude Gagn? : > >> > >> Empty the quarantine ? > >> > > > >i've already done that and now i have some air, but something is eating > >space very quick and its not the quarantine. > > > > > >Eduardo Casarero a ?crit : > >> > >> hi MS gurus i need your help. I run Mscanner with spamassasing on a > >> HPDL380, with 1 scsi disk. > >> > >> mscanner MailScanner-4.55.10, sendmail I have seen some circumstances in which a large file, while consuming disk space, didn't show up in `ls -l` or in `du` while the process was running that was writing to the file. You may have to stop MailScanner and other tools to have a chance of seeing where the big file is. In the worst case, you'll have to boot to single-user mode, mount the disks in your fstab, and then examine them. Good luck! -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From ssilva at sgvwater.com Thu Feb 1 23:20:26 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 1 22:24:16 2007 Subject: Performance In-Reply-To: <45C260A2.6040601@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> Message-ID: John Schmerold spake the following on 2/1/2007 1:50 PM: > MailScanner -changed is a great help. > > I promised to let the group know how things are going. Very well is the > answer. Messages are getting processed in 4 to 10 seconds. > > The main problem I have now is responding to mal-formed HELO > announcements. I am having to write a lot of "your critical emails > aren't getting through because your correspondent's mail server is > mis-configured. Of course, I'm keeping "check_helo_access > hash:/etc/postfix/helo_access" in my back-pocket. > > When things quiet down, I'll deal with the scatterback issue. For now, > I'm dumping them off the face of the earth by specifying a non-existant > relay host. /etc/postfix/transport takes care of getting legitimate mail > where it needs to go. Yes, I know this isn't optimal way of dealing with > the problem. > > Kept Pyzor, since things are under control. It will be on my short list > of things to eliminate if we get back to 2-6 hour queue times. > Kept cbl.abuseat.org and zen.spamhaus.org due to Spamhaus TOS, and the > fact that RBL checks do not seem to be the bottleneck. > Added ws.surbl.org to list of RBLs > Added combined.njabl.org to list of RBLs > > /dev/shm & /var/spool/MailScanner/incoming was a tmpfs dir. Added > following to /etc/cron.hourly/check_MailScanner > if [ -d /dev/shm ]; then > TMPDIR=/dev/shm > export TMPDIR > fi > > Changes to MailScanner.conf: > Max Children = 5 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Changes to main.cf > smtpd_delay_reject=no > > smtpd_helo_restrictions = permit_mynetworks, > check_helo_access hash:/etc/postfix/helo_access > reject_invalid_hostname > reject_unknown_hostname > reject_non_fqdn_hostname > reject_unauth_pipelining > permit > > PolicyD was already giving me GreatPause, so I didn't add > smtpd_client_restrictions as recommended > > For the record, my current configuration is as follows: > [root@mx1 ~]# MailScanner -changed > Table of Changed Values: > > Option Name Default Current Value > =============================================================================== > > alwaysincludespamassassinreport no yes > archivemail RULESET:Default= > highscoringspamactions deliver header "X-Spam-Status: Yes" > store > highspamassassinscore 10 7 > incomingqueuedir /var/spool/mqueue.in > /var/spool/postfix/hold > languagestrings /etc/MailScanner/reports/en/languages.conf > logspam no yes > logspeed no yes > maxspamassassinsize 30000 20k This setting has gone in and out of errors. The k sometimes gives an error--keep an eye out or just change to 20000. Julian has probably fixed this, but I don't remember it in the changelog. > mta sendmail postfix > outgoingqueuedir /var/spool/mqueue > /var/spool/postfix/incoming > requiredspamassassinscore 6 4 > restartevery 14400 7200 > runasgroup 0 postfix > runasuser 0 postfix > signcleanmessages yes no > spamactions deliver header "X-Spam-Status: Yes" > deliver header "X-Spam-Status: Res" > spamassassinsiterulesdir /etc/mail/spamassassin > spamheader X-MailScanner-SpamCheck: > X-Schmerold-MailScanner-SpamCheck: > spamliststobespam 1 3 > spamliststoreachhighscore 3 7 > spamscoreheader X-MailScanner-SpamScore: > X-Schmerold-MailScanner-SpamScore: > virusscanners auto f-prot Clamav doesn't add much overhead, since the scanners run on batches of mail. But clam catches a lot of phishing spams. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ajos1 at onion.demon.co.uk Thu Feb 1 22:47:47 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Feb 1 22:51:16 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: - I am trying it now... so will report back... Just a quick one... the mailscanner website still says: "Version 4.56 10th October 2006" -- On another thing... ======================================================== I have a had long long term problem with dependencies... so tonight I thought I would see if I could get away with not using the --nodeps [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch ======================================================== Despite being on Version 5.420 of MIME-Tools : [root@www mailscanner]# perl ../perl_ext/modtest.pl MIME::Tools 5.412 Module: MIME::Tools - 5.420 (0) [Tested for 5.412] ###CHECK### ======================================================== I thought I would try: [root@www mailscanner]# rpm -ivh perl-MIME-tools-5.420-1.src.rpm 1:perl-MIME-tools ########################################### [100%] [root@www mailscanner]# rpm -Uvh perl-MIME-tools-5.420-1.src.rpm 1:perl-MIME-tools ########################################### [100%] ======================================================== And I still get... [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch ======================================================== -----Original Message----- From: MailScanner discussion References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: <45C27083.2090209@haigmail.com> It is working just fine here My download script does not work anymore but I manually downloaded it Thanks Julian Lance From ajos1 at onion.demon.co.uk Thu Feb 1 23:17:35 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Feb 1 23:21:05 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: - Okay the rpm was a source RPM... so hence why it not install in the usual way... Anys I have decided to try the install.sh method for the first time ever... For modules it wants to install... it says: Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.108-1.noarch.rpm. Maybe it did not build correctly? etc... -----Original Message----- From: ajos1@onion.demon.co.uk Subj: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released Date: Thu, 01 Feb 2007 22:47:47 (GMT/BST) I have a had long long term problem with dependencies... so tonight I thought I would see if I could get away with not using the --nodeps [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch From res at ausics.net Fri Feb 2 00:18:42 2007 From: res at ausics.net (Res) Date: Thu Feb 1 23:22:16 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: On Thu, 1 Feb 2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? Of course it just works :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From ssilva at sgvwater.com Fri Feb 2 00:21:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 1 23:27:06 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: References: Message-ID: ajos1@onion.demon.co.uk spake the following on 2/1/2007 2:47 PM: > - > > I am trying it now... so will report back... > > Just a quick one... the mailscanner website still says: > > "Version 4.56 10th October 2006" > > -- > > On another thing... > ======================================================== > I have a had long long term problem with dependencies... so tonight I thought I would see if I could get away with not using the --nodeps > > [root@www mailscanner]# rpm -Uvh mailscanner-4.58.9-1.noarch.rpm > error: Failed dependencies: > perl-MIME-tools >= 5.412 is needed by mailscanner-4.58.9-1.noarch > > ======================================================== > > Despite being on Version 5.420 of MIME-Tools : > > [root@www mailscanner]# perl ../perl_ext/modtest.pl MIME::Tools 5.412 > Module: MIME::Tools - 5.420 (0) [Tested for 5.412] ###CHECK### > > ======================================================== > > I thought I would try: > > [root@www mailscanner]# rpm -ivh perl-MIME-tools-5.420-1.src.rpm > 1:perl-MIME-tools ########################################### [100%] > > [root@www mailscanner]# rpm -Uvh perl-MIME-tools-5.420-1.src.rpm > 1:perl-MIME-tools ########################################### [100%] Those commands will only install the source. You would need to rpmbuild --rebuild perl-MIME-tools-5.420-1.src.rpm, and install the resulting binary. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From pete at enitech.com.au Fri Feb 2 00:23:35 2007 From: pete at enitech.com.au (Peter Russell) Date: Thu Feb 1 23:27:09 2007 Subject: Performance In-Reply-To: <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> Message-ID: <45C27677.5070108@enitech.com.au> Glenn Steen wrote: > On 01/02/07, Peter Russell wrote: >> >> >> Glenn Steen wrote: >> > On 31/01/07, Peter Russell wrote: > (snip even more) >> >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com >> >> > Why is there no "companion" relay_recipient_maps? You should reject >> >> > unknown recipients. >> >> > >> >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> >> >> smtpd_helo_required = yes >> >> > Here you should perhaps have a >> >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> >> > hash:/etc/postfix/deny_domain_spoof >> >> > Where the deny_domain_spoof is simply an access file detailing the >> >> > domains and IP addresses you relay for like "katy.com REJECT". >> Will be >> >> > perfectly safe to use. >> >> >> >> Glenn - should he have REJECT for domains he relays for? >> > Yes. The thinking here is to REJECT anyone pretending to be either >> > your domain (your MX) or any of the "internal/trusted" IP addresses, >> > unless they really are... The permit_mynetworks take care of not >> > rejecting things that shouldn't be rejected:). >> > As said, perfectly safe;-). >> > This one rejects a few every day. Thanks Glenn, i implemented the changes you suggested and now i get legitimate hosts being blocked. postfix/smtpd[10874]: warning: 203.35.216.230: hostname gateway.davidjones.com.au verification failed: Name or service not known I will leave off making any more MTA changes until one of the clever cloggs can post up some tips... Thanks Pete From leiw324 at yahoo.com.hk Fri Feb 2 00:43:44 2007 From: leiw324 at yahoo.com.hk (Wilson Kwok) Date: Thu Feb 1 23:47:10 2007 Subject: HOWTO uninstall MailScanner Message-ID: <20070201234344.61928.qmail@web54405.mail.yahoo.com> FC4, MailScanner, MailScanner-4.53.8-1.rpm.tar.gz, clamav-0.88.4.tar.gz, spamassassin-3.0.6-1.fc4 Please help ! Thanks ! _______________________________________ YM - Â÷½u°T®§ ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C http://messenger.yahoo.com.hk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/66b85aea/attachment.html From prandal at herefordshire.gov.uk Fri Feb 2 01:07:06 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 2 00:10:46 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176822F@isabella.herefordshire.gov.uk> It's working fine thanks Julian. One thing I noticed was that clamav (module) had left some junk in /dev/shm after I'd done a "service MailScanner restart". I suspect clamavmodule's temp files are not cleaned out on shutdown of MailScanner. That doesn't matter so much when they are in /tmp, but it makes me a bit nervous to see growing amounts of junk in /dev/shm. I can live with it, though :-) Having clamavmodule's temp files in /dev/shm seems to speed things up a bit, so that hack is a definite plus. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 01, 2007 9:41 PM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? Julian Field wrote: > * PGP Signed: 02/01/07 at 15:39:11 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > -- When using the Custom Function plugin system, you can now calculate > a ruleset from within your Custom Function. Very useful for large sites. > -- Improvements to the accuracy of the SpamAssassin cache results. > -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > -- Messages placed in multiple outgoing queues are now delivered > immediately. > -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 QGoVAz6JCXa/wB5mY9i53jc= =tJ90 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Fri Feb 2 01:38:41 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 00:42:20 2007 Subject: HOWTO uninstall MailScanner In-Reply-To: <20070201234344.61928.qmail@web54405.mail.yahoo.com> References: <20070201234344.61928.qmail@web54405.mail.yahoo.com> Message-ID: Wilson Kwok spake the following on 2/1/2007 3:43 PM: > FC4, MailScanner, MailScanner-4.53.8-1.rpm.tar.gz, clamav-0.88.4.tar.gz, > > spamassassin-3.0.6-1.fc4 > > Please help ! > > Thanks ! rpm -e mailscanner -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Fri Feb 2 01:50:30 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Feb 2 00:54:06 2007 Subject: HOWTO uninstall MailScanner In-Reply-To: References: <20070201234344.61928.qmail@web54405.mail.yahoo.com> Message-ID: <45C28AD6.4030802@evi-inc.com> Scott Silva wrote: > Wilson Kwok spake the following on 2/1/2007 3:43 PM: >> FC4, MailScanner, MailScanner-4.53.8-1.rpm.tar.gz, clamav-0.88.4.tar.gz, >> >> spamassassin-3.0.6-1.fc4 >> >> Please help ! >> >> Thanks ! > rpm -e mailscanner > Side note: you'll also have to deal with getting your MTA started back up using the pre-mailscanner service, assuming you still want to run an MTA on the box. ie, assuming sendmail: service MailScanner stop rpm -e MailScanner service sendmail start chkconfig sendmail on From ka at pacific.net Fri Feb 2 01:58:59 2007 From: ka at pacific.net (Ken A) Date: Fri Feb 2 00:58:49 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: <45C28CD3.2070807@pacific.net> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > Yes! Working great as usual. Thanks, Ken A. Pacific.Net From glenn.steen at gmail.com Fri Feb 2 02:14:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 01:17:32 2007 Subject: Performance In-Reply-To: <45C27677.5070108@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> Message-ID: <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> On 02/02/07, Peter Russell wrote: > > > Glenn Steen wrote: > > On 01/02/07, Peter Russell wrote: > >> > >> > >> Glenn Steen wrote: > >> > On 31/01/07, Peter Russell wrote: > > (snip even more) > >> >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > >> >> > Why is there no "companion" relay_recipient_maps? You should reject > >> >> > unknown recipients. > >> >> > > >> >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> >> >> smtpd_helo_required = yes > >> >> > Here you should perhaps have a > >> >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > >> >> > hash:/etc/postfix/deny_domain_spoof > >> >> > Where the deny_domain_spoof is simply an access file detailing the > >> >> > domains and IP addresses you relay for like "katy.com REJECT". > >> Will be > >> >> > perfectly safe to use. > >> >> > >> >> Glenn - should he have REJECT for domains he relays for? > >> > Yes. The thinking here is to REJECT anyone pretending to be either > >> > your domain (your MX) or any of the "internal/trusted" IP addresses, > >> > unless they really are... The permit_mynetworks take care of not > >> > rejecting things that shouldn't be rejected:). > >> > As said, perfectly safe;-). > >> > This one rejects a few every day. > > Thanks Glenn, i implemented the changes you suggested and now i get > legitimate hosts being blocked. Um and you'er thanking me for this?-):-)... If the hosts being blocked should be in your mynetworks, but aren't, that would indeed reject messages from those machines. But other than that.... Nah, show me some logs:-). > postfix/smtpd[10874]: warning: 203.35.216.230: hostname > gateway.davidjones.com.au verification failed: Name or service not known This isn't a reject, merely a verification warning. You shouldn't be losing any mails by this. As you can gather, I'm not quite convinced you are missing out on anything relevant/having a real problem here. In this particular case, you can check it yourself... the reverse lookup leads to gateway.davidjones.com.au, and the forward lookup for that leads... nowhere. And that is all that log entry is about. If it bothers you and they are a business contact, go ahead and tell them to fix that leftover PTR (which is likely what it might be:). Look for the NOQUEUE lines in the log. Do these coreespond with any reported (by people:-) errors? > I will leave off making any more MTA changes until one of the clever > cloggs can post up some tips... Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? And a clever clogg is then an intelligent footwear? Sort of an AI for pedestrian appliances?:-) > Thanks > Pete -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From FStein at thehill.org Fri Feb 2 02:35:13 2007 From: FStein at thehill.org (Stein, Mr. Fred) Date: Fri Feb 2 01:39:19 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 01, 2007 4:41 PM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? Julian Field wrote: > * PGP Signed: 02/01/07 at 15:39:11 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > -- When using the Custom Function plugin system, you can now calculate > a ruleset from within your Custom Function. Very useful for large sites. > -- Improvements to the accuracy of the SpamAssassin cache results. > -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > -- Messages placed in multiple outgoing queues are now delivered > immediately. > -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 QGoVAz6JCXa/wB5mY9i53jc= =tJ90 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Works fine here. Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA 19464 fstein@thehill.org www.thehill.org From pete at pwdk.com Fri Feb 2 02:37:48 2007 From: pete at pwdk.com (pete@pwdk.com) Date: Fri Feb 2 01:41:23 2007 Subject: MailScanner - Run from PHP script Message-ID: <45C295EC.3030909@pwdk.com> Hi all, I was wondering if it was possible to run mailscanner from a PHP script? So it can be used to check the contents of a string or file, and score it the same as it would score an email. Thanks Pete From pete at enitech.com.au Fri Feb 2 02:40:39 2007 From: pete at enitech.com.au (Peter Russell) Date: Fri Feb 2 01:44:12 2007 Subject: Performance In-Reply-To: <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> Message-ID: <45C29697.4070209@enitech.com.au> Glenn Steen wrote: > On 02/02/07, Peter Russell wrote: >> >> >> Glenn Steen wrote: >> > On 01/02/07, Peter Russell wrote: >> >> >> >> >> >> Glenn Steen wrote: >> >> > On 31/01/07, Peter Russell wrote: >> > (snip even more) >> >> >> >> relay_domains = katy.com katy.net katycomputer.com >> schmerold.com >> >> >> > Why is there no "companion" relay_recipient_maps? You should >> reject >> >> >> > unknown recipients. >> >> >> > >> >> >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> >> >> >> smtpd_helo_required = yes >> >> >> > Here you should perhaps have a >> >> >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> >> >> > hash:/etc/postfix/deny_domain_spoof >> >> >> > Where the deny_domain_spoof is simply an access file detailing >> the >> >> >> > domains and IP addresses you relay for like "katy.com REJECT". >> >> Will be >> >> >> > perfectly safe to use. >> >> >> >> >> >> Glenn - should he have REJECT for domains he relays for? >> >> > Yes. The thinking here is to REJECT anyone pretending to be either >> >> > your domain (your MX) or any of the "internal/trusted" IP addresses, >> >> > unless they really are... The permit_mynetworks take care of not >> >> > rejecting things that shouldn't be rejected:). >> >> > As said, perfectly safe;-). >> >> > This one rejects a few every day. >> >> Thanks Glenn, i implemented the changes you suggested and now i get >> legitimate hosts being blocked. > Um and you'er thanking me for this?-):-)... If the hosts being blocked > should be in your mynetworks, but aren't, that would indeed reject > messages from those machines. But other than that.... Nah, show me > some logs:-). > >> postfix/smtpd[10874]: warning: 203.35.216.230: hostname >> gateway.davidjones.com.au verification failed: Name or service not known > This isn't a reject, merely a verification warning. You shouldn't be > losing any mails by this. > As you can gather, I'm not quite convinced you are missing out on > anything relevant/having a real problem here. In this particular > case, you can check it yourself... the reverse lookup leads to > gateway.davidjones.com.au, and the forward lookup for that leads... > nowhere. And that is all that log entry is about. If it bothers you > and they are a business contact, go ahead and tell them to fix that > leftover PTR (which is likely what it might be:). > Look for the NOQUEUE lines in the log. Do these coreespond with any > reported (by people:-) errors? > As you say, after i posted it i did some further research and found it was just a warning - thanks for the explanation. >> I will leave off making any more MTA changes until one of the clever >> cloggs can post up some tips... > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > And a clever clogg is then an intelligent footwear? Sort of an AI for > pedestrian appliances?:-) Well i didnt wanna say geeks - but there you go you have forced me. :) > >> Thanks >> Pete > I made some changes to my main.cf and then telnet in to my server from another network, i can get through helo, MAIL FROM with false info - no warnings, errors or disconnects. Any idea where i am going wrong? (i have exclude all my pre existing transport map, relay domains type config) Appreciate any tips or suggestions. Pete smtpd_client_restrictions = hash:/etc/postfix/access permit_mynetworks sleep 4 reject_unauth_pipelining permit smtpd_helo_required = yes smptd_helo_restrictions = sleep 1 permit_mynetworks check_helo_access hash:/etc/postfix/deny_domain_spoof reject_unauth_pipelining permit smtpd_recipient_restrictions = hash:/etc/postfix/access reject_invalid_hostname reject_non_fqdn_hostname permit_auth_destination reject_unauth_destination reject_non_fqdn_sender permit relay_recipient_maps = hash:/etc/postfix/Recipients-AD, hash:/etc/postfix/Recipients-AL, regexp:/etc/postfix/Recipients-Manual, From glenn.steen at gmail.com Fri Feb 2 02:59:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 02:02:37 2007 Subject: Performance In-Reply-To: <45C29697.4070209@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> Message-ID: <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> On 02/02/07, Peter Russell wrote: > > (snip) > As you say, after i posted it i did some further research and found it > was just a warning - thanks for the explanation. :-) > >> I will leave off making any more MTA changes until one of the clever > >> cloggs can post up some tips... > > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > > And a clever clogg is then an intelligent footwear? Sort of an AI for > > pedestrian appliances?:-) > > Well i didnt wanna say geeks - but there you go you have forced me. :) Why thank you... Such high praise...:-):-). > > I made some changes to my main.cf and then telnet in to my server from > another network, i can get through helo, MAIL FROM with false info - no > warnings, errors or disconnects. Any idea where i am going wrong? (i > have exclude all my pre existing transport map, relay domains type > config) Appreciate any tips or suggestions. > Pete To my tired eyes (it's almost 02.00 here) it looks ok, so it would depend on the content of the file I guess... You did remember to postmap it (and reload postfix after the changes to main.cf)? With a little luck (all the luck I didn't have today... SSL-X logged itself to death (audit f a failed message just kept repeating) and was ornery about the license file while updating on new HW, Oracle was just as Oracle can be, the doctor kept me waiting (well, nothing new there:-) and pesky users kept interrupting about me helping them with their *private* WLAN/DSL installs (as if I was going home to them and doing their LAN... Well, perhaps if sufficient amounts of finer booze was at the end of it:), so that I never got any time to install the latest and greatest MS... Grrr.) I'll have time to look at it again in the morning (today). Tired but kind regards -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Fri Feb 2 03:06:42 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 2 02:10:46 2007 Subject: OT: building new server, need MTA advice In-Reply-To: <45C20B66.8020309@ecs.soton.ac.uk> References: <20070131163457.B633.GERARD@seibercom.net> <45C14381.1000107@nkpanama.com> <45C20B66.8020309@ecs.soton.ac.uk> Message-ID: <45C29CB2.6070405@nkpanama.com> Julian Field wrote: > I only thing I know is wrong on RedHat is that /etc/sysconfig/saslauthd says > MECH=shadow > where > MECH=pam > is enormously more useful in a distributed environment. > Other than that, it just works. My thoughts exactly. I wonder if the original poster meant "it's a pain to set it up so that it works with (insert something else here) instead of the default configs..." From john at katy.com Fri Feb 2 03:10:24 2007 From: john at katy.com (John Schmerold) Date: Fri Feb 2 02:13:59 2007 Subject: Performance In-Reply-To: <45C260A2.6040601@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> Message-ID: <45C29D90.8080901@katy.com> This list becomes an important archive of useful information, so I want to let everyone know we ended up eliminating the smtpd_helo_restrictions section. Too many mail servers are mis-configured. Besides, the RFC, states that the recipient server will accept the message regardless of whether or not the HELO statement is proper. John Schmerold John Schmerold wrote: > MailScanner -changed is a great help. > > I promised to let the group know how things are going. Very well is the > answer. Messages are getting processed in 4 to 10 seconds. > > The main problem I have now is responding to mal-formed HELO > announcements. I am having to write a lot of "your critical emails > aren't getting through because your correspondent's mail server is > mis-configured. Of course, I'm keeping "check_helo_access > hash:/etc/postfix/helo_access" in my back-pocket. > > When things quiet down, I'll deal with the scatterback issue. For now, > I'm dumping them off the face of the earth by specifying a non-existant > relay host. /etc/postfix/transport takes care of getting legitimate mail > where it needs to go. Yes, I know this isn't optimal way of dealing with > the problem. > > Kept Pyzor, since things are under control. It will be on my short list > of things to eliminate if we get back to 2-6 hour queue times. > Kept cbl.abuseat.org and zen.spamhaus.org due to Spamhaus TOS, and the > fact that RBL checks do not seem to be the bottleneck. > Added ws.surbl.org to list of RBLs > Added combined.njabl.org to list of RBLs > > /dev/shm & /var/spool/MailScanner/incoming was a tmpfs dir. Added > following to /etc/cron.hourly/check_MailScanner > if [ -d /dev/shm ]; then > TMPDIR=/dev/shm > export TMPDIR > fi > > Changes to MailScanner.conf: > Max Children = 5 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Changes to main.cf > smtpd_delay_reject=no > > smtpd_helo_restrictions = permit_mynetworks, > check_helo_access hash:/etc/postfix/helo_access > reject_invalid_hostname > reject_unknown_hostname > reject_non_fqdn_hostname > reject_unauth_pipelining > permit > > PolicyD was already giving me GreatPause, so I didn't add > smtpd_client_restrictions as recommended > > For the record, my current configuration is as follows: > [root@mx1 ~]# MailScanner -changed > Table of Changed Values: > > Option Name Default Current Value > =============================================================================== > > alwaysincludespamassassinreport no yes > archivemail RULESET:Default= > highscoringspamactions deliver header "X-Spam-Status: Yes" > store > highspamassassinscore 10 7 > incomingqueuedir /var/spool/mqueue.in > /var/spool/postfix/hold > languagestrings /etc/MailScanner/reports/en/languages.conf > logspam no yes > logspeed no yes > maxspamassassinsize 30000 20k > mta sendmail postfix > outgoingqueuedir /var/spool/mqueue > /var/spool/postfix/incoming > requiredspamassassinscore 6 4 > restartevery 14400 7200 > runasgroup 0 postfix > runasuser 0 postfix > signcleanmessages yes no > spamactions deliver header "X-Spam-Status: Yes" > deliver header "X-Spam-Status: Res" > spamassassinsiterulesdir /etc/mail/spamassassin > spamheader X-MailScanner-SpamCheck: > X-Schmerold-MailScanner-SpamCheck: > spamliststobespam 1 3 > spamliststoreachhighscore 3 7 > spamscoreheader X-MailScanner-SpamScore: > X-Schmerold-MailScanner-SpamScore: > virusscanners auto f-prot > [root@mx1 ~]# > > [root@mx1 ~]# postconf -n > canonical_maps = hash:/etc/postfix/canonical > config_directory = /etc/postfix > disable_vrfy_command = yes > hash_queue_names = "" > header_checks = regexp:/etc/postfix/header_checks > masquerade_exceptions = root > message_size_limit = 51200000 > mydomain = schmerold.com > myhostname = mx1.schmerold.com > mynetworks = 127.0.0.0/8 65.16.251.208/29 > relay_domains = katy.com katy.net katycomputer.com schmerold.com > relayhost = [127.0.0.1]:8080 > smtpd_data_restrictions = reject_unauth_pipelining, permit > smtpd_delay_reject = no > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > hash:/etc/postfix/helo_access reject_invalid_hostname > reject_unknown_hostname reject_non_fqdn_hostname > reject_unauth_pipelining permit > smtpd_recipient_restrictions = check_helo_access > hash:/etc/postfix/helo_access reject_invalid_hostname > reject_non_fqdn_hostname reject_non_fqdn_sender > reject_non_fqdn_recipient reject_unknown_sender_domain > permit_mynetworks reject_unauth_destination check_sender_access > hash:/etc/postfix/whitelist check_policy_service inet:127.0.0.1:10031 > reject_rbl_client combined.njabl.org reject_rbl_client cbl.abuseat.org > reject_rbl_client ws.surbl.org reject_rbl_client zen.spamhaus.org permit > smtpd_sender_restrictions = hash:/etc/postfix/access > transport_maps = hash:/etc/postfix/transport > virtual_alias_domains = hash:/etc/postfix/virtual > virtual_alias_maps = hash:/etc/postfix/virtual > [root@mx1 ~]# > > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Just a quick note of info: >> >> When asking users for settings like this, a very useful command is >> MailScanner -changed >> which will list all the configuration options that have been changed >> from their supplied defaults. >> You might want to do >> MailScanner -changed | grep -v reports >> to strip out all the report directories. From alex at nkpanama.com Fri Feb 2 03:18:48 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 2 02:22:56 2007 Subject: MailScanner - Run from PHP script In-Reply-To: <45C295EC.3030909@pwdk.com> References: <45C295EC.3030909@pwdk.com> Message-ID: <45C29F88.1050607@nkpanama.com> MailScanner doesn't score... SpamAssassin does. You may want to use exec with spamassassin to see how it goes. pete@pwdk.com wrote: > Hi all, > > I was wondering if it was possible to run mailscanner from a PHP script? > > So it can be used to check the contents of a string or file, and score > it the same as it would score an email. > > > Thanks > Pete From john at katy.com Fri Feb 2 04:35:52 2007 From: john at katy.com (John Schmerold) Date: Fri Feb 2 03:39:23 2007 Subject: Performance In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> Message-ID: <45C2B198.6060806@katy.com> I set Children & Messages per scan low after viewing: http://tinyurl.com/ypqot7 We've gone back to higher values now. John Schmerold Randal, Phil wrote: > Max Children = 2 > Max Unscanned Messages Per Scan = 10 > Max Unsafe Messages Per Scan = 10 > > These seem a bit on the low side to me. > > The defaults are: > > Max Children = 5 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > Any reason why you so drastically changed them downwards? > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of John Schmerold >> Sent: 31 January 2007 06:13 >> To: mailscanner@lists.mailscanner.info >> Subject: Performance >> >> We're seeing significant backlogs, mail is taking 2-6 hours >> to get thru >> the Postfix/Mailscanner gauntlet we've setup. What's everyone else >> seeing in terms of mail processing time? >> >> I've looked at the home page & WIKI, so, I'm guessing I am missing >> something or there are new techniques not yet published on the >> mailscanner.info >> >> Some of my statistics are as follows: >> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD >> Mail volume: approx 7,500 messages per day >> Misc: We have set the noatime flag on spool and log >> partitions & use a >> local DNS caching nameserver. >> >> MS Configuration: >> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf >> # See http://www.mailscanner.info/MailScanner.conf.index.html for all >> options & defaults >> %etc-dir% = /etc/MailScanner >> %mcp-dir% = /etc/MailScanner/mcp >> %org-long-name% = Schmerold >> %org-name% = Schmerold >> %report-dir% = /etc/MailScanner/reports/en >> %rules-dir% = /etc/MailScanner/rules >> %web-site% = www.schmerold.com >> >> Always Include SpamAssassin Report = yes >> Archive Mail = /etc/MailScanner/rules/archive.rules >> High Scoring Spam Actions = store >> High SpamAssassin Score = 7 >> Incoming Queue Dir = /var/spool/postfix/hold >> Incoming Work Dir = /var/spool/MailScanner/incoming >> Language Strings = /etc/MailScanner/reports/en/languages.conf >> MTA = postfix >> Outgoing Queue Dir = /var/spool/postfix/incoming >> Required SpamAssassin Score = 4 >> Restart Every = 7200 >> Run As Group = postfix >> Run As User = postfix >> Sign Clean Messages = no >> SpamAssassin Site Rules Dir = /etc/mail/spamassassin >> >> Log Speed = yes >> Max Children = 2 >> Max Unscanned Messages Per Scan = 10 >> Max Unsafe Messages Per Scan = 10 >> Spam List = >> Virus Scanners = f-prot >> [root@mx1 ~]# >> >> PostFix Configuration: >> [root@mx1 ~]# postconf -n >> canonical_maps = hash:/etc/postfix/canonical >> config_directory = /etc/postfix >> disable_vrfy_command = yes >> hash_queue_names = "" >> header_checks = regexp:/etc/postfix/header_checks >> masquerade_exceptions = root >> message_size_limit = 51200000 >> mydomain = schmerold.com >> myhostname = mx1.schmerold.com >> mynetworks = 127.0.0.0/8 65.16.251.208/29 >> relay_domains = katy.com katy.net katycomputer.com schmerold.com >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> smtpd_helo_required = yes >> smtpd_recipient_restrictions = reject_invalid_hostname >> reject_non_fqdn_hostname reject_non_fqdn_sender >> reject_non_fqdn_recipient reject_unknown_sender_domain >> permit_mynetworks reject_unauth_destination check_sender_access >> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org >> reject_rbl_client zen.spamhaus.org permit >> smtpd_sender_restrictions = hash:/etc/postfix/access >> transport_maps = hash:/etc/postfix/transport >> virtual_alias_domains = hash:/etc/postfix/virtual >> virtual_alias_maps = hash:/etc/postfix/virtual >> [root@mx1 ~]# >> >> >> MS Log: >> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40" >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to >> 389AB894965 >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to >> A6D8289500D >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to >> 20327894942 >> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered >> 7 messages >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at >> 128844 bytes >> per second (8272398 / 64) >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) >> processed in >> 64.20 seconds >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 >> messages >> waiting >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning >> 10 messages, >> 169939 bytes >> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the >> SpamAssassin cache >> Jan 30 23:40:04 mx1 named[2116]: lame server resolving >> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53 >> Jan 30 23:40:08 mx1 named[2116]: lame server resolving >> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): >> 194.70.36.12#53 >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 >> spam messages >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 >> bytes per second >> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content >> Scanning: Starting >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at >> 156861 bytes per second >> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from >> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A >> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and >> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from >> www-data@balancetechnology.com >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to >> 6535E894D8C >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to >> DB04E894E55 >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to >> 0597D895371 >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to >> 0CB4B8953AD >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to >> AC1D989448D >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to >> A879089466A >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to >> 80A7B894E67 >> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered >> 7 messages >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at >> 650569 bytes per second >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes >> per second (86123 / 70) >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) >> processed in >> 70.85 seconds >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 >> messages >> waiting >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning >> 10 messages, >> 160591 bytes >> [root@mx1 ~]# >> From jcb at dream.com.ph Fri Feb 2 05:24:17 2007 From: jcb at dream.com.ph (jepoy) Date: Fri Feb 2 04:27:51 2007 Subject: Ruleset on Scanning Message-ID: <019301c74682$010eabe0$920bbdcb@pmsi.net> hi guys, can you give some rule tips on these things. im still experimenting on some of these powerful rulesets. 1. I dont want my trusted network to be scanned of content,filename(selected only) since i want them to send certain files without being quarantine and i want any incoming messages to be scanned for my trusted users. trusted users ---- any (no scanning for attachment) any --- trusted users (scan as usual) tnx. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/126c851f/attachment.html From pete at enitech.com.au Fri Feb 2 06:18:13 2007 From: pete at enitech.com.au (Pete Russell) Date: Fri Feb 2 05:22:07 2007 Subject: Performance In-Reply-To: <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> Message-ID: <45C2C995.30909@enitech.com.au> Glenn Steen wrote: > On 02/02/07, Peter Russell wrote: >> >> > (snip) >> As you say, after i posted it i did some further research and found it >> was just a warning - thanks for the explanation. > :-) >> >> I will leave off making any more MTA changes until one of the clever >> >> cloggs can post up some tips... >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? >> > And a clever clogg is then an intelligent footwear? Sort of an AI for >> > pedestrian appliances?:-) >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) > Why thank you... Such high praise...:-):-). > >> >> I made some changes to my main.cf and then telnet in to my server from >> another network, i can get through helo, MAIL FROM with false info - no >> warnings, errors or disconnects. Any idea where i am going wrong? (i >> have exclude all my pre existing transport map, relay domains type >> config) Appreciate any tips or suggestions. >> Pete > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > depend on the content of the file I guess... You did remember to > postmap it (and reload postfix after the changes to main.cf)? > With a little luck (all the luck I didn't have today... SSL-X logged > itself to death (audit f a failed message just kept repeating) and was > ornery about the license file while updating on new HW, Oracle was > just as Oracle can be, the doctor kept me waiting (well, nothing new > there:-) and pesky users kept interrupting about me helping them with > their *private* WLAN/DSL installs (as if I was going home to them and > doing their LAN... Well, perhaps if sufficient amounts of finer booze > was at the end of it:), so that I never got any time to install the > latest and greatest MS... Grrr.) I'll have time to look at it again in > the morning (today). > > Tired but kind regards OKay seem to have it working - unfortunately lots of folks have mis configured MTAs. Some of these people wont fix this anytime soon - is there way of 'whitelisting' some hosts/domains from the helo checks and client and recipient checks? What do you normally do when a client or vendor gets rejected by these tests? Thanks Pete From res at ausics.net Fri Feb 2 08:39:48 2007 From: res at ausics.net (Res) Date: Fri Feb 2 07:43:22 2007 Subject: Performance In-Reply-To: <45C2C995.30909@enitech.com.au> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> Message-ID: On Fri, 2 Feb 2007, Pete Russell wrote: > What do you normally do when a client or vendor gets rejected by these tests? Why on earth anyone would want to whitelist a domain because THAT domains admin is too clueless and incompetant to configure their machine correctly I'll never know. The solution is simple: 1: If its a host providor whinging... Tell them no mail accepted until they fix their configuration Tell them if they have no idea, to change root pass to somthing they can then give you, you login and fix it for them at a cost of $XXXX.00 and you want to EFT receipt faxed to you prior to this. -OR- 2: If regular host client useing that host server, tell them to take their custom to a host providor who has a clue. It's just not acceptable to have our machines exposed to higher risk of spam or other malicous actions because THEY are dimwits. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Fri Feb 2 10:13:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 09:16:49 2007 Subject: Performance In-Reply-To: <45C2C995.30909@enitech.com.au> References: <45C03361.5040903@katy.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> Message-ID: <223f97700702020113r3548e74dva482632180596cb5@mail.gmail.com> On 02/02/07, Pete Russell wrote: > > > Glenn Steen wrote: > > On 02/02/07, Peter Russell wrote: > >> > >> > > (snip) > >> As you say, after i posted it i did some further research and found it > >> was just a warning - thanks for the explanation. > > :-) > >> >> I will leave off making any more MTA changes until one of the clever > >> >> cloggs can post up some tips... > >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > >> > And a clever clogg is then an intelligent footwear? Sort of an AI for > >> > pedestrian appliances?:-) > >> > >> Well i didnt wanna say geeks - but there you go you have forced me. :) > > Why thank you... Such high praise...:-):-). > > > >> > >> I made some changes to my main.cf and then telnet in to my server from > >> another network, i can get through helo, MAIL FROM with false info - no > >> warnings, errors or disconnects. Any idea where i am going wrong? (i > >> have exclude all my pre existing transport map, relay domains type > >> config) Appreciate any tips or suggestions. > >> Pete > > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > > depend on the content of the file I guess... You did remember to > > postmap it (and reload postfix after the changes to main.cf)? > > With a little luck (all the luck I didn't have today... SSL-X logged > > itself to death (audit f a failed message just kept repeating) and was > > ornery about the license file while updating on new HW, Oracle was > > just as Oracle can be, the doctor kept me waiting (well, nothing new > > there:-) and pesky users kept interrupting about me helping them with > > their *private* WLAN/DSL installs (as if I was going home to them and > > doing their LAN... Well, perhaps if sufficient amounts of finer booze > > was at the end of it:), so that I never got any time to install the > > latest and greatest MS... Grrr.) I'll have time to look at it again in > > the morning (today). > > > > Tired but kind regards > > OKay seem to have it working - unfortunately lots of folks have mis > configured MTAs. Some of these people wont fix this anytime soon - is > there way of 'whitelisting' some hosts/domains from the helo checks and > client and recipient checks? > > What do you normally do when a client or vendor gets rejected by these > tests? I'm not running an ISP, or a big campus or somesuch, so ... my situation is perhaps simpler than mosts:-). In the very few cases where I had this with _business related communications_, and they "persisted in their folly";), I mailed their postmaster _and_ their public contact (usually some "information officer"...:-). Didn't take long for them to fix it. But I see very few FPs, almost none. If you need a "whitelist", simply detail whatever they are HELOing with in the file with an "OK" prior to the "REJECT" lines... Not that I'd do that:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 2 10:32:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 09:35:39 2007 Subject: Performance In-Reply-To: <45C29D90.8080901@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> Message-ID: <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> On 02/02/07, John Schmerold wrote: > This list becomes an important archive of useful information, so I want > to let everyone know we ended up eliminating the smtpd_helo_restrictions > section. Too many mail servers are mis-configured. Besides, the RFC, > states that the recipient server will accept the message regardless of > whether or not the HELO statement is proper. > You are quite correct that one can interprete RFC 2821 (section 4.1.4) that way (and that it was intended that way:-), but one has to take a few things into account... It was written 2001 (well, actually earlier) when spam wasn't that huge a problem, and this whole statement is aimed at minimizing problems... I'd say that someone intentionally using your "credentials" constitute violate the spirit of the "law", if not the letter. And indeed, this "feature" doesn't really break the letter of that "law" either... See the transcript below (I use smtpd_delay_rejects=yes ... And I don't use any greet_pause ... yet): # telnet mail 25 Trying 172.18.3.86... Connected to mail.ap1.se (172.18.3.86). Escape character is '^]'. 220 mail.ap1.se ESMTP Postfix ehlo mail.ap1.se 250-mail.ap1.se 250-PIPELINING 250-SIZE 16777216 250-ETRN 250 8BITMIME mail from:<> 250 Ok rcpt to: 554 : Helo command rejected: Access denied quit 221 Bye Connection closed by foreign host. Please note that we follow the RFCs stipulation (MUST) to only reject the EHLO and stick around in the same state... All ready to process any mails, provided a valid EHLO/HELO is given. This is _exactly_ by the letter of the RFC. So, there is litle to no risk with this. The sender _will_ get a somewhat informative reject code, and should be able to find the problem at their end... Forcing _them_ to comply to the RFC;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From tgc at statsbiblioteket.dk Fri Feb 2 10:39:14 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Fri Feb 2 09:42:41 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2098A.3070200@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: <45C306C2.7070505@statsbiblioteket.dk> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest stable version of MailScanner, 4.58.9. > The only change between 4.58.8 and 4.58.9 seems to be the unconditional setting of TMPDIR=/dev/shm in /usr/sbin/check_MailScanner. I don't think this is the right thing to do. It should be a local configuration choice not something that is forced and can only be disabled by hacking a script that is overwritten on every update. Perhaps you could make this a setting in /etc/sysconfig/MailScanner that defaults to "on" instead. Otherwise 4.58.9 seems to be doing fine here on RHEL 2.1. -tgc From gmatt at nerc.ac.uk Fri Feb 2 11:05:00 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Feb 2 10:08:39 2007 Subject: Use of floating point on typical mailserver In-Reply-To: References: <45C1CCF4.1070100@nerc.ac.uk> Message-ID: <45C30CCC.4030203@nerc.ac.uk> Jeff A. Earickson wrote: > We have two 8-core T2000s and three 8-core T1000s onsite. The three T1000s > handle our webmail front end (horde/imp and associated apache stuff). > One T2000 is a web server, and the second T2000 came online a couple of > weeks ago to handle our IMAP service (dovecot 1.0rc18 currently). This > box has an HP MSA50 disk array with fourteen 72GB disks in a mirrored/ > striped ZFS disk pool for homedirs. All of these systems do a great job, > and barely break a sweat doing it. > > While I can't speak to the FPU issue directly, I got a bit of advice from > a Sun engineer on which chipset to buy for what use in Sun-land. If you > want floating-point computation speed, buy x86 boxes (Sun V20's, etc) > because > the clock cycle of the x86 chips is so much faster. If the work is non > floating-point, then buy Coolthreads servers if the ratio of threads to > processes is > 4. How to find out? Run "prstat" and look at the bottom > line. Take the ratio of processes to LWPs. If the ratio is less than > four, then buy standard Sparc. Sparc chips have the advantage that they > are RISC chips while x86 aren't. His advice, passed along. thanks Jeff... the problem is how do I know if my MS/SA/AV/MW boxes use a lot of FP? It seems crazy looking back but our relays used to run on Sun Ultra 5s, they were replaced by v60z's (Sun Xeon boxes - not very popular) which have done a great job since then but are starting to look a bit long in the tooth. Tripling the memory gave them a new lease of life! Whatever we replace them with needs to have a reasonable chance of coping for another 4 years or so. most of the grunt work of MS and SA is perl text processing which I wouldnt expect to use a lot of FP. I would expect AV engines to be similar (searching for signature patterns etc) so my hunch is that there is little FP work going on... I'll try asking similar questions elsewhere to see if I can figure it out... Not sure I follow the threads/process argument as it seems to assume that you will have the same number of processes running on each box. But if I have a "32-way" host, I'll increase the maximum number of MS and MTA processes to fill the pipes. GREG > > Jeff Earickson > Colby College -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From prandal at herefordshire.gov.uk Fri Feb 2 11:28:35 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 2 10:32:25 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58125FF8C8@isabella.herefordshire.gov.uk> On closer examination this may be due to timeouts when virus scanning. I;'ve increased the max scan time per batch to see if that resolves it. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 02 February 2007 00:07 > To: 'MailScanner discussion' > Subject: RE: MailScanner ANNOUNCE: Stable version 4.58.9 released > > It's working fine thanks Julian. > > One thing I noticed was that clamav (module) had left some junk in > /dev/shm after I'd done a "service MailScanner restart". I suspect > clamavmodule's temp files are not cleaned out on shutdown of > MailScanner. That doesn't matter so much when they are in > /tmp, but it > makes me a bit nervous to see growing amounts of junk in /dev/shm. > > I can live with it, though :-) > > Having clamavmodule's temp files in /dev/shm seems to speed > things up a > bit, so that hack is a definite plus. > > Cheers, > > Phil > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > Julian Field wrote: > > * PGP Signed: 02/01/07 at 15:39:11 > > > > I have just released the latest stable version of > MailScanner, 4.58.9. > > > > It is available for download directly from > > www.mailscanner.info > > as usual. > > > > The major changes for this release are: > > > > -- Added a new configuration setting to control whether senders are > > notified about attachments are too big or too small. > > -- When using the Custom Function plugin system, you can > now calculate > > > a ruleset from within your Custom Function. Very useful for large > sites. > > -- Improvements to the accuracy of the SpamAssassin cache results. > > -- Startup scripts now make SpamAssassin run out of memory-based > > temporary files where possible, to improve speed. > > -- Messages placed in multiple outgoing queues are now delivered > > immediately. > > -- Fixed problems with a few users seeing extra "disarmed" > or "fraud" > > tags appearing incorrectly. > > > > Best regards, > > > > Jules > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > Comment: Fetch my public key foot-print from www.mailscanner.info > Charset: ISO-8859-1 > > wj8DBQFFwl6+EfZZRxQVtlQRAnOpAJ4+v76kWMk5KnXJhZSJU48Pj9zu1QCfbDD6 > QGoVAz6JCXa/wB5mY9i53jc= > =tJ90 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From support-lists at petdoctors.co.uk Fri Feb 2 12:36:09 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri Feb 2 11:39:56 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C25E72.4040602@ecs.soton.ac.uk> Message-ID: <002801c746be$553c3c50$3c65a8c0@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 01, 2007 9:41 PM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone noticed I produced a stable release this afternoon? Or is it just working okay? We are the Managers. You are the coding monkey - know your place. If we want to talk to you we'll send you a memo ;-) From glenn.steen at gmail.com Fri Feb 2 13:15:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 12:18:36 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <002801c746be$553c3c50$3c65a8c0@support01> References: <45C25E72.4040602@ecs.soton.ac.uk> <002801c746be$553c3c50$3c65a8c0@support01> Message-ID: <223f97700702020415p2b90ae0dp79dd075ef5209a5@mail.gmail.com> On 02/02/07, Nigel Kendrick wrote: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > > > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) > Eh ... Nigel... You should familiarise yourself with the writings of one S Travaglia ... That type of statement from "the Boss" or other management types unfailingly lead to bad accidents (electrocution, massive physical (kinetic/falling) damage, specifically designed code "only for you" etc) happening... :-D Take care;) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From support-lists at petdoctors.co.uk Fri Feb 2 13:37:20 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri Feb 2 13:05:36 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <223f97700702020415p2b90ae0dp79dd075ef5209a5@mail.gmail.com> Message-ID: <003e01c746c6$e1aa93f0$3c65a8c0@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, February 02, 2007 12:15 PM To: MailScanner discussion Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released On 02/02/07, Nigel Kendrick wrote: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > > > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) > Eh ... Nigel... You should familiarise yourself with the writings of one S Travaglia ... That type of statement from "the Boss" or other management types unfailingly lead to bad accidents (electrocution, massive physical (kinetic/falling) damage, specifically designed code "only for you" etc) happening... :-D Take care;) -- -- Glenn Trouble is, there's too many Managers / Directors who think like that - The Department Manager for which I once worked sat about 5m away from me (in his own office at the end of the open plan floor area, of course). I spent one entire Sunday installing network cables in a new area. On the Monday, my Team Supervisor called me into his office and read out a memo from his Line Manager saying that 'D' Had asked 'T' to instruct him ('M') to thank me for coming in on Sunday - so that's: 'D' (Dept Manager) --> Memo to 'T' (Line Manager) --> Passed memo to 'M' (Team Supervisor) --> Me! Wow, I really felt 'in my place'!! It made me determined to always know and speak to all the team members who work for me, regardless of 'rank'. From jaearick at colby.edu Fri Feb 2 14:18:11 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Feb 2 13:21:53 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <003e01c746c6$e1aa93f0$3c65a8c0@support01> References: <003e01c746c6$e1aa93f0$3c65a8c0@support01> Message-ID: Julian, The KickMessage() tweak in 4.58.x has been a great change. After you got the bugs worked out in 4.58.8, I noticed that my queues are nearly always empty or near empty. I wondered if you had just routed outbound email to /dev/null. :) Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Fri Feb 2 14:38:03 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 2 13:42:42 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: References: <003e01c746c6$e1aa93f0$3c65a8c0@support01> Message-ID: <45C33EBB.3080004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glad to hear that is working well. Any performance differences? One extra thing I have found is that putting the Bayes database files onto tmpfs helps a lot. But you need to set up a cron job that (a) Copies them to another directory on tmpfs (very fast snapshot) (b) then copies the new files onto disk (relatively slow, but that doesn't matter) You will probably want to do this every hour or so. Add this to the "start" subroutine in the init.d script: if [ -e /root/.spamassassin/bayes_toks ]; then : else cp /root/.spamassassin.copy/* /root/.spamassassin fi That copies the disk-based copy into the tmpfs copy, so you start with the last snapshot. Add this to a cron job that you run once an hour or so: #!/bin/sh if cd /root/.spamassassin ; then #ls -al mkdir -p copy cp * copy mkdir -p /root/.spamassassin.copy mv copy/* /root/.spamassassin.copy rm -rf copy fi And then just mount /root/.spamassassin using tmpfs. If you have a large number of "Max Children =" all competing for the same Bayes db, or even just a large Bayes db, this can make quite a difference to the SpamAssassin speed. Please let me know if you think this helps at all on your systems, or if it makes no discernible difference. Jeff A. Earickson wrote: > The KickMessage() tweak in 4.58.x has been a great change. After > you got the bugs worked out in 4.58.8, I noticed that my queues are > nearly always empty or near empty. I wondered if you had just > routed outbound email to /dev/null. :) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFwz7nEfZZRxQVtlQRArRYAKC4hsu/KtJ+0jlHH+xYu9RA7U4NvQCg3pG2 GpW2LoQGwdZGdNHWg0rF+j0= =dX7Y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From jaearick at colby.edu Fri Feb 2 14:39:38 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Feb 2 13:43:14 2007 Subject: Use of floating point on typical mailserver In-Reply-To: <45C30CCC.4030203@nerc.ac.uk> References: <45C1CCF4.1070100@nerc.ac.uk> <45C30CCC.4030203@nerc.ac.uk> Message-ID: n Fri, 2 Feb 2007, Greg Matthews wrote: > Date: Fri, 02 Feb 2007 10:05:00 +0000 > From: Greg Matthews > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Use of floating point on typical mailserver > > Jeff A. Earickson wrote: >> We have two 8-core T2000s and three 8-core T1000s onsite. The three T1000s >> handle our webmail front end (horde/imp and associated apache stuff). One >> T2000 is a web server, and the second T2000 came online a couple of >> weeks ago to handle our IMAP service (dovecot 1.0rc18 currently). This >> box has an HP MSA50 disk array with fourteen 72GB disks in a mirrored/ >> striped ZFS disk pool for homedirs. All of these systems do a great job, >> and barely break a sweat doing it. >> >> While I can't speak to the FPU issue directly, I got a bit of advice from >> a Sun engineer on which chipset to buy for what use in Sun-land. If you >> want floating-point computation speed, buy x86 boxes (Sun V20's, etc) >> because >> the clock cycle of the x86 chips is so much faster. If the work is non >> floating-point, then buy Coolthreads servers if the ratio of threads to >> processes is > 4. How to find out? Run "prstat" and look at the bottom >> line. Take the ratio of processes to LWPs. If the ratio is less than >> four, then buy standard Sparc. Sparc chips have the advantage that they >> are RISC chips while x86 aren't. His advice, passed along. > > thanks Jeff... the problem is how do I know if my MS/SA/AV/MW boxes use a lot > of FP? Some quick thoughts here. Search the source code that you compile (eg, sendmail code) for uses of "float", "double", or "math.h" (math lib): find . -name '*.[ch]' -print | xargs egrep 'math|float|double' I didn't find much in sendmail 8.13.8 source code. Examine the dynamic libraries that you use with ldd and look for libm (mathlib). Do an lsof as root and look to see if libm is in use by anything. These quick checks on my mail server didn't show much. Mathlib tends to be the heavy hitter for floating-point, since it has trig/log functions and the like in it. > It seems crazy looking back but our relays used to run on Sun Ultra 5s, they > were replaced by v60z's (Sun Xeon boxes - not very popular) which have done a > great job since then but are starting to look a bit long in the tooth. > Tripling the memory gave them a new lease of life! Whatever we replace them > with needs to have a reasonable chance of coping for another 4 years or so. > > most of the grunt work of MS and SA is perl text processing which I wouldnt > expect to use a lot of FP. I would expect AV engines to be similar (searching > for signature patterns etc) so my hunch is that there is little FP work going > on... I'll try asking similar questions elsewhere to see if I can figure it > out... > > Not sure I follow the threads/process argument as it seems to assume that you > will have the same number of processes running on each box. But if I have a > "32-way" host, I'll increase the maximum number of MS and MTA processes to > fill the pipes. The idea with threads/processes is that the current Niagara chips can run 4 threads per CPU. If the ratio of threads to processes is high, then you can keep the CPU busy with threads. If the ratio is low, then you are wasting your money on the CoolThreads CPUs, because you can't keep them busy. Buy regular Sparc chips instead. Jeff Earickson Colby College From dyioulos at firstbhph.com Fri Feb 2 14:58:16 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Feb 2 14:01:56 2007 Subject: MCP checks against outbound mail Message-ID: <200702020858.16809.dyioulos@firstbhph.com> Hello to all. Previously, I had implemented MCP checks on my system. After upgrading spamassassin, MCP was using SA rules to do the scoring. For example, a post from this list got an MCP score of 2.31, with Matching Rules being INVALID_DATE and NO_REAL_NAME (clearly SA rules. Upgrading MS today seems to have fixed that problem - now, my MCP .cf rules are used again. That's good. But now, my issue is this: I've set MS so that our outbound mail isn't scanned for spam. However, this setting also seems to keep the outbound stuff from being scanned for MCP. That's bad. What do I need to do to enable MCP checks only? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Fri Feb 2 16:26:09 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Feb 2 15:29:58 2007 Subject: Use of floating point on typical mailserver In-Reply-To: References: <45C1CCF4.1070100@nerc.ac.uk> <45C30CCC.4030203@nerc.ac.uk> Message-ID: <45C35811.80001@nerc.ac.uk> Jeff A. Earickson wrote: > Some quick thoughts here. Search the source code that you compile (eg, > sendmail code) for uses of "float", "double", or "math.h" (math lib): > > find . -name '*.[ch]' -print | xargs egrep 'math|float|double' > > I didn't find much in sendmail 8.13.8 source code. Examine the dynamic > libraries that you use with ldd and look for libm (mathlib). Do an lsof > as root and look to see if libm is in use by anything. These quick checks > on my mail server didn't show much. Mathlib tends to be the heavy hitter > for floating-point, since it has trig/log functions and the like in it. ah.. good suggestions, I'll have a poke around. > The idea with threads/processes is that the current Niagara chips can run > 4 threads per CPU. If the ratio of threads to processes is high, then > you can keep the CPU busy with threads. If the ratio is low, then you are > wasting your money on the CoolThreads CPUs, because you can't keep them > busy. Buy regular Sparc chips instead. perhaps I'm misunderstanding the technology. Yes each core can execute four threads "at once" (actually time sliced) but I dont see that there's much difference here between running 8 processes each with 4 threads or running 32 processes. Each core should still be able to context switch between the four processes in its 4 "run queues" whether they are threads of a process or separate processes, no? Or is the context switch between separate processes much more expensive? GREG > > Jeff Earickson > Colby College -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From technician at cenpac.net.nr Fri Feb 2 17:56:48 2007 From: technician at cenpac.net.nr (Jon Leeman) Date: Fri Feb 2 17:00:15 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> Message-ID: <45C36D50.7020507@cenpac.net.nr> Res wrote: > Why on earth anyone would want to whitelist a domain because THAT > domains admin is too clueless and incompetant to configure their machine > correctly I'll never know. > > The solution is simple: > 1: If its a host providor whinging... > Tell them no mail accepted until they fix their configuration > Tell them if they have no idea, to change root pass to somthing they > can then give you, you login and fix it for them at a cost of $XXXX.00 > and you want to EFT receipt faxed to you prior to this. > -OR- > 2: If regular host client useing that host server, tell them to take > their custom to a host providor who has a clue. > > > It's just not acceptable to have our machines exposed to higher risk of > spam or other malicous actions because THEY are dimwits. > Amen. Per some of Glenn's later posts...........anyone remember when open relay was the norm for MTA's {and SPAM was a in a tin}? I inherited one (Netscape messenger 3.) about 8 years ago. A regional Linux guru introduced me to PF (and eventually MS later on) about 4 years ago. At that time invoking PF *restrictions* meant that most MTA's in the region were not able to get through to here. Fortunately this has changed in what's known as PIC's (Pacific Island Countries). List, keep up the good work please and excuse my occassional OT comments. Jon (Nauru 0450 local....temp. coolish at around 24 deg. C) From ssilva at sgvwater.com Fri Feb 2 18:56:56 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:00:53 2007 Subject: Performance In-Reply-To: <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/1/2007 5:59 PM: > On 02/02/07, Peter Russell wrote: >> >> > (snip) >> As you say, after i posted it i did some further research and found it >> was just a warning - thanks for the explanation. > :-) >> >> I will leave off making any more MTA changes until one of the clever >> >> cloggs can post up some tips... >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? >> > And a clever clogg is then an intelligent footwear? Sort of an AI for >> > pedestrian appliances?:-) >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) > Why thank you... Such high praise...:-):-). > >> >> I made some changes to my main.cf and then telnet in to my server from >> another network, i can get through helo, MAIL FROM with false info - no >> warnings, errors or disconnects. Any idea where i am going wrong? (i >> have exclude all my pre existing transport map, relay domains type >> config) Appreciate any tips or suggestions. >> Pete > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > depend on the content of the file I guess... You did remember to > postmap it (and reload postfix after the changes to main.cf)? > With a little luck (all the luck I didn't have today... SSL-X logged > itself to death (audit f a failed message just kept repeating) and was > ornery about the license file while updating on new HW, Oracle was > just as Oracle can be, the doctor kept me waiting (well, nothing new > there:-) and pesky users kept interrupting about me helping them with > their *private* WLAN/DSL installs (as if I was going home to them and > doing their LAN... Well, perhaps if sufficient amounts of finer booze > was at the end of it:), so that I never got any time to install the > latest and greatest MS... Grrr.) I'll have time to look at it again in > the morning (today). > > Tired but kind regards I get a lot of that "personal" pestering, too. If you tell them up front you are going to charge them, and make the price high enough, you will stop about 90% of it. The other 10% is beer money! ;-) Just set your rate high enough to be worth your time. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From talora-listas at talora.com.br Fri Feb 2 18:56:58 2007 From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=) Date: Fri Feb 2 18:01:41 2007 Subject: Send copies of certain messages to other mail account Message-ID: <45C37B6A.2000201@talora.com.br> Fellows, To find out what kind of mailing lists my users are participating, I?d link to send a copy of all messages sent from or to any account with "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper analysis. Is it possible to do it with postfix and/or MailScanner? I thought about some "REDIRECT" rule on the "header_checks" table, but I?d like the users to continue recieving the messages, while we analyze that. Any suggestions? Thanks a lot! Luis Talora From ssilva at sgvwater.com Fri Feb 2 19:09:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:13:40 2007 Subject: Performance In-Reply-To: <45C2B198.6060806@katy.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C2B198.6060806@katy.com> Message-ID: John Schmerold spake the following on 2/1/2007 7:35 PM: > I set Children & Messages per scan low after viewing: > http://tinyurl.com/ypqot7 > > We've gone back to higher values now. > Those recommendation are for a server that is struggling because it is (might be) underpowered. I didn't really like that one, but never had the time to edit or comment on it. I was going to write one on using mimedefang on a relay to check recipients, but can't get to that either. Besides, the mimedefang people don't seem to have much love for mailscanner lately, (not quite Wietse like yet), and it is a little bit overkill to use it just for that. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Feb 2 19:13:42 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:17:13 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> Message-ID: <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> On 02/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/1/2007 5:59 PM: > > On 02/02/07, Peter Russell wrote: > >> > >> > > (snip) > >> As you say, after i posted it i did some further research and found it > >> was just a warning - thanks for the explanation. > > :-) > >> >> I will leave off making any more MTA changes until one of the clever > >> >> cloggs can post up some tips... > >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > >> > And a clever clogg is then an intelligent footwear? Sort of an AI for > >> > pedestrian appliances?:-) > >> > >> Well i didnt wanna say geeks - but there you go you have forced me. :) > > Why thank you... Such high praise...:-):-). > > > >> > >> I made some changes to my main.cf and then telnet in to my server from > >> another network, i can get through helo, MAIL FROM with false info - no > >> warnings, errors or disconnects. Any idea where i am going wrong? (i > >> have exclude all my pre existing transport map, relay domains type > >> config) Appreciate any tips or suggestions. > >> Pete > > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > > depend on the content of the file I guess... You did remember to > > postmap it (and reload postfix after the changes to main.cf)? > > With a little luck (all the luck I didn't have today... SSL-X logged > > itself to death (audit f a failed message just kept repeating) and was > > ornery about the license file while updating on new HW, Oracle was > > just as Oracle can be, the doctor kept me waiting (well, nothing new > > there:-) and pesky users kept interrupting about me helping them with > > their *private* WLAN/DSL installs (as if I was going home to them and > > doing their LAN... Well, perhaps if sufficient amounts of finer booze > > was at the end of it:), so that I never got any time to install the > > latest and greatest MS... Grrr.) I'll have time to look at it again in > > the morning (today). > > > > Tired but kind regards > I get a lot of that "personal" pestering, too. If you tell them up front you > are going to charge them, and make the price high enough, you will stop about > 90% of it. The other 10% is beer money! ;-) > Just set your rate high enough to be worth your time. Trust me, I'm not cheap... The dang thing is that working in the financial sector... quite a few of them can actually afford it:-). So, since I really don't want to be straddled with their problems, I tend to ... exaggerate a bit more:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Fri Feb 2 19:16:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:20:38 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <002801c746be$553c3c50$3c65a8c0@support01> References: <45C25E72.4040602@ecs.soton.ac.uk> <002801c746be$553c3c50$3c65a8c0@support01> Message-ID: Nigel Kendrick spake the following on 2/2/2007 3:36 AM: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, February 01, 2007 9:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ANNOUNCE: Stable version 4.58.9 released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone noticed I produced a stable release this afternoon? > Or is it just working okay? > > > > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) > > Be careful!!! You know what monkeys throw at you when they get angry!! ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From vosburgh at dalsemi.com Fri Feb 2 19:24:02 2007 From: vosburgh at dalsemi.com (David Vosburgh) Date: Fri Feb 2 18:27:56 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C37B6A.2000201@talora.com.br> References: <45C37B6A.2000201@talora.com.br> Message-ID: <45C381C2.5020908@dalsemi.com> If I understand you correctly, you should be able to use the mail archiving feature of MS: In MailScanner.conf: Archive Mail = %rules-dir%/mail_archive.rules In mail_archive_rules: From: *yahoogrupos.com.br /var/spool/MailScanner/mail_archive/yahoo_groups yahoo_groups@your.domain.com The above line will archive a copy to a local mbox and also forward a copy to some other email account. I think. You'd obviously need to create the directory /var/spool/MailScanner/mail_archive first. Dave Lu?s Fernando C. Talora wrote: > Fellows, > > To find out what kind of mailing lists my users are participating, I?d > link to send a copy of all messages sent from or to any account with > "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper > analysis. Is it possible to do it with postfix and/or MailScanner? I > thought about some "REDIRECT" rule on the "header_checks" table, but > I?d like the users to continue recieving the messages, while we analyze > that. Any suggestions? > > Thanks a lot! > > Luis Talora From glenn.steen at gmail.com Fri Feb 2 19:26:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:30:26 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C37B6A.2000201@talora.com.br> References: <45C37B6A.2000201@talora.com.br> Message-ID: <223f97700702021026q1fcbee7bw69f93a03bc41a36a@mail.gmail.com> On 02/02/07, "Lu?s Fernando C. Talora" wrote: > Fellows, > > To find out what kind of mailing lists my users are participating, I?d > link to send a copy of all messages sent from or to any account with > "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper > analysis. Is it possible to do it with postfix and/or MailScanner? I > thought about some "REDIRECT" rule on the "header_checks" table, but > I?d like the users to continue recieving the messages, while we analyze > that. Any suggestions? > > Thanks a lot! > > Luis Talora Both should e possible to make work... Actually a very simple ruleset on Non Spam Actions would probably be best ... Look at the examples etc ... and just add a forward some.other.recipient@your.domain.tld to those matching. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jaearick at colby.edu Fri Feb 2 19:27:11 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Feb 2 18:30:49 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C37B6A.2000201@talora.com.br> References: <45C37B6A.2000201@talora.com.br> Message-ID: On Fri, 2 Feb 2007, "Lu?s Fernando C. Talora" wrote: > Date: Fri, 02 Feb 2007 15:56:58 -0200 > From: "Lu?s Fernando C. Talora" > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Send copies of certain messages to other mail account > > Fellows, > > To find out what kind of mailing lists my users are participating, I?d link > to send a copy of all messages sent from or to any account with > "yahoogrupos.com.br" or "grupos.com.br" on its address, for a deeper > analysis. Is it possible to do it with postfix and/or MailScanner? I thought > about some "REDIRECT" rule on the "header_checks" table, but I?d like the > users to continue recieving the messages, while we analyze that. Any > suggestions? This is easy to do in MailScanner. Write rulesets for "Spam Actions =" and "Non Spam Actions =" that look like: From: grupos.com.br deliver forward postmaster@talora.com.br FromOrTo: default deliver I am doing this now to send email downstream to another system for test users on that machine. Jeff Earickson Colby College From wendiw at itasoftware.com Fri Feb 2 19:29:46 2007 From: wendiw at itasoftware.com (Wendi Whitsett) Date: Fri Feb 2 18:32:23 2007 Subject: Phishing whitelist entries not used by MS In-Reply-To: <45C21C00.6060202@itasoftware.com> References: <45C21C00.6060202@itasoftware.com> Message-ID: <45C3831A.2020602@itasoftware.com> Is anyone actually using Phishing White listing? With success? Thanks -Wendi -- Wendi W. Sr Systems Engineer ITA Software wendiw@itasoftware.com Wendi Whitsett wrote: > I've got a MailScanner/Linux box here that seems to be failing the > 'check for safe phishing sites' part of the scan. I clearly created > two entries in my /etc/MailScanner/phishing.safe.sites.conf: > www.domainone.com > www.domaintwo.com > > Reloaded MS and sent through a message with an embedded A href tag. > The message went through and got scanned positive for phishing fraud, > even with my two domains listed in the safe sites. Anyone have any > ideas why this is happening? > > Blurb from reload, you can see the phishing whitelist being loaded: > > Feb 1 09:37:30 mx1 MailScanner[7257]: MailScanner E-Mail Virus > Scanner version 4.56.8 starting... Feb 1 09:37:30 mx1 > MailScanner[7257]: Read 767 hostnames from the phishing whitelist Feb > 1 09:37:30 mx1 MailScanner[7257]: Using SpamAssassin results cache > Feb 1 09:37:30 mx1 MailScanner[7257]: Connected to SpamAssassin cache > database Feb 1 09:37:30 mx1 MailScanner[7257]: Expired 6 records from > the SpamAssassin cache Feb 1 09:37:30 mx1 MailScanner[7257]: Enabling > SpamAssassin auto-whitelist functionality... Feb 1 09:37:35 mx1 > MailScanner[7257]: Using locktype = flock > Thanks for any help... > -Wendi > > -- > Wendi W. > Sr Systems Engineer > ITA Software > wendiw@itasoftware.com > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/5298bb6c/smime.bin From ssilva at sgvwater.com Fri Feb 2 19:33:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 2 18:37:37 2007 Subject: Performance In-Reply-To: <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> References: <45C03361.5040903@katy.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/2/2007 10:13 AM: > On 02/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/1/2007 5:59 PM: >> > On 02/02/07, Peter Russell wrote: >> >> >> >> >> > (snip) >> >> As you say, after i posted it i did some further research and found it >> >> was just a warning - thanks for the explanation. >> > :-) >> >> >> I will leave off making any more MTA changes until one of the >> clever >> >> >> cloggs can post up some tips... >> >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? >> >> > And a clever clogg is then an intelligent footwear? Sort of an AI >> for >> >> > pedestrian appliances?:-) >> >> >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) >> > Why thank you... Such high praise...:-):-). >> > >> >> >> >> I made some changes to my main.cf and then telnet in to my server from >> >> another network, i can get through helo, MAIL FROM with false info >> - no >> >> warnings, errors or disconnects. Any idea where i am going wrong? (i >> >> have exclude all my pre existing transport map, relay domains type >> >> config) Appreciate any tips or suggestions. >> >> Pete >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would >> > depend on the content of the file I guess... You did remember to >> > postmap it (and reload postfix after the changes to main.cf)? >> > With a little luck (all the luck I didn't have today... SSL-X logged >> > itself to death (audit f a failed message just kept repeating) and was >> > ornery about the license file while updating on new HW, Oracle was >> > just as Oracle can be, the doctor kept me waiting (well, nothing new >> > there:-) and pesky users kept interrupting about me helping them with >> > their *private* WLAN/DSL installs (as if I was going home to them and >> > doing their LAN... Well, perhaps if sufficient amounts of finer booze >> > was at the end of it:), so that I never got any time to install the >> > latest and greatest MS... Grrr.) I'll have time to look at it again in >> > the morning (today). >> > >> > Tired but kind regards >> I get a lot of that "personal" pestering, too. If you tell them up >> front you >> are going to charge them, and make the price high enough, you will >> stop about >> 90% of it. The other 10% is beer money! ;-) >> Just set your rate high enough to be worth your time. > > Trust me, I'm not cheap... The dang thing is that working in the > financial sector... quite a few of them can actually afford it:-). So, > since I really don't want to be straddled with their problems, I tend > to ... exaggerate a bit more:-). > If your still getting too many, then your prices are still too low. Even a rich man has a price that he won't pay! I had a guy the other day that wanted me to do some work, and actually seemed offended that I wouldn't do it for free! Only my family gets work for free. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Feb 2 19:44:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:48:13 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C381C2.5020908@dalsemi.com> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> Message-ID: <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> On 02/02/07, David Vosburgh wrote: > If I understand you correctly, you should be able to use the mail > archiving feature of MS: > > In MailScanner.conf: > Archive Mail = %rules-dir%/mail_archive.rules > > In mail_archive_rules: > From: *yahoogrupos.com.br > /var/spool/MailScanner/mail_archive/yahoo_groups > yahoo_groups@your.domain.com > > The above line will archive a copy to a local mbox and also forward a > copy to some other email account. I think. > > You'd obviously need to create the directory > /var/spool/MailScanner/mail_archive first. > > Dave > Nah, archiving is overkill here:-). Forgot the obligatory "Make sure it's leagal/allowed by policy before implementing this" gripe... So there it is:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From DrewB at united-systems.com Fri Feb 2 19:47:14 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Fri Feb 2 18:51:06 2007 Subject: Phishing phraud Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> Where can I report a phishing email that managed to slip through Mailscanner? Also, is there something I can adjust to ensure that it doesn't slip through again? Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/fed81000/attachment.html From glenn.steen at gmail.com Fri Feb 2 19:48:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:51:50 2007 Subject: Phishing whitelist entries not used by MS In-Reply-To: <45C3831A.2020602@itasoftware.com> References: <45C21C00.6060202@itasoftware.com> <45C3831A.2020602@itasoftware.com> Message-ID: <223f97700702021048p4cee6c9em4b7cd7a226db681b@mail.gmail.com> On 02/02/07, Wendi Whitsett wrote: > Is anyone actually using Phishing White listing? With success? > Thanks > -Wendi > > -- > Wendi W. > Sr Systems Engineer > ITA Software > wendiw@itasoftware.com > Yes... Could uyou give a true example? Like the actual domain names you whitelist and the actual URL you tested with? Might be some insiduous bug, and Jules will need real data to work with to fix it (if it indeed needs fixing). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 2 19:51:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 18:55:05 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> Message-ID: <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> On 02/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/2/2007 10:13 AM: > > On 02/02/07, Scott Silva wrote: > >> Glenn Steen spake the following on 2/1/2007 5:59 PM: > >> > On 02/02/07, Peter Russell wrote: > >> >> > >> >> > >> > (snip) > >> >> As you say, after i posted it i did some further research and found it > >> >> was just a warning - thanks for the explanation. > >> > :-) > >> >> >> I will leave off making any more MTA changes until one of the > >> clever > >> >> >> cloggs can post up some tips... > >> >> > Um, english parser breakdown... Isn't a clogg a sort of wooden shoe? > >> >> > And a clever clogg is then an intelligent footwear? Sort of an AI > >> for > >> >> > pedestrian appliances?:-) > >> >> > >> >> Well i didnt wanna say geeks - but there you go you have forced me. :) > >> > Why thank you... Such high praise...:-):-). > >> > > >> >> > >> >> I made some changes to my main.cf and then telnet in to my server from > >> >> another network, i can get through helo, MAIL FROM with false info > >> - no > >> >> warnings, errors or disconnects. Any idea where i am going wrong? (i > >> >> have exclude all my pre existing transport map, relay domains type > >> >> config) Appreciate any tips or suggestions. > >> >> Pete > >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > >> > depend on the content of the file I guess... You did remember to > >> > postmap it (and reload postfix after the changes to main.cf)? > >> > With a little luck (all the luck I didn't have today... SSL-X logged > >> > itself to death (audit f a failed message just kept repeating) and was > >> > ornery about the license file while updating on new HW, Oracle was > >> > just as Oracle can be, the doctor kept me waiting (well, nothing new > >> > there:-) and pesky users kept interrupting about me helping them with > >> > their *private* WLAN/DSL installs (as if I was going home to them and > >> > doing their LAN... Well, perhaps if sufficient amounts of finer booze > >> > was at the end of it:), so that I never got any time to install the > >> > latest and greatest MS... Grrr.) I'll have time to look at it again in > >> > the morning (today). > >> > > >> > Tired but kind regards > >> I get a lot of that "personal" pestering, too. If you tell them up > >> front you > >> are going to charge them, and make the price high enough, you will > >> stop about > >> 90% of it. The other 10% is beer money! ;-) > >> Just set your rate high enough to be worth your time. > > > > Trust me, I'm not cheap... The dang thing is that working in the > > financial sector... quite a few of them can actually afford it:-). So, > > since I really don't want to be straddled with their problems, I tend > > to ... exaggerate a bit more:-). > > > If your still getting too many, then your prices are still too low. Even a > rich man has a price that he won't pay! > I had a guy the other day that wanted me to do some work, and actually seemed > offended that I wouldn't do it for free! Only my family gets work for free. Exactly... It's actually the richest of them that seem to think we're their personal IT-butlers and we should do this service as part of our normal work... After a few "explanations" it seem to have sunk in that we're not:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 2 19:58:18 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 19:01:48 2007 Subject: Phishing phraud In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> References: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> Message-ID: <223f97700702021058mbcc453bgbb408096527ad4c2@mail.gmail.com> On 02/02/07, Drew Burchett wrote: > > > > > Where can I report a phishing email that managed to slip through > Mailscanner? Also, is there something I can adjust to ensure that it > doesn't slip through again? This list and/or Jules wouldn't be wrong, or perhaps both...:-). As to what to do... well that depends on why, now doesn't it;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Fri Feb 2 20:20:47 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 2 19:24:38 2007 Subject: Need help, server running out of space!! In-Reply-To: <20070201160646.B61555@mikea.ath.cx> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> <200702020746160185.28FFA111@smtp1.ace.net.au> <20070201160646.B61555@mikea.ath.cx> Message-ID: <45C38F0F.1000802@USherbrooke.ca> mikea a ?crit : > On Fri, Feb 02, 2007 at 07:46:16AM +1030, Peter Nitschke wrote: > >> Have you checked your logs? >> >> *********** REPLY SEPARATOR *********** >> >> On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: >> >> >>> 2007/2/1, Claude Gagn? : >>> >>>> Empty the quarantine ? >>>> >>>> >>> i've already done that and now i have some air, but something is eating >>> space very quick and its not the quarantine. >>> >>> >>> Eduardo Casarero a ?crit : >>> >>>> hi MS gurus i need your help. I run Mscanner with spamassasing on a >>>> HPDL380, with 1 scsi disk. >>>> >>>> mscanner MailScanner-4.55.10, sendmail >>>> > > I have seen some circumstances in which a large file, while consuming > disk space, didn't show up in `ls -l` or in `du` while the process was > running that was writing to the file. You may have to stop MailScanner > and other tools to have a chance of seeing where the big file is. In > the worst case, you'll have to boot to single-user mode, mount the > disks in your fstab, and then examine them. > > If you don't see a file it's because a process is still writing to it but some other process (or even itself) has deleted the file. If the file has been deleted it won't show up on ls but as soon as the process writing to the file exits (or is killed) the file space will get released. So a simple reboot might release that space. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/3899f445/smime-0001.bin From MailScanner at ecs.soton.ac.uk Fri Feb 2 20:32:25 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 2 19:37:07 2007 Subject: Phishing phraud In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> References: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> Message-ID: <45C391C9.3040005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Burchett wrote: > > Where can I report a phishing email that managed to slip through > Mailscanner? > Can you show me the actual HTML source of the bit of text that was the phishing link? I can only stop phishing links that are bits of text that look like links, but which actually take you to somewhere else. If the displayed text is "Click here" or similar, then there's nothing I can do, you are better off talking to the SpamAssassin and ClamAV folks. > > Also, is there something I can adjust to ensure that it doesn?t slip > through again? > It all depends on exactly what it is. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: windows-1252 wj8DBQFFw5IFEfZZRxQVtlQRAuU7AKCA9geYI/WPHRkCX/tVqMteqd0X/gCguDnf ZqtFQWMuqdmKU6+UNWAsqbQ= =bMs1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Feb 2 20:34:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 2 19:38:38 2007 Subject: Performance In-Reply-To: <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> References: <45C03361.5040903@katy.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> Message-ID: <45C39243.6000807@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 02/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/2/2007 10:13 AM: >> > On 02/02/07, Scott Silva wrote: >> >> Glenn Steen spake the following on 2/1/2007 5:59 PM: >> >> > On 02/02/07, Peter Russell wrote: >> >> >> >> >> >> >> >> > (snip) >> >> >> As you say, after i posted it i did some further research and >> found it >> >> >> was just a warning - thanks for the explanation. >> >> > :-) >> >> >> >> I will leave off making any more MTA changes until one of the >> >> clever >> >> >> >> cloggs can post up some tips... >> >> >> > Um, english parser breakdown... Isn't a clogg a sort of >> wooden shoe? >> >> >> > And a clever clogg is then an intelligent footwear? Sort of >> an AI >> >> for >> >> >> > pedestrian appliances?:-) >> >> >> >> >> >> Well i didnt wanna say geeks - but there you go you have forced >> me. :) >> >> > Why thank you... Such high praise...:-):-). >> >> > >> >> >> >> >> >> I made some changes to my main.cf and then telnet in to my >> server from >> >> >> another network, i can get through helo, MAIL FROM with false info >> >> - no >> >> >> warnings, errors or disconnects. Any idea where i am going >> wrong? (i >> >> >> have exclude all my pre existing transport map, relay domains type >> >> >> config) Appreciate any tips or suggestions. >> >> >> Pete >> >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would >> >> > depend on the content of the file I guess... You did remember to >> >> > postmap it (and reload postfix after the changes to main.cf)? >> >> > With a little luck (all the luck I didn't have today... SSL-X >> logged >> >> > itself to death (audit f a failed message just kept repeating) >> and was >> >> > ornery about the license file while updating on new HW, Oracle was >> >> > just as Oracle can be, the doctor kept me waiting (well, nothing >> new >> >> > there:-) and pesky users kept interrupting about me helping them >> with >> >> > their *private* WLAN/DSL installs (as if I was going home to >> them and >> >> > doing their LAN... Well, perhaps if sufficient amounts of finer >> booze >> >> > was at the end of it:), so that I never got any time to install the >> >> > latest and greatest MS... Grrr.) I'll have time to look at it >> again in >> >> > the morning (today). >> >> > >> >> > Tired but kind regards >> >> I get a lot of that "personal" pestering, too. If you tell them up >> >> front you >> >> are going to charge them, and make the price high enough, you will >> >> stop about >> >> 90% of it. The other 10% is beer money! ;-) >> >> Just set your rate high enough to be worth your time. >> > >> > Trust me, I'm not cheap... The dang thing is that working in the >> > financial sector... quite a few of them can actually afford it:-). So, >> > since I really don't want to be straddled with their problems, I tend >> > to ... exaggerate a bit more:-). >> > >> If your still getting too many, then your prices are still too low. >> Even a >> rich man has a price that he won't pay! >> I had a guy the other day that wanted me to do some work, and >> actually seemed >> offended that I wouldn't do it for free! Only my family gets work for >> free. > > Exactly... It's actually the richest of them that seem to think we're > their personal IT-butlers and we should do this service as part of our > normal work... After a few "explanations" it seem to have sunk in that > we're not:-) Start by asking for at least $200 per hour. That usually separates out the chaff. And they realise that what they've asked you to do isn't the equivalent of building a flat-pack bookcase. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFw5JZEfZZRxQVtlQRAmzXAKDqU/ZBS7G2x1VL4dDzYb6+gNfHqACfarOU nIm0sitbaK8e8e1tNKj9M5k= =YZzL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From dnsadmin at 1bigthink.com Fri Feb 2 20:37:16 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Feb 2 19:41:00 2007 Subject: Phishing phraud In-Reply-To: <223f97700702021058mbcc453bgbb408096527ad4c2@mail.gmail.com > References: <1E75E79B854C814784D0E8C5BA55AF76F76FE6@uss2k01.united-systems.local> <223f97700702021058mbcc453bgbb408096527ad4c2@mail.gmail.com> Message-ID: <7.0.1.0.0.20070202143639.08f02ec0@1bigthink.com> At 01:58 PM 2/2/2007, you wrote: >On 02/02/07, Drew Burchett wrote: >> >> >> >> >>Where can I report a phishing email that managed to slip through >>Mailscanner? Also, is there something I can adjust to ensure that it >>doesn't slip through again? >This list and/or Jules wouldn't be wrong, or perhaps both...:-). >As to what to do... well that depends on why, now doesn't it;-). >-- >-- Glenn >email: glenn < dot > steen < at > gmail < dot > com >work: glenn < dot > steen < at > ap1 < dot > se >-- If you are using ClamAV, report it to them as well! http://www.clamav.org Cheers! From Denis.Beauchemin at USherbrooke.ca Fri Feb 2 20:54:16 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 2 19:58:03 2007 Subject: Use of floating point on typical mailserver In-Reply-To: References: <45C1CCF4.1070100@nerc.ac.uk> <45C30CCC.4030203@nerc.ac.uk> Message-ID: <45C396E8.7050601@USherbrooke.ca> Jeff A. Earickson a ?crit : > n Fri, 2 Feb 2007, Greg Matthews wrote: > >> Date: Fri, 02 Feb 2007 10:05:00 +0000 >> From: Greg Matthews >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: Use of floating point on typical mailserver >> > > Some quick thoughts here. Search the source code that you compile > (eg, sendmail code) for uses of "float", "double", or "math.h" (math > lib): > > find . -name '*.[ch]' -print | xargs egrep 'math|float|double' > > I didn't find much in sendmail 8.13.8 source code. Examine the > dynamic libraries that you use with ldd and look for libm (mathlib). IIRC Perl only use floats, no ints... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/75e3ecfd/smime.bin From Kevin_Miller at ci.juneau.ak.us Fri Feb 2 20:58:19 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 2 20:01:51 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <002801c746be$553c3c50$3c65a8c0@support01> Message-ID: Nigel Kendrick wrote: > We are the Managers. You are the coding monkey - know your place. > > If we want to talk to you we'll send you a memo > > ;-) Eh, you're new in these parts, ain't ya son... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Fri Feb 2 21:37:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 2 20:41:18 2007 Subject: Performance In-Reply-To: <45C39243.6000807@ecs.soton.ac.uk> References: <45C03361.5040903@katy.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> <45C39243.6000807@ecs.soton.ac.uk> Message-ID: <223f97700702021237u14906c02vc2a1bbab28e8bf66@mail.gmail.com> On 02/02/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Glenn Steen wrote: > > On 02/02/07, Scott Silva wrote: > >> Glenn Steen spake the following on 2/2/2007 10:13 AM: > >> > On 02/02/07, Scott Silva wrote: > >> >> Glenn Steen spake the following on 2/1/2007 5:59 PM: > >> >> > On 02/02/07, Peter Russell wrote: > >> >> >> > >> >> >> > >> >> > (snip) > >> >> >> As you say, after i posted it i did some further research and > >> found it > >> >> >> was just a warning - thanks for the explanation. > >> >> > :-) > >> >> >> >> I will leave off making any more MTA changes until one of the > >> >> clever > >> >> >> >> cloggs can post up some tips... > >> >> >> > Um, english parser breakdown... Isn't a clogg a sort of > >> wooden shoe? > >> >> >> > And a clever clogg is then an intelligent footwear? Sort of > >> an AI > >> >> for > >> >> >> > pedestrian appliances?:-) > >> >> >> > >> >> >> Well i didnt wanna say geeks - but there you go you have forced > >> me. :) > >> >> > Why thank you... Such high praise...:-):-). > >> >> > > >> >> >> > >> >> >> I made some changes to my main.cf and then telnet in to my > >> server from > >> >> >> another network, i can get through helo, MAIL FROM with false info > >> >> - no > >> >> >> warnings, errors or disconnects. Any idea where i am going > >> wrong? (i > >> >> >> have exclude all my pre existing transport map, relay domains type > >> >> >> config) Appreciate any tips or suggestions. > >> >> >> Pete > >> >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it would > >> >> > depend on the content of the file I guess... You did remember to > >> >> > postmap it (and reload postfix after the changes to main.cf)? > >> >> > With a little luck (all the luck I didn't have today... SSL-X > >> logged > >> >> > itself to death (audit f a failed message just kept repeating) > >> and was > >> >> > ornery about the license file while updating on new HW, Oracle was > >> >> > just as Oracle can be, the doctor kept me waiting (well, nothing > >> new > >> >> > there:-) and pesky users kept interrupting about me helping them > >> with > >> >> > their *private* WLAN/DSL installs (as if I was going home to > >> them and > >> >> > doing their LAN... Well, perhaps if sufficient amounts of finer > >> booze > >> >> > was at the end of it:), so that I never got any time to install the > >> >> > latest and greatest MS... Grrr.) I'll have time to look at it > >> again in > >> >> > the morning (today). > >> >> > > >> >> > Tired but kind regards > >> >> I get a lot of that "personal" pestering, too. If you tell them up > >> >> front you > >> >> are going to charge them, and make the price high enough, you will > >> >> stop about > >> >> 90% of it. The other 10% is beer money! ;-) > >> >> Just set your rate high enough to be worth your time. > >> > > >> > Trust me, I'm not cheap... The dang thing is that working in the > >> > financial sector... quite a few of them can actually afford it:-). So, > >> > since I really don't want to be straddled with their problems, I tend > >> > to ... exaggerate a bit more:-). > >> > > >> If your still getting too many, then your prices are still too low. > >> Even a > >> rich man has a price that he won't pay! > >> I had a guy the other day that wanted me to do some work, and > >> actually seemed > >> offended that I wouldn't do it for free! Only my family gets work for > >> free. > > > > Exactly... It's actually the richest of them that seem to think we're > > their personal IT-butlers and we should do this service as part of our > > normal work... After a few "explanations" it seem to have sunk in that > > we're not:-) > Start by asking for at least $200 per hour. That usually separates out > the chaff. And they realise that what they've asked you to do isn't the > equivalent of building a flat-pack bookcase. > > Jules I start at the equivalent to $230 - 250... 200 would be a "friendly" price... And real friends get it for free... not counting the booze:-). What shocks me is that some of these rich types actually consider it... I probably will have to raise it before too long:-). Problem whith that kind of job would be that I'd never get away from it ... Any insignificant&unrelated problem would suddenly be part of the deal ("Oh, and the broadband TV needs some adjusting"... "Sure, that will be another hour" ... Not my cup of $HOTBEVERAGE:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ecasarero at gmail.com Fri Feb 2 22:01:52 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Feb 2 21:05:22 2007 Subject: Need help, server running out of space!! In-Reply-To: <20070201160646.B61555@mikea.ath.cx> References: <7d9b3cf20702011117i122a9f01l90f1175fac842ef6@mail.gmail.com> <45C23F60.5010805@multitech.qc.ca> <7d9b3cf20702011138t2265d08bw10804406d73a7fb8@mail.gmail.com> <200702020746160185.28FFA111@smtp1.ace.net.au> <20070201160646.B61555@mikea.ath.cx> Message-ID: <7d9b3cf20702021301j7f584671i9b25c59ff4752417@mail.gmail.com> thanks!!!! i've found the problem. other admin turned on the mailwatch debug and he forgot to turn it off, so the log eat all disk space. Thanks to everybody for your help! 2007/2/1, mikea : > > On Fri, Feb 02, 2007 at 07:46:16AM +1030, Peter Nitschke wrote: > > Have you checked your logs? > > > > *********** REPLY SEPARATOR *********** > > > > On 1/02/2007 at 4:38 PM Eduardo Casarero wrote: > > > > >2007/2/1, Claude Gagn? : > > >> > > >> Empty the quarantine ? > > >> > > > > > >i've already done that and now i have some air, but something is eating > > >space very quick and its not the quarantine. > > > > > > > > >Eduardo Casarero a ?crit : > > >> > > >> hi MS gurus i need your help. I run Mscanner with spamassasing on a > > >> HPDL380, with 1 scsi disk. > > >> > > >> mscanner MailScanner-4.55.10, sendmail > > I have seen some circumstances in which a large file, while consuming > disk space, didn't show up in `ls -l` or in `du` while the process was > running that was writing to the file. You may have to stop MailScanner > and other tools to have a chance of seeing where the big file is. In > the worst case, you'll have to boot to single-user mode, mount the > disks in your fstab, and then examine them. > > Good luck! > > -- > Mike Andrews, W5EGO > mikea@mikea.ath.cx > Tired old sysadmin > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070202/0cba39c4/attachment.html From res at ausics.net Fri Feb 2 23:25:27 2007 From: res at ausics.net (Res) Date: Fri Feb 2 22:29:05 2007 Subject: Performance In-Reply-To: <45C36D50.7020507@cenpac.net.nr> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> <45C36D50.7020507@cenpac.net.nr> Message-ID: On Sat, 3 Feb 2007, Jon Leeman wrote: > Per some of Glenn's later posts...........anyone remember when open > relay was the norm for MTA's {and SPAM was a in a tin}? I inherited one > (Netscape messenger 3.) about 8 years ago. Yep, thats why early sendmail by default allowed it, back then you could 'trust thy neighbour' when the influx of unstrustworthy no good lamers started to pop up that changed (I think around '97) to not relay by default. Like most things in life "if you abuse it, you lose it". -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Fri Feb 2 23:26:57 2007 From: res at ausics.net (Res) Date: Fri Feb 2 22:30:34 2007 Subject: Phishing whitelist entries not used by MS In-Reply-To: <45C3831A.2020602@itasoftware.com> References: <45C21C00.6060202@itasoftware.com> <45C3831A.2020602@itasoftware.com> Message-ID: On Fri, 2 Feb 2007, Wendi Whitsett wrote: > Is anyone actually using Phishing White listing? With success? Definately -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From itdept at fractalweb.com Sat Feb 3 01:15:16 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Feb 3 00:19:51 2007 Subject: automated mail server stress testing? Message-ID: <45C3D414.9090900@fractalweb.com> Just wondering if there are any programs/scripts/whatever that can put an artificial high load on our new server so we can see if anything breaks *before* we start moving real users to this new box. Ideally, I'd like to create a hundred or so (fake) users, then hit this box with ridiculous amounts of mail (and artificial spam/viruses too) so we can make sure it handles the load without breaking, doesn't let viruses through, etc. Anyone aware of an automated server stress tester such as this? Thanks, Chris From sandrews at andrewscompanies.com Sat Feb 3 01:24:25 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Sat Feb 3 00:27:56 2007 Subject: automated mail server stress testing? References: <45C3D414.9090900@fractalweb.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB0429FC9@winchester.andrewscompanies.com> Have everyone on this list forward their high scoring spam to you? ;) Just kidding. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik Sent: Friday, February 02, 2007 7:15 PM To: MailScanner discussion Subject: automated mail server stress testing? Just wondering if there are any programs/scripts/whatever that can put an artificial high load on our new server so we can see if anything breaks *before* we start moving real users to this new box. Ideally, I'd like to create a hundred or so (fake) users, then hit this box with ridiculous amounts of mail (and artificial spam/viruses too) so we can make sure it handles the load without breaking, doesn't let viruses through, etc. Anyone aware of an automated server stress tester such as this? Thanks, Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Feb 3 01:44:55 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 3 00:48:27 2007 Subject: Performance In-Reply-To: References: <45C03361.5040903@katy.com> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> <45C36D50.7020507@cenpac.net.nr> Message-ID: <223f97700702021644w2f6872e2id47e836f20886880@mail.gmail.com> On 02/02/07, Res wrote: > On Sat, 3 Feb 2007, Jon Leeman wrote: > > > Per some of Glenn's later posts...........anyone remember when open > > relay was the norm for MTA's {and SPAM was a in a tin}? I inherited one > > (Netscape messenger 3.) about 8 years ago. > > Yep, thats why early sendmail by default allowed it, back then you could > 'trust thy neighbour' when the influx of unstrustworthy no good lamers > started to pop up that changed (I think around '97) to not relay by > default. Like most things in life "if you abuse it, you lose it". > Early sendmail == early 80:ies.... UUCP anyone? Banged adresses (no, not fornication of any kind:-)... Those were the days.... not. Sure, there was a lot less things reminiscent of spam... but really, it wasn't better then (I remember thinking Taylor was such an improvement over HDB (that was sometime 94-ish,wasn't it?)... don't remember why though... active forgetfullness ... the mind is such a pliable thing:-). Back then, a luser could bring your MTA down in flames by using an 8-bit character (if they managed to create one:-)... Things have actually improved. Not spam, but other things:-). Many of you probably remember this more vividly than I:-D Cheers -- -- Glenn (Red this day, not amber) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Sat Feb 3 01:52:53 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 3 00:56:34 2007 Subject: Performance In-Reply-To: <223f97700702021237u14906c02vc2a1bbab28e8bf66@mail.gmail.com> References: <45C03361.5040903@katy.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <223f97700702021013n6baeb428pf73cb70b8b295170@mail.gmail.com> <223f97700702021051j42672f14m6d0e57d992f6c2e@mail.gmail.com> <45C39243.6000807@ecs.soton.ac.uk> <223f97700702021237u14906c02vc2a1bbab28e8bf66@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/2/2007 12:37 PM: > On 02/02/07, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Glenn Steen wrote: >> > On 02/02/07, Scott Silva wrote: >> >> Glenn Steen spake the following on 2/2/2007 10:13 AM: >> >> > On 02/02/07, Scott Silva wrote: >> >> >> Glenn Steen spake the following on 2/1/2007 5:59 PM: >> >> >> > On 02/02/07, Peter Russell wrote: >> >> >> >> >> >> >> >> >> >> >> > (snip) >> >> >> >> As you say, after i posted it i did some further research and >> >> found it >> >> >> >> was just a warning - thanks for the explanation. >> >> >> > :-) >> >> >> >> >> I will leave off making any more MTA changes until one of the >> >> >> clever >> >> >> >> >> cloggs can post up some tips... >> >> >> >> > Um, english parser breakdown... Isn't a clogg a sort of >> >> wooden shoe? >> >> >> >> > And a clever clogg is then an intelligent footwear? Sort of >> >> an AI >> >> >> for >> >> >> >> > pedestrian appliances?:-) >> >> >> >> >> >> >> >> Well i didnt wanna say geeks - but there you go you have forced >> >> me. :) >> >> >> > Why thank you... Such high praise...:-):-). >> >> >> > >> >> >> >> >> >> >> >> I made some changes to my main.cf and then telnet in to my >> >> server from >> >> >> >> another network, i can get through helo, MAIL FROM with false >> info >> >> >> - no >> >> >> >> warnings, errors or disconnects. Any idea where i am going >> >> wrong? (i >> >> >> >> have exclude all my pre existing transport map, relay domains >> type >> >> >> >> config) Appreciate any tips or suggestions. >> >> >> >> Pete >> >> >> > To my tired eyes (it's almost 02.00 here) it looks ok, so it >> would >> >> >> > depend on the content of the file I guess... You did remember to >> >> >> > postmap it (and reload postfix after the changes to main.cf)? >> >> >> > With a little luck (all the luck I didn't have today... SSL-X >> >> logged >> >> >> > itself to death (audit f a failed message just kept repeating) >> >> and was >> >> >> > ornery about the license file while updating on new HW, Oracle >> was >> >> >> > just as Oracle can be, the doctor kept me waiting (well, nothing >> >> new >> >> >> > there:-) and pesky users kept interrupting about me helping them >> >> with >> >> >> > their *private* WLAN/DSL installs (as if I was going home to >> >> them and >> >> >> > doing their LAN... Well, perhaps if sufficient amounts of finer >> >> booze >> >> >> > was at the end of it:), so that I never got any time to >> install the >> >> >> > latest and greatest MS... Grrr.) I'll have time to look at it >> >> again in >> >> >> > the morning (today). >> >> >> > >> >> >> > Tired but kind regards >> >> >> I get a lot of that "personal" pestering, too. If you tell them up >> >> >> front you >> >> >> are going to charge them, and make the price high enough, you will >> >> >> stop about >> >> >> 90% of it. The other 10% is beer money! ;-) >> >> >> Just set your rate high enough to be worth your time. >> >> > >> >> > Trust me, I'm not cheap... The dang thing is that working in the >> >> > financial sector... quite a few of them can actually afford >> it:-). So, >> >> > since I really don't want to be straddled with their problems, I >> tend >> >> > to ... exaggerate a bit more:-). >> >> > >> >> If your still getting too many, then your prices are still too low. >> >> Even a >> >> rich man has a price that he won't pay! >> >> I had a guy the other day that wanted me to do some work, and >> >> actually seemed >> >> offended that I wouldn't do it for free! Only my family gets work for >> >> free. >> > >> > Exactly... It's actually the richest of them that seem to think we're >> > their personal IT-butlers and we should do this service as part of our >> > normal work... After a few "explanations" it seem to have sunk in that >> > we're not:-) >> Start by asking for at least $200 per hour. That usually separates out >> the chaff. And they realise that what they've asked you to do isn't the >> equivalent of building a flat-pack bookcase. >> >> Jules > > I start at the equivalent to $230 - 250... 200 would be a "friendly" > price... And real friends get it for free... not counting the > booze:-). What shocks me is that some of these rich types actually > consider it... I probably will have to raise it before too long:-). > Problem whith that kind of job would be that I'd never get away from > it ... Any insignificant&unrelated problem would suddenly be part of > the deal ("Oh, and the broadband TV needs some adjusting"... "Sure, > that will be another hour" ... Not my cup of $HOTBEVERAGE:-) I sometimes give away PC's to people without. People asked me why I didn't sell them. For the same reason... If I sell it I have to support it. But if it is free, you are on your own. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Sat Feb 3 01:57:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 3 01:01:09 2007 Subject: automated mail server stress testing? In-Reply-To: <45C3D414.9090900@fractalweb.com> References: <45C3D414.9090900@fractalweb.com> Message-ID: <223f97700702021657l4b456e87lea493e8e64ae0d1f@mail.gmail.com> On 03/02/07, Chris Yuzik wrote: > Just wondering if there are any programs/scripts/whatever that can put > an artificial high load on our new server so we can see if anything > breaks *before* we start moving real users to this new box. > > Ideally, I'd like to create a hundred or so (fake) users, then hit this > box with ridiculous amounts of mail (and artificial spam/viruses too) so > we can make sure it handles the load without breaking, doesn't let > viruses through, etc. > > Anyone aware of an automated server stress tester such as this? > Depends a bit... You could snarf a copy of yoour real data and feed into this new one (roundhouse, alwasys_bcc in PF etc), or you could use postal (http://www.coker.com.au/postal/)... or write your own:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Sat Feb 3 02:12:45 2007 From: res at ausics.net (Res) Date: Sat Feb 3 01:16:23 2007 Subject: Performance In-Reply-To: <223f97700702021644w2f6872e2id47e836f20886880@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> <45C27677.5070108@enitech.com.au> <223f97700702011714q558ec69exc7416b7c81421a20@mail.gmail.com> <45C29697.4070209@enitech.com.au> <223f97700702011759p1db84fc8ga0645b61dabd1ce1@mail.gmail.com> <45C2C995.30909@enitech.com.au> <45C36D50.7020507@cenpac.net.nr> <223f97700702021644w2f6872e2id47e836f20886880@mail.gmail.com> Message-ID: On Sat, 3 Feb 2007, Glenn Steen wrote: >> Yep, thats why early sendmail by default allowed it, back then you could >> 'trust thy neighbour' when the influx of unstrustworthy no good lamers >> started to pop up that changed (I think around '97) to not relay by >> default. Like most things in life "if you abuse it, you lose it". >> > Early sendmail == early 80:ies.... UUCP anyone? Banged adresses (no, > not fornication of any kind:-)... Those were the days.... not. Sure, About 84/85 I think? > there was a lot less things reminiscent of spam... but really, it Naturally, after all back then the internet was only then starting to be a public thing ('82?) and no bastard could afford it :) ARPANET really did the hard yards earlier for about 10 (?) years earlier, I think there was another around the same time but name escapes me. > Many of you probably remember this more vividly than I:-D If they do Glenn, it will I'm sure make at least yourself and I feel much younger than we are :D SO SPEAK UP someone :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From MailScanner at ecs.soton.ac.uk Sat Feb 3 14:18:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 3 13:23:02 2007 Subject: automated mail server stress testing? In-Reply-To: <45C3D414.9090900@fractalweb.com> References: <45C3D414.9090900@fractalweb.com> Message-ID: <45C48B9B.3010000@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do this by using a little milter that a friend (Matt) wrote for me. You can also use one of the milters on www.snertsoft.com as well, there is one there that will do it you. What you need is this basically a) Your real MXs have this filter installed to add (bcc) recipients to every message. For each recipient you add, you change the domain name to something made up, so in my case I add test@alegriatest1.com test@alegriatest2.com test@alegriatest3.com test@alegriatest4.com test@alegriatest5.com Then you have a mailertable that directs mail to all those domains to your test box, likethis: alegriatest1.com esmtp:[alegria.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] alegriatest2.com esmtp:[alegria2.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] alegriatest3.com esmtp:[alegria3.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] alegriatest4.com esmtp:[alegria4.ecs.soton.ac.uk]:[karla.ecs.soton.ac.uk] I use different hostnames for each one so that sendmail cannot possibly realise that these messages are going to the same place, and therefore merge them back in 1 message with multiple recipients. Sendmail is very good at doing that, and you have to try quite hard to stop it. That gets 5 copies of your incoming mail going to your test server. You then turn that test server into a dumb relay that MailScanners all its mail and sends it all to another host, which sinks all incoming mail to /dev/null, which you can do with a sendmail.mc that includes define(`LUSER_RELAY', `local:nobody') and then has an alias in /etc/aliases "nobody" to "/dev/null". This all means that your test server does not only test the MailScanner load, but also all the SMTP traffic load of the mail coming in and mail going out. This is the best of building a test setup that I have found. Sorry if it sounds a bit complicated, just build and test it one step at a time. My incoming feed is about 200k messages and my test server can handle 16 times that with all MailScanner and SpamAssassin options switched on, using sendmail. That's 3.2m messages per day without the queue building up. Chris Yuzik wrote: > Just wondering if there are any programs/scripts/whatever that can put > an artificial high load on our new server so we can see if anything > breaks *before* we start moving real users to this new box. > > Ideally, I'd like to create a hundred or so (fake) users, then hit > this box with ridiculous amounts of mail (and artificial spam/viruses > too) so we can make sure it handles the load without breaking, doesn't > let viruses through, etc. > > Anyone aware of an automated server stress tester such as this? > > Thanks, > Chris Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFxIvJEfZZRxQVtlQRAutSAKCzP+oUYv/ekBotZfHlkLKagsS5+gCeLDDL 5kMjRKyVC/XGFk9VE7VD1oQ= =MjY+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From kimptoc at gmail.com Sat Feb 3 15:54:35 2007 From: kimptoc at gmail.com (Chris Kimpton) Date: Sat Feb 3 14:58:08 2007 Subject: More filesys df issues Message-ID: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> Hi, I think I am possibly posting on the wrong forum, but let me start here. And yes, I know I raised a similar issue a few weeks ago - but that was for a different box... I had mailscanner running on a gentoo linux box but this stopped working around 3-4 months and I am now trying to sort it out. I have gone through the steps I did for the other box that had a problem - it looks like Filesys::Df is missing from perl. This is the error I get when debugging MailScanner: ... [16331] dbg: check: is spam? score=2.906 required=5 [16331] dbg: check: tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [16331] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [16331] dbg: bayes: untie-ing [16331] dbg: bayes: untie-ing db_toks [16331] dbg: bayes: untie-ing db_seen Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 820 Undefined subroutine &MailScanner::Message::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1718. Line 1718 is this one: my $df = df($dir, 1024); On the other box, I could use g-cpan to install Filesys::Df with no problem. On this box, g-cpan just hangs. So I tried installing it via perl CPAN shell- which seems to install ok - but I still get the above error. Comparing the boxes, it seems the working one installs Filesys::Df into /usr/lib/.../vendor_perl directory, but my broken box has it in site_perl. I guess I probably need to learn more perl to fix the issue - but if someone does have any thoughts on this, it would be appreciated. Thanks in advance,. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070203/44c4c8cf/attachment.html From MailScanner at ecs.soton.ac.uk Sat Feb 3 17:34:03 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 3 16:37:54 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> Message-ID: <45C4B97B.5080102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Kimpton wrote: > Hi, > > I think I am possibly posting on the wrong forum, but let me start > here. And yes, I know I raised a similar issue a few weeks ago - but > that was for a different box... > > I had mailscanner running on a gentoo linux box but this stopped > working around 3-4 months and I am now trying to sort it out. I have > gone through the steps I did for the other box that had a problem - it > looks like Filesys::Df is missing from perl. > > This is the error I get when debugging MailScanner: > > ... > [16331] dbg: check: is spam? score=2.906 required=5 > [16331] dbg: check: > tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > [16331] dbg: check: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > [16331] dbg: bayes: untie-ing > [16331] dbg: bayes: untie-ing db_toks > [16331] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &MailScanner::Message::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1718. > > Line 1718 is this one: > > my $df = df($dir, 1024); Try changing that to my $df = Filesys::Df::df($dir, 1024); and let me know if this helps at all. > > On the other box, I could use g-cpan to install Filesys::Df with no > problem. On this box, g-cpan just hangs. So I tried installing it > via perl CPAN shell- which seems to install ok - but I still get the > above error. > > Comparing the boxes, it seems the working one installs Filesys::Df > into /usr/lib/.../vendor_perl directory, but my broken box has it in > site_perl. > > I guess I probably need to learn more perl to fix the issue - but if > someone does have any thoughts on this, it would be appreciated. > > Thanks in advance,. > Chris Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFxLl9EfZZRxQVtlQRAovaAKDGmbMuEww7OXFZQh1Z5Je1oeAxkACgprgn fsr3GfCNgnzG0Fo5kDzNgAE= =WoTQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From root at doctor.nl2k.ab.ca Sat Feb 3 18:29:55 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Feb 3 17:34:33 2007 Subject: More filesys df issues In-Reply-To: <45C4B97B.5080102@ecs.soton.ac.uk> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> Message-ID: <20070203172954.GA27669@doctor.nl2k.ab.ca> On Sat, Feb 03, 2007 at 04:34:03PM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Chris Kimpton wrote: > > Hi, > > > > I think I am possibly posting on the wrong forum, but let me start > > here. And yes, I know I raised a similar issue a few weeks ago - but > > that was for a different box... > > > > I had mailscanner running on a gentoo linux box but this stopped > > working around 3-4 months and I am now trying to sort it out. I have > > gone through the steps I did for the other box that had a problem - it > > looks like Filesys::Df is missing from perl. > > > > This is the error I get when debugging MailScanner: > > > > ... > > [16331] dbg: check: is spam? score=2.906 required=5 > > [16331] dbg: check: > > tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > > [16331] dbg: check: > > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > > > [16331] dbg: bayes: untie-ing > > [16331] dbg: bayes: untie-ing db_toks > > [16331] dbg: bayes: untie-ing db_seen > > Ignore errors about failing to find EOCD signature > > format error: can't find EOCD signature > > at /usr/sbin/MailScanner line 820 > > Undefined subroutine &MailScanner::Message::df called at > > /usr/lib/MailScanner/MailScanner/Message.pm line 1718. > > > > Line 1718 is this one: > > > > my $df = df($dir, 1024); > Try changing that to > my $df = Filesys::Df::df($dir, 1024); > and let me know if this helps at all. > > > > On the other box, I could use g-cpan to install Filesys::Df with no > > problem. On this box, g-cpan just hangs. So I tried installing it > > via perl CPAN shell- which seems to install ok - but I still get the > > above error. > > > > Comparing the boxes, it seems the working one installs Filesys::Df > > into /usr/lib/.../vendor_perl directory, but my broken box has it in > > site_perl. > > > > I guess I probably need to learn more perl to fix the issue - but if > > someone does have any thoughts on this, it would be appreciated. > > > > Thanks in advance,. > > Chris > So we be delaying implementation of the latest because of this? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kimptoc at gmail.com Sat Feb 3 18:33:37 2007 From: kimptoc at gmail.com (Chris Kimpton) Date: Sat Feb 3 17:37:11 2007 Subject: More filesys df issues In-Reply-To: <45C4B97B.5080102@ecs.soton.ac.uk> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> Message-ID: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Hi Julian, Thanks for the quick reply. Tried the setting but the error is largely the same: [17119] dbg: bayes: untie-ing [17119] dbg: bayes: untie-ing db_toks [17119] dbg: bayes: untie-ing db_seen Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 820 Undefined subroutine &Filesys::Df::df called at /usr/lib/MailScanner/MailScanner/Message.pm line 1719. My line now looks like this (just double checking) my $df = Filesys::Df::df($dir, 1024); Probably not related but it does just sit there for 5-10 minutes before it gives the error. Thanks, Chris On 2/3/07, Julian Field wrote: > > Try changing that to > my $df = Filesys::Df::df($dir, 1024); > and let me know if this helps at all. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070203/b51ee8c8/attachment.html From uxbod at splatnix.net Sat Feb 3 21:57:34 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 20:57:42 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Message-ID: <20070203205734.602a1c74@uxbod.splatnix.net> Chris, I am running on Gentoo so what would be useful is the following :- 1) emerge gentoolkit 2) equery list | grep perl and post the result. Thanks, On Sat, 3 Feb 2007 17:33:37 +0000 "Chris Kimpton" wrote: > Hi Julian, > > Thanks for the quick reply. > > Tried the setting but the error is largely the same: > > [17119] dbg: bayes: untie-ing > [17119] dbg: bayes: untie-ing db_toks > [17119] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &Filesys::Df::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1719. > > My line now looks like this (just double checking) > > my $df = Filesys::Df::df($dir, 1024); > > Probably not related but it does just sit there for 5-10 minutes before it > gives the error. > > Thanks, > Chris > > > On 2/3/07, Julian Field wrote: > > > > Try changing that to > > my $df = Filesys::Df::df($dir, 1024); > > and let me know if this helps at all. > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sat Feb 3 22:00:48 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 21:00:56 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Message-ID: <20070203210048.2814b8bd@uxbod.splatnix.net> Hmmm, you probably want to emerge dev-perl/Filesys-DiskSpace but what is strange is that I don't have that module installed, yet my system works fine. Is there a condition on that module being used Julian ? On Sat, 3 Feb 2007 17:33:37 +0000 "Chris Kimpton" wrote: > Hi Julian, > > Thanks for the quick reply. > > Tried the setting but the error is largely the same: > > [17119] dbg: bayes: untie-ing > [17119] dbg: bayes: untie-ing db_toks > [17119] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &Filesys::Df::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1719. > > My line now looks like this (just double checking) > > my $df = Filesys::Df::df($dir, 1024); > > Probably not related but it does just sit there for 5-10 minutes before it > gives the error. > > Thanks, > Chris > > > On 2/3/07, Julian Field wrote: > > > > Try changing that to > > my $df = Filesys::Df::df($dir, 1024); > > and let me know if this helps at all. > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sat Feb 3 22:05:25 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 21:05:33 2007 Subject: More filesys df issues In-Reply-To: <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> Message-ID: <20070203210525.1fb5a23a@uxbod.splatnix.net> Arghh, what version of perl are you running ? I am on 5.8.8 ~x86_64 branch, and I reckon that this has now been included in the default installation of Perl. Just emerge the last package I said and you should be okay. UxBoD On Sat, 3 Feb 2007 17:33:37 +0000 "Chris Kimpton" wrote: > Hi Julian, > > Thanks for the quick reply. > > Tried the setting but the error is largely the same: > > [17119] dbg: bayes: untie-ing > [17119] dbg: bayes: untie-ing db_toks > [17119] dbg: bayes: untie-ing db_seen > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Undefined subroutine &Filesys::Df::df called at > /usr/lib/MailScanner/MailScanner/Message.pm line 1719. > > My line now looks like this (just double checking) > > my $df = Filesys::Df::df($dir, 1024); > > Probably not related but it does just sit there for 5-10 minutes before it > gives the error. > > Thanks, > Chris > > > On 2/3/07, Julian Field wrote: > > > > Try changing that to > > my $df = Filesys::Df::df($dir, 1024); > > and let me know if this helps at all. > > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nerijusb at dtiltas.lt Sat Feb 3 22:37:18 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Sat Feb 3 21:43:40 2007 Subject: New Beta 4.58.6 released In-Reply-To: <223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com> References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com><223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com><45BFD212.6090204@rogers.com> <223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com> Message-ID: <20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> On Wed, 31 Jan 2007 10:08:03 +0100 Glenn Steen wrote: > > Thanks for the details Glenn. Am i correct in understanding that this > > will only affect users of milters? > > > Yes. Seems you don't have to have it actually "edit" anything though, > the p record "placeholders" will be added just by enabling it... Then > again, why would one have a milter that was in effect a "dummy":-). Why not? For example milter-greylist accepts or rejects message (and can add a header, but it's not important and can be disabled), so if Postfix didn't add p placeholders in such case, milter-greylist would have worked without modifying MS... > Seems most people don't use the milter option in 2.3 in conjunction > with MailScanner, since we've had one (1) request in this area > (Nerijus:) for all the time 2.3 has eben around. :) Thanks Glenn for your patches! Regards, Nerijus From glenn.steen at gmail.com Sat Feb 3 22:49:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 3 21:53:26 2007 Subject: New Beta 4.58.6 released In-Reply-To: <20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com> <223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com> <45BFD212.6090204@rogers.com> <223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com> <20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> Message-ID: <223f97700702031349w4e9be3a6meee9118a8b7cddaa@mail.gmail.com> On 03/02/07, Nerijus Baliunas wrote: > On Wed, 31 Jan 2007 10:08:03 +0100 Glenn Steen wrote: > > > > Thanks for the details Glenn. Am i correct in understanding that this > > > will only affect users of milters? > > > > > Yes. Seems you don't have to have it actually "edit" anything though, > > the p record "placeholders" will be added just by enabling it... Then > > again, why would one have a milter that was in effect a "dummy":-). > > Why not? For example milter-greylist accepts or rejects message (and > can add a header, but it's not important and can be disabled), so if > Postfix didn't add p placeholders in such case, milter-greylist would > have worked without modifying MS... Not quite, since it actually adds a header... In the spirit of "Kilroy was here";-) > > Seems most people don't use the milter option in 2.3 in conjunction > > with MailScanner, since we've had one (1) request in this area > > (Nerijus:) for all the time 2.3 has eben around. > > :) Thanks Glenn for your patches! You're welcome... Still working OK for you? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kimptoc at gmail.com Sun Feb 4 00:17:56 2007 From: kimptoc at gmail.com (Chris Kimpton) Date: Sat Feb 3 23:21:32 2007 Subject: More filesys df issues In-Reply-To: <20070203210525.1fb5a23a@uxbod.splatnix.net> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> <20070203210525.1fb5a23a@uxbod.splatnix.net> Message-ID: <655b3580702031517s225ab519i7f80d620f5c083c2@mail.gmail.com> Hi, I had dev-perl/Filesys-DiskSpace-0.05 installed. So I removed it and tried again and that seemed to fix it - seems like it was causing a conflict. Its now working its way through the backlog ;-) For the record the perl version is this: quarks2 ~ # perl -v This is perl, v5.8.8 built for i686-linux The equery list gives these: quarks2 ~ # equery list | grep perl app-admin/perl-cleaner-1.04.3 dev-lang/perl-5.8.8-r2 dev-perl/Archive-Tar-1.28 dev-perl/Archive-Zip-1.16 dev-perl/Bit-Vector-6.4 dev-perl/Carp-Clan-5.3 dev-perl/Class-MethodMaker-2.08 dev-perl/Compress-Raw-Zlib-2.001 dev-perl/Compress-Zlib-2.001 dev-perl/Convert-BinHex-1.119 dev-perl/Convert-TNEF-0.17-r2 dev-perl/Crypt-SSLeay-0.51-r1 dev-perl/DBD-SQLite-1.11 dev-perl/DBD-mysql-2.9007 dev-perl/DBI-1.50 dev-perl/Date-Calc-5.4 dev-perl/Digest-HMAC-1.01-r1 dev-perl/Digest-SHA1-2.11 dev-perl/ExtUtils-CBuilder-0.15 dev-perl/HTML-Parser-3.48 dev-perl/HTML-Tagset-3.10 dev-perl/HTML-Tree-3.19.01 dev-perl/IO-Compress-Base-2.001 dev-perl/IO-Compress-Zlib-2.001 dev-perl/IO-Socket-INET6-2.51 dev-perl/IO-Socket-SSL-0.97 dev-perl/IO-String-1.08 dev-perl/IO-Zlib-1.04 dev-perl/IO-stringy-2.110 dev-perl/Locale-gettext-1.05 dev-perl/Log-Agent-0.307 dev-perl/MIME-tools-5.417 dev-perl/MailTools-1.67 dev-perl/Net-CIDR-0.11 dev-perl/Net-DNS-0.53-r1 dev-perl/Net-Daemon-0.38 dev-perl/Net-IP-1.24 dev-perl/Net-SSLeay-1.25 dev-perl/PlRPC-0.2018 dev-perl/Shell-EnvImporter-1.04 dev-perl/Socket6-0.17 dev-perl/Sys-Hostname-Long-1.2 dev-perl/Tie-IxHash-1.21-r1 dev-perl/TimeDate-1.16 dev-perl/URI-1.35 dev-perl/XML-NamespaceSupport-1.09 dev-perl/XML-Parser-2.34 dev-perl/XML-SAX-0.14-r1 dev-perl/XML-Simple-2.14 dev-perl/extutils-parsexs-2.15 dev-perl/libwww- perl-5.803-r1 dev-perl/module-build-0.28 dev-perl/yaml-0.39 perl-core/DB_File-1.814 perl-core/Digest-MD5-2.33 perl-core/File-Spec-3.12 perl-core/File-Temp-0.16 perl-core/Getopt-Long-2.34 perl-core/MIME- Base64-3.05 perl-core/PodParser-1.32 perl-core/Storable-2.15 perl-core/Sys-Syslog-0.18 perl-core/Test-Harness-2.56 perl-core/Test-Simple-0.64 perl-core/digest-base-1.13 perl-core/libnet-1.19 sys-devel/libperl- 5.8.8-r1 virtual/perl-DB_File-1.814 virtual/perl-Digest-MD5-2.36 virtual/perl-File-Spec-3.12 virtual/perl-File-Temp-0.16 virtual/perl-Getopt-Long-2.35 virtual/perl-MIME-Base64-3.07 virtual/perl-PodParser-1.34 virtual/perl-Scalar-List-Utils-1.18 virtual/perl-Storable-2.15 virtual/perl-Sys-Syslog-0.18 virtual/perl-Test-Harness-2.56 virtual/perl-Test-Simple-0.64 virtual/perl-Time-HiRes-1.86 virtual/perl-digest-base-1.13 virtual/perl-libnet-1.19 Many Thanks for the help, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070203/47b28494/attachment.html From uxbod at splatnix.net Sun Feb 4 00:35:31 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Feb 3 23:35:42 2007 Subject: More filesys df issues In-Reply-To: <655b3580702031517s225ab519i7f80d620f5c083c2@mail.gmail.com> References: <655b3580702030654p705934f5l4c8d26f83ce658f6@mail.gmail.com> <45C4B97B.5080102@ecs.soton.ac.uk> <655b3580702030933t5d718943y6180f878247296b9@mail.gmail.com> <20070203210525.1fb5a23a@uxbod.splatnix.net> <655b3580702031517s225ab519i7f80d620f5c083c2@mail.gmail.com> Message-ID: <20070203233531.08c8ac1a@uxbod.splatnix.net> On Sat, 3 Feb 2007 23:17:56 +0000 "Chris Kimpton" wrote: > Hi, > > I had dev-perl/Filesys-DiskSpace-0.05 installed. So I removed it and > tried again and that seemed to fix it - seems like it was causing a > conflict. Its now working its way through the backlog ;-) > > For the record the perl version is this: > > quarks2 ~ # perl -v > This is perl, v5.8.8 built for i686-linux > > The equery list gives these: > > quarks2 ~ # equery list | grep perl > app-admin/perl-cleaner-1.04.3 > dev-lang/perl-5.8.8-r2 > dev-perl/Archive-Tar-1.28 > dev-perl/Archive-Zip-1.16 > dev-perl/Bit-Vector-6.4 > dev-perl/Carp-Clan-5.3 > dev-perl/Class-MethodMaker-2.08 > dev-perl/Compress-Raw-Zlib-2.001 > dev-perl/Compress-Zlib-2.001 > dev-perl/Convert-BinHex-1.119 > dev-perl/Convert-TNEF-0.17-r2 > dev-perl/Crypt-SSLeay-0.51-r1 > dev-perl/DBD-SQLite-1.11 > dev-perl/DBD-mysql-2.9007 > dev-perl/DBI-1.50 > dev-perl/Date-Calc-5.4 > dev-perl/Digest-HMAC-1.01-r1 > dev-perl/Digest-SHA1-2.11 > dev-perl/ExtUtils-CBuilder-0.15 > dev-perl/HTML-Parser-3.48 > dev-perl/HTML-Tagset-3.10 > dev-perl/HTML-Tree-3.19.01 > dev-perl/IO-Compress-Base-2.001 > dev-perl/IO-Compress-Zlib-2.001 > dev-perl/IO-Socket-INET6-2.51 > dev-perl/IO-Socket-SSL-0.97 > dev-perl/IO-String-1.08 > dev-perl/IO-Zlib-1.04 > dev-perl/IO-stringy-2.110 > dev-perl/Locale-gettext-1.05 > dev-perl/Log-Agent-0.307 > dev-perl/MIME-tools-5.417 > dev-perl/MailTools-1.67 > dev-perl/Net-CIDR-0.11 > dev-perl/Net-DNS-0.53-r1 > dev-perl/Net-Daemon-0.38 > dev-perl/Net-IP-1.24 > dev-perl/Net-SSLeay-1.25 > dev-perl/PlRPC-0.2018 > dev-perl/Shell-EnvImporter-1.04 > dev-perl/Socket6-0.17 > dev-perl/Sys-Hostname-Long-1.2 > dev-perl/Tie-IxHash-1.21-r1 > dev-perl/TimeDate-1.16 > dev-perl/URI-1.35 > dev-perl/XML-NamespaceSupport-1.09 > dev-perl/XML-Parser-2.34 > dev-perl/XML-SAX-0.14-r1 > dev-perl/XML-Simple-2.14 > dev-perl/extutils-parsexs-2.15 > dev-perl/libwww- perl-5.803-r1 > dev-perl/module-build-0.28 > dev-perl/yaml-0.39 > perl-core/DB_File-1.814 > perl-core/Digest-MD5-2.33 > perl-core/File-Spec-3.12 > perl-core/File-Temp-0.16 > perl-core/Getopt-Long-2.34 > perl-core/MIME- Base64-3.05 > perl-core/PodParser-1.32 > perl-core/Storable-2.15 > perl-core/Sys-Syslog-0.18 > perl-core/Test-Harness-2.56 > perl-core/Test-Simple-0.64 > perl-core/digest-base-1.13 > perl-core/libnet-1.19 > sys-devel/libperl- 5.8.8-r1 > virtual/perl-DB_File-1.814 > virtual/perl-Digest-MD5-2.36 > virtual/perl-File-Spec-3.12 > virtual/perl-File-Temp-0.16 > virtual/perl-Getopt-Long-2.35 > virtual/perl-MIME-Base64-3.07 > virtual/perl-PodParser-1.34 > virtual/perl-Scalar-List-Utils-1.18 > virtual/perl-Storable-2.15 > virtual/perl-Sys-Syslog-0.18 > virtual/perl-Test-Harness-2.56 > virtual/perl-Test-Simple-0.64 > virtual/perl-Time-HiRes-1.86 > virtual/perl-digest-base-1.13 > virtual/perl-libnet-1.19 > > > Many Thanks for the help, > Chris > No problem - Glad ya back up and running :) UxBoD -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Feb 4 02:03:01 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun Feb 4 01:03:12 2007 Subject: NOD32 Message-ID: <20070204010301.5803209f@uxbod.splatnix.net> Hi, Just purchased NOD32 and all is working fine apart from the auto-update. Looking at the virus-scanners.conf file the scripts in the lib directory are the same for both pre 1.99 and post 1.99 versions. Is this correct ? TIA, UxBoD -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Sun Feb 4 05:07:15 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Feb 4 04:11:17 2007 Subject: OT: migrate email users from FC2 to Centos? Message-ID: <45C55BF3.7010603@fractalweb.com> Hi everyone, Sorry to bother the list with this question, but I have been googling for at least an hour; additionally, nobody on IRC this evening seems to have any idea. Furthermore, the people on this list have historically proven to be far more knowledgeable with matters such as this than the general population. I'm going to need to migrate all of my users from an old Fedora Core 2 server (about to be put out to pasture) to a Centos 4.4 server. I had hoped to create a script to move the users and encrypted passwords to the new box, but much to my chagrin, it seems that there's a difference with the password hash algorithm between the two boxes. I tested with a sample account and the same password appears very differently in the passwd files on the two systems. For example, the same password "asdf" appears as this: FC2 box: $1$jGZoIM.O$uuiSTyDSdRx000EhzA.gi1 Centos box: $1$70559337$sp1596qcHpI06I2lH1fhI0 I would really rather not have to go through the hassle and inconvenience creating new passwords for everyone and manually changing the users' email client settings. Does anyone know of a utility or script that can convert passwords from Fedora to Centos? Thanks, Chris From doc at maddoc.net Sun Feb 4 05:45:25 2007 From: doc at maddoc.net (Doc Schneider) Date: Sun Feb 4 04:49:01 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C55BF3.7010603@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> Message-ID: <45C564E5.3010700@maddoc.net> Chris Yuzik wrote: > Hi everyone, > > Sorry to bother the list with this question, but I have been googling > for at least an hour; additionally, nobody on IRC this evening seems to > have any idea. Furthermore, the people on this list have historically > proven to be far more knowledgeable with matters such as this than the > general population. > > I'm going to need to migrate all of my users from an old Fedora Core 2 > server (about to be put out to pasture) to a Centos 4.4 server. I had > hoped to create a script to move the users and encrypted passwords to > the new box, but much to my chagrin, it seems that there's a difference > with the password hash algorithm between the two boxes. > > I tested with a sample account and the same password appears very > differently in the passwd files on the two systems. For example, the > same password "asdf" appears as this: > > FC2 box: $1$jGZoIM.O$uuiSTyDSdRx000EhzA.gi1 > Centos box: $1$70559337$sp1596qcHpI06I2lH1fhI0 > > I would really rather not have to go through the hassle and > inconvenience creating new passwords for everyone and manually changing > the users' email client settings. Does anyone know of a utility or > script that can convert passwords from Fedora to Centos? > > Thanks, > Chris I just did a server upgrade new MB/CPU/RAM and moved from RH 7.2 (I know it was old) to CentOS 4.4 64 bit and just copied over the /etc/passwd group gshadow and shadow and no problems. Of course I had to merge them somewhat for system users but that was pretty easy. You could always take the old files and put them in /etc but of course you would need to keep the new ones made by CentOS and add in any uses the system needs. This is what I did. no need to convert anything.. they're both RH based systems. Of course, YMMV. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From jon at radel.com Sun Feb 4 06:26:37 2007 From: jon at radel.com (Jon Radel) Date: Sun Feb 4 05:30:18 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C55BF3.7010603@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> Message-ID: <45C56E8D.10601@radel.com> Chris Yuzik wrote: > > I tested with a sample account and the same password appears very > differently in the passwd files on the two systems. For example, the > same password "asdf" appears as this: > > FC2 box: $1$jGZoIM.O$uuiSTyDSdRx000EhzA.gi1 > Centos box: $1$70559337$sp1596qcHpI06I2lH1fhI0 > > I would really rather not have to go through the hassle and > inconvenience creating new passwords for everyone and manually changing > the users' email client settings. Does anyone know of a utility or > script that can convert passwords from Fedora to Centos? Not needed. Suggest you copy your FC2 entry above to the CentOS just to convince yourself. Then set two accounts on FC2 to the same password and compare the hashes on those. Google on "MD5 salt" for info on what is happening. Short version: If the same password always gave the same MD5 hash, an attacker would simply build a dictionary of the hash resulting from all "common" passwords, do a simple lookup of each entry from your /etc, and probably own your box in mere seconds. It would also be possible to tell if two people had the same password because they'd have the same hash. All very bad. So you use what are supposed to be 8 random characters to "salt" the hash. It drastically slows certain attacks. Very short version: $1$jGZoIM.O$ <> $1$70559337$ --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070204/928dddd8/smime.bin From leiw324 at yahoo.com.hk Sun Feb 4 09:22:22 2007 From: leiw324 at yahoo.com.hk (Wilson Kwok) Date: Sun Feb 4 08:26:00 2007 Subject: How to block domain ? Message-ID: <614018.84183.qm@web54404.mail.yahoo.com> Hi, Where can define to block domain in MailScanner.conf ? Thanks _______________________________________ YM - Â÷½u°T®§ ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C http://messenger.yahoo.com.hk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070204/3e186c7a/attachment.html From ms-list at alexb.ch Sun Feb 4 10:06:35 2007 From: ms-list at alexb.ch (Alex Broens) Date: Sun Feb 4 09:10:19 2007 Subject: NOD32 In-Reply-To: <20070204010301.5803209f@uxbod.splatnix.net> References: <20070204010301.5803209f@uxbod.splatnix.net> Message-ID: <45C5A21B.70906@alexb.ch> On 2/4/2007 2:03 AM, --[ UxBoD ]-- wrote: > Hi, > > Just purchased NOD32 and all is working fine apart from the auto-update. Looking at the virus-scanners.conf file the > scripts in the lib directory are the same for both pre 1.99 and post 1.99 versions. Is this correct ? > Did you enter your user name & passwd in /etc/nod32/nod32.auth all MS should do is run nod32_update (can't check the scritp in lib, atm) Alex From res at ausics.net Sun Feb 4 12:11:04 2007 From: res at ausics.net (Res) Date: Sun Feb 4 11:14:49 2007 Subject: How to block domain ? In-Reply-To: <614018.84183.qm@web54404.mail.yahoo.com> References: <614018.84183.qm@web54404.mail.yahoo.com> Message-ID: Hi, On Sun, 4 Feb 2007, Wilson Kwok wrote: > Where can define to block domain in MailScanner.conf ? If you need to block domain, that's best done in your MTA. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From email at ace.net.au Sun Feb 4 12:24:04 2007 From: email at ace.net.au (Peter Nitschke) Date: Sun Feb 4 11:29:14 2007 Subject: add high scoring spam to my rbl list In-Reply-To: References: Message-ID: <200702042154040364.365488E3@smtp1.ace.net.au> >> Although not exactly what you're looking for, the Vispan project does >> essentially what I think you are looking to do. It simply examines >> MailScanner's log and keeps track of spammers. If a certain spammer >> sends more spams within a specified amount of time then what you >allow, >> then it automatically adds that sender to your access list so that >it's >> denied at the MTA level. >> >Looks like your reply has really hit the jackpot. After searching along >these lines, I've found a gentleman who has patched vispan to do exactly >that. Add them to a rbldns! I will be installing vispan tonight along >with the patches. On a futher note, the author of vispan has implemented >the patch into the main program and is testing as we speak! Any more news on this? From alex at nkpanama.com Sun Feb 4 16:45:37 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 4 15:50:50 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C55BF3.7010603@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> Message-ID: <45C5FFA1.6060304@nkpanama.com> Chris Yuzik wrote: > I tested with a sample account and the same password appears very > differently in the passwd files on the two systems. For example, the > same password "asdf" appears as this: As mentioned by Jon in an earlier post, the different hashes all are valid for the same password. What I usually do is copy all *real* users (uid 500 and up) from one place to the other (watch out for permission issues), but you can also use Webmin to transfer from one to the other. From itdept at fractalweb.com Sun Feb 4 17:27:45 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Feb 4 16:31:52 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C56E8D.10601@radel.com> References: <45C55BF3.7010603@fractalweb.com> <45C56E8D.10601@radel.com> Message-ID: <45C60981.1020704@fractalweb.com> Jon Radel wrote: > Not needed. Suggest you copy your FC2 entry above to the CentOS just to > convince yourself. Then set two accounts on FC2 to the same password > and compare the hashes on those. > > Google on "MD5 salt" for info on what is happening. Short version: If > the same password always gave the same MD5 hash, an attacker would > simply build a dictionary of the hash resulting from all "common" > passwords, do a simple lookup of each entry from your /etc, and probably > own your box in mere seconds. It would also be possible to tell if two > people had the same password because they'd have the same hash. All > very bad. So you use what are supposed to be 8 random characters to > "salt" the hash. It drastically slows certain attacks. > > Very short version: > > $1$jGZoIM.O$ <> $1$70559337$ Jon, Thank you. This makes perfect sense. I appreciate the quick response. Chris From glenn.steen at gmail.com Mon Feb 5 10:26:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 09:29:55 2007 Subject: OT: migrate email users from FC2 to Centos? In-Reply-To: <45C60981.1020704@fractalweb.com> References: <45C55BF3.7010603@fractalweb.com> <45C56E8D.10601@radel.com> <45C60981.1020704@fractalweb.com> Message-ID: <223f97700702050126t2d649834q69bec405c58d61b9@mail.gmail.com> On 04/02/07, Chris Yuzik wrote: > Jon Radel wrote: > > Not needed. Suggest you copy your FC2 entry above to the CentOS just to > > convince yourself. Then set two accounts on FC2 to the same password > > and compare the hashes on those. > > > > Google on "MD5 salt" for info on what is happening. Short version: If > > the same password always gave the same MD5 hash, an attacker would > > simply build a dictionary of the hash resulting from all "common" > > passwords, do a simple lookup of each entry from your /etc, and probably > > own your box in mere seconds. It would also be possible to tell if two > > people had the same password because they'd have the same hash. All > > very bad. So you use what are supposed to be 8 random characters to > > "salt" the hash. It drastically slows certain attacks. > > > > Very short version: > > > > $1$jGZoIM.O$ <> $1$70559337$ > Jon, > > Thank you. This makes perfect sense. I appreciate the quick response. > > Chris If you want another short explanation of all the various formats (well, er, the two different...:-) your passwords can take, see "man crypt" on your system. The MD5 passwords/salt (the $1$$ string) is a GNU extension, so the only thing you'd need convince yourself about is that the system you are moving to can handle that (all semi-modern Linix distros do...:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Mon Feb 5 11:06:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 10:10:32 2007 Subject: Performance In-Reply-To: <45C2B198.6060806@katy.com> Message-ID: <4b994302c58eed488f2a5ff7eb2dade5@solidstatelogic.com> John Normally a good starting point is 5 children per CPU core and 20 messages per batch...tune the Messages per batch to suit your machine (ie play with value and see whats best in your setup_). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of John Schmerold > Sent: 02 February 2007 03:36 > To: MailScanner discussion > Subject: Re: Performance > > I set Children & Messages per scan low after viewing: > http://tinyurl.com/ypqot7 > > We've gone back to higher values now. > > John Schmerold > > Randal, Phil wrote: > > Max Children = 2 > > Max Unscanned Messages Per Scan = 10 > > Max Unsafe Messages Per Scan = 10 > > > > These seem a bit on the low side to me. > > > > The defaults are: > > > > Max Children = 5 > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > > > Any reason why you so drastically changed them downwards? > > > > Phil > > -- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of John Schmerold > >> Sent: 31 January 2007 06:13 > >> To: mailscanner@lists.mailscanner.info > >> Subject: Performance > >> > >> We're seeing significant backlogs, mail is taking 2-6 hours > >> to get thru > >> the Postfix/Mailscanner gauntlet we've setup. What's everyone else > >> seeing in terms of mail processing time? > >> > >> I've looked at the home page & WIKI, so, I'm guessing I am missing > >> something or there are new techniques not yet published on the > >> mailscanner.info > >> > >> Some of my statistics are as follows: > >> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD > >> Mail volume: approx 7,500 messages per day > >> Misc: We have set the noatime flag on spool and log > >> partitions & use a > >> local DNS caching nameserver. > >> > >> MS Configuration: > >> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf > >> # See http://www.mailscanner.info/MailScanner.conf.index.html for all > >> options & defaults > >> %etc-dir% = /etc/MailScanner > >> %mcp-dir% = /etc/MailScanner/mcp > >> %org-long-name% = Schmerold > >> %org-name% = Schmerold > >> %report-dir% = /etc/MailScanner/reports/en > >> %rules-dir% = /etc/MailScanner/rules > >> %web-site% = www.schmerold.com > >> > >> Always Include SpamAssassin Report = yes > >> Archive Mail = /etc/MailScanner/rules/archive.rules > >> High Scoring Spam Actions = store > >> High SpamAssassin Score = 7 > >> Incoming Queue Dir = /var/spool/postfix/hold > >> Incoming Work Dir = /var/spool/MailScanner/incoming > >> Language Strings = /etc/MailScanner/reports/en/languages.conf > >> MTA = postfix > >> Outgoing Queue Dir = /var/spool/postfix/incoming > >> Required SpamAssassin Score = 4 > >> Restart Every = 7200 > >> Run As Group = postfix > >> Run As User = postfix > >> Sign Clean Messages = no > >> SpamAssassin Site Rules Dir = /etc/mail/spamassassin > >> > >> Log Speed = yes > >> Max Children = 2 > >> Max Unscanned Messages Per Scan = 10 > >> Max Unsafe Messages Per Scan = 10 > >> Spam List = > >> Virus Scanners = f-prot > >> [root@mx1 ~]# > >> > >> PostFix Configuration: > >> [root@mx1 ~]# postconf -n > >> canonical_maps = hash:/etc/postfix/canonical > >> config_directory = /etc/postfix > >> disable_vrfy_command = yes > >> hash_queue_names = "" > >> header_checks = regexp:/etc/postfix/header_checks > >> masquerade_exceptions = root > >> message_size_limit = 51200000 > >> mydomain = schmerold.com > >> myhostname = mx1.schmerold.com > >> mynetworks = 127.0.0.0/8 65.16.251.208/29 > >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > >> smtpd_data_restrictions = reject_unauth_pipelining, permit > >> smtpd_helo_required = yes > >> smtpd_recipient_restrictions = reject_invalid_hostname > >> reject_non_fqdn_hostname reject_non_fqdn_sender > >> reject_non_fqdn_recipient reject_unknown_sender_domain > >> permit_mynetworks reject_unauth_destination check_sender_access > >> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org > >> reject_rbl_client zen.spamhaus.org permit > >> smtpd_sender_restrictions = hash:/etc/postfix/access > >> transport_maps = hash:/etc/postfix/transport > >> virtual_alias_domains = hash:/etc/postfix/virtual > >> virtual_alias_maps = hash:/etc/postfix/virtual > >> [root@mx1 ~]# > >> > >> > >> MS Log: > >> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40" > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to > >> 389AB894965 > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to > >> A6D8289500D > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to > >> 20327894942 > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered > >> 7 messages > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at > >> 128844 bytes > >> per second (8272398 / 64) > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) > >> processed in > >> 64.20 seconds > >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 > >> messages > >> waiting > >> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning > >> 10 messages, > >> 169939 bytes > >> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the > >> SpamAssassin cache > >> Jan 30 23:40:04 mx1 named[2116]: lame server resolving > >> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53 > >> Jan 30 23:40:08 mx1 named[2116]: lame server resolving > >> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): > >> 194.70.36.12#53 > >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 > >> spam messages > >> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 > >> bytes per second > >> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content > >> Scanning: Starting > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at > >> 156861 bytes per second > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from > >> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and > >> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from > >> www-data@balancetechnology.com > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to > >> 6535E894D8C > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to > >> DB04E894E55 > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to > >> 0597D895371 > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to > >> 0CB4B8953AD > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to > >> AC1D989448D > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to > >> A879089466A > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to > >> 80A7B894E67 > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered > >> 7 messages > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at > >> 650569 bytes per second > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes > >> per second (86123 / 70) > >> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) > >> processed in > >> 70.85 seconds > >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 > >> messages > >> waiting > >> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning > >> 10 messages, > >> 160591 bytes > >> [root@mx1 ~]# > >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From talora-listas at talora.com.br Mon Feb 5 13:32:38 2007 From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=) Date: Mon Feb 5 12:37:38 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> Message-ID: <45C723E6.6010303@talora.com.br> Thanks guys. This achieving option seems really to rock!!! :D Just another thing: if I use: From or To: *yahoogroups.com.br (...) Will MailScanner recognize messages where "*yahoogroups.com.br" appears only on the CC (carbon copy) field? Thanks! Luis Talora Glenn Steen escreveu: > On 02/02/07, David Vosburgh wrote: >> If I understand you correctly, you should be able to use the mail >> archiving feature of MS: >> >> In MailScanner.conf: >> Archive Mail = %rules-dir%/mail_archive.rules >> >> In mail_archive_rules: >> From: *yahoogrupos.com.br >> /var/spool/MailScanner/mail_archive/yahoo_groups >> yahoo_groups@your.domain.com >> >> The above line will archive a copy to a local mbox and also forward a >> copy to some other email account. I think. >> >> You'd obviously need to create the directory >> /var/spool/MailScanner/mail_archive first. >> >> Dave >> > Nah, archiving is overkill here:-). > > Forgot the obligatory "Make sure it's leagal/allowed by policy before > implementing this" gripe... So there it is:-). > > Cheers From alex at nkpanama.com Mon Feb 5 14:18:05 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 13:23:14 2007 Subject: Performance In-Reply-To: <4b994302c58eed488f2a5ff7eb2dade5@solidstatelogic.com> References: <4b994302c58eed488f2a5ff7eb2dade5@solidstatelogic.com> Message-ID: <45C72E8D.7060900@nkpanama.com> Martin.Hepworth wrote: > John > > Normally a good starting point is 5 children per CPU core and 20 > messages per batch...tune the Messages per batch to suit your machine > (ie play with value and see whats best in your setup_). > From experience, does this also apply with HyperThreading cpu's, or should these count as one? From alex at nkpanama.com Mon Feb 5 14:19:08 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 13:24:18 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C723E6.6010303@talora.com.br> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> <45C723E6.6010303@talora.com.br> Message-ID: <45C72ECC.3000007@nkpanama.com> Lu?s Fernando C. Talora wrote: > Thanks guys. This achieving option seems really to rock!!! :D > > Just another thing: if I use: > > From or To: *yahoogroups.com.br (...) > > Will MailScanner recognize messages where "*yahoogroups.com.br" appears > only on the CC (carbon copy) field? AFAIK, it cares who "receives" the message in the end, not if the recipient was in To: or CC: or even BCC: - but could someone correct me if this isn't the case? Thanks... From martinh at solidstatelogic.com Mon Feb 5 14:27:03 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 13:30:55 2007 Subject: Performance In-Reply-To: <45C72E8D.7060900@nkpanama.com> Message-ID: <0889cecfced38a4fad9ba7b3179ea522@solidstatelogic.com> Alex For CPU as count these as 1, for memory I count as 1.5. Ie we normally recommend 1GB per CPU core.. Tune to taste, but 5 is a good starting point, then tune the batch size... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: 05 February 2007 13:18 > To: MailScanner discussion > Subject: Re: Performance > > Martin.Hepworth wrote: > > John > > > > Normally a good starting point is 5 children per CPU core and 20 > > messages per batch...tune the Messages per batch to suit your machine > > (ie play with value and see whats best in your setup_). > > > > From experience, does this also apply with HyperThreading cpu's, or > should these count as one? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From uxbod at splatnix.net Mon Feb 5 14:39:50 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 13:43:36 2007 Subject: Deliver SPAM too IMAP folder Message-ID: Hi All, How easy would it be add additional code to MailScanner to be able to deliver email direct to users IMAP folders, instead of injecting back into the MTA queue? Cheers, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Mon Feb 5 14:45:54 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 13:49:45 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: Message-ID: Depends on how good you perl is to write a custom function.... MailScanner isn't either a MTA or a MDA... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of uxbod > Sent: 05 February 2007 13:40 > To: mailscanner@lists.mailscanner.info > Subject: Deliver SPAM too IMAP folder > Importance: Low > > Hi All, > > How easy would it be add additional code to MailScanner to be able to > deliver email direct to users IMAP folders, instead of injecting back into > the MTA queue? > > Cheers, > > -- > --[ UxBoD ]-- > // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 > // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From edwardbruce at sbcglobal.net Mon Feb 5 14:58:15 2007 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Mon Feb 5 14:01:59 2007 Subject: Performance In-Reply-To: <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> Message-ID: <45C737F7.3060606@sbcglobal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > > So, there is litle to no risk with this. The sender _will_ get a > somewhat informative reject code, and should be able to find the > problem at their end... Forcing _them_ to comply to the RFC;-). > One would hope. A major software vendor whose accounting software my company uses has a misconfigured MTA. I've told them and told them. I've whitelisted them and then volunteered to help configure it correctly. There response is please keep whitelisting us. This is a company that develops software and they can't configure their Exchange Server. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxzf3pdNaP9x3McgRAgewAKCFY18hcj/gPkYkYyWVKFX4BXpioACdEE0q yaJdkuhe6gUZrKWDFoU7MKM= =tzJx -----END PGP SIGNATURE----- From alex at nkpanama.com Mon Feb 5 15:17:51 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 14:23:09 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <45C73C8F.6010101@nkpanama.com> Martin.Hepworth wrote: > Depends on how good you perl is to write a custom function.... > > MailScanner isn't either a MTA or a MDA... It would involve supporting several different methods and possible configurations, file locking issues, etc. - although I *think* it could be done the way it is now - after a fashion. What do I mean? Well, since you can "Archive Mail =" by ruleset, you can selectively archive mail to an IMAP-readable folder - which is what I've done for some clients. Of course, this would be an archive and not a "delivery" per se - but you could set both spam and nonspam actions to delete and *then* archive to an IMAP-readable folder on a user's home directory (permissions permitting). Wouldn't be much useful as a delivery method per se, but for archiving it's quite handy. Now, if the original poster meant "deliver *only spam* to an IMAP folder", you could set spam actions to forward to a specific mailbox, which would then be readable using IMAP. From uxbod at splatnix.net Mon Feb 5 15:39:40 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 14:43:51 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <45C73C8F.6010101@nkpanama.com> References: <45C73C8F.6010101@nkpanama.com> Message-ID: <7a4199611015c92948781e8ca9354df7@62.49.223.244> On Mon, 05 Feb 2007 09:17:51 -0500, Alex Neuman van der Hans wrote: > Martin.Hepworth wrote: >> Depends on how good you perl is to write a custom function.... >> >> MailScanner isn't either a MTA or a MDA... > > It would involve supporting several different methods and possible > configurations, file locking issues, etc. - although I *think* it could > be done the way it is now - after a fashion. > > What do I mean? Well, since you can "Archive Mail =" by ruleset, you can > selectively archive mail to an IMAP-readable folder - which is what I've > done for some clients. Of course, this would be an archive and not a > "delivery" per se - but you could set both spam and nonspam actions to > delete and *then* archive to an IMAP-readable folder on a user's home > directory (permissions permitting). > > Wouldn't be much useful as a delivery method per se, but for archiving > it's quite handy. > > Now, if the original poster meant "deliver *only spam* to an IMAP > folder", you could set spam actions to forward to a specific mailbox, > which would then be readable using IMAP. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 Okay, the rationale behind this thought is that I have seen some commercial AV solutions that deliver SPAM too a specific Exchange folder within a users account. Therefore, would like to be able to do this using OSS and deliver to a IMAP folder. I am already using MailWatch so I know I could create individual user accounts, but thought it may be nice to do it this way, instead of making the user setup rules based on tags. I am not to bad at Perl so will take a look at it. Thanks all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Feb 5 15:54:07 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 5 14:59:19 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <7a4199611015c92948781e8ca9354df7@62.49.223.244> References: <45C73C8F.6010101@nkpanama.com> <7a4199611015c92948781e8ca9354df7@62.49.223.244> Message-ID: <45C7450F.4020901@nkpanama.com> uxbod wrote: Okay, the rationale behind this thought is that I have seen some commercial AV solutions that deliver SPAM too a specific Exchange folder within a users account. Therefore, would like to be able to do this using OSS and deliver to a IMAP folder. - Well, you can do that with procmail. Since MS will add a header that some clients (like Thunderbird) respect, you can filter on that and move messages to a folder. My setup is: /home/alex/.procmailrc : :0: * ^X-Spam-Status: Yes mail/Junk That way all junk mail goes there. Substitute mail/Junk for something else (like a communal spam folder, for example). From martinh at solidstatelogic.com Mon Feb 5 16:01:57 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 5 15:05:47 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <45C7450F.4020901@nkpanama.com> Message-ID: This is down to the MDA and MTA......if you're using MS-Exch you should be able to use that to redirect as required... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: 05 February 2007 14:54 > To: MailScanner discussion > Subject: Re: Deliver SPAM too IMAP folder > > > > uxbod wrote: > Okay, the rationale behind this thought is that I have seen some > commercial AV solutions that deliver SPAM too a specific Exchange folder > within a users account. Therefore, would like to be able to do this > using OSS and deliver to a IMAP folder. > > > - Well, you can do that with procmail. Since MS will add a header that > some clients (like Thunderbird) respect, you can filter on that and move > messages to a folder. My setup is: > > /home/alex/.procmailrc : > > :0: > * ^X-Spam-Status: Yes > mail/Junk > > That way all junk mail goes there. Substitute mail/Junk for something > else (like a communal spam folder, for example). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From chandler.lists at chapman.edu Mon Feb 5 16:43:06 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Mon Feb 5 15:46:52 2007 Subject: New Version of Postfix Message-ID: <45C7508A.40103@chapman.edu> Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. Any reason I shouldn't install this vis a vis MailScanner? I'd ask on that list, but you all know by now the response I'd get... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: We're upgrading /dev/null From glenn.steen at gmail.com Mon Feb 5 17:10:45 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 16:14:30 2007 Subject: Performance In-Reply-To: <45C737F7.3060606@sbcglobal.net> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> <45C737F7.3060606@sbcglobal.net> Message-ID: <223f97700702050810g4f189256w5c8d9aec1cc1a3ff@mail.gmail.com> On 05/02/07, Ed Bruce wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > > > > > So, there is litle to no risk with this. The sender _will_ get a > > somewhat informative reject code, and should be able to find the > > problem at their end... Forcing _them_ to comply to the RFC;-). > > > > One would hope. A major software vendor whose accounting software my > company uses has a misconfigured MTA. I've told them and told them. I've > whitelisted them and then volunteered to help configure it correctly. > There response is please keep whitelisting us. This is a company that > develops software and they can't configure their Exchange Server. Yes? Did you explain to them that this is loosing them money, potentially? And they still persist? I'm assuming you mean they HELO/EHLO with something strange, like your IP address or domain name ... Else it's a bit non-relevant to this subthread:-):-) Then again... I suppose there are fools all over the world (and sometimes even we could be seen as such:-), but... "Helping" them remain fools isn't really helping anyone, now is it?;) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Feb 5 17:14:13 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 16:17:57 2007 Subject: New Version of Postfix In-Reply-To: <45C7508A.40103@chapman.edu> References: <45C7508A.40103@chapman.edu> Message-ID: <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> On 05/02/07, Jay Chandler wrote: > Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. > > Any reason I shouldn't install this vis a vis MailScanner? I'd ask on > that list, but you all know by now the response I'd get... > Not that I can see... The only known problem with PF<>MS (ATM) is the milter support adding p records (well, a bit more involved, but that is the one that breaks things)... And you likely don't use that, so ... it should be safe. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Mon Feb 5 17:16:40 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 16:21:49 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: We are not using Exchange which is why I said about IMAP. I thought Postfix, which I use, would just deliver to the Maildir and it is down to the client software to either move automatically or via input to a folder. With respect to procmail then this surely would require a batch job to execute for each user, and I though procmail was used to pull mail from a remote source and distribute, not on the same server. On Mon, 05 Feb 2007 15:01:57 +0000, "Martin.Hepworth" wrote: > > This is down to the MDA and MTA......if you're using MS-Exch you should > be able to use that to redirect as required... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans >> Sent: 05 February 2007 14:54 >> To: MailScanner discussion >> Subject: Re: Deliver SPAM too IMAP folder >> >> >> >> uxbod wrote: >> Okay, the rationale behind this thought is that I have seen some >> commercial AV solutions that deliver SPAM too a specific Exchange > folder >> within a users account. Therefore, would like to be able to do this >> using OSS and deliver to a IMAP folder. >> >> >> - Well, you can do that with procmail. Since MS will add a header that >> some clients (like Thunderbird) respect, you can filter on that and > move >> messages to a folder. My setup is: >> >> /home/alex/.procmailrc : >> >> :0: >> * ^X-Spam-Status: Yes >> mail/Junk >> >> That way all junk mail goes there. Substitute mail/Junk for something >> else (like a communal spam folder, for example). >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Feb 5 17:34:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 5 16:37:57 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <223f97700702050834q5f37d62od2c51379c8604f9c@mail.gmail.com> On 05/02/07, uxbod wrote: > We are not using Exchange which is why I said about IMAP. I thought Postfix, which I use, would just deliver to the Maildir and it is down to the client software to either move automatically or via input to a folder. > > With respect to procmail then this surely would require a batch job to execute for each user, and I though procmail was used to pull mail from a remote source and distribute, not on the same server. > Eh. No. I think you have it confised with fetchmail;-). Procmail is used to "process" mail in a variety of ways... Read the procmailex manpage to see some nice examples. You can use procmail to do the local mailbox delivery by way of the mailbox_command. This is good, since you'll have procmail run for each delivered mail without having to fiddle with any (fake) .forward file, as you would if you only wanted procmail for _some_ users... This is snipped from a main.cf.dist on one of my Mandriva systems... Explains it better than I do:-): ---- # The mailbox_command parameter specifies the optional external # command to use instead of mailbox delivery. The command is run as # the recipient with proper HOME, SHELL and LOGNAME environment settings. # Exception: delivery for root is done as $default_user. # # Other environment variables of interest: USER (recipient username), # EXTENSION (address extension), DOMAIN (domain part of address), # and LOCAL (the address localpart). # # Unlike other Postfix configuration parameters, the mailbox_command # parameter is not subjected to $parameter substitutions. This is to # make it easier to specify shell syntax (see example below). # # Avoid shell meta characters because they will force Postfix to run # an expensive shell process. Procmail alone is expensive enough. # # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. # #mailbox_command = /some/where/procmail #mailbox_command = /some/where/procmail -a "$EXTENSION" ---- HtH Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Mon Feb 5 17:44:23 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Feb 5 16:48:16 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <45C75EE7.2010701@alexb.ch> On 2/5/2007 2:39 PM, uxbod wrote: > Hi All, > > How easy would it be add additional code to MailScanner to be able to > deliver email direct to users IMAP folders, instead of injecting back > into the MTA queue? > > Cheers, Julian started writing a custom function to do this some time ago. It never really worked and required a MS hack so I dropped its use. If he reads this he might pickup where he stopped and make it usable Alex From uxbod at splatnix.net Mon Feb 5 17:46:33 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 5 16:51:48 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <223f97700702050834q5f37d62od2c51379c8604f9c@mail.gmail.com> References: <223f97700702050834q5f37d62od2c51379c8604f9c@mail.gmail.com> Message-ID: Doh! Slaps self around head with wet fish ;) Must sleep more. On Mon, 5 Feb 2007 17:34:12 +0100, "Glenn Steen" wrote: > On 05/02/07, uxbod wrote: >> We are not using Exchange which is why I said about IMAP. I thought > Postfix, which I use, would just deliver to the Maildir and it is down to > the client software to either move automatically or via input to a folder. >> >> With respect to procmail then this surely would require a batch job to > execute for each user, and I though procmail was used to pull mail from a > remote source and distribute, not on the same server. >> > Eh. No. I think you have it confised with fetchmail;-). Procmail is > used to "process" mail in a variety of ways... Read the procmailex > manpage to see some nice examples. > > You can use procmail to do the local mailbox delivery by way of the > mailbox_command. This is good, since you'll have procmail run for each > delivered mail without having to fiddle with any (fake) .forward file, > as you would if you only wanted procmail for _some_ users... > This is snipped from a main.cf.dist on one of my Mandriva systems... > Explains it better than I do:-): > ---- > # The mailbox_command parameter specifies the optional external > # command to use instead of mailbox delivery. The command is run as > # the recipient with proper HOME, SHELL and LOGNAME environment settings. > # Exception: delivery for root is done as $default_user. > # > # Other environment variables of interest: USER (recipient username), > # EXTENSION (address extension), DOMAIN (domain part of address), > # and LOCAL (the address localpart). > # > # Unlike other Postfix configuration parameters, the mailbox_command > # parameter is not subjected to $parameter substitutions. This is to > # make it easier to specify shell syntax (see example below). > # > # Avoid shell meta characters because they will force Postfix to run > # an expensive shell process. Procmail alone is expensive enough. > # > # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN > # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. > # > #mailbox_command = /some/where/procmail > #mailbox_command = /some/where/procmail -a "$EXTENSION" > ---- > > HtH > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Mon Feb 5 17:58:02 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 5 17:01:54 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: References: Message-ID: <45C7621A.8030703@yeticomputers.com> uxbod wrote: > How easy would it be add additional code to MailScanner to be able to deliver email direct to users IMAP folders, instead of injecting back into the MTA queue? I use sieve to do this on the IMAP server after the message is scanned, scored and tagged. I set up the "default" rules for everyone myself and then showed a few competent power users how to use the avelsieve plugin for SquirrelMail to modify their server side filters. Of course, this technique will not be of much use if you're not using Cyrus or DBMail, but it's quite flexible and powerful if you are. Rick From chandler.lists at chapman.edu Mon Feb 5 18:00:38 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Mon Feb 5 17:04:23 2007 Subject: New Version of Postfix In-Reply-To: <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> References: <45C7508A.40103@chapman.edu> <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> Message-ID: <45C762B6.7090104@chapman.edu> Glenn Steen wrote: > On 05/02/07, Jay Chandler wrote: >> Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. >> >> Any reason I shouldn't install this vis a vis MailScanner? I'd ask on >> that list, but you all know by now the response I'd get... >> > Not that I can see... The only known problem with PF<>MS (ATM) is the > milter support adding p records (well, a bit more involved, but that > is the one that breaks things)... And you likely don't use that, so > ... it should be safe. > Thanks, Glenn. Given the peculiar reaction I get over there talking about MailScanner, I wouldn't put it past a developer to intentionally start mucking around with the queue files just to screw with MailScanner. Kinda sad, really. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: We're upgrading /dev/null From rpoe at plattesheriff.org Mon Feb 5 18:07:14 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Feb 5 17:11:29 2007 Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes Of Spam) In-Reply-To: <45B32087.7030109@taz-mania.com> References: <20070119220533.A4014@tmp.com.br> <45B32087.7030109@taz-mania.com> Message-ID: <45C70FE4.65ED.00A2.0@plattesheriff.org> >> The problem with your annoyance at your paying customers who dont want >> greylisting comment here is, business emails are time critical, it is >> unacceptable to delay email destined for lawyers, real estates, >> accountants and every other company where time is crucial, like those >> vying for multi-million dollar contracts. >minutes. I have my greylisting set to only force a 2 minute delay AND >this only occurs on the very first send form one user to another, each >additional email is not delayed at all. >This is really not a valid excuse... Actually, it is, yes. I do MailScanning for a law firm that does business with .. err .. multi billion dollar companies. You'd KNOW the name if I said it (which I won't - it's not necessary). I run GL on my servers, and have been seeing more and more corporate mails getting delayed for very long periods of time ( > 1 day) because people are using server that round-robin outgoing messages via multiple SMTP servers ... and the GL module I use keeps everything in memory (not disk / sql) so if I have to restart it for (whatever) reason it loses the GL tuple - then everything starts over again. Is the round robin sending a bad thing? Yeah, it probably is. But it's not something *I* can control. And I'm sorry, I'm not going to lose a contract with that law firm because they missed a filing deadline with the court because an email was delayed. Email delivery isn't guaranteed - but we (sysadmins across the globe) have made damn sure that it makes it as QUICKLY as it can .. and the (l)users have gotten used to it. From prandal at herefordshire.gov.uk Mon Feb 5 18:14:20 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Feb 5 17:18:11 2007 Subject: Sendmail 8.14.0 is out Message-ID: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> Sendmail 8.14.0 was released on February 1st - release notes here: http://www.sendmail.org/releases/8.14.0.php RPMs for Redhat-based Linux distros can be found over at http://www.city-fan.org/ftp/contrib/mail/ Of particular interest are these new features: CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP clients whose IP address does not have proper reverse DNS. Contributed by Neil Rickert of Northern Illinois University and John Beck of Sun Microsystems. CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP clients which provide a HELO/EHLO argument which is either unqualified, or is one of our own names (i.e., the server name instead of the client name). Contributed by Neil Rickert of Northern Illinois University and John Beck of Sun Microsystems. CONFIG: New FEATURE(`badmx') to reject envelope sender addresses (MAIL) whose domain part resolves to a "bad" MX record. Based on contribution from William Dell Wisner. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From rpoe at plattesheriff.org Mon Feb 5 18:16:15 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Feb 5 17:20:32 2007 Subject: Question on attachment defang??! Message-ID: <45C71201.65ED.00A2.0@plattesheriff.org> I saw (somewhere) where they had a MailScanner chaning a double extension from bad file name example.reallybad.doc to bad file name example.defanged-doc so that the receiver would GET the message but would have to RENAME it to actually run it .. instead of it getting stuck in the quarantine. Looked around in the documentation / faqs but didn't see anything about it .. anyone have any good pointers? thanks! From mrm at medicine.wisc.edu Mon Feb 5 18:47:04 2007 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Feb 5 17:51:23 2007 Subject: Question on attachment defang??! In-Reply-To: <45C71201.65ED.00A2.0@plattesheriff.org> References: <45C71201.65ED.00A2.0@plattesheriff.org> Message-ID: <45C71932.7FBE.00FC.3@medicine.wisc.edu> >>> On 2/5/2007 at 11:16 AM, in message <45C71201.65ED.00A2.0@plattesheriff.org>, "Rob Poe" wrote: > I saw (somewhere) where they had a MailScanner chaning a double > extension from > > bad file name example.reallybad.doc > > to > > bad file name example.defanged-doc > > so that the receiver would GET the message but would have to RENAME it > to actually run it .. instead of it getting stuck in the quarantine. > > Looked around in the documentation / faqs but didn't see anything about > it .. anyone have any good pointers? > > thanks! > I don't know if MailScanner can do it or not, but I used to run this procmail tool alongside MailScanner: http://www.impsec.org/email-tools/procmail-security.html Which does exactly what you want, among many other things. The last build of email servers I did for us did not include the procmail sanitizer because I felt it was impacting performance too much, and was also overlapping a lot of what MailScanner does, so I am no longer using this and haven't really missed it either. Mike From email at ace.net.au Mon Feb 5 19:03:48 2007 From: email at ace.net.au (Peter Nitschke) Date: Mon Feb 5 18:08:12 2007 Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes Of Spam) In-Reply-To: <45C70FE4.65ED.00A2.0@plattesheriff.org> References: <20070119220533.A4014@tmp.com.br> <45B32087.7030109@taz-mania.com> <45C70FE4.65ED.00A2.0@plattesheriff.org> Message-ID: <200702060433480629.3CE8DD6B@smtp1.ace.net.au> >Actually, it is, yes. I do MailScanning for a law firm that does >business with .. err .. multi billion dollar companies. You'd KNOW the >name if I said it (which I won't - it's not necessary). I run GL on my >servers, and have been seeing more and more corporate mails getting >delayed for very long periods of time ( > 1 day) because people are >using server that round-robin outgoing messages via multiple SMTP >servers ... and the GL module I use keeps everything in memory (not disk >/ sql) so if I have to restart it for (whatever) reason it loses the GL >tuple - then everything starts over again. > >Is the round robin sending a bad thing? Yeah, it probably is. But >it's not something *I* can control. And I'm sorry, I'm not going to >lose a contract with that law firm because they missed a filing deadline >with the court because an email was delayed. Email delivery isn't >guaranteed - but we (sysadmins across the globe) have made damn sure >that it makes it as QUICKLY as it can .. and the (l)users have gotten >used to it. This one may be your answer. http://smfs.takm.com/ SMF-Grey+tym Here is the extended version of smf-grey, the original of which is here. This version adds the following features: Shades of grey (variable delay) via DNS white and block lists. Auto reload of configuration file Export and reload of in-memory greylist cache Frequent (configurable) incremental exports of cache with daily cleanup Configurable auto whitelist of sender networks Configurable auto blocking of sender networks From MailScanner at ecs.soton.ac.uk Mon Feb 5 19:24:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 5 18:30:37 2007 Subject: Deliver SPAM too IMAP folder In-Reply-To: <45C75EE7.2010701@alexb.ch> References: <45C75EE7.2010701@alexb.ch> Message-ID: <45C77653.4040705@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > On 2/5/2007 2:39 PM, uxbod wrote: >> Hi All, >> >> How easy would it be add additional code to MailScanner to be able to >> deliver email direct to users IMAP folders, instead of injecting back >> into the MTA queue? >> >> Cheers, > > Julian started writing a custom function to do this some time ago. > It never really worked and required a MS hack so I dropped its use. > > If he reads this he might pickup where he stopped and make it usable I've got no recollection of that at all, which doesn't surprise me. What did it do and how far did I get? I like someone's suggestion of using default Sieve scripts. One of the guys who works for me is currently writing a Sieve script generator and installer in PHP, as apparently the protocol used to install Sieve scripts is trivial. For all the users who don't have a Sieve script (or are using one you didn't generate), you generate and install a script that looks for the X-Spam-Status: header and moves the mail into a Junk folder. Using that header means you are doing the same that SpamAssassin would do if called by spamc/spamd. Always a good idea to use something someone else already does, no point in reinventing the wheel. I like Cyrus more every time I use it :-) If you are going to have to use procmail then you will need to be using a mail-base architecture that procmail understands, which I believe are mbox and maildir. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFx3bfEfZZRxQVtlQRAoJCAKCx5QX/o9IHgZt+btcRO2Mt9uk6GwCg32KY Z0K+Y+uDd6v9N6dS7WI/zf0= =5uWY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From edwardbruce at sbcglobal.net Mon Feb 5 19:34:17 2007 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Mon Feb 5 18:38:03 2007 Subject: Performance In-Reply-To: <223f97700702050810g4f189256w5c8d9aec1cc1a3ff@mail.gmail.com> References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk> <45C07F76.5050409@ecs.soton.ac.uk> <45C260A2.6040601@katy.com> <45C29D90.8080901@katy.com> <223f97700702020132m47b33d89m9b90d5544e07c5f@mail.gmail.com> <45C737F7.3060606@sbcglobal.net> <223f97700702050810g4f189256w5c8d9aec1cc1a3ff@mail.gmail.com> Message-ID: <45C778A9.3060105@sbcglobal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 05/02/07, Ed Bruce wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Glenn Steen wrote: >> >> > >> > So, there is litle to no risk with this. The sender _will_ get a >> > somewhat informative reject code, and should be able to find the >> > problem at their end... Forcing _them_ to comply to the RFC;-). >> > >> >> One would hope. A major software vendor whose accounting software my >> company uses has a misconfigured MTA. I've told them and told them. I've >> whitelisted them and then volunteered to help configure it correctly. >> There response is please keep whitelisting us. This is a company that >> develops software and they can't configure their Exchange Server. > > Yes? Did you explain to them that this is loosing them money, > potentially? And they still persist? I'm assuming you mean they > HELO/EHLO with something strange, like your IP address or domain name > ... Else it's a bit non-relevant to this subthread:-):-) > Then again... I suppose there are fools all over the world (and > sometimes even we could be seen as such:-), but... "Helping" them > remain fools isn't really helping anyone, now is it?;) > They had a malformed HELO/EHLO. I just searched through our mail logs and I couldn't find anything. Started to get worried then found out they changed their company name. With the change they seem to have gotten a clue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFx3ippdNaP9x3McgRAkEvAKCylN4bUJwNYyQxpcAzCRdx4914TgCeO48J BGUUYeDhC2gUiu8bmJvhF30= =H84O -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Mon Feb 5 19:34:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 5 18:40:37 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> Message-ID: <45C778B2.8020004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > CONFIG: New FEATURE(`badmx') to reject envelope sender addresses > (MAIL) whose domain part resolves to a "bad" MX record. > Based on contribution from William Dell Wisner. > Sorry for being lazy, but can someone define "bad" please? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFx3k3EfZZRxQVtlQRAixFAKDKL1GJ2M/PY0cxlC96mBoXhRqg0gCdFH0r oAHeqc3V1Yr+8ufSvtegObw= =gWB0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Mon Feb 5 19:51:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 5 18:55:46 2007 Subject: New Version of Postfix In-Reply-To: <45C762B6.7090104@chapman.edu> References: <45C7508A.40103@chapman.edu> <223f97700702050814i26b4cf9bj7f1c795b3b9ac76f@mail.gmail.com> <45C762B6.7090104@chapman.edu> Message-ID: Jay Chandler spake the following on 2/5/2007 9:00 AM: > Glenn Steen wrote: >> On 05/02/07, Jay Chandler wrote: >>> Welp, the new version of Postfix hit the FreeBSD ports tree-- 2.3.7. >>> >>> Any reason I shouldn't install this vis a vis MailScanner? I'd ask on >>> that list, but you all know by now the response I'd get... >>> >> Not that I can see... The only known problem with PF<>MS (ATM) is the >> milter support adding p records (well, a bit more involved, but that >> is the one that breaks things)... And you likely don't use that, so >> ... it should be safe. >> > Thanks, Glenn. > > Given the peculiar reaction I get over there talking about MailScanner, > I wouldn't put it past a developer to intentionally start mucking around > with the queue files just to screw with MailScanner. Kinda sad, really. > It has been suggested, but I doubt you would get anyone to admit it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Feb 5 20:03:35 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 5 19:07:36 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <45C778B2.8020004@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> <45C778B2.8020004@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 2/5/2007 10:34 AM: > Randal, Phil wrote: >> CONFIG: New FEATURE(`badmx') to reject envelope sender addresses >> (MAIL) whose domain part resolves to a "bad" MX record. >> Based on contribution from William Dell Wisner. > > Sorry for being lazy, but can someone define "bad" please? > > Jules > When you get cheeky with a girl, but don't buy her dinner first? ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jaearick at colby.edu Mon Feb 5 20:30:49 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Feb 5 19:34:52 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <45C778B2.8020004@ecs.soton.ac.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> <45C778B2.8020004@ecs.soton.ac.uk> Message-ID: On Mon, 5 Feb 2007, Julian Field wrote: > Date: Mon, 05 Feb 2007 18:34:26 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Sendmail 8.14.0 is out > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Randal, Phil wrote: >> CONFIG: New FEATURE(`badmx') to reject envelope sender addresses >> (MAIL) whose domain part resolves to a "bad" MX record. >> Based on contribution from William Dell Wisner. >> > Sorry for being lazy, but can someone define "bad" please? Per the features README: badmx Reject envelope sender addresses (MAIL) whose domain part resolves to a "bad" MX record. By default these are MX records which resolve to A records that match the regular expression: ^(127\.|10\.|0\.0\.0\.0) This default regular expression can be overridden by specifying an argument, e.g., FEATURE(`badmx', `^127\.0\.0\.1') Note: this feature requires that the sendmail binary has been compiled with the options MAP_REGEX and DNSMAP. In googling around, I saw where others got a bit fancier: ^(127\.[0-9]+\.[0-9]+\.[0-9]+|10\.[0-9]+\.[0-9]+\.[0-9]+|172\.20\.[0-9]+\.[0-9]+|192\.168\.[0-9]+\.[0-9]+)$ So, it looks like unroutable/private address blocks per RFC 1918. Jeff Earickson Colby College From ka at pacific.net Mon Feb 5 20:38:04 2007 From: ka at pacific.net (Ken A) Date: Mon Feb 5 19:38:09 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> <45C778B2.8020004@ecs.soton.ac.uk> Message-ID: <45C7879C.3090700@pacific.net> Scott Silva wrote: > Julian Field spake the following on 2/5/2007 10:34 AM: >> Randal, Phil wrote: >>> CONFIG: New FEATURE(`badmx') to reject envelope sender addresses >>> (MAIL) whose domain part resolves to a "bad" MX record. >>> Based on contribution from William Dell Wisner. >> Sorry for being lazy, but can someone define "bad" please? >> >> Jules >> > When you get cheeky with a girl, but don't buy her dinner first? ;-D > > From doc: > badmx Reject envelope sender addresses (MAIL) whose domain part > resolves to a "bad" MX record. By default these are > MX records which resolve to A records that match the > regular expression: > > ^(127\.|10\.|0\.0\.0\.0) > > This default regular expression can be overridden by > specifying an argument, e.g., > > FEATURE(`badmx', `^127\.0\.0\.1') > > Note: this feature requires that the sendmail binary > has been compiled with the options MAP_REGEX and > DNSMAP. From ecasarero at gmail.com Mon Feb 5 20:38:24 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Feb 5 19:42:10 2007 Subject: add high scoring spam to my rbl list In-Reply-To: <200702042154040364.365488E3@smtp1.ace.net.au> References: <200702042154040364.365488E3@smtp1.ace.net.au> Message-ID: <7d9b3cf20702051138r65b376c8l462ec0af7ae6b9b3@mail.gmail.com> 2007/2/4, Peter Nitschke : > > >> Although not exactly what you're looking for, the Vispan project does > >> essentially what I think you are looking to do. It simply examines > >> MailScanner's log and keeps track of spammers. If a certain spammer > >> sends more spams within a specified amount of time then what you > >allow, > >> then it automatically adds that sender to your access list so that > >it's > >> denied at the MTA level. > >> > >Looks like your reply has really hit the jackpot. After searching along > >these lines, I've found a gentleman who has patched vispan to do exactly > >that. Add them to a rbldns! I will be installing vispan tonight along > >with the patches. On a futher note, the author of vispan has implemented > >the patch into the main program and is testing as we speak! > > Any more news on this? i'd like to test that pacht! do you have a public link? -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070205/a6ab4b7f/attachment.html From nerijusb at dtiltas.lt Mon Feb 5 21:16:35 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Mon Feb 5 20:23:48 2007 Subject: New Beta 4.58.6 released In-Reply-To: <223f97700702031349w4e9be3a6meee9118a8b7cddaa@mail.gmail.com> References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com><223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com><45BFD212.6090204@rogers.com><223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com><20070203213757.AD4B7E6A9D@mx-b.vdnet.lt> <223f97700702031349w4e9be3a6meee9118a8b7cddaa@mail.gmail.com> Message-ID: <20070205202002.5BFF5FF08@mx-a.vdnet.lt> On Sat, 3 Feb 2007 22:49:50 +0100 Glenn Steen wrote: > > > Yes. Seems you don't have to have it actually "edit" anything though, > > > the p record "placeholders" will be added just by enabling it... Then > > > again, why would one have a milter that was in effect a "dummy":-). > > > > Why not? For example milter-greylist accepts or rejects message (and > > can add a header, but it's not important and can be disabled), so if > > Postfix didn't add p placeholders in such case, milter-greylist would > > have worked without modifying MS... > > Not quite, since it actually adds a header... In the spirit of "Kilroy > was here";-) Yes, but header is only informational and can be disabled in config file. > > > Seems most people don't use the milter option in 2.3 in conjunction > > > with MailScanner, since we've had one (1) request in this area > > > (Nerijus:) for all the time 2.3 has eben around. > > > > :) Thanks Glenn for your patches! > > You're welcome... Still working OK for you? Yes, no more complains about broken messages. Regards, Nerijus From Carl.Andrews at crackerbarrel.com Mon Feb 5 21:49:12 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Mon Feb 5 20:53:01 2007 Subject: Greylisting .. nice .. In-Reply-To: <200611071939.kA7JdC2f025282@smtpgw1.crackerbarrel.com> Message-ID: <113A0DFC086C984AB9EFDF6B8614F0750125129E@exchange03.CBOCS.com> How did you get these numbers? Do you have a shell script or perl script that parses your logs? Thanks, Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rob Poe Sent: Tuesday, November 07, 2006 1:26 PM To: MailScanner discussion; Jim Holland Subject: Re: Greylisting .. nice .. >> > My thoughts so far are this: Why didn't I do this sooner. > >> Its going to be pointless soon, problem is, as more and more people do >> this, it wont be long before the common garden variety spammers smtp >> engine will also retry on 4xx errors, id give it a year tops (if some of >> them are not already doing it) >My objection to it is not that it doesn't work, but that it makes all >genuine mail servers work twice as hard to deliver mail. I like having an I agree, that the spammers MIGHT try to adapt to this, but at THIS MOMENT, it works. Computer tech is moment based. Since when have we used virus scanners on Microsoft OS'es that only scan on demand (real time scanning). Why? Because the virus writers adapted. The viruses are far nastier. Spam will get far, far nastier. I have a mailserver I admin that gets the following in spam statistics .. for yesterday at midnight. 1040 blocked yesterday due to sendmail access.db blocks (the worst subnet offenders from foreign countries) 20,000 blocked for invalid recipient 124 blocked by RBLs, of which I cannot use all of because their clients host email servers on DSL / Cable modem connections. 68 blocked by spamassassin for high spam score 2000 greylist 1st attempts 204 greylist passes They STILL get spam .. but it's blocked almost ALL of the image based spams, and almost ALL of the pharmaceutical messages, and most of the nasty porn stuff. And with the bayes poisioning they get, SA wasn't touching it .. I agree, greylisting isn't the best thing since sliced bread .. but with the wild state of things on the Internet, it sure comes close IMO. Not everyone has a 2.8ghz dual xeon with 4 gigs of ram to dedicate to spamassassin with OCR recognition. This email domain name is 10 years old. It used to run Groupwise 5.2 (ok, so maybe it still does) which the GWIA is so horribly broken that it will accept email to ANY user (doesn't relay it, but DOES accept it even if invalid). So the spammers have dictionary attacked it for SO long that they all think that asuidewiuwer@thatdomainname is a vaild recipient, while it is not. Rob -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Mon Feb 5 22:15:54 2007 From: res at ausics.net (Res) Date: Mon Feb 5 21:19:44 2007 Subject: Sendmail 8.14.0 is out In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B581287FE08@isabella.herefordshire.gov.uk> Message-ID: On Mon, 5 Feb 2007, Randal, Phil wrote: > CONFIG: New FEATURE(`block_bad_helo') to reject messages from Just a warning on this feature, having an OK/RELAY in access is soley not enough, you need include your IP ranges in /etc/mail/relay-domains (this addition might be avoided in a future release) if you want those users of yours who connect with helo=home.lappy ...etc. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From itdept at fractalweb.com Mon Feb 5 22:38:25 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Mon Feb 5 21:44:40 2007 Subject: extract all images from spam folder? Message-ID: <45C7A3D1.80503@fractalweb.com> We have MailScanner set to quarantine all the spam messages, and in /var/spool/MailScanner/quarantine//spam there are all the messages as one file for each. What I would like to do is extract all of the attached images from all the messages in the folder and have a look at them. Would also be useful for testing fuzzyocr. Is there an easy way to accomplish this from the shell? Thanks. From glenn.steen at gmail.com Tue Feb 6 01:15:00 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 00:18:45 2007 Subject: extract all images from spam folder? In-Reply-To: <45C7A3D1.80503@fractalweb.com> References: <45C7A3D1.80503@fractalweb.com> Message-ID: <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> On 05/02/07, Chris Yuzik wrote: > We have MailScanner set to quarantine all the spam messages, and in > /var/spool/MailScanner/quarantine//spam there are all the messages > as one file for each. > > What I would like to do is extract all of the attached images from all > the messages in the folder and have a look at them. Would also be useful > for testing fuzzyocr. Is there an easy way to accomplish this from the > shell? > > Thanks. A) Don't quarantine the queue files, let MS save the rfc822 format message file and all attachments... Kind of makes this excercise almost too simple:-). B) Use MailWatch (which happen to need the above settings anyway, so you can look it up there:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From itdept at fractalweb.com Tue Feb 6 04:30:44 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Feb 6 03:35:35 2007 Subject: extract all images from spam folder? In-Reply-To: <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> References: <45C7A3D1.80503@fractalweb.com> <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> Message-ID: <45C7F664.4020709@fractalweb.com> Glenn Steen wrote: > A) Don't quarantine the queue files, let MS save the rfc822 format > message file and all attachments... Kind of makes this excercise > almost too simple:-). > B) Use MailWatch (which happen to need the above settings anyway, so > you can look it up there:-). Glenn, I presume you mean this section of MailScanner.conf? # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = no This is what I've already got, and it doesn't store the queue files but a single file containing the header, body, and any mime encoded attachments. I'd like a quick way to extract all of those mime attachments for analysis and testing (with things like FuzzyOCR). The interesting part is that MS already seems to store virus-infected messages with the attachments as separate files. Is there a way to get spam stored the same way? Any ideas? Cheers, Chris From MailScanner at ecs.soton.ac.uk Mon Feb 5 18:06:00 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 6 08:37:58 2007 Subject: Send copies of certain messages to other mail account In-Reply-To: <45C72ECC.3000007@nkpanama.com> References: <45C37B6A.2000201@talora.com.br> <45C381C2.5020908@dalsemi.com> <223f97700702021044s6efdc403m2fe7b49a56b78e40@mail.gmail.com> <45C723E6.6010303@talora.com.br> <45C72ECC.3000007@nkpanama.com> Message-ID: <45C763F8.5060509@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > > Lu?s Fernando C. Talora wrote: >> Thanks guys. This achieving option seems really to rock!!! :D >> >> Just another thing: if I use: >> >> From or To: *yahoogroups.com.br (...) >> >> Will MailScanner recognize messages where "*yahoogroups.com.br" >> appears only on the CC (carbon copy) field? > > AFAIK, it cares who "receives" the message in the end, not if the > recipient was in To: or CC: or even BCC: - but could someone correct > me if this isn't the case? Thanks... Quite correct. The headers are totally ignored when making decisions about who the sender and recipients are. For info, "Bcc" means this to the MTA: "Add these to the recipients list and then delete this header from the message". Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFyD1fEfZZRxQVtlQRAuSqAJ0V9x+OiVGwpI5Opk9kzgdOszTDzwCeOuYy +55JBneksju+QHsX1W3bmo0= =y2vR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Tue Feb 6 10:31:13 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 09:35:05 2007 Subject: extract all images from spam folder? In-Reply-To: <45C7F664.4020709@fractalweb.com> References: <45C7A3D1.80503@fractalweb.com> <223f97700702051615n13567279kb2c8ca096650a428@mail.gmail.com> <45C7F664.4020709@fractalweb.com> Message-ID: <223f97700702060131m5a7d0715y62d8c1a0f465d945@mail.gmail.com> On 06/02/07, Chris Yuzik wrote: > Glenn Steen wrote: > > A) Don't quarantine the queue files, let MS save the rfc822 format > > message file and all attachments... Kind of makes this excercise > > almost too simple:-). > > B) Use MailWatch (which happen to need the above settings anyway, so > > you can look it up there:-). > Glenn, > > I presume you mean this section of MailScanner.conf? > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or > # as human-readable files (header then body in 1 file)? > Quarantine Whole Messages As Queue Files = no > > This is what I've already got, and it doesn't store the queue files but > a single file containing the header, body, and any mime encoded attachments. Ah good. > I'd like a quick way to extract all of those mime attachments for > analysis and testing (with things like FuzzyOCR). > > The interesting part is that MS already seems to store virus-infected > messages with the attachments as separate files. Is there a way to get > spam stored the same way? > > Any ideas? Yes, I didn't think that through entirely... It involving the spam quarantine too, which is just the rfc822 message file, as you say. Unpacking this into its constituent parts could be done in a number of ways... If you have MailWatch too, you'd see that this already does this "unpacking" on the fly when you inspect a spam message (look at the details page of the message, click on the filename at the bottom). Using that will have the good thing with it that you are already using a program capable of displaying the information (your browser:). Or you could feed the file through mimencode (metamail package)... Might need a bit of scripting... Or better yet, get ripmime (http://www.pldaniels.com/ripmime/) and script around that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 6 13:12:15 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 12:16:03 2007 Subject: Performance In-Reply-To: <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> References: <45C03361.5040903@katy.com> <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com> <45C11A25.5010407@enitech.com.au> <223f97700701311717y54a485f8m4a420e2262f29d86@mail.gmail.com> <45C14692.2020704@enitech.com.au> <223f97700702010210m4398ae3fld20bbd7bdd5440e1@mail.gmail.com> Message-ID: <223f97700702060412h65b6bb4t6a9f93db6954eb4a@mail.gmail.com> Somewhat off-topic, but interresting for those willing to explore pflogsumm (and want to use the cron snippets I showed earlier). So, mainly for Postfix admins...:-). On 01/02/07, Glenn Steen wrote: > On 01/02/07, Peter Russell wrote: > > > > > > Glenn Steen wrote: > > > On 31/01/07, Peter Russell wrote: > (snip even more) > > >> >> relay_domains = katy.com katy.net katycomputer.com schmerold.com > > >> > Why is there no "companion" relay_recipient_maps? You should reject > > >> > unknown recipients. > > >> > > > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit > > >> >> smtpd_helo_required = yes > > >> > Here you should perhaps have a > > >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > > >> > hash:/etc/postfix/deny_domain_spoof > > >> > Where the deny_domain_spoof is simply an access file detailing the > > >> > domains and IP addresses you relay for like "katy.com REJECT". Will be > > >> > perfectly safe to use. > > >> > > >> Glenn - should he have REJECT for domains he relays for? > > > Yes. The thinking here is to REJECT anyone pretending to be either > > > your domain (your MX) or any of the "internal/trusted" IP addresses, > > > unless they really are... The permit_mynetworks take care of not > > > rejecting things that shouldn't be rejected:). > > > As said, perfectly safe;-). > > > This one rejects a few every day. > > > > Sorry for the questions, but i am trying to stop some of the low scoring > > spam i keep getting through - i am sure some tweaking will get it. > Quite OK. > > How do you check if these have blocked some spam? grep the maillog? > Well more or less:-). It's the beauty of pflogsumm ... It'll summarize > all rejections by at what stage and "reason"... like this (this is for > yesterday): > message reject detail > --------------------- > RCPT > Helo command rejected: Access denied (total: 50) > 3 83.173.153.170 (clients-865241583854se@nordea.se) > 3 83.239.72.30 (wkihudxroacna@dirtydavid.every1.net) > ... > (The first one there is a Nordea Phish, or rather three... that I > spend no more resources on;-) > These "Access denied at helo" are the ones trying to pretend they are > us. Similarily you'll get > Helo command rejected: Invalid name (total: 9) > Helo command rejected: need fully-qualified hostname (total: 374) > Recipient address rejected: User unknown in relay recipient table > (total: 233) > Relay access denied (total: 41) > Sender address rejected: Access denied (total: 35) > ... All those 700-odd rejections on a total incoming of 3800. Most of > teh above are pretty obviously from "reject_invalid_hostname, > reject_non_fqdn_hostname, reject_non_fqdn_sender, > reject_non_fqdn_recipient", and I also apply the deny_domain_spoof in > the sender_restrictions, which accounts for those 35 rejections. > > To keep "on top of things" I've cron'd a couple of pflogsumm runs like this: > 3 0 * * * /usr/local/bin/pflsum_yday > 10 4 * * 0 /usr/local/bin/pflsum_week > # cat /usr/local/bin/pflsum_yday > #!/bin/bash > # Postfix log summary analysis per yesterday > /bin/cat /var/log/syslog | /usr/local/bin/pflogsumm -i -d yesterday > --problems_first --rej_add_from --zero_fill > > /var/www/html/pflogsumm/pflogsumm-$(date +%Y%m%d).txt 2>&1 > # cat /usr/local/bin/pflsum_week > #!/bin/bash > # Postfix log summary analysis per last week > /bin/zcat /var/log/syslog.1.gz | /usr/local/bin/pflogsumm -i > --problems_first --rej_add_from --zero_fill > > /var/www/html/pflogsumm/pflogsumm-week-$(date +%Y%m%d).txt 2>&1 > # > And I then have a small PHP script to present those on a webpage... > For my disabled-by-windoze colleagues:-). > Just for completeness (and since Pete bugged me to actually look at it:-), here is the exceptionally Q&D (not horrid, but then... not beautiful either... I'm sure it depends on how my php.ini is set:) PHP script I use to present those logfile summaries... I've got it linked from the tools page of MailWatch too for easy access, but it is standalone. The colourscheme is due to it being part of a set of "webified admin tools" (and me being colourblind:), but it should be easy enough to change. The CONF_pfls_dir is the only variable one should need touch if one moves things elsewhere. Enhoy:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- A non-text attachment was scrubbed... Name: index.php Type: application/x-php Size: 2234 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070206/4c67d160/index.bin From uxbod at splatnix.net Tue Feb 6 13:32:49 2007 From: uxbod at splatnix.net (uxbod) Date: Tue Feb 6 12:37:14 2007 Subject: Performance In-Reply-To: <223f97700702060412h65b6bb4t6a9f93db6954eb4a@mail.gmail.com> References: <223f97700702060412h65b6bb4t6a9f93db6954eb4a@mail.gmail.com> Message-ID: <96c53352f0531efe38ee973fdf0777de@62.49.223.244> In a similar vain I modified the mailgraph tool by David Schweikert and came up with the following :- Regards, On Tue, 6 Feb 2007 13:12:15 +0100, "Glenn Steen" wrote: > Somewhat off-topic, but interresting for those willing to explore > pflogsumm (and want to use the cron snippets I showed earlier). > So, mainly for Postfix admins...:-). > > On 01/02/07, Glenn Steen wrote: >> On 01/02/07, Peter Russell wrote: >> > >> > >> > Glenn Steen wrote: >> > > On 31/01/07, Peter Russell wrote: >> (snip even more) >> > >> >> relay_domains = katy.com katy.net katycomputer.com > schmerold.com >> > >> > Why is there no "companion" relay_recipient_maps? You should > reject >> > >> > unknown recipients. >> > >> > >> > >> >> smtpd_data_restrictions = reject_unauth_pipelining, permit >> > >> >> smtpd_helo_required = yes >> > >> > Here you should perhaps have a >> > >> > smtpd_helo_restrictions = permit_mynetworks, check_helo_access >> > >> > hash:/etc/postfix/deny_domain_spoof >> > >> > Where the deny_domain_spoof is simply an access file detailing > the >> > >> > domains and IP addresses you relay for like "katy.com REJECT". > Will be >> > >> > perfectly safe to use. >> > >> >> > >> Glenn - should he have REJECT for domains he relays for? >> > > Yes. The thinking here is to REJECT anyone pretending to be either >> > > your domain (your MX) or any of the "internal/trusted" IP addresses, >> > > unless they really are... The permit_mynetworks take care of not >> > > rejecting things that shouldn't be rejected:). >> > > As said, perfectly safe;-). >> > > This one rejects a few every day. >> > >> > Sorry for the questions, but i am trying to stop some of the low > scoring >> > spam i keep getting through - i am sure some tweaking will get it. >> Quite OK. >> > How do you check if these have blocked some spam? grep the maillog? >> Well more or less:-). It's the beauty of pflogsumm ... It'll summarize >> all rejections by at what stage and "reason"... like this (this is for >> yesterday): >> message reject detail >> --------------------- >> RCPT >> Helo command rejected: Access denied (total: 50) >> 3 83.173.153.170 (clients-865241583854se@nordea.se) >> 3 83.239.72.30 (wkihudxroacna@dirtydavid.every1.net) >> ... >> (The first one there is a Nordea Phish, or rather three... that I >> spend no more resources on;-) >> These "Access denied at helo" are the ones trying to pretend they are >> us. Similarily you'll get >> Helo command rejected: Invalid name (total: 9) >> Helo command rejected: need fully-qualified hostname (total: 374) >> Recipient address rejected: User unknown in relay recipient table >> (total: 233) >> Relay access denied (total: 41) >> Sender address rejected: Access denied (total: 35) >> ... All those 700-odd rejections on a total incoming of 3800. Most of >> teh above are pretty obviously from "reject_invalid_hostname, >> reject_non_fqdn_hostname, reject_non_fqdn_sender, >> reject_non_fqdn_recipient", and I also apply the deny_domain_spoof in >> the sender_restrictions, which accounts for those 35 rejections. >> >> To keep "on top of things" I've cron'd a couple of pflogsumm runs like > this: >> 3 0 * * * /usr/local/bin/pflsum_yday >> 10 4 * * 0 /usr/local/bin/pflsum_week >> # cat /usr/local/bin/pflsum_yday >> #!/bin/bash >> # Postfix log summary analysis per yesterday >> /bin/cat /var/log/syslog | /usr/local/bin/pflogsumm -i -d yesterday >> --problems_first --rej_add_from --zero_fill > >> /var/www/html/pflogsumm/pflogsumm-$(date +%Y%m%d).txt 2>&1 >> # cat /usr/local/bin/pflsum_week >> #!/bin/bash >> # Postfix log summary analysis per last week >> /bin/zcat /var/log/syslog.1.gz | /usr/local/bin/pflogsumm -i >> --problems_first --rej_add_from --zero_fill > >> /var/www/html/pflogsumm/pflogsumm-week-$(date +%Y%m%d).txt 2>&1 >> # >> And I then have a small PHP script to present those on a webpage... >> For my disabled-by-windoze colleagues:-). >> > > Just for completeness (and since Pete bugged me to actually look at > it:-), here is the exceptionally Q&D (not horrid, but then... not > beautiful either... I'm sure it depends on how my php.ini is set:) PHP > script I use to present those logfile summaries... I've got it linked > from the tools page of MailWatch too for easy access, but it is > standalone. > > The colourscheme is due to it being part of a set of "webified admin > tools" (and me being colourblind:), but it should be easy enough to > change. The CONF_pfls_dir is the only variable one should need touch > if one moves things elsewhere. > > Enhoy:-) > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: mailgraph.png Type: image/png Size: 70006 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070206/483928e9/mailgraph-0001.png From DrewB at united-systems.com Tue Feb 6 14:31:06 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Tue Feb 6 13:35:06 2007 Subject: New phishing strategy Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: hb1.zip Type: application/x-zip-compressed Size: 1364 bytes Desc: hb1.zip Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070206/3439ef65/hb1.bin From cobalt-users1 at fishnet.co.uk Tue Feb 6 14:49:57 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 6 13:53:57 2007 Subject: New phishing strategy In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> References: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> Message-ID: <45C88785.29186.1F3C07A4@cobalt-users1.fishnet.co.uk> On 6 Feb 2007 at 7:31, Drew Burchett wrote: > The attached email is an example of a number of recent phishing attempts that my users and I > have been receiving over the past several days. As you can see, it isn?t like your normal phishing > attempt because the link that it?s sending you to isn?t masked by another link in any way. This > allows it to slip right through MailScanner?s phishing filter. The site seems to have been already > taken down, and I?ve fed these into my spam filter to identify them as spam, but I?m wondering if > there?s anything else that can be done within mailscanner or spamassassin to stop them? Hi, Not really as this would rely on MailScanner knowing that the Heritage Bank's website is 'bankwithheritage.com' and not bankwith-heritage.com. MailScanner can only detect that the title of the link doesn't match the target. Your best course of action is to educate users not to trust anything sent in an email, no matter what it is. If in any doubt they should pick up a printed phone book, look up the number for their financial institution, call and ask. Regards Ian -- From am.lists at gmail.com Tue Feb 6 15:43:37 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 14:47:25 2007 Subject: Problems with some 'add-on' apps... Message-ID: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> I've inherited a system that's being used as a spam proxy/gateway. I'm getting my head around it. Prior to getting this system we'd been using some commercial stuff called Declude and Message Sniffer. We're moving away from that in favor of something that's OSS and more effective. The system itself is s using MailScanner, currently ver 4.55.10, SpamAssassin version 3.1.5, with a slew of add-ons, including FuzzyOcr, Rules Du Jour, Pyzor, Razor, and a few other things. PostGrey 1.27, and PostFix 2.2.2. I'm running into a couple issues, and I see newer versions out. I normally would guess that upgrading is simply the answer, but that's almost like saying the fix to /every/ Windows(r) problem is to reboot. (e.g. most of the time yes, but not every time). For example. FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't complain in the logs about not finding the image (stock alerts, etc.) spam, but in MailWatch, I view the messages that MS is catching, and none of them are showing the hits from Fuzzy OCR. I am still catching a large number of the image spam messages in quarantine (/var/spool/MailScanner/quarantine/[date]/spam) that I can use to test. I know how to use spamassassin -t < (messageid) -- and it will show things like the Fuzzy OCR hits. But is there a way to test the message from MailScanner's point of view? Here's an example: >From the web gui (mailwatch) on a message that has image spam: cached not score=19.406 4 required autolearn=spam -0.18 BAYES_40 Bayesian spam probability is 20 to 40% 3.07 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 4.20 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 0.50 HTML_40_50 Message is 40% to 50% HTML 3.13 HTML_IMAGE_ONLY_08 HTML: images with 400-800 bytes of words 0.00 HTML_MESSAGE HTML included in message 0.00 MIME_HTML_ONLY Message only has text/html MIME parts 1.56 RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net 2.05 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address 3.90 RCVD_IN_XBL Received via a relay in Spamhaus XBL 1.20 TVD_FW_GRAPHIC_NAME_MID And the same message with spamassassin -t < the message id reports the following: Content analysis details: (33.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 4.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 0.5 HTML_40_50 BODY: Message is 40% to 50% HTML 1.2 TVD_FW_GRAPHIC_NAME_MID BODY: TVD_FW_GRAPHIC_NAME_MID 0.0 HTML_MESSAGE BODY: HTML included in message 3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 10 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: "buy" in 1 lines "symbol" in 1 lines "tuesday" in 1 lines "news" in 2 lines (7.5 word occurrences found) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [72.225.192.40 listed in dnsbl.sorbs.net] 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [72.225.192.40 listed in zen.spamhaus.org] Some things jump out to me. One is that in the command line test, SA says 5.0 points are required, but MS is only looking for 4. Is this because I'm running the CLI test of SA as root and it's seeing a different prefs file? The one test called "TVD_FW_GRAPHIC_NAME_MID appears in the MailWatch/MailScanner test but not the FuzzyOCR test. Yet, the Fuzzy_OCR test appears int he CLI test but not in the MW/MS test. Thanks in advance for any assistance in looking at this and getting straightened out. Angelo From Q.G.Campbell at newcastle.ac.uk Tue Feb 6 15:47:28 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Tue Feb 6 14:51:25 2007 Subject: New phishing strategy In-Reply-To: <45C88785.29186.1F3C07A4@cobalt-users1.fishnet.co.uk> References: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> <45C88785.29186.1F3C07A4@cobalt-users1.fishnet.co.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB905864709435B4E@largo.campus.ncl.ac.uk> Drew The most effective way to deal with bogus URIs is to reject mail, during the SMTP exchange, that contains such URIs. You do this using SURBLs (Spam URI Real Time Block Lists), which detect bad URIs in the message body, in much the same way that you reject mail if the sending IP is listed in a DNSBL. For more info on SURLs see http://www.surbl.org/. Your MTA needs to be able to access one or more SURBLs and act on their results. In the case of Sendmail you can do this easily with an appropriate milter. We use the excellent "milter-link" milter from SnertSoft (see http://www.milter.info/). Quentin >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ian >Sent: 06 February 2007 13:50 >To: MailScanner discussion >Subject: Re: New phishing strategy > >On 6 Feb 2007 at 7:31, Drew Burchett wrote: > >> The attached email is an example of a number of recent >phishing attempts that my users and I >> have been receiving over the past several days. As you can >see, it isn?t like your normal phishing >> attempt because the link that it?s sending you to isn?t >masked by another link in any way. This >> allows it to slip right through MailScanner?s phishing >filter. The site seems to have been already >> taken down, and I?ve fed these into my spam filter to >identify them as spam, but I?m wondering if >> there?s anything else that can be done within mailscanner or >spamassassin to stop them? > >Hi, > >Not really as this would rely on MailScanner knowing that the >Heritage Bank's website is >'bankwithheritage.com' and not bankwith-heritage.com. >MailScanner can only detect that the >title of the link doesn't match the target. > >Your best course of action is to educate users not to trust >anything sent in an email, no >matter what it is. If in any doubt they should pick up a >printed phone book, look up the >number for their financial institution, call and ask. > >Regards > >Ian >-- > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From cobalt-users1 at fishnet.co.uk Tue Feb 6 15:55:37 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 6 14:59:35 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> Message-ID: <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> On 6 Feb 2007 at 9:43, am.lists wrote: > FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't > complain in the logs about not finding the image (stock alerts, etc.) > spam, but in MailWatch, I view the messages that MS is catching, and > none of them are showing the hits from Fuzzy OCR. Hi, I think FuzzyOCR will not scan a message if it has already got a score above a certain threshold (10?). This is to reduce the load on your system. Regards Ian -- From ljosnet at gmail.com Tue Feb 6 15:57:44 2007 From: ljosnet at gmail.com (emm1) Date: Tue Feb 6 15:01:32 2007 Subject: Exclude email adresss from being scanned for viruses/attachments? Message-ID: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> How would I do this? Thanks! From glenn.steen at gmail.com Tue Feb 6 16:02:15 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 15:06:03 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> Message-ID: <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> On 06/02/07, Ian wrote: > On 6 Feb 2007 at 9:43, am.lists wrote: > > > > > FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't > > complain in the logs about not finding the image (stock alerts, etc.) > > spam, but in MailWatch, I view the messages that MS is catching, and > > none of them are showing the hits from Fuzzy OCR. > > Hi, > > I think FuzzyOCR will not scan a message if it has already got a score above a certain > threshold (10?). This is to reduce the load on your system. > > Regards > > Ian Yep. Also, do the "spamassassin -t ...." test as the user postfix is running as... and add the -D flag to see all the nitgritty details of what it is doing:-)... something like: su - postfix -s /bin/bash spamassassin -D -t &1 | less -e ... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From am.lists at gmail.com Tue Feb 6 16:03:48 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 15:07:41 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> Message-ID: <25a66d840702060703i681948ebg1360aed559d7f38d@mail.gmail.com> Thanks for jumping in Ian... I saw that setting of 10, and thought that maybe it was getting skipped, so to test, I raised that skip-if already scored score up to 30 so that most things would still get routed to Fuzzy OCR. Any other ideas? I know within MailWatch, there's an administrative link to update MailScanner with new rules from SpamAssassin... Is it possible that one of the cron'ed updates has run and taken F-OCR out of what MailScanner sees? It's like SA sees the plugin but MS/MW does not. A MailScanner equivalent to "spamassassin -t < msgid file" would be nice. Do we have such a thing? Angelo On 2/6/07, Ian wrote: > On 6 Feb 2007 at 9:43, am.lists wrote: > > > > > FuzzyOcr. I turned up the verbosity to 3 (debug) and it doesn't > > complain in the logs about not finding the image (stock alerts, etc.) > > spam, but in MailWatch, I view the messages that MS is catching, and > > none of them are showing the hits from Fuzzy OCR. > > Hi, > > I think FuzzyOCR will not scan a message if it has already got a score above a certain > threshold (10?). This is to reduce the load on your system. > > Regards > > Ian > -- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rpoe at plattesheriff.org Tue Feb 6 16:14:14 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 6 15:18:33 2007 Subject: Greylisting .. nice .. In-Reply-To: <113A0DFC086C984AB9EFDF6B8614F0750125129E@exchange03.CBOCS.com> References: <200611071939.kA7JdC2f025282@smtpgw1.crackerbarrel.com> <113A0DFC086C984AB9EFDF6B8614F0750125129E@exchange03.CBOCS.com> Message-ID: <45C846E9.65ED.00A2.0@plattesheriff.org> >>1040 blocked yesterday due to sendmail access.db blocks (the worst >>subnet offenders from foreign countries) >>20,000 blocked for invalid recipient >>124 blocked by RBLs, of which I cannot use all of because their clients >>host email servers on DSL / Cable modem connections. >>68 blocked by spamassassin for high spam score >>2000 greylist 1st attempts >>204 greylist passes >How did you get these numbers? Do you have a shell script or perl script >that parses your logs? Yup. PHP shell scripts (don't ask, lol) doing grep -wc commands against the maillog for the specific day only. Why did I do it in PHP? Quick and dirty, didn't want to have to remember how to do it in BASH .. don't know PERL well enough to do it there. Example script below.. One for each. I'm sure, that it could be done more prettily - but this does work.. #!/usr/bin/php -q From DrewB at united-systems.com Tue Feb 6 16:23:06 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Tue Feb 6 15:27:33 2007 Subject: Exclude email adresss from being scanned for viruses/attachments? In-Reply-To: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F77149@uss2k01.united-systems.local> The easiest way is to set "Is Definitely Not Spam = " in Mailscanner.conf to point to a file. In this file, place the following lines: From: domain.to.be.excluded.com yes FromOrTo: default no Restart Mailscanner and you're off. Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of emm1 Sent: Tuesday, February 06, 2007 8:58 AM To: MailScanner discussion Subject: Exclude email adresss from being scanned for viruses/attachments? How would I do this? Thanks! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From dhawal at netmagicsolutions.com Tue Feb 6 16:25:30 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 6 15:29:36 2007 Subject: Exclude email adresss from being scanned for viruses/attachments? In-Reply-To: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> References: <910ee2ac0702060657v5ef562dt9d5f4becfd6505d3@mail.gmail.com> Message-ID: <45C89DEA.4030308@netmagicsolutions.com> emm1 wrote: > How would I do this? > > Thanks! See the relevant parts of MailScanner.conf for these and create rulesets acconrdingly: a. Dangerous Content Scanning b. Virus Scanning Read up the wiki on rulesets if required. - dhawal From am.lists at gmail.com Tue Feb 6 17:35:45 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 16:39:33 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> Message-ID: <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> OK... Thanks for the tip to su as postfix... I think I figured it out... I was led down the path of why it would work for root and not for postfix. I started looking at things such as file ownership and file mode. I was looking at things that were updated when I ran them as root... /etc/mail/spamassassin/FuzzyOcr.db (and associated lock files) tend to be updated each time root successfully scans a message, but the files were owned root:root, and mode 755. That meant the user postfix would be able to scan against the hash table but not update it. (For what its worth, with verbosity turned up, FuzzyOcr did not complain about the permissions issue, it just died.) I fixed that issue, and am now seeing Fuzzy OCR hits when testing as user postfix. I will let some real messages come through over the lunch hour, but I bet this will fix my image spam... at least for today :) Thanks to Glenn and Ian for your leadership and pointing me in the right direction. From KGoods at AIAInsurance.com Tue Feb 6 18:10:29 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Tue Feb 6 17:14:17 2007 Subject: New phishing strategy Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C2916C@aiainsurance.com> Ian wrote: > On 6 Feb 2007 at 7:31, Drew Burchett wrote: > >> The attached email is an example of a number of recent phishing >> attempts that my users and I >> have been receiving over the past several days. As you can see, it >> isn?t like your normal phishing attempt because the link that it?s >> sending you to isn?t masked by another link in any way. This allows >> it to slip right through MailScanner?s phishing filter. The site >> seems to have been already taken down, and I?ve fed these into my >> spam filter to identify them as spam, but I?m wondering if there?s >> anything else that can be done within mailscanner or spamassassin to >> stop them? > > Hi, > > Not really as this would rely on MailScanner knowing that the > Heritage Bank's website is 'bankwithheritage.com' and not > bankwith-heritage.com. MailScanner can only detect that the title of > the link doesn't match the target. > > Your best course of action is to educate users not to trust anything > sent in an email, no matter what it is. If in any doubt they should > pick up a printed phone book, look up the number for their financial > institution, call and ask. > > Regards > > Ian > -- Or... you can use ClamAV to catch these nasties like this.... (Sorry I couldn't reply to the OP but since it was caught by ClamAV it didn't make it to me! :) The following e-mails were found to have: Virus Detected Sender: mailscanner-bounces@lists.mailscanner.info IP Address: 83.98.192.7 Recipient: kgoods@mydomain.com Subject: New phishing strategy MessageID: l16DiWNd014477 Quarantine: /var/spool/MailScanner/quarantine/20070206/l16DiWNd014477 Report: ClamAV: hb1.txt contains HTML.Phishing.Bank-1074 Report: ClamAV: hb1.zip contains HTML.Phishing.Bank-1074 Full headers are: Return-Path: Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7]) by gw-mail.aiainsurance.com (8.13.1/8.13.1) with ESMTP id l16DiWNd014477 for ; Tue, 6 Feb 2007 05:44:35 -0800 Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id l16DZ7ac007105; Tue, 6 Feb 2007 13:36:25 GMT X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from spamfilter.onlineky.net (spamfilter2.onlineky.net [65.241.66.9]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id l16DZ5MF007100 for ; Tue, 6 Feb 2007 14:35:05 +0100 Received: from united-systems.local (intranet.united-systems.com [65.241.66.2]) by spamfilter.onlineky.net (Postfix) with ESMTP id 0EBC852F0D for ; Tue, 6 Feb 2007 07:31:10 -0600 (CST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C749F3.0EAC3688" Date: Tue, 6 Feb 2007 07:31:06 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.5 Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F77137@uss2k01.united-systems.local> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: New phishing strategy Thread-Index: AcdJ8w5HFpUKOPp2SLWUYlJyEYZGEg== From: "Drew Burchett" To: "MailScanner discussion" X-USS-MailScanner-Information: Please contact the ISP for more information X-USS-MailScanner: Found to be clean X-USS-MailScanner-From: drewb@united-systems.com Subject: New phishing strategy X-BeenThere: mailscanner@lists.mailscanner.info X-Mailman-Version: 2.1.5 Precedence: list Reply-To: MailScanner discussion List-Id: MailScanner discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: mailscanner-bounces@lists.mailscanner.info Errors-To: mailscanner-bounces@lists.mailscanner.info Pretty slick really.... :) HTH, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From glenn.steen at gmail.com Tue Feb 6 18:49:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 6 17:52:55 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> Message-ID: <223f97700702060949i1c6455c7wc7d8a900a9195869@mail.gmail.com> On 06/02/07, am.lists wrote: > OK... Thanks for the tip to su as postfix... > > I think I figured it out... I was led down the path of why it would > work for root and not for postfix. > > I started looking at things such as file ownership and file mode. I > was looking at things that were updated when I ran them as root... > /etc/mail/spamassassin/FuzzyOcr.db (and associated lock files) tend to > be updated each time root successfully scans a message, but the files > were owned root:root, and mode 755. That meant the user postfix would > be able to scan against the hash table but not update it. (For what > its worth, with verbosity turned up, FuzzyOcr did not complain about > the permissions issue, it just died.) > > I fixed that issue, and am now seeing Fuzzy OCR hits when testing as > user postfix. > > I will let some real messages come through over the lunch hour, but I > bet this will fix my image spam... at least for today :) > > Thanks to Glenn and Ian for your leadership and pointing me in the > right direction. You're wellcome. When you've convinced yourself everything is working OK, remember to turn that setting down to 10 again for FuzzyOCR... Pointless to waste the resources on things already determined to be spam:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From am.lists at gmail.com Tue Feb 6 18:55:31 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 6 17:59:18 2007 Subject: Problems with some 'add-on' apps... In-Reply-To: <223f97700702060949i1c6455c7wc7d8a900a9195869@mail.gmail.com> References: <25a66d840702060643h2d9c3d5nb2893fefc7ba3680@mail.gmail.com> <45C896E9.5017.1F782743@cobalt-users1.fishnet.co.uk> <223f97700702060702v605845epb1e7f43e62ecf91a@mail.gmail.com> <25a66d840702060835u1da6c2daqcf6f577d6b9e42e2@mail.gmail.com> <223f97700702060949i1c6455c7wc7d8a900a9195869@mail.gmail.com> Message-ID: <25a66d840702060955r7cc00554p45e7baf1a7cb3661@mail.gmail.com> You're absolutely correct. I did think of leaving it high enough to kick in for the sake of getting the image hashes into the db, but but since everything else is usually malformed enough, and since focr gets it right on the first time, I figure 10 is still fine. -Angelo On 2/6/07, Glenn Steen wrote: > On 06/02/07, am.lists wrote: > > OK... Thanks for the tip to su as postfix... > > > > I think I figured it out... I was led down the path of why it would > > work for root and not for postfix. > > > > I started looking at things such as file ownership and file mode. I > > was looking at things that were updated when I ran them as root... > > /etc/mail/spamassassin/FuzzyOcr.db (and associated lock files) tend to > > be updated each time root successfully scans a message, but the files > > were owned root:root, and mode 755. That meant the user postfix would > > be able to scan against the hash table but not update it. (For what > > its worth, with verbosity turned up, FuzzyOcr did not complain about > > the permissions issue, it just died.) > > > > I fixed that issue, and am now seeing Fuzzy OCR hits when testing as > > user postfix. > > > > I will let some real messages come through over the lunch hour, but I > > bet this will fix my image spam... at least for today :) > > > > Thanks to Glenn and Ian for your leadership and pointing me in the > > right direction. > You're wellcome. > When you've convinced yourself everything is working OK, remember to > turn that setting down to 10 again for FuzzyOCR... Pointless to waste > the resources on things already determined to be spam:-). > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From r.berber at computer.org Wed Feb 7 01:58:58 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 01:02:59 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable Message-ID: Hi, As the subject says, the new version has a check_mail with line 123: echo -n 'Starting MailScanner...' the problem is that "echo -n" does not work everywhere, specifically it doesn't work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. Alternatives are, in order of preference: 1. printf 'Starting MailScanner...' 2. echo 'Starting MailScanner...\c' The first one is probably portable, the second is what we use in Solaris and probably doesn't work anywhere else. -- Ren? Berber From r.berber at computer.org Wed Feb 7 02:23:07 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 01:27:15 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: Ren? Berber wrote: > Hi, > > As the subject says, the new version has a check_mail with line 123: s/check_mail/check_mailscanner/ > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > > Alternatives are, in order of preference: > > 1. printf 'Starting MailScanner...' > > 2. echo 'Starting MailScanner...\c' > > The first one is probably portable, the second is what we use in Solaris and > probably doesn't work anywhere else. -- Ren? Berber From carlos.pastorino at gmail.com Wed Feb 7 02:30:15 2007 From: carlos.pastorino at gmail.com (Carlos Pastorino) Date: Wed Feb 7 01:34:21 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: References: Message-ID: I have noticed that MailScanner checks for viruses even if the spam has been marked for deletion. Here's one example: Feb 6 01:20:03 mailserver MailScanner[3368]: New Batch: Scanning 1 messages, 1655 bytes Feb 6 01:20:03 mailserver MailScanner[3368]: Spam Checks: Starting Feb 6 01:20:04 mailserver MailScanner[3368]: RBL checks: 0338C2C0F7.99CBE found in SORBS-DNSBL, SBL+XBL, spamhaus-XBL, spamcop.net Feb 6 01:20:04 mailserver MailScanner[3368]: Message 0338C2C0F7.99CBE from 219.150.57.14 (xpisig@spammer.domain) to mydomain.com.br is SORBS-DNSBL, SBL+XBL, spamhaus-XBL, spamcop.net Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks: Found 1 spam messages Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Actions: message 0338C2C0F7.99CBE actions are delete Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks completed at 1579 bytes per second Feb 6 01:20:04 mailserver MailScanner[3368]: Virus and Content Scanning: Starting Feb 6 01:20:09 mailserver MailScanner[3368]: Virus Scanning completed at 334 bytes per second Feb 6 01:20:09 mailserver MailScanner[3368]: Batch completed at 275 bytes per second (1655 / 5) Feb 6 01:20:09 mailserver MailScanner[3368]: Batch (1 message) processed in 6.00 seconds If the virus scanning were to be skipped in this case -- since the message was going to be deleted anyway -- the processing time should've been 1 second, instead of 6 seconds. My suggestion is that MailScanner.conf gives us an option to only check for viruses in the e-mails which are going to be delivered or stored in the quarantine. Any thoughts? Best regards, Pastorino From res at ausics.net Wed Feb 7 02:30:51 2007 From: res at ausics.net (Res) Date: Wed Feb 7 01:34:55 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: On Tue, 6 Feb 2007, Ren? Berber wrote: > As the subject says, the new version has a check_mail with line 123: > > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. This works fine on Linux, unfortunately I can't test Solaris > The first one is probably portable, the second is what we use in Solaris and > probably doesn't work anywhere else. :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 7 02:36:45 2007 From: res at ausics.net (Res) Date: Wed Feb 7 01:40:40 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: On Wed, 7 Feb 2007, Res wrote: >> the problem is that "echo -n" does not work everywhere, specifically it >> doesn't >> work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell >> echo. > This works fine on Linux, unfortunately I can't test Solaris looks around..... SunOS5.9 The echo utility writes its arguments, separated by BLANKs and terminated by a NEWLINE, to the standard output. If there are no arguments, only the NEWLINE character will be written. We use the -n to avoid the newline output so we can have the result on the same line, so if solaris we'd need use \c to avoid it it seems. \c Print line without new-line. All characters fol- lowing the \c in the argument are ignored. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 7 02:50:29 2007 From: res at ausics.net (Res) Date: Wed Feb 7 01:54:33 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: Jules, bin/check_mailscanner Line 117 echo -n to avoid the issue with Solaris can you please replace the echo -n _with_ printf on line 117 Cheers On Wed, 7 Feb 2007, Res wrote: > On Wed, 7 Feb 2007, Res wrote: > >>> the problem is that "echo -n" does not work everywhere, specifically it >>> doesn't >>> work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne >>> shell echo. > >> This works fine on Linux, unfortunately I can't test Solaris > > looks around..... > > SunOS5.9 > The echo utility writes its arguments, separated by BLANKs > and terminated by a NEWLINE, to the standard output. If > there are no arguments, only the NEWLINE character will be > written. > > We use the -n to avoid the newline output so we can have the result on the > same line, so if solaris we'd need use \c to avoid it it seems. > \c Print line without new-line. All characters fol- > lowing the \c in the argument are ignored. > > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From tgc at statsbiblioteket.dk Wed Feb 7 08:35:54 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Wed Feb 7 07:39:44 2007 Subject: extract all images from spam folder? In-Reply-To: <45C7A3D1.80503@fractalweb.com> References: <45C7A3D1.80503@fractalweb.com> Message-ID: <45C9815A.5020902@statsbiblioteket.dk> Chris Yuzik wrote: > We have MailScanner set to quarantine all the spam messages, and in > /var/spool/MailScanner/quarantine//spam there are all the messages > as one file for each. > > What I would like to do is extract all of the attached images from all > the messages in the folder and have a look at them. Would also be useful > for testing fuzzyocr. Is there an easy way to accomplish this from the > shell? > # cd # for i in *; do uudeview -i -m +e .jpg.gif.png -p /tmp/spampics $i; done The key is ofcourse uudeview that does uu/yenc/base64 decoding. -tgc From tgc at statsbiblioteket.dk Wed Feb 7 08:43:14 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Wed Feb 7 07:47:04 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: <45C98312.3000702@statsbiblioteket.dk> Ren? Berber wrote: > Hi, > > As the subject says, the new version has a check_mail with line 123: > > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > /usr/ucb/echo will do this on Solaris. $ /usr/bin/echo -n -n $ /usr/ucb/echo -n $ -tgc From martinh at solidstatelogic.com Wed Feb 7 10:39:53 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 09:44:17 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: Message-ID: <950d4078a9a40645a2c9c74f4cfdf9bd@solidstatelogic.com> Carlos Not a good idea. Even if it's spam you need to check if there's a virus in there so you don't release malware by accident. AV checks are quite quick in comparison to Spamassassin checks..assuming you're doing SA which it doesn't look like you are.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Carlos Pastorino > Sent: 07 February 2007 01:30 > To: mailscanner@lists.mailscanner.info > Subject: Suggestion to speed MailScanner up > > I have noticed that MailScanner checks for viruses even if the spam > has been marked for deletion. > > Here's one example: > > Feb 6 01:20:03 mailserver MailScanner[3368]: New Batch: Scanning 1 > messages, 1655 bytes > Feb 6 01:20:03 mailserver MailScanner[3368]: Spam Checks: Starting > Feb 6 01:20:04 mailserver MailScanner[3368]: RBL checks: > 0338C2C0F7.99CBE found in SORBS-DNSBL, SBL+XBL, spamhaus-XBL, > spamcop.net > Feb 6 01:20:04 mailserver MailScanner[3368]: Message 0338C2C0F7.99CBE > from 219.150.57.14 (xpisig@spammer.domain) to mydomain.com.br is > SORBS-DNSBL, SBL+XBL, spamhaus-XBL, spamcop.net > Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks: Found 1 spam > messages > Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Actions: message > 0338C2C0F7.99CBE actions are delete > Feb 6 01:20:04 mailserver MailScanner[3368]: Spam Checks completed at > 1579 bytes per second > Feb 6 01:20:04 mailserver MailScanner[3368]: Virus and Content > Scanning: Starting > Feb 6 01:20:09 mailserver MailScanner[3368]: Virus Scanning completed > at 334 bytes per second > Feb 6 01:20:09 mailserver MailScanner[3368]: Batch completed at 275 > bytes per second (1655 / 5) > Feb 6 01:20:09 mailserver MailScanner[3368]: Batch (1 message) > processed in 6.00 seconds > > > If the virus scanning were to be skipped in this case -- since the > message was going to be deleted anyway -- the processing time > should've been 1 second, instead of 6 seconds. > > My suggestion is that MailScanner.conf gives us an option to only > check for viruses in the e-mails which are going to be delivered or > stored in the quarantine. > > Any thoughts? > > Best regards, > > Pastorino > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From steve.freegard at fsl.com Wed Feb 7 10:48:42 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Feb 7 09:52:48 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: References: Message-ID: <45C9A07A.4020603@fsl.com> Hi Carlos, Carlos Pastorino wrote: > My suggestion is that MailScanner.conf gives us an option to only > check for viruses in the e-mails which are going to be delivered or > stored in the quarantine. > > Any thoughts? Yes - check your settings for 'Keep Spam and MCP quarantine clean', if it is set to 'Yes', then change it to 'No' and I think you'll get the desired result. Kind regards, Steve. From glenn.steen at gmail.com Wed Feb 7 12:32:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 11:35:56 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <45C98312.3000702@statsbiblioteket.dk> References: <45C98312.3000702@statsbiblioteket.dk> Message-ID: <223f97700702070332k3df084c3mb681fb3f56fb6527@mail.gmail.com> On 07/02/07, Tom G. Christensen wrote: > Ren? Berber wrote: > > Hi, > > > > As the subject says, the new version has a check_mail with line 123: > > > > echo -n 'Starting MailScanner...' > > > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > > > /usr/ucb/echo will do this on Solaris. > > $ /usr/bin/echo -n > -n > $ /usr/ucb/echo -n > $ > Exactly right... echo has _never_ been portable as such, due to there being the two incarnations (BSD with -n etc, sysV with escape sequences). So if one is to use it one has to test which version one gets and act accordingly, or use something completely different (and hope that that is a) present on all "dialects", b) more portable...:-). If the aim is to use -n everywhere, and it is only Solaris that is ... problematic, the test one should do is if this is Solaris arch, and then use /usr/ucb equivalents (which are present on every solaris back to at least 2.5 (my memory of SunOS earlier than that has become more ... foggy... than I'd care to admit... Didn't one have the sysV stuff in /usr/5bin back then? And the /usr/ucb thing too?). One could also _force_ /usr/ucb to be prepended to the PATH prior to the call to echo, which would perhaps be the most elegant way of doing things... Something like if [ -d /usr/ucb ] then PATH=/usr/ucb:$PATH fi ... Since this would work on any arch/dialect/distro:-):-) PS. Am I the only one still hating Sun for what they did when they moved to Slolaris 5? IMO the only usable version is 10, where they seem to have been influenced heavily by ... the competition:-). I know, this arguement is dead and buried in ancient history.... Still, that COSE thing really dampened my enthusiasm for the company and their products... Still consider it every time we're out to buy new stuff... Nah, I'm not bearing a grudge:-):-). And no Res, don't answer that I'm the only one who remembers it:-D. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 7 12:37:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 7 11:44:36 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: References: Message-ID: <45C9B9E4.1040104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My best attempt to solve this one is this: printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting MailScanner...' Then you just have to have one or the other. Or even this? printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting MailScanner...' 2>/dev/null || echo 'Starting MailScanner...' Thoughts? Ren? Berber wrote: > Hi, > > As the subject says, the new version has a check_mail with line 123: > > echo -n 'Starting MailScanner...' > > the problem is that "echo -n" does not work everywhere, specifically it doesn't > work in Solaris 9, 8, ... with the stock echo, or the built-in Bourne shell echo. > > Alternatives are, in order of preference: > > 1. printf 'Starting MailScanner...' > > 2. echo 'Starting MailScanner...\c' > > The first one is probably portable, the second is what we use in Solaris and > probably doesn't work anywhere else. > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFybqUEfZZRxQVtlQRAieRAKDZltU+h0MJSl0lIUkuf5aaI9K1SACg51/G 9Ltv5KyCxjUPkbevnAarSBg= =cL44 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Wed Feb 7 12:44:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 11:48:43 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: <45C9A07A.4020603@fsl.com> References: <45C9A07A.4020603@fsl.com> Message-ID: <223f97700702070344k79c9f68ahb0d71828a0f7d1d2@mail.gmail.com> On 07/02/07, Steve Freegard wrote: > Hi Carlos, > > Carlos Pastorino wrote: > > My suggestion is that MailScanner.conf gives us an option to only > > check for viruses in the e-mails which are going to be delivered or > > stored in the quarantine. > > > > Any thoughts? > > Yes - check your settings for 'Keep Spam and MCP quarantine clean', if > it is set to 'Yes', then change it to 'No' and I think you'll get the > desired result. > > Kind regards, > Steve. Um, yes and no Steve. That would leave him with potential viruses in the low scoring spam he might quarantine, while letting the "already slated for deletion" spam avoid being scanned for viruses. One would think that one should be able to enhance the logic behind the "Keep Spam and MCP quarantine clean" setting a bit, so that it actually checks whether the message would be delivered at all, anywhere... As an intermediary, one could set the above to no, as per your suggestion, and then implement the "forward to alias to /dev/null" trick we used to do before (with the sideeffects that had... dual quarantine (both spam and virus) etc.) for the Spam Actions ... Or please correct me if I'm completely off on this... Not quite awake here yet, so I might've missed some fine nuance:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 7 12:51:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 11:54:58 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <45C9B9E4.1040104@ecs.soton.ac.uk> References: <45C9B9E4.1040104@ecs.soton.ac.uk> Message-ID: <223f97700702070351u55a2bc3fr386bffb216af84c6@mail.gmail.com> On 07/02/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > My best attempt to solve this one is this: > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > MailScanner...' this should work, but might still result in the ugly: "-n Startin MailScanner... " > Then you just have to have one or the other. > Or even this? > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > MailScanner...' 2>/dev/null || echo 'Starting MailScanner...' This is useless, since you will never fail in the first echo, you will always produce "Starting MailScanner... " If you are to use any of this, don't test it at "use time", know it beforehand;-). Or do as I suggested, futz with the PATH:-D -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 7 13:22:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 7 12:26:31 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <223f97700702070351u55a2bc3fr386bffb216af84c6@mail.gmail.com> References: <45C9B9E4.1040104@ecs.soton.ac.uk> <223f97700702070351u55a2bc3fr386bffb216af84c6@mail.gmail.com> Message-ID: <223f97700702070422r68dbb94bv486f933cdb45baa1@mail.gmail.com> On 07/02/07, Glenn Steen wrote: (snip) > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > > MailScanner...' 2>/dev/null || echo 'Starting MailScanner...' > > This is useless, since you will never fail in the first echo, you will > always produce > "Starting MailScanner... > " "Think before you type..." :-) You would always behave as in the first ... potentially producing "-n Starting....", the last echo would only come into play if echo as such borked out... And then that would likely not be your primary problem:-D... You'd probably have far more basic things breaking right left and center then. So it'd basically be useless anyway;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From housey at sme-ecom.co.uk Wed Feb 7 15:34:25 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Wed Feb 7 14:38:20 2007 Subject: OT: Sendmail rbl Message-ID: Hi Very off topic so will be brief, just been tearing my hair out trying to find a way to do this and im sure its straight forward. Im using FEATURE(`dnsbl','sbl-xbl.spamhaus.org',`"554 Rejected " $&{client_addr} " - listed in rbl"')dnl Which works fine, what im trying to do is include the senders address in the 554 Reject message i.e. 554 Rejected x.x.x.x From - abc@test.com - listed in rbl Is there a sendmail macro (not sure if thats the correct term) for the senders address the same as there is for the clients address i.e. $&{client_addr} The reason I want to do this, is so its easier for me to parse and log the info when I have all the info on one line. Any help appreciated. Thanks Paul From mikael.kermorgant at gmail.com Wed Feb 7 16:06:11 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Wed Feb 7 15:10:04 2007 Subject: reject mails unknown users at smtp stage (postfix & relay_recipient_maps) Message-ID: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> Hello We're using mailscanner and postfix on our smtp frontend. In order to improve it, we'd like to reject mails to unknown users by setting up a relay_recipient_maps parameter in postfix. However, my changes don't seem to be taken into account because mails are still presented to our backend server. I would welcome any suggestion about that. Thanks in advance, -- Mikael Kermorgant PS : here's the /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no myhostname = amxpub.paris.iufm.fr inet_interfaces = $myhostname localhost myorigin = $mydomain transport_maps = hash:/etc/postfix/transport mydestination = $myhostname localhost.$mydomain $mydomain local_recipient_maps = local_transport = error:local mail delivery is disabled virtual_alias_maps = hash:/etc/postfix/virtual relay_domains = paris.iufm.fr relay_recipient_maps = hash:/etc/mail/ldap.relay hash:/etc/mail/sympa.relay hash:/etc/mail/anciens.relay hash:/etc/mail/anciens2.relay mynetworks = 127.0.0.0/8 ip-of-backend-server recipient_delimiter = + header_checks = regexp:/etc/postfix/header_checks unknown_local_recipient_reject_code = 450 fast_flush_domains = smtpd_helo_required = yes disable_vrfy_command = yes smtpd_client_restrictions = smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname permit smtpd_sender_restrictions = smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_sender reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unauth_pipelining check_recipient_access hash:/etc/postfix/recipient_access smtpd_restriction_classes = greylist greylist = check_policy_service inet:ip-of-backend-server:60000 smtpd_etrn_restrictions = reject message_size_limit = 4194304 qmgr_message_recipient_limit = 20000 default_process_limit = 100 qmgr_message_active_limit = 20000 smtpd_recipient_limit = 128 smtpd_timeout = 180 smtpd_error_sleep_time = 50s smtpd_hard_error_limit = 10 From rabollinger at gmail.com Wed Feb 7 16:14:08 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Wed Feb 7 15:18:01 2007 Subject: Message never gets out of mqueue.in Message-ID: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Running MailScanner-4.57.6, recently upgraded from ancient version 4.21-9. Also just upgraded from SpamAssassin 2.63 to 3.1.7 with the latest image spam detection gadgets. All working nicely, except certain messages get reprocessed infinitely until I manually move them from mqueue.in to mqueue or if I whitelist the sender. File sizes: -rw------- 1 root 25 1412851 Feb 7 06:51 dfl17Bo8oL007167 -rw------- 1 root 25 1978 Feb 7 06:51 qfl17Bo8oL007167 Partial message headers: This is a multi-part message in MIME format. --=_Boundary_vtyTzqRBAvaD1M8pLSjI Content-Type: message/rfc822 Content-Disposition: attachment; filename=originalmail.eml Received: from zzz ([a.b.c.d])by x.com (8.12.8/8.12.8) with SMTP id l17B1k0i009927;Wed, 7 Feb 2007 16:31:47 +05 30 From: To: Subject: Date: Wed, 7 Feb 2007 16:37:36 +0530 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0027_01C74AD6.4639D340" X-Priority: 3 (Normal) X-MSMail-Priority: Normal Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-MS-TNEF-Correlator: X-imss-version: 2.046 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) This is a multi-part message in MIME format. ------=_NextPart_000_0027_01C74AD6.4639D340 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit ... ------=_NextPart_000_0027_01C74AD6.4639D340 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" I thought perhaps there was a problem with TNEF decoding, so I tried changing to the Internal decoder.. but that didn't help. /var/adm/messages indicates that it gets most of the way through processing, but the files never get moved or sent. You'll see that one batch works on it... then another does it all over... and so on... Feb 7 06:51:49 mail sendmail[7167]: l17Bo8oL007167: from=, size=1414089, class=0, nrcpts=2, msgid=, proto=ESMTP, daemon=MTA, relay=[] Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 from (i@in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, WATCH_STORE 0.50) Feb 7 06:51:53 mail MailScanner[31038]: Expanding TNEF archive at /usr/local/MailScanner-4.57.6/var/incoming/31038/l17Bo8oL007167/winmail.dat Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 added TNEF contents msg-31038-2891.txt,msg-31038-2901.txt,Untitled Attac,PBU Rev1 1 Feb.xls,LOS_pdf1 Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 has had TNEF winmail.dat removed Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 msg-31038-289.txt Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 msg-31038-290.txt Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 Untitled Attachment (no rule matched) Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no rule matched) Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing l17Bo8oL007167 msg-31038-291.txt Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 Untitled Attachment (no match found) Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 msg-31038-291.txt Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no match found) Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 msg-31038-289.txt Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing l17Bo8oL007167 msg-31038-290.txt Feb 7 06:52:18 mail MailScanner[30832]: Message l17Bo8oL007167 from (in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, WATCH_STORE 0.50) Feb 7 06:52:24 mail MailScanner[30832]: Expanding TNEF archive at /usr/local/MailScanner-4.57.6/var/incoming/30832/l17Bo8oL007167/winmail.dat Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 added TNEF contents msg-30832-3431.txt,msg-30832-3441.txt,Untitled Attac,PBU Rev1 1 Feb.xls,LOS_pdf1 Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 has had TNEF winmail.dat removed Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 msg-30832-343.txt Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 msg-30832-344.txt Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 Untitled Attachment (no rule matched) Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no rule matched) Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing l17Bo8oL007167 msg-30832-345.txt Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 Untitled Attachment (no match found) Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 msg-30832-344.txt Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 LOS_pdf1 (no match found) Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 msg-30832-343.txt Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing l17Bo8oL007167 msg-30832-345.txt Any ideas? Thanks, Rich Bollinger From martinh at solidstatelogic.com Wed Feb 7 16:26:41 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 15:31:05 2007 Subject: Message never gets out of mqueue.in In-Reply-To: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Message-ID: <4649690655b5dc4188b88aca53f71ccd@solidstatelogic.com> Richard Wow big leap...did you do them at the same time???? Anyway with a known 'bad' message in the in queue Stop mailscanner Run "mailscanner -debug" This should help find out where its going wrong.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Bollinger > Sent: 07 February 2007 15:14 > To: MailScanner discussion > Subject: Message never gets out of mqueue.in > > Running MailScanner-4.57.6, recently upgraded from ancient version 4.21-9. > > Also just upgraded from SpamAssassin 2.63 to 3.1.7 with the latest > image spam detection gadgets. > > All working nicely, except certain messages get reprocessed infinitely > until I manually move them from mqueue.in to mqueue or if I whitelist > the sender. File sizes: > > -rw------- 1 root 25 1412851 Feb 7 06:51 dfl17Bo8oL007167 > -rw------- 1 root 25 1978 Feb 7 06:51 qfl17Bo8oL007167 > > Partial message headers: > > This is a multi-part message in MIME format. > > --=_Boundary_vtyTzqRBAvaD1M8pLSjI > Content-Type: message/rfc822 > Content-Disposition: attachment; > filename=originalmail.eml > > Received: from zzz ([a.b.c.d])by x.com > (8.12.8/8.12.8) with SMTP id l17B1k0i009927;Wed, 7 Feb 2007 > 16:31:47 +05 > 30 > From: > To: > Subject: > Date: Wed, 7 Feb 2007 16:37:36 +0530 > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0027_01C74AD6.4639D340" > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Importance: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > X-MS-TNEF-Correlator: > X-imss-version: 2.046 > X-imss-result: Passed > X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 > X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > ... > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="winmail.dat" > > > I thought perhaps there was a problem with TNEF decoding, so I tried > changing to the Internal decoder.. but that didn't help. > > /var/adm/messages indicates that it gets most of the way through > processing, but the files never get moved or sent. > > You'll see that one batch works on it... then another does it all > over... and so on... > > Feb 7 06:51:49 mail sendmail[7167]: l17Bo8oL007167: from=, > size=1414089, class=0, nrcpts=2, msgid=, > proto=ESMTP, daemon=MTA, relay=[] > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 from > (i@in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:51:53 mail MailScanner[31038]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/31038/l17Bo8oL007167/winmail.dat > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 added > TNEF contents msg-31038-2891.txt,msg-31038-2901.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:18 mail MailScanner[30832]: Message l17Bo8oL007167 from > (in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:52:24 mail MailScanner[30832]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/30832/l17Bo8oL007167/winmail.dat > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 added > TNEF contents msg-30832-3431.txt,msg-30832-3441.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > > Any ideas? > > Thanks, Rich Bollinger > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Wed Feb 7 16:29:00 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 15:33:36 2007 Subject: Message never gets out of mqueue.in In-Reply-To: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Message-ID: Richard Bother I hate doing this.. When you upgraded did you force the locktype in MailScanner.conf. recent MailScanner versions assume sendmail is 8.13+ and posix locktype rather than older versions with assume sendmail is 8.12 or previous and flock locktype. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Bollinger > Sent: 07 February 2007 15:14 > To: MailScanner discussion > Subject: Message never gets out of mqueue.in > > Running MailScanner-4.57.6, recently upgraded from ancient version 4.21-9. > > Also just upgraded from SpamAssassin 2.63 to 3.1.7 with the latest > image spam detection gadgets. > > All working nicely, except certain messages get reprocessed infinitely > until I manually move them from mqueue.in to mqueue or if I whitelist > the sender. File sizes: > > -rw------- 1 root 25 1412851 Feb 7 06:51 dfl17Bo8oL007167 > -rw------- 1 root 25 1978 Feb 7 06:51 qfl17Bo8oL007167 > > Partial message headers: > > This is a multi-part message in MIME format. > > --=_Boundary_vtyTzqRBAvaD1M8pLSjI > Content-Type: message/rfc822 > Content-Disposition: attachment; > filename=originalmail.eml > > Received: from zzz ([a.b.c.d])by x.com > (8.12.8/8.12.8) with SMTP id l17B1k0i009927;Wed, 7 Feb 2007 > 16:31:47 +05 > 30 > From: > To: > Subject: > Date: Wed, 7 Feb 2007 16:37:36 +0530 > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0027_01C74AD6.4639D340" > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Importance: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > X-MS-TNEF-Correlator: > X-imss-version: 2.046 > X-imss-result: Passed > X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 > X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > ... > > ------=_NextPart_000_0027_01C74AD6.4639D340 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="winmail.dat" > > > I thought perhaps there was a problem with TNEF decoding, so I tried > changing to the Internal decoder.. but that didn't help. > > /var/adm/messages indicates that it gets most of the way through > processing, but the files never get moved or sent. > > You'll see that one batch works on it... then another does it all > over... and so on... > > Feb 7 06:51:49 mail sendmail[7167]: l17Bo8oL007167: from=, > size=1414089, class=0, nrcpts=2, msgid=, > proto=ESMTP, daemon=MTA, relay=[] > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 from > (i@in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:51:53 mail MailScanner[31038]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/31038/l17Bo8oL007167/winmail.dat > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 added > TNEF contents msg-31038-2891.txt,msg-31038-2901.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:51:53 mail MailScanner[31038]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:15 mail MailScanner[31038]: Filename Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-291.txt > Feb 7 06:52:15 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-289.txt > Feb 7 06:52:16 mail MailScanner[31038]: Filetype Checks: Allowing > l17Bo8oL007167 msg-31038-290.txt > Feb 7 06:52:18 mail MailScanner[30832]: Message l17Bo8oL007167 from > (in) to elliott-turbo.com is not spam, SpamAssassin (score=-1.398, > required 5, BAYES_00 -2.60, SARE_BIZOP 0.70, UNPARSEABLE_RELAY 0.00, > WATCH_STORE 0.50) > Feb 7 06:52:24 mail MailScanner[30832]: Expanding TNEF archive at > /usr/local/MailScanner- > 4.57.6/var/incoming/30832/l17Bo8oL007167/winmail.dat > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 added > TNEF contents msg-30832-3431.txt,msg-30832-3441.txt,Untitled Attac,PBU > Rev1 1 Feb.xls,LOS_pdf1 > Feb 7 06:52:24 mail MailScanner[30832]: Message l17Bo8oL007167 has > had TNEF winmail.dat removed > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no rule matched) > Feb 7 06:52:54 mail MailScanner[30832]: Filename Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 PBU Rev1 1 Feb,2007.xls (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 Untitled Attachment (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-344.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 LOS_pdf1 (no match found) > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-343.txt > Feb 7 06:52:54 mail MailScanner[30832]: Filetype Checks: Allowing > l17Bo8oL007167 msg-30832-345.txt > > Any ideas? > > Thanks, Rich Bollinger > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From DrewB at united-systems.com Wed Feb 7 16:51:46 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Feb 7 15:55:55 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> You didn't mention what sort of backend you're delivering to, but here's the way I did it with Exchange 2000 & 2003: Local_recipient_maps = hash:/etc/postfix/db/local,ldap:/etc/postfix/ldap/users.ldap The file /etc/postfix/db/local contains a list of domains that I can relay for, but can't be contacted via ldap. This could also be a list of individual users if you wanted to keep it synched with your list of valid email addresses. The file /etc/postfix/ldap/users.ldap looks like this: server_host = ip.of.my.exchange search_base = dc=my,dc=domain bind_dn = cn=LDAP Query,ou=my.ou,dc=my,dc=domain bind_pw = password domain = hash:/etc/postfix/db/mydestination query_filter = (|(mail=%s)(proxyAddresses=smtp:%s)) result_attribute = mail version = 3 Since I have multiple domains, I pointed the domain entry above to a file that I also use for the mydestination entry in main.cf. If I'm not mistaken, you could list multiple ldap files in your local_recipient_maps, but keep in mind that each one is going to take time to connect and query. If you list too many, you may bring your mail delivery to its knees. -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From clacroix at cegep-ste-foy.qc.ca Wed Feb 7 16:54:39 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Feb 7 15:56:37 2007 Subject: MailScanner Pid file FreeBSD Message-ID: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Hi, i run freebsd 6.1 and once in a while like every day, i end up getting the string MailScanner in my /var/run/MailScanner.pid file. I got my pid file setup in MailScanner.conf PID file = /var/run/MailScanner.pid version 4.57.6 I can upgrade to latest as no one yellled any major bugs. But i haven't seen anything about this in the fixes. Anyone else is getting this problem ? Later, Charles From gerard at seibercom.net Wed Feb 7 16:57:07 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Wed Feb 7 16:00:45 2007 Subject: reject mails unknown users at smtp stage (postfix & relay_recipient_maps) In-Reply-To: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> Message-ID: <20070207105537.452F.GERARD@seibercom.net> On Wednesday February 07, 2007 at 10:06:11 (AM) Mikael Kermorgant wrote: > We're using mailscanner and postfix on our smtp frontend. > In order to improve it, we'd like to reject mails to unknown users by > setting up a relay_recipient_maps parameter in postfix. > > However, my changes don't seem to be taken into account because mails > are still presented to our backend server. > > I would welcome any suggestion about that. Personally, I think your message might be better suited for the Postfix forum: http://www.postfix.com/lists.html -- Gerard From ewallig at aerocontractors.com Wed Feb 7 17:23:54 2007 From: ewallig at aerocontractors.com (Ed Wallig) Date: Wed Feb 7 16:27:51 2007 Subject: Version of Sophos to use Message-ID: Hi, Per the docs, looking at using Sophos for a new install of MailScanner - which specific product should I use - the Enterprise version for Linux? MailMonitor? The SAV Interface? Help please! Thanks, Ed Wallig -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070207/97dccc37/attachment.html From martinh at solidstatelogic.com Wed Feb 7 17:27:25 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 7 16:31:37 2007 Subject: Version of Sophos to use In-Reply-To: Message-ID: <73aaa3071285cd44835d1a5aa2c5224a@solidstatelogic.com> Ed Savi is the cheapest and all you need.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ed Wallig > Sent: 07 February 2007 16:24 > To: mailscanner@lists.mailscanner.info > Subject: Version of Sophos to use > > Hi, > > Per the docs, looking at using Sophos for a new install of MailScanner - > which specific product should I use - the Enterprise version for Linux? > MailMonitor? The SAV Interface? Help please! > > > Thanks, > > Ed Wallig > > > > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mikael.kermorgant at gmail.com Wed Feb 7 18:14:49 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Wed Feb 7 17:18:42 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> Message-ID: <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> 2007/2/7, Drew Burchett : > You didn't mention what sort of backend you're delivering to, but here's > the way I did it with Exchange 2000 & 2003: > > Local_recipient_maps = > hash:/etc/postfix/db/local,ldap:/etc/postfix/ldap/users.ldap > > The file /etc/postfix/db/local contains a list of domains that I can > relay for, but can't be contacted via ldap. This could also be a list > of individual users if you wanted to keep it synched with your list of > valid email addresses. Thank you, that worked ! Sorry for being offtopic, I suspected there would be something linked to postfix's configuration with the hold queue which is a bit mailscanner specific. Regards, -- Mikael Kermorgant From sandrews at andrewscompanies.com Wed Feb 7 18:59:16 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed Feb 7 18:03:12 2007 Subject: Sendmail rbl References: Message-ID: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> Check here: http://www.sendmail.org/doc/sendmail-current/doc/op/op.pdf Somewhere about page 42 it list all the macros. I think you're looking for $f Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: Wednesday, February 07, 2007 9:34 AM To: mailscanner@lists.mailscanner.info Subject: OT: Sendmail rbl Hi Very off topic so will be brief, just been tearing my hair out trying to find a way to do this and im sure its straight forward. Im using FEATURE(`dnsbl','sbl-xbl.spamhaus.org',`"554 Rejected " $&{client_addr} " - listed in rbl"')dnl Which works fine, what im trying to do is include the senders address in the 554 Reject message i.e. 554 Rejected x.x.x.x From - abc@test.com - listed in rbl Is there a sendmail macro (not sure if thats the correct term) for the senders address the same as there is for the clients address i.e. $&{client_addr} The reason I want to do this, is so its easier for me to parse and log the info when I have all the info on one line. Any help appreciated. Thanks Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From itdept at fractalweb.com Wed Feb 7 20:45:21 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 7 19:51:58 2007 Subject: extract all images from spam folder? In-Reply-To: <45C9815A.5020902@statsbiblioteket.dk> References: <45C7A3D1.80503@fractalweb.com> <45C9815A.5020902@statsbiblioteket.dk> Message-ID: <45CA2C51.70204@fractalweb.com> Tom G. Christensen wrote: > # cd > # for i in *; do uudeview -i -m +e .jpg.gif.png -p /tmp/spampics $i; done > > The key is ofcourse uudeview that does uu/yenc/base64 decoding. Tom, This is precisely what I was after. Couldn't have possibly been a better solution. Perfect. Thank you! Chris From ewallig at aerocontractors.com Wed Feb 7 20:49:26 2007 From: ewallig at aerocontractors.com (Ed Wallig) Date: Wed Feb 7 19:53:23 2007 Subject: Version of Sophos to use In-Reply-To: <73aaa3071285cd44835d1a5aa2c5224a@solidstatelogic.com> References: <73aaa3071285cd44835d1a5aa2c5224a@solidstatelogic.com> Message-ID: Thanks! :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: Wednesday, February 07, 2007 11:27 AM To: MailScanner discussion Subject: RE: Version of Sophos to use Ed Savi is the cheapest and all you need.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ed Wallig > Sent: 07 February 2007 16:24 > To: mailscanner@lists.mailscanner.info > Subject: Version of Sophos to use > > Hi, > > Per the docs, looking at using Sophos for a new install of MailScanner - > which specific product should I use - the Enterprise version for Linux? > MailMonitor? The SAV Interface? Help please! > > > Thanks, > > Ed Wallig > > > > > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jfagan at firstlightnetworks.com Wed Feb 7 20:53:10 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Wed Feb 7 19:55:40 2007 Subject: Sendmail rbl In-Reply-To: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F0841@FLN1.fln.local> > Check here: > http://www.sendmail.org/doc/sendmail-current/doc/op/op.pdf > > Somewhere about page 42 it list all the macros. I think > you're looking for $f > > Steve Thanks Steve. This is a good idea and I just tested it with an rbl and seems to work like a charm. sendmail.mc line: (all one line) FEATURE(enhdnsbl, `sbl-xbl.spamhaus.org', `"550 - Email "`$&f'" rejected from "`$&{client_addr}'" check it: http://www.spamhaus.org/query/bl?ip="`$&{client_addr}'"')dnl (It is zen, I just didnt rename the zone) results: (all one line) reject=550 5.7.1 ... - Email cnkbmnne@txu.com rejected from 82.1.101.168 check it: http://www.spamhaus.org/query/bl?ip=82.1.101.168 Seems there is alot of information that can be added to the rejection message. I think this could definatly be usefull. James > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Paul Houselander > Sent: Wednesday, February 07, 2007 9:34 AM > To: mailscanner@lists.mailscanner.info > Subject: OT: Sendmail rbl > > Hi > > Very off topic so will be brief, just been tearing my hair > out trying to find a way to do this and im sure its straight forward. > > Im using > > FEATURE(`dnsbl','sbl-xbl.spamhaus.org',`"554 Rejected " > $&{client_addr} " - listed in rbl"')dnl > > Which works fine, what im trying to do is include the senders > address in the > 554 Reject message i.e. > > 554 Rejected x.x.x.x From - abc@test.com - listed in rbl > > Is there a sendmail macro (not sure if thats the correct > term) for the senders address the same as there is for the > clients address i.e. > $&{client_addr} > > The reason I want to do this, is so its easier for me to > parse and log the info when I have all the info on one line. > > Any help appreciated. > > Thanks > > Paul > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From r.berber at computer.org Wed Feb 7 21:09:50 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 20:14:41 2007 Subject: Minor bug in 4.58.9: check_mail:123 "echo -n" is not portable In-Reply-To: <45C9B9E4.1040104@ecs.soton.ac.uk> References: <45C9B9E4.1040104@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > My best attempt to solve this one is this: > > printf 'Starting MailScanner...' 2>/dev/null || echo -n 'Starting > MailScanner...' > > Then you just have to have one or the other. Looks good, and works fine in Solaris and Linux. -- Ren? Berber From r.berber at computer.org Wed Feb 7 21:12:57 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 7 20:19:03 2007 Subject: Suggestion to speed MailScanner up In-Reply-To: <950d4078a9a40645a2c9c74f4cfdf9bd@solidstatelogic.com> References: <950d4078a9a40645a2c9c74f4cfdf9bd@solidstatelogic.com> Message-ID: Martin.Hepworth wrote: > Not a good idea. Even if it's spam you need to check if there's a virus > in there so you don't release malware by accident. The point was: the message is marked for deletion, is any more work useful? no, so can MS shortcut the processing? -- Ren? Berber From pete at enitech.com.au Wed Feb 7 22:09:08 2007 From: pete at enitech.com.au (Peter Russell) Date: Wed Feb 7 21:13:08 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> Message-ID: <45CA3FF4.60304@enitech.com.au> Mikael Kermorgant wrote: > 2007/2/7, Drew Burchett : >> You didn't mention what sort of backend you're delivering to, but here's >> the way I did it with Exchange 2000 & 2003: >> >> Local_recipient_maps = >> hash:/etc/postfix/db/local,ldap:/etc/postfix/ldap/users.ldap >> >> The file /etc/postfix/db/local contains a list of domains that I can >> relay for, but can't be contacted via ldap. This could also be a list >> of individual users if you wanted to keep it synched with your list of >> valid email addresses. > > Thank you, that worked ! > Sorry for being offtopic, I suspected there would be something linked > to postfix's configuration with the hold queue which is a bit > mailscanner specific. > > Regards, > Any have any thoughts on performance difference between the method suggested by Drew Vs a local hashed recipient map? I am concerned about the quality of the network connection from my GW to the Exchange - Exchange is unreachable is mail rejected or deferred? From Carl.Andrews at crackerbarrel.com Wed Feb 7 22:38:35 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Wed Feb 7 21:42:33 2007 Subject: Greylisting .. nice .. In-Reply-To: <200702061517.l16FH5U3008986@smtpgw1.crackerbarrel.com> Message-ID: <113A0DFC086C984AB9EFDF6B8614F0750125131F@exchange03.CBOCS.com> Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rob Poe Sent: Tuesday, February 06, 2007 9:14 AM To: MailScanner discussion Subject: RE: Greylisting .. nice .. >>1040 blocked yesterday due to sendmail access.db blocks (the worst >>subnet offenders from foreign countries) >>20,000 blocked for invalid recipient >>124 blocked by RBLs, of which I cannot use all of because their clients >>host email servers on DSL / Cable modem connections. >>68 blocked by spamassassin for high spam score >>2000 greylist 1st attempts >>204 greylist passes >How did you get these numbers? Do you have a shell script or perl script >that parses your logs? Yup. PHP shell scripts (don't ask, lol) doing grep -wc commands against the maillog for the specific day only. Why did I do it in PHP? Quick and dirty, didn't want to have to remember how to do it in BASH .. don't know PERL well enough to do it there. Example script below.. One for each. I'm sure, that it could be done more prettily - but this does work.. #!/usr/bin/php -q -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Wed Feb 7 23:14:42 2007 From: res at ausics.net (Res) Date: Wed Feb 7 22:18:46 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: On Wed, 7 Feb 2007, Charles Lacroix wrote: > i run freebsd 6.1 and once in a while like every day, i end up getting the > string MailScanner in my /var/run/MailScanner.pid file. I assume this is a ports version and not a real source? Never seen that before. > I can upgrade to latest as no one yellled any major bugs. But i haven't seen > anything about this in the fixes. It is rare any bug gets into a stable release, because theres enough of us here to find any in betas, 99% of the time the betas are stable enough to run on production anyway, but of course just like any beta, I don't recommend it, unless its a sec mx or something where it doesnt really matter as much since 99% of mail that hits them are spam anyway :) Grab the latest tarball and throw it on. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From garry at glendown.de Wed Feb 7 23:21:33 2007 From: garry at glendown.de (Garry Glendown) Date: Wed Feb 7 22:25:31 2007 Subject: OT: Automatic signature attached? Message-ID: <45CA50ED.7090306@glendown.de> due to law changes here in Germany, we have received inquiries about automatic adding of pre-specified signatures to outgoing mails. In one case, the customer mail server has to add one of four different signatures depending on the sender address domain ... does anybody have any pointer towards a tool that would allow something like this? Thanks! -gg -- Orwell was an Optimist From res at ausics.net Wed Feb 7 23:22:33 2007 From: res at ausics.net (Res) Date: Wed Feb 7 22:26:32 2007 Subject: Sendmail rbl In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0841@FLN1.fln.local> References: <1964AAFBC212F742958F9275BF63DBB042A023@winchester.andrewscompanies.com> <59E4A3A1069C2640959AD0F7518C48122F0841@FLN1.fln.local> Message-ID: Just some cosmetics.. On Wed, 7 Feb 2007, James Fagan wrote: > > FEATURE(enhdnsbl, `sbl-xbl.spamhaus.org', `"550 - Email "`$&f'" rejected > from "`$&{client_addr}'" check it: > http://www.spamhaus.org/query/bl?ip="`$&{client_addr}'"')dnl You dont need all those extra commas, in fact you might confuse sendmail with fields. The correct way would be to use something like... FEATURE(`enhdnsbl', `sbl-xbl.spamhaus.org', `"550 - Email "$&f" rejected from "$&{client_addr}" check it: http://www.spamhaus.org/query/bl?ip="$&{client_addr}',`')dnl ..remember it is not the macros you are enclosing, it is only the text. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From carlos.pastorino at gmail.com Wed Feb 7 23:44:23 2007 From: carlos.pastorino at gmail.com (Carlos Pastorino) Date: Wed Feb 7 22:48:19 2007 Subject: Suggestion to speed MailScanner up Message-ID: Hi everyone, I receive this list in Digest mode, so I will answer everyone in one go. Martin Hepworth wrote: > Not a good idea. Even if it's spam you need to check if there's a > virus in there so you don't release malware by accident. Martin, I agree with you. If I choose "Spam Actions = store" or "High Scoring Spam Actions = store", then yes, by all means, I want MailScanner to continue on checking for viruses. But, if I choose "Spam Actions = delete" or "High Scoring Spam Actions = delete", then I believe that the virus scanning is a burden. > AV checks are quite quick in comparison to Spamassassin checks.. > assuming you're doing SA which it doesn't look like you are.. Martin, actually I am using SA, but since I am setting "Check SpamAssassin If On Spam List = no", MailScanner skips SA if the spam has already been found on a RBL. Steve Freegard wrote: > Yes - check your settings for 'Keep Spam and MCP quarantine clean', > if it is set to 'Yes', then change it to 'No' and I think you'll > get the desired result. Steve, the "Keep Spam and MCP quarantine clean" is already set to "no". I left it in the default setting. So, makes no difference to set it to yes or no as far as the desired result is concerned. Glenn Steen wrote: > One would think that one should be able to enhance the logic > behind the "Keep Spam and MCP quarantine clean" setting a bit, > so that it actually checks whether the message would be delivered > at all, anywhere... Glenn, I totally agree. Rene Berber wrote > The point was: the message is marked for deletion, is any more work > useful? no, so can MS shortcut the processing? Rene, you got the idea. Best regards to all, Carlos From alex at nkpanama.com Wed Feb 7 23:49:46 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 7 22:55:19 2007 Subject: OT: Automatic signature attached? In-Reply-To: <45CA50ED.7090306@glendown.de> References: <45CA50ED.7090306@glendown.de> Message-ID: <45CA578A.3000202@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: OT: Automatic signature attached? is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 BOTNET_BADDNS IP address doesn't have full circle DNS 0.8 INFO_TLD URI: Contains an URL in the INFO top-level domain 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [200.75.226.223 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [200.75.226.223 listed in combined.njabl.org] 2.0 BOTNET Any Botnet rule hit -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman van der Hans Subject: Re: OT: Automatic signature attached? Date: Wed, 07 Feb 2007 17:49:46 -0500 Size: 1627 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070207/f7b416f9/attachment.mht From ssilva at sgvwater.com Wed Feb 7 23:52:19 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 7 22:56:41 2007 Subject: OT: Automatic signature attached? In-Reply-To: <45CA50ED.7090306@glendown.de> References: <45CA50ED.7090306@glendown.de> Message-ID: Garry Glendown spake the following on 2/7/2007 2:21 PM: > due to law changes here in Germany, we have received inquiries about > automatic adding of pre-specified signatures to outgoing mails. In one > case, the customer mail server has to add one of four different > signatures depending on the sender address domain ... does anybody have > any pointer towards a tool that would allow something like this? > > Thanks! > > -gg > Use this section of mailscanner.conf with a ruleset. # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt and enable sign clean messages. Be prepared to have some problems with some signed mail, as it will sometimes alter the message and break the signature. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rabollinger at gmail.com Thu Feb 8 00:05:21 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Wed Feb 7 23:09:16 2007 Subject: Message never gets out of mqueue.in In-Reply-To: References: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> Message-ID: <7744a2840702071505q6f1b93fdg7baedf54a6a91f8a@mail.gmail.com> On 2/7/07, Martin.Hepworth wrote: > Richard > > Bother I hate doing this.. > > > When you upgraded did you force the locktype in MailScanner.conf. recent > MailScanner versions assume sendmail is 8.13+ and posix locktype rather > than older versions with assume sendmail is 8.12 or previous and flock > locktype. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > We're running sendmail-8.13.8 MailScanner.conf has this line in it: Lock Type = Here's the output of the -debug run: /root@rb-ls1:/u/tmp/looping# /opt/bin/MailScanner -debug In Debugging mode, not forking... [28597] warn: FuzzyOcr: Cannot find executable for ocrad Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 read-open /var/spool/MailScanner/incoming/28597/l17Bo8oL007167/LOS_pdf: No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm line 435. My first guess would be that the problem may be related to foreign language attachment names and the TNEF decoders.... this email was from an partner in India. Thanks, Rich B From jaearick at colby.edu Thu Feb 8 02:58:08 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 8 02:02:09 2007 Subject: anybody know about vendaregroup.com? Message-ID: Gang, I've noticed over the last couple of weeks that a lot of the outbound email sitting in my delay queue (ie, the stuff that isn't moving) was to be returned to vendaregroup.com. I started investigating. The source addresses varied widely, but the common thread was that when I did a dig on the domain name, the CNAME always pointed to them, eg: dig kingofjeans.com ... ;; ANSWER SECTION: kingofjeans.com. 35815 IN CNAME dpweb.vendaregroup.com. dpweb.vendaregroup.com. 713 IN A 72.5.175.90 (etc) I googled on vendare and didn't really find much nefarious info on them. They just seem to be squatting on lots of domain names. So... I then added the following to my sendmail access db file: vendaregroup.com "550 Domain does not exist." rebuilt my access.db file, and started watching the syslogs. Whoohoo!! I am rejecting a fair amount of what is obviously spam right at my MTA, stuff that gets noted as "may be forged" and the like. Anybody else notice this? Anybody know anything more about vendaregroup.com? Jeff Earickson Colby College From nats at sscrmnl.edu.ph Thu Feb 8 03:25:47 2007 From: nats at sscrmnl.edu.ph (Jose Nathaniel Nengasca) Date: Thu Feb 8 02:30:17 2007 Subject: rejecting emails by country origin Message-ID: <001b01c74b28$71ea6430$3d64a8c0@NATS> hi, is the file contry.domains.conf is for rejecting or accepting? I really want to block emails from country like russia for exmaple and based on the ip address not just on their headers. Tia -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From keith at 12345678.org Thu Feb 8 03:51:32 2007 From: keith at 12345678.org (keith) Date: Thu Feb 8 02:55:38 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? Message-ID: <20070208023714.M32928@12345678.org> Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode for Exchange behind, my manager need me to auto forward his in/out mail to yahoo mail, I try to turn on the "Archive Mail" function in MS , the maillog displayed the mail is accept and queued mail for delivery but it cannot forward to specify mail account , the following is my setting, would anyone can tell me the "Archive Mail" can work with gateway mode or my syntax have something wrong ? --- Config File ---- /etc/MailScanner/MailScanner.conf ## Archive Mail = %rules-dir%/archive.rules ## ------------------------------------- /etc/MailScanner/rules/archive.rules ## FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com ## ---------------------------------------- Thank you very much Keith -- From res at ausics.net Thu Feb 8 04:41:55 2007 From: res at ausics.net (Res) Date: Thu Feb 8 03:46:00 2007 Subject: rejecting emails by country origin In-Reply-To: <001b01c74b28$71ea6430$3d64a8c0@NATS> References: <001b01c74b28$71ea6430$3d64a8c0@NATS> Message-ID: Jose, On Thu, 8 Feb 2007, Jose Nathaniel Nengasca wrote: > is the file contry.domains.conf is for rejecting or accepting? I really want > to block emails from country like russia for exmaple and based on the ip > address not just on their headers. This is used in relation to phishing and is not used for accepting/rejecting mail based on country. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From keith at 12345678.org Thu Feb 8 07:57:03 2007 From: keith at 12345678.org (keith) Date: Thu Feb 8 07:01:09 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? (Problem fixed) In-Reply-To: <20070208023714.M32928@12345678.org> References: <20070208023714.M32928@12345678.org> Message-ID: <20070208065255.M94504@12345678.org> Sorry for all, I found my fault is the syntax of the ruleset file, between the email address and "FromOrTo" without a space, after I insert a space the function is ok now. Sorry for my foolish. On Thu, 8 Feb 2007 10:51:32 +0800, keith wrote > Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode > for Exchange behind, my manager need me to auto forward his in/out > mail to yahoo mail, I try to turn on the "Archive Mail" function in > MS , the maillog displayed the mail is accept and queued mail for > delivery but it cannot forward to specify mail account , the > following is my setting, would anyone can tell me the "Archive Mail" > can work with gateway mode or my syntax have something wrong ? > > --- Config File ---- > /etc/MailScanner/MailScanner.conf > ## > Archive Mail = %rules-dir%/archive.rules > ## > ------------------------------------- > /etc/MailScanner/rules/archive.rules > ## > FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com > ## > ---------------------------------------- > > Thank you very much > Keith > -- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- From glenn.steen at gmail.com Thu Feb 8 09:02:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 8 08:06:06 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? In-Reply-To: <20070208023714.M32928@12345678.org> References: <20070208023714.M32928@12345678.org> Message-ID: <223f97700702080002r2b587dc9g9b4080139b71286e@mail.gmail.com> On 08/02/07, keith wrote: > Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode for > Exchange behind, my manager need me to auto forward his in/out mail to yahoo > mail, I try to turn on the "Archive Mail" function in MS , the maillog > displayed the mail is accept and queued mail for delivery but it cannot > forward to specify mail account , the following is my setting, would anyone > can tell me the "Archive Mail" can work with gateway mode or my syntax have > something wrong ? > > --- Config File ---- > /etc/MailScanner/MailScanner.conf > ## > Archive Mail = %rules-dir%/archive.rules > ## > ------------------------------------- > /etc/MailScanner/rules/archive.rules > ## > FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com > ## > ---------------------------------------- > > Thank you very much > Keith Try putting some whitespace between the "FromOrTo:" and the address you match, remove the "yes" and restart/reload MailScanner... Should make a difference. Why are you doing this on Archive Mail (which will give him/her the "bad stuff" like viruses and spam too), instead of the "cleaner" Non Spam Actions etc? Seems like an unhealthy thing to be "originating" spam and viruses sent to yahoo...;-). When you move over to that, remember to set a default entry with the normal actions (deliver and whatever else)....:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dimavo at gmail.com Thu Feb 8 10:10:09 2007 From: dimavo at gmail.com (Dimitri Volski) Date: Thu Feb 8 09:14:05 2007 Subject: X-Relay-Countries Message-ID: <574ff8c30702080110l667c2438ic4418446e2b9f441@mail.gmail.com> Hi All, I am having troubles getting the SpamAssassin scores based on Relay Countries. A snip of the log: debug: received-header: relay 84.56.164.42 trusted? no internal? no debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: [ ip=84.56.164.42 rdns= dslb-084-056-164-042.pools.arcor-ip.net helo=callaria.com by=mx.google.comident= envfrom= intl=0 id= p4si1743305qba.2007.02.05.02.02.53 auth= ] debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x931059c) implements 'extract_metadata' debug: metadata: X-Relay-Countries: DE debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x99dd4c8) implements 'parsed_metadata' Here I can see that the country is detected as Denmark, but when I insert header RELAY_DE X-Relay-Countries =~/\bDE\b/ describe RELAY_DE Relayed through Germany score RELAY_DE 1.0 into /etc/MailScanner/spam.assassin.prefs.conf , I cannot see it in theSpamAssassin report (if run manually on source of the message above) or the MailScanner report. If run manually, SpamAssassin gives this header in the end: X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on exmail X-Spam-Level: **** X-Spam-Status: No, score=4.4 required=5.0 tests=FORGED_RCVD_HELO,RCVD_BY_IP, RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no version=3.0.5 In which I cannot see the RELAY_DE Please help ! :) Cheers, dim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070208/1ca068a4/attachment.html From nats at sscrmnl.edu.ph Thu Feb 8 10:17:23 2007 From: nats at sscrmnl.edu.ph (Jose Nathaniel Nengasca) Date: Thu Feb 8 09:22:02 2007 Subject: rejecting emails by country origin In-Reply-To: Message-ID: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> Thanks for that info Res. Anyway is there plugins that I could use that blocks certain country domains and/or geographical origin based on ip address of the sender? Thanks for any info on this. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Thursday, February 08, 2007 11:42 AM To: MailScanner discussion Subject: Re: rejecting emails by country origin Jose, On Thu, 8 Feb 2007, Jose Nathaniel Nengasca wrote: > is the file contry.domains.conf is for rejecting or accepting? I > really want to block emails from country like russia for exmaple and > based on the ip address not just on their headers. This is used in relation to phishing and is not used for accepting/rejecting mail based on country. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Thu Feb 8 10:38:04 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 8 09:42:17 2007 Subject: {Disarmed} X-Relay-Countries In-Reply-To: <574ff8c30702080110l667c2438ic4418446e2b9f441@mail.gmail.com> Message-ID: Dimitri Some on the IRC channel was having a similar problem a couple of days ago - you?? MailScanner will NOT insert SA headers into the email It will put the info in the MailScanner-SpamScore header if you tell to be verbose. Given running SA on its own doesn't insert info either I suggest you lint check the SA config and fix any issues first.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dimitri Volski > Sent: 08 February 2007 09:10 > To: mailscanner@lists.mailscanner.info > Subject: {Disarmed} X-Relay-Countries > > Hi All, > > I am having troubles getting the SpamAssassin scores based on Relay > Countries. > > A snip of the log: > > debug: received-header: relay MailScanner warning: numerical links are > often malicious: 84.56.164.42 trusted? no internal? > no > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: [ ip=MailScanner warning: > numerical links are often malicious: 84.56.164.42 > rdns=dslb-084-056-164-042.pools.arcor-ip.net helo=callaria.com > by=mx.google.com ident= envfrom= intl=0 > id=p4si1743305qba.2007.02.05.02.02.53 auth= ] > debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x931059c) > implements 'extract_metadata' > debug: metadata: X-Relay-Countries: DE > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x99dd4c8) > implements 'parsed_metadata' > > Here I can see that the country is detected as Denmark, but when I insert > > header RELAY_DE X-Relay-Countries =~/\bDE\b/ > describe RELAY_DE Relayed through Germany > score RELAY_DE 1.0 > > into /etc/MailScanner/spam.assassin.prefs.conf , I cannot see it in > theSpamAssassin report (if run manually on source of the message above) or > the MailScanner report. > > If run manually, SpamAssassin gives this header in the end: > > X-Spam-Flag: NO > X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on exmail > X-Spam-Level: **** > X-Spam-Status: No, score=4.4 required= 5.0 > tests=FORGED_RCVD_HELO,RCVD_BY_IP, > RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no > version=3.0.5 > > In which I cannot see the RELAY_DE > > Please help ! :) > > Cheers, > dim > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From res at ausics.net Thu Feb 8 10:43:29 2007 From: res at ausics.net (Res) Date: Thu Feb 8 09:47:32 2007 Subject: rejecting emails by country origin In-Reply-To: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> Message-ID: Hi, On Thu, 8 Feb 2007, Jose Nathaniel Nengasca wrote: > Thanks for that info Res. Anyway is there plugins that I could use that > blocks certain country domains and/or geographical origin based on ip > address of the sender? I believe spamassassin might, try the spamassassin web site for help on it. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From drew at technologytiger.net Thu Feb 8 11:51:44 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu Feb 8 10:55:46 2007 Subject: reject mails unknown users at smtp stage (postfix &relay_recipient_maps) In-Reply-To: <45CA3FF4.60304@enitech.com.au> References: <9711147e0702070706p39cd225aj749342680948463f@mail.gmail.com> <1E75E79B854C814784D0E8C5BA55AF76F771EF@uss2k01.united-systems.local> <9711147e0702070914n56f2e108i415c1faa5339c8b4@mail.gmail.com> <45CA3FF4.60304@enitech.com.au> Message-ID: <12F76A8B-6CC3-4217-A102-6E6A5BD2CAE2@technologytiger.net> On 7 Feb 2007, at 21:09, Peter Russell wrote: > Any have any thoughts on performance difference between the method > suggested by Drew Vs a local hashed recipient map? > > I am concerned about the quality of the network connection from my > GW to the Exchange - Exchange is unreachable is mail rejected or > deferred? It will be rejected with a 421 (I think from memory) error as being unable to look up against the ldap database. Personally, I prefer a local database so I have the mail even when the Microsoft kit fails. Performance wise you won't notice much difference unless you Exchange server is on the end of a 56k modem or possible on a high latency satellite link Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From vlad at univap.br Thu Feb 8 13:07:59 2007 From: vlad at univap.br (Vladimir M Costa) Date: Thu Feb 8 12:12:16 2007 Subject: rejecting emails by country origin In-Reply-To: <001b01c74b28$71ea6430$3d64a8c0@NATS> References: <001b01c74b28$71ea6430$3d64a8c0@NATS> Message-ID: <45CB129F.6080500@univap.br> Jose, If you want to block at the MTA level, use a DNSBL list. See http://countries.nerd.dk/ , this is an IP-to-country DNS mapping service. Vladimir Jose Nathaniel Nengasca wrote: > hi, > > is the file contry.domains.conf is for rejecting or accepting? I really want > to block emails from country like russia for exmaple and based on the ip > address not just on their headers. > > Tia > > From tmartins at gmail.com Thu Feb 8 13:15:49 2007 From: tmartins at gmail.com (Thiago Martins) Date: Thu Feb 8 12:19:45 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: I have MailScanner-4.56.8 port here in a FBSD 6.1 box. I have no problems like that. But as you can see my port version is older then yours. Report your problem to the port maintainer and maybe he can help you. http://www.freebsd.org/cgi/ports.cgi?query=mailscanner-4.57.6_1&stype=all&sektion=all On 2/7/07, Charles Lacroix wrote: > Hi, > > i run freebsd 6.1 and once in a while like every day, i end up getting the > string > MailScanner in my /var/run/MailScanner.pid file. > > I got my pid file setup in MailScanner.conf > PID file = /var/run/MailScanner.pid > > version 4.57.6 > > I can upgrade to latest as no one yellled any major bugs. But i haven't seen > anything about this in the fixes. > > Anyone else is getting this problem? From roger at rudnick.com.br Thu Feb 8 13:47:48 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Feb 8 12:52:18 2007 Subject: Out of Topic: IMAP References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: <020c01c74b7f$5692f5b0$0600a8c0@roger> Since almost everyone here nows a lot about e-mail, server configuration, and that kind of stuff, I was wondering: how many of you use IMAP instead of POP3 for mail access? I allways used POP3 on my server, and reading about IMAP shows me a lot of advantages... A problem would be the server disk size, but since disks are not so expansive nowadays, I'm considering changing the protocol when I upgrade my server. Any ideas or sugestions about it? Any of you that already had an experience with this could give me some tips, some impressions about it? Regards Roger Jochem From martinh at solidstatelogic.com Thu Feb 8 13:53:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 8 12:57:38 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Yup imap has many advantages, chief amongst then is backup/restore, ie one less reason to backup the desktops. Also means you can start sharing info better with shared folders than just every modern imap server does - may I recommend Dovecot. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Roger Jochem > Sent: 08 February 2007 12:48 > To: MailScanner discussion > Subject: Out of Topic: IMAP > > Since almost everyone here nows a lot about e-mail, server configuration, > and that kind of stuff, I was wondering: how many of you use IMAP instead > of > POP3 for mail access? > > I allways used POP3 on my server, and reading about IMAP shows me a lot of > advantages... A problem would be the server disk size, but since disks are > not so expansive nowadays, I'm considering changing the protocol when I > upgrade my server. > > Any ideas or sugestions about it? Any of you that already had an > experience > with this could give me some tips, some impressions about it? > > Regards > > Roger Jochem > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From rabellino at di.unito.it Thu Feb 8 14:26:33 2007 From: rabellino at di.unito.it (Rabellino Sergio) Date: Thu Feb 8 13:31:58 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <45CB2509.4030305@di.unito.it> Roger Jochem wrote: > Since almost everyone here nows a lot about e-mail, server > configuration, and that kind of stuff, I was wondering: how many of > you use IMAP instead of POP3 for mail access? > > I allways used POP3 on my server, and reading about IMAP shows me a > lot of advantages... A problem would be the server disk size, but > since disks are not so expansive nowadays, I'm considering changing > the protocol when I upgrade my server. > > Any ideas or sugestions about it? Any of you that already had an > experience with this could give me some tips, some impressions about it? > > Regards > > Roger Jochem For users, IMAP is definitely a better solution than POP3. You can choose to download or not the messages to your MailClient, reducing considerably the download time, as you can get out from your server only the subjects.On the other side you need more disk space on the server, because the users left the Inbox (and the other mailboxes) onto the server: more simple to do a mail backup, but more space needed at all. We're using imap since '99 - the classic wu-imap Washington University - an opensource solution, but simple to compile and install, but I think that many commercial solution - maybe simpler than wu - are available around the world. Feel free to ask me directly other info, if you need. bye. -- Ing. Sergio Rabellino Head of ICT Services Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From amoore at dekalbmemorial.com Thu Feb 8 14:38:04 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Feb 8 13:42:01 2007 Subject: rejecting emails by country origin In-Reply-To: References: <001b01c74b28$71ea6430$3d64a8c0@NATS> Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F342A2@exch1.dekalbmemorial.local> Vladimir M Costa wrote: > > If you want to block at the MTA level, use a DNSBL list. > > See http://countries.nerd.dk/ , this is an IP-to-country DNS > mapping service. > http://blackholes.us/ has a good list. They supply it in rbldnsd format. I use it to bump up my greylisting intervals in milter-greylist. It's a fairly straight forward install. The hardest part I had the first time I set this up was with getting bind to query the local rbldnsd daemon, but that was due to a missing symlink in the bind package of the distro I was using. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From jaearick at colby.edu Thu Feb 8 14:38:25 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 8 13:42:28 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: ZOn Thu, 8 Feb 2007, Roger Jochem wrote: > Date: Thu, 8 Feb 2007 10:47:48 -0200 > From: Roger Jochem > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Out of Topic: IMAP > > Since almost everyone here nows a lot about e-mail, server configuration, and > that kind of stuff, I was wondering: how many of you use IMAP instead of POP3 > for mail access? We use both. We used to use UW IMAP but switched to dovecot maybe 1.5 years ago, just about the time the first beta of 1.0 came out. It was a huge win over UW IMAP in terms of performance even then. It has just gotten better since, despite "not 1.0" yet. Timo's rc code is way better than most 2.0 version code I have seen. We use mbox format. To get the true advantages of IMAP, you need to use maildir format, not a trivial switch. We warn users to pick IMAP or POP, but don't use both at the same time (mailbox corruption will occur, people learn). Most of our students use IMAP via horde/imp webmail, others use it via Eudora or Pine (eg, me). The older staffers use POP mostly. We hope to make POP disappear eventually. > > I allways used POP3 on my server, and reading about IMAP shows me a lot of > advantages... A problem would be the server disk size, but since disks are > not so expansive nowadays, I'm considering changing the protocol when I > upgrade my server. Yup, IMAP gobbles up disk. If you go to maildir format, it will also gobble up inodes. Consider using a filesystem that avoids fixed inode counts, like UFS. We use ZFS (Solaris 10) for our IMAP/home directory space. Jeff Earickson Colby College From Richard.Frovarp at sendit.nodak.edu Thu Feb 8 16:26:09 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 8 15:30:06 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <45CB4111.2070205@sendit.nodak.edu> Roger Jochem wrote: > Since almost everyone here nows a lot about e-mail, server > configuration, and that kind of stuff, I was wondering: how many of > you use IMAP instead of POP3 for mail access? > > I allways used POP3 on my server, and reading about IMAP shows me a > lot of advantages... A problem would be the server disk size, but > since disks are not so expansive nowadays, I'm considering changing > the protocol when I upgrade my server. > > Any ideas or sugestions about it? Any of you that already had an > experience with this could give me some tips, some impressions about it? > > Regards > > Roger Jochem IMAP MAY use more disk space. This is due to the fact that both protocols can download and delete message, or leave messages on the server, just their defaults are opposite. I've always configured my POP3 clients to leave the messages on the server, as I usually want to access them from multiple locations. In that scenario, POP3 is actually going to use more network and disk resources (reads) than IMAP, since the client will waste time downloading messages I won't be reading. I'm guessing most people don't do this. However, if your setup instructions tell the user to check that little box, then that is a different story. With people checking email from work and home, this may be more common. We run IMAP and use mbx format. There are occasional issues when the index is corrupted, but there are tools to fix it. Using mbx over maildir prevents the system from having to read n files for the required information, where n is the number of messages in the folder. As you might expect n can grow to be quite large. From campbell at cnpapers.com Thu Feb 8 16:38:14 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 8 15:43:22 2007 Subject: Out of Topic: IMAP References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> Message-ID: <005601c74b97$25a47bf0$0705000a@ddf5dw71> > We run IMAP and use mbx format. There are occasional issues when the > index is corrupted, but there are tools to fix it. Using mbx over maildir > prevents the system from having to read n files for the required > information, where n is the number of messages in the folder. As you might > expect n can grow to be quite large. > -- Would you care to provide the tool you use to repair the corruption, please? I have looked (half-heartedly) for a tool that would do this, and although I have found a few, none seem to be really all that great. Thanks, Steve Campbell campbell@cnpapers.com Charleston Newspapers From mikea at mikea.ath.cx Thu Feb 8 16:42:18 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Feb 8 15:46:21 2007 Subject: anybody know about vendaregroup.com? In-Reply-To: References: Message-ID: <20070208154218.GD7892@mikea.ath.cx> On Wed, Feb 07, 2007 at 08:58:08PM -0500, Jeff A. Earickson wrote: > Gang, > > I've noticed over the last couple of weeks that a lot of the outbound > email sitting in my delay queue (ie, the stuff that isn't moving) was > to be returned to vendaregroup.com. I started investigating. The > source addresses varied widely, but the common thread was that when I > did a dig on the domain name, the CNAME always pointed to them, eg: > > dig kingofjeans.com > ... > ;; ANSWER SECTION: > kingofjeans.com. 35815 IN CNAME dpweb.vendaregroup.com. > dpweb.vendaregroup.com. 713 IN A 72.5.175.90 > (etc) > > I googled on vendare and didn't really find much nefarious info on > them. They just seem to be squatting on lots of domain names. > > So... I then added the following to my sendmail access db file: > > vendaregroup.com "550 Domain does not exist." > > rebuilt my access.db file, and started watching the syslogs. > Whoohoo!! I am rejecting a fair amount of what is obviously spam > right at my MTA, stuff that gets noted as "may be forged" and the > like. > > Anybody else notice this? Anybody know anything more about > vendaregroup.com? You might want to use Google Groups, concentrating on the news.admin.net-abuse.* newsgroups, to search for vendaregroup. I blocked them long ago, as sturdy and unregenerate spam-sources, both at home and at work, with no complaints whatsoever about the block from any of my users at work. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From bob.jones at usg.edu Thu Feb 8 17:00:29 2007 From: bob.jones at usg.edu (Bob Jones) Date: Thu Feb 8 16:05:14 2007 Subject: Out of Topic: IMAP In-Reply-To: <45CB4111.2070205@sendit.nodak.edu> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> Message-ID: <45CB491D.706@usg.edu> Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: > > We run IMAP and use mbx format. There are occasional issues when the > index is corrupted, but there are tools to fix it. Using mbx over > maildir prevents the system from having to read n files for the required > information, where n is the number of messages in the folder. As you > might expect n can grow to be quite large. While this may be true in UW-IMAP (not sure, never tried maildir with it), if you use something like dovecot that has an index cache of each mailbox, the system only has to read all those individual files once to create the cache. In fact, if you use the LDA that comes with dovecot, when the message is delivered it is added to the index automatically, so the filesystem never has to worry about reading all those individual files, just each one as the client accesses to actually read the mail. Also, even if you are using mbox format, I highly recommend dovecot as it blows the doors off of UW even with that format. Bob From Richard.Frovarp at sendit.nodak.edu Thu Feb 8 17:03:06 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 8 16:07:03 2007 Subject: Out of Topic: IMAP In-Reply-To: <005601c74b97$25a47bf0$0705000a@ddf5dw71> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <005601c74b97$25a47bf0$0705000a@ddf5dw71> Message-ID: <45CB49BA.4080902@sendit.nodak.edu> Steve Campbell wrote: > >> We run IMAP and use mbx format. There are occasional issues when the >> index is corrupted, but there are tools to fix it. Using mbx over >> maildir prevents the system from having to read n files for the >> required information, where n is the number of messages in the >> folder. As you might expect n can grow to be quite large. >> -- > Would you care to provide the tool you use to repair the corruption, > please? I have looked (half-heartedly) for a tool that would do this, > and although I have found a few, none seem to be really all that great. > > Thanks, > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > We use Mark Clement's recovermbx script to convert the file over to mbox format. We then use mailutil to convert from mbox to mbx. There is of course glue to ship parameters around and do error checking. However, this isn't my work, so I don't want to post it to the list. You may want to check out this out: http://www.opensubscriber.com/message/c-client@u.washington.edu/1108849.html The one down side of our method is that it tends to mark all messages as unread. From jstevens at athensdistributing.com Thu Feb 8 17:13:28 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Thu Feb 8 16:18:27 2007 Subject: Out of Topic: IMAP Message-ID: <1A65E6BAEADF9B4F865314484A13ECF16087FD@atlas.athensdistributing.com> To provide my 2 cents worth we looked at using secure certificates and digital signatures in an IMAP environment which looked very promising(Cyrus and WU implementations) but we were getting confused with the process of deleting mail(messages) a person (Client) had marked for deletion. Hope that made sense. If I remember there were scripted routines that would do the 'actual' delete function of messages that had been flagged for that purpose by the IMAP client. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Thursday, February 08, 2007 9:38 AM To: MailScanner discussion Subject: Re: Out of Topic: IMAP > We run IMAP and use mbx format. There are occasional issues when the > index is corrupted, but there are tools to fix it. Using mbx over maildir > prevents the system from having to read n files for the required > information, where n is the number of messages in the folder. As you might > expect n can grow to be quite large. > -- Would you care to provide the tool you use to repair the corruption, please? I have looked (half-heartedly) for a tool that would do this, and although I have found a few, none seem to be really all that great. Thanks, Steve Campbell campbell@cnpapers.com Charleston Newspapers -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From Richard.Frovarp at sendit.nodak.edu Thu Feb 8 17:19:06 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Feb 8 16:23:04 2007 Subject: Out of Topic: IMAP In-Reply-To: <45CB491D.706@usg.edu> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <45CB491D.706@usg.edu> Message-ID: <45CB4D7A.8030603@sendit.nodak.edu> Bob Jones wrote: > Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: >> >> We run IMAP and use mbx format. There are occasional issues when the >> index is corrupted, but there are tools to fix it. Using mbx over >> maildir prevents the system from having to read n files for the >> required information, where n is the number of messages in the >> folder. As you might expect n can grow to be quite large. > > While this may be true in UW-IMAP (not sure, never tried maildir with > it), if you use something like dovecot that has an index cache of each > mailbox, the system only has to read all those individual files once > to create the cache. In fact, if you use the LDA that comes with > dovecot, when the message is delivered it is added to the index > automatically, so the filesystem never has to worry about reading all > those individual files, just each one as the client accesses to > actually read the mail. > > Also, even if you are using mbox format, I highly recommend dovecot as > it blows the doors off of UW even with that format. > > Bob > Quota handling seems to be a little odd in it. It says it doesn't play well with file system quotas. The Maildir++ quota seems to be a bit more difficult to work with than file system quotas. On first look, I don't see any easy way to tell if a user is over quota or support for grace periods. From MailScanner at ecs.soton.ac.uk Thu Feb 8 17:26:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 8 16:36:07 2007 Subject: OT: Hiring Message-ID: <45CB4F4D.8060304@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We need to hire some additional part time staff who can help with support for MailScanner, MailScanner related applications, MTAs and our DefenderMX application. We will train you on DefenderMX. Salary is commensurate with qualifications and location anywhere is the world is just fine, you just need a high speed Internet link. Hour are flexible and the working environment is great J. Reasonable English skill is required and an additional language would be useful but not necessary. Please send you qualifications and desired compensation level directly to hiring@fsl.com Thanks - -- Steve Swaney President Fort Systems Ltd. steve@fsl.com - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf 7sxp1o/rT/ptelv7aiTtLfs= =D4j/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Feb 8 17:37:22 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 16:41:55 2007 Subject: Out of Topic: IMAP In-Reply-To: <45CB4D7A.8030603@sendit.nodak.edu> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <45CB491D.706@usg.edu> <45CB4D7A.8030603@sendit.nodak.edu> Message-ID: Richard Frovarp spake the following on 2/8/2007 8:19 AM: > Bob Jones wrote: >> Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: >>> >>> We run IMAP and use mbx format. There are occasional issues when the >>> index is corrupted, but there are tools to fix it. Using mbx over >>> maildir prevents the system from having to read n files for the >>> required information, where n is the number of messages in the >>> folder. As you might expect n can grow to be quite large. >> >> While this may be true in UW-IMAP (not sure, never tried maildir with >> it), if you use something like dovecot that has an index cache of each >> mailbox, the system only has to read all those individual files once >> to create the cache. In fact, if you use the LDA that comes with >> dovecot, when the message is delivered it is added to the index >> automatically, so the filesystem never has to worry about reading all >> those individual files, just each one as the client accesses to >> actually read the mail. >> >> Also, even if you are using mbox format, I highly recommend dovecot as >> it blows the doors off of UW even with that format. >> >> Bob >> > > Quota handling seems to be a little odd in it. It says it doesn't play > well with file system quotas. The Maildir++ quota seems to be a bit more > difficult to work with than file system quotas. On first look, I don't > see any easy way to tell if a user is over quota or support for grace > periods. That is one negative. If a user goes over quota, they will get locked out with a cryptic and very terse message. The first time it happened to me, it took me hours to figure out what happened. Especially when the message from the quota daemon tries to go to an already over-quota user. Another thing I miss about UW-imap is its logging of box accesses and activity. You got a nice message on when a user got their mail, and even if they left it or cleared it. I can't find any equivalent in dovecot. It is handy when a user says they didn't get something, and you can see that they did, but either deleted it or have a bad rule in their MUA. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 8 17:41:25 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 16:55:08 2007 Subject: anybody know about vendaregroup.com? In-Reply-To: References: Message-ID: Jeff A. Earickson spake the following on 2/7/2007 5:58 PM: > Gang, > > I've noticed over the last couple of weeks that a lot of the outbound > email sitting in my delay queue (ie, the stuff that isn't moving) was > to be returned to vendaregroup.com. I started investigating. The > source addresses varied widely, but the common thread was that when I > did a dig on the domain name, the CNAME always pointed to them, eg: > > dig kingofjeans.com > ... > ;; ANSWER SECTION: > kingofjeans.com. 35815 IN CNAME dpweb.vendaregroup.com. > dpweb.vendaregroup.com. 713 IN A 72.5.175.90 > (etc) > > I googled on vendare and didn't really find much nefarious info on > them. They just seem to be squatting on lots of domain names. > > So... I then added the following to my sendmail access db file: > > vendaregroup.com "550 Domain does not exist." > > rebuilt my access.db file, and started watching the syslogs. > Whoohoo!! I am rejecting a fair amount of what is obviously spam > right at my MTA, stuff that gets noted as "may be forged" and the > like. > > Anybody else notice this? Anybody know anything more about > vendaregroup.com? > > Jeff Earickson > Colby College The only log entries I have for them are getting dropped by spamhaus. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bob.jones at usg.edu Thu Feb 8 18:20:55 2007 From: bob.jones at usg.edu (Bob Jones) Date: Thu Feb 8 17:25:06 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CB4111.2070205@sendit.nodak.edu> <45CB491D.706@usg.edu> <45CB4D7A.8030603@sendit.nodak.edu> Message-ID: <45CB5BF7.8060101@usg.edu> Thus spake Scott Silva, with impeccable timing on 2/8/2007 11:37 AM: > Richard Frovarp spake the following on 2/8/2007 8:19 AM: >> Bob Jones wrote: >>> Thus spake Richard Frovarp, with impeccable timing on 2/8/2007 10:26 AM: >>>> We run IMAP and use mbx format. There are occasional issues when the >>>> index is corrupted, but there are tools to fix it. Using mbx over >>>> maildir prevents the system from having to read n files for the >>>> required information, where n is the number of messages in the >>>> folder. As you might expect n can grow to be quite large. >>> While this may be true in UW-IMAP (not sure, never tried maildir with >>> it), if you use something like dovecot that has an index cache of each >>> mailbox, the system only has to read all those individual files once >>> to create the cache. In fact, if you use the LDA that comes with >>> dovecot, when the message is delivered it is added to the index >>> automatically, so the filesystem never has to worry about reading all >>> those individual files, just each one as the client accesses to >>> actually read the mail. >>> >>> Also, even if you are using mbox format, I highly recommend dovecot as >>> it blows the doors off of UW even with that format. >>> >>> Bob >>> >> Quota handling seems to be a little odd in it. It says it doesn't play >> well with file system quotas. The Maildir++ quota seems to be a bit more >> difficult to work with than file system quotas. On first look, I don't >> see any easy way to tell if a user is over quota or support for grace >> periods. > That is one negative. If a user goes over quota, they will get locked out with > a cryptic and very terse message. The first time it happened to me, it took me > hours to figure out what happened. Especially when the message from the quota > daemon tries to go to an already over-quota user. We don't have mail quotas here, so I've never had to worry about that, but I can see that as a negative. > Another thing I miss about UW-imap is its logging of box accesses and > activity. You got a nice message on when a user got their mail, and even if > they left it or cleared it. I can't find any equivalent in dovecot. It is > handy when a user says they didn't get something, and you can see that they > did, but either deleted it or have a bad rule in their MUA. Timo recently added (maybe via a plugin) an imap logging option that logs ever imap command a client issues. I don't remember it exactly, but it was within the past few weeks. Bob From sandrews at andrewscompanies.com Thu Feb 8 20:52:30 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Feb 8 19:56:29 2007 Subject: Hiring References: <45CB4F4D.8060304@ecs.soton.ac.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> Qualifications... On mailscanner list....check! Contributed to mailscanner list....check! Contribution was more than "me too"....check! I fall down on the reasonable english skills though; public school and all. ;) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 08, 2007 11:27 AM To: MailScanner discussion Subject: OT: Hiring -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We need to hire some additional part time staff who can help with support for MailScanner, MailScanner related applications, MTAs and our DefenderMX application. We will train you on DefenderMX. Salary is commensurate with qualifications and location anywhere is the world is just fine, you just need a high speed Internet link. Hour are flexible and the working environment is great J. Reasonable English skill is required and an additional language would be useful but not necessary. Please send you qualifications and desired compensation level directly to hiring@fsl.com Thanks - -- Steve Swaney President Fort Systems Ltd. steve@fsl.com - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf 7sxp1o/rT/ptelv7aiTtLfs= =D4j/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Phil.Udel at SalemCorp.com Thu Feb 8 21:43:22 2007 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Thu Feb 8 20:47:33 2007 Subject: Hiring In-Reply-To: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> Message-ID: <200702082043.l18KhM0q022266@mail.salemcorp.com> Me To :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of sandrews@andrewscompanies.com Sent: Thursday, February 08, 2007 2:53 PM To: mailscanner@lists.mailscanner.info Subject: RE: Hiring Qualifications... On mailscanner list....check! Contributed to mailscanner list....check! Contribution was more than "me too"....check! I fall down on the reasonable english skills though; public school and all. ;) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 08, 2007 11:27 AM To: MailScanner discussion Subject: OT: Hiring -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We need to hire some additional part time staff who can help with support for MailScanner, MailScanner related applications, MTAs and our DefenderMX application. We will train you on DefenderMX. Salary is commensurate with qualifications and location anywhere is the world is just fine, you just need a high speed Internet link. Hour are flexible and the working environment is great J. Reasonable English skill is required and an additional language would be useful but not necessary. Please send you qualifications and desired compensation level directly to hiring@fsl.com Thanks - -- Steve Swaney President Fort Systems Ltd. steve@fsl.com - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf 7sxp1o/rT/ptelv7aiTtLfs= =D4j/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Thu Feb 8 21:51:21 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 20:56:18 2007 Subject: Hiring In-Reply-To: <200702082043.l18KhM0q022266@mail.salemcorp.com> References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> Message-ID: Phil Udel spake the following on 2/8/2007 12:43 PM: > Me To :) > I already have 3 jobs to support my drinking and carousing with wild women! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dyioulos at firstbhph.com Thu Feb 8 21:56:41 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Feb 8 21:00:53 2007 Subject: Hiring In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> Message-ID: <200702081556.42435.dyioulos@firstbhph.com> On Thursday 08 February 2007 3:51 pm, Scott Silva wrote: > Phil Udel spake the following on 2/8/2007 12:43 PM: > > Me To :) > > I already have 3 jobs to support my drinking and carousing with wild women! > You work 3 jobs and have time to drink and carouse with wild women? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sailer at bnl.gov Thu Feb 8 22:02:59 2007 From: sailer at bnl.gov (Tim Sailer) Date: Thu Feb 8 21:07:08 2007 Subject: Hiring In-Reply-To: <200702081556.42435.dyioulos@firstbhph.com> References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> <200702081556.42435.dyioulos@firstbhph.com> Message-ID: <20070208210259.GA28108@bnl.gov> On Thu, Feb 08, 2007 at 03:56:41PM -0500, Dimitri Yioulos wrote: > On Thursday 08 February 2007 3:51 pm, Scott Silva wrote: > > Phil Udel spake the following on 2/8/2007 12:43 PM: > > > Me To :) > > > > I already have 3 jobs to support my drinking and carousing with wild women! > > > > You work 3 jobs and have time to drink and carouse with wild women? Maybe those *are* his jobs! Tim From am.lists at gmail.com Thu Feb 8 22:24:19 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 8 21:28:18 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages Message-ID: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> I use MS/PF/PG as a gateway. I'm not sure if this is the right place to ask this question, but I had a slew of messages not arriving today for a period of a few hours. It's still too early to tell if they were rejected permanently or just deferred and I should see them arriving later. My config is as per the subject line... My /etc/resolf.conf contains three DNS servers: for discussion, they are nameserver 1.1.5.5 nameserver 2.2.6.6 nameserver 2.2.7.7 (e.g. at least two of them are on separate networks...) In the above example, server 1.1.5.5 went offline (crashed). With only the first DNS server down, why did the appropriate piece (again, not sure which application is responsible for managing DNS lookups on domains) did not failover to the next nameserver on the list? If you guys redirect me to another list, I'll understand, but I'd be very surprised if I'm the first one to see this problem. Best, Angelo From doc at maddoc.net Thu Feb 8 22:33:41 2007 From: doc at maddoc.net (Doc Schneider) Date: Thu Feb 8 21:37:46 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages In-Reply-To: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> References: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> Message-ID: <45CB9735.7060309@maddoc.net> am.lists wrote: > I use MS/PF/PG as a gateway. > > I'm not sure if this is the right place to ask this question, but I > had a slew of messages not arriving today for a period of a few hours. > It's still too early to tell if they were rejected permanently or just > deferred and I should see them arriving later. > > My config is as per the subject line... > > My /etc/resolf.conf contains three DNS servers: > > for discussion, they are > > nameserver 1.1.5.5 > nameserver 2.2.6.6 > nameserver 2.2.7.7 > > (e.g. at least two of them are on separate networks...) > > In the above example, server 1.1.5.5 went offline (crashed). > > With only the first DNS server down, why did the appropriate piece > (again, not sure which application is responsible for managing DNS > lookups on domains) did not failover to the next nameserver on the > list? > > If you guys redirect me to another list, I'll understand, but I'd be > very surprised if I'm the first one to see this problem. > > Best, > Angelo I'd recommend moving that 1.1.5.5 to the end of that file and let the secondary pick up the slack. While most DNS lookups should fall to the next server I've seen it happen that the first one is the only one that is ever tried. I seem to recall this was something to do with one of the perl DNS package (though I could be mistaken). Anyway that's what I'd do. 8*) -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From amoore at dekalbmemorial.com Thu Feb 8 22:48:01 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Feb 8 21:52:02 2007 Subject: Feature request for when using the ClamAV Module Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F344E5@exch1.dekalbmemorial.local> Julian, Could you add an entry where we can list anti-virus messages to ignore with the ClamAV module like you have for Sophos? It's marks encrypted zip files as viruses, which prevents releasing them easily from MailWatch. I'd be more than happy to test a release with that feature. Thanks. Aaron -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070208/eaf4d939/attachment.html From glenn.steen at gmail.com Thu Feb 8 22:48:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 8 21:52:51 2007 Subject: Hiring In-Reply-To: <20070208210259.GA28108@bnl.gov> References: <1964AAFBC212F742958F9275BF63DBB042A061@winchester.andrewscompanies.com> <200702082043.l18KhM0q022266@mail.salemcorp.com> <200702081556.42435.dyioulos@firstbhph.com> <20070208210259.GA28108@bnl.gov> Message-ID: <223f97700702081348x548df81je139407b753fd3fc@mail.gmail.com> On 08/02/07, Tim Sailer wrote: > On Thu, Feb 08, 2007 at 03:56:41PM -0500, Dimitri Yioulos wrote: > > On Thursday 08 February 2007 3:51 pm, Scott Silva wrote: > > > Phil Udel spake the following on 2/8/2007 12:43 PM: > > > > Me To :) > > > > > > I already have 3 jobs to support my drinking and carousing with wild women! > > > > > > > You work 3 jobs and have time to drink and carouse with wild women? > > Maybe those *are* his jobs! > Nah, that'd not be it.... Scott just _dreams_ about carousing and women while drinking on the job(s).....I guess....:-D Myself I'd probably have to claim the same as Steve Andrews.... me being swedish and all:-). These days though.... the offer is tempting, os so very tempting... Question is if they could afford me:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From christian at columbiafuels.com Thu Feb 8 23:28:09 2007 From: christian at columbiafuels.com (Christian Rasmussen) Date: Thu Feb 8 22:32:12 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages In-Reply-To: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> References: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> Message-ID: <2023D81BC0235143A46589958FF543F502F5DC82@bigbird.columbiafuels.com> You can set the timeout to whatever you want (man resolv.conf). Some programs don't want to wait the 5 seconds (I think that's the default) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of am.lists Sent: Thursday, February 08, 2007 1:24 PM To: MailScanner discussion Subject: MailScanner w/Postfix and Postgrey Question on rejected messages I use MS/PF/PG as a gateway. I'm not sure if this is the right place to ask this question, but I had a slew of messages not arriving today for a period of a few hours. It's still too early to tell if they were rejected permanently or just deferred and I should see them arriving later. My config is as per the subject line... My /etc/resolf.conf contains three DNS servers: for discussion, they are nameserver 1.1.5.5 nameserver 2.2.6.6 nameserver 2.2.7.7 (e.g. at least two of them are on separate networks...) In the above example, server 1.1.5.5 went offline (crashed). With only the first DNS server down, why did the appropriate piece (again, not sure which application is responsible for managing DNS lookups on domains) did not failover to the next nameserver on the list? If you guys redirect me to another list, I'll understand, but I'd be very surprised if I'm the first one to see this problem. Best, Angelo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Thu Feb 8 23:31:47 2007 From: res at ausics.net (Res) Date: Thu Feb 8 22:35:49 2007 Subject: Out of Topic: IMAP In-Reply-To: <020c01c74b7f$5692f5b0$0600a8c0@roger> References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: On Thu, 8 Feb 2007, Roger Jochem wrote: > Since almost everyone here nows a lot about e-mail, server configuration, and > that kind of stuff, I was wondering: how many of you use IMAP instead of POP3 > for mail access? > We use imap on localhost only for webmail, remote users don't have access to it and use pop3. On other servers that use maildir format, no imap, they use sqwebmail and pop3 which serves very well. A downside to imap is the constant login-do_request-logout so you'd need some sort of proxy on heavy use servers or your log spool will be full in a day :) If I have to build more? It would be pop3. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From waytotheweb at googlemail.com Thu Feb 8 23:32:26 2007 From: waytotheweb at googlemail.com (Sarah Trayser) Date: Thu Feb 8 22:36:25 2007 Subject: MailScanner ANNOUNCE: Stable version 4.58.9 released In-Reply-To: <45C2098A.3070200@ecs.soton.ac.uk> References: <45C2098A.3070200@ecs.soton.ac.uk> Message-ID: On 01/02/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest stable version of MailScanner, 4.58.9. > > It is available for download directly from > www.mailscanner.info > as usual. > > The major changes for this release are: > > - -- Added a new configuration setting to control whether senders are > notified about attachments are too big or too small. > - -- When using the Custom Function plugin system, you can now calculate a > ruleset from within your Custom Function. Very useful for large sites. > - -- Improvements to the accuracy of the SpamAssassin cache results. > - -- Startup scripts now make SpamAssassin run out of memory-based > temporary files where possible, to improve speed. > - -- Messages placed in multiple outgoing queues are now delivered > immediately. > - -- Fixed problems with a few users seeing extra "disarmed" or "fraud" > tags appearing incorrectly. > > Best regards, > > Jules > The change to force SpamAssassin to run out of memory-based files has broken MailScanner on VPS systems using clamavmodule. The check_mailscanner script checks for the existence of /dev/shm, which is there on a VPS but there is no actual mount point for the tmpfs file system, and since you can't create files in /dev/, MailScanner fails to start with a bogus error message of "ClamAV Module ERROR:: Could not load databases from /usr/local/share/clamav". -- Regards, Sarah Trayser Way to the Web Ltd Server Management Services: http://www.configserver.com Web Hosting: http://www.waytotheweb.com From res at ausics.net Thu Feb 8 23:38:19 2007 From: res at ausics.net (Res) Date: Thu Feb 8 22:42:37 2007 Subject: Out of Topic: IMAP In-Reply-To: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> References: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Message-ID: On Thu, 8 Feb 2007, Martin.Hepworth wrote: > Also means you can start sharing info better with shared folders than > just every modern imap server does - may I recommend Dovecot. The problem with dovecot is, theres a new rc fixing bugs every second week, in fact recently 2 in one day, its up to what rc20 now? That's scarey, on the mbox machines I recently removed the last dovecot server and went back to UW's imap (pop3 on those boxes use popa3d), sure UW imapd might be a microsecond slower, but its *stable* and very reliable. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From nerijusb at dtiltas.lt Thu Feb 8 23:58:43 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu Feb 8 23:04:01 2007 Subject: rejecting emails by country origin In-Reply-To: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> Message-ID: <20070208230001.51C9CFF09@mx-a.vdnet.lt> On Thu, 8 Feb 2007 17:17:23 +0800 Jose Nathaniel Nengasca wrote: > Thanks for that info Res. Anyway is there plugins that I could use that > blocks certain country domains and/or geographical origin based on ip > address of the sender? This might be OT, but milter-greylist (cvs version or the next development version) supports it (it uses GeoIP for this). Regards, Nerijus From ssilva at sgvwater.com Thu Feb 8 23:57:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 23:05:30 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Message-ID: Res spake the following on 2/8/2007 2:38 PM: > On Thu, 8 Feb 2007, Martin.Hepworth wrote: > >> Also means you can start sharing info better with shared folders than >> just every modern imap server does - may I recommend Dovecot. > > The problem with dovecot is, theres a new rc fixing bugs every second > week, in fact recently 2 in one day, its up to what rc20 now? > > That's scarey, on the mbox machines I recently removed the last dovecot > server and went back to UW's imap (pop3 on those boxes use popa3d), sure > UW imapd might be a microsecond slower, but its *stable* and very reliable. > > That's why I am still using the patched .99 version included with CentOS 4 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From am.lists at gmail.com Fri Feb 9 00:19:58 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 8 23:24:02 2007 Subject: Scanning for Spam Message-ID: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> We've all seen the "investor alert" messages. Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning is picking them all up is very effective. But now, I'm seeing the plain text ones coming in. I know, I'm getting pretty greedy to expect a 100% effectiveness rate of my spam filtering, but it seems it should be possible to stop this stuff. My question for the list.... What is the consensus method for rolling these to a halt? -- Are you tweaking existing rules that center on dial-up lists, bogus helo, invalid reverse dns? -- Are you using MCP for words like "investor" and other keywords? I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr (with all [or most] of its plugin/helper apps). Thanks in advance. Angelo From rabollinger at gmail.com Fri Feb 9 00:29:02 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Thu Feb 8 23:33:01 2007 Subject: Fwd: Message never gets out of mqueue.in In-Reply-To: <7744a2840702081527j152cb84bm256679a74d52f63e@mail.gmail.com> References: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> <7744a2840702071505q6f1b93fdg7baedf54a6a91f8a@mail.gmail.com> <7744a2840702081527j152cb84bm256679a74d52f63e@mail.gmail.com> Message-ID: <7744a2840702081529h3c855e4djae14d9bf0b4b3fe7@mail.gmail.com> ---------- Forwarded message ---------- From: Richard Bollinger Date: Feb 8, 2007 6:27 PM Subject: Fwd: Message never gets out of mqueue.in To: "Martin. Hepworth" Cc: MAILSCANNER@jiscmail.ac.uk Not sure if you caught my reply.... any further thoughts based on my test results? ---------- Forwarded message ---------- From: Richard Bollinger Date: Feb 7, 2007 6:05 PM Subject: Re: Message never gets out of mqueue.in To: MailScanner discussion On 2/7/07, Martin.Hepworth wrote: > Richard > > Bother I hate doing this.. > > > When you upgraded did you force the locktype in MailScanner.conf. recent > MailScanner versions assume sendmail is 8.13+ and posix locktype rather > than older versions with assume sendmail is 8.12 or previous and flock > locktype. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > We're running sendmail-8.13.8 MailScanner.conf has this line in it: Lock Type = Here's the output of the -debug run: /root@rb-ls1:/u/tmp/looping# /opt/bin/MailScanner -debug In Debugging mode, not forking... [28597] warn: FuzzyOcr: Cannot find executable for ocrad Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 820 read-open /var/spool/MailScanner/incoming/28597/l17Bo8oL007167/LOS_pdf: No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm line 435. My first guess would be that the problem may be related to foreign language attachment names and the TNEF decoders.... this email was from an partner in India. Thanks, Rich B From ssilva at sgvwater.com Fri Feb 9 00:39:04 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 8 23:43:30 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: am.lists spake the following on 2/8/2007 3:19 PM: > We've all seen the "investor alert" messages. > > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning > is picking them all up is very effective. > > But now, I'm seeing the plain text ones coming in. I know, I'm getting > pretty greedy to expect a 100% effectiveness rate of my spam > filtering, but it seems it should be possible to stop this stuff. > > My question for the list.... > > What is the consensus method for rolling these to a halt? > > -- Are you tweaking existing rules that center on dial-up lists, bogus > helo, invalid reverse dns? > -- Are you using MCP for words like "investor" and other keywords? > > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr > (with all [or most] of its plugin/helper apps). > > Thanks in advance. > > > Angelo With good rules and the digests you have enabled, you should be catching most of them. You might get a few at first until the they get reported to the digests. The only other thing you could do is use a good blacklist or two at the MTA. I think you would be closer to unreasonable to expect 100% spam blocking, but there is one way. Reach behind the server and unplug the network cable. That is probably the only way to reach 100%, although you should easily be able to get into the low to mid 90's. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Fri Feb 9 00:41:16 2007 From: res at ausics.net (Res) Date: Thu Feb 8 23:45:32 2007 Subject: rejecting emails by country origin In-Reply-To: <20070208230001.51C9CFF09@mx-a.vdnet.lt> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> <20070208230001.51C9CFF09@mx-a.vdnet.lt> Message-ID: On Fri, 9 Feb 2007, Nerijus Baliunas wrote: > This might be OT, but milter-greylist (cvs version or the next development version) > supports it (it uses GeoIP for this). GeoIP is dangerous, it's so often been so very very wrong - use this with extreme care -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Fri Feb 9 00:45:39 2007 From: res at ausics.net (Res) Date: Thu Feb 8 23:49:43 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <516aaa21eae73b44b88ffa0c00e67b94@solidstatelogic.com> Message-ID: On Thu, 8 Feb 2007, Scott Silva wrote: > Res spake the following on 2/8/2007 2:38 PM: >> On Thu, 8 Feb 2007, Martin.Hepworth wrote: >> >>> Also means you can start sharing info better with shared folders than >>> just every modern imap server does - may I recommend Dovecot. >> >> The problem with dovecot is, theres a new rc fixing bugs every second >> week, in fact recently 2 in one day, its up to what rc20 now? >> >> That's scarey, on the mbox machines I recently removed the last dovecot >> server and went back to UW's imap (pop3 on those boxes use popa3d), sure >> UW imapd might be a microsecond slower, but its *stable* and very reliable. >> >> > That's why I am still using the patched .99 version included with CentOS 4 Still a worry though :) You have to make sure its always patched.. On the hosting boxes I dont have to worry about it, they use maildir with vpopmail, never ever misses a beat, amazing since its NFS based. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From dimavo at gmail.com Fri Feb 9 01:16:27 2007 From: dimavo at gmail.com (Dimitri Volski) Date: Fri Feb 9 00:20:25 2007 Subject: X-Relay-Countries Message-ID: <574ff8c30702081616l7e634f61wc7c437b2841c2081@mail.gmail.com> Hi Martin, Thanks for your reply. No that wasn't me, I only ran into this problem yesterday, trying to implement some more spam blocking. I understand that MailScanner does not put any SpamAssassin headers - I was actually looking at the SA log when I ran SA manually on the source of the spam message. Both snips of log below belong to the same log produced by SA. I understand that SA produces a Pseudo Header for X-Relay-Countries, which, even if you ran SA without MailScanner will still not be displayed. What I was loooking for though is the indication that it picked up the country of origin based on the rules that I created with SA. Thanks for your help, dim Date: Thu, 08 Feb 2007 09:38:04 +0000 From: "Martin.Hepworth" Subject: RE: {Disarmed} X-Relay-Countries To: "MailScanner discussion" Message-ID: Content-Type: text/plain; charset="us-ascii" Dimitri Some on the IRC channel was having a similar problem a couple of days ago - you?? MailScanner will NOT insert SA headers into the email It will put the info in the MailScanner-SpamScore header if you tell to be verbose. Given running SA on its own doesn't insert info either I suggest you lint check the SA config and fix any issues first.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dimitri Volski > Sent: 08 February 2007 09:10 > To: mailscanner@lists.mailscanner.info > Subject: {Disarmed} X-Relay-Countries > > Hi All, > > I am having troubles getting the SpamAssassin scores based on Relay > Countries. > > A snip of the log: > > debug: received-header: relay MailScanner warning: numerical links are > often malicious: 84.56.164.42 trusted? no internal? > no > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: [ ip=MailScanner warning: > numerical links are often malicious: 84.56.164.42 > rdns=dslb-084-056-164-042.pools.arcor-ip.net helo=callaria.com > by=mx.google.com ident= envfrom= intl=0 > id=p4si1743305qba.2007.02.05.02.02.53 auth= ] > debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x931059c) > implements 'extract_metadata' > debug: metadata: X-Relay-Countries: DE > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x99dd4c8) > implements 'parsed_metadata' > > Here I can see that the country is detected as Denmark, but when I insert > > header RELAY_DE X-Relay-Countries =~/\bDE\b/ > describe RELAY_DE Relayed through Germany > score RELAY_DE 1.0 > > into /etc/MailScanner/spam.assassin.prefs.conf , I cannot see it in > theSpamAssassin report (if run manually on source of the message above) or > the MailScanner report. > > If run manually, SpamAssassin gives this header in the end: > > X-Spam-Flag: NO > X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-11-28) on exmail > X-Spam-Level: **** > X-Spam-Status: No, score=4.4 required= 5.0 > tests=FORGED_RCVD_HELO,RCVD_BY_IP, > RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no > version=3.0.5 > > In which I cannot see the RELAY_DE > > Please help ! :) > > Cheers, > dim > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070209/37645ac5/attachment.html From am.lists at gmail.com Fri Feb 9 03:07:04 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 02:11:03 2007 Subject: MailScanner w/Postfix and Postgrey Question on rejected messages In-Reply-To: <45CB9735.7060309@maddoc.net> References: <25a66d840702081324w5d3ef950h2b8965a8a8801fca@mail.gmail.com> <45CB9735.7060309@maddoc.net> Message-ID: <25a66d840702081807o863e5cag5a1226a56ded6d30@mail.gmail.com> Unfortunately, the 1.1.5.5 is a NS cache that I can control, while the 2.2.6.6 and 2.2.7.7 are the ones provided by my co-lo facility. They are also the ones that seem less reliable (shrug)... Now, I know the difference between authoritative and cache dns servers, and these are all caches that I point to, but my co-lo owns the reverse lookup on their authoritative servers. My inbound SMTP usually is able to successfully reverse-lookup my gateway's IP, but I've seen historically a time in the 5am hour where the SMTP is getting "received from unknown" where it should be saying "received from mail-gw" -- I know, it's not the "correct" answer, but it's at least my reasoning. I thought about turning on nscd. But I await feedback from those that might see this first and either warn or praise the idea. Angelo On 2/8/07, Doc Schneider wrote: > am.lists wrote: > > I use MS/PF/PG as a gateway. > > > > I'm not sure if this is the right place to ask this question, but I > > had a slew of messages not arriving today for a period of a few hours. > > It's still too early to tell if they were rejected permanently or just > > deferred and I should see them arriving later. > > > > My config is as per the subject line... > > > > My /etc/resolf.conf contains three DNS servers: > > > > for discussion, they are > > > > nameserver 1.1.5.5 > > nameserver 2.2.6.6 > > nameserver 2.2.7.7 > > > > (e.g. at least two of them are on separate networks...) > > > > In the above example, server 1.1.5.5 went offline (crashed). > > > > With only the first DNS server down, why did the appropriate piece > > (again, not sure which application is responsible for managing DNS > > lookups on domains) did not failover to the next nameserver on the > > list? > > > > If you guys redirect me to another list, I'll understand, but I'd be > > very surprised if I'm the first one to see this problem. > > > > Best, > > Angelo > > I'd recommend moving that 1.1.5.5 to the end of that file and let the > secondary pick up the slack. While most DNS lookups should fall to the > next server I've seen it happen that the first one is the only one that > is ever tried. I seem to recall this was something to do with one of the > perl DNS package (though I could be mistaken). Anyway that's what I'd > do. 8*) > > -- > -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From am.lists at gmail.com Fri Feb 9 03:11:29 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 02:15:29 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> Scott- I agree with you, but if I'm scoring one of those at (let's say for example) a 2.4 when I'm requiring 4.0, I'm passing this as good mail. I'm also assuming that this same message is getting through most others' too (at least those running with the same un-touched rules as me). So how would this get learned as spam? Also, these messages have a way of loading the junk portion up front, followed by a couple of line feeds, then some "harmless" filler below. Probably to make the scoring acceptable to have investor in there if it's only mentioned in one out of 500 words, versus one out of 40 words. Any ideas on how to take this into account? e.g. Formulate a rule that if any of these high-profile words are caught in the first 50 words of the message, be twice as prejudicial towards them? Angelo On 2/8/07, Scott Silva wrote: > am.lists spake the following on 2/8/2007 3:19 PM: > > We've all seen the "investor alert" messages. > > > > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning > > is picking them all up is very effective. > > > > But now, I'm seeing the plain text ones coming in. I know, I'm getting > > pretty greedy to expect a 100% effectiveness rate of my spam > > filtering, but it seems it should be possible to stop this stuff. > > > > My question for the list.... > > > > What is the consensus method for rolling these to a halt? > > > > -- Are you tweaking existing rules that center on dial-up lists, bogus > > helo, invalid reverse dns? > > -- Are you using MCP for words like "investor" and other keywords? > > > > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr > > (with all [or most] of its plugin/helper apps). > > > > Thanks in advance. > > > > > > Angelo > With good rules and the digests you have enabled, you should be catching most > of them. You might get a few at first until the they get reported to the > digests. The only other thing you could do is use a good blacklist or two at > the MTA. > I think you would be closer to unreasonable to expect 100% spam blocking, but > there is one way. Reach behind the server and unplug the network cable. That > is probably the only way to reach 100%, although you should easily be able to > get into the low to mid 90's. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From am.lists at gmail.com Fri Feb 9 04:16:15 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 03:20:17 2007 Subject: rejecting emails by country origin In-Reply-To: References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> <20070208230001.51C9CFF09@mx-a.vdnet.lt> Message-ID: <25a66d840702081916i35072d16l6cce41efe8964164@mail.gmail.com> I'd like to share a brief encounter with the dark side of GeoIP. I had a host at a facility where we had so many IP addresses in so many different blocks, some of them would occasionally return a "RIPE - Corrupt Country Data" error when we were reverse-lookup'ed as mail senders. And as it was the case for us, corrupt country data may as well have listed us as being in Nigeria or North Korea in terms of how we scored. (If I had written this, I would treat corrupt as a lookup error, not negatively score it, but then I didn't write it.) Turns out that our provider would go to ARIN and tag our block as "reassigned" and show us as the true owner of the IP block. Not that that's a bad thing, but whatever tool the mail server software on the remote side was using to query our IP would get that "reassigned" bit of information about our IP and would choke on that response. We took this up with our provider, and learned that anytime they assigned a block larger than 5 IPs to a customer they were compelled to register the actual owner of that block with ARIN. (I'm not sure if that was the hosting company's policy or ARIN's.) We had several blocks, some contiguous (which were registered as 'reassigned') and some that were in small blocks of non-contiguous ranges. Our solution was to move the mail server over to a block of IPs that was not listed as reassigned, and that took care of the problem for us. I'm not proclaiming tthat all GeoIP lookup services [mis]behave this way, but you may run into this if you're on a 'reassigned' block of IP space. Angelo On 2/8/07, Res wrote: > On Fri, 9 Feb 2007, Nerijus Baliunas wrote: > > > This might be OT, but milter-greylist (cvs version or the next development version) > > supports it (it uses GeoIP for this). > > GeoIP is dangerous, it's so often been so very very wrong - use this with > extreme care > > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From res at ausics.net Fri Feb 9 05:23:22 2007 From: res at ausics.net (Res) Date: Fri Feb 9 04:27:27 2007 Subject: rejecting emails by country origin In-Reply-To: <25a66d840702081916i35072d16l6cce41efe8964164@mail.gmail.com> References: <001e01c74b61$f6d7b0b0$3d64a8c0@NATS> <20070208230001.51C9CFF09@mx-a.vdnet.lt> <25a66d840702081916i35072d16l6cce41efe8964164@mail.gmail.com> Message-ID: On Thu, 8 Feb 2007, am.lists wrote: > I'd like to share a brief encounter with the dark side of GeoIP. I had > a host at a facility where we had so many IP addresses in so many > different blocks, some of them would occasionally return a "RIPE - > Corrupt Country Data" error when we were reverse-lookup'ed as mail Thats pretty typical, it thinks one of our ranges is in India, nothing wrong with that, apart from the fact it's only about 25,000 or so miles away :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From a.peacock at chime.ucl.ac.uk Fri Feb 9 09:46:53 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 08:51:05 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> Message-ID: <45CC34FD.2060904@chime.ucl.ac.uk> Hi, am.lists wrote: > Scott- I agree with you, but if I'm scoring one of those at (let's say > for example) a 2.4 when I'm requiring 4.0, I'm passing this as good > mail. I'm also assuming that this same message is getting through most > others' too (at least those running with the same un-touched rules as > me). So how would this get learned as spam? > > Also, these messages have a way of loading the junk portion up front, > followed by a couple of line feeds, then some "harmless" filler below. > Probably to make the scoring acceptable to have investor in there if > it's only mentioned in one out of 500 words, versus one out of 40 > words. Any ideas on how to take this into account? e.g. Formulate a > rule that if any of these high-profile words are caught in the first > 50 words of the message, be twice as prejudicial towards them? Put an example of these emails somewhere where the list users can find it (web page) with full headers, and I am sure people will tell you what scores the get and which rules hit. Out of interest I currently catch 99.5% of my spam. > > Angelo > > On 2/8/07, Scott Silva wrote: >> am.lists spake the following on 2/8/2007 3:19 PM: >> > We've all seen the "investor alert" messages. >> > >> > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning >> > is picking them all up is very effective. >> > >> > But now, I'm seeing the plain text ones coming in. I know, I'm getting >> > pretty greedy to expect a 100% effectiveness rate of my spam >> > filtering, but it seems it should be possible to stop this stuff. >> > >> > My question for the list.... >> > >> > What is the consensus method for rolling these to a halt? >> > >> > -- Are you tweaking existing rules that center on dial-up lists, bogus >> > helo, invalid reverse dns? >> > -- Are you using MCP for words like "investor" and other keywords? >> > >> > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr >> > (with all [or most] of its plugin/helper apps). >> > >> > Thanks in advance. >> > >> > >> > Angelo >> With good rules and the digests you have enabled, you should be >> catching most >> of them. You might get a few at first until the they get reported to the >> digests. The only other thing you could do is use a good blacklist or >> two at >> the MTA. >> I think you would be closer to unreasonable to expect 100% spam >> blocking, but >> there is one way. Reach behind the server and unplug the network >> cable. That >> is probably the only way to reach 100%, although you should easily be >> able to >> get into the low to mid 90's. >> >> -- >> >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From jan-peter at koopmann.eu Fri Feb 9 10:01:41 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Feb 9 09:04:55 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: On Wednesday, February 07, 2007 4:55 PM Charles Lacroix wrote: > I can upgrade to latest as no one yellled any major bugs. But i > haven't seen anything about this in the fixes. Let me install the latest version myself and see how it behaves. However my productive system is 5.5 stable... Kind regards, JP From jan-peter at koopmann.eu Fri Feb 9 10:35:01 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Feb 9 09:38:16 2007 Subject: MailScanner Pid file FreeBSD In-Reply-To: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> Message-ID: On Wednesday, February 07, 2007 4:55 PM Charles Lacroix wrote: > i run freebsd 6.1 and once in a while like every day, i end up > getting the string MailScanner in my /var/run/MailScanner.pid file. > > I got my pid file setup in MailScanner.conf PID file = > /var/run/MailScanner.pid > > version 4.57.6 Just upgraded to 4.58.9 and cannot reproduce the problem (yet). /var/run/MailScanner.pid contains the pid of the parent process. From martinh at solidstatelogic.com Fri Feb 9 10:47:18 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Feb 9 09:51:26 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: Angelo What 'extra' rules have you in /etc/mail/spamassassin. Ones from www.rulesemporium.com/rules.html and www.rulesemporium.com/other-rules.htm ? Are you running DCC/razor2? Have you got SA version 3.1.7 AND run sa-update recently? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of am.lists > Sent: 08 February 2007 23:20 > To: MailScanner discussion > Subject: Scanning for Spam > > We've all seen the "investor alert" messages. > > Thanks to Fuzzy OCR, I'm not getting them any more. The OCR scanning > is picking them all up is very effective. > > But now, I'm seeing the plain text ones coming in. I know, I'm getting > pretty greedy to expect a 100% effectiveness rate of my spam > filtering, but it seems it should be possible to stop this stuff. > > My question for the list.... > > What is the consensus method for rolling these to a halt? > > -- Are you tweaking existing rules that center on dial-up lists, bogus > helo, invalid reverse dns? > -- Are you using MCP for words like "investor" and other keywords? > > I'm currently using pyzor, razor, dcc, rules du jour, and fuzzy ocr > (with all [or most] of its plugin/helper apps). > > Thanks in advance. > > > Angelo > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jan-peter at koopmann.eu Fri Feb 9 13:52:40 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Feb 9 12:55:54 2007 Subject: condition virus and SA Score>6? Message-ID: Hi, I want to not deliver mails if a virus is detected and the SA score is above 6 (but lower than high scoring spam). Any quick idea of how to achieve this? If SA score is below the threashold the virus should be disarmed and the mail still delivered with virus warning. Regards, JP From maillists at conactive.com Fri Feb 9 14:43:45 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Feb 9 13:47:49 2007 Subject: Allowing password-protected archives Message-ID: Hi everything, long time no talk :-) I find that I have a problem with Allowing password-protected archives = no It seems that the version I use doesn't do anything with them if "no" is set. Mailwatch shows "deliver, header, "X-Spam-Status:, No"" as actions, but what actually happens is that the mail doesn't reach the mailbox. And it doesn't get put in the quarantine. And no notify either. So, it just "vanishes". This is version 4.54.6 I assume this behavior depends on: Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no I think All-Viruses should *not* contain Zip-Password because there's no guarantee it's a virus. If you want it to be a silent virus then use: Silent Viruses = HTML-IFrame All-Viruses Zip-Password And if it's not in that list then the password-protected archive should be quarantined and the recipient notified, so he can release it if he wants. I checked here http://www.mailscanner.info/MailScanner.conf.index.html and it doesn't seem there was a change in any recent version, so I would like to propose this change. Unless there is some other way to cater for this. Allowing password-protected archives = yes is obviously not the solution since it then sends all protected archives right thru. And a ruleset is not very adaptive. I would have to add any sender or recipient and then they would still get all protected archives right thru no matter if expected or not. Thanks, Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dhawal at netmagicsolutions.com Fri Feb 9 14:48:04 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 9 13:52:19 2007 Subject: condition virus and SA Score>6? In-Reply-To: References: Message-ID: <45CC7B94.5060904@netmagicsolutions.com> Koopmann, Jan-Peter wrote: > Hi, > > I want to not deliver mails if a virus is detected and the SA score is above 6 (but lower than high scoring spam). Any quick idea of how to achieve this? > > If SA score is below the threashold the virus should be disarmed and the mail still delivered with virus warning. Try using a ruleset for 'Spam Actions'.. Spam Actions = %rules-dir%/spam.action.rules Virus: default store/delete/whatever FromOrTo: default deliver The other option is to use newer MS releases, which have this feature "New example Custom Function to show how to evaluate a ruleset from within a Custom Function." Maybe you could try this.. - dhawal From dhawal at netmagicsolutions.com Fri Feb 9 14:55:33 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 9 13:59:36 2007 Subject: condition virus and SA Score>6? In-Reply-To: <45CC7B94.5060904@netmagicsolutions.com> References: <45CC7B94.5060904@netmagicsolutions.com> Message-ID: <45CC7D55.4080004@netmagicsolutions.com> Dhawal Doshy wrote: > Koopmann, Jan-Peter wrote: >> Hi, >> >> I want to not deliver mails if a virus is detected and the SA score is >> above 6 (but lower than high scoring spam). Any quick idea of how to >> achieve this? >> >> If SA score is below the threashold the virus should be disarmed and >> the mail still delivered with virus warning. > > Try using a ruleset for 'Spam Actions'.. > Spam Actions = %rules-dir%/spam.action.rules > > Virus: default store/delete/whatever > FromOrTo: default deliver However this will deliver the virus without disinfecting (if this idea ever works in the first place). methinks you also ought to change to 'Deliver Disinfected Files = yes' and 'Deliver Cleaned Messages = yes' - dhawal (replying to myself.. confirmed postfix user) From maillists at conactive.com Fri Feb 9 15:36:54 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Feb 9 14:40:57 2007 Subject: Allowing password-protected archives In-Reply-To: References: Message-ID: Kai Schaetzl wrote on Fri, 09 Feb 2007 14:43:45 +0100: > Hi everything, *one*, of course ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From am.lists at gmail.com Fri Feb 9 16:07:11 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 15:11:14 2007 Subject: Scanning for Spam In-Reply-To: <45CC34FD.2060904@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> Message-ID: <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> On 2/9/07, Anthony Peacock wrote: > Put an example of these emails somewhere where the list users can find > it (web page) with full headers, and I am sure people will tell you what > scores the get and which rules hit. Anthony: I will leave this up for a while for discussion: http://mailgw.evokeemail.com/q/20070208.htm From am.lists at gmail.com Fri Feb 9 16:10:42 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 15:14:44 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> Message-ID: <25a66d840702090710n46062347ne78d45dcbcf7f712@mail.gmail.com> On 2/9/07, Martin.Hepworth wrote: > What 'extra' rules have you in /etc/mail/spamassassin. > Ones from www.rulesemporium.com/rules.html and I'm running the rules du jour script, which pulls this package down 1x/day. > www.rulesemporium.com/other-rules.htm ? No, none of these... > Are you running DCC/razor2? Yes. > Have you got SA version 3.1.7 AND run sa-update recently? SA is 3.1.5 :-( But I have sa-update 'ed recently. From iarteaga at cwpanama.net Fri Feb 9 16:14:11 2007 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Fri Feb 9 15:18:25 2007 Subject: How to check MS version Message-ID: Hello List, Can somebody please let me know the linux command in order to check the MS version I am running on? Will appreciate any help. --Ivan. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070209/d1966182/attachment.html From dhawal at netmagicsolutions.com Fri Feb 9 16:19:51 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 9 15:24:22 2007 Subject: How to check MS version In-Reply-To: References: Message-ID: Ivan Arteaga wrote: > Hello List, > > Can somebody please let me know the linux command in order to check the > MS version I am running on? > > Will appreciate any help. > > --Ivan. MailScanner -v | grep "MailScanner version" From rob at robhq.com Fri Feb 9 16:21:07 2007 From: rob at robhq.com (rob) Date: Fri Feb 9 15:25:25 2007 Subject: How to check MS version In-Reply-To: References: Message-ID: <20070209152100.M17493@robhq.com> On Fri, 9 Feb 2007 10:14:11 -0500, Ivan Arteaga wrote > Hello List, > > Can somebody please let me know the linux command in order to check the MS > version I am running on? > > Will appreciate any help. > > --Ivan. MailScanner -v From a.peacock at chime.ucl.ac.uk Fri Feb 9 16:22:44 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 15:26:54 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> Message-ID: <45CC91C4.10509@chime.ucl.ac.uk> Hi, am.lists wrote: > On 2/9/07, Anthony Peacock wrote: >> Put an example of these emails somewhere where the list users can find >> it (web page) with full headers, and I am sure people will tell you what >> scores the get and which rules hit. > > Anthony: > > I will leave this up for a while for discussion: > > http://mailgw.evokeemail.com/q/20070208.htm Well the first one scored 7 for me: Content analysis details: (7.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.1 FROM_NO_LOWER From address has no lower-case characters 0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.0 RCVD_IN_JANET_RBL RBL: Relay in JANET MAPS RBL+ RBL [1.2.3.163 listed in rbl-plus.mail-abuse.ja.net] [95.198.49.57 listed in rbl-plus.mail-abuse.ja.net] 0.1 TO_CC_NONE No To: or Cc: header -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From iarteaga at cwpanama.net Fri Feb 9 16:22:49 2007 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Fri Feb 9 15:27:02 2007 Subject: How to check MS version In-Reply-To: Message-ID: Thanx!! --Ivan. "Look both ways before crossing the Net" -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dhawal Doshy Sent: Friday, February 09, 2007 10:20 AM To: mailscanner@lists.mailscanner.info Subject: Re: How to check MS version Ivan Arteaga wrote: > Hello List, > > Can somebody please let me know the linux command in order to check the > MS version I am running on? > > Will appreciate any help. > > --Ivan. MailScanner -v | grep "MailScanner version" -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dyioulos at firstbhph.com Fri Feb 9 16:25:23 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Feb 9 15:29:36 2007 Subject: How to check MS version In-Reply-To: References: Message-ID: <200702091025.24106.dyioulos@firstbhph.com> On Friday 09 February 2007 10:14 am, Ivan Arteaga wrote: > Hello List, > > > > Can somebody please let me know the linux command in order to check the MS > version I am running on? > > > > Will appreciate any help. > > > > --Ivan. If it's running on a Redhat or Redhat-derived system, try rpm -q mailscanner. You can also check down toward the bottom of MailScanner.conf (directive is "MailScanner Version Number"). Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Fri Feb 9 16:35:16 2007 From: dave.list at pixelhammer.com (DAve) Date: Fri Feb 9 15:39:24 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> Message-ID: <45CC94B4.3090102@pixelhammer.com> am.lists wrote: > On 2/9/07, Anthony Peacock wrote: >> Put an example of these emails somewhere where the list users can find >> it (web page) with full headers, and I am sure people will tell you what >> scores the get and which rules hit. > > Anthony: > > I will leave this up for a while for discussion: > > http://mailgw.evokeemail.com/q/20070208.htm First message scored; Content analysis details: (2.3 points, 5.0 required) pts rule name description ------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5483] 0.1 TO_CC_NONE No To: or Cc: header Second message scored; Content analysis details: (17.3 points, 5.0 required) pts rule name description ------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.3 RCVD_ILLEGAL_IP Received: contains illegal IP address 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 15 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.1 TO_CC_NONE No To: or Cc: header DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From am.lists at gmail.com Fri Feb 9 16:57:01 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 16:01:07 2007 Subject: Scanning for Spam In-Reply-To: <45CC91C4.10509@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> Message-ID: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Anthony, When I obfuscated my real IP in the htm, I added 1.3 to that score (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. I looked on RE and don't see which group that's part of. It seems very effective. UPDATE: I just received another text-only one, and it's on the URL below. I didn't obfuscate any IPs this time, so the THIRD message would be an interesting test. http://mailgw.evokeemail.com/q/20070208.htm From rabollinger at gmail.com Fri Feb 9 17:00:39 2007 From: rabollinger at gmail.com (Richard Bollinger) Date: Fri Feb 9 16:04:41 2007 Subject: Message never gets out of mqueue.in In-Reply-To: <7744a2840702081529h3c855e4djae14d9bf0b4b3fe7@mail.gmail.com> References: <7744a2840702070714i496d27c6hbbf8b56ad0731d45@mail.gmail.com> <7744a2840702071505q6f1b93fdg7baedf54a6a91f8a@mail.gmail.com> <7744a2840702081527j152cb84bm256679a74d52f63e@mail.gmail.com> <7744a2840702081529h3c855e4djae14d9bf0b4b3fe7@mail.gmail.com> Message-ID: <7744a2840702090800o369ff1f9xe4a7821613b6b75a@mail.gmail.com> On 2/8/07, Richard Bollinger wrote: > ---------- Forwarded message ---------- > From: Richard Bollinger > Date: Feb 8, 2007 6:27 PM > Subject: Fwd: Message never gets out of mqueue.in > To: "Martin. Hepworth" > Cc: MAILSCANNER@jiscmail.ac.uk > > > Not sure if you caught my reply.... any further thoughts based on my > test results? > > ---------- Forwarded message ---------- > From: Richard Bollinger > Date: Feb 7, 2007 6:05 PM > Subject: Re: Message never gets out of mqueue.in > To: MailScanner discussion > > > On 2/7/07, Martin.Hepworth wrote: > > Richard > > > > Bother I hate doing this.. > > > > > > When you upgraded did you force the locktype in MailScanner.conf. recent > > MailScanner versions assume sendmail is 8.13+ and posix locktype rather > > than older versions with assume sendmail is 8.12 or previous and flock > > locktype. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > We're running sendmail-8.13.8 > MailScanner.conf has this line in it: Lock Type = > > Here's the output of the -debug run: > /root@rb-ls1:/u/tmp/looping# /opt/bin/MailScanner -debug > In Debugging mode, not forking... > [28597] warn: FuzzyOcr: Cannot find executable for ocrad > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 820 > read-open /var/spool/MailScanner/incoming/28597/l17Bo8oL007167/LOS_pdf: > No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm > line 435. > > My first guess would be that the problem may be related to foreign > language attachment names and the TNEF decoders.... this email was > from an partner in India. > > Thanks, Rich B Working the bug further, I tried upgrading to the latest stable MailScanner-4.58.9. That didn't change anything, so I tried changing TNEF processing to internal and it ran to completion... and I see the problem.... maybe. Using the external converter, it says the name of one of the attachments is LOS_pdf1, and sure enough that is one of the files broken out in the incoming folder before it does looking for LOS_pdf (the name missing its last character). read-open /var/spool/MailScanner/incoming/12862/l17Bo8oL007167/LOS_pdf: No such file or directory at /usr/lib/perl5/site_perl/MIME/Body.pm line 435. root@rb-ls1:~# ls /var/spool/MailScanner/incoming/12862/l17Bo8oL007167 LOS_pdf1 Untitled Attachment msg-12862-2.txt PBU Rev1 1 Feb,2007.xls msg-12862-1.txt msg-12862-3.txt Using the internal converter, it runs to completion, calling that attachment "LOS_pdf" (missing its last character). Somewhere in the process, MailScanner is dropping the last byte of the file name and thereby getting confused. Looks like my temporary cure is to use the internal TNEF converter. Someone who groks perl better than I should be able to find the error now. Thanks, Rich B From a.peacock at chime.ucl.ac.uk Fri Feb 9 17:06:58 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 16:11:26 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: <45CC9C22.9010800@chime.ucl.ac.uk> Hi, am.lists wrote: > Anthony, > > When I obfuscated my real IP in the htm, I added 1.3 to that score > (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was > the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. Actually the kicker is Bayes, my Bayes is scoring 99% which gives it a whole 3.5 points, added to the SARE stocks rules that is enough, ignoring any network tests (see below) > I looked on RE and don't see which group that's part of. It seems very > effective. That is in 70_SARE_STOCKS > > UPDATE: I just received another text-only one, and it's on the URL below. > > I didn't obfuscate any IPs this time, so the THIRD message would be an > interesting test. > > http://mailgw.evokeemail.com/q/20070208.htm Still get that one, Content analysis details: (8.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.1 FROM_NO_LOWER From address has no lower-case characters 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.1 TO_CC_NONE No To: or Cc: header 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From a.peacock at chime.ucl.ac.uk Fri Feb 9 17:11:18 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 16:15:47 2007 Subject: Scanning for Spam In-Reply-To: <45CC9C22.9010800@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> Message-ID: <45CC9D26.3070301@chime.ucl.ac.uk> Anthony Peacock wrote: > Hi, > > am.lists wrote: >> Anthony, >> >> When I obfuscated my real IP in the htm, I added 1.3 to that score >> (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was >> the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. > > Actually the kicker is Bayes, my Bayes is scoring 99% which gives it a > whole 3.5 points, added to the SARE stocks rules that is enough, > ignoring any network tests (see below) I also meant to point out that your Bayes was only hitting 50% which add nothing to the score. Start feeding these emails into the Bayes learning system, and it will start to match these emails. > >> I looked on RE and don't see which group that's part of. It seems very >> effective. > > > That is in 70_SARE_STOCKS > >> >> UPDATE: I just received another text-only one, and it's on the URL below. >> >> I didn't obfuscate any IPs this time, so the THIRD message would be an >> interesting test. >> >> http://mailgw.evokeemail.com/q/20070208.htm > > Still get that one, > > > Content analysis details: (8.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.3 TO_EMPTY To: is empty > 0.1 FROM_NO_LOWER From address has no lower-case characters > 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam > 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 1.0000] > 0.1 TO_CC_NONE No To: or Cc: header > 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 > > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From Richard.Frovarp at sendit.nodak.edu Fri Feb 9 17:14:50 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri Feb 9 16:18:53 2007 Subject: Out of Topic: IMAP In-Reply-To: References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> Message-ID: <45CC9DFA.6040105@sendit.nodak.edu> Res wrote: > On Thu, 8 Feb 2007, Roger Jochem wrote: > >> Since almost everyone here nows a lot about e-mail, server >> configuration, and that kind of stuff, I was wondering: how many of >> you use IMAP instead of POP3 for mail access? >> > > We use imap on localhost only for webmail, remote users don't have > access to it and use pop3. > > On other servers that use maildir format, no imap, they use sqwebmail > and pop3 which serves very well. > > A downside to imap is the constant login-do_request-logout > so you'd need some sort of proxy on heavy use servers or your log > spool will be full in a day :) > > If I have to build more? It would be pop3. > We run imapproxy on our webmail boxes. This is a requirement just due to how webmail works. We have a moderate horse powered box (Dual 2.4 Xeon, 2GB of RAM) handling 13K users all running IMAP via webmail or stand alone client. The one that handles 19K users has slightly more power behind it, only due to the fact it used to be the oldest and was up for replacement. The boxes were heavily overloaded back when they were calling SpamAssassin. Having MailScanner on machines in front has fixed that problem. Indexed (mbx format) inboxes also helped. From dave.list at pixelhammer.com Fri Feb 9 17:17:24 2007 From: dave.list at pixelhammer.com (DAve) Date: Fri Feb 9 16:21:32 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: <45CC9E94.8070904@pixelhammer.com> am.lists wrote: > Anthony, > > When I obfuscated my real IP in the htm, I added 1.3 to that score > (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was > the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. > > I looked on RE and don't see which group that's part of. It seems very > effective. > > UPDATE: I just received another text-only one, and it's on the URL below. > > I didn't obfuscate any IPs this time, so the THIRD message would be an > interesting test. > > http://mailgw.evokeemail.com/q/20070208.htm Message 3 scored; Content analysis details: (19.5 points, 5.0 required) pts rule name description -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 15 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 0.1 TO_CC_NONE No To: or Cc: header The fact I have been training on missed spam seems to be the kicker for me. I apparently have seen many of the same messages as you. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From am.lists at gmail.com Fri Feb 9 17:22:56 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 16:27:02 2007 Subject: Scanning for Spam In-Reply-To: <45CC9D26.3070301@chime.ucl.ac.uk> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> Message-ID: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> > I also meant to point out that your Bayes was only hitting 50% which add > nothing to the score. Start feeding these emails into the Bayes > learning system, and it will start to match these emails. So, I guess that's the question. Is there a way to make Bayes learn this when it's not currently tagged as spam? PS: I did get the additional SARE rules added to my rdj config. I hope the admins over there don't ban me since I've downloaded some files than 1x/day today. :-/ Angelo From dave.list at pixelhammer.com Fri Feb 9 17:33:19 2007 From: dave.list at pixelhammer.com (DAve) Date: Fri Feb 9 16:37:29 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> Message-ID: <45CCA24F.40004@pixelhammer.com> am.lists wrote: >> I also meant to point out that your Bayes was only hitting 50% which add >> nothing to the score. Start feeding these emails into the Bayes >> learning system, and it will start to match these emails. > > So, I guess that's the question. > > Is there a way to make Bayes learn this when it's not currently tagged > as spam? There are many many ways to make that happen depending on your network, your policies, your users. We simply keep messages that we feel are spam and once a day I ftp the mailbox up to my MS servers and run sa-learn on them. I can run through our Postmaster mailboxes and gleen 50 a day easily (we have no spam scanning on postmaster or abuse). A simplistic approach, but so far seems to be working. We may have to get serious about it farther down the road. DAve > > PS: I did get the additional SARE rules added to my rdj config. I hope > the admins over there don't ban me since I've downloaded some files > than 1x/day today. :-/ > > Angelo -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From a.peacock at chime.ucl.ac.uk Fri Feb 9 17:40:57 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 9 16:45:12 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> Message-ID: <45CCA419.4000804@chime.ucl.ac.uk> am.lists wrote: >> I also meant to point out that your Bayes was only hitting 50% which add >> nothing to the score. Start feeding these emails into the Bayes >> learning system, and it will start to match these emails. > > So, I guess that's the question. > > Is there a way to make Bayes learn this when it's not currently tagged > as spam? > > PS: I did get the additional SARE rules added to my rdj config. I hope > the admins over there don't ban me since I've downloaded some files > than 1x/day today. :-/ > > Angelo Use the sa-learn feature http://spamassassin.apache.org/full/3.1.x/doc/sa-learn.html -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From roger at rudnick.com.br Fri Feb 9 17:44:06 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Feb 9 16:48:43 2007 Subject: Out of Topic: IMAP References: <200702071054.39993.clacroix@cegep-ste-foy.qc.ca> <020c01c74b7f$5692f5b0$0600a8c0@roger> <45CC9DFA.6040105@sendit.nodak.edu> Message-ID: <03a801c74c69$83911930$0600a8c0@roger> Just curoius... How much of disk space have you for that use? ----- Original Message ----- From: "Richard Frovarp" To: "MailScanner discussion" Sent: Friday, February 09, 2007 2:14 PM Subject: Re: Out of Topic: IMAP > Res wrote: >> On Thu, 8 Feb 2007, Roger Jochem wrote: >> >>> Since almost everyone here nows a lot about e-mail, server >>> configuration, and that kind of stuff, I was wondering: how many of >>> you use IMAP instead of POP3 for mail access? >>> >> >> We use imap on localhost only for webmail, remote users don't have >> access to it and use pop3. >> >> On other servers that use maildir format, no imap, they use sqwebmail >> and pop3 which serves very well. >> >> A downside to imap is the constant login-do_request-logout >> so you'd need some sort of proxy on heavy use servers or your log >> spool will be full in a day :) >> >> If I have to build more? It would be pop3. >> > We run imapproxy on our webmail boxes. This is a requirement just due to > how webmail works. We have a moderate horse powered box (Dual 2.4 Xeon, > 2GB of RAM) handling 13K users all running IMAP via webmail or stand > alone client. The one that handles 19K users has slightly more power > behind it, only due to the fact it used to be the oldest and was up for > replacement. > > The boxes were heavily overloaded back when they were calling > SpamAssassin. Having MailScanner on machines in front has fixed that > problem. Indexed (mbx format) inboxes also helped. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From doc at maddoc.net Fri Feb 9 17:44:53 2007 From: doc at maddoc.net (Doc Schneider) Date: Fri Feb 9 16:48:58 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> Message-ID: <45CCA505.7030802@maddoc.net> am.lists wrote: > PS: I did get the additional SARE rules added to my rdj config. I hope > the admins over there don't ban me since I've downloaded some files > than 1x/day today. :-/ > > Angelo Most SARE rules aren't changed too much so we advise folks to grab anythng new with RDJ a couple times a day. BTW: I just released a new 70_sare_stocks.cf nothing majot just needed to comment out some un-used rules. And yes I am also maddoc@maddoc.net who maintains a lot of the rule sets for SARE. 8*) -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From MailScanner at ecs.soton.ac.uk Fri Feb 9 20:19:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 9 19:25:40 2007 Subject: How to check MS version In-Reply-To: <20070209152100.M17493@robhq.com> References: <20070209152100.M17493@robhq.com> Message-ID: <45CCC930.1060004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rob wrote: > On Fri, 9 Feb 2007 10:14:11 -0500, Ivan Arteaga wrote > >> Hello List, >> >> Can somebody please let me know the linux command in order to check the MS >> version I am running on? >> >> Will appreciate any help. >> >> --Ivan. >> > > > MailScanner -v > Or even the more obvious "MailScanner -version" or "MailScanner - --version" for the GNU-ers among you. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) Comment: Fetch my public key foot-print from www.mailscanner.info Charset: ISO-8859-1 wj8DBQFFzMm0EfZZRxQVtlQRAnQDAKD0TeamS8+A+zp0Gb133XWyDoHQowCgs1T0 QbBC9qiftH/a1DOr7gZ5x/k= =2NLN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Fri Feb 9 20:37:07 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 9 19:41:32 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: am.lists spake the following on 2/9/2007 7:57 AM: > Anthony, > > When I obfuscated my real IP in the htm, I added 1.3 to that score > (illegal IP 1.2.3.163 and Janet RBL). But otherwise, the kicker was > the SARE_PROLOSTOCK_SYM3 test... I am not sure I have that rule. > > I looked on RE and don't see which group that's part of. It seems very > effective. > > UPDATE: I just received another text-only one, and it's on the URL below. > > I didn't obfuscate any IPs this time, so the THIRD message would be an > interesting test. > > http://mailgw.evokeemail.com/q/20070208.htm Here is how I hit #3 Content analysis details: (11.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 TO_EMPTY To: is empty 0.1 FROM_NO_LOWER From address has no lower-case characters 1.0 L_DRUGS12 L_DRUGS12 2.5 FORGED_RCVD_HELO Received: contains a forged HELO 2.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9972] 1.7 STOCK_NAME_FVGT1 STOCK_NAME_FVGT1 0.1 TO_CC_NONE No To: or Cc: header Excluding the botnet plugin, that is still a "9" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From am.lists at gmail.com Fri Feb 9 20:45:28 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 9 19:49:38 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> Message-ID: <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Scott, Just curious why I got dinged for my IP being a spambot/virus... I have proper reverse and forward dns, not on any RBLs, etc. Angelo On 2/9/07, Scott Silva wrote: > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.0 BOTNET Relay might be a spambot or virusbot > [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] From gborders at jlewiscooper.com Fri Feb 9 22:17:10 2007 From: gborders at jlewiscooper.com (Greg Borders) Date: Fri Feb 9 21:21:23 2007 Subject: Scanning for Spam In-Reply-To: <45CCA24F.40004@pixelhammer.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <45CC9C22.9010800@chime.ucl.ac.uk> <45CC9D26.3070301@chime.ucl.ac.uk> <25a66d840702090822m57b21c71g55e2f5adf410e694@mail.gmail.com> <45CCA24F.40004@pixelhammer.com> Message-ID: <45CCE4D6.1080009@jlewiscooper.com> DAve wrote: > am.lists wrote: >>> I also meant to point out that your Bayes was only hitting 50% which >>> add >>> nothing to the score. Start feeding these emails into the Bayes >>> learning system, and it will start to match these emails. >> >> So, I guess that's the question. >> >> Is there a way to make Bayes learn this when it's not currently >> tagged as spam? > > There are many many ways to make that happen depending on your > network, your policies, your users. We simply keep messages that we > feel are spam and once a day I ftp the mailbox up to my MS servers and > run sa-learn on them. > > I can run through our Postmaster mailboxes and gleen 50 a day easily > (we have no spam scanning on postmaster or abuse). A simplistic > approach, but so far seems to be working. We may have to get serious > about it farther down the road. > > DAve > >> >> PS: I did get the additional SARE rules added to my rdj config. I hope >> the admins over there don't ban me since I've downloaded some files >> than 1x/day today. :-/ >> >> Angelo > > Here I made a "spam" mail box, and created SYM links to it for users within their mail folders. As folks find spam that leak thru, they drag it over the "universal" spam box, and then I feed them via a daily cron job to sa-learn script which reads them, and then deletes them. Also handy is the Mailwatch interface, where I can run searches/reports, and then checkbox the bad ones for instant SA learning. Works great! Greg. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Sat Feb 10 00:49:02 2007 From: res at ausics.net (Res) Date: Fri Feb 9 23:53:13 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: On Fri, 9 Feb 2007, am.lists wrote: > Scott, > Just curious why I got dinged for my IP being a spambot/virus... > > I have proper reverse and forward dns, not on any RBLs, etc. > ~$ host 64.44.11.163 163.11.44.64.in-addr.arpa domain name pointer mailgw.evokemail.com. ~$ host mailgw.evokemail.com Host mailgw.evokemail.com not found: 2(SERVFAIL) ~$ whois evokemail.com getaddrinfo(whois.crsnic.net): Temporary failure in name resolution This might be why :) > Angelo > > On 2/9/07, Scott Silva wrote: >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 2.0 BOTNET Relay might be a spambot or virusbot >> [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From yossimor at hotmail.com Sat Feb 10 00:50:13 2007 From: yossimor at hotmail.com (yossi mor) Date: Fri Feb 9 23:54:18 2007 Subject: Scanning for Spam Message-ID: Hi Greg, What should i do in case that the mail box on the exchange? Can i simply copy those emails to a folder on a linux machine and run sa-learn? Thanks, Yossi > Date: Fri, 9 Feb 2007 16:17:10 -0500> From: gborders@jlewiscooper.com> To: mailscanner@lists.mailscanner.info> Subject: Re: Scanning for Spam> > DAve wrote:> > am.lists wrote:> >>> I also meant to point out that your Bayes was only hitting 50% which > >>> add> >>> nothing to the score. Start feeding these emails into the Bayes> >>> learning system, and it will start to match these emails.> >>> >> So, I guess that's the question.> >>> >> Is there a way to make Bayes learn this when it's not currently > >> tagged as spam?> >> > There are many many ways to make that happen depending on your > > network, your policies, your users. We simply keep messages that we > > feel are spam and once a day I ftp the mailbox up to my MS servers and > > run sa-learn on them.> >> > I can run through our Postmaster mailboxes and gleen 50 a day easily > > (we have no spam scanning on postmaster or abuse). A simplistic > > approach, but so far seems to be working. We may have to get serious > > about it farther down the road.> >> > DAve> >> >>> >> PS: I did get the additional SARE rules added to my rdj config. I hope> >> the admins over there don't ban me since I've downloaded some files> >> than 1x/day today. :-/> >>> >> Angelo> >> >> Here I made a "spam" mail box, and created SYM links to it for users > within their mail folders. As folks find spam that leak thru, they drag > it over the "universal" spam box, and then I feed them via a daily cron > job to sa-learn script which reads them, and then deletes them.> > Also handy is the Mailwatch interface, where I can run searches/reports, > and then checkbox the bad ones for instant SA learning. Works great!> > Greg.> > > > > --> This transmission may contain information that is privileged, confidential> and/or exempt from disclosure under applicable law. If you are not the> intended recipient, you are hereby notified that any disclosure, copying,> distribution, or use of the information contained herein (including any> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission> in error, please immediately contact the sender and destroy the material in> its entirety, whether in electronic or hard copy format. Thank you.> > -- > This message has been scanned for viruses and> dangerous content by MailScanner, and is> believed to be clean.> > -- > MailScanner mailing list> mailscanner@lists.mailscanner.info> http://lists.mailscanner.info/mailman/listinfo/mailscanner> > Before posting, read http://wiki.mailscanner.info/posting> > Support MailScanner development - buy the book off the website! _________________________________________________________________ Get the new Windows Live Messenger! http://get.live.com/messenger/overview -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070209/15e97e6a/attachment-0001.html From res at ausics.net Sat Feb 10 00:58:37 2007 From: res at ausics.net (Res) Date: Sat Feb 10 00:02:50 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: On followup, I recall several root servers under DoS in recent days, perhaps its still ongoing, in past few hours my server has 4.5.1'd redhat.com and sourceforge, so I wouldn't think it is your problem On Sat, 10 Feb 2007, Res wrote: > On Fri, 9 Feb 2007, am.lists wrote: > >> Scott, >> Just curious why I got dinged for my IP being a spambot/virus... >> >> I have proper reverse and forward dns, not on any RBLs, etc. >> > > ~$ host 64.44.11.163 > 163.11.44.64.in-addr.arpa domain name pointer mailgw.evokemail.com. > ~$ host mailgw.evokemail.com > Host mailgw.evokemail.com not found: 2(SERVFAIL) > > > ~$ whois evokemail.com > getaddrinfo(whois.crsnic.net): Temporary failure in name resolution > > > This might be why :) > > > >> Angelo >> >> On 2/9/07, Scott Silva wrote: >>> pts rule name description >>> ---- ---------------------- >>> -------------------------------------------------- >>> 2.0 BOTNET Relay might be a spambot or virusbot >>> [botnet0.7,ip=64.44.11.163,hostname=mailgw.evokemail.com,baddns] >> > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From ssilva at sgvwater.com Sat Feb 10 01:13:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 10 00:18:12 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: Res spake the following on 2/9/2007 3:49 PM: > On Fri, 9 Feb 2007, am.lists wrote: > >> Scott, >> Just curious why I got dinged for my IP being a spambot/virus... >> >> I have proper reverse and forward dns, not on any RBLs, etc. >> > > ~$ host 64.44.11.163 > 163.11.44.64.in-addr.arpa domain name pointer mailgw.evokemail.com. > ~$ host mailgw.evokemail.com > Host mailgw.evokemail.com not found: 2(SERVFAIL) > > > ~$ whois evokemail.com > getaddrinfo(whois.crsnic.net): Temporary failure in name resolution > > > This might be why :) > > That is what I got also -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From am.lists at gmail.com Sat Feb 10 03:16:35 2007 From: am.lists at gmail.com (am.lists) Date: Sat Feb 10 02:20:42 2007 Subject: Scanning for Spam In-Reply-To: References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> Message-ID: <25a66d840702091816j63296756p6cc48b76285ad91e@mail.gmail.com> Duh. My co-lo has spelled the domain name wrong in my revdns entry! Should be evokeemail.com, not evokemail.com as they have it: mailgw.evokemail.com <> mailgw.evokeemail.com !! I will have them fix it. Not that we send out mail from there, but it is nice to have the option to do so if we should choose to down the road. Thanks for helping me spot this. It's one of those darned obscure things that you could sit and look at for hours and not figure out. From res at ausics.net Sat Feb 10 03:57:32 2007 From: res at ausics.net (Res) Date: Sat Feb 10 03:01:44 2007 Subject: Scanning for Spam In-Reply-To: <25a66d840702091816j63296756p6cc48b76285ad91e@mail.gmail.com> References: <25a66d840702081519i59743d25q7d76f52c4cdb357@mail.gmail.com> <25a66d840702081811q4f6c74ddl1f34b63d2a5ab237@mail.gmail.com> <45CC34FD.2060904@chime.ucl.ac.uk> <25a66d840702090707u3a943894y186d77f556e3ca75@mail.gmail.com> <45CC91C4.10509@chime.ucl.ac.uk> <25a66d840702090757n193c73e3mbc2badb618f86bea@mail.gmail.com> <25a66d840702091145u249a43d8q36c11ce7c10a81d6@mail.gmail.com> <25a66d840702091816j63296756p6cc48b76285ad91e@mail.gmail.com> Message-ID: On Fri, 9 Feb 2007, am.lists wrote: > Duh. > > My co-lo has spelled the domain name wrong in my revdns entry! > > Should be evokeemail.com, not evokemail.com as they have it: > > mailgw.evokemail.com <> mailgw.evokeemail.com !! > > I will have them fix it. > > Not that we send out mail from there, but it is nice to have the > option to do so if we should choose to down the road. > > Thanks for helping me spot this. It's one of those darned obscure > things that you could sit and look at for hours and not figure out. We aim to please :) > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From correiob at yahoo.com.br Sun Feb 11 01:37:24 2007 From: correiob at yahoo.com.br (correiob) Date: Sat Feb 10 23:39:27 2007 Subject: How to filter just incoming not outcoming emails? Message-ID: <7.0.1.0.1.20070210213706.01d14b38@yahoo.com.br> Hi: I have a Centos Linux, running Apache, Sendmail, Spam Assassin and MailScanner. This Server is POP as well as SMTP for all the mailboxes of my customers. Actually, the SpamAssassin and MailScanner at this Server filters / scan both, the emails that are being received and the emails that are being sent as well. This is giving my Server a really heavy load. I think I don't have neither the need (nor the obligation) to filter / scan the outgoing emails. This is a task up to the users at their own desktops and networks. But I undertand I have to filter just the incoming emails. So, my question is: is it possible to set Sendmail / Mail Scanner so that just the incoming emails are scanned agains virus and sent to Spam Assassin to be filtered? If so, please, tell me what to do. But, please, tell me like a cooking recipe, because I am not quite experienced with operating systems. Thanks a lot. Mario./ -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.17.33/678 - Release Date: 9/2/2007 16:06 _______________________________________________________ Yahoo! Mail - Sempre a melhor opção para você! Experimente já e veja as novidades. http://br.yahoo.com/mailbeta/tudonovo/ From res at ausics.net Sun Feb 11 02:02:22 2007 From: res at ausics.net (Res) Date: Sun Feb 11 01:06:36 2007 Subject: How to filter just incoming not outcoming emails? In-Reply-To: <7.0.1.0.1.20070210213706.01d14b38@yahoo.com.br> References: <7.0.1.0.1.20070210213706.01d14b38@yahoo.com.br> Message-ID: On Sat, 10 Feb 2007, correiob wrote: > I think I don't have neither the need (nor the obligation) to filter / scan > the outgoing emails. This is a task up to the users at their own desktops and > networks. But I undertand I have to filter just the incoming emails. Wrong... You have an obligation to the rest of the internet to make sure your users dont send spam/viruses. Never rely on users to do it, because most wouldnt know how to, not to mention all the 0 day worms out there that disable local antivirus then go to work spamming. Not to mention the far higher risk of your server being blacklisted because it sends this crud. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From andrew.frazer at sententia.co.nz Sun Feb 11 04:05:33 2007 From: andrew.frazer at sententia.co.nz (Andrew Frazer) Date: Sun Feb 11 03:09:47 2007 Subject: File Name Checking - How to disable. Message-ID: If I want to disable filename checking, do I simply remove set the parameter 'Attachment Filename Checking' from %etc-dir%/filename.rules.conf to just blank? From glenn.steen at gmail.com Sun Feb 11 14:21:28 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 13:25:40 2007 Subject: File Name Checking - How to disable. In-Reply-To: References: Message-ID: <223f97700702110521x4da03baah68dc9947cea4ce2c@mail.gmail.com> On 11/02/07, Andrew Frazer wrote: > If I want to disable filename checking, do I simply remove set the parameter > 'Attachment Filename Checking' from %etc-dir%/filename.rules.conf to just > blank? You change Filename Rules = %....... to Filename Rules = #%.... to disable filename checking, and File Command = /what/ever to File Command = #/what/ever to disable filetype checking. All changes in MailScanner.conf ;-) Cheers -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jan-peter at koopmann.eu Sun Feb 11 14:24:58 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sun Feb 11 13:28:20 2007 Subject: Setting Exchange SCL from MailScanner Message-ID: Hi, there was a discussion about this back in October I think. I want to set Exchange SCL to 9 when MailScanner/SA detects spam. The discussion suggested it would be enough to add the following header: X-MS-Exchange-Organization-SCL: 9 unfortunatly the SCL is not set here. Any suggestions? Mit freundlichen Gr??en Jan-Peter Koopmann From jan-peter at koopmann.eu Sun Feb 11 15:10:39 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sun Feb 11 14:13:55 2007 Subject: Performance In-Reply-To: <45C0A5D3.4000408@katy.com> Message-ID: On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: > I'll get these suggestions implemented, only one I have problem > implementing is the relay_recipient_maps suggestions. This box is a > filter for several endpoints. If you are using Exim, why not use recipient callouts? That should work nicely and no scripting is necessary. Kind regards, JP From jan-peter at koopmann.eu Sun Feb 11 15:20:33 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sun Feb 11 14:23:45 2007 Subject: DSPAM? Message-ID: Hi, has anyone gotten DSPAM integrated into MailScanner with the GenericSpamScanner option? Anyone using it at all? For what? Just curious... :-) Kind regards, JP From keith at 12345678.org Sun Feb 11 17:32:12 2007 From: keith at 12345678.org (keith) Date: Sun Feb 11 16:36:36 2007 Subject: "Archive Mail" function can work on Mail Gateway mode ? In-Reply-To: <223f97700702080002r2b587dc9g9b4080139b71286e@mail.gmail.com> References: <20070208023714.M32928@12345678.org> <223f97700702080002r2b587dc9g9b4080139b71286e@mail.gmail.com> Message-ID: <20070211163014.M35318@12345678.org> Thank you for your kindly help, now is work great, because he afraid the mailscanner filter some clean message as spam, so he want a full original copy. On Thu, 8 Feb 2007 09:02:10 +0100, Glenn Steen wrote > On 08/02/07, keith wrote: > > Dear All, my system is CentOS 4.4 + MS 4.56.7-1 as mail gateway mode for > > Exchange behind, my manager need me to auto forward his in/out mail to yahoo > > mail, I try to turn on the "Archive Mail" function in MS , the maillog > > displayed the mail is accept and queued mail for delivery but it cannot > > forward to specify mail account , the following is my setting, would anyone > > can tell me the "Archive Mail" can work with gateway mode or my syntax have > > something wrong ? > > > > --- Config File ---- > > /etc/MailScanner/MailScanner.conf > > ## > > Archive Mail = %rules-dir%/archive.rules > > ## > > ------------------------------------- > > /etc/MailScanner/rules/archive.rules > > ## > > FromOrTo:manager@companydomain.com yes forward manager123@yahoo.com > > ## > > ---------------------------------------- > > > > Thank you very much > > Keith > Try putting some whitespace between the "FromOrTo:" and the address > you match, remove the "yes" and restart/reload MailScanner... Should > make a difference. > Why are you doing this on Archive Mail (which will give him/her the > "bad stuff" like viruses and spam too), instead of the "cleaner" Non > Spam Actions etc? Seems like an unhealthy thing to be "originating" > spam and viruses sent to yahoo...;-). > When you move over to that, remember to set a default entry with the > normal actions (deliver and whatever else)....:-) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- From brent.bolin at gmail.com Sun Feb 11 18:37:12 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 17:41:23 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam Message-ID: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> Have these set in MailScanner.conf Always Include SpamAssassin Report = yes Detailed Spam Report = yes What am I missing ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/6b0b50c2/attachment.html From glenn.steen at gmail.com Sun Feb 11 18:42:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 17:47:01 2007 Subject: Performance In-Reply-To: References: <45C0A5D3.4000408@katy.com> Message-ID: <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> On 11/02/07, Koopmann, Jan-Peter wrote: > On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: > > > I'll get these suggestions implemented, only one I have problem > > implementing is the relay_recipient_maps suggestions. This box is a > > filter for several endpoints. > > If you are using Exim, why not use recipient callouts? That should work > nicely and no scripting is necessary. > > Kind regards, > JP The Postfix he is using should be able to do that too (in a way), but ... well, it's more "work" than a nice local hash lookup:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Feb 11 18:44:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 17:48:41 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> Message-ID: <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> On 11/02/07, BB wrote: > Have these set in MailScanner.conf > > Always Include SpamAssassin Report = yes > Detailed Spam Report = yes > > What am I missing ? > What does the logs tell you about them? are they "spam" due to BLs or spam chache hits perhaps? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brent.bolin at gmail.com Sun Feb 11 19:15:36 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 18:19:48 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> Message-ID: <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> I assume you are talking about all the log options in MailScanner.conf Turned on all that I could find. Stopped and restarted MailScaner Really haven't ever looked at the files in - /var/spool/MailScaner/quarantine/spam/* I just know I could view the spam scores etc... when using MailWatch I am in the middle of rebuilding a box. MailWatch isn't installed yet. FreeBSD 6.2 MailScanner-4.57.6_1 On 2/11/07, Glenn Steen wrote: > > On 11/02/07, BB wrote: > > Have these set in MailScanner.conf > > > > Always Include SpamAssassin Report = yes > > Detailed Spam Report = yes > > > > What am I missing ? > > > What does the logs tell you about them? are they "spam" due to BLs or > spam chache hits perhaps? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/ec9f0e9b/attachment.html From brent.bolin at gmail.com Sun Feb 11 19:20:29 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 18:24:41 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> Message-ID: <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore services.com is spam, SpamAssassin (not cached, score=6.943, required 3, ALL_TRUSTED -1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) /var/log/maillog Looks like it's there On 2/11/07, BB wrote: > > I assume you are talking about all the log options in MailScanner.conf > > Turned on all that I could find. Stopped and restarted MailScaner > > Really haven't ever looked at the files in - > > /var/spool/MailScaner/quarantine/spam/* > > I just know I could view the spam scores etc... when using MailWatch > > I am in the middle of rebuilding a box. MailWatch isn't installed yet. > > FreeBSD 6.2 > MailScanner-4.57.6_1 > > > > > > On 2/11/07, Glenn Steen wrote: > > > > On 11/02/07, BB wrote: > > > Have these set in MailScanner.conf > > > > > > Always Include SpamAssassin Report = yes > > > Detailed Spam Report = yes > > > > > > What am I missing ? > > > > > What does the logs tell you about them? are they "spam" due to BLs or > > spam chache hits perhaps? > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > ACK and you shall receive -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/567cdbdb/attachment.html From jstevens at athensdistributing.com Sun Feb 11 19:54:06 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Sun Feb 11 18:58:30 2007 Subject: OT: LookOUT 2007 Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> MaliScanner group, Around here MicroSoft stopped licensing Outlook 2003 last week. We use it in our Exchange/Outlook MailScanner gateway environment. In looking at messages within the 2007 LookOut client (R & D) I can't see how to find the full message Header. Before you would Choose VIEW | Options and get the message Id etc.. Is this removed or moved..Anyone? -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From glenn.steen at gmail.com Sun Feb 11 20:03:54 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 19:08:07 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> Message-ID: <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> On 11/02/07, BB wrote: > Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from > 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore > services.com is spam, SpamAssassin (not cached, score=6.943, required 3, > ALL_TRUSTED -1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM > S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) > > /var/log/maillog > > Looks like it's there > And this one does not get the report attached? On another note, perhaps you should have a look at why ALL_TRUSTED has fired, perhaps setting a correct trusted_networks for SpamAssassin... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.swaney at fsl.com Sun Feb 11 20:10:22 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun Feb 11 19:13:44 2007 Subject: LookOUT 2007 In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: <0a4001c74e10$47558a20$d6009e60$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of James R. Stevens > Sent: Sunday, February 11, 2007 1:54 PM > To: MailScanner discussion > Subject: OT: LookOUT 2007 > > MaliScanner group, > Around here MicroSoft stopped licensing Outlook 2003 last week. We use > it in our Exchange/Outlook MailScanner gateway environment. > > In looking at messages within the 2007 LookOut client (R & D) I can't > see how to find the full message Header. Before you would Choose VIEW > | Options and get the message Id etc.. > Is this removed or moved..Anyone? > In the Message reading window. Click on the tiny arrow in the lower left corner of the Options group. Not very obvious. Steve Steve Swaney steve@fsl.com From brent.bolin at gmail.com Sun Feb 11 20:14:40 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 19:18:51 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> Message-ID: <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> That's correct. I have made the changes you suggest trusted_networks my_rfc1918 in mailscanner.cf that is a symbolic link to spam.assassin.prefs.conf file On 2/11/07, Glenn Steen wrote: > > On 11/02/07, BB wrote: > > Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from > > 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore > > services.com is spam, SpamAssassin (not cached, score=6.943, required > 3, > > ALL_TRUSTED -1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM > > S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) > > > > /var/log/maillog > > > > Looks like it's there > > > And this one does not get the report attached? > > On another note, perhaps you should have a look at why ALL_TRUSTED has > fired, perhaps setting a correct trusted_networks for SpamAssassin... > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/1fa56a3d/attachment.html From drew at technologytiger.net Sun Feb 11 20:16:49 2007 From: drew at technologytiger.net (Drew Marshall) Date: Sun Feb 11 19:21:07 2007 Subject: Performance In-Reply-To: <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> References: <45C0A5D3.4000408@katy.com> <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> Message-ID: On 11 Feb 2007, at 17:42, Glenn Steen wrote: > On 11/02/07, Koopmann, Jan-Peter wrote: >> On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: >> >> > I'll get these suggestions implemented, only one I have problem >> > implementing is the relay_recipient_maps suggestions. This box is a >> > filter for several endpoints. >> >> If you are using Exim, why not use recipient callouts? That should >> work >> nicely and no scripting is necessary. >> >> Kind regards, >> JP > The Postfix he is using should be able to do that too (in a way), but > ... well, it's more "work" than a nice local hash lookup:-). It's not more work to set up, it's just a reject_unverified_recipient in smtpd_recipient_restrictions. The disadvantages (Which is where the work load comes in) is the gateway to mailbox server traffic, which will increase and the fact it only will work with MTAs that know how to reject unknown senders (>Exchange 2000) and it won't work if the mailbox server that you are 'gatewaying' for is off line so in that instance all mail destined for that box will be rejected with a 421 unable to verify type message. All in all if you can keep a copy of the users on the gateway this is usually better (If harder work to maintain). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From glenn.steen at gmail.com Sun Feb 11 20:59:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 20:04:10 2007 Subject: Performance In-Reply-To: References: <45C0A5D3.4000408@katy.com> <223f97700702110942h7d5c3e85ua3b96d50438c918@mail.gmail.com> Message-ID: <223f97700702111159y3f314747gbb23addfd4e1ebc6@mail.gmail.com> On 11/02/07, Drew Marshall wrote: > On 11 Feb 2007, at 17:42, Glenn Steen wrote: > > > On 11/02/07, Koopmann, Jan-Peter wrote: > >> On Wednesday, January 31, 2007 3:21 PM John Schmerold wrote: > >> > >> > I'll get these suggestions implemented, only one I have problem > >> > implementing is the relay_recipient_maps suggestions. This box is a > >> > filter for several endpoints. > >> > >> If you are using Exim, why not use recipient callouts? That should > >> work > >> nicely and no scripting is necessary. > >> > >> Kind regards, > >> JP > > The Postfix he is using should be able to do that too (in a way), but > > ... well, it's more "work" than a nice local hash lookup:-). > > It's not more work to set up, it's just a reject_unverified_recipient > in smtpd_recipient_restrictions. The disadvantages (Which is where > the work load comes in) is the gateway to mailbox server traffic, > which will increase and the fact it only will work with MTAs that > know how to reject unknown senders (>Exchange 2000) and it won't work > if the mailbox server that you are 'gatewaying' for is off line so in > that instance all mail destined for that box will be rejected with a > 421 unable to verify type message. All in all if you can keep a copy > of the users on the gateway this is usually better (If harder work to > maintain). > > Drew Exactly.... Thanks for the eloquence Drew:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mike at vesol.com Sun Feb 11 21:20:04 2007 From: mike at vesol.com (Mike Kercher) Date: Sun Feb 11 20:27:38 2007 Subject: LookOUT 2007 In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: : -----Original Message----- : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- : bounces@lists.mailscanner.info] On Behalf Of James R. Stevens : Sent: Sunday, February 11, 2007 12:54 PM : To: MailScanner discussion : Subject: OT: LookOUT 2007 : : MaliScanner group, : Around here MicroSoft stopped licensing Outlook 2003 last week. We use : it in our Exchange/Outlook MailScanner gateway environment. : : In looking at messages within the 2007 LookOut client (R & D) I can't : see how to find the full message Header. Before you would Choose VIEW : | Options and get the message Id etc.. : Is this removed or moved..Anyone? : : -- Right click the message itself and select Message Options. I find Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista or Office 2007 so far. Mike From res at ausics.net Sun Feb 11 22:04:54 2007 From: res at ausics.net (Res) Date: Sun Feb 11 21:09:23 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: On Sun, 11 Feb 2007, Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. The add slogan goes "the wow starts now" they're right, "wow, we really gota use another OS, and now" ..and one don't have to pay several hundreds of dollars for :P Just about every list im on many people have bagged it. I still enjoy an M$ free zone :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From brent.bolin at gmail.com Sun Feb 11 22:28:18 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 21:32:31 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> Message-ID: <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Looking through some old archives of MailScanner. A question was asked similar to mine. Julian responded Mailscanner only reports to maillog. Apparently MailWatch stores the report in Mysql. Someone please correct me if I'm wrong. Do any of your quarantine messages have Spamassassin reports in them ? On 2/11/07, BB wrote: > > That's correct. > > I have made the changes you suggest trusted_networks my_rfc1918 in > mailscanner.cf that is a symbolic link to spam.assassin.prefs.conf file > > On 2/11/07, Glenn Steen wrote: > > > > On 11/02/07, BB wrote: > > > Feb 11 12:09:39 mail MailScanner[76430]: Message l1BI9RGD076406 from > > > 69.0.202.215 (pj8dv2el@drinksassy.com) to specialtystore > > > services.com is spam, SpamAssassin (not cached, score=6.943, required > > 3, > > > ALL_TRUSTED - 1.80, BAYES_50 0.00, FROM_HAS_MIXED_NUM > > > S 2.15, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > > > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 4.09) > > > > > > /var/log/maillog > > > > > > Looks like it's there > > > > > And this one does not get the report attached? > > > > On another note, perhaps you should have a look at why ALL_TRUSTED has > > fired, perhaps setting a correct trusted_networks for SpamAssassin... > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > ACK and you shall receive > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/96c03146/attachment.html From res at ausics.net Sun Feb 11 22:46:55 2007 From: res at ausics.net (Res) Date: Sun Feb 11 21:51:24 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Message-ID: On Sun, 11 Feb 2007, BB wrote: > Someone please correct me if I'm wrong. Do any of your quarantine messages > have Spamassassin reports in them ? No they don't. IIRC this is deliberate. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Sun Feb 11 23:27:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 22:32:11 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Message-ID: <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> On 11/02/07, Res wrote: > > On Sun, 11 Feb 2007, BB wrote: > > > Someone please correct me if I'm wrong. Do any of your quarantine messages > > have Spamassassin reports in them ? > > No they don't. IIRC this is deliberate. > Correct that the messages in the quarantine themselves will not have them.... But _NailWatch_ should still display them in the details page for the message. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Feb 11 23:28:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 11 22:33:10 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> Message-ID: <223f97700702111428k6d1f037ds86f7235ec185ddd4@mail.gmail.com> On 11/02/07, Glenn Steen wrote: > On 11/02/07, Res wrote: > > > > On Sun, 11 Feb 2007, BB wrote: > > > > > Someone please correct me if I'm wrong. Do any of your quarantine messages > > > have Spamassassin reports in them ? > > > > No they don't. IIRC this is deliberate. > > > Correct that the messages in the quarantine themselves will not have > them.... But _NailWatch_ should still display them in the details page > for the message. > NailWatch == MailWatch.... I shouldn't do this when I'm somewhat ill....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brent.bolin at gmail.com Sun Feb 11 23:30:57 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 22:35:09 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> Message-ID: <787dcac20702111430p5a4f2eadgd02083d6e367a3c0@mail.gmail.com> Could you please explain the reasoning why is deliberate ? On 2/11/07, Res wrote: > > > On Sun, 11 Feb 2007, BB wrote: > > > Someone please correct me if I'm wrong. Do any of your quarantine > messages > > have Spamassassin reports in them ? > > No they don't. IIRC this is deliberate. > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- ACK and you shall receive -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/7ccfa622/attachment.html From brent.bolin at gmail.com Sun Feb 11 23:54:40 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 11 22:58:52 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. Message-ID: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> It's messing up my total scores causing spam not to be caught ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070211/48c4545a/attachment.html From res at ausics.net Mon Feb 12 00:32:27 2007 From: res at ausics.net (Res) Date: Sun Feb 11 23:36:54 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <223f97700702111428k6d1f037ds86f7235ec185ddd4@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> <223f97700702111427p1b76b0b9k40eb5021871b960f@mail.gmail.com> <223f97700702111428k6d1f037ds86f7235ec185ddd4@mail.gmail.com> Message-ID: On Sun, 11 Feb 2007, Glenn Steen wrote: > On 11/02/07, Glenn Steen wrote: >> On 11/02/07, Res wrote: >> > >> > On Sun, 11 Feb 2007, BB wrote: >> > >> > > Someone please correct me if I'm wrong. Do any of your quarantine >> messages >> > > have Spamassassin reports in them ? >> > >> > No they don't. IIRC this is deliberate. >> > >> Correct that the messages in the quarantine themselves will not have >> them.... But _NailWatch_ should still display them in the details page >> for the message. >> > NailWatch == MailWatch.... I shouldn't do this when I'm somewhat ill....:-) hehehe I know the feeling, big cricket day yesterday/last_night/early hours_of_today and I'm still paying for it :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From matt at coders.co.uk Mon Feb 12 00:42:24 2007 From: matt at coders.co.uk (Matt Hampton) Date: Sun Feb 11 23:46:54 2007 Subject: Slightly OT: Milter that uses the SA cache database Message-ID: <45CFA9E0.1050408@coders.co.uk> Good evening.... Would anyone be interested in a a milter that uses the SA cache that MailScanner generates and TEMPFAILS or REJECTS messages when the cache score is greater than a threshold? Very rough and ready - alpha code really but I am currently running it on a live box.... cheers Matt From febrianto at sioenasia.com Mon Feb 12 04:53:26 2007 From: febrianto at sioenasia.com (Budi Febrianto) Date: Mon Feb 12 03:52:48 2007 Subject: DNS White List, is a good thing? Message-ID: I just heard about dns white list (DNSWL), the purpose is to decrease the false positive detection. There is some hack for sendmail to use it. Spamassassin also can use it by giving a very low score when listed in dnswl. Anybody using it? And what dnswl server to be use? Best Regards From deanm at ispone.com.au Mon Feb 12 06:59:32 2007 From: deanm at ispone.com.au (Dean Manners) Date: Mon Feb 12 06:04:51 2007 Subject: Attachment-Warning variables with inline warnings Message-ID: <200702120600.l1C60WhI023012@relay01.ispone.net.au> Is it possible to use the $datenumber and $id variables in the inline.warning reports ? I am trying to display a "Click here to release" URL, however the report line containing the URL seems to be removed. Regards __________________________________________ Dean Manners -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/7392d1a7/attachment.html From maillists at conactive.com Mon Feb 12 12:15:36 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 12 11:19:51 2007 Subject: Attachment-Warning variables with inline warnings In-Reply-To: <200702120600.l1C60WhI023012@relay01.ispone.net.au> References: <200702120600.l1C60WhI023012@relay01.ispone.net.au> Message-ID: Dean Manners wrote on Mon, 12 Feb 2007 16:59:32 +1100: > Is it possible to use the $datenumber and $id variables in the > inline.warning reports ? ?I am trying to display a "Click here to release" > URL, however the report line containing the URL seems to be removed. It would be nice if you could convince yourself to not send HTML to a mailing list, thanks :-) This could also be the reason why you don't get the text you expect. There's a text and an HTML version. Did you change both? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From amoore at dekalbmemorial.com Mon Feb 12 14:44:58 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Mon Feb 12 13:49:15 2007 Subject: Setting Exchange SCL from MailScanner In-Reply-To: References: Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F34846@exch1.dekalbmemorial.local> Koopmann, Jan-Peter wrote: > Hi, > > there was a discussion about this back in October I think. I want to > set Exchange SCL to 9 when MailScanner/SA detects spam. The > discussion suggested it would be enough to add the following header: > > X-MS-Exchange-Organization-SCL: 9 > > unfortunatly the SCL is not set here. Any suggestions? > What does your spam actions configuration look like in MailScanner.conf? -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From m.anderlini at database.it Mon Feb 12 14:44:21 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 13:59:14 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700701251106o7f1911a6sa8951034ca44b279@mail.gmail.com> Message-ID: <200702121344.l1CDiSMc007588@netra.database.it> Hello to all, I'm still unable to resolve by myself this problem and my mqueue.in is stil huge. I've just tried to use spamassassin -D -t and I get this : ======================================== [31512] dbg: uridnsbl: query for ilbanner.com took 1 seconds to look up (sbl.spamhaus.org.:2.246.22.217) [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up (sbl.spamhaus.org.:10.196.64.217) ======================================== But in my MailScanner.conf I set to use CBL and in my normal log I get this : ============== RBL checks: l1CDWguL030057 found in CBL ============== So how can I to be sure what spamlist I'm using ? Maybe spamassassin -D -t just use a different .conf ? How can I be sure spamassassin -D -t would use my current configuration ? Thanks a lot for any suggestion Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: giovedì 25 gennaio 2007 20.07 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 25/01/07, Jay Chandler wrote: > > Marcello Anderlini wrote: > > > Sorry, if I answer just today but I way busy. > > > > > > I've checked In /etc/mail/spamassassin/mailscanner.cf but I found > > > just this lines nothing else ============================= # > > > MailScanner # MailScanner users, please > > > ============================= It's correct ? But If I add > the lines > > > you suggested the spam controls will stoped at all ? > > > > > > Sorry again for my worst english and thanks for any kind > of help you > > > will give me.. > > > > > > bye > > > > > > > > > > Howdy. > > > > MailScanner.conf is a couple of thousand lines long-- that's not > > correct at all. > > > > I'd suggest getting a fresh copy out of the tar file at > > www.mailscanner.info-- I'd also wonder what else is > corrupted on your > > installation. > > > Hi Jay & Marcello, > > First... Jay: MailScanner.conf != mailscanner.cf (which is > just a symlink to spam.assassin.prefs.conf)... You knew that;-) > > Second, Marcello: I assume the lines you are asking about are > the score lines as suggested by Martin (simply turning off > some RBLs in SpamAssassin). > The reason to turn these of is _if_ you can see (with a test > message run through spamassassin manually) that some BL or > other is taking a long time to finish... If a few of them do > SA might take a rather long while to finish, in turn leading > to MailScanner killing it off and logging the incident. *If* > you see this, it might be a good idea to do this. And yes, it > would perhaps affect the scoring a bit, if you turned them all off. > You should also check over any digest checks... All this > would probably be very obvious (one would hope, at least:-) > if you do a spamassassin -D -t < /path/to/test/file > > Hopefully this all is passing the language barrier OK... I > think we'll stick with english though... I suspect your > Swedish is even worse;-):-)... And that are the two languages > I'm really fluent in, so...:/ > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From glenn.steen at gmail.com Mon Feb 12 15:19:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 12 14:24:07 2007 Subject: Mqueue.in huge In-Reply-To: <200702121344.l1CDiSMc007588@netra.database.it> References: <223f97700701251106o7f1911a6sa8951034ca44b279@mail.gmail.com> <200702121344.l1CDiSMc007588@netra.database.it> Message-ID: <223f97700702120619j12a44279o7699e2ceb5484d44@mail.gmail.com> On 12/02/07, Marcello Anderlini wrote: > Hello to all, > I'm still unable to resolve by myself this problem and my mqueue.in is stil > huge. > I've just tried to use spamassassin -D -t and I get this : > ======================================== > [31512] dbg: uridnsbl: query for ilbanner.com took 1 seconds to look up > (sbl.spamhaus.org.:2.246.22.217) > [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up > (sbl.spamhaus.org.:10.196.64.217) > ======================================== > > But in my MailScanner.conf I set to use CBL and in my normal log I get this > : > ============== > RBL checks: l1CDWguL030057 found in CBL > ============== > > So how can I to be sure what spamlist I'm using ? Maybe spamassassin -D -t > just use a different .conf ? How can I be sure spamassassin -D -t would use > my current configuration ? > > Thanks a lot for any suggestion > > Best regards Marcello, If you've set to use CBL in Spam Lists, then _MailScanner_ will do that lookup and _unconditionally use the result for tagging the message as spam or not_... SpamAssassin has _nothing_ to do with this. SpamAssassin uses its own list of BLs by default... all the advice earlier (from Martin mostly;) is about "tuning" that list. Now, since MailScanner is a bit ... categoric... about the BL results, and the fact that MailScanner will do lookups _serialized_ (first list, second list etc) make many not use MailScanner for that at all. The reasoning is that if you trust the few lists you do in MailScanner so much, why then use them in the MTA to reject the mails out of hand instead. Having said that, if one has a situation like mine where laws (yes, laws) and to some extent policy prevent you from using BLs for rejections at the MTA level, then keeping one (at the most two) solid BLs (like SBL-XBL) in MS might be a good idea, and let the rest score through SA. Then be prepared that some messages will look like non-spam (low score) and still get tagged/quarantined as spam. I hope you don't have ORDB in MailScanners Spam Lists anymore, since that has gone offline (could cause the type of problem you describe). Hope this clears any confusion. When you did the spamassassin -D -t < /path/to/message ... did you see any noticeable pauses? If you disable SpamAssassin altogether, does that clear out your queues? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Mon Feb 12 16:54:57 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 16:06:44 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702120619j12a44279o7699e2ceb5484d44@mail.gmail.com> Message-ID: <200702121554.l1CFstxS028730@netra.database.it> I beg your pardon but how can set my MTA (I use sendmail) to use blacklist and to reject automaticaly email ? And also how can I turn off spamassin in Mailscanner.conf ? Thanks again for your help. Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: lunedì 12 febbraio 2007 15.20 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 12/02/07, Marcello Anderlini wrote: > > Hello to all, > > I'm still unable to resolve by myself this problem and my > mqueue.in is > > stil huge. > > I've just tried to use spamassassin -D -t and I get this : > > ======================================== > > [31512] dbg: uridnsbl: query for ilbanner.com took 1 > seconds to look > > up > > (sbl.spamhaus.org.:2.246.22.217) > > [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up > > (sbl.spamhaus.org.:10.196.64.217) > > ======================================== > > > > But in my MailScanner.conf I set to use CBL and in my > normal log I get > > this > > : > > ============== > > RBL checks: l1CDWguL030057 found in CBL ============== > > > > So how can I to be sure what spamlist I'm using ? Maybe > spamassassin > > -D -t just use a different .conf ? How can I be sure > spamassassin -D > > -t would use my current configuration ? > > > > Thanks a lot for any suggestion > > > > Best regards > Marcello, > > If you've set to use CBL in Spam Lists, then _MailScanner_ > will do that lookup and _unconditionally use the result for > tagging the message as spam or not_... SpamAssassin has > _nothing_ to do with this. > SpamAssassin uses its own list of BLs by default... all the > advice earlier (from Martin mostly;) is about "tuning" that list. > > Now, since MailScanner is a bit ... categoric... about the BL > results, and the fact that MailScanner will do lookups > _serialized_ (first list, second list etc) make many not use > MailScanner for that at all. > The reasoning is that if you trust the few lists you do in > MailScanner so much, why then use them in the MTA to reject > the mails out of hand instead. > > Having said that, if one has a situation like mine where laws (yes, > laws) and to some extent policy prevent you from using BLs > for rejections at the MTA level, then keeping one (at the > most two) solid BLs (like SBL-XBL) in MS might be a good > idea, and let the rest score through SA. Then be prepared > that some messages will look like non-spam (low score) and > still get tagged/quarantined as spam. > > I hope you don't have ORDB in MailScanners Spam Lists > anymore, since that has gone offline (could cause the type of > problem you describe). > > Hope this clears any confusion. > > When you did the spamassassin -D -t < /path/to/message ... > did you see any noticeable pauses? If you disable > SpamAssassin altogether, does that clear out your queues? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From m.anderlini at database.it Mon Feb 12 17:12:22 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 16:21:15 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702120619j12a44279o7699e2ceb5484d44@mail.gmail.com> Message-ID: <200702121612.l1CGCKRG013926@netra.database.it> I beg your pardon but how can set my MTA (I use sendmail) to use blacklist and to reject automaticaly email ? I found how to disable spamassasin and yes disabling it the queue clear, so ? Now I'm using again SBL-XBL as you suggested but I did not notice any improvement. Looking the log of spammassasin -D -t it seems it take a relative lot of time to... ================================================================== [11306] dbg: locker: safe_lock: created /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 1 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 2 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 3 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 4 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 5 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 6 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 7 retries [11306] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 8 retries ================================================================== Could be this my problem ? Should I turn off this feature and how this would impact spam detection ? Thanks again for your help. Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: lunedì 12 febbraio 2007 15.20 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 12/02/07, Marcello Anderlini wrote: > > Hello to all, > > I'm still unable to resolve by myself this problem and my > mqueue.in is > > stil huge. > > I've just tried to use spamassassin -D -t and I get this : > > ======================================== > > [31512] dbg: uridnsbl: query for ilbanner.com took 1 > seconds to look > > up > > (sbl.spamhaus.org.:2.246.22.217) > > [31512] dbg: uridnsbl: query for youbuy.it took 1 seconds to look up > > (sbl.spamhaus.org.:10.196.64.217) > > ======================================== > > > > But in my MailScanner.conf I set to use CBL and in my > normal log I get > > this > > : > > ============== > > RBL checks: l1CDWguL030057 found in CBL ============== > > > > So how can I to be sure what spamlist I'm using ? Maybe > spamassassin > > -D -t just use a different .conf ? How can I be sure > spamassassin -D > > -t would use my current configuration ? > > > > Thanks a lot for any suggestion > > > > Best regards > Marcello, > > If you've set to use CBL in Spam Lists, then _MailScanner_ > will do that lookup and _unconditionally use the result for > tagging the message as spam or not_... SpamAssassin has > _nothing_ to do with this. > SpamAssassin uses its own list of BLs by default... all the > advice earlier (from Martin mostly;) is about "tuning" that list. > > Now, since MailScanner is a bit ... categoric... about the BL > results, and the fact that MailScanner will do lookups > _serialized_ (first list, second list etc) make many not use > MailScanner for that at all. > The reasoning is that if you trust the few lists you do in > MailScanner so much, why then use them in the MTA to reject > the mails out of hand instead. > > Having said that, if one has a situation like mine where laws (yes, > laws) and to some extent policy prevent you from using BLs > for rejections at the MTA level, then keeping one (at the > most two) solid BLs (like SBL-XBL) in MS might be a good > idea, and let the rest score through SA. Then be prepared > that some messages will look like non-spam (low score) and > still get tagged/quarantined as spam. > > I hope you don't have ORDB in MailScanners Spam Lists > anymore, since that has gone offline (could cause the type of > problem you describe). > > Hope this clears any confusion. > > When you did the spamassassin -D -t < /path/to/message ... > did you see any noticeable pauses? If you disable > SpamAssassin altogether, does that clear out your queues? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From Denis.Beauchemin at USherbrooke.ca Mon Feb 12 17:19:02 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 12 16:23:40 2007 Subject: Slightly OT: Milter that uses the SA cache database In-Reply-To: <45CFA9E0.1050408@coders.co.uk> References: <45CFA9E0.1050408@coders.co.uk> Message-ID: <45D09376.5070404@USherbrooke.ca> Matt Hampton a ?crit : > Good evening.... > > Would anyone be interested in a a milter that uses the SA cache that > MailScanner generates and TEMPFAILS or REJECTS messages when the cache > score is greater than a threshold? > > Very rough and ready - alpha code really but I am currently running it > on a live box.... Matt, If I understand correctly the messages would have been detected as spam anyhow by MS but after some more processing. I think I would like to give it a try. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/1182d573/smime.bin From Denis.Beauchemin at USherbrooke.ca Mon Feb 12 17:24:41 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 12 16:29:13 2007 Subject: Mqueue.in huge In-Reply-To: <200702121612.l1CGCKRG013926@netra.database.it> References: <200702121612.l1CGCKRG013926@netra.database.it> Message-ID: <45D094C9.3090806@USherbrooke.ca> Marcello Anderlini a ?crit : > I beg your pardon but how can set my MTA (I use sendmail) to use blacklist > and to reject automaticaly email ? > I found how to disable spamassasin and yes disabling it the queue clear, so > ? > Now I'm using again SBL-XBL as you suggested but I did not notice any > improvement. > > Looking the log of spammassasin -D -t it seems it take a relative lot of > time to... > ================================================================== > [11306] dbg: locker: safe_lock: created > /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 0 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 1 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 2 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 3 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 4 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 5 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 6 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 7 retries > [11306] dbg: locker: safe_lock: trying to get lock on > /root/.spamassassin/auto-whitelist with 8 retries > ================================================================== > Could be this my problem ? Should I turn off this feature and how this would > impact spam detection ? > Marcello, I use the following in my spam.assassin.prefs.conf file: use_auto_whitelist 0 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/1340a1dd/smime.bin From brian.duncan at kattenlaw.com Mon Feb 12 17:44:52 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 16:49:35 2007 Subject: Setting Exchange SCL from MailScanner References: Message-ID: <65234743FE1555428435CE39E6AC4078B38CDB@CHI-US-EXCH-01.us.kmz.com> I already replied to you directly. Figured I would reply to the list if anyone else was looking to do the same. >From everything I could find before, the way MS exchange and IMF works is that the SCL value that Exchange acts on is an extended MS attribute that is added to the message. It does NOT act upon the X-Header alone. At least I could NEVER get Exchange to act on ANY x-header I sent with a message.. At the time I was experimenting with this, I also found a way to add to the Outlook view a tab that would show SCL values of messages. Any of the X-headers I added, never seemed to effect this. This means that you should not be able to force Exchange to put something in the Junkmail folder by adding an X-Header. (I know you can with rules and stuff, but I mean by using SCL x-headers) We are doing this now, but only by using a product that sits on the Exchange servers called smtptracker. http://smtptracker.com It was like 25.00 for the product. They even sell the source code.. We have a few servers that all Exchange mail routes through for multiple locations. So we have it loaded on each. (It's not loaded on each users Echange server) Any messages that fail MailScanner/SpamAssassin have a failed x-header put in, when this message passed through the Exchange server that has SMTP Tracker loaded on it, it adds whatever MS specific data that assigns it an SCL of 9. (Thereby forcing it into a users JunkMail folder) This also means we can now truly have users take care of their own white listing. They can add anyone to their "Safe Sender" list and we don't have to whitelist anything any more at the MailScanner/SpamAssassin/Sendmail boxes. What is even better is that it also works for OWA use also for all of our users that access mail externally. Since the Junk Mail rules are server side. So anyone they add to their "safe sender list" when in the office also is applied when using OWA externally. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Koopmann, Jan-Peter > Sent: Sunday, February 11, 2007 7:25 AM > To: MailScanner discussion > Subject: Setting Exchange SCL from MailScanner > > Hi, > > there was a discussion about this back in October I think. I > want to set Exchange SCL to 9 when MailScanner/SA detects > spam. The discussion suggested it would be enough to add the > following header: > > X-MS-Exchange-Organization-SCL: 9 > > unfortunatly the SCL is not set here. Any suggestions? > > > > Mit freundlichen Gr??en > > Jan-Peter Koopmann > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From brian.duncan at kattenlaw.com Mon Feb 12 17:51:20 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 16:55:40 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> I sent this out back in December of 06 without any replies. Figured I would try again now. People were probably out on vacation.. I am seeing in the logs that when a message is determined to be Spam because of RBL checks it does NOT output the right info on the log but when it fails because of Spam Assassin analysis of the message it does print the right info in the logs. I see this on all 3 of my Mailscanner servers in my logs. (I recently updated to current MailScanner version with same results) Correct log notation: (ONLY occurs when SpamAssassin is involved) MailScanner[29410]: Message kBJ96Lbp009914 from 195.22.235.12 (ikfrjqvpvd@mdl.net ) to kattenlaw.com is spam, SpamAssassin (not cached, score=19.049, required 6.5, BAYES_99 6.00, HTML_40_ 50 0.50, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 1.10, NO_RDNS2 0.01, SARE_CSBIG 1.66, SARE_MLB_Stock1 2. 00, SARE_MLH_Stock1 1.66, SARE_RMML_Stock26 1.12, STCK_SPAM_BODY17 2.00, STCK_SPAM_BODY21 1.50, STCK_ SPAM_BODY28 1.50) Incorrect log notation: (message failed RBL) MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 (econnors@afr.com.au ) to kattenlaw.com is dnsbl it should actually read: MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 (econnors@afr.com.au ) to kattenlaw.com is spam, dnsbl Another incorrect log notation: MailScanner[31970]: Message kBJHT94h004055 from 221.200.186.157 (cwkomvq@broward.org) to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org I see this behavior on ALL of my mail servers. Is this only me? All my RBL checks work fine, it is just the notation in the log that is messed up. Thanks for any info =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From ssilva at sgvwater.com Mon Feb 12 17:54:06 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 16:59:00 2007 Subject: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> Message-ID: BB spake the following on 2/11/2007 9:37 AM: > Have these set in MailScanner.conf > > Always Include SpamAssassin Report = yes > Detailed Spam Report = yes > > What am I missing ? > The messages only go to the log, and into the "passed on" copy of the mail. The quarantined messages are untouched, and will be as they came in. If you want to see the scores on quarantined stuff, you need to get that from the logs with something like Mailwatch, or forward a copy of the spam messages to an admin box. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Mon Feb 12 17:56:05 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 12 17:00:57 2007 Subject: OT: Hiring In-Reply-To: <45CB4F4D.8060304@ecs.soton.ac.uk> References: <45CB4F4D.8060304@ecs.soton.ac.uk> Message-ID: <45D09C25.6090307@nkpanama.com> Could you describe the needs/wants you would have from this staffer? What would they(me?) need to accomplish? Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We need to hire some additional part time staff who can help with > support for MailScanner, MailScanner related applications, MTAs and our > DefenderMX application. We will train you on DefenderMX. > > Salary is commensurate with qualifications and location anywhere is the > world is just fine, you just need a high speed Internet link. Hour are > flexible and the working environment is great J. Reasonable English > skill is required and an additional language would be useful but not > necessary. > > Please send you qualifications and desired compensation level directly > to hiring@fsl.com > > Thanks > > - -- > Steve Swaney > President > Fort Systems Ltd. > steve@fsl.com > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > 7sxp1o/rT/ptelv7aiTtLfs= > =D4j/ > -----END PGP SIGNATURE----- > From ka at pacific.net Mon Feb 12 18:00:52 2007 From: ka at pacific.net (Ken A) Date: Mon Feb 12 17:01:25 2007 Subject: Slightly OT: Milter that uses the SA cache database In-Reply-To: <45D09376.5070404@USherbrooke.ca> References: <45CFA9E0.1050408@coders.co.uk> <45D09376.5070404@USherbrooke.ca> Message-ID: <45D09D44.6030506@pacific.net> Send me a link. I'll give it a try. Sounds quite useful. Thanks, Ken A. Pacific.Net Denis Beauchemin wrote: > Matt Hampton a ?crit : >> Good evening.... >> >> Would anyone be interested in a a milter that uses the SA cache that >> MailScanner generates and TEMPFAILS or REJECTS messages when the cache >> score is greater than a threshold? >> >> Very rough and ready - alpha code really but I am currently running it >> on a live box.... > > Matt, > > If I understand correctly the messages would have been detected as spam > anyhow by MS but after some more processing. > > I think I would like to give it a try. > > Denis > From ssilva at sgvwater.com Mon Feb 12 17:58:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 17:04:35 2007 Subject: {MailScanner: Possible Phishing} {MailScanner: Disarmed Scripts} Re: Not seeing spamcheck report on messages being quaratined/spam In-Reply-To: <787dcac20702111430p5a4f2eadgd02083d6e367a3c0@mail.gmail.com> References: <787dcac20702110937s4da9e9f8p27e76a26c32dbc48@mail.gmail.com> <223f97700702110944h66d92a0bv253568817f58511a@mail.gmail.com> <787dcac20702111015p204d725ta8e01e4c04c78e07@mail.gmail.com> <787dcac20702111020j73c79bd0l6690551e98fedd67@mail.gmail.com> <223f97700702111103w3ff59ec8x62e7d49738b022fb@mail.gmail.com> <787dcac20702111114m3945a7ady7fb0a9876946e95e@mail.gmail.com> <787dcac20702111328n7245f731s9e80eaad1092ff99@mail.gmail.com> <787dcac20702111430p5a4f2eadgd02083d6e367a3c0@mail.gmail.com> Message-ID: BB spake the following on 2/11/2007 2:30 PM: > Could you please explain the reasoning why is deliberate ? > The quarantine represents an untouched original. If you marked up and removed things in the quarantined message, you would not be able to release the original if it were deemed a false positive. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From m.anderlini at database.it Mon Feb 12 18:02:28 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 17:08:30 2007 Subject: Mqueue.in huge In-Reply-To: <45D094C9.3090806@USherbrooke.ca> Message-ID: <200702121702.l1CH2QN0026233@netra.database.it> Ok, let me try this changes. thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: lunedì 12 febbraio 2007 17.25 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > Marcello Anderlini a écrit : > > I beg your pardon but how can set my MTA (I use sendmail) to use > > blacklist and to reject automaticaly email ? > > I found how to disable spamassasin and yes disabling it the queue > > clear, so ? > > Now I'm using again SBL-XBL as you suggested but I did not > notice any > > improvement. > > > > Looking the log of spammassasin -D -t it seems it take a > relative lot > > of time to... > > ================================================================== > > [11306] dbg: locker: safe_lock: created > > /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 > > [11306] dbg: locker: safe_lock: trying to get lock on > > /root/.spamassassin/auto-whitelist with 0 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 1 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 2 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 3 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 4 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 5 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 6 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 7 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 8 retries > > ================================================================== > > Could be this my problem ? Should I turn off this feature > and how this > > would impact spam detection ? > > > Marcello, > > I use the following in my spam.assassin.prefs.conf file: > use_auto_whitelist 0 > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- Messaggio verificato dal servizio antivirus di Database Informatica From ssilva at sgvwater.com Mon Feb 12 18:00:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 17:09:23 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: Res spake the following on 2/11/2007 1:04 PM: > On Sun, 11 Feb 2007, Mike Kercher wrote: > >> Right click the message itself and select Message Options. I find >> Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista >> or Office 2007 so far. > > > The add slogan goes "the wow starts now" > > they're right, "wow, we really gota use another OS, and now" > ..and one don't have to pay several hundreds of dollars for :P > > Just about every list im on many people have bagged it. > I still enjoy an M$ free zone :P > > It might even get the PHB's here interested in a Linux / Openoffice deployment. We'll see...... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From m.anderlini at database.it Mon Feb 12 18:12:50 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Feb 12 17:26:10 2007 Subject: Mqueue.in huge In-Reply-To: <45D094C9.3090806@USherbrooke.ca> Message-ID: <200702121712.l1CHCm1M001418@netra.database.it> I put use_auto_whitelist 0 in my spam.assassin.prefs.conf but not is changed ? I'm still getting spamassassin timeout, what else can I do ? I'm in panic :-( Thanks again Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: lunedì 12 febbraio 2007 17.25 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > Marcello Anderlini a écrit : > > I beg your pardon but how can set my MTA (I use sendmail) to use > > blacklist and to reject automaticaly email ? > > I found how to disable spamassasin and yes disabling it the queue > > clear, so ? > > Now I'm using again SBL-XBL as you suggested but I did not > notice any > > improvement. > > > > Looking the log of spammassasin -D -t it seems it take a > relative lot > > of time to... > > ================================================================== > > [11306] dbg: locker: safe_lock: created > > /root/.spamassassin/auto-whitelist.lock.netra.database.it.11306 > > [11306] dbg: locker: safe_lock: trying to get lock on > > /root/.spamassassin/auto-whitelist with 0 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 1 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 2 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 3 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 4 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 5 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 6 retries [11306] > dbg: locker: > > safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist > > with 7 retries [11306] dbg: locker: safe_lock: trying to > get lock on > > /root/.spamassassin/auto-whitelist with 8 retries > > ================================================================== > > Could be this my problem ? Should I turn off this feature > and how this > > would impact spam detection ? > > > Marcello, > > I use the following in my spam.assassin.prefs.conf file: > use_auto_whitelist 0 > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- Messaggio verificato dal servizio antivirus di Database Informatica From shuttlebox at gmail.com Mon Feb 12 18:30:18 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 12 17:34:35 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. In-Reply-To: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> References: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> Message-ID: <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> On 2/11/07, BB wrote: > > It's messing up my total scores causing spam not to be caught ? You could always reassign the score to any value you like: score BAYES_00 -0.5 Put that in a .cf file in the /etc/mail/spamassassin folder. -- /peter From ssilva at sgvwater.com Mon Feb 12 18:42:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 17:46:37 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> Message-ID: Duncan, Brian M. spake the following on 2/12/2007 8:51 AM: > I sent this out back in December of 06 without any replies. Figured I > would try again now. People were probably out on vacation.. > > > I am seeing in the logs that when a message is determined to be Spam > because of RBL checks it does NOT output the right info > on the log but when it fails because of Spam Assassin analysis of the > message it does print the right info in the logs. > > > I see this on all 3 of my Mailscanner servers in my logs. (I recently > updated to current MailScanner version with same results) > > > Correct log notation: (ONLY occurs when SpamAssassin is involved) > > MailScanner[29410]: Message kBJ96Lbp009914 from 195.22.235.12 > (ikfrjqvpvd@mdl.net ) to kattenlaw.com is > spam, SpamAssassin (not cached, score=19.049, required 6.5, BAYES_99 > 6.00, HTML_40_ > 50 0.50, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 1.10, NO_RDNS2 0.01, > SARE_CSBIG 1.66, SARE_MLB_Stock1 2. > 00, SARE_MLH_Stock1 1.66, SARE_RMML_Stock26 1.12, STCK_SPAM_BODY17 2.00, > STCK_SPAM_BODY21 1.50, STCK_ > SPAM_BODY28 1.50) > > > Incorrect log notation: (message failed RBL) > MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 > (econnors@afr.com.au ) to kattenlaw.com is > dnsbl > > > it should actually read: > MailScanner[29447]: Message kBJ97QAb009965 from 61.116.74.25 > (econnors@afr.com.au ) to kattenlaw.com is > spam, dnsbl > > > Another incorrect log notation: > MailScanner[31970]: Message kBJHT94h004055 from 221.200.186.157 > (cwkomvq@broward.org) to kattenlaw.com is cbl, MAPS-ALL, > zen.spamhaus.org > > > I see this behavior on ALL of my mail servers. > > > Is this only me? > > > All my RBL checks work fine, it is just the notation in the log that is > messed up. > > > Thanks for any info It looks as if it is telling you which list it hit. Do you have anything set in the following? # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as spam and so the "Spam # Actions" will happen, unless the message reaches the levels for "High # Scoring Spam". By default this is set to 1 to mimic the previous # behaviour, which means that appearing in any "Spam Lists" will cause # the message to be treated as spam. # This can also be the filename of a ruleset. Spam Lists To Be Spam = 0 Also look here; # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as "High Scoring Spam" and so # the "High Scoring Spam Actions" will happen. You probably want to set # this to 2 if you are actually using this feature. 5 is high enough that # it will never happen unless you use lots of "Spam Lists". # This can also be the filename of a ruleset. Spam Lists To Reach High Score = 0 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gerard at seibercom.net Mon Feb 12 18:50:16 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 12 17:54:26 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> Message-ID: <20070212124502.4E16.GERARD@seibercom.net> On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. I just tried Vista with the latest MS Office. It ran quite well. Of course, you have to have a system with the nuts to handle it. This was on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of memory. I would never use it on an outdated single core system with 512 memory. Just my 2¢Â¢. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois From brian.duncan at kattenlaw.com Mon Feb 12 18:56:15 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 18:00:39 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> > It looks as if it is telling you which list it hit. > Do you have anything set in the following? > # If a message appears in at least this number of "Spam > Lists" (as defined # above), then the message will be treated > as spam and so the "Spam # Actions" will happen, unless the > message reaches the levels for "High # Scoring Spam". By > default this is set to 1 to mimic the previous # behavior, > which means that appearing in any "Spam Lists" will cause # > the message to be treated as spam. > # This can also be the filename of a ruleset. > Spam Lists To Be Spam = 0 > Thanks for the info, I do understand that. The problem is it's missing text in the maillog. (At least I think it is) Let me show examples, but shorten them to get my point across better: Portion of message in mail log that fails due to SpamAssassin: to kattenlaw.com is spam, SpamAssassin (not cached, score=19.049 Portion of message in mail log that fails due to RBL: to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org Notice that the word spam is missing in the RBL failure message? Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, zen.spamhaus.org I hope that makes it more clear. Thanks, Brian =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From mike at vesol.com Mon Feb 12 19:11:29 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Feb 12 18:20:18 2007 Subject: LookOUT 2007 References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> <20070212124502.4E16.GERARD@seibercom.net> Message-ID: Sorry for top posting...OWA! I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with 4G of RAM and it still drags arse. Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Gerard Seibert Sent: Mon 2/12/2007 11:50 AM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. I just tried Vista with the latest MS Office. It ran quite well. Of course, you have to have a system with the nuts to handle it. This was on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of memory. I would never use it on an outdated single core system with 512 memory. Just my 2?. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Sorry for top posting...OWA! I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with 4G of RAM and it still drags arse. Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Gerard Seibert Sent: Mon 2/12/2007 11:50 AM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > Right click the message itself and select Message Options. I find > Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista > or Office 2007 so far. I just tried Vista with the latest MS Office. It ran quite well. Of course, you have to have a system with the nuts to handle it. This was on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of memory. I would never use it on an outdated single core system with 512 memory. Just my 2?. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Mon Feb 12 19:26:43 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 12 18:31:35 2007 Subject: Mqueue.in huge In-Reply-To: <200702121712.l1CHCm1M001418@netra.database.it> References: <200702121712.l1CHCm1M001418@netra.database.it> Message-ID: <45D0B163.6090603@USherbrooke.ca> Marcello Anderlini a ?crit : > I put use_auto_whitelist 0 in my spam.assassin.prefs.conf but not is changed > ? > I'm still getting spamassassin timeout, what else can I do ? I'm in panic > :-( > > Marcello, I haven't followed this thread from the beginning so: 1. have you restarted MS after the change ? 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf ? 3. after restarting MS, do you get any error/warning messages in your maillog? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070212/7cea1369/smime.bin From Kevin_Miller at ci.juneau.ak.us Mon Feb 12 19:29:58 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Feb 12 18:34:12 2007 Subject: LookOUT 2007 In-Reply-To: Message-ID: Mike Kercher wrote: > Sorry for top posting...OWA! > > I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with > 4G of RAM and it still drags arse. Have you tried Pine? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From mailscanner at yeticomputers.com Mon Feb 12 19:49:34 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 12 18:54:00 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> Message-ID: <45D0B6BE.7020809@yeticomputers.com> Duncan, Brian M. wrote: > Notice that the word spam is missing in the RBL failure message? > > Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, > zen.spamhaus.org > > > > I hope that makes it more clear. > It is my understanding that the "is spam" designation is to distinguish messages that have failed SpamAssassin checks from messages that have failed other checks. If I'm wrong, someone please correct me. Rick From ssilva at sgvwater.com Mon Feb 12 19:46:39 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 18:57:34 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> Message-ID: Duncan, Brian M. spake the following on 2/12/2007 9:56 AM: > > >> It looks as if it is telling you which list it hit. >> Do you have anything set in the following? >> # If a message appears in at least this number of "Spam > >> Lists" (as defined # above), then the message will be treated > >> as spam and so the "Spam # Actions" will happen, unless the > >> message reaches the levels for "High # Scoring Spam". By > >> default this is set to 1 to mimic the previous # behavior, > >> which means that appearing in any "Spam Lists" will cause # > >> the message to be treated as spam. >> # This can also be the filename of a ruleset. >> Spam Lists To Be Spam = 0 >> > > > Thanks for the info, I do understand that. > > > The problem is it's missing text in the maillog. (At least I think it > is) > > Let me show examples, but shorten them to get my point across better: > > Portion of message in mail log that fails due to SpamAssassin: > > to kattenlaw.com is spam, SpamAssassin (not cached, score=19.049 > > Portion of message in mail log that fails due to RBL: > > to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org > > Notice that the word spam is missing in the RBL failure message? > > > Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, > zen.spamhaus.org > > > > I hope that makes it more clear. OK. Have a look at this setting; # If the message sender is on any of the Spam Lists, do you still want # to do the SpamAssassin checks? Setting this to "no" will reduce the load # on your server, but will stop the High Scoring Spam Actions from ever # happening. # This can also be the filename of a ruleset. Check SpamAssassin If On Spam List = yes -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brian.duncan at kattenlaw.com Mon Feb 12 20:07:08 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 19:11:35 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> > > I hope that makes it more clear. > OK. Have a look at this setting; > # If the message sender is on any of the Spam Lists, do you > still want # to do the SpamAssassin checks? Setting this to > "no" will reduce the load # on your server, but will stop the > High Scoring Spam Actions from ever # happening. > # This can also be the filename of a ruleset. > Check SpamAssassin If On Spam List = yes Thanks, I understand the directives and what they accomplish. (I thought I did at least) Isn't the log notation missing something still though? My log for RBL'ed messages says: to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org It looks like something needs to come after the "is" other then the RBL services that were hit. Something like, is high scoring Spam, cbl, MAPS-ALL, zen.spamhaus.org or is RBL'ed, cbl, MAPS-ALL, zen.spamhaus.org. Etc.. I was really only asking about this because I wanted to know if others had the same type of notation in their logs. Since it's cosmetic, and does not effect my servers I am not that worried about it. Thanks =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From brian.duncan at kattenlaw.com Mon Feb 12 20:11:28 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 19:16:02 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> <45D0B6BE.7020809@yeticomputers.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CE1@CHI-US-EXCH-01.us.kmz.com> OK I can understand that if it was meant to be that way. For RBL it should then be something like: to kattenlaw.com is spam(RBL), cbl, MAPS-ALL, zen.spamhaus.org Otherwise grammatically it does not make sense. I really just brought this up to see if this was only happening to me. Thanks > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rick Chadderdon > Sent: Monday, February 12, 2007 12:50 PM > To: MailScanner discussion > Subject: Re: Do others see this effect in their maillogs? > > Duncan, Brian M. wrote: > > Notice that the word spam is missing in the RBL failure message? > > > > Should it not read: to kattenlaw.com is spam, cbl, MAPS-ALL, > > zen.spamhaus.org > > > > > > > > I hope that makes it more clear. > > > It is my understanding that the "is spam" designation is to > distinguish messages that have failed SpamAssassin checks > from messages that have failed other checks. If I'm wrong, > someone please correct me. > > Rick > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From mkettler at evi-inc.com Mon Feb 12 20:19:49 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 12 19:24:37 2007 Subject: DNS White List, is a good thing? In-Reply-To: References: Message-ID: <45D0BDD5.6010803@evi-inc.com> Budi Febrianto wrote: > I just heard about dns white list (DNSWL), the purpose is to decrease the > false positive detection. > There is some hack for sendmail to use it. > Spamassassin also can use it by giving a very low score when listed in > dnswl. > Anybody using it? And what dnswl server to be use? By default SpamAssassin uses bondedsender, and habeas SOI/COI dnswls. (note Habeas SWE is dead, and the above habeas DNSWLs have nothing to do with the old haiku-in-the-headers method that Habeas no longer supports.) From mailscanner at yeticomputers.com Mon Feb 12 20:45:26 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 12 19:49:58 2007 Subject: Do others see this effect in their maillogs? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> Message-ID: <45D0C3D6.3090605@yeticomputers.com> Duncan, Brian M. wrote: > Thanks, > > I understand the directives and what they accomplish. (I thought I did > at least) > > Isn't the log notation missing something still though? > > My log for RBL'ed messages says: > > to kattenlaw.com is cbl, MAPS-ALL, zen.spamhaus.org > > It looks like something needs to come after the "is" other then the RBL > services that were hit. > > Something like, is high scoring Spam, cbl, MAPS-ALL, zen.spamhaus.org or > is RBL'ed, cbl, MAPS-ALL, zen.spamhaus.org. Etc.. > > > I was really only asking about this because I wanted to know if others > had the same type of notation in their logs. Since it's cosmetic, and > does not effect my servers I am not that worried about it. Yes, this is how things are noted in my logs as well. I understand where you're coming from, but since logs are almost never grammatically correct, I've never really considered it a problem. In fact, I'd rather a log file give me information as concisely as possible, as long as the information is complete enough to derive the missing info. Grammatically correct is usually not concise. I prefer to reject from RBLs at the MTA, and my particular business model allows me to make this decision for my customers - so I don't use RBL checks in MailScanner. Still, if I did, I would not need my logs to preface every entry with "is spam" when rejecting/marking/quarantining a message, nor, if space was at a premium, would I want them to. Spam is stuff that SpamAssassin scored, cbl is cbl, etc. I already *know* it's all "spam". I suppose that if it were done the way you suggest, it might make it easier to grep your logfile for a count of "is spam" lines and get a quick total of all of your spam. Hmmm... Well, it's not something I need, but I can see why it would bother someone. :) Rick From brian.duncan at kattenlaw.com Mon Feb 12 20:57:37 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Mon Feb 12 20:01:56 2007 Subject: Do others see this effect in their maillogs? References: <65234743FE1555428435CE39E6AC4078B38C13@CHI-US-EXCH-01.us.kmz.com><65234743FE1555428435CE39E6AC4078B38CDC@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CDE@CHI-US-EXCH-01.us.kmz.com> <65234743FE1555428435CE39E6AC4078B38CE0@CHI-US-EXCH-01.us.kmz.com> <45D0C3D6.3090605@yeticomputers.com> Message-ID: <65234743FE1555428435CE39E6AC4078B38CE3@CHI-US-EXCH-01.us.kmz.com> > I suppose that if it were done the way you suggest, it might > make it easier to grep your logfile for a count of "is spam" > lines and get a quick total of all of your spam. Hmmm... > Well, it's not something I need, but I can see why it would > bother someone. :) That was exactly how I even noticed it :) Someone asked for a quick count on RBL Vs Spam content. I can live with it, I just wanted to make sure it was not JUST me and bring it to the MailScanner developers attention. So thanks for confirming that for me. I also think it was fine several versions ago. (year or so ago) I have no old logs to reference though to verify that. Thanks =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From am.lists at gmail.com Mon Feb 12 22:31:17 2007 From: am.lists at gmail.com (am.lists) Date: Mon Feb 12 21:35:38 2007 Subject: "not cached, timed out" in spam that scored 0. Message-ID: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> I was browsing my mailwatch "recent 50" messages and spotted a 0.00 score message that I could tell right away was junk spam. It was 39k in size and was routed from RR residential, and direct from a cable modem. Obvious botnet picture spam... But looking at the header, for the spam report, it simply said: not cached timed out --- Then I started looking deeper, and for today, I found this: [root@mailgw log]# grep "timed out" maillog Feb 12 13:07:46 mailgw MailScanner[1006]: SpamAssassin timed out and was killed, failure 1 of 10 Feb 12 14:44:04 mailgw MailScanner[15377]: SpamAssassin timed out and was killed, failure 1 of 10 Feb 12 14:47:40 mailgw MailScanner[2613]: SpamAssassin timed out and was killed, failure 1 of 10 Only three lines out of 160K lines of maillog for the day so far. Where would I look for this timeout setting? If I'm only getting stuck three times a day on this, I'd like to be a little more forgiving if possible. Thanks, Angelo From ljosnet at gmail.com Mon Feb 12 22:37:09 2007 From: ljosnet at gmail.com (emm1) Date: Mon Feb 12 21:41:25 2007 Subject: OT: Hiring In-Reply-To: <45D09C25.6090307@nkpanama.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> Message-ID: <910ee2ac0702121337k43da7d2fsdf232ff1c0cffc2d@mail.gmail.com> Service provided by FSL is a joke. We've had nothing but problems with this DefenderMX, it was poorly setup, they didn't optimize the server to it's fullest and now we noticed that when they installed it in december they used a DEMO licence which expired today and no reply from them yet to fix this. On 2/12/07, Alex Neuman van der Hans wrote: > Could you describe the needs/wants you would have from this staffer? > What would they(me?) need to accomplish? > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > We need to hire some additional part time staff who can help with > > support for MailScanner, MailScanner related applications, MTAs and our > > DefenderMX application. We will train you on DefenderMX. > > > > Salary is commensurate with qualifications and location anywhere is the > > world is just fine, you just need a high speed Internet link. Hour are > > flexible and the working environment is great J. Reasonable English > > skill is required and an additional language would be useful but not > > necessary. > > > > Please send you qualifications and desired compensation level directly > > to hiring@fsl.com > > > > Thanks > > > > - -- > > Steve Swaney > > President > > Fort Systems Ltd. > > steve@fsl.com > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.5.3 (Build 5003) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > > 7sxp1o/rT/ptelv7aiTtLfs= > > =D4j/ > > -----END PGP SIGNATURE----- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mike at vesol.com Mon Feb 12 22:36:35 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Feb 12 21:44:14 2007 Subject: LookOUT 2007 In-Reply-To: References: Message-ID: : -----Original Message----- : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- : bounces@lists.mailscanner.info] On Behalf Of Kevin Miller : Sent: Monday, February 12, 2007 12:30 PM : To: MailScanner discussion : Subject: RE: LookOUT 2007 : : Mike Kercher wrote: : > Sorry for top posting...OWA! : > : > I'm running Outlook 2007 on a dual Xeon 3.06Ghz (not HT either) with : > 4G of RAM and it still drags arse. : : Have you tried Pine? : : I have NOT tried Pine to connect to Exchange ;) Mike From ssilva at sgvwater.com Mon Feb 12 22:50:39 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 21:56:13 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> Message-ID: am.lists spake the following on 2/12/2007 1:31 PM: > I was browsing my mailwatch "recent 50" messages and spotted a 0.00 > score message that I could tell right away was junk spam. > > It was 39k in size and was routed from RR residential, and direct from > a cable modem. > > Obvious botnet picture spam... > > But looking at the header, for the spam report, it simply said: > > not cached > timed out > > --- > > Then I started looking deeper, and for today, I found this: > > [root@mailgw log]# grep "timed out" maillog > Feb 12 13:07:46 mailgw MailScanner[1006]: SpamAssassin timed out and > was killed, failure 1 of 10 > Feb 12 14:44:04 mailgw MailScanner[15377]: SpamAssassin timed out and > was killed, failure 1 of 10 > Feb 12 14:47:40 mailgw MailScanner[2613]: SpamAssassin timed out and > was killed, failure 1 of 10 > > > Only three lines out of 160K lines of maillog for the day so far. > > Where would I look for this timeout setting? If I'm only getting stuck > three times a day on this, I'd like to be a little more forgiving if > possible. > > Thanks, > Angelo You can increase the spamassasin timeout in mailscanner.conf, since you aren't getting hit a lot in a day. More timeouts are usually an indication of resolver problems or bayes rebuild attempts. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Mon Feb 12 22:56:26 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Feb 12 22:00:43 2007 Subject: OT: Hiring In-Reply-To: <910ee2ac0702121337k43da7d2fsdf232ff1c0cffc2d@mail.gmail.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> <910ee2ac0702121337k43da7d2fsdf232ff1c0cffc2d@mail.gmail.com> Message-ID: <006a01c74ef0$a4b71d10$ee255730$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of emm1 > Sent: Monday, February 12, 2007 4:37 PM > To: MailScanner discussion > Subject: Re: OT: Hiring > > Service provided by FSL is a joke. We've had nothing but problems with > this DefenderMX, it was poorly setup, they didn't optimize the server > to it's fullest and now we noticed that when they installed it in > december they used a DEMO licence which expired today and no reply > from them yet to fix this. > Please email directly to support@fsl.com and let us know which system this is. Also please send the RT ticket tracking number so we can see where out where support went wrong. I'd like to find out what happened. I have not seen a request for this in the RT system but I may have missed it. There are no support requests from ljosnet@gmail.com We do try to provide the best support available but obviously something went wrong. My sincere apologies, Steve Steve Swaney steve@fsl.com From res at ausics.net Mon Feb 12 22:56:24 2007 From: res at ausics.net (Res) Date: Mon Feb 12 22:00:48 2007 Subject: LookOUT 2007 In-Reply-To: <20070212124502.4E16.GERARD@seibercom.net> References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> <20070212124502.4E16.GERARD@seibercom.net> Message-ID: On Mon, 12 Feb 2007, Gerard Seibert wrote: > On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: > >> Right click the message itself and select Message Options. I find >> Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista >> or Office 2007 so far. > > I just tried Vista with the latest MS Office. It ran quite well. Of > course, you have to have a system with the nuts to handle it. This was > on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of > memory. I would never use it on an outdated single core system with 512 > memory. > Yeah, and what will be the requirment in the next version on winblows, a supercomputer, and thats just for basics :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From am.lists at gmail.com Mon Feb 12 22:59:10 2007 From: am.lists at gmail.com (am.lists) Date: Mon Feb 12 22:03:28 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> Message-ID: <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> Scott: I felt the same way -- only seeing 3 timeouts, its probably ok to bump up the timeout, but wasn't sure where the setting was. If I had seen a bunch of timeouts, I'd be investigating what was causing the individual timeouts. I found the setting in /etc/MailScanner/mailscanner.conf... It was 75, I bumped it to 90. FWIW, I did the lint test of SA through MailWatch GUI to see if there were any apparent issues, the elapsed time on that comes in at 5.97865sec. Having nothing to compare that to, is that good, bad, horrible, etc? Angelo From res at ausics.net Mon Feb 12 23:05:33 2007 From: res at ausics.net (Res) Date: Mon Feb 12 22:10:07 2007 Subject: Mqueue.in huge In-Reply-To: <200702121554.l1CFstxS028730@netra.database.it> References: <200702121554.l1CFstxS028730@netra.database.it> Message-ID: Hi, On Mon, 12 Feb 2007, Marcello Anderlini wrote: > I beg your pardon but how can set my MTA (I use sendmail) to use blacklist > and to reject automaticaly email ? Add this to your sendmail.mc file in sendmail-source/cf/cf The 'FEATURE' to 'dnl' is all on one line FEATURE(`blacklist_recipients')dnl # <--- this should be already there FEATURE(`enhdnsbl', `zen.spamhaus.org', `"553 rejected - see http://www.spamhaus.org/query/bl?ip="$&{client_addr}', `')dnl FEATURE(`enhdnsbl', `bl.spamcop.net', `"553 rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}', `')dnl FEATURE(`enhdnsbl',`dnsbl.sorbs.net',`"553 rejected - " $&{client_addr} " found in dnsbl.sorbs.net"', `')dnl FEATURE(`enhdnsbl', `combined.njabl.org', `"553 rejected - see http://njabl.org/lookup?"$&{client_addr}', `')dnl Then ./Build install-cf and restart sendmail > And also how can I turn off spamassin in Mailscanner.conf ? Use SpamAssassin = yes to Use SpamAssassin = no then killall -HUP MailScanner -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From gerard at seibercom.net Mon Feb 12 23:11:27 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 12 22:15:39 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net> Message-ID: <20070212170051.722F.GERARD@seibercom.net> On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > Yeah, and what will be the requirment in the next version on winblows, > a supercomputer, and thats just for basics :P Are you suggesting that we all go back to using 8086 based PC's? Seriously, Every few years I buy another PC. I then add the older one to my network; however, that is another story. I was just waiting for the new Vista to be released before I purchased a new PC. that way I can get both at the same time. If it weren't for MicroSoft virtually forcing hardware developers to improve their offerings, we would probably still be stuck with 386's and 12mb. of memory. Somebody has got to push the envelope, and MicroSoft is the only OS doing it. Besides, if I remember correctly, my first PC was an 8086 that cost approximately $2000. with everything. My last was a Dell 4550, 3.1 GHZ HT, 1024 memory and 120Gig HD. It cost just $1950. Considering that my pay scale is higher now than it was in 1983, I consider that a 'good deal'. Anyway, what ever floats you boat! -- Gerard The greatest trick the devil ever played was convincing the world he didn't exist. From ssilva at sgvwater.com Mon Feb 12 23:12:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 12 22:17:46 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> Message-ID: am.lists spake the following on 2/12/2007 1:59 PM: > Scott: > > I felt the same way -- only seeing 3 timeouts, its probably ok to bump > up the timeout, but wasn't sure where the setting was. If I had seen a > bunch of timeouts, I'd be investigating what was causing the > individual timeouts. > > I found the setting in /etc/MailScanner/mailscanner.conf... > > It was 75, I bumped it to 90. > > FWIW, I did the lint test of SA through MailWatch GUI to see if there > were any apparent issues, the elapsed time on that comes in at > 5.97865sec. Having nothing to compare that to, is that good, bad, > horrible, etc? > > Angelo Not too bad. You probably are just getting an occasional timeout on an rbl list. I think I went to 90 seconds a while back also. I got about 3.33 sec. on a lint test, but since spamassassin 3.17 doesn't do network tests anymore, that is just your servers response time. You need some actual messages to get network times. spamassassin -D References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> Message-ID: On Mon, 12 Feb 2007, Gerard Seibert wrote: > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > >> Yeah, and what will be the requirment in the next version on winblows, >> a supercomputer, and thats just for basics :P > > Are you suggesting that we all go back to using 8086 based PC's? no im talking about like the big muthars in Sandiego SCC :) > Seriously, Every few years I buy another PC. I then add the older one Whats the point? many people, especially businesses dont want to do that you are the type of person Bill Gates has aimed at vista then, he;ll be happy :) > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what a load of rot. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From dnsadmin at 1bigthink.com Mon Feb 12 23:23:24 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Feb 12 22:27:54 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608800@atlas.athensdistributing.com> <20070212124502.4E16.GERARD@seibercom.net> Message-ID: <7.0.1.0.0.20070212172056.091d1340@1bigthink.com> At 04:56 PM 2/12/2007, you wrote: >On Mon, 12 Feb 2007, Gerard Seibert wrote: > >>On Sunday February 11, 2007 at 03:20:04 (PM) Mike Kercher wrote: >> >>>Right click the message itself and select Message Options. I find >>>Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista >>>or Office 2007 so far. >> >>I just tried Vista with the latest MS Office. It ran quite well. Of >>course, you have to have a system with the nuts to handle it. This was >>on a Dell with an Intel dual-core (3.8 Ghz I believe) system. Tons of >>memory. I would never use it on an outdated single core system with 512 >>memory. > >Yeah, and what will be the requirment in the next version on winblows, >a supercomputer, and thats just for basics :P > Quad processor, 4 GB ram, 2GB will be used upon successful bootup. In order to have the cool graphics as MacOS XII, you will need an SLI-2x4 4 - GPU video card that costs twice as much as the motherboard and processor chip. ;)D From chandler.lists at chapman.edu Mon Feb 12 23:31:45 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Mon Feb 12 22:36:01 2007 Subject: [OT] LookOUT 2007 In-Reply-To: <20070212170051.722F.GERARD@seibercom.net> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> Message-ID: <45D0EAD1.1000604@chapman.edu> Gerard Seibert wrote: > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > > >> Yeah, and what will be the requirment in the next version on winblows, >> a supercomputer, and thats just for basics :P >> > > Are you suggesting that we all go back to using 8086 based PC's? > No. I'm suggesting that a modern OS shouldn't need three quarters of your hardware resources just to BOOT. > Seriously, Every few years I buy another PC. I then add the older one > to my network; however, that is another story. I was just waiting for > the new Vista to be released before I purchased a new PC. that way I can > get both at the same time. > I used Vista for a week on a laptop that was purchased within the last six months and branded as "Vista Ready!" It ran like crap, the driver support for the touchpad was abysmal, and it lived in virtual memory. I'll run XP until I can't anymore. After that, FreeBSD on the desktop is looking more and more attractive. > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and > MicroSoft is the only OS doing it. Are you seriously suggesting that their inefficient coding style is a GOOD thing? Try benchmarking any machine running Vista to the same hardware platform on ANY OTHER OS you can think of. I'd bet quite a bit that Vista comes out the loser each time. "Pushing the envelope" doesn't equate to "coding for crap" in my world. > Besides, if I remember correctly, my first PC was an 8086 that cost approximately $2000. with everything. My last was a Dell 4550, 3.1 GHZ HT, 1024 memory and 120Gig HD. It cost > just $1950. Considering that my pay scale is higher now than it was in > 1983, I consider that a 'good deal'. > > Back then, computers were specialty items-- now, they're commodities. Let's not skirt the issue too much... > Anyway, what ever floats you boat! Agreed, but MAN, Vista is crap. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Dyslexics retyping hosts file on servers From gerard at seibercom.net Mon Feb 12 23:40:50 2007 From: gerard at seibercom.net (Gerard) Date: Mon Feb 12 22:45:00 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212170051.722F.GERARD@seibercom.net> Message-ID: <20070212174038.7234.GERARD@seibercom.net> On Monday February 12, 2007 at 05:16:12 (PM) Res wrote: > On Mon, 12 Feb 2007, Gerard Seibert wrote: > > > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > > > >> Yeah, and what will be the requirment in the next version on winblows, > >> a supercomputer, and thats just for basics :P > > > > Are you suggesting that we all go back to using 8086 based PC's? > > no im talking about like the big muthars in Sandiego SCC :) I have no idea what yu are referring to > > > Seriously, Every few years I buy another PC. I then add the older one > > Whats the point? many people, especially businesses dont want to do that > > you are the type of person Bill Gates has aimed at vista then, he;ll be > happy :) Actually, quite a few people. Especially those who want to use their PC as a virtual entertainment units. Besides, if an individual is going to invest in a new PC, they might as well get the latest OS available. You might want to reinvestigate that 'business' remark. I use to work for a consulting firm that routinely replaced PC's for business as soon as the the depreciation value was reached. Once you reach the tax write off point, there is not a lot of point in keeping an obsolete unit. > > > If it weren't for MicroSoft virtually forcing hardware developers to > > improve their offerings, we would probably still be stuck with 386's > > and 12mb. of memory. Somebody has got to push the envelope, and > > Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what > a load of rot. Again, I do not comprehend what you are trying to convey. By the way, are you an adult or a child? -- Gerard From gerard at seibercom.net Mon Feb 12 23:58:01 2007 From: gerard at seibercom.net (Gerard) Date: Mon Feb 12 23:02:14 2007 Subject: [OT] LookOUT 2007 In-Reply-To: <45D0EAD1.1000604@chapman.edu> References: <20070212170051.722F.GERARD@seibercom.net> <45D0EAD1.1000604@chapman.edu> Message-ID: <20070212175751.7238.GERARD@seibercom.net> On Monday February 12, 2007 at 05:31:45 (PM) Jay Chandler wrote: > Gerard Seibert wrote: > > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > > > > > >> Yeah, and what will be the requirment in the next version on winblows, > >> a supercomputer, and thats just for basics :P > >> > > > > Are you suggesting that we all go back to using 8086 based PC's? > > > No. I'm suggesting that a modern OS shouldn't need three quarters of > your hardware resources just to BOOT. > > > Seriously, Every few years I buy another PC. I then add the older one > > to my network; however, that is another story. I was just waiting for > > the new Vista to be released before I purchased a new PC. that way I can > > get both at the same time. > > > I used Vista for a week on a laptop that was purchased within the last > six months and branded as "Vista Ready!" It ran like crap, the driver > support for the touchpad was abysmal, and it lived in virtual memory. > I'll run XP until I can't anymore. After that, FreeBSD on the desktop > is looking more and more attractive. It might have been nice if you had included the system specs. Anyway, I have never been impressed with the performance of any laptop with any OS installed. I consider them toys, although I have been forced to use them occasionally. The size of my fingers make the use of 'touch pads' virtually unfathomable. I use FreeBSD on two of my machines. One is a mail server, the other a dedicated work station. I love the OS; however, try and get 'Flash', Java, etc all working and you are in for a workout. The FBSD forum is filled with individuals who cannot get drivers for hardware to either work, or just find one that is available. Most cutting edge hardware just does not work on FBSD or other *.nix systems. It is just the nature of the beast. > > > If it weren't for MicroSoft virtually forcing hardware developers to > > improve their offerings, we would probably still be stuck with 386's > > and 12mb. of memory. Somebody has got to push the envelope, and > > MicroSoft is the only OS doing it. > Are you seriously suggesting that their inefficient coding style is a > GOOD thing? Try benchmarking any machine running Vista to the same > hardware platform on ANY OTHER OS you can think of. I'd bet quite a bit > that Vista comes out the loser each time. "Pushing the envelope" > doesn't equate to "coding for crap" in my world. Define 'inefficient coding style'. I have seen code from FBSD and Linux that looks like it was written by a child. Wait, it probably was written by one. > > > Besides, if I remember correctly, my first PC was an 8086 that cost approximately $2000. with everything. My last was a Dell 4550, 3.1 GHZ HT, 1024 memory and 120Gig HD. It cost > > just $1950. Considering that my pay scale is higher now than it was in > > 1983, I consider that a 'good deal'. > > > > > Back then, computers were specialty items-- now, they're commodities. > Let's not skirt the issue too much... > > Anyway, what ever floats you boat! > Agreed, but MAN, Vista is crap. -- Gerard From mailscanner at yeticomputers.com Tue Feb 13 00:00:05 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 12 23:04:28 2007 Subject: LookOUT 2007 In-Reply-To: <20070212170051.722F.GERARD@seibercom.net> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> Message-ID: <45D0F175.2050808@yeticomputers.com> Gerard Seibert wrote: > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and > MicroSoft is the only OS doing it. I agree with your overall sentiment that we shouldn't allow our computers to stagnate, but my experience with my own clients is that people don't upgrade their hardware for new OSes or new application software. I've had very, very few clients ask me what kind of new computer they'll need in order to move up to the next version of Windows, or the newest version of Office. In fact, nearly all of my customers want to *avoid* upgrading either their OS or their application software for as long as possible. No, I do upgrade consults for *gamers*. (Or their parents... "Tommy tried to install this game, but it wouldn't run. What do we need to do?") This was somewhat true even in the old days... I upgraded a lot of Windows 3.1 users to Windows 95 because of new "Windows 95 only" games. I will freely admit that I didn't take x86 PCs seriously until Windows 95, though. I don't object to Microsoft taking advantage of the power of newer machines, but I do find it rather annoying in the case of Vista that the *requirements* for the OS are so high. I've seen nothing in Vista that justifies using so much machine for just the OS. I do need to run a Vista box so that I can be familiar with the thing when my clients call with questions about it. Currently I'm running Vista Ultimate on a Core 2 Extreme X6800 with 2G of very nice RAM and an X1950XTX graphics card. I have a very fast array of 3G SATA drives, and Vista does look pretty and it's quite snappy. But... The same box feels faster with XP SP2. And, to stay on topic, Outlook 2007 runs quite poorly on this box. Well, for what I do. My current IMAP archive of this list begins in August 2005. The IMAP archive for my primary address holds all of my mail since 1998. That's a lot of mail, in case you're wondering. The SPAM folder alone contains more than 114,000 messages (I keep them for sentimental reasons... :) ), and there are probably 150 folders of sorted (and unsorted) mail. I added only those 2 accounts to Outlook for testing purposes, and synchronized them via a LAN connection. Outlook feels a *lot* slower than Thunderbird with those same (and seven other) accounts active and synchronized (on the same machine). Actually, Thunderbird on my office machine, running Gentoo Linux with far less power (2.4G P4, 1.5G RAM, decent SATA hard drives) feels faster than Outlook 2007 does on the more powerful machine, again with the same accounts and more. I recognize that Outlook 2007 is more than just an email client, but *as* an email client, it stinks. And, in my opinion, one would be better suited to run (gasp) separate apps for each of the things Outlook does rather than use that bloated, slow application and compromise on *everything* it does. Rick From gerard at seibercom.net Tue Feb 13 00:08:49 2007 From: gerard at seibercom.net (Gerard) Date: Mon Feb 12 23:13:00 2007 Subject: LookOUT 2007 In-Reply-To: <45D0F175.2050808@yeticomputers.com> References: <20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> Message-ID: <20070212180839.8A11.GERARD@seibercom.net> On Monday February 12, 2007 at 06:00:05 (PM) Rick Chadderdon wrote: > And, to stay on topic, Outlook 2007 runs quite poorly on this box. > Well, for what I do. > > My current IMAP archive of this list begins in August 2005. The IMAP > archive for my primary address holds all of my mail since 1998. That's > a lot of mail, in case you're wondering. The SPAM folder alone contains > more than 114,000 messages (I keep them for sentimental reasons... :) ), > and there are probably 150 folders of sorted (and unsorted) mail. I > added only those 2 accounts to Outlook for testing purposes, and > synchronized them via a LAN connection. Outlook feels a *lot* slower > than Thunderbird with those same (and seven other) accounts active and > synchronized (on the same machine). Actually, Thunderbird on my office > machine, running Gentoo Linux with far less power (2.4G P4, 1.5G RAM, > decent SATA hard drives) feels faster than Outlook 2007 does on the more > powerful machine, again with the same accounts and more. > > I recognize that Outlook 2007 is more than just an email client, but > *as* an email client, it stinks. And, in my opinion, one would be > better suited to run (gasp) separate apps for each of the things Outlook > does rather than use that bloated, slow application and compromise on > *everything* it does. That is quite a large number of messages indeed. I agree, I use Becky Internet Mail on my Win boxes and KMail on the FreeBSD ones. I have never had any real problem with OutLook. I just don't need all it offers. However, MS Office is another story. It is still the finest single office product that I have used, and I have tried dozens of them. It appears to work fine under Vista, although I have not given it a through workout yet. Heck, I haven't even purchased my new unit yet. I want to wait until after 4/15 to do that. -- Gerard The greatest trick the devil ever played was convincing the world he didn't exist. From am.lists at gmail.com Tue Feb 13 00:58:00 2007 From: am.lists at gmail.com (am.lists) Date: Tue Feb 13 00:02:18 2007 Subject: LookOUT 2007 In-Reply-To: <20070212180839.8A11.GERARD@seibercom.net> References: <20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> <20070212180839.8A11.GERARD@seibercom.net> Message-ID: <25a66d840702121558y625df1cek9ee50a5883996acd@mail.gmail.com> Not pointed at any particular quote or comment, but in general, I've heard some very intelligent people relay something like the following when asked about why M$ products are so bloated and buggy: Microsoft can't expect everyone to write the most efficient and perfect code. The talent is just too hard to find and the timelines are too tight, but if they can provide decent [GUI] IDEs to enough decent code developers, the hardware performance will cover up for the lack of good solid code. Granted, that's a "hearsay" paragraph of something I totally disagree with, but it's more than likely the reality in which we live. From sandrews at andrewscompanies.com Tue Feb 13 02:26:04 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Feb 13 01:30:27 2007 Subject: LookOUT 2007 References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> Message-ID: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Not a load of rot. Linus didn't go playing around until 1991. At that point, it was pretty much Microsoft and OS2; and they were both pushing intel on the hardware side. Both of them were dog slow compared to DOS and at that time, everyone thought it just fine if all you did was connect to a netware box. During that time, AS400s were thought to be the next big thing because they weren't the big cost of S390s. Hell, I had a 9401 series at home during that period. It was insanely expensive, but all good RPG programmers had them, so what the heck. If it weren't for MS and OS2 pushing Intel to develop faster microprocessors, the whole thing could have been lost to 390s and minis connected to dumb terminals. The agruement that Unix in it's non-linux form existed before that time is accurate; however, it was a huge cost and few trusted it on x86 hardware at the time; oh yeah, and let's not forget that the 390s and the AS400s beat the crap out of it in raw performance AND the cost per transaction related to that performance. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Monday, February 12, 2007 5:16 PM To: MailScanner discussion Subject: Re: LookOUT 2007 On Mon, 12 Feb 2007, Gerard Seibert wrote: > On Monday February 12, 2007 at 04:56:24 (PM) Res wrote: > >> Yeah, and what will be the requirment in the next version on >> winblows, a supercomputer, and thats just for basics :P > > Are you suggesting that we all go back to using 8086 based PC's? no im talking about like the big muthars in Sandiego SCC :) > Seriously, Every few years I buy another PC. I then add the older one Whats the point? many people, especially businesses dont want to do that you are the type of person Bill Gates has aimed at vista then, he;ll be happy :) > If it weren't for MicroSoft virtually forcing hardware developers to > improve their offerings, we would probably still be stuck with 386's > and 12mb. of memory. Somebody has got to push the envelope, and Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what a load of rot. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at yeticomputers.com Tue Feb 13 05:19:32 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Tue Feb 13 04:23:56 2007 Subject: LookOUT 2007 In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: <45D13C54.70708@yeticomputers.com> sandrews@andrewscompanies.com wrote: > If it weren't for MS and OS2 pushing Intel to develop faster > microprocessors, the whole thing could have been lost to 390s and minis > connected to dumb terminals. > This argument relies on the assumption that if the x86 PC clones hadn't taken off none of the competing technologies of the time would have adapted. "What if" scenarios aside, that's a bit much for me to swallow. Hell, the Macintosh is still around *in spite* of the competition. I doubt very much that if a PC clone market had failed to develop that the competition would have quietly died. (I'd love to explore a few possible outcomes, but for the purposes of this discussion such speculation would be pointless.) Anyway, what point are we trying to make here? I think all Res was trying to say was that even without Microsoft, technology would have progressed to the point of those "huge servers". I tend to agree. While it is undebatable that MS contributed mightily to the current state of home (and other non-mainframe) computing, it is quite unreasonable to assume that without them technology would have stood still or that small computers based on x86, 680x0 or other alternative technologies would not have become just as popular with other OSes in their stead. > The agruement that Unix in it's non-linux form existed before that time > is accurate; however, it was a huge cost and few trusted it on x86 > hardware at the time; oh yeah, and let's not forget that the 390s and > the AS400s beat the crap out of it in raw performance AND the cost per > transaction related to that performance. > In 1993 I was considering starting an ISP based on home-made x86 equipment and SCO Unix. I was a bit late with the idea, however, and the market in my area became saturated before I'd secured enough funding to get under way. The Unix/x86 solution came in at a tiny fraction of the cost of any of the mainframe solutions I evaluated, and I didn't really care about: A. Raw performance far in excess of what I needed, or B. The cost per transaction related to performance I didn't need. Microsoft did not have a competitive server solution at the time which would have been suitable (in my opinion), better tested (NT4 was brand new at the time) or less expensive for the same feature set. If you're trying to make the point that Microsoft provided the only x86 alternative of the day, or even the best one for businesses, or was responsible in some way for inexpensive servers, I have to disagree. In fact, at the time I saw almost no *servers* running a Microsoft operating system. Again, while it's clear that Microsoft's contributions are a large part of where we are now, it's impossible to say where we'd be if MS had not existed, and I certainly don't see MS as having made a huge impact on the existence of inexpensive x86 servers. In the early-to-mid nineties, when x86 servers started appearing, very few of those that I encountered had a Microsoft OS on them. Rick From mailscanner at yeticomputers.com Tue Feb 13 05:40:28 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Tue Feb 13 04:44:51 2007 Subject: LookOUT 2007 In-Reply-To: <20070212180839.8A11.GERARD@seibercom.net> References: <20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> <20070212180839.8A11.GERARD@seibercom.net> Message-ID: <45D1413C.2060703@yeticomputers.com> Gerard wrote: > However, MS Office is another story. It is still the finest single > office product that I have used, and I have tried dozens of them. > I'm not a fan of the Office suite of programs, but as Gerard already said, "Whatever floats your boat." I would, however, like to see *everyone* use an open standard for office documents. I don't think that holding communication hostage in order to ensure the proliferation of your own software is ethical. Sell your software because of things like feature set, performance and reliability, not based on the fact that businesses need to exchange documents, and as long as you have the dominant format you can secure your market position. Rick From res at ausics.net Tue Feb 13 05:54:56 2007 From: res at ausics.net (Res) Date: Tue Feb 13 04:59:30 2007 Subject: LookOUT 2007 In-Reply-To: <20070212174038.7234.GERARD@seibercom.net> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> Message-ID: On Mon, 12 Feb 2007, Gerard wrote: >> no im talking about like the big muthars in Sandiego SCC :) > > I have no idea what yu are referring to Might have guessed with your original comment, much like the rest of your comments. > Actually, quite a few people. Especially those who want to use their PC > as a virtual entertainment units. Besides, if an individual is going to > invest in a new PC, they might as well get the latest OS available. True, this is why we install Fedora 6 on desktops, and slackware on servers. > You might want to reinvestigate that 'business' remark. I use to work > for a consulting firm that routinely replaced PC's for business as soon Maybe "used to work" is the operative word. > as the the depreciation value was reached. Once you reach the tax write > off point, there is not a lot of point in keeping an obsolete unit. So I should replace my ford, even though theres nothing wrong with it, its in mint condition, but its 6 years old this year, so we should go buy me another one? *sigh* >> Oh, so micro$oft are responsible for the huge servers in my DC ? LOL what >> a load of rot. > Again, I do not comprehend what you are trying to convey. By the way, are I thought as much. > you an adult or a child? I think you are on the wrong list, open your lookout program and select news server, I'm sure you have lot of your kind on the microflop groups You remind me of the guy who came and wanted to do some work, a 25yo all hyped up with his M$ certs, and when I told him they meant nothing to me he almost went white as a ghost in disbelief, I also added and I quote "Hell will freeze over before that shit is used in my company" I really thought he _was_ going to faint :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From deanm at ispone.com.au Tue Feb 13 06:02:49 2007 From: deanm at ispone.com.au (Dean Manners) Date: Tue Feb 13 05:08:12 2007 Subject: Attachment-Warning variables with inline warnings In-Reply-To: Message-ID: <200702130503.l1D53otq000454@relay01.ispone.net.au> Kai, apologies for the html. Yes, changed both inline.warning.txt and inline.warning.html. Seems that $datenumber $id are stripped regardless, maybe deliberately? Regards __________________________________________ Dean Manners > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kai Schaetzl > Sent: Monday, February 12, 2007 10:16 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Attachment-Warning variables with inline warnings > > Dean Manners wrote on Mon, 12 Feb 2007 16:59:32 +1100: > > > Is it possible to use the $datenumber and $id variables in the > > inline.warning reports ? ?I am trying to display a "Click > here to release" > > URL, however the report line containing the URL seems to be removed. > > It would be nice if you could convince yourself to not send > HTML to a mailing list, thanks :-) This could also be the > reason why you don't get the text you expect. There's a text > and an HTML version. Did you change both? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From res at ausics.net Tue Feb 13 06:06:06 2007 From: res at ausics.net (Res) Date: Tue Feb 13 05:10:28 2007 Subject: LookOUT 2007 In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: On Mon, 12 Feb 2007, sandrews@andrewscompanies.com wrote: > Not a load of rot. Linus didn't go playing around until 1991. At that > point, it was pretty much Microsoft and OS2; and they were both pushing on servers? errrr I think ull find unix was around long before then :) we used SunOS where I was back then, but thats over 20 years ago, and before that we used somthing else, (memory faded cant recall what) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From csweeney at osubucks.org Tue Feb 13 06:11:11 2007 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Feb 13 05:15:45 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: <45D1486F.40606@osubucks.org> Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) Res wrote: > On Mon, 12 Feb 2007, sandrews@andrewscompanies.com wrote: > >> Not a load of rot. Linus didn't go playing around until 1991. At that >> point, it was pretty much Microsoft and OS2; and they were both pushing > > on servers? errrr I think ull find unix was around long before then :) > we used SunOS where I was back then, but thats over 20 years ago, and > before that we used somthing else, (memory faded cant recall what) > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5188 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/f0d662f7/smime.bin From res at ausics.net Tue Feb 13 06:14:02 2007 From: res at ausics.net (Res) Date: Tue Feb 13 05:18:27 2007 Subject: LookOUT 2007 In-Reply-To: <45D1486F.40606@osubucks.org> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> Message-ID: On Tue, 13 Feb 2007, Chris Sweeney wrote: > Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) Xenix LOL i bet M$ regret not going forward and sticking with that, more proof they can't get anything right :D -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From jon at radel.com Tue Feb 13 06:20:02 2007 From: jon at radel.com (Jon Radel) Date: Tue Feb 13 05:24:42 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> Message-ID: <45D14A82.3080602@radel.com> Res wrote: > > On Mon, 12 Feb 2007, sandrews@andrewscompanies.com wrote: > >> Not a load of rot. Linus didn't go playing around until 1991. At that >> point, it was pretty much Microsoft and OS2; and they were both pushing > > on servers? errrr I think ull find unix was around long before then :) > we used SunOS where I was back then, but thats over 20 years ago, and > before that we used somthing else, (memory faded cant recall what) > > Oh, don't tell me you used VMS before it went all Open on us.... I've still got a MicroVAX sitting in the garage; really should throw it out someday. I was also going to note earlier that amid all this talk about MS bloat, that I've noticed certain Linux distributions are getting tad heavy these days. Time to move to OpenBSD. :-) --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/2d5438ec/smime.bin From res at ausics.net Tue Feb 13 06:40:23 2007 From: res at ausics.net (Res) Date: Tue Feb 13 05:44:50 2007 Subject: LookOUT 2007 In-Reply-To: <45D14A82.3080602@radel.com> References: <20070212124502.4E16.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> Message-ID: On Tue, 13 Feb 2007, Jon Radel wrote: >> on servers? errrr I think ull find unix was around long before then :) >> we used SunOS where I was back then, but thats over 20 years ago, and >> before that we used somthing else, (memory faded cant recall what) > > Oh, don't tell me you used VMS before it went all Open on us.... I've VMS might have been it, but I doubt we had anything special (it was only a print media company I worked for at the time) but I was only there for a short time before we moved to SunOS bout 84? I woulda been 18 then so sounds around that era. > still got a MicroVAX sitting in the garage; really should throw it out > someday. Donate it to a museum :) > I was also going to note earlier that amid all this talk about MS bloat, > that I've noticed certain Linux distributions are getting tad heavy > these days. Time to move to OpenBSD. :-) Nah :) I have been thinking of getting a copy of openslowaris and running that for a few weeks on a spare dekstop at home to see how it measures up. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Tue Feb 13 09:00:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 08:04:26 2007 Subject: "not cached, timed out" in spam that scored 0. In-Reply-To: <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> References: <25a66d840702121331v5f4fe7b2i6977780a9e5cff38@mail.gmail.com> <25a66d840702121359m6189a7d5wfaa751af13da35cb@mail.gmail.com> Message-ID: <223f97700702130000s29dc59aas7a13f0d9b089181b@mail.gmail.com> Hi Angelo, Look below.... On 12/02/07, am.lists wrote: > Scott: > > I felt the same way -- only seeing 3 timeouts, its probably ok to bump > up the timeout, but wasn't sure where the setting was. If I had seen a > bunch of timeouts, I'd be investigating what was causing the > individual timeouts. > > I found the setting in /etc/MailScanner/mailscanner.conf... > > It was 75, I bumped it to 90. Some on this list feel that those settings would *always* be too low:-)... And would tell you to bump it up to 600 (or so) seconds... If it is the "bayes expire"-problem, 75 or 90 will not make much difference;-)... but 600 would:-D. The reasoning here is along the lines that SA should *never* timeout (and be killed). > FWIW, I did the lint test of SA through MailWatch GUI to see if there > were any apparent issues, the elapsed time on that comes in at > 5.97865sec. Having nothing to compare that to, is that good, bad, > horrible, etc? > Well, if you are using SA 3.1.7, then the MailWatch lint doesn't include the network tests anymore (earlier versions of SA did), so that doesn't really say much, unfortunately. Time a "spamassassin -D -t < /path/to/test/message" instead, and you'll likely see some longer times... (If you're using 3.1.7, that is:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Tue Feb 13 09:06:10 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 08:10:34 2007 Subject: Mqueue.in huge In-Reply-To: <45D0B163.6090603@USherbrooke.ca> Message-ID: <200702130806.l1D869b6010246@netra.database.it> > 1. have you restarted MS after the change ? Yes > 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf > -> /etc/MailScanner/spam.assassin.prefs.conf ? They are not symlink but two differents files >3. after restarting MS, do you get any error/warning > messages in your > maillog? No Thanks for your help. Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: lunedì 12 febbraio 2007 19.27 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > Marcello Anderlini a écrit : > > I put use_auto_whitelist 0 in my spam.assassin.prefs.conf > but not is > > changed ? > > I'm still getting spamassassin timeout, what else can I do ? I'm in > > panic :-( > > > > > > Marcello, > > I haven't followed this thread from the beginning so: > > 1. have you restarted MS after the change ? > 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf > -> /etc/MailScanner/spam.assassin.prefs.conf ? > 3. after restarting MS, do you get any error/warning > messages in your > maillog? > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- Messaggio verificato dal servizio antivirus di Database Informatica From glenn.steen at gmail.com Tue Feb 13 09:43:31 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 08:47:50 2007 Subject: LookOUT 2007 In-Reply-To: <45D14A82.3080602@radel.com> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> Message-ID: <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> On 13/02/07, Jon Radel wrote: (snip) > I was also going to note earlier that amid all this talk about MS bloat, > that I've noticed certain Linux distributions are getting tad heavy > these days. Time to move to OpenBSD. :-) > Well... Before the _closing_ comment on this _useless_ thread, let me note that I just the other week took one of the "bloated" distros (Mandriva 2007, with (Hopefully) AIGLX/Xgl, compiz and all) and installed it without a hitch on an old Compaq SFF (1.0 GHz, 512 MiB RAM, 20 GiB HDD, integrated graphics... Junk, but not that bad:-) and it runs really OK... Sure, not as snappy as on a more modern box, but still more than enough for the relatives I'm donating it to;-). Bloated indeed... A matter of relativity, I'd say:-):-). (Hopefully:-) Final note on this thread: Although I do enjoy the banter and all, has any of you reflected on this thread going from slightly off-topic (LookOut is at best tangent to MailScanner) to not related to anything at all (Vista performance and HW "policies".... Have much to do with MailScanner has it? No.).... Please desist, and take anything firther off-list will you? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 13 09:56:21 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 09:00:40 2007 Subject: Mqueue.in huge In-Reply-To: <200702130806.l1D869b6010246@netra.database.it> References: <45D0B163.6090603@USherbrooke.ca> <200702130806.l1D869b6010246@netra.database.it> Message-ID: <223f97700702130056n3f34f982g52983ec8d6e0ea0a@mail.gmail.com> On 13/02/07, Marcello Anderlini wrote: (snip) > > 2. do you have a symlink from /etc/mail/spamassassin/mailscanner.cf > > -> /etc/MailScanner/spam.assassin.prefs.conf ? > > They are not symlink but two differents files Hm, they should be one and the same, by way of a symbolic link... Could you please refresh our memories with what version of MailScanner and SpamAssassin you use, as well as MTA (Sendmail was it? version please...), what plugins to SA you have loaded etc...? Also provide the output of ls -l /etc/MailScanner/spam.assassin.prefs.conf /etc/mail/spamassassin/mailscanner.cf (that was all on one line, of course) ... so that we can be certain they really are two different files, and not a file and a symlink:-). Depending on version of SA, you might disable certain functions "easier" by way of not loading them (since they might be plugins) instead of loading them and then disabling them... Provide the info and we'll likely be more capable of helping you. Cheers -- -- Glenn (who is home with the flu, hence the not-so-frequent "presence" on the list:) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmatt at nerc.ac.uk Tue Feb 13 10:05:21 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Feb 13 09:09:52 2007 Subject: automated mail server stress testing? In-Reply-To: <45C48B9B.3010000@ecs.soton.ac.uk> References: <45C3D414.9090900@fractalweb.com> <45C48B9B.3010000@ecs.soton.ac.uk> Message-ID: <45D17F51.80502@nerc.ac.uk> > Chris Yuzik wrote: >> Just wondering if there are any programs/scripts/whatever that can put >> an artificial high load on our new server so we can see if anything >> breaks *before* we start moving real users to this new box. set up a real mail relay exactly as your production system and give it a high MX (low priority) in the DNS. We have one like this and it attracts as much junk as it can process and then some! As Julian says, you then send everything to /dev/null G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From cobalt-users1 at fishnet.co.uk Tue Feb 13 11:16:28 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 13 10:21:02 2007 Subject: Help debugging false positives with SURBL Message-ID: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> Skipped content of type multipart/alternative-------------- next part -------------- The following section of this message contains a file attachment prepared for transmission using the Internet MIME message format. If you are using Pegasus Mail, or any other MIME-compliant system, you should be able to save it or view it from within your mailer. If you cannot, please ask your system administrator for assistance. ---- File information ----------- File: message.txt Date: 13 Feb 2007, 10:02 Size: 1146 bytes. Type: Text -------------- next part -------------- A non-text attachment was scrubbed... Name: message.txt Type: application/octet-stream Size: 1146 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/822939ba/message.obj From stef at aoc-uk.com Tue Feb 13 11:32:32 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Tue Feb 13 10:36:50 2007 Subject: OT - RE: LookOUT 2007 Message-ID: <2861F1B24EB21D4EBD8A2A72DD8219050CE7DD@flatulous.aoc-uk.com> Jon Radel wrote: > I was also going to note earlier that amid all this talk > about MS bloat, that I've noticed certain Linux distributions > are getting tad heavy these days. Time to move to OpenBSD. :-) Nothing wrong with OpenBSD, but then again, why not roll your own Linux Distro. Lightweight as you like! http://www.linuxfromscratch.org is a great starting place. Great engineer training resource too. Stef From ms-list at alexb.ch Tue Feb 13 11:34:55 2007 From: ms-list at alexb.ch (Alex Broens) Date: Tue Feb 13 10:39:21 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> Message-ID: <45D1944F.6020802@alexb.ch> Would be very useful and even more appreciated if Julian could implement the vanilla SA responses which are two liners. I've banged my head very often when trying to find out what URL was hit. Alex On 2/13/2007 11:16 AM, Ian wrote: > Hi, > > I am having trouble with the spamassassin SURBL tests and cron emails. For some strange > reason I am getting this score on an email delivered via MailScanner: > > cached > score=12.718 > 6 required > -1.80 ALL_TRUSTED Passed through trusted hosts only via SMTP > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > -0.00 SPF_HELO_PASS SPF: HELO matches SPF record > 3.81 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist > 3.00 URIBL_BLACK > 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > 2.80 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist > 4.50 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist > > When I run the message manually with the following command line, non of the SURBL tests > show up: > > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -t > Content analysis details: (-4.4 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > > I have tested all domain names (even partial ones) with the RulesEmporium SURBL checker > and none of them show up. I have attached the email as a txt file. > > Can someone point me the right direction to debug this. I have switched on SpamAssassin > debugging in MailScanner but have no idea where to look for the debug output. Also, am I > using the right command line to test this? > > > Thanks > > Ian > > > ------------------------------------------------------------------------ > > The following section of this message contains a file attachment > prepared for transmission using the Internet MIME message format. > If you are using Pegasus Mail, or any other MIME-compliant system, > you should be able to save it or view it from within your mailer. > If you cannot, please ask your system administrator for assistance. > > ---- File information ----------- > File: message.txt > Date: 13 Feb 2007, 10:02 > Size: 1146 bytes. > Type: Text > From res at ausics.net Tue Feb 13 12:25:55 2007 From: res at ausics.net (Res) Date: Tue Feb 13 11:30:29 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> Message-ID: On Tue, 13 Feb 2007, Glenn Steen wrote: > No.).... Please desist, and take anything firther off-list will you? no more on topic then 90 %of the rest of the stuff around here unless we have renamed this list to postmix/sendmail/mailwatch/spam assassin list as well From glenn.steen at gmail.com Tue Feb 13 13:07:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 12:12:19 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D14A82.3080602@radel.com> <223f97700702130043k257cd4c8l8dd90eb17e6f3fb8@mail.gmail.com> Message-ID: <223f97700702130407u696ecc90gb47e4609aec9f528@mail.gmail.com> On 13/02/07, Res wrote: > On Tue, 13 Feb 2007, Glenn Steen wrote: > > > No.).... Please desist, and take anything firther off-list will you? > > no more on topic then 90 %of the rest of the stuff around here unless we > have renamed this list to postmix/sendmail/mailwatch/spam assassin list as > well > Yeah I know, but ... well, I'm certainly not "the list guardian" in any way shape or form, but going from MUA to OS/HW/... "point of view" discussions stretches things very thin indeed:-):-). Oh well, keep at it then:-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Tue Feb 13 14:04:44 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 13 13:09:06 2007 Subject: OT: Postfix Masquerading Message-ID: <45D1B76C.2030908@haigmail.com> Hi, Apologies for the off topic here. Can someone give me a (l)user explanation or point me in the right direction to setup outgoing *Masquerading * I have a smtp relay that is relaying our system notifications from multiple internal hosts. these hosts attach the internal domain ot all their e-mail and this natrually does not have any dns records in the public domain. How would I setup postfix to "formfill" the domains with a valid external domain? Thanks Lance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/7a5821cb/attachment.html From tim.sattler at nordcapital.com Tue Feb 13 14:06:55 2007 From: tim.sattler at nordcapital.com (Sattler, Tim) Date: Tue Feb 13 13:11:37 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk> Message-ID: Hi, > I am having trouble with the spamassassin SURBL tests and cron emails. > For some strange reason I am getting this score on an email delivered > via MailScanner: You should check to see whether your setup matches one of the following conditions mentioned on surbl.org: DNS bugs and incompabilities leading to false positives There is a bug (#3997) in versions of SpamAssassin older than 3.1 where the responses to DNS queries occasionally get mixed up, resulting in very rare false positives (non-spam tagged as spam). This can be seen when SpamAssassin shows a domain as blacklisted but it is not blacklisted when checking with a manual DNS query or on the lookup page. The solution is to upgrade to SpamAssassin version 3.1 or later. Another issue for users of DNS or proxy services that modify the results of DNS queries is that some of those changes may not compatible with SURBL applications. In particular, modification of NXDOMAIN responses can result in false positives due to the changed Address bits in the response. The solution is to not use DNS or proxy services that modify query results on your systems running SURBL applications. These cases are very rare, but worth mentioning if it prevents some confusion. We had a similar issue when using OpenDNS as DNS forwarder. Regards Tim From m.anderlini at database.it Tue Feb 13 14:11:25 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 13:16:41 2007 Subject: Mqueue.in huge In-Reply-To: Message-ID: <200702131311.l1DDBNab012570@netra.database.it> Thank you very much, I'd like just to know if in this way sendmail will notify the sender of email tag as spam ? Eventualy in this case how is it possible to turn off this ? I will try and I let you know. Thanks again Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: lunedì 12 febbraio 2007 23.06 > To: MailScanner discussion > Subject: RE: Mqueue.in huge > > Hi, > > On Mon, 12 Feb 2007, Marcello Anderlini wrote: > > > I beg your pardon but how can set my MTA (I use sendmail) to use > > blacklist and to reject automaticaly email ? > > Add this to your sendmail.mc file in sendmail-source/cf/cf > The 'FEATURE' to 'dnl' is all on one line > > FEATURE(`blacklist_recipients')dnl # <--- this should be already there > > > FEATURE(`enhdnsbl', `zen.spamhaus.org', `"553 rejected - see > http://www.spamhaus.org/query/bl?ip="$&{client_addr}', `')dnl > > FEATURE(`enhdnsbl', `bl.spamcop.net', `"553 rejected - see > http://spamcop.net/bl.shtml?"$&{client_addr}', `')dnl > > FEATURE(`enhdnsbl',`dnsbl.sorbs.net',`"553 rejected - " > $&{client_addr} " > found in dnsbl.sorbs.net"', `')dnl > > FEATURE(`enhdnsbl', `combined.njabl.org', `"553 rejected - > see http://njabl.org/lookup?"$&{client_addr}', `')dnl > > Then ./Build install-cf > and restart sendmail > > > And also how can I turn off spamassin in Mailscanner.conf ? > > Use SpamAssassin = yes > to > Use SpamAssassin = no > then > killall -HUP MailScanner > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From m.anderlini at database.it Tue Feb 13 14:16:01 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 13:21:06 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130056n3f34f982g52983ec8d6e0ea0a@mail.gmail.com> Message-ID: <200702131315.l1DDFxsb016562@netra.database.it> Mailscanner 4.50.15.1 Spammassasin Version : 3.1.7 Release : 1.el4.rf Name : sendmail Version : 8.13.1 Vendor: CentOS Release : 3.RHEL4.5 I do not use any plugins for SA and this is the output of ls -l /etc/MailScanner/spam.assassin.prefs.conf /etc/mail/spamassassin/mailscanner.cf -rw-r--r-- 1 root root 11361 Feb 12 18:00 /etc/MailScanner/spam.assassin.prefs.conf -rw-r--r-- 1 root root 41 Jan 21 2005 /etc/mail/spamassassin/mailscanner.cf Thanks again Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: martedì 13 febbraio 2007 9.56 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 13/02/07, Marcello Anderlini wrote: > (snip) > > > 2. do you have a symlink from > /etc/mail/spamassassin/mailscanner.cf > > > -> /etc/MailScanner/spam.assassin.prefs.conf ? > > > > They are not symlink but two differents files > Hm, they should be one and the same, by way of a symbolic link... > Could you please refresh our memories with what version of > MailScanner and SpamAssassin you use, as well as MTA > (Sendmail was it? version please...), what plugins to SA you > have loaded etc...? Also provide the output of ls -l > /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > (that was all on one line, of course) ... so that we can be > certain they really are two different files, and not a file > and a symlink:-). > > Depending on version of SA, you might disable certain > functions "easier" by way of not loading them (since they > might be plugins) instead of loading them and then disabling > them... Provide the info and we'll likely be more capable of > helping you. > > Cheers > -- > -- Glenn (who is home with the flu, hence the not-so-frequent > "presence" on the list:) > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From drew at technologytiger.net Tue Feb 13 14:19:40 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue Feb 13 13:24:13 2007 Subject: OT: Postfix Masquerading In-Reply-To: <45D1B76C.2030908@haigmail.com> References: <45D1B76C.2030908@haigmail.com> Message-ID: <62919.194.70.180.170.1171372780.squirrel@www.technologytiger.net> On Tue, February 13, 2007 13:04, Lance Haig wrote: > Hi, > > Apologies for the off topic here. > > Can someone give me a (l)user explanation or point me in the right > direction to setup outgoing *Masquerading > * > I have a smtp relay that is relaying our system notifications from > multiple internal hosts. > these hosts attach the internal domain ot all their e-mail and this > natrually does not have any dns records in the public domain. > > How would I setup postfix to "formfill" the domains with a valid > external domain? Have a look at this http://www.postfix.org/ADDRESS_REWRITING_README.html it covers every possible variation for you (Sorry, can't be more specific with out more details of your domain set up etc). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From lhaig at haigmail.com Tue Feb 13 14:24:57 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 13 13:29:18 2007 Subject: OT: Postfix Masquerading In-Reply-To: <62919.194.70.180.170.1171372780.squirrel@www.technologytiger.net> References: <45D1B76C.2030908@haigmail.com> <62919.194.70.180.170.1171372780.squirrel@www.technologytiger.net> Message-ID: <45D1BC29.9040303@haigmail.com> Hi Drew, I must be blind. I could not find that at all. Thanks a million. Lance Drew Marshall wrote: > On Tue, February 13, 2007 13:04, Lance Haig wrote: > >> Hi, >> >> Apologies for the off topic here. >> >> Can someone give me a (l)user explanation or point me in the right >> direction to setup outgoing *Masquerading >> * >> I have a smtp relay that is relaying our system notifications from >> multiple internal hosts. >> these hosts attach the internal domain ot all their e-mail and this >> natrually does not have any dns records in the public domain. >> >> How would I setup postfix to "formfill" the domains with a valid >> external domain? >> > > Have a look at this http://www.postfix.org/ADDRESS_REWRITING_README.html > it covers every possible variation for you (Sorry, can't be more specific > with out more details of your domain set up etc). > > Drew > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/1e171b84/attachment.html From res at ausics.net Tue Feb 13 14:43:31 2007 From: res at ausics.net (Res) Date: Tue Feb 13 13:47:56 2007 Subject: Mqueue.in huge In-Reply-To: <200702131311.l1DDBNab012570@netra.database.it> References: <200702131311.l1DDBNab012570@netra.database.it> Message-ID: Hi, On Tue, 13 Feb 2007, Marcello Anderlini wrote: > Thank you very much, I'd like just to know if in this way sendmail will > notify the sender of email tag as spam ? They will get a rejection notice, pointing to where they can lookup why they were blocked by the RBL > Eventualy in this case how is it possible to turn off this ? > most cases you wont want to :) but all you need do is put a dnl in front of those lines and re make the cf file again -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From sailer at bnl.gov Tue Feb 13 14:48:49 2007 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 13 13:53:26 2007 Subject: LookOUT 2007 In-Reply-To: <45D1486F.40606@osubucks.org> References: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> Message-ID: <20070213134849.GB29603@bnl.gov> On Tue, Feb 13, 2007 at 12:11:11AM -0500, Chris Sweeney wrote: > Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) Strangely enough, if you have an old copy of SCO Xenix (/86, /286, /386, I still have at least the manuals from each somewhere), you'll unfortunately find Microsoft's name on the pages. They bought like a 20% stake in SCO way back when. MS was hedging their bets way back. I wonder if this is why they keep saying that if you are running Linux, you owe them money?? Tim -- Tim Sailer DoE Intelligence and Counterintelligence - Cyber Division Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From sailer at bnl.gov Tue Feb 13 14:52:37 2007 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 13 13:57:12 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> Message-ID: <20070213135237.GC29603@bnl.gov> On Tue, Feb 13, 2007 at 02:54:56PM +1000, Res wrote: > You remind me of the guy who came and wanted to do some work, a 25yo > all hyped up with his M$ certs, and when I told him they meant nothing to Remember: MCSE - Must Consult Someone Experienced :) Tim -- Tim Sailer DoE Intelligence and Counterintelligence - Cyber Division Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From cobalt-users1 at fishnet.co.uk Tue Feb 13 15:06:50 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 13 14:11:18 2007 Subject: Help debugging false positives with SURBL In-Reply-To: References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, Message-ID: <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk> On 13 Feb 2007 at 14:06, Sattler, Tim wrote: > Hi, > > > I am having trouble with the spamassassin SURBL tests and cron emails. > > > For some strange reason I am getting this score on an email delivered > > via MailScanner: > > You should check to see whether your setup matches one of the following > conditions mentioned on surbl.org: > > > DNS bugs and incompabilities leading to false positives > > We had a similar issue when using OpenDNS as DNS forwarder. Hi, Thanks Tim, yes I did check the spamassassin archives before posting here so I saw that one. This is a brand new install with version 3.1.7 and we woulnd't touch OpenDNS in a business environment, anything that modifies dns queries/responses would only cause problems in my opinion. I posted to this list because it only happens when the mail is passed through MailScanner, so I actually need help on debugging on what happens to the message when it is passed to spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin thinks is the bad url. Is it the domain name of the server? The name of the perl script? Something else I'm not seeing? What does the MailScanner option: Debug SpamAssassin = yes actually do? Where do I read the debug output? Any help would be appreciated. Ian -- From glenn.steen at gmail.com Tue Feb 13 15:07:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 14:12:17 2007 Subject: LookOUT 2007 In-Reply-To: <20070213134849.GB29603@bnl.gov> References: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> <20070213134849.GB29603@bnl.gov> Message-ID: <223f97700702130607j52301f4ble16e843d05d9a473@mail.gmail.com> On 13/02/07, Tim Sailer wrote: > On Tue, Feb 13, 2007 at 12:11:11AM -0500, Chris Sweeney wrote: > > Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) > > Strangely enough, if you have an old copy of SCO Xenix (/86, /286, > /386, I still have at least the manuals from each somewhere), you'll > unfortunately find Microsoft's name on the pages. They bought like a > 20% stake in SCO way back when. MS was hedging their bets way back. > I wonder if this is why they keep saying that if you are running Linux, > you owe them money?? > Only in a fevered dream ... Linux has virtually nothing in common with Xenix, and Caldera-turned-SCO based their idiocy on other (almost equally loose) allegations. M$ has nothing much to do with that idiocy though (unless you are into conspiration theories:-). Ooww, lets not go further in this direction, this thread is shite enough as it is:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From stef at aoc-uk.com Tue Feb 13 15:08:24 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Tue Feb 13 14:12:43 2007 Subject: OT - RE: LookOUT 2007 Message-ID: <2861F1B24EB21D4EBD8A2A72DD8219050CE7E3@flatulous.aoc-uk.com> Tim Sailer wrote: > Strangely enough, if you have an old copy of SCO Xenix (/86, > /286, /386, I still have at least the manuals from each > somewhere), you'll unfortunately find Microsoft's name on the If you have a *current* SCO Openserver it still tells you about Microsoft's copyright when you log in. Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. UK734421454 From csweeney at osubucks.org Tue Feb 13 15:16:40 2007 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Feb 13 14:21:16 2007 Subject: LookOUT 2007 In-Reply-To: <20070213134849.GB29603@bnl.gov> References: <1964AAFBC212F742958F9275BF63DBB04A0B48@winchester.andrewscompanies.com> <45D1486F.40606@osubucks.org> <20070213134849.GB29603@bnl.gov> Message-ID: <4391.70.60.69.215.1171376200.squirrel@webmail.osubucks.org> > On Tue, Feb 13, 2007 at 12:11:11AM -0500, Chris Sweeney wrote: >> Xenix, Unix, Linux, Windows, OS2 Sounds like my OS history :) > > Strangely enough, if you have an old copy of SCO Xenix (/86, /286, > /386, I still have at least the manuals from each somewhere), you'll > unfortunately find Microsoft's name on the pages. They bought like a > 20% stake in SCO way back when. MS was hedging their bets way back. > I wonder if this is why they keep saying that if you are running Linux, > you owe them money?? > You know thats funny, I did not realize MS had a stake in SCO. Unfortunatly I don't have any copies of SCO Xenix around anymore, but I still love to say it :) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Feb 13 15:24:47 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 14:29:11 2007 Subject: Mqueue.in huge In-Reply-To: <200702131315.l1DDFxsb016562@netra.database.it> References: <223f97700702130056n3f34f982g52983ec8d6e0ea0a@mail.gmail.com> <200702131315.l1DDFxsb016562@netra.database.it> Message-ID: <223f97700702130624g162f2accl4a201e30143c9423@mail.gmail.com> On 13/02/07, Marcello Anderlini wrote: > Mailscanner 4.50.15.1 > Spammassasin Version : 3.1.7 Release : 1.el4.rf > > Name : sendmail > Version : 8.13.1 Vendor: CentOS > Release : 3.RHEL4.5 > > I do not use any plugins for SA and this is the output of > ls -l /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > -rw-r--r-- 1 root root 11361 Feb 12 18:00 > /etc/MailScanner/spam.assassin.prefs.conf > -rw-r--r-- 1 root root 41 Jan 21 2005 > /etc/mail/spamassassin/mailscanner.cf > > Thanks again > > Best regards Ok, not the freshest MailScanner version one has seen... Consider an update. it is fairly easy and well-documented in the MAQ how to do that on RPM-based systems like yours (http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm). What does the 41 bytes of /etc/mail/spamassassin/mailscanner.cf say? Looks almost like a symlink-turned-normal-file, just from the size of it. Try moving that mailscanner.cf out of the way and doing ln -s /etc/MailScanner/spam.assassin.prefs.conf /etc/mail/spamassassin/mailscanner.cf ... just to make sure it is a link. Hm, come to think of it, I don't rightly remember at which version MailScanner switched to assuming that symlink to be there... If you update to the latest stable version (which I think you should), you _will_ need it. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue Feb 13 15:31:16 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Feb 13 14:35:45 2007 Subject: Attachment-Warning variables with inline warnings In-Reply-To: <200702130503.l1D53otq000454@relay01.ispone.net.au> References: <200702130503.l1D53otq000454@relay01.ispone.net.au> Message-ID: Dean Manners wrote on Tue, 13 Feb 2007 16:02:49 +1100: > Seems that $datenumber $id are stripped regardless, > maybe deliberately? Hm, that I don't know, sorry. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Denis.Beauchemin at USherbrooke.ca Tue Feb 13 15:40:36 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 13 14:45:19 2007 Subject: Mqueue.in huge In-Reply-To: <200702131315.l1DDFxsb016562@netra.database.it> References: <200702131315.l1DDFxsb016562@netra.database.it> Message-ID: <45D1CDE4.1010800@USherbrooke.ca> Marcello Anderlini a ?crit : > Mailscanner 4.50.15.1 > Spammassasin Version : 3.1.7 Release : 1.el4.rf > > Name : sendmail > Version : 8.13.1 Vendor: CentOS > Release : 3.RHEL4.5 > > I do not use any plugins for SA and this is the output of > ls -l /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > -rw-r--r-- 1 root root 11361 Feb 12 18:00 > /etc/MailScanner/spam.assassin.prefs.conf > -rw-r--r-- 1 root root 41 Jan 21 2005 > /etc/mail/spamassassin/mailscanner.cf > > Marcello, Please do the following: 1. mv /etc/mail/spamassassin/mailscanner.cf /etc/mail/spamassassin/mailscanner.cf.old 2. ln -s /etc/mail/spamassassin/mailscanner.cf /etc/mail/spamassassin/mailscanner.cf 3. make sure you have the "use_auto_whitelist 0" in both files (they should now be the same file) then restart MS and look for your SA whitelist error messages. They should be gone. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/886d0267/smime.bin From dyioulos at firstbhph.com Tue Feb 13 15:43:11 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue Feb 13 14:47:29 2007 Subject: MCP (again) Message-ID: <200702130943.12172.dyioulos@firstbhph.com> Good morning (in most of the Western Hemisphere anyway). Several days ago I asked for help regarding MCP. At the risk of angering folks, I wanted to ask again, as getting this set up and running is very important to me, and I'm just having no success. My setup: CentOS 3.8, sendmail-8.12.11-4, mailscanner-4.58.9.1, spamassassin-3.1.7, clamav-0.88.7, and mailwatch-1.0.3. Firstly, I want to keep my users' mail from being scanned for spam. I can accomplish this successfully either by using MailWatch's SQLBlackWhiteList, or by using MS's spam.whitelist.rules/scan.messages.rules. The problem is, when spam whitelisting is enabled, MCP doesn't work. Once spam whitelisting is disabled, voila, MCP works (messages are tagged and visible in MailWatch). I've tried every combination of rules I can think of with no success. Is there no way for both spam whitelisting and MCP to work together? Does anyone have this enabled and can give me some assistance? It would be most appreciated. Thanks. Dimitri From glenn.steen at gmail.com Tue Feb 13 15:55:29 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 14:59:49 2007 Subject: Mqueue.in huge In-Reply-To: <45D1CDE4.1010800@USherbrooke.ca> References: <200702131315.l1DDFxsb016562@netra.database.it> <45D1CDE4.1010800@USherbrooke.ca> Message-ID: <223f97700702130655u78d97ac7wb82a2091e01854e6@mail.gmail.com> On 13/02/07, Denis Beauchemin wrote: (snip) > 2. ln -s /etc/mail/spamassassin/mailscanner.cf > /etc/mail/spamassassin/mailscanner.cf Eh, no. Not good to try link to oneself:-). This would (of course) just raise an error. Do the link as I suggested it though and things should be fine:-). > 3. make sure you have the "use_auto_whitelist 0" in both files (they > should now be the same file) One could of course put this in local.cf as well...:-) > then restart MS and look for your SA whitelist error messages. They > should be gone. > > Denis > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Tue Feb 13 16:05:55 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 15:12:25 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130624g162f2accl4a201e30143c9423@mail.gmail.com> Message-ID: <200702131505.l1DF5rbq018374@netra.database.it> I make the symlink but the problem seem to be still presents. Now my mqueue.in is running about 120/130 msg waiting and is growing. The only way to decrease it is to not use spamassassin. I notice anyway that msg are still marked spam using black-list, I suppose directly by Mailscanner and I can delete it if I change "Spam Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = delete. Could this be a solution ? But How can I understand where spamassassin is slowing ? Can spamassassin -D -t generate a log with timing ? I'll update mailscanner as soon as possible. Best regards and thanks again for your help Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: martedì 13 febbraio 2007 15.25 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 13/02/07, Marcello Anderlini wrote: > > Mailscanner 4.50.15.1 > > Spammassasin Version : 3.1.7 Release : 1.el4.rf > > > > Name : sendmail > > Version : 8.13.1 Vendor: CentOS > > Release : 3.RHEL4.5 > > > > I do not use any plugins for SA and this is the output of ls -l > > /etc/MailScanner/spam.assassin.prefs.conf > > /etc/mail/spamassassin/mailscanner.cf > > -rw-r--r-- 1 root root 11361 Feb 12 18:00 > > /etc/MailScanner/spam.assassin.prefs.conf > > -rw-r--r-- 1 root root 41 Jan 21 2005 > > /etc/mail/spamassassin/mailscanner.cf > > > > Thanks again > > > > Best regards > > Ok, not the freshest MailScanner version one has seen... > Consider an update. it is fairly easy and well-documented in > the MAQ how to do that on RPM-based systems like yours > (http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm). > > What does the 41 bytes of /etc/mail/spamassassin/mailscanner.cf say? > Looks almost like a symlink-turned-normal-file, just from the > size of it. > Try moving that mailscanner.cf out of the way and doing ln -s > /etc/MailScanner/spam.assassin.prefs.conf > /etc/mail/spamassassin/mailscanner.cf > ... just to make sure it is a link. Hm, come to think of it, > I don't rightly remember at which version MailScanner > switched to assuming that symlink to be there... If you > update to the latest stable version (which I think you > should), you _will_ need it. > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From Sylvain.Phaneuf at imsu.ox.ac.uk Tue Feb 13 16:09:17 2007 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Tue Feb 13 15:13:48 2007 Subject: reject (bounce) message References: <45D1C99E020000EB00012924@gwmail.jr2.ox.ac.uk> <45D1CC6F020000EB00012927@gwmail.jr2.ox.ac.uk> <45D1D068020000EB0001292A@gwmail.jr2.ox.ac.uk> <45D1D18F020000EB0001292D@gwmail.jr2.ox.ac.uk> <45D1D26D020000EB00012930@gwmail.jr2.ox.ac.uk> <45D1D395020000EB00012933@gwmail.jr2.ox.ac.uk> <45D1D49D020000EB00012936@gwmail.jr2.ox.ac.uk> Message-ID: <45D1D49D.FEA8.00EB.0@imsu.ox.ac.uk> Hi everyone, I know this isn't the most popular feature of MailScanner, but if a brave soul can help, I would be very grateful. I am playing with the Rejection report and I would need help customising it (/etc/MailScanner/reports/en/rejection.report.txt). The problem I have is that the rejection message is sent "From: $to " which would work normally but our ISP forwards the messages to us not to the aliases our users are know under but to their username. For example firstname.lastname@department.domain is forwarded to us as username@server.domain. The rejection report that MailScanner produces will come from username@server.domain which the sender will never be able to reconcile with the address they originally sent to, i.e. firstname.lastname@department.domain . How can I get the correct information in the rejection.report.txt file? How do I get the real RCPT TO in the report? Or how can I include the whole incoming message in the report (that sounds a very bad idea..., forget I said that). Anyone who can help out there? And before somebody asks... I want to use that feature for very specific cases, nothing to do with bouncing spam... Thanks in advance, Sylvain MailScanner: 4.55.10 MTA: sendmail 8.13.6 MailWatch: 1.0.3 -- ============================================ Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford, OX3 9DU, UK ============================================ From Denis.Beauchemin at USherbrooke.ca Tue Feb 13 16:09:43 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 13 15:14:26 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130655u78d97ac7wb82a2091e01854e6@mail.gmail.com> References: <200702131315.l1DDFxsb016562@netra.database.it> <45D1CDE4.1010800@USherbrooke.ca> <223f97700702130655u78d97ac7wb82a2091e01854e6@mail.gmail.com> Message-ID: <45D1D4B7.7060404@USherbrooke.ca> Glenn Steen a ?crit : > On 13/02/07, Denis Beauchemin wrote: > (snip) >> 2. ln -s /etc/mail/spamassassin/mailscanner.cf >> /etc/mail/spamassassin/mailscanner.cf > Eh, no. > Not good to try link to oneself:-). This would (of course) just raise > an error. Do the link as I suggested it though and things should be > fine:-). Oops! Thanks for pointing that out. I messed up with my copy/paste... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/fa61e2e9/smime.bin From steve.swaney at fsl.com Tue Feb 13 16:29:35 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Feb 13 15:33:56 2007 Subject: OT: Hiring In-Reply-To: <45D09C25.6090307@nkpanama.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> Message-ID: <010301c74f83$c4b69a80$4e23cf80$@swaney@fsl.com> Thanks for inquiring about the opening but we were able to fill this opening with the very first applicant. I was amazed at how many very talented and qualified applicants we had. The MailScanner list members are a very sharp group! Best regards, Steve Steve Swaney steve@fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: Monday, February 12, 2007 11:56 AM > To: MailScanner discussion > Subject: Re: OT: Hiring > > Could you describe the needs/wants you would have from this staffer? > What would they(me?) need to accomplish? > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > We need to hire some additional part time staff who can help with > > support for MailScanner, MailScanner related applications, MTAs and > our > > DefenderMX application. We will train you on DefenderMX. > > > > Salary is commensurate with qualifications and location anywhere is > the > > world is just fine, you just need a high speed Internet link. Hour > are > > flexible and the working environment is great J. Reasonable English > > skill is required and an additional language would be useful but not > > necessary. > > > > Please send you qualifications and desired compensation level > directly > > to hiring@fsl.com > > > > Thanks > > > > - -- > > Steve Swaney > > President > > Fort Systems Ltd. > > steve@fsl.com > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.5.3 (Build 5003) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > > 7sxp1o/rT/ptelv7aiTtLfs= > > =D4j/ > > -----END PGP SIGNATURE----- > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Feb 13 16:35:25 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Feb 13 15:39:46 2007 Subject: OT: Hiring In-Reply-To: <010301c74f83$c4b69a80$4e23cf80$@swaney@fsl.com> References: <45CB4F4D.8060304@ecs.soton.ac.uk> <45D09C25.6090307@nkpanama.com> <010301c74f83$c4b69a80$4e23cf80$@swaney@fsl.com> Message-ID: <010c01c74f84$952fe590$bf8fb0b0$@swaney@fsl.com> Sorry this went out to the list by mistake. It was meant to go the sender. However the part about "The MailScanner list members are a very sharp group!" is certainly true :) Steve Steve Swaney steve@fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: Tuesday, February 13, 2007 10:30 AM > To: 'MailScanner discussion' > Subject: RE: OT: Hiring > > Thanks for inquiring about the opening but we were able to fill this > opening > with the very first applicant. I was amazed at how many very talented > and > qualified applicants we had. The MailScanner list members are a very > sharp > group! > > Best regards, > > Steve > > Steve Swaney > steve@fsl.com > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > > Sent: Monday, February 12, 2007 11:56 AM > > To: MailScanner discussion > > Subject: Re: OT: Hiring > > > > Could you describe the needs/wants you would have from this staffer? > > What would they(me?) need to accomplish? > > > > Julian Field wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > We need to hire some additional part time staff who can help with > > > support for MailScanner, MailScanner related applications, MTAs and > > our > > > DefenderMX application. We will train you on DefenderMX. > > > > > > Salary is commensurate with qualifications and location anywhere is > > the > > > world is just fine, you just need a high speed Internet link. Hour > > are > > > flexible and the working environment is great J. Reasonable English > > > skill is required and an additional language would be useful but > not > > > necessary. > > > > > > Please send you qualifications and desired compensation level > > directly > > > to hiring@fsl.com > > > > > > Thanks > > > > > > - -- > > > Steve Swaney > > > President > > > Fort Systems Ltd. > > > steve@fsl.com > > > > > > - -- > > > Julian Field MEng CITP > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP Desktop 9.5.3 (Build 5003) > > > Comment: (pgp-secured) > > > Charset: ISO-8859-1 > > > > > > wj8DBQFFy1BUEfZZRxQVtlQRAormAJ0TDoKA9umyrZhvfUtsYcNe/n8nuQCfWCdf > > > 7sxp1o/rT/ptelv7aiTtLfs= > > > =D4j/ > > > -----END PGP SIGNATURE----- > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Feb 13 17:22:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 16:27:10 2007 Subject: Mqueue.in huge In-Reply-To: <200702131505.l1DF5rbq018374@netra.database.it> References: <223f97700702130624g162f2accl4a201e30143c9423@mail.gmail.com> <200702131505.l1DF5rbq018374@netra.database.it> Message-ID: <223f97700702130822s7d97ceeaw20802ce942d2d74c@mail.gmail.com> On 13/02/07, Marcello Anderlini wrote: > I make the symlink but the problem seem to be still presents. > Now my mqueue.in is running about 120/130 msg waiting and is growing. The > only way to decrease it is to not use spamassassin. Ok. > I notice anyway that msg are still marked spam using black-list, I suppose > directly by Mailscanner and I can delete it if I change > "Spam Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > delete. Could this be a solution ? Only a temporary one, IMO. You do want SA to have its say:-). > But How can I understand where spamassassin is slowing ? Can spamassassin -D > -t generate a log with timing ? Like the MailWatch thing? Unfortunately I know of no such thing (doesn't necessarily mean there is none:-). One could probably just change the MailWatch thing a bit so that it'd use a message and not really the --lint thing... Looking at that.... In sa_lint.php around line 24 you could probably change if(!$fp = popen(SA_DIR.'spamassassin -x -D -p '.SA_PREFS.' --lint 2>&1','r')) { to something like if(!$fp = popen(SA_DIR.'spamassassin -x -D -t /path/to/your/test/message 2>&1','r')) { ... and then restart apache and your browser. When you the run the "SA lint" on the Tools page, you should get a timed variant of that ... in theory, I've not tested this:-). Keep a copy of the original file, just in case:-):-). > I'll update mailscanner as soon as possible. > Good plan. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Tue Feb 13 17:27:25 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Feb 13 16:31:47 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk> Message-ID: <45D1E6ED.1040908@fsl.com> Hi Ian, Ian wrote: > I posted to this list because it only happens when the mail is passed through MailScanner, so > I actually need help on debugging on what happens to the message when it is passed to > spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin > thinks is the bad url. > > Is it the domain name of the server? The name of the perl script? Something else I'm not > seeing? > > What does the MailScanner option: > > Debug SpamAssassin = yes > > actually do? Where do I read the debug output? > > Any help would be appreciated. Try this: Place the attached file into your CustomFunctions directory (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), then in MailScanner.conf set: Always Looked Up Last = &SALongReport Then do a full restart of MailScanner and run the message in question through MailScanner again. You will now see the full SpamAssassin report in the mail log which should contain all the information that you need. Hope this helps. Please report back your findings to the list if it does. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. -------------- next part -------------- A non-text attachment was scrubbed... Name: SALongReport.pm Type: application/x-perl Size: 1604 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/ce3bd22c/SALongReport.bin From chandler.lists at chapman.edu Tue Feb 13 17:42:43 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 16:47:17 2007 Subject: Slow MailScanner Message-ID: <45D1EA83.9070906@chapman.edu> I have two servers. Here's one: aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) processed in 12.81 seconds Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed in 6.56 seconds Here's the other: > spacecowboy# tail -f /var/log/maillog |grep rocessed > Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) > processed in 252.21 seconds > Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) > processed in 61.60 seconds > Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) > processed in 86.83 seconds > Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) > processed in 31.38 seconds > Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) > processed in 166.69 seconds > Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) > processed in 531.03 seconds > Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) > processed in 384.67 seconds > Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) > processed in 97.58 seconds > Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) > processed in 62.52 seconds > Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) > processed in 24.16 seconds > Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) > processed in 647.57 seconds > Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) > processed in 68.93 seconds Any idea what would be causing this? Same configuration, same MX priority. The one with delays has built quite the queue backlog. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From cobalt-users1 at fishnet.co.uk Tue Feb 13 17:51:18 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Tue Feb 13 16:55:47 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D1E6ED.1040908@fsl.com> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1C5FA.3938.453986F@cobalt-users1.fishnet.co.uk>, <45D1E6ED.1040908@fsl.com> Message-ID: <45D1EC86.12755.4EA2927@cobalt-users1.fishnet.co.uk> On 13 Feb 2007 at 16:27, Steve Freegard wrote: > Hi Ian, > > Ian wrote: > > I posted to this list because it only happens when the mail is passed through MailScanner, so > > I actually need help on debugging on what happens to the message when it is passed to > > spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin > > thinks is the bad url. > > > > Is it the domain name of the server? The name of the perl script? Something else I'm not > > seeing? > > > > What does the MailScanner option: > > > > Debug SpamAssassin = yes > > > > actually do? Where do I read the debug output? > > > > Any help would be appreciated. > > Try this: > > Place the attached file into your CustomFunctions directory > (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), > then in MailScanner.conf set: > > Always Looked Up Last = &SALongReport Hi Steve, Thanks for this. I already have: Always Looked Up Last = &MailWatchLogging So I did a bit of hacking and added the line: MailScanner::Log::InfoLog($message->{salongreport}); to the 'MailWatchLogging' subrouting after: # Don't bother trying to do an insert if no message is passed-in return unless $message; I'll let you know how I go on. Thanks for your help Ian -- > Then do a full restart of MailScanner and run the message in question > through MailScanner again. You will now see the full SpamAssassin > report in the mail log which should contain all the information that you > need. > > Hope this helps. Please report back your findings to the list if it does. > > Kind regards, > Steve. > > -- > Steve Freegard > Development Director > Fort Systems Ltd. > From m.anderlini at database.it Tue Feb 13 17:56:06 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 17:00:45 2007 Subject: Mqueue.in huge In-Reply-To: <223f97700702130822s7d97ceeaw20802ce942d2d74c@mail.gmail.com> Message-ID: <200702131656.l1DGu3BA014506@netra.database.it> But I have not MailWatch installed. I think now the best things it's to upgrade Mailscanner and see if things get better or not. Let me try. Thanks again. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: martedì 13 febbraio 2007 17.23 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > On 13/02/07, Marcello Anderlini wrote: > > I make the symlink but the problem seem to be still presents. > > Now my mqueue.in is running about 120/130 msg waiting and > is growing. > > The only way to decrease it is to not use spamassassin. > Ok. > > > I notice anyway that msg are still marked spam using black-list, I > > suppose directly by Mailscanner and I can delete it if I > change "Spam > > Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > > delete. Could this be a solution ? > Only a temporary one, IMO. You do want SA to have its say:-). > > > But How can I understand where spamassassin is slowing ? Can > > spamassassin -D -t generate a log with timing ? > Like the MailWatch thing? Unfortunately I know of no such > thing (doesn't necessarily mean there is none:-). One could > probably just change the MailWatch thing a bit so that it'd > use a message and not really the --lint thing... Looking at > that.... In sa_lint.php around line 24 you could probably > change if(!$fp = popen(SA_DIR.'spamassassin -x -D -p > '.SA_PREFS.' --lint 2>&1','r')) { to something like if(!$fp = > popen(SA_DIR.'spamassassin -x -D -t > /path/to/your/test/message 2>&1','r')) { ... and then restart > apache and your browser. When you the run the "SA lint" on > the Tools page, you should get a timed variant of that ... in > theory, I've not tested this:-). Keep a copy of the original > file, just in case:-):-). > > > I'll update mailscanner as soon as possible. > > > Good plan. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From Howard at harper-adams.ac.uk Tue Feb 13 17:57:18 2007 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Tue Feb 13 17:02:40 2007 Subject: Diskspace on redhat ent 3 Message-ID: Dear List I had what amounts to a DOS attack on Friday when one of our users decided to email 900+ external accounts with a 4.2mb attachment. Given that our normal total daily through put is <1gb it was an unusual load for our box. After a while the server ran out of space on /var, where all the spool queues are, and whilst it didn't actually stop it went VERY slowly. After releasing some disk space it ran with a load of 7 for quite some time. What would be the best option that will allow me to put the queues somewhere else so that there is a bit more of a cushion? I could use part of the /usr directory as it has quite a bit of free space or create a new partition. If I do this is it better to recompile Sendmail to look at the new directory or use a link pointing to the new location? Same with MailScanner - editing MailScanner.conf or using link to the new location? Thanks Regards Howard Robinson, (Senior Technical Development Officer), Harper Adams University College, Edgmond, Newport, Shropshire , TF10 8NB. Tel. Direct 01952 815253 Tel. Switch Board 01952 820280 Fax 01952 814783 Email hrobinson@harper-adams.ac.uk Web www.harper-adams.ac.uk From m.anderlini at database.it Tue Feb 13 17:58:47 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Feb 13 17:03:07 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <45D1CDE4.1010800@USherbrooke.ca> Message-ID: <200702131658.l1DGwjhc017170@netra.database.it> Hello,is there any rpm repository for mailscanner on centos ? It would be great just install or update all with a simple yum update. Best regards. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From naolson at gmail.com Tue Feb 13 18:03:05 2007 From: naolson at gmail.com (Nathan Olson) Date: Tue Feb 13 17:07:29 2007 Subject: Slow MailScanner In-Reply-To: <45D1EA83.9070906@chapman.edu> References: <45D1EA83.9070906@chapman.edu> Message-ID: <8f54b4330702130903j28d9911ag91afa7e47d8865cf@mail.gmail.com> Local caching nameserver isn't running on the second one? Nate From chandler.lists at chapman.edu Tue Feb 13 18:11:18 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 17:15:43 2007 Subject: Slow MailScanner In-Reply-To: <8f54b4330702130903j28d9911ag91afa7e47d8865cf@mail.gmail.com> References: <45D1EA83.9070906@chapman.edu> <8f54b4330702130903j28d9911ag91afa7e47d8865cf@mail.gmail.com> Message-ID: <45D1F136.9050101@chapman.edu> Nathan Olson wrote: > Local caching nameserver isn't running on the second one? > > Nate Good guess, but no. I've got a few blacklists running on a local DNS server, but I didn't configure a local caching DNS server for either box. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dave.list at pixelhammer.com Tue Feb 13 18:13:22 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 13 17:18:09 2007 Subject: Slow MailScanner In-Reply-To: <45D1EA83.9070906@chapman.edu> References: <45D1EA83.9070906@chapman.edu> Message-ID: <45D1F1B2.2020708@pixelhammer.com> Jay Chandler wrote: > I have two servers. > > Here's one: > > aconcagua# tail -f /var/log/maillog |grep rocessed > Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) > processed in 6.66 seconds > Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) > processed in 10.06 seconds > Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.11 seconds > Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) > processed in 6.70 seconds > Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) > processed in 8.74 seconds > Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) > processed in 12.81 seconds > Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) > processed in 7.75 seconds > Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) > processed in 6.53 seconds > Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.41 seconds > Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) > processed in 6.56 seconds > > Here's the other: > >> spacecowboy# tail -f /var/log/maillog |grep rocessed >> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) >> processed in 252.21 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) >> processed in 61.60 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) >> processed in 86.83 seconds >> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >> processed in 31.38 seconds >> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) >> processed in 166.69 seconds >> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >> processed in 531.03 seconds >> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) >> processed in 384.67 seconds >> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >> processed in 97.58 seconds >> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) >> processed in 62.52 seconds >> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >> processed in 24.16 seconds >> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) >> processed in 647.57 seconds >> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >> processed in 68.93 seconds > > Any idea what would be causing this? Same configuration, same MX > priority. The one with delays has built quite the queue backlog. > Can both machines resolve DNS with the same speed? Do you have a caching name server on both machines? Is the Bays DB the same size on both machines? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From ecasarero at gmail.com Tue Feb 13 18:17:04 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Feb 13 17:21:27 2007 Subject: Slow MailScanner In-Reply-To: <45D1F1B2.2020708@pixelhammer.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> Message-ID: <7d9b3cf20702130917v59c7a0fax226e43a06684ba31@mail.gmail.com> how is your expire bayes conf? 2007/2/13, DAve : > > Jay Chandler wrote: > > I have two servers. > > > > Here's one: > > > > aconcagua# tail -f /var/log/maillog |grep rocessed > > Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) > > processed in 6.66 seconds > > Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) > > processed in 10.06 seconds > > Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) > > processed in 6.11 seconds > > Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) > > processed in 6.84 seconds > > Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) > > processed in 6.70 seconds > > Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) > > processed in 8.74 seconds > > Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) > > processed in 12.81 seconds > > Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) > > processed in 7.75 seconds > > Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) > > processed in 6.53 seconds > > Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) > > processed in 6.41 seconds > > Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) > > processed in 6.84 seconds > > Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) > > processed in 6.56 seconds > > > > Here's the other: > > > >> spacecowboy# tail -f /var/log/maillog |grep rocessed > >> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) > >> processed in 252.21 seconds > >> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) > >> processed in 61.60 seconds > >> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) > >> processed in 86.83 seconds > >> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) > >> processed in 31.38 seconds > >> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) > >> processed in 166.69 seconds > >> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) > >> processed in 531.03 seconds > >> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) > >> processed in 384.67 seconds > >> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) > >> processed in 97.58 seconds > >> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) > >> processed in 62.52 seconds > >> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) > >> processed in 24.16 seconds > >> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) > >> processed in 647.57 seconds > >> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) > >> processed in 68.93 seconds > > > > Any idea what would be causing this? Same configuration, same MX > > priority. The one with delays has built quite the queue backlog. > > > > Can both machines resolve DNS with the same speed? > Do you have a caching name server on both machines? > Is the Bays DB the same size on both machines? > > DAve > > > -- > Three years now I've asked Google why they don't have a > logo change for Memorial Day. Why do they choose to do logos > for other non-international holidays, but nothing for > Veterans? > > Maybe they forgot who made that choice possible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/30373174/attachment.html From ssilva at sgvwater.com Tue Feb 13 18:30:38 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 17:35:29 2007 Subject: Slow MailScanner In-Reply-To: <45D1EA83.9070906@chapman.edu> References: <45D1EA83.9070906@chapman.edu> Message-ID: Jay Chandler spake the following on 2/13/2007 8:42 AM: > I have two servers. > > Here's one: > > aconcagua# tail -f /var/log/maillog |grep rocessed > Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) > processed in 6.66 seconds > Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) > processed in 10.06 seconds > Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.11 seconds > Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) > processed in 6.70 seconds > Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) > processed in 8.74 seconds > Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) > processed in 12.81 seconds > Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) > processed in 7.75 seconds > Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) > processed in 6.53 seconds > Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) > processed in 6.41 seconds > Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) > processed in 6.84 seconds > Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) > processed in 6.56 seconds > > Here's the other: > >> spacecowboy# tail -f /var/log/maillog |grep rocessed >> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) >> processed in 252.21 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) >> processed in 61.60 seconds >> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) >> processed in 86.83 seconds >> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >> processed in 31.38 seconds >> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) >> processed in 166.69 seconds >> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >> processed in 531.03 seconds >> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) >> processed in 384.67 seconds >> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >> processed in 97.58 seconds >> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) >> processed in 62.52 seconds >> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >> processed in 24.16 seconds >> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) >> processed in 647.57 seconds >> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >> processed in 68.93 seconds > > Any idea what would be causing this? Same configuration, same MX > priority. The one with delays has built quite the queue backlog. > There could be any number of things going wrong. Have you tried the obvious such as linting or debugging each server? Check that both are really identical? Maybe a perl module difference. Have you done any basic hardware tests like hdparm -tT or bonnie++? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From chandler.lists at chapman.edu Tue Feb 13 18:37:53 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 17:42:17 2007 Subject: Slow MailScanner In-Reply-To: <45D1F1B2.2020708@pixelhammer.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> Message-ID: <45D1F771.2020608@chapman.edu> DAve wrote: > Jay Chandler wrote: >> I have two servers. >> >> Here's one: >> >> aconcagua# tail -f /var/log/maillog |grep rocessed >> Feb 13 08:39:58 aconcagua MailScanner[83401]: Batch (1 message) >> processed in 6.66 seconds >> Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 message) >> processed in 10.06 seconds >> Feb 13 08:40:00 aconcagua MailScanner[83989]: Batch (1 message) >> processed in 6.11 seconds >> Feb 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) >> processed in 6.84 seconds >> Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch (1 message) >> processed in 6.70 seconds >> Feb 13 08:40:05 aconcagua MailScanner[82359]: Batch (1 message) >> processed in 8.74 seconds >> Feb 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >> processed in 12.81 seconds >> Feb 13 08:40:07 aconcagua MailScanner[82879]: Batch (1 message) >> processed in 7.75 seconds >> Feb 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) >> processed in 6.53 seconds >> Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch (1 message) >> processed in 6.41 seconds >> Feb 13 08:40:11 aconcagua MailScanner[84046]: Batch (1 message) >> processed in 6.84 seconds >> Feb 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) >> processed in 6.56 seconds >> >> Here's the other: >> >>> spacecowboy# tail -f /var/log/maillog |grep rocessed >>> Feb 13 08:38:57 spacecowboy MailScanner[54541]: Batch (9 messages) >>> processed in 252.21 seconds >>> Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch (2 messages) >>> processed in 61.60 seconds >>> Feb 13 08:39:12 spacecowboy MailScanner[53408]: Batch (4 messages) >>> processed in 86.83 seconds >>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>> processed in 31.38 seconds >>> Feb 13 08:39:17 spacecowboy MailScanner[54987]: Batch (8 messages) >>> processed in 166.69 seconds >>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>> processed in 531.03 seconds >>> Feb 13 08:39:21 spacecowboy MailScanner[53398]: Batch (14 messages) >>> processed in 384.67 seconds >>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>> processed in 97.58 seconds >>> Feb 13 08:39:32 spacecowboy MailScanner[54123]: Batch (2 messages) >>> processed in 62.52 seconds >>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>> processed in 24.16 seconds >>> Feb 13 08:39:39 spacecowboy MailScanner[55686]: Batch (30 messages) >>> processed in 647.57 seconds >>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>> processed in 68.93 seconds >> >> Any idea what would be causing this? Same configuration, same MX >> priority. The one with delays has built quite the queue backlog. >> > > Can both machines resolve DNS with the same speed? > Do you have a caching name server on both machines? > Is the Bays DB the same size on both machines? > > I've been wrestling with this a bit. A few questions: 1. How do I set up a caching nameserver? Can someone throw me a link? 2. I've searched high and low, but I can't find the bayes DB location. I never explicitly set it up, but it's apparently running... Output of mailscanner --lint below: spacecowboy# mailscanner --lint Read 759 hostnames from the phishing whitelist Checking version numbers... Version number in MailScanner.conf (4.58.9) is correct. MailScanner setting GID to (125) MailScanner setting UID to (125) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error SpamAssassin reported no errors. Using locktype = flock MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: bitdefender, clamavmodule -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From ssilva at sgvwater.com Tue Feb 13 18:35:13 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 17:44:25 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: Message-ID: Howard Robinson spake the following on 2/13/2007 8:57 AM: > Dear List > I had what amounts to a DOS attack on Friday when one of our users > decided to email 900+ external accounts with a 4.2mb attachment. Given > that our normal total daily through put is <1gb it was an unusual load > for our box. After a while the server ran out of space on /var, where > all the spool queues are, and whilst it didn't actually stop it went > VERY slowly. After releasing some disk space it ran with a load of 7 > for quite some time. > > What would be the best option that will allow me to put the queues > somewhere else so that there is a bit more of a cushion? I could use > part of the /usr directory as it has quite a bit of free space or create > a new partition. > If I do this is it better to recompile Sendmail to look at the new > directory or use a link pointing to the new location? > Same with MailScanner - editing MailScanner.conf or using link to the > new location? > > Thanks You could symlink in some space from another partition, maybe the quarantine directory or /var/tmp. Or you could move some of the queue into a different partition and move it back a little at a time. I try to leave 5 or 10 gigs free somewhere to have space I can toss in for emergencies. You could also use some space on a usb2 hard drive in an emergency, although it could be slow. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From sandrews at andrewscompanies.com Tue Feb 13 18:48:24 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Feb 13 17:52:45 2007 Subject: Slow MailScanner References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> Bayes dbs are typically in ./root or /etc/MailScanner/bayes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay Chandler Sent: Tuesday, February 13, 2007 12:38 PM To: MailScanner discussion Subject: Re: Slow MailScanner DAve wrote: > Jay Chandler wrote: >> I have two servers. >> >> Here's one: >> >> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed >> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed >> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed >> in 6.56 seconds >> >> Here's the other: >> >>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 08:38:57 >>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch >>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 spacecowboy >>> MailScanner[53408]: Batch (4 messages) processed in 86.83 seconds >>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>> processed in 31.38 seconds Feb 13 08:39:17 spacecowboy >>> MailScanner[54987]: Batch (8 messages) processed in 166.69 seconds >>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>> processed in 531.03 seconds Feb 13 08:39:21 spacecowboy >>> MailScanner[53398]: Batch (14 messages) processed in 384.67 seconds >>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>> processed in 97.58 seconds Feb 13 08:39:32 spacecowboy >>> MailScanner[54123]: Batch (2 messages) processed in 62.52 seconds >>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>> processed in 24.16 seconds Feb 13 08:39:39 spacecowboy >>> MailScanner[55686]: Batch (30 messages) processed in 647.57 seconds >>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>> processed in 68.93 seconds >> >> Any idea what would be causing this? Same configuration, same MX >> priority. The one with delays has built quite the queue backlog. >> > > Can both machines resolve DNS with the same speed? > Do you have a caching name server on both machines? > Is the Bays DB the same size on both machines? > > I've been wrestling with this a bit. A few questions: 1. How do I set up a caching nameserver? Can someone throw me a link? 2. I've searched high and low, but I can't find the bayes DB location. I never explicitly set it up, but it's apparently running... Output of mailscanner --lint below: spacecowboy# mailscanner --lint Read 759 hostnames from the phishing whitelist Checking version numbers... Version number in MailScanner.conf (4.58.9) is correct. MailScanner setting GID to (125) MailScanner setting UID to (125) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error SpamAssassin reported no errors. Using locktype = flock MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: bitdefender, clamavmodule -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From chandler.lists at chapman.edu Tue Feb 13 18:56:53 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 18:02:10 2007 Subject: Slow MailScanner In-Reply-To: <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> Message-ID: <45D1FBE5.8040203@chapman.edu> sandrews@andrewscompanies.com wrote: > Bayes dbs are typically in ./root or /etc/MailScanner/bayes > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay > Chandler > Sent: Tuesday, February 13, 2007 12:38 PM > To: MailScanner discussion > Subject: Re: Slow MailScanner > > DAve wrote: > >> Jay Chandler wrote: >> >>> I have two servers. >>> >>> Here's one: >>> >>> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >>> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >>> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >>> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >>> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >>> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed >>> > > >>> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >>> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >>> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >>> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >>> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >>> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >>> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed >>> > > >>> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >>> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >>> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >>> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed >>> > > >>> in 6.56 seconds >>> >>> Here's the other: >>> >>> >>>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 08:38:57 >>>> > > >>>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch >>>> > > >>>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 spacecowboy >>>> MailScanner[53408]: Batch (4 messages) processed in 86.83 seconds >>>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>>> processed in 31.38 seconds Feb 13 08:39:17 spacecowboy >>>> MailScanner[54987]: Batch (8 messages) processed in 166.69 seconds >>>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>>> processed in 531.03 seconds Feb 13 08:39:21 spacecowboy >>>> MailScanner[53398]: Batch (14 messages) processed in 384.67 seconds >>>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>>> processed in 97.58 seconds Feb 13 08:39:32 spacecowboy >>>> MailScanner[54123]: Batch (2 messages) processed in 62.52 seconds >>>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>>> processed in 24.16 seconds Feb 13 08:39:39 spacecowboy >>>> MailScanner[55686]: Batch (30 messages) processed in 647.57 seconds >>>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>>> processed in 68.93 seconds >>>> >>> Any idea what would be causing this? Same configuration, same MX >>> priority. The one with delays has built quite the queue backlog. >>> >>> >> Can both machines resolve DNS with the same speed? >> Do you have a caching name server on both machines? >> Is the Bays DB the same size on both machines? >> >> >> > I've been wrestling with this a bit. > > A few questions: > > 1. How do I set up a caching nameserver? Can someone throw me a link? > > 2. I've searched high and low, but I can't find the bayes DB location. > I never explicitly set it up, but it's apparently running... > > Output of mailscanner --lint below: > > spacecowboy# mailscanner --lint > Read 759 hostnames from the phishing whitelist Checking version > numbers... > Version number in MailScanner.conf (4.58.9) is correct. > MailScanner setting GID to (125) > MailScanner setting UID to (125) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error > SpamAssassin reported no errors. > Using locktype = flock > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: bitdefender, clamavmodule > > > > -- > Jay Chandler > Network Administrator, Chapman University > 714.628.7249 / chandler@chapman.edu > Today's Excuse: Processes running slowly due to weak power supply > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since this is from the FreeBSD ports tree). So, getting desperate to clear the backlog, I ran sa-learn --clear on the troubled box, and went to get myself a cup of coffee from the break room. On the plus side, I now have coffee. On the downside, it's still taking upwards of 20 seconds per message. The nameserver config is the same. The hardware SHOULD be good-- these boxes are identical, and a month old. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From chandler.lists at chapman.edu Tue Feb 13 19:05:29 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 18:10:24 2007 Subject: Slow MailScanner In-Reply-To: <45D1FBE5.8040203@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> Message-ID: <45D1FDE9.2080601@chapman.edu> Jay Chandler wrote: > sandrews@andrewscompanies.com wrote: >> Bayes dbs are typically in ./root or /etc/MailScanner/bayes >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay >> Chandler >> Sent: Tuesday, February 13, 2007 12:38 PM >> To: MailScanner discussion >> Subject: Re: Slow MailScanner >> >> DAve wrote: >> >>> Jay Chandler wrote: >>> >>>> I have two servers. >>>> >>>> Here's one: >>>> >>>> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >>>> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >>>> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >>>> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >>>> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >>>> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) processed >>>> >> >> >>>> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >>>> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >>>> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >>>> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >>>> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >>>> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >>>> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) processed >>>> >> >> >>>> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >>>> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >>>> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >>>> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) processed >>>> >> >> >>>> in 6.56 seconds >>>> >>>> Here's the other: >>>> >>>> >>>>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 08:38:57 >>>>> >> >> >>>>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>>>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: Batch >>>>> >> >> >>>>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 >>>>> spacecowboy MailScanner[53408]: Batch (4 messages) processed in >>>>> 86.83 seconds Feb 13 08:39:14 spacecowboy MailScanner[53430]: >>>>> Batch (2 messages) processed in 31.38 seconds Feb 13 08:39:17 >>>>> spacecowboy MailScanner[54987]: Batch (8 messages) processed in >>>>> 166.69 seconds Feb 13 08:39:18 spacecowboy MailScanner[53490]: >>>>> Batch (19 messages) processed in 531.03 seconds Feb 13 08:39:21 >>>>> spacecowboy MailScanner[53398]: Batch (14 messages) processed in >>>>> 384.67 seconds Feb 13 08:39:30 spacecowboy MailScanner[53412]: >>>>> Batch (8 messages) processed in 97.58 seconds Feb 13 08:39:32 >>>>> spacecowboy MailScanner[54123]: Batch (2 messages) processed in >>>>> 62.52 seconds Feb 13 08:39:38 spacecowboy MailScanner[53430]: >>>>> Batch (1 message) processed in 24.16 seconds Feb 13 08:39:39 >>>>> spacecowboy MailScanner[55686]: Batch (30 messages) processed in >>>>> 647.57 seconds Feb 13 08:39:48 spacecowboy MailScanner[56780]: >>>>> Batch (5 messages) processed in 68.93 seconds >>>>> >>>> Any idea what would be causing this? Same configuration, same MX >>>> priority. The one with delays has built quite the queue backlog. >>>> >>>> >>> Can both machines resolve DNS with the same speed? >>> Do you have a caching name server on both machines? >>> Is the Bays DB the same size on both machines? >>> >>> >>> >> I've been wrestling with this a bit. >> >> A few questions: >> >> 1. How do I set up a caching nameserver? Can someone throw me a link? >> >> 2. I've searched high and low, but I can't find the bayes DB >> location. I never explicitly set it up, but it's apparently running... >> >> Output of mailscanner --lint below: >> >> spacecowboy# mailscanner --lint >> Read 759 hostnames from the phishing whitelist Checking version >> numbers... >> Version number in MailScanner.conf (4.58.9) is correct. >> MailScanner setting GID to (125) >> MailScanner setting UID to (125) >> >> Checking for SpamAssassin errors (if you use it)... >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> pyzor: check failed: internal error >> SpamAssassin reported no errors. >> Using locktype = flock >> MailScanner.conf says "Virus Scanners = auto" >> Found these virus scanners installed: bitdefender, clamavmodule >> >> >> >> -- >> Jay Chandler >> Network Administrator, Chapman University >> 714.628.7249 / chandler@chapman.edu >> Today's Excuse: Processes running slowly due to weak power supply >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since > this is from the FreeBSD ports tree). > > So, getting desperate to clear the backlog, I ran sa-learn --clear on > the troubled box, and went to get myself a cup of coffee from the > break room. > On the plus side, I now have coffee. On the downside, it's still > taking upwards of 20 seconds per message. > > The nameserver config is the same. The hardware SHOULD be good-- > these boxes are identical, and a month old. > Very interesting. A restart of the box, and the queue is gone, and load times are reasonable. I suspect there's something stealing all the RAM after a few days-- possibly MailScanner. I'll have to investigate this the next time it happens. Thanks to all who helped-- I'm still debating the merits of a caching nameserver. Also-- would there be any benefit to setting up bayes in a SQL environment to share between the two servers? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From doc at maddoc.net Tue Feb 13 19:15:51 2007 From: doc at maddoc.net (Doc Schneider) Date: Tue Feb 13 18:20:13 2007 Subject: Slow MailScanner In-Reply-To: <45D1FDE9.2080601@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> Message-ID: <45D20057.2000902@maddoc.net> Jay Chandler wrote: [massive snip] >> Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since >> this is from the FreeBSD ports tree). >> >> So, getting desperate to clear the backlog, I ran sa-learn --clear on >> the troubled box, and went to get myself a cup of coffee from the >> break room. >> On the plus side, I now have coffee. On the downside, it's still >> taking upwards of 20 seconds per message. >> >> The nameserver config is the same. The hardware SHOULD be good-- >> these boxes are identical, and a month old. >> > Very interesting. A restart of the box, and the queue is gone, and load > times are reasonable. I suspect there's something stealing all the RAM > after a few days-- possibly MailScanner. I'll have to investigate this > the next time it happens. > > Thanks to all who helped-- I'm still debating the merits of a caching > nameserver. > > Also-- would there be any benefit to setting up bayes in a SQL > environment to share between the two servers? > That is the way I do my MailScanner. Using MySQL for everything and also running a DNS server on the boxen itself. So, yes, there are a lot of benefits to going DNS and MySQL for MailScanner. And a plus is you can share the MySQL between servers. 8*) -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ssilva at sgvwater.com Tue Feb 13 19:19:48 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 18:24:38 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702131658.l1DGwjhc017170@netra.database.it> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> Message-ID: Marcello Anderlini spake the following on 2/13/2007 8:58 AM: > Hello,is there any rpm repository for mailscanner on centos ? It would be > great just install or update all with a simple yum update. > > Best regards. > That would be great, but no one has stepped up to create one that I know of. The install packages that Julian has work great already. The download is larger, but it works. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Tue Feb 13 19:22:19 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 13 18:27:15 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> Message-ID: <45D201DB.4080807@nkpanama.com> How can I contribute? Scott Silva wrote: > Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >> Hello,is there any rpm repository for mailscanner on centos ? It would be >> great just install or update all with a simple yum update. >> >> Best regards. >> > That would be great, but no one has stepped up to create one that I know of. > The install packages that Julian has work great already. The download is > larger, but it works. > From dhawal at netmagicsolutions.com Tue Feb 13 19:26:40 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 18:31:13 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702131658.l1DGwjhc017170@netra.database.it> References: <200702131658.l1DGwjhc017170@netra.database.it> Message-ID: <45D202E0.4090102@netmagicsolutions.com> Marcello Anderlini wrote: > Hello,is there any rpm repository for mailscanner on centos ? It would be > great just install or update all with a simple yum update. it shouldn't be too difficult to create one.. just 'rpmbuild' all the src.rpms from MailScanner-version.rpm.tar.gz and move it to a RPMS folder on any webserver. Also copy any other non-source rpms that are a part of MailScanner-version.rpm.tar.gz to the same location. Next run 'createrepo' in the parent folder (../RPMS) and you now have a yum repository ready for use. Now create a local Centos-MailScanner.repo in /etc/yum.repos.d/ ########## [mailscanner] name=CentOS-\$releasever - MailScanner Updates baseurl=http://your.web.server/path/to/mailscanner/RPMS gpgcheck=0 # the next line is important enabled=0 ########## Finally make sure that you do not enable this repo by default.. but enable it only when required. /usr/bin/yum --enablerepo=mailscanner update You can't/shouldn't automate this since languages.conf and MailScanner.conf need to be updated with most stable releases. - dhawal From dhawal at netmagicsolutions.com Tue Feb 13 19:51:22 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 18:55:56 2007 Subject: Slow MailScanner In-Reply-To: <45D1FDE9.2080601@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> Message-ID: <45D208AA.40605@netmagicsolutions.com> Jay Chandler wrote: > Very interesting. A restart of the box, and the queue is gone, and load > times are reasonable. I suspect there's something stealing all the RAM > after a few days-- possibly MailScanner. I'll have to investigate this > the next time it happens. > > Thanks to all who helped-- I'm still debating the merits of a caching > nameserver. http://wiki.mailscanner.info/doku.php?id=documentation:related_software:caching_nameserver:djbdns > Also-- would there be any benefit to setting up bayes in a SQL > environment to share between the two servers? http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql Both wikis were originally written by me / with a lot of help from others. A SQL storage for bayes will help you.. since now more than one server is contributing to both spam and ham learning. For SQL bayes learning is fast and so is expiry.. plus the SA devs recommend it as the preferred storage back-end. For the caching nameserver a low-end box with a gig (or 2) ram thrown in and good connectivity would be great. You could also simply install the caching-nameserver RPM if you are on redhat/centos.. - dhawal From brent.bolin at gmail.com Tue Feb 13 19:53:33 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 13 18:57:54 2007 Subject: Mailscanner talking to Mysql database Message-ID: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> This is probably not a question for MailScanner folk but I'm hoping someone can help. Trying to get MailWatch working. FBSD 6.2 MailScanner-4.57.6_1 mysql-server-5.0.33 p5-DBD-mysql50-4.0000 p5-DBI-1.53 This server is a recovery from a server crash. The old boxen was FBSD 5.4this is 6.2 Have been able to recover the old mysql database (mysql References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> Message-ID: <45D20AD5.6020600@chapman.edu> Dhawal Doshy wrote: > [snippetry] > > > For the caching nameserver a low-end box with a gig (or 2) ram thrown > in and good connectivity would be great. You could also simply install > the caching-nameserver RPM if you are on redhat/centos.. > > - dhawal Very interesting. Should the caching nameserver be run on the mailservers themselves, or on a different box, and the sole nameserver entry for this box would be the caching box? Building the MySQL server up now... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dhawal at netmagicsolutions.com Tue Feb 13 20:13:42 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 19:18:16 2007 Subject: Slow MailScanner In-Reply-To: <45D20AD5.6020600@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> <45D20AD5.6020600@chapman.edu> Message-ID: <45D20DE6.1020802@netmagicsolutions.com> Jay Chandler wrote: > Dhawal Doshy wrote: >> [snippetry] >> >> For the caching nameserver a low-end box with a gig (or 2) ram thrown >> in and good connectivity would be great. You could also simply install >> the caching-nameserver RPM if you are on redhat/centos.. >> >> - dhawal > Very interesting. Should the caching nameserver be run on the > mailservers themselves, or on a different box, and the sole nameserver > entry for this box would be the caching box? if you can afford a separate server as mentioned above.. great!! else run a local cache with say 100MB size. > Building the MySQL server up now... cool.. give extra attention to the 'bayes_sql_override_username' parameter.. that is where most users get stuck. The old jiscmail link no longer works.. use this one instead: http://article.gmane.org/gmane.mail.virus.mailscanner/29437 - dhawal From chandler.lists at chapman.edu Tue Feb 13 20:26:42 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 19:31:09 2007 Subject: Slow MailScanner In-Reply-To: <45D20DE6.1020802@netmagicsolutions.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> <45D20AD5.6020600@chapman.edu> <45D20DE6.1020802@netmagicsolutions.com> Message-ID: <45D210F2.5030000@chapman.edu> Dhawal Doshy wrote: > Jay Chandler wrote: >> Dhawal Doshy wrote: >>> [snippetry] >>> >>> For the caching nameserver a low-end box with a gig (or 2) ram >>> thrown in and good connectivity would be great. You could also >>> simply install the caching-nameserver RPM if you are on redhat/centos.. >>> >>> - dhawal >> Very interesting. Should the caching nameserver be run on the >> mailservers themselves, or on a different box, and the sole >> nameserver entry for this box would be the caching box? > > if you can afford a separate server as mentioned above.. great!! else > run a local cache with say 100MB size. > >> Building the MySQL server up now... > > cool.. give extra attention to the 'bayes_sql_override_username' > parameter.. that is where most users get stuck. The old jiscmail link > no longer works.. use this one instead: > http://article.gmane.org/gmane.mail.virus.mailscanner/29437 > > - dhawal Funny you should mention that! Followed the Wiki precisely, but got this error: [99745] dbg: bayes: using username: root [99745] dbg: bayes: database connection established [99745] dbg: bayes: found bayes db version 3 [99745] dbg: bayes: unable to initialize database for root user, aborting! I haven't yet found a fix. The root user has a password assigned (particularly from remote machines!) that I haven't put into the config. If you can point me to a fix I'll gladly update the wiki. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dave.list at pixelhammer.com Tue Feb 13 20:27:41 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 13 19:32:27 2007 Subject: Slow MailScanner In-Reply-To: <45D1F771.2020608@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> Message-ID: <45D2112D.2060900@pixelhammer.com> Jay Chandler wrote: > DAve wrote: >> Jay Chandler wrote: >>> I have two servers. >>> >>>>lScanner[55686]: Batch (30 messages) >>>> processed in 647.57 seconds >>>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>>> processed in 68.93 seconds >>> >>> Any idea what would be causing this? Same configuration, same MX >>> priority. The one with delays has built quite the queue backlog. >>> >> >> Can both machines resolve DNS with the same speed? >> Do you have a caching name server on both machines? >> Is the Bays DB the same size on both machines? >> >> > I've been wrestling with this a bit. > > A few questions: > > 1. How do I set up a caching nameserver? Can someone throw me a link? > I highly recommend djbdns. You will need to install tcpserver but it is all very simple. http://cr.yp.to/djbdns.html http://cr.yp.to/daemontools/install.html http://cr.yp.to/ucspi-tcp/install.html Once dbjdns is installed, follow these instructions. http://cr.yp.to/djbdns/run-cache.html That will get a simple dnscache running that will pretty much be bullet proof. We run it on all our servers, web, ftp, pop toasters, mail gateways, and media servers. It makes a considerable difference in DNS lookup times. It is light, simple, efficient, and code small. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From chandler.lists at chapman.edu Tue Feb 13 20:29:59 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 13 19:34:34 2007 Subject: Slow MailScanner In-Reply-To: <45D2112D.2060900@pixelhammer.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <45D2112D.2060900@pixelhammer.com> Message-ID: <45D211B7.3050406@chapman.edu> DAve wrote: > I highly recommend djbdns. You will need to install tcpserver but it > is all very simple. > http://cr.yp.to/djbdns.html > http://cr.yp.to/daemontools/install.html > http://cr.yp.to/ucspi-tcp/install.html > > Once dbjdns is installed, follow these instructions. > > http://cr.yp.to/djbdns/run-cache.html > > That will get a simple dnscache running that will pretty much be > bullet proof. We run it on all our servers, web, ftp, pop toasters, > mail gateways, and media servers. It makes a considerable difference > in DNS lookup times. It is light, simple, efficient, and code small. > > DAve > The server I'd nominally use as a caching nameserver already runs rbldnsd. I suspect this would cause a conflict, correct? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From dhawal at netmagicsolutions.com Tue Feb 13 20:31:03 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 19:35:43 2007 Subject: Slow MailScanner In-Reply-To: <45D210F2.5030000@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <45D1FDE9.2080601@chapman.edu> <45D208AA.40605@netmagicsolutions.com> <45D20AD5.6020600@chapman.edu> <45D20DE6.1020802@netmagicsolutions.com> <45D210F2.5030000@chapman.edu> Message-ID: <45D211F7.1080907@netmagicsolutions.com> Jay Chandler wrote: > Dhawal Doshy wrote: >> Jay Chandler wrote: >>> Dhawal Doshy wrote: >>>> [snippetry] >>>> >>>> For the caching nameserver a low-end box with a gig (or 2) ram >>>> thrown in and good connectivity would be great. You could also >>>> simply install the caching-nameserver RPM if you are on redhat/centos.. >>>> >>>> - dhawal >>> Very interesting. Should the caching nameserver be run on the >>> mailservers themselves, or on a different box, and the sole >>> nameserver entry for this box would be the caching box? >> >> if you can afford a separate server as mentioned above.. great!! else >> run a local cache with say 100MB size. >> >>> Building the MySQL server up now... >> >> cool.. give extra attention to the 'bayes_sql_override_username' >> parameter.. that is where most users get stuck. The old jiscmail link >> no longer works.. use this one instead: >> http://article.gmane.org/gmane.mail.virus.mailscanner/29437 >> >> - dhawal > Funny you should mention that! > > Followed the Wiki precisely, but got this error: > > [99745] dbg: bayes: using username: root > [99745] dbg: bayes: database connection established > [99745] dbg: bayes: found bayes db version 3 > [99745] dbg: bayes: unable to initialize database for root user, aborting! > > I haven't yet found a fix. The root user has a password assigned > (particularly from remote machines!) that I haven't put into the > config. If you can point me to a fix I'll gladly update the wiki. > From TFL.. http://article.gmane.org/gmane.mail.virus.mailscanner/29437 mysql> SELECT id, username, spam_count, ham_count, token_count FROM bayes_vars; +----+----------+------------+-----------+-------------+ | id | username | spam_count | ham_count | token_count | +----+----------+------------+-----------+-------------+ | 2 | root | 190707 | 168166 | 124113 | | 3 | apache | 0 | 0 | 0 | +----+----------+------------+-----------+-------------+ 2 rows in set (0.02 sec) Maybe you'll also see a postfix line there.. use the one which has the most tokens. From dhawal at netmagicsolutions.com Tue Feb 13 20:32:55 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 13 19:37:18 2007 Subject: Slow MailScanner In-Reply-To: <45D211B7.3050406@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <45D2112D.2060900@pixelhammer.com> <45D211B7.3050406@chapman.edu> Message-ID: <45D21267.70208@netmagicsolutions.com> Jay Chandler wrote: > DAve wrote: >> I highly recommend djbdns. You will need to install tcpserver but it >> is all very simple. >> http://cr.yp.to/djbdns.html >> http://cr.yp.to/daemontools/install.html >> http://cr.yp.to/ucspi-tcp/install.html >> >> Once dbjdns is installed, follow these instructions. >> >> http://cr.yp.to/djbdns/run-cache.html >> >> That will get a simple dnscache running that will pretty much be >> bullet proof. We run it on all our servers, web, ftp, pop toasters, >> mail gateways, and media servers. It makes a considerable difference >> in DNS lookup times. It is light, simple, efficient, and code small. >> >> DAve >> > > The server I'd nominally use as a caching nameserver already runs > rbldnsd. I suspect this would cause a conflict, correct? Not on different IP address.. both rbldnsd and djbdns can be bound to different IPs From email at ace.net.au Tue Feb 13 20:38:15 2007 From: email at ace.net.au (Peter Nitschke) Date: Tue Feb 13 19:45:40 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: Message-ID: <200702140608150527.667374BA@smtp1.ace.net.au> Is it still valid to even have a lot of seperate partitions these days? If the hard drive dies you are usually pretty well stuffed no matter how many partitions you have. Mostly our mail servers are single purpose machines, so I just have a 1Gb swap partition and give the rest to /. No problems with partitions running out of space. Or is this still Unix/Linux heresy? Peter *********** REPLY SEPARATOR *********** On 13/02/2007 at 9:35 AM Scott Silva wrote: >Howard Robinson spake the following on 2/13/2007 8:57 AM: >> Dear List >> I had what amounts to a DOS attack on Friday when one of our users >> decided to email 900+ external accounts with a 4.2mb attachment. Given >> that our normal total daily through put is <1gb it was an unusual load >> for our box. After a while the server ran out of space on /var, where >> all the spool queues are, and whilst it didn't actually stop it went >> VERY slowly. After releasing some disk space it ran with a load of 7 >> for quite some time. >> >> What would be the best option that will allow me to put the queues >> somewhere else so that there is a bit more of a cushion? I could use >> part of the /usr directory as it has quite a bit of free space or create >> a new partition. >> If I do this is it better to recompile Sendmail to look at the new >> directory or use a link pointing to the new location? >> Same with MailScanner - editing MailScanner.conf or using link to the >> new location? >> >> Thanks >You could symlink in some space from another partition, maybe the >quarantine >directory or /var/tmp. Or you could move some of the queue into a different >partition and move it back a little at a time. I try to leave 5 or 10 gigs >free somewhere to have space I can toss in for emergencies. You could also >use >some space on a usb2 hard drive in an emergency, although it could be slow. > >-- > >MailScanner is like deodorant... >You hope everybody uses it, and >you notice quickly if they don't!!!! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From jfagan at firstlightnetworks.com Tue Feb 13 20:55:21 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Tue Feb 13 19:58:21 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: References: <45D1CDE4.1010800@USherbrooke.ca><200702131658.l1DGwjhc017170@netra.database.it> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> > Marcello Anderlini spake the following on 2/13/2007 8:58 AM: > > Hello,is there any rpm repository for mailscanner on centos ? It would > be > > great just install or update all with a simple yum update. > > > > Best regards. > > > That would be great, but no one has stepped up to create one that I know > of. > The install packages that Julian has work great already. The download is > larger, but it works. > > I have a couple boxes (1 for sure) that could be used for a repo, but Im not that good at building packages. I have setup repos for CentOS in the past, it would be a little bit a project if people are intersted I can start getting things together on my end in the next week or two. Will be on vacation for a little bit starting today. Im guessing we would need: 1. boxes 2. DNS 3. packager(s) 4. testors 5. victory beers Anything else? Any interest? James From dave.list at pixelhammer.com Tue Feb 13 21:11:03 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 13 20:15:48 2007 Subject: Slow MailScanner In-Reply-To: <45D211B7.3050406@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <45D2112D.2060900@pixelhammer.com> <45D211B7.3050406@chapman.edu> Message-ID: <45D21B57.90802@pixelhammer.com> Jay Chandler wrote: > DAve wrote: >> I highly recommend djbdns. You will need to install tcpserver but it >> is all very simple. >> http://cr.yp.to/djbdns.html >> http://cr.yp.to/daemontools/install.html >> http://cr.yp.to/ucspi-tcp/install.html >> >> Once dbjdns is installed, follow these instructions. >> >> http://cr.yp.to/djbdns/run-cache.html >> >> That will get a simple dnscache running that will pretty much be >> bullet proof. We run it on all our servers, web, ftp, pop toasters, >> mail gateways, and media servers. It makes a considerable difference >> in DNS lookup times. It is light, simple, efficient, and code small. >> >> DAve >> > > The server I'd nominally use as a caching nameserver already runs > rbldnsd. I suspect this would cause a conflict, correct? > We install a copy on each server and replace the root servers entries with our own DNS servers. That way each server does it's lookups off our own DNS which is a bit quicker via our private network. PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND 40588 smmsp 98 0 273M 253M CPU2 0 415.9H 13.04% 13.04% milter-greylist 19620 root 113 0 27484K 26920K CPU3 3 0:03 52.47% 9.52% clamscan 19629 root 116 0 23068K 22448K RUN 1 0:02 54.97% 7.67% clamscan 16584 root -8 0 31740K 30168K piperd 1 0:04 0.39% 0.39% perl5.6.2 16647 root 8 0 29296K 27888K nanslp 3 0:03 0.15% 0.15% perl5.6.2 19487 root 4 0 2696K 2132K connec 2 0:00 0.18% 0.15% sendmail 86396 Gdnscache 76 0 2588K 1916K select 2 698:49 0.05% 0.05% dnscache It uses no resources to speak of yet makes DNS queries very rapidly. Especially where recurring queries for things like URIBL are concerned. DNScache will run locally on 127.0.0.1 in this manner. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From brent.bolin at gmail.com Tue Feb 13 21:12:39 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 13 20:17:03 2007 Subject: Mailscanner talking to Mysql database In-Reply-To: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> References: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> Message-ID: <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> I give up. Scrambling around for an answer for the last 5 hours. Go back and look at the web interface and it's working. wtf On 2/13/07, BB wrote: > > This is probably not a question for MailScanner folk but I'm hoping > someone can help. > > Trying to get MailWatch working. > > FBSD 6.2 > MailScanner-4.57.6_1 > mysql-server-5.0.33 > p5-DBD-mysql50-4.0000 > p5-DBI-1.53 > > This server is a recovery from a server crash. The old boxen was FBSD 5.4this is > 6.2 > > Have been able to recover the old mysql database (mysql > I have all my white/blacklists displayed in MailWatch, but there is > nothing logging to current messages in MailWatch. For that matter nothing > to mysql database. I am able to add/delete white/black lists however. > > Always Looked Up Last = &MailWatchLogging > Detailed Spam Report = yes > Quarantine Whole Message = yes > Quarantine Whole Message As Queue Files = no > Include Scores In SpamAssassin Report = yes > > Definitely Not Spam = &SQLBlacklist > Is Definitely Spam = &SQLBlacklist > > I have made the modifications to - > MailWatch.pm > conf.php > SQLBlackWhiteList.pm > > Anybody have any ideas ? > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/3b4443f1/attachment.html From ssilva at sgvwater.com Tue Feb 13 21:31:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 20:35:42 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702140608150527.667374BA@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> Message-ID: Peter Nitschke spake the following on 2/13/2007 11:38 AM: > Is it still valid to even have a lot of seperate partitions these days? > > If the hard drive dies you are usually pretty well stuffed no matter how > many partitions you have. > > Mostly our mail servers are single purpose machines, so I just have a 1Gb > swap partition and give the rest to /. No problems with partitions running > out of space. > > Or is this still Unix/Linux heresy? > > Peter It is still handy for process separation, I still set up with separate /home /var /usr and sometimes /opt. And I still make the first partition a small /boot (100Megs or so) just because I have seen bootloader problems in the past. I don't think there is any real heresy in linux. It is your system, do what you feel best with it. That is why I like the choice with linux. You can have a large root partition, or make every partition on a separate filesystem. Or in LVM like the current default installers do. Whatever floats your boat! Another thing you can do with separate partitions is mount /usr read only and also do a bind mount and mount the same partition as rw in another place. Not that you would need to, but it is all about the choice! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 13 21:32:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 13 20:39:24 2007 Subject: Mailscanner talking to Mysql database In-Reply-To: <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> References: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> Message-ID: BB spake the following on 2/13/2007 12:12 PM: > I give up. > > Scrambling around for an answer for the last 5 hours. Go back and look > at the web interface and it's working. > > wtf The server saw you coming with the sledge hammer! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.bolin at gmail.com Tue Feb 13 21:43:47 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 13 20:48:09 2007 Subject: Mailscanner talking to Mysql database In-Reply-To: References: <787dcac20702131053u15b95a59seb130ab5093f856f@mail.gmail.com> <787dcac20702131212t355ab7d2l86c4bff3dcd4d78f@mail.gmail.com> Message-ID: <787dcac20702131243u1c8ad943nb5d25f401f06d2c8@mail.gmail.com> :) On 2/13/07, Scott Silva wrote: > > BB spake the following on 2/13/2007 12:12 PM: > > I give up. > > > > Scrambling around for an answer for the last 5 hours. Go back and look > > at the web interface and it's working. > > > > wtf > The server saw you coming with the sledge hammer! > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070213/5e511dcd/attachment.html From sandrews at andrewscompanies.com Tue Feb 13 22:46:57 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Tue Feb 13 21:51:19 2007 Subject: Slow MailScanner References: <45D1EA83.9070906@chapman.edu><45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu><1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A0D1@winchester.andrewscompanies.com> Turn off bayes and see what happens. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay Chandler Sent: Tuesday, February 13, 2007 12:57 PM To: MailScanner discussion Subject: Re: Slow MailScanner sandrews@andrewscompanies.com wrote: > Bayes dbs are typically in ./root or /etc/MailScanner/bayes > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay > Chandler > Sent: Tuesday, February 13, 2007 12:38 PM > To: MailScanner discussion > Subject: Re: Slow MailScanner > > DAve wrote: > >> Jay Chandler wrote: >> >>> I have two servers. >>> >>> Here's one: >>> >>> aconcagua# tail -f /var/log/maillog |grep rocessed Feb 13 08:39:58 >>> aconcagua MailScanner[83401]: Batch (1 message) processed in 6.66 >>> seconds Feb 13 08:39:58 aconcagua MailScanner[83008]: Batch (1 >>> message) processed in 10.06 seconds Feb 13 08:40:00 aconcagua >>> MailScanner[83989]: Batch (1 message) processed in 6.11 seconds Feb >>> 13 08:40:03 aconcagua MailScanner[83677]: Batch (1 message) >>> processed >>> > > >>> in 6.84 seconds Feb 13 08:40:04 aconcagua MailScanner[82475]: Batch >>> (1 message) processed in 6.70 seconds Feb 13 08:40:05 aconcagua >>> MailScanner[82359]: Batch (1 message) processed in 8.74 seconds Feb >>> 13 08:40:06 aconcagua MailScanner[83301]: Batch (2 messages) >>> processed in 12.81 seconds Feb 13 08:40:07 aconcagua >>> MailScanner[82879]: Batch (1 message) processed in 7.75 seconds Feb >>> 13 08:40:09 aconcagua MailScanner[82035]: Batch (1 message) >>> processed >>> > > >>> in 6.53 seconds Feb 13 08:40:11 aconcagua MailScanner[83989]: Batch >>> (1 message) processed in 6.41 seconds Feb 13 08:40:11 aconcagua >>> MailScanner[84046]: Batch (1 message) processed in 6.84 seconds Feb >>> 13 08:40:12 aconcagua MailScanner[83301]: Batch (1 message) >>> processed >>> > > >>> in 6.56 seconds >>> >>> Here's the other: >>> >>> >>>> spacecowboy# tail -f /var/log/maillog |grep rocessed Feb 13 >>>> 08:38:57 >>>> > > >>>> spacecowboy MailScanner[54541]: Batch (9 messages) processed in >>>> 252.21 seconds Feb 13 08:39:12 spacecowboy MailScanner[49475]: >>>> Batch >>>> > > >>>> (2 messages) processed in 61.60 seconds Feb 13 08:39:12 spacecowboy >>>> MailScanner[53408]: Batch (4 messages) processed in 86.83 seconds >>>> Feb 13 08:39:14 spacecowboy MailScanner[53430]: Batch (2 messages) >>>> processed in 31.38 seconds Feb 13 08:39:17 spacecowboy >>>> MailScanner[54987]: Batch (8 messages) processed in 166.69 seconds >>>> Feb 13 08:39:18 spacecowboy MailScanner[53490]: Batch (19 messages) >>>> processed in 531.03 seconds Feb 13 08:39:21 spacecowboy >>>> MailScanner[53398]: Batch (14 messages) processed in 384.67 seconds >>>> Feb 13 08:39:30 spacecowboy MailScanner[53412]: Batch (8 messages) >>>> processed in 97.58 seconds Feb 13 08:39:32 spacecowboy >>>> MailScanner[54123]: Batch (2 messages) processed in 62.52 seconds >>>> Feb 13 08:39:38 spacecowboy MailScanner[53430]: Batch (1 message) >>>> processed in 24.16 seconds Feb 13 08:39:39 spacecowboy >>>> MailScanner[55686]: Batch (30 messages) processed in 647.57 seconds >>>> Feb 13 08:39:48 spacecowboy MailScanner[56780]: Batch (5 messages) >>>> processed in 68.93 seconds >>>> >>> Any idea what would be causing this? Same configuration, same MX >>> priority. The one with delays has built quite the queue backlog. >>> >>> >> Can both machines resolve DNS with the same speed? >> Do you have a caching name server on both machines? >> Is the Bays DB the same size on both machines? >> >> >> > I've been wrestling with this a bit. > > A few questions: > > 1. How do I set up a caching nameserver? Can someone throw me a link? > > 2. I've searched high and low, but I can't find the bayes DB location. > I never explicitly set it up, but it's apparently running... > > Output of mailscanner --lint below: > > spacecowboy# mailscanner --lint > Read 759 hostnames from the phishing whitelist Checking version > numbers... > Version number in MailScanner.conf (4.58.9) is correct. > MailScanner setting GID to (125) > MailScanner setting UID to (125) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error > SpamAssassin reported no errors. > Using locktype = flock > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: bitdefender, clamavmodule > > > > -- > Jay Chandler > Network Administrator, Chapman University > 714.628.7249 / chandler@chapman.edu > Today's Excuse: Processes running slowly due to weak power supply > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since this is from the FreeBSD ports tree). So, getting desperate to clear the backlog, I ran sa-learn --clear on the troubled box, and went to get myself a cup of coffee from the break room. On the plus side, I now have coffee. On the downside, it's still taking upwards of 20 seconds per message. The nameserver config is the same. The hardware SHOULD be good-- these boxes are identical, and a month old. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Tue Feb 13 23:00:56 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 13 22:05:43 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702140608150527.667374BA@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> Message-ID: <45D1E0B9.65ED.00A2.0@plattesheriff.org> That's what I do .. right or wrong .. Got tired of older installs that ran out of space on (wherever).. One vendor I work with requires their directory be on a different partition. They insisted that if someone did a rm * -Rf from the / that it wouldn't delete the stuff in their directory .. Never tried it honestly probably should .. >>> "Peter Nitschke" 2/13/2007 1:38 PM >>> Is it still valid to even have a lot of seperate partitions these days? If the hard drive dies you are usually pretty well stuffed no matter how many partitions you have. Mostly our mail servers are single purpose machines, so I just have a 1Gb swap partition and give the rest to /. No problems with partitions running out of space. Or is this still Unix/Linux heresy? Peter *********** REPLY SEPARATOR *********** On 13/02/2007 at 9:35 AM Scott Silva wrote: >Howard Robinson spake the following on 2/13/2007 8:57 AM: >> Dear List >> I had what amounts to a DOS attack on Friday when one of our users >> decided to email 900+ external accounts with a 4.2mb attachment. Given >> that our normal total daily through put is <1gb it was an unusual load >> for our box. After a while the server ran out of space on /var, where >> all the spool queues are, and whilst it didn't actually stop it went >> VERY slowly. After releasing some disk space it ran with a load of 7 >> for quite some time. >> >> What would be the best option that will allow me to put the queues >> somewhere else so that there is a bit more of a cushion? I could use >> part of the /usr directory as it has quite a bit of free space or create >> a new partition. >> If I do this is it better to recompile Sendmail to look at the new >> directory or use a link pointing to the new location? >> Same with MailScanner - editing MailScanner.conf or using link to the >> new location? >> >> Thanks >You could symlink in some space from another partition, maybe the >quarantine >directory or /var/tmp. Or you could move some of the queue into a different >partition and move it back a little at a time. I try to leave 5 or 10 gigs >free somewhere to have space I can toss in for emergencies. You could also >use >some space on a usb2 hard drive in an emergency, although it could be slow. > >-- > >MailScanner is like deodorant... >You hope everybody uses it, and >you notice quickly if they don't!!!! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Tue Feb 13 23:08:19 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 13 22:13:09 2007 Subject: LookOUT 2007 In-Reply-To: <45D0F175.2050808@yeticomputers.com> References: <20070212124502.4E16.GERARD@seibercom.net> <20070212170051.722F.GERARD@seibercom.net><20070212170051.722F.GERARD@seibercom.net> <45D0F175.2050808@yeticomputers.com> Message-ID: <45D1E273.65ED.00A2.0@plattesheriff.org> >I don't object to Microsoft taking advantage of the power of newer >machines, but I do find it rather annoying in the case of Vista that the >*requirements* for the OS are so high. I've seen nothing in Vista that >justifies using so much machine for just the OS. I do need to run a >Vista box so that I can be familiar with the thing when my clients call >with questions about it. The reason I hate Vista is .. on a Vista Business install .. running NOTHING but what the OS put in place takes 350+ mb of ram. This XP machine im on is running XPsp2 Google Chat Groupwise + Notify Groupwise Messenger Daemon Tools iPrint VNC Server Novell Client 32.. and it's humpin along at about 227mb.. From res at ausics.net Tue Feb 13 23:13:33 2007 From: res at ausics.net (Res) Date: Tue Feb 13 22:18:03 2007 Subject: LookOUT 2007 In-Reply-To: <20070213135237.GC29603@bnl.gov> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> Message-ID: On Tue, 13 Feb 2007, Tim Sailer wrote: > On Tue, Feb 13, 2007 at 02:54:56PM +1000, Res wrote: >> You remind me of the guy who came and wanted to do some work, a 25yo >> all hyped up with his M$ certs, and when I told him they meant nothing to > > Remember: MCSE - Must Consult Someone Experienced :) ROFLMFAO :) I gota remember that one, thanks Tim :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From sailer at bnl.gov Tue Feb 13 23:18:59 2007 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 13 22:23:31 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> Message-ID: <20070213221859.GA18386@bnl.gov> On Wed, Feb 14, 2007 at 08:13:33AM +1000, Res wrote: > On Tue, 13 Feb 2007, Tim Sailer wrote: > > >On Tue, Feb 13, 2007 at 02:54:56PM +1000, Res wrote: > >>You remind me of the guy who came and wanted to do some work, a 25yo > >>all hyped up with his M$ certs, and when I told him they meant nothing to > > > >Remember: MCSE - Must Consult Someone Experienced :) > > ROFLMFAO :) > > I gota remember that one, thanks Tim :P :) My brother, who is an MCSE, told me that one. He's actually MCSE+I, so he claims that the +I stands for "and Intelligent". :) Tim -- Tim Sailer DoE Intelligence and Counterintelligence - Cyber Division Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From res at ausics.net Tue Feb 13 23:22:03 2007 From: res at ausics.net (Res) Date: Tue Feb 13 22:26:32 2007 Subject: LookOUT 2007 In-Reply-To: <20070213221859.GA18386@bnl.gov> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> <20070213221859.GA18386@bnl.gov> Message-ID: On Tue, 13 Feb 2007, Tim Sailer wrote: > :) My brother, who is an MCSE, told me that one. He's actually MCSE+I, > so he claims that the +I stands for "and Intelligent". :) hahahaha hang on.... you cant use MSCE and intelligxxx in the same sentance, tst tst norti :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From penguin at dhcp.net Tue Feb 13 23:32:12 2007 From: penguin at dhcp.net (A. Eijkhoudt) Date: Tue Feb 13 22:36:48 2007 Subject: LookOUT 2007 In-Reply-To: <20070213135237.GC29603@bnl.gov> References: <20070212170051.722F.GERARD@seibercom.net> <20070212174038.7234.GERARD@seibercom.net> <20070213135237.GC29603@bnl.gov> Message-ID: <45D23C6C.8080108@dhcp.net> Tim Sailer wrote: > Remember: MCSE - Must Consult Someone Experienced :) Actually, I'm sure it's: "Minesweeper Consultant and Solitaire Expert" :) Incidentally, if you want something 'clean' like LFS *and* still some ease-of-use package management (at least, once you get the hang of it - it's just like ports @ FreeBSD), I recommend Gentoo Linux. It's served me well over the years. AE From glenn.steen at gmail.com Wed Feb 14 00:11:39 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:16:01 2007 Subject: Slow MailScanner In-Reply-To: <45D1FBE5.8040203@chapman.edu> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> Message-ID: <223f97700702131511m6cedb5e7pafec278dbe4d0ad6@mail.gmail.com> On 13/02/07, Jay Chandler wrote: (snip) > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since > this is from the FreeBSD ports tree). > > So, getting desperate to clear the backlog, I ran sa-learn --clear on > the troubled box, and went to get myself a cup of coffee from the break > room. And you did this as UID/GID 125 (whatever that translates to on your system.... Perhaps Postfix?)? If not you likely cleared the wrong bayes db:-). Look for it in /var/spool/MailScanner/spamassassin (if you have that declared in MailScanner.conf) or ~/.spamassassin for the user with UID 125... > On the plus side, I now have coffee. On the downside, it's still taking > upwards of 20 seconds per message. Coffee's always a good start;-). > The nameserver config is the same. The hardware SHOULD be good-- these > boxes are identical, and a month old. > And they've been running some kind of load during that time? Else... well, insiduous HW problems are _always_ a reality...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 00:21:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:26:05 2007 Subject: Slow MailScanner In-Reply-To: <223f97700702131511m6cedb5e7pafec278dbe4d0ad6@mail.gmail.com> References: <45D1EA83.9070906@chapman.edu> <45D1F1B2.2020708@pixelhammer.com> <45D1F771.2020608@chapman.edu> <1964AAFBC212F742958F9275BF63DBB042A0C4@winchester.andrewscompanies.com> <45D1FBE5.8040203@chapman.edu> <223f97700702131511m6cedb5e7pafec278dbe4d0ad6@mail.gmail.com> Message-ID: <223f97700702131521n2870a5c2r370eef8d5744ccaa@mail.gmail.com> On 14/02/07, Glenn Steen wrote: > On 13/02/07, Jay Chandler wrote: > (snip) > > Nope, neither location (nor in /usr/local/etc/MailScanner/bayes, since > > this is from the FreeBSD ports tree). > > > > So, getting desperate to clear the backlog, I ran sa-learn --clear on > > the troubled box, and went to get myself a cup of coffee from the break > > room. > And you did this as UID/GID 125 (whatever that translates to on your > system.... Perhaps Postfix?)? > If not you likely cleared the wrong bayes db:-). > > Look for it in /var/spool/MailScanner/spamassassin (if you have that > declared in MailScanner.conf) or ~/.spamassassin for the user with UID > 125... > > > On the plus side, I now have coffee. On the downside, it's still taking > > upwards of 20 seconds per message. > Coffee's always a good start;-). > > > The nameserver config is the same. The hardware SHOULD be good-- these > > boxes are identical, and a month old. > > > And they've been running some kind of load during that time? Else... > well, insiduous HW problems are _always_ a reality...:-) > > Cheers Ah, I see (from reading on in the thread:-) you are going the SQL route, which is good. Still, one more thing... I noted the pyzor error in your --lint... Check that the user with UID 125 has a valid setup for that too, else that might slow things down. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 00:29:55 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:34:17 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <45D1E0B9.65ED.00A2.0@plattesheriff.org> References: <200702140608150527.667374BA@smtp1.ace.net.au> <45D1E0B9.65ED.00A2.0@plattesheriff.org> Message-ID: <223f97700702131529t14228114m3fcd1b3b168431ab@mail.gmail.com> On 13/02/07, Rob Poe wrote: > That's what I do .. right or wrong .. > > Got tired of older installs that ran out of space on (wherever).. > > One vendor I work with requires their directory be on a different partition. They insisted that if someone did a rm * -Rf from the / that it wouldn't delete the stuff in their directory .. > > Never tried it honestly probably should .. > The real kicker is to do a depth-first find -exec rm -f ..... Did I convince one of the professors back in shool (sometime just after the dinosaurs got extinct:) to do that on a research box, containing virtually all the ongoing work... And did he really do it,,,, and let it run for _hours_ (slow disks back then:), until someone got a "/dev/tty01: file not found"... Nah, I'm probably remembering wrong:-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 00:39:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 13 23:44:27 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702140608150527.667374BA@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> Message-ID: <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> On 13/02/07, Peter Nitschke wrote: > Is it still valid to even have a lot of seperate partitions these days? Yes and no. Modern OS/filesystems make the choices available to you much more flexible... > If the hard drive dies you are usually pretty well stuffed no matter how > many partitions you have. It is those times when the complete filesystem goes bonkers on you (be that from HW problems like head crashes or whatever) that you start regretting the one-for-all strategy. Or if you have a somewhat modern backup system that relies on multiplexing for efficiency (smallest "unit" is usually the filesystem level)... Having one-for-all shoots your backup performance out the window (not that important if one has D2D2T-like setup, I know), but actually will help total recovery-time (for directed recovery, the multpiple filesystem approach might still be beneficial)... > Mostly our mail servers are single purpose machines, so I just have a 1Gb > swap partition and give the rest to /. No problems with partitions running > out of space. If you've considered things like the above, why... Nothing wrong with that, no. Your box, your choice;). > Or is this still Unix/Linux heresy? Not really no. Some Unices still hold fast to a more rigid scheme, but most can be coaxed in this direction. The way to go is more a function of what you are doing with the box, number of actual spindles etc etc. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Wed Feb 14 01:18:23 2007 From: res at ausics.net (Res) Date: Wed Feb 14 00:22:53 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: On Wed, 14 Feb 2007, Glenn Steen wrote: > It is those times when the complete filesystem goes bonkers on you (be > that from HW problems like head crashes or whatever) that you start > regretting the one-for-all strategy. Or if you have a somewhat modern Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), well 2 off in raid 1, then the other 4 drives (or many more if SAN) in raid 10, works very well, basic redundancy, but excellent speed. One thing though, if it's an Email server, I'd recommend use reiserfs, it leaves ext2/ext3 for dead especially in Maildir setups but even mbox has substantial benefits. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From chandler.lists at chapman.edu Wed Feb 14 01:44:41 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 14 00:49:03 2007 Subject: [OT]Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: <45D25B79.9020407@chapman.edu> Res wrote: > One thing though, if it's an Email server, I'd recommend use reiserfs, > it leaves ext2/ext3 for dead ...much like the inventor did his wife. *rimshot* But yes, the performance boost is... non-trivial. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Processes running slowly due to weak power supply From res at ausics.net Wed Feb 14 01:49:20 2007 From: res at ausics.net (Res) Date: Wed Feb 14 00:53:48 2007 Subject: [OT]Diskspace on redhat ent 3 In-Reply-To: <45D25B79.9020407@chapman.edu> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <45D25B79.9020407@chapman.edu> Message-ID: On Tue, 13 Feb 2007, Jay Chandler wrote: > Res wrote: >> One thing though, if it's an Email server, I'd recommend use reiserfs, it >> leaves ext2/ext3 for dead > ...much like the inventor did his wife. *rimshot* lol, now now, last I heard hes not been found guilty... > > But yes, the performance boost is... non-trivial. > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From jcb at dream.com.ph Wed Feb 14 01:51:03 2007 From: jcb at dream.com.ph (jepoy) Date: Wed Feb 14 00:55:35 2007 Subject: OT:Strange warning Message-ID: <037c01c74fd2$33c20bf0$960bbdcb@winxp> guys, just seen these warning, any idea? postdrop: warning: uid=0: File too large send-mail: fatal: root(0): Message file too big Tnx. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/fa918380/attachment-0001.html From glenn.steen at gmail.com Wed Feb 14 02:41:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 01:45:34 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: <223f97700702131741q1111255cw9e1967b017d5f906@mail.gmail.com> On 14/02/07, Res wrote: > On Wed, 14 Feb 2007, Glenn Steen wrote: > > > It is those times when the complete filesystem goes bonkers on you (be > > that from HW problems like head crashes or whatever) that you start > > regretting the one-for-all strategy. Or if you have a somewhat modern > > Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), > well 2 off in raid 1, then the other 4 drives (or many more if SAN) in > raid 10, works very well, basic redundancy, but excellent speed. And then you have that spiffy RAID controller write cache memory go bad and/or some bloody firmware bug kick in and it starts to scribble doodles all over your raidset(s)... :-) Not that I'm disagreeing, basically I do agree, the reasons for using non-monolithic filesystem installs are getting more scarce:-). > One thing though, if it's an Email server, I'd recommend use reiserfs, it > leaves ext2/ext3 for dead especially in Maildir setups but even mbox has > substantial benefits. Most any journalised/logging FS _other_ than ext3 will have that benefit (ext3 is a dawg:-). And ReiserFS is no bad choice. There are reasons for using ext3, but most of those have little bearing on anything:-P Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 14 02:55:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 02:00:21 2007 Subject: OT:Strange warning In-Reply-To: <037c01c74fd2$33c20bf0$960bbdcb@winxp> References: <037c01c74fd2$33c20bf0$960bbdcb@winxp> Message-ID: <223f97700702131755k8743b9bj377146eba98c4ba5@mail.gmail.com> On 14/02/07, jepoy wrote: > > > guys, > > just seen these warning, any idea? > > > postdrop: warning: uid=0: File too large > send-mail: fatal: root(0): Message file too big > > > Tnx. You're hitting the message size limit of your MTA (Postfix isn't it?).... up the limit or make the mail that trigger this smaller and you should be fine. Someone else has had this problem when mailing logwatch results... Look at the nice suggestions, if your situation is similar... http://comments.gmane.org/gmane.comp.log.logwatch.general/437 Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From email at ace.net.au Wed Feb 14 04:29:19 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 03:36:45 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> Message-ID: <200702141359190478.6822BACA@smtp1.ace.net.au> I have an interest in this. I have written a script to take a clean hard drive and the CentOS 4.2 Single CD server and convert it to a fully operation MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The slowest part is the MailScanner install, so some RPM's would be very handy. Peter *********** REPLY SEPARATOR *********** On 13/02/2007 at 11:55 AM James Fagan wrote: >> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >> > Hello,is there any rpm repository for mailscanner on centos ? It >would >> be >> > great just install or update all with a simple yum update. >> > >> > Best regards. >> > >> That would be great, but no one has stepped up to create one that I >know >> of. >> The install packages that Julian has work great already. The download >is >> larger, but it works. >> >> > >I have a couple boxes (1 for sure) that could be used for a repo, but Im >not that good at building packages. I have setup repos for CentOS in the >past, it would be a little bit a project if people are intersted I can >start getting things together on my end in the next week or two. Will be >on vacation for a little bit starting today. > >Im guessing we would need: > >1. boxes >2. DNS >3. packager(s) >4. testors >5. victory beers > >Anything else? Any interest? > >James > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From email at ace.net.au Wed Feb 14 04:31:12 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 03:37:59 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> Message-ID: <200702141401120581.68247498@smtp1.ace.net.au> On 14/02/2007 at 10:18 AM Res wrote: >On Wed, 14 Feb 2007, Glenn Steen wrote: > >> It is those times when the complete filesystem goes bonkers on you (be >> that from HW problems like head crashes or whatever) that you start >> regretting the one-for-all strategy. Or if you have a somewhat modern > >Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), >well 2 off in raid 1, then the other 4 drives (or many more if SAN) in >raid 10, works very well, basic redundancy, but excellent speed. > >One thing though, if it's an Email server, I'd recommend use reiserfs, it >leaves ext2/ext3 for dead especially in Maildir setups but even mbox has >substantial benefits. What about for a mail gateway? I don't actually store the mail on that box. Still worth looking into? Peter From res at ausics.net Wed Feb 14 04:57:10 2007 From: res at ausics.net (Res) Date: Wed Feb 14 04:01:43 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702141401120581.68247498@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> Message-ID: On Wed, 14 Feb 2007, Peter Nitschke wrote: >> Standardised OS drive (except bind/sendmail/qmail/apache/sql/some_daemon), >> well 2 off in raid 1, then the other 4 drives (or many more if SAN) in >> raid 10, works very well, basic redundancy, but excellent speed. >> >> One thing though, if it's an Email server, I'd recommend use reiserfs, it >> leaves ext2/ext3 for dead especially in Maildir setups but even mbox has >> substantial benefits. > > What about for a mail gateway? I don't actually store the mail on that > box. Still worth looking into? > In your case I've used this, on the front ends, 2x36G (can be 18G if you have them spare) 10K rpm scsi in raid 1 for the OS (ext2). Then 1x36G 10k rpm for /var/log (ext2) and 1x72G 15K rpm for /var/spool (reiser). No need for raid on those two disks. I also use a ramdrive for /var/spool/MailScanner. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From email at ace.net.au Wed Feb 14 05:03:02 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 04:09:48 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> Message-ID: <200702141433020728.68419A1B@smtp1.ace.net.au> On 14/02/2007 at 1:57 PM Res wrote: >On Wed, 14 Feb 2007, Peter Nitschke wrote: >>> One thing though, if it's an Email server, I'd recommend use reiserfs, >it >>> leaves ext2/ext3 for dead especially in Maildir setups but even mbox has >>> substantial benefits. >> >> What about for a mail gateway? I don't actually store the mail on that >> box. Still worth looking into? >> > >In your case I've used this, on the front ends, 2x36G (can be 18G if you >have them spare) 10K rpm scsi in raid 1 for the OS (ext2). Then 1x36G 10k >rpm for /var/log (ext2) and 1x72G 15K rpm for /var/spool (reiser). >No need for raid on those two disks. >I also use a ramdrive for /var/spool/MailScanner. Serious stuff! Fortunately most junk gets blocked at the MTA level, so my processing load isn't too bad on a fairly ordinary PC. However if I can get a gain just from changing file systems, then I would be happy to look into it. As it's a gateway it only needs a handful of Gb as long as I don't let quarantine build up too much. Peter From res at ausics.net Wed Feb 14 06:00:16 2007 From: res at ausics.net (Res) Date: Wed Feb 14 05:04:44 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <200702141433020728.68419A1B@smtp1.ace.net.au> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> Message-ID: On Wed, 14 Feb 2007, Peter Nitschke wrote: >> In your case I've used this, on the front ends, 2x36G (can be 18G if you >> have them spare) 10K rpm scsi in raid 1 for the OS (ext2). Then 1x36G 10k >> rpm for /var/log (ext2) and 1x72G 15K rpm for /var/spool (reiser). >> No need for raid on those two disks. >> I also use a ramdrive for /var/spool/MailScanner. > > Serious stuff! Fortunately most junk gets blocked at the MTA level, so my Serious hardware needed, it ensures things run smooth... and when things run smooth, I'm happy, and I get to sit here and drink bloody decaf and annoy you mob ;) > processing load isn't too bad on a fairly ordinary PC. However if I can > get a gain just from changing file systems, then I would be happy to look > into it. I'm sure you'd notice the difference, but it depends on your traffic. > As it's a gateway it only needs a handful of Gb as long as I don't let > quarantine build up too much. So long as you use scsi you should be right, ide and sata are just not in the race, even the smallest of colo boxes can made to hissy fit if someone spam bombs it. I use 72G on those drives because of the volume of mail and if something breaks and goes un-noticed overnight (like it has before courtesy of dcc failing and blowing the batch out, also when clamavmodule kept bailing in middle of night for no reason and mail only got queued) nothing can be rejected for disk space, once bitten... there will never be a second :) It wouldn't be so bad if the gaymers who seem to be the only ones up all night checked their mail and reported problems, even at 2am is better than the normal people finding out at 7-8 am... especially if you find out it shat itself at 11pm :D -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From abraxis at metroweb.co.za Wed Feb 14 07:50:53 2007 From: abraxis at metroweb.co.za (Neil Thompson) Date: Wed Feb 14 06:55:24 2007 Subject: [Semi-OT] Advice on large webmail setup Message-ID: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> Hi all, As the resident Linux guru, I've just been tasked with costing a webmail setup for about 600 000 users. They each have 10MiB (small, I know) mailboxes. The current setup has about 40 million web page accesses per month. No more info available (typical :-( ). Has anyone here any experience with this kind of thing? If so, any pointers as to software and hardware used, and any other advice would be appreciated. Obviously, we'll have to also do virus and spam checking, so sizing on mailscanner stuff would also help. TIA -- Cheers! (Relax...have a homebrew) Neil THEOREM: VI is perfect. PROOF: VI in roman numerals is 6. The natural numbers < 6 which divide 6 are 1, 2, and 3. 1+2+3 = 6. So 6 is a perfect number. Therefore, VI is perfect. QED -- Arthur Tateishi From drew at technologytiger.net Wed Feb 14 09:29:27 2007 From: drew at technologytiger.net (Drew Marshall) Date: Wed Feb 14 08:33:58 2007 Subject: OT:Strange warning In-Reply-To: <037c01c74fd2$33c20bf0$960bbdcb@winxp> References: <037c01c74fd2$33c20bf0$960bbdcb@winxp> Message-ID: <4DF3B9A9-A108-43AC-B359-3C1ED5B27907@technologytiger.net> On 14 Feb 2007, at 00:51, jepoy wrote: > guys, > > just seen these warning, any idea? > > > postdrop: warning: uid=0: File too large > send-mail: fatal: root(0): Message file too big > As Glenn says, you have hit the maximum message size for Postfix but for mail submitted through the 'Sendmail' binary (As opposed to the smtpd interface) hence you get a cryptic log message rather than a straight rejection. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/cefcbad8/attachment.html From cobalt-users1 at fishnet.co.uk Wed Feb 14 10:54:34 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Wed Feb 14 09:59:12 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2A8D1.3040404@alexb.ch> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1EC86.12755.4EA2927@cobalt-users1.fishnet.co.uk>, <45D2A8D1.3040404@alexb.ch> Message-ID: <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk> On 14 Feb 2007 at 7:14, Alex Broens wrote: > On 2/13/2007 5:51 PM, Ian wrote: > > On 13 Feb 2007 at 16:27, Steve Freegard wrote: > > > >> Hi Ian, > >> > >> Ian wrote: > >>> I posted to this list because it only happens when the mail is passed through MailScanner, so > >>> I actually need help on debugging on what happens to the message when it is passed to > >>> spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin > >>> thinks is the bad url. > >>> > >>> Is it the domain name of the server? The name of the perl script? Something else I'm not > >>> seeing? > >>> > >>> What does the MailScanner option: > >>> > >>> Debug SpamAssassin = yes > >>> > >>> actually do? Where do I read the debug output? > >>> > >>> Any help would be appreciated. > >> Try this: > >> > >> Place the attached file into your CustomFunctions directory > >> (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), > >> then in MailScanner.conf set: > >> > >> Always Looked Up Last = &SALongReport > > > > Hi Steve, > > > > Thanks for this. > > > > I already have: > > > > Always Looked Up Last = &MailWatchLogging > > > > So I did a bit of hacking and added the line: > > > > MailScanner::Log::InfoLog($message->{salongreport}); > > > > to the 'MailWatchLogging' subrouting after: > > > > # Don't bother trying to do an insert if no message is passed-in > > return unless $message; > > > > I'll let you know how I go on. Thanks for your help > > Hi Ian > > Is this working? > > Which file did you modify to do it? Hi Alex, I have attached the file Mailwatch.pm. I simply added the lines: # log full spamassassin report to syslong MailScanner::Log::InfoLog($message->{salongreport}); at line 199-200. This worked great but did not help me debug the false positives as they stopped after I fixed the cron script to not print any output unless there was an error. Even after I changed the script back to the original, it no longer gets tagged. I now suspect that one of our domain names got into SURBL for a short period and then the cron email was cached by spamassassin. Does this sound likely? The cron email was identical (apart from the Date: field) each time. Regards Ian -- -------------- next part -------------- The following section of this message contains a file attachment prepared for transmission using the Internet MIME message format. If you are using Pegasus Mail, or any other MIME-compliant system, you should be able to save it or view it from within your mailer. If you cannot, please ask your system administrator for assistance. ---- File information ----------- File: MailWatch.new.pm Date: 14 Feb 2007, 9:54 Size: 10940 bytes. Type: Unknown -------------- next part -------------- A non-text attachment was scrubbed... Name: MailWatch.new.pm Type: application/octet-stream Size: 10940 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/2315bb10/MailWatch.new.obj From ms-list at alexb.ch Wed Feb 14 11:45:56 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Feb 14 10:50:21 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D1EC86.12755.4EA2927@cobalt-users1.fishnet.co.uk>, <45D2A8D1.3040404@alexb.ch> <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk> Message-ID: <45D2E864.5070600@alexb.ch> On 2/14/2007 10:54 AM, Ian wrote: > On 14 Feb 2007 at 7:14, Alex Broens wrote: > >> On 2/13/2007 5:51 PM, Ian wrote: >>> On 13 Feb 2007 at 16:27, Steve Freegard wrote: >>> >>>> Hi Ian, >>>> >>>> Ian wrote: >>>>> I posted to this list because it only happens when the mail is passed through MailScanner, so >>>>> I actually need help on debugging on what happens to the message when it is passed to >>>>> spamassassin from MailScanner. I actually need to know what MailScanner/SpamAssassin >>>>> thinks is the bad url. >>>>> >>>>> Is it the domain name of the server? The name of the perl script? Something else I'm not >>>>> seeing? >>>>> >>>>> What does the MailScanner option: >>>>> >>>>> Debug SpamAssassin = yes >>>>> >>>>> actually do? Where do I read the debug output? >>>>> >>>>> Any help would be appreciated. >>>> Try this: >>>> >>>> Place the attached file into your CustomFunctions directory >>>> (/usr/lib/MailScanner/MailScanner/CustomFunctions on RedHat and clones), >>>> then in MailScanner.conf set: >>>> >>>> Always Looked Up Last = &SALongReport >>> Hi Steve, >>> >>> Thanks for this. >>> >>> I already have: >>> >>> Always Looked Up Last = &MailWatchLogging >>> >>> So I did a bit of hacking and added the line: >>> >>> MailScanner::Log::InfoLog($message->{salongreport}); >>> >>> to the 'MailWatchLogging' subrouting after: >>> >>> # Don't bother trying to do an insert if no message is passed-in >>> return unless $message; >>> >>> I'll let you know how I go on. Thanks for your help >> Hi Ian >> >> Is this working? >> >> Which file did you modify to do it? > > Hi Alex, > > I have attached the file Mailwatch.pm. > > I simply added the lines: > > # log full spamassassin report to syslong > MailScanner::Log::InfoLog($message->{salongreport}); > > at line 199-200. I'm not seeing the full 2 line SA report in MAilwatch so I must be missing something Asked Steve Freegard if he has any idea... > This worked great but did not help me debug the false positives as they stopped after I > fixed the cron script to not print any output unless there was an error. Even after I > changed the script back to the original, it no longer gets tagged. > > I now suspect that one of our domain names got into SURBL for a short period and then > the cron email was cached by spamassassin. Does this sound likely? The cron email was > identical (apart from the Date: field) each time. I've stopped using the SA cache as it created me more headaches with long expiration time than it was worth it. hmmm Alex From prandal at herefordshire.gov.uk Wed Feb 14 11:54:26 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 14 10:59:14 2007 Subject: ClamAV 0.90 released Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> Folks, Good news and bad news. First the good news - ClamAV 0.90 is now officially releases. And the bad - Mail::ClamAV has yet to be updated to work with it. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From glenn.steen at gmail.com Wed Feb 14 11:57:51 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 11:02:15 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> Message-ID: <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> On 14/02/07, Res wrote: (snip) > It wouldn't be so bad if the gaymers who seem to be the only ones up all > night checked their mail and reported problems, even at 2am is better than > the normal people finding out at 7-8 am... especially if you find out it > shat itself at 11pm :D Hahaha, and you think they're interrested in their mail when they're up through the night!? Not realistic:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From cobalt-users1 at fishnet.co.uk Wed Feb 14 12:34:19 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Wed Feb 14 11:38:55 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2E864.5070600@alexb.ch> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk>, <45D2E864.5070600@alexb.ch> Message-ID: <45D2F3BB.8748.8EE574D@cobalt-users1.fishnet.co.uk> On 14 Feb 2007 at 11:45, Alex Broens wrote: > > # log full spamassassin report to syslong > > MailScanner::Log::InfoLog($message->{salongreport}); > > > > at line 199-200. > > I'm not seeing the full 2 line SA report in MAilwatch so I must be > missing something Hi, The report is printed to syslog, so depending on your setup, this could be /var/log/maillog or somewhere else if you've modified it. I have not had time to look at adding the report to MailWatch yet, but I will drop a line to the list if I get it working. > > I now suspect that one of our domain names got into SURBL for a short period and then > > the cron email was cached by spamassassin. Does this sound likely? The cron email was > > identical (apart from the Date: field) each time. > > I've stopped using the SA cache as it created me more headaches with > long expiration time than it was worth it. I think I might do the same after this incident, even though I can't specifically point the finger at it, the risk doesn't seem worth it. Regards Ian -- From ms-list at alexb.ch Wed Feb 14 12:52:19 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Feb 14 11:56:47 2007 Subject: Help debugging false positives with SURBL In-Reply-To: <45D2F3BB.8748.8EE574D@cobalt-users1.fishnet.co.uk> References: <45D18FFC.31484.380AEBD@cobalt-users1.fishnet.co.uk>, <45D2DC5A.12539.89304EB@cobalt-users1.fishnet.co.uk>, <45D2E864.5070600@alexb.ch> <45D2F3BB.8748.8EE574D@cobalt-users1.fishnet.co.uk> Message-ID: <45D2F7F3.1060801@alexb.ch> On 2/14/2007 12:34 PM, Ian wrote: > On 14 Feb 2007 at 11:45, Alex Broens wrote: > > > >>> # log full spamassassin report to syslong >>> MailScanner::Log::InfoLog($message->{salongreport}); >>> >>> at line 199-200. >> I'm not seeing the full 2 line SA report in MAilwatch so I must be >> missing something > > Hi, > > The report is printed to syslog, so depending on your setup, this could be /var/log/maillog or > somewhere else if you've modified it. I'm seeing the full report in maillog but not the full URL. Vanilla SA places that in a second line and I have the feeling MailScanner cuts it off in MailScanner::Log::InfoLog or am I tottaly off clue? (my Perl knowledge is =0) Alex From cobalt-users1 at fishnet.co.uk Wed Feb 14 12:56:46 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Wed Feb 14 12:01:16 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> References: <45D1CDE4.1010800@USherbrooke.ca>, , <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> Message-ID: <45D2F8FE.21174.902E570@cobalt-users1.fishnet.co.uk> On 13 Feb 2007 at 11:55, James Fagan wrote: > Anything else? Any interest? > > James Hi, I've just built a kickstart cd with MailScanner on for CentOS 4.4 I have the rpm's here if anyones interested: mailscanner-4.58.9-1.noarch.rpm MailScanner-perl-MIME-Base64-3.05-5.i386.rpm perl-Archive-Zip-1.16-1.noarch.rpm perl-Compress-Zlib-1.41-1.i386.rpm perl-Convert-BinHex-1.119-2.noarch.rpm perl-Convert-TNEF-0.17-1.noarch.rpm perl-DBD-SQLite-1.12-1.noarch.rpm perl-DBI-1.50-2.noarch.rpm perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm perl-File-Temp-0.16-1.noarch.rpm perl-Filesys-Df-0.90-1.noarch.rpm perl-Getopt-Long-2.35-1.noarch.rpm perl-HTML-Parser-3.54-1.i386.rpm perl-IO-stringy-2.108-1.noarch.rpm perl-Mail-SpamAssassin-3.1.7-1.i386.rpm perl-MailTools-1.71-1.noarch.rpm perl-MIME-tools-5.420-1.noarch.rpm perl-Net-CIDR-0.10-1.noarch.rpm perl-Net-IP-1.24-1.noarch.rpm perl-Sys-Hostname-Long-1.4-1.noarch.rpm perl-Sys-Syslog-0.18-1.noarch.rpm perl-Time-HiRes-1.86-1.noarch.rpm perl-TimeDate-1.16-3.noarch.rpm tnef-1.4.3-1.i386.rpm They are simply the ones created by running the install script. Regards Ian -- From claude.gagne at multitech.qc.ca Wed Feb 14 14:28:56 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Wed Feb 14 13:31:28 2007 Subject: ClamAV 0.90 released In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> Message-ID: <45D30E98.1030101@multitech.qc.ca> Hope it will be updated soon. I got up this morning thinking "I'm gonna try the new ClamAV this morning !!". Randal, Phil a ?crit : > Folks, > > Good news and bad news. > > First the good news - ClamAV 0.90 is now officially releases. > > And the bad - Mail::ClamAV has yet to be updated to work with it. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From lance at uklinux.net Wed Feb 14 14:28:01 2007 From: lance at uklinux.net (Lance Davis) Date: Wed Feb 14 13:32:25 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: Message-ID: On Tue, 13 Feb 2007, Howard Robinson wrote: > What would be the best option that will allow me to put the queues > somewhere else so that there is a bit more of a cushion? I could use > part of the /usr directory as it has quite a bit of free space or create > a new partition. > If I do this is it better to recompile Sendmail to look at the new > directory or use a link pointing to the new location? You dont need to do either, just configure a copy of sendmail.cf eg sendmail.cf.new with the new location and then use sendmail -C sendmail.cf.new -q etc That also lets you tweak how the delivery happens for that queue. Regards Lance -- uklinux.net - The ISP of choice for the discerning Linux user. From lance at uklinux.net Wed Feb 14 14:35:20 2007 From: lance at uklinux.net (Lance Davis) Date: Wed Feb 14 13:39:45 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> References: <45D1CDE4.1010800@USherbrooke.ca><200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> Message-ID: >> The install packages that Julian has work great already. The download > is >> larger, but it works. We could maybe add the mailscanner packages to CentOS extras repo - if someone is prepared to maintain them Regards Lance CentOS Project Leader -- uklinux.net - The ISP of choice for the discerning Linux user. From m.anderlini at database.it Wed Feb 14 14:46:35 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 13:51:05 2007 Subject: Mqueue.in huge In-Reply-To: <200702131656.l1DGu3BA014506@netra.database.it> Message-ID: <200702141346.l1EDkYCU020707@netra.database.it> I've just upgrade mailscanner but I still have the problem. Let me refresh my configuration CentOS release 4.4 (Final) Kernel: 2.6.9-42.0.8.Elsmp Version : 4.58.9 Vendor: Electronics and Computer Science, University of Southampton Release : 1 Build Date: Thu Feb 1 16:02:58 2007 I still can't understand why but sometime (now often), spamassassin become slow and my mqueue.in grow until 2000 msg or more. The only solution I've found it's not use Spamasssin. If I have understood how mailscanner work, the blacklist set in mailscanner.conf are indipendent wich the ones used by spamassassin. Could be that some of this blacklist get to time to be connected ? I've attach my conf, I hope someone could finaly help me. Thanks again... Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marcello Anderlini > Sent: martedì 13 febbraio 2007 17.56 > To: 'MailScanner discussion' > Subject: RE: Mqueue.in huge > > But I have not MailWatch installed. > I think now the best things it's to upgrade Mailscanner and > see if things get better or not. > > Let me try. > > Thanks again. > > > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn > > Steen > > Sent: martedì 13 febbraio 2007 17.23 > > To: MailScanner discussion > > Subject: Re: Mqueue.in huge > > > > On 13/02/07, Marcello Anderlini wrote: > > > I make the symlink but the problem seem to be still presents. > > > Now my mqueue.in is running about 120/130 msg waiting and > > is growing. > > > The only way to decrease it is to not use spamassassin. > > Ok. > > > > > I notice anyway that msg are still marked spam using > black-list, I > > > suppose directly by Mailscanner and I can delete it if I > > change "Spam > > > Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > > > delete. Could this be a solution ? > > Only a temporary one, IMO. You do want SA to have its say:-). > > > > > But How can I understand where spamassassin is slowing ? Can > > > spamassassin -D -t generate a log with timing ? > > Like the MailWatch thing? Unfortunately I know of no such thing > > (doesn't necessarily mean there is none:-). One could probably just > > change the MailWatch thing a bit so that it'd use a message and not > > really the --lint thing... Looking at that.... In > sa_lint.php around > > line 24 you could probably change if(!$fp = > popen(SA_DIR.'spamassassin > > -x -D -p '.SA_PREFS.' --lint 2>&1','r')) { to something > like if(!$fp = > > popen(SA_DIR.'spamassassin -x -D -t /path/to/your/test/message > > 2>&1','r')) { ... and then restart apache and your browser. > When you > > the run the "SA lint" on the Tools page, you should get a timed > > variant of that ... in theory, I've not tested this:-). > Keep a copy of > > the original file, just in case:-):-). > > > > > I'll update mailscanner as soon as possible. > > > > > Good plan. > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Messaggio verificato dal servizio antivirus di Database Informatica > > > > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.zip Type: application/octet-stream Size: 29131 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/04284e84/MailScanner.obj From brent.bolin at gmail.com Wed Feb 14 14:53:43 2007 From: brent.bolin at gmail.com (BB) Date: Wed Feb 14 13:58:09 2007 Subject: What is the point of long rambling spam with gif attachments ? Message-ID: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> Who in the world would actually purchase(Viagra etc...) from these places ? Harvesting valid email address ? Bug the heck out of people like us ? Malicious payload if not already ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/6fbd4da2/attachment.html From root at doctor.nl2k.ab.ca Wed Feb 14 15:13:19 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Feb 14 14:18:16 2007 Subject: ClamAV 0.90 released In-Reply-To: <45D30E98.1030101@multitech.qc.ca> References: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> <45D30E98.1030101@multitech.qc.ca> Message-ID: <20070214141319.GA18312@doctor.nl2k.ab.ca> On Wed, Feb 14, 2007 at 08:28:56AM -0500, Claude Gagn? wrote: > Hope it will be updated soon. I got up this morning thinking "I'm gonna > try the new ClamAV this morning !!". > > Randal, Phil a ?crit : > >Folks, > > > >Good news and bad news. > > > >First the good news - ClamAV 0.90 is now officially releases. > > > >And the bad - Mail::ClamAV has yet to be updated to work with it. > > > >Cheers, > > > >Phil > >-- > >Phil Randal > >Network Engineer > >Herefordshire Council > >Hereford, UK > > > > -- > * Claude Gagn?* > / Technicien informatique/ > > claude.gagne@multitech.qc.ca > 226-A, chemin des Poirier > Montmagny (Qc) > G5V 3X8 > > T?l. : (418) 248-2247 > T?l?c. : (418) 248-2230 > > *8, rue du Domaine > Rivi?re-du-Loup (Qc) > G5R 2P5 > > T?l. : (418) 867-3355 > T?l?c. : (418) 867-2775 > * > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Stand by please. Do not give up on clamav 0.88.7 From res at ausics.net Wed Feb 14 15:48:36 2007 From: res at ausics.net (Res) Date: Wed Feb 14 14:53:06 2007 Subject: [Semi-OT] Advice on large webmail setup In-Reply-To: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> References: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> Message-ID: On Wed, 14 Feb 2007, Neil Thompson wrote: > As the resident Linux guru, I've just been tasked with costing a webmail setup > for about 600 000 users. They each have 10MiB (small, I know) mailboxes. The > current setup has about 40 million web page accesses per month. No more info I hope your sitting down :) You'd be looking at, as a base, 6x HP RX8640 servers, on your figures thats little over 900 hits per minute so 6 of these load balanced should do the trick with plenty to spare incase of failure of one or two of them. An SFS20 storage unit would be recommended which from memory is at least 2PB. Definately use MailDir, vpopmail, it will handle 23 million users per domain (times 23 million domains as well) with its structure so its by far best suited, you could use qmail on backends since vpopmail is designed around it. You could use squirrelmail or sqwebmail, sqwebmail is simplest and IMHO more secure, but it depends on what features you want your users to have. Use hardware based load balancers, Foundry, also use Foundry switches if you can, the quality is superior to anything else on the market. Cost is hard to say as it varies country to country, but nothing short of 1 million as a very base starting budget, but for 600K users $1m should be nothing... Talk to HP about your needs. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 14 15:58:28 2007 From: res at ausics.net (Res) Date: Wed Feb 14 15:03:02 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> Message-ID: On Wed, 14 Feb 2007, Glenn Steen wrote: > On 14/02/07, Res wrote: > (snip) >> It wouldn't be so bad if the gaymers who seem to be the only ones up all >> night checked their mail and reported problems, even at 2am is better than >> the normal people finding out at 7-8 am... especially if you find out it >> shat itself at 11pm :D > Hahaha, and you think they're interrested in their mail when they're > up through the night!? > Not realistic:-) I know, i teach them to get a life :) # int gigabitethernet 2/0 shut <........go make coffee....drink coffee......> noshut # -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 14 16:06:22 2007 From: res at ausics.net (Res) Date: Wed Feb 14 15:10:55 2007 Subject: Mqueue.in huge In-Reply-To: <200702141346.l1EDkYCU020707@netra.database.it> References: <200702141346.l1EDkYCU020707@netra.database.it> Message-ID: On Wed, 14 Feb 2007, Marcello Anderlini wrote: > I've just upgrade mailscanner but I still have the problem. > > Let me refresh my configuration If you use dcc/pyzor/razor, disable them, it was the only way I could keep SA under control, I had the same problems as you a year ago, within 10 mins I had about a thousand in the batch, once I removed those 3, SA could easily keep up despite it having a lot of local rules and all from rules_du_jour. In your conf I would change the number of processes to 5 unless you have 2 real CPU's, hyperthreaded cpu's show up as two, but must only be counted as one in MailScanner, also the batch scan time, I'd pop that back to 5. Its very late here, so I may have missed other things you need to correct, I'll leave the rest for others to proof read :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Wed Feb 14 16:12:30 2007 From: res at ausics.net (Res) Date: Wed Feb 14 15:17:02 2007 Subject: Mqueue.in huge In-Reply-To: References: <200702141346.l1EDkYCU020707@netra.database.it> Message-ID: On Thu, 15 Feb 2007, Res wrote: > On Wed, 14 Feb 2007, Marcello Anderlini wrote: > >> I've just upgrade mailscanner but I still have the problem. >> >> Let me refresh my configuration > > If you use dcc/pyzor/razor, disable them, it was the only way I could keep SA > under control, I had the same problems as you a year ago, within 10 mins I > had about a thousand in the batch, once I removed those 3, SA could easily > keep up despite it having a lot of local rules and all from rules_du_jour. Just to add something... SA does not do blacklist checks here, thats all done at the MTA's, I also disable S.A's SPF tests, we do that at MTA level as well, we also enforce forward and reverse DNS tests, no need to match, but they must exist, and also block on bad helos, these two tests alone reduced the noise level by 80% with no noticable legitmite signal loss and I've been doing that for many years. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Wed Feb 14 16:14:53 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 15:19:19 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> Message-ID: <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> On 14/02/07, BB wrote: > > Who in the world would actually purchase(Viagra etc...) from these places ? > > Harvesting valid email address ? > > Bug the heck out of people like us ? > > Malicious payload if not already ? > As you say, it is moronic at best... But you could well compare it to Nigerian scams... The cost for sending is _very_ low/message. So to make a buck, they don't need more than ppm-type "fallout"... If one in a million do buy the coloured sugar pills, they will make a profit. And it seems there are several "stages" involved, where the actual botnet herder get paid for services, and so doesn't really depend upon the outcome. All in all, it just takes a few idiots to make it a profitable deal. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Wed Feb 14 16:15:40 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 14 15:20:43 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702141359190478.6822BACA@smtp1.ace.net.au> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <200702141359190478.6822BACA@smtp1.ace.net.au> Message-ID: <45D3279C.3060803@nkpanama.com> Care to share? :-) Peter Nitschke wrote: > I have an interest in this. > > I have written a script to take a clean hard drive and the CentOS 4.2 > Single CD server and convert it to a fully operation > MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The > slowest part is the MailScanner install, so some RPM's would be very handy. > > Peter > > *********** REPLY SEPARATOR *********** > > On 13/02/2007 at 11:55 AM James Fagan wrote: > >>> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >>>> Hello,is there any rpm repository for mailscanner on centos ? It >> would >>> be >>>> great just install or update all with a simple yum update. >>>> >>>> Best regards. >>>> >>> That would be great, but no one has stepped up to create one that I >> know >>> of. >>> The install packages that Julian has work great already. The download >> is >>> larger, but it works. >>> >>> >> I have a couple boxes (1 for sure) that could be used for a repo, but Im >> not that good at building packages. I have setup repos for CentOS in the >> past, it would be a little bit a project if people are intersted I can >> start getting things together on my end in the next week or two. Will be >> on vacation for a little bit starting today. >> >> Im guessing we would need: >> >> 1. boxes >> 2. DNS >> 3. packager(s) >> 4. testors >> 5. victory beers >> >> Anything else? Any interest? >> >> James >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > From alex at nkpanama.com Wed Feb 14 16:16:32 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 14 15:21:36 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <45D2F8FE.21174.902E570@cobalt-users1.fishnet.co.uk> References: <45D1CDE4.1010800@USherbrooke.ca>, , <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <45D2F8FE.21174.902E570@cobalt-users1.fishnet.co.uk> Message-ID: <45D327D0.8010903@nkpanama.com> I'd host it if needed... Ian wrote: > On 13 Feb 2007 at 11:55, James Fagan wrote: > >> Anything else? Any interest? >> >> James > > Hi, > > I've just built a kickstart cd with MailScanner on for CentOS 4.4 I have the rpm's here if > anyones interested: > > mailscanner-4.58.9-1.noarch.rpm > MailScanner-perl-MIME-Base64-3.05-5.i386.rpm > perl-Archive-Zip-1.16-1.noarch.rpm > perl-Compress-Zlib-1.41-1.i386.rpm > perl-Convert-BinHex-1.119-2.noarch.rpm > perl-Convert-TNEF-0.17-1.noarch.rpm > perl-DBD-SQLite-1.12-1.noarch.rpm > perl-DBI-1.50-2.noarch.rpm > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > perl-File-Temp-0.16-1.noarch.rpm > perl-Filesys-Df-0.90-1.noarch.rpm > perl-Getopt-Long-2.35-1.noarch.rpm > perl-HTML-Parser-3.54-1.i386.rpm > perl-IO-stringy-2.108-1.noarch.rpm > perl-Mail-SpamAssassin-3.1.7-1.i386.rpm > perl-MailTools-1.71-1.noarch.rpm > perl-MIME-tools-5.420-1.noarch.rpm > perl-Net-CIDR-0.10-1.noarch.rpm > perl-Net-IP-1.24-1.noarch.rpm > perl-Sys-Hostname-Long-1.4-1.noarch.rpm > perl-Sys-Syslog-0.18-1.noarch.rpm > perl-Time-HiRes-1.86-1.noarch.rpm > perl-TimeDate-1.16-3.noarch.rpm > tnef-1.4.3-1.i386.rpm > > They are simply the ones created by running the install script. > > Regards > > Ian From m.anderlini at database.it Wed Feb 14 16:27:26 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 15:41:01 2007 Subject: Mqueue.in huge In-Reply-To: Message-ID: <200702141527.l1EFROJH011703@netra.database.it> But I do not use dcc/pyzor/razor, could you send me your MailScanner.conf to compare with me ? thanks Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: mercoledì 14 febbraio 2007 16.06 > To: MailScanner discussion > Subject: RE: Mqueue.in huge > > On Wed, 14 Feb 2007, Marcello Anderlini wrote: > > > I've just upgrade mailscanner but I still have the problem. > > > > Let me refresh my configuration > > If you use dcc/pyzor/razor, disable them, it was the only way > I could keep SA under control, I had the same problems as you > a year ago, within 10 mins I had about a thousand in the > batch, once I removed those 3, SA could easily keep up > despite it having a lot of local rules and all from rules_du_jour. > > In your conf I would change the number of processes to 5 > unless you have 2 real CPU's, hyperthreaded cpu's show up as > two, but must only be counted as one in MailScanner, also the > batch scan time, I'd pop that back to 5. > > Its very late here, so I may have missed other things you > need to correct, I'll leave the rest for others to proof read :) > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From prandal at herefordshire.gov.uk Wed Feb 14 16:46:04 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 14 15:51:28 2007 Subject: Mailscanner repository for centos 4.x Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5812AD8624@isabella.herefordshire.gov.uk> But what about the manual step of running upgrade_mailscanner_conf upgrade_languages_conf AND CHECKING.... This will be completely overlooked in an automated "yum update" context. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ian > Sent: 14 February 2007 11:57 > To: MailScanner discussion > Subject: RE: Mailscanner repository for centos 4.x > > On 13 Feb 2007 at 11:55, James Fagan wrote: > > > Anything else? Any interest? > > > > James > > Hi, > > I've just built a kickstart cd with MailScanner on for CentOS > 4.4 I have the rpm's here if > anyones interested: > > mailscanner-4.58.9-1.noarch.rpm > MailScanner-perl-MIME-Base64-3.05-5.i386.rpm > perl-Archive-Zip-1.16-1.noarch.rpm > perl-Compress-Zlib-1.41-1.i386.rpm > perl-Convert-BinHex-1.119-2.noarch.rpm > perl-Convert-TNEF-0.17-1.noarch.rpm > perl-DBD-SQLite-1.12-1.noarch.rpm > perl-DBI-1.50-2.noarch.rpm > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > perl-File-Temp-0.16-1.noarch.rpm > perl-Filesys-Df-0.90-1.noarch.rpm > perl-Getopt-Long-2.35-1.noarch.rpm > perl-HTML-Parser-3.54-1.i386.rpm > perl-IO-stringy-2.108-1.noarch.rpm > perl-Mail-SpamAssassin-3.1.7-1.i386.rpm > perl-MailTools-1.71-1.noarch.rpm > perl-MIME-tools-5.420-1.noarch.rpm > perl-Net-CIDR-0.10-1.noarch.rpm > perl-Net-IP-1.24-1.noarch.rpm > perl-Sys-Hostname-Long-1.4-1.noarch.rpm > perl-Sys-Syslog-0.18-1.noarch.rpm > perl-Time-HiRes-1.86-1.noarch.rpm > perl-TimeDate-1.16-3.noarch.rpm > tnef-1.4.3-1.i386.rpm > > They are simply the ones created by running the install script. > > Regards > > Ian > -- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Wed Feb 14 16:51:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 15:56:25 2007 Subject: Diskspace on redhat ent 3 In-Reply-To: References: <200702140608150527.667374BA@smtp1.ace.net.au> <223f97700702131539j6f22ee17q7d956d22656ecd16@mail.gmail.com> <200702141401120581.68247498@smtp1.ace.net.au> <200702141433020728.68419A1B@smtp1.ace.net.au> <223f97700702140257m7d5dafc1y4c2fe82cb895ec4e@mail.gmail.com> Message-ID: <223f97700702140751y1f01d167i375ad193656be4e@mail.gmail.com> On 14/02/07, Res wrote: > On Wed, 14 Feb 2007, Glenn Steen wrote: > > > On 14/02/07, Res wrote: > > (snip) > >> It wouldn't be so bad if the gaymers who seem to be the only ones up all > >> night checked their mail and reported problems, even at 2am is better than > >> the normal people finding out at 7-8 am... especially if you find out it > >> shat itself at 11pm :D > > > Hahaha, and you think they're interrested in their mail when they're > > up through the night!? > > Not realistic:-) > > I know, i teach them to get a life :) > > # > int gigabitethernet 2/0 > shut > <........go make coffee....drink coffee......> > noshut > # Ah .... LOL... evil...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ka at pacific.net Wed Feb 14 17:00:43 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 14 16:01:22 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> Message-ID: <45D3322B.2060602@pacific.net> Glenn Steen wrote: > On 14/02/07, BB wrote: >> >> Who in the world would actually purchase(Viagra etc...) from these >> places ? >> >> Harvesting valid email address ? >> >> Bug the heck out of people like us ? >> >> Malicious payload if not already ? >> > As you say, it is moronic at best... But you could well compare it to > Nigerian scams... The cost for sending is _very_ low/message. So to > make a buck, they don't need more than ppm-type "fallout"... If one in > a million do buy the coloured sugar pills, they will make a profit. > And it seems there are several "stages" involved, where the actual > botnet herder get paid for services, and so doesn't really depend upon > the outcome. > All in all, it just takes a few idiots to make it a profitable deal. Yep. in this morning's email: -- snip Get all your favorite RX Meds Online! With discreet fast FEDEX shipping! No Prescription Needed! Order Now - japena . com -- snip All it hit was DATE_IN_PAST_06_12 :-( It's hitting DCC and RAZOR and yet another local rule now as well. You gotta have a sense of humor about this spam stuff. It really is just background noise.. oh.. and job security. Ken A. Pacific.Net > > Cheers From email at ace.net.au Wed Feb 14 16:59:57 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 14 16:07:24 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <45D3279C.3060803@nkpanama.com> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <200702141359190478.6822BACA@smtp1.ace.net.au> <45D3279C.3060803@nkpanama.com> Message-ID: <200702150229570930.6AD1F63E@smtp1.ace.net.au> One condition, you actually try it and give me some feedback, be it good, bad or otherwise :-) I just knocked up a quick and dirty website for it, hopefully it explains it all. http://az.com.au Peter *********** REPLY SEPARATOR *********** On 14/02/2007 at 10:15 AM Alex Neuman van der Hans wrote: >Care to share? :-) > >Peter Nitschke wrote: >> I have an interest in this. >> >> I have written a script to take a clean hard drive and the CentOS 4.2 >> Single CD server and convert it to a fully operation >> MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The >> slowest part is the MailScanner install, so some RPM's would be very >handy. >> >> Peter >> >> *********** REPLY SEPARATOR *********** >> >> On 13/02/2007 at 11:55 AM James Fagan wrote: >> >>>> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >>>>> Hello,is there any rpm repository for mailscanner on centos ? It >>> would >>>> be >>>>> great just install or update all with a simple yum update. >>>>> >>>>> Best regards. >>>>> >>>> That would be great, but no one has stepped up to create one that I >>> know >>>> of. >>>> The install packages that Julian has work great already. The download >>> is >>>> larger, but it works. >>>> >>>> >>> I have a couple boxes (1 for sure) that could be used for a repo, but Im >>> not that good at building packages. I have setup repos for CentOS in the >>> past, it would be a little bit a project if people are intersted I can >>> start getting things together on my end in the next week or two. Will be >>> on vacation for a little bit starting today. >>> >>> Im guessing we would need: >>> >>> 1. boxes >>> 2. DNS >>> 3. packager(s) >>> 4. testors >>> 5. victory beers >>> >>> Anything else? Any interest? >>> >>> James >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From ka at pacific.net Wed Feb 14 17:10:27 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 14 16:11:04 2007 Subject: Mqueue.in huge In-Reply-To: <200702141527.l1EFROJH011703@netra.database.it> References: <200702141527.l1EFROJH011703@netra.database.it> Message-ID: <45D33473.3030909@pacific.net> Marcello Anderlini wrote: > But I do not use dcc/pyzor/razor, could you send me your MailScanner.conf to > compare with me ? they are disabled in /etc/mail/spamassassin/init.pre, or in /etc/MailScanner/spam.assassin.prefs.conf, (or both!), not in MailScanner.conf Ken A. Pacific.Net > > thanks > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res >> Sent: mercoled? 14 febbraio 2007 16.06 >> To: MailScanner discussion >> Subject: RE: Mqueue.in huge >> >> On Wed, 14 Feb 2007, Marcello Anderlini wrote: >> >>> I've just upgrade mailscanner but I still have the problem. >>> >>> Let me refresh my configuration >> If you use dcc/pyzor/razor, disable them, it was the only way >> I could keep SA under control, I had the same problems as you >> a year ago, within 10 mins I had about a thousand in the >> batch, once I removed those 3, SA could easily keep up >> despite it having a lot of local rules and all from rules_du_jour. >> >> In your conf I would change the number of processes to 5 >> unless you have 2 real CPU's, hyperthreaded cpu's show up as >> two, but must only be counted as one in MailScanner, also the >> batch scan time, I'd pop that back to 5. >> >> Its very late here, so I may have missed other things you >> need to correct, I'll leave the rest for others to proof read :) >> >> -- >> Cheers >> Res >> >> "We can be Heroes, just for one day" - Davey (Jones) Bowie >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Messaggio verificato dal servizio antivirus di Database Informatica >> > > > From jaearick at colby.edu Wed Feb 14 17:10:00 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Feb 14 16:14:35 2007 Subject: ClamAV 0.90, another bummer Message-ID: More sad news on ClamAV 0.90 for you Solaris users... You have to configure it with --disable-bzip2, even if you have the latest bzip2, version 1.0.4 installed. Clam expects a shared library for bzip2, but the default makefile for bzip2 just builds an archive lib. The "make -f Makefile-libbz2_so" failed for me with Solaris 10 and gcc 4.1.0 so no shared bzip2 lib, ergo no bzip2 in Clam. Jeff Earickson Colby College From alex at nkpanama.com Wed Feb 14 17:14:59 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 14 16:20:01 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <200702150229570930.6AD1F63E@smtp1.ace.net.au> References: <45D1CDE4.1010800@USherbrooke.ca> <200702131658.l1DGwjhc017170@netra.database.it> <59E4A3A1069C2640959AD0F7518C48122F0861@FLN1.fln.local> <200702141359190478.6822BACA@smtp1.ace.net.au> <45D3279C.3060803@nkpanama.com> <200702150229570930.6AD1F63E@smtp1.ace.net.au> Message-ID: <45D33583.7010108@nkpanama.com> I'll look at the script and see what I can contribute (additional plugins, other stuff, etc.) Peter Nitschke wrote: > One condition, you actually try it and give me some feedback, be it good, > bad or otherwise :-) > > I just knocked up a quick and dirty website for it, hopefully it explains > it all. > > http://az.com.au > > Peter > > *********** REPLY SEPARATOR *********** > > On 14/02/2007 at 10:15 AM Alex Neuman van der Hans wrote: > >> Care to share? :-) >> >> Peter Nitschke wrote: >>> I have an interest in this. >>> >>> I have written a script to take a clean hard drive and the CentOS 4.2 >>> Single CD server and convert it to a fully operation >>> MailScanner/ClamAV/SpamAssassin gateway with various useful tools. The >>> slowest part is the MailScanner install, so some RPM's would be very >> handy. >>> Peter >>> >>> *********** REPLY SEPARATOR *********** >>> >>> On 13/02/2007 at 11:55 AM James Fagan wrote: >>> >>>>> Marcello Anderlini spake the following on 2/13/2007 8:58 AM: >>>>>> Hello,is there any rpm repository for mailscanner on centos ? It >>>> would >>>>> be >>>>>> great just install or update all with a simple yum update. >>>>>> >>>>>> Best regards. >>>>>> >>>>> That would be great, but no one has stepped up to create one that I >>>> know >>>>> of. >>>>> The install packages that Julian has work great already. The download >>>> is >>>>> larger, but it works. >>>>> >>>>> >>>> I have a couple boxes (1 for sure) that could be used for a repo, but > Im >>>> not that good at building packages. I have setup repos for CentOS in > the >>>> past, it would be a little bit a project if people are intersted I can >>>> start getting things together on my end in the next week or two. Will > be >>>> on vacation for a little bit starting today. >>>> >>>> Im guessing we would need: >>>> >>>> 1. boxes >>>> 2. DNS >>>> 3. packager(s) >>>> 4. testors >>>> 5. victory beers >>>> >>>> Anything else? Any interest? >>>> >>>> James >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > From m.anderlini at database.it Wed Feb 14 17:15:38 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 16:27:37 2007 Subject: Mqueue.in huge In-Reply-To: <45D33473.3030909@pacific.net> Message-ID: <200702141615.l1EGFabw021719@netra.database.it> Opss, anyway this is my spam.assassin.prefs.conf ============== # skip_rbl_checks 1 ########################################################################### # Add your own customised scores for some tests below. The default scores are # read from the installed "spamassassin.cf" file, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html . # MailScanner: Comment out the next line to enable DCC checking if you # have dcc installed (optional part of SpamAssassin) # JKF Commented out as it no longer generates maillog warnings #score DCC_CHECK 0.0 dcc_path /usr/local/bin/dccproc # # Added for MailScanner 23/5/2003 # The timeouts for blacklists and Razor are rather generous in the default # state that SpamAssassin is shipped. Reducing these stops a lot of timeouts # from removing SpamAssassin scores altogether. # rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 ============== I've checked and I've not /usr/local/bin/dccproc, could I try to set skip_rbl_checks 0 or decrease this timeout ?: rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 Thanks again Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: mercoledì 14 febbraio 2007 17.10 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > > > > Marcello Anderlini wrote: > > But I do not use dcc/pyzor/razor, could you send me your > > MailScanner.conf to compare with me ? > > they are disabled in /etc/mail/spamassassin/init.pre, or in > /etc/MailScanner/spam.assassin.prefs.conf, (or both!), not in > MailScanner.conf > > Ken A. > Pacific.Net > > > > > thanks > > > > Dr. Marcello Anderlini > > m.anderlini@database.it > > --------------------------------------------- > > Database Informatica S.r.l. > > Microsoft Certified Partner > > Tel. +39059775070 > > Fax. +39059779545 > > http://www.database.it > > --------------------------------------------- > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Res > >> Sent: mercoledì 14 febbraio 2007 16.06 > >> To: MailScanner discussion > >> Subject: RE: Mqueue.in huge > >> > >> On Wed, 14 Feb 2007, Marcello Anderlini wrote: > >> > >>> I've just upgrade mailscanner but I still have the problem. > >>> > >>> Let me refresh my configuration > >> If you use dcc/pyzor/razor, disable them, it was the only > way I could > >> keep SA under control, I had the same problems as you a year ago, > >> within 10 mins I had about a thousand in the batch, once I removed > >> those 3, SA could easily keep up despite it having a lot of local > >> rules and all from rules_du_jour. > >> > >> In your conf I would change the number of processes to 5 > unless you > >> have 2 real CPU's, hyperthreaded cpu's show up as two, but > must only > >> be counted as one in MailScanner, also the batch scan > time, I'd pop > >> that back to 5. > >> > >> Its very late here, so I may have missed other things you need to > >> correct, I'll leave the rest for others to proof read :) > >> > >> -- > >> Cheers > >> Res > >> > >> "We can be Heroes, just for one day" - Davey (Jones) Bowie > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Messaggio verificato dal servizio antivirus di Database Informatica > >> > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- A non-text attachment was scrubbed... Name: spam.assassin.prefs.zip Type: application/octet-stream Size: 4388 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/ffabba92/spam.assassin.prefs.obj From m.anderlini at database.it Wed Feb 14 17:23:56 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Feb 14 16:28:26 2007 Subject: Mqueue.in huge In-Reply-To: <45D33473.3030909@pacific.net> Message-ID: <200702141623.l1EGNsNT029412@netra.database.it> This instead it's my init.pre =========================== ########################################################################### # RelayCountry - add metadata for Bayes learning, marking the countries # a message was relayed through # # Note: This requires the IP::Country::Fast Perl module # # loadplugin Mail::SpamAssassin::Plugin::RelayCountry # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF =========================== Could I remove someone and still have a good spam detection ? Thanks again and again :-) Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: mercoledì 14 febbraio 2007 17.10 > To: MailScanner discussion > Subject: Re: Mqueue.in huge > > > > > Marcello Anderlini wrote: > > But I do not use dcc/pyzor/razor, could you send me your > > MailScanner.conf to compare with me ? > > they are disabled in /etc/mail/spamassassin/init.pre, or in > /etc/MailScanner/spam.assassin.prefs.conf, (or both!), not in > MailScanner.conf > > Ken A. > Pacific.Net > > > > > thanks > > > > Dr. Marcello Anderlini > > m.anderlini@database.it > > --------------------------------------------- > > Database Informatica S.r.l. > > Microsoft Certified Partner > > Tel. +39059775070 > > Fax. +39059779545 > > http://www.database.it > > --------------------------------------------- > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Res > >> Sent: mercoledì 14 febbraio 2007 16.06 > >> To: MailScanner discussion > >> Subject: RE: Mqueue.in huge > >> > >> On Wed, 14 Feb 2007, Marcello Anderlini wrote: > >> > >>> I've just upgrade mailscanner but I still have the problem. > >>> > >>> Let me refresh my configuration > >> If you use dcc/pyzor/razor, disable them, it was the only > way I could > >> keep SA under control, I had the same problems as you a year ago, > >> within 10 mins I had about a thousand in the batch, once I removed > >> those 3, SA could easily keep up despite it having a lot of local > >> rules and all from rules_du_jour. > >> > >> In your conf I would change the number of processes to 5 > unless you > >> have 2 real CPU's, hyperthreaded cpu's show up as two, but > must only > >> be counted as one in MailScanner, also the batch scan > time, I'd pop > >> that back to 5. > >> > >> Its very late here, so I may have missed other things you need to > >> correct, I'll leave the rest for others to proof read :) > >> > >> -- > >> Cheers > >> Res > >> > >> "We can be Heroes, just for one day" - Davey (Jones) Bowie > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Messaggio verificato dal servizio antivirus di Database Informatica > >> > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From rcooper at dwford.com Wed Feb 14 17:33:49 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 14 16:38:22 2007 Subject: ClamAV 0.90 released In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> Message-ID: <023501c75055$e88f5be0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: Wednesday, February 14, 2007 5:54 AM > To: MailScanner discussion > Subject: ClamAV 0.90 released > > Folks, > > Good news and bad news. > > First the good news - ClamAV 0.90 is now officially releases. > > And the bad - Mail::ClamAV has yet to be updated to work with it. > > Cheers, > > Phil > -- I would think an update will take a while, they removed some entire functions, and some have changed pretty major. Although notes inside the last Mail::ClamAV dist would tend to make one believe the author was aware of some of them at the time of the 0.90RCxx releases the changed yet again. For instance the cl_scanbuffer was changed to cli_scanbuffer and now it appears to have been replaced with cl_scanfile and no longer takes the same arguments. I did manage to fix up the Mail::ClamAV package to a working version but was going to need MS changes also. I ended up opting to use clamd and clamdscan instead. If you decide to go that route you need to remove the ExtraScanOptions from the wrapper, and remove the -r option from SweepVirues.pm (or you will get a harmless error message telling you the -r option was ignored). The clamdscan option seems to be pretty quick and works well. A Note to Julian: I was using the 0.90RC version on one server so I had to add some code to SweepViruses to check the clamav version and modify the $Scanners{clamav}->{CommonOptions} .= " --unrar=$rarcmd"; portion of SweepViruses to check versions and if major is >= 0.90 then don't add the --unrarcmd as 0.90 has a working unrar function. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Wed Feb 14 17:34:06 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Feb 14 16:38:49 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <45D3322B.2060602@pacific.net> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> <223f97700702140714n63b1b0e5kf26a46ac1e7c6a75@mail.gmail.com> <45D3322B.2060602@pacific.net> Message-ID: <7.0.1.0.0.20070214112915.073a8eb0@1bigthink.com> At 11:00 AM 2/14/2007, you wrote: >Glenn Steen wrote: >>On 14/02/07, BB wrote: >>> >>>Who in the world would actually purchase(Viagra etc...) from these places ? >>> >>>Harvesting valid email address ? >>> >>>Bug the heck out of people like us ? >>> >>>Malicious payload if not already ? >>As you say, it is moronic at best... But you could well compare it to >>Nigerian scams... The cost for sending is _very_ low/message. So to >>make a buck, they don't need more than ppm-type "fallout"... If one in >>a million do buy the coloured sugar pills, they will make a profit. >>And it seems there are several "stages" involved, where the actual >>botnet herder get paid for services, and so doesn't really depend upon >>the outcome. >>All in all, it just takes a few idiots to make it a profitable deal. > >Yep. in this morning's email: > >-- snip >Get all your favorite RX Meds Online! >With discreet fast FEDEX shipping! No Prescription Needed! >Order Now - japena . com >-- snip > >All it hit was DATE_IN_PAST_06_12 :-( > >It's hitting DCC and RAZOR and yet another local rule now as well. >You gotta have a sense of humor about this spam stuff. >It really is just background noise.. oh.. and job security. Keep your SARE rules up to date. Make sure it gets tagged as spam properly and then forward to: US Pharma Spam: webcomplaints@ora.fda.gov UK Pharma Spam: info@mhra.gsi.gov.uk Intl Pharma Spam: drugs@interpol.int Use accordingly with IP and WhoIs. Mailing to these will not result in instant gratification.. but rest assured, if they can use your reports to tie in with an investigation, you may have helped nail one of these scum to the wall! Cheers! From damian at workgroupsolutions.com Wed Feb 14 17:51:55 2007 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Wed Feb 14 16:56:24 2007 Subject: Mqueue.in huge In-Reply-To: <200702141346.l1EDkYCU020707@netra.database.it> Message-ID: <0C941442AC84A8449448BA2207DD4F4D215CA4@core01.workgroupsolutions.com> You need to block more messages at the MTA level with tools like Sender Authentication which includes greylisting and recipient address validation - search for spamfree or milter-spamblocker which work great and are worth the money. Regards, Damian -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini Sent: Wednesday, February 14, 2007 5:47 AM To: 'MailScanner discussion' Subject: RE: Mqueue.in huge I've just upgrade mailscanner but I still have the problem. Let me refresh my configuration CentOS release 4.4 (Final) Kernel: 2.6.9-42.0.8.Elsmp Version : 4.58.9 Vendor: Electronics and Computer Science, University of Southampton Release : 1 Build Date: Thu Feb 1 16:02:58 2007 I still can't understand why but sometime (now often), spamassassin become slow and my mqueue.in grow until 2000 msg or more. The only solution I've found it's not use Spamasssin. If I have understood how mailscanner work, the blacklist set in mailscanner.conf are indipendent wich the ones used by spamassassin. Could be that some of this blacklist get to time to be connected ? I've attach my conf, I hope someone could finaly help me. Thanks again... Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marcello Anderlini > Sent: marted? 13 febbraio 2007 17.56 > To: 'MailScanner discussion' > Subject: RE: Mqueue.in huge > > But I have not MailWatch installed. > I think now the best things it's to upgrade Mailscanner and > see if things get better or not. > > Let me try. > > Thanks again. > > > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn > > Steen > > Sent: marted? 13 febbraio 2007 17.23 > > To: MailScanner discussion > > Subject: Re: Mqueue.in huge > > > > On 13/02/07, Marcello Anderlini wrote: > > > I make the symlink but the problem seem to be still presents. > > > Now my mqueue.in is running about 120/130 msg waiting and > > is growing. > > > The only way to decrease it is to not use spamassassin. > > Ok. > > > > > I notice anyway that msg are still marked spam using > black-list, I > > > suppose directly by Mailscanner and I can delete it if I > > change "Spam > > > Actions = deliver header "X-Spam-Status: Yes"" in Spam Actions = > > > delete. Could this be a solution ? > > Only a temporary one, IMO. You do want SA to have its say:-). > > > > > But How can I understand where spamassassin is slowing ? Can > > > spamassassin -D -t generate a log with timing ? > > Like the MailWatch thing? Unfortunately I know of no such thing > > (doesn't necessarily mean there is none:-). One could probably just > > change the MailWatch thing a bit so that it'd use a message and not > > really the --lint thing... Looking at that.... In > sa_lint.php around > > line 24 you could probably change if(!$fp = > popen(SA_DIR.'spamassassin > > -x -D -p '.SA_PREFS.' --lint 2>&1','r')) { to something > like if(!$fp = > > popen(SA_DIR.'spamassassin -x -D -t /path/to/your/test/message > > 2>&1','r')) { ... and then restart apache and your browser. > When you > > the run the "SA lint" on the Tools page, you should get a timed > > variant of that ... in theory, I've not tested this:-). > Keep a copy of > > the original file, just in case:-):-). > > > > > I'll update mailscanner as soon as possible. > > > > > Good plan. > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > Messaggio verificato dal servizio antivirus di Database Informatica > > > > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Messaggio verificato dal servizio antivirus di Database Informatica From glenn.steen at gmail.com Wed Feb 14 17:54:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 16:58:54 2007 Subject: Mqueue.in huge In-Reply-To: <200702141623.l1EGNsNT029412@netra.database.it> References: <45D33473.3030909@pacific.net> <200702141623.l1EGNsNT029412@netra.database.it> Message-ID: <223f97700702140854g118d4f1wdd7411e8f7fbd8a8@mail.gmail.com> On 14/02/07, Marcello Anderlini wrote: > This instead it's my init.pre > =========================== > ########################################################################### > > # RelayCountry - add metadata for Bayes learning, marking the countries > # a message was relayed through > # > # Note: This requires the IP::Country::Fast Perl module > # > # loadplugin Mail::SpamAssassin::Plugin::RelayCountry > > # URIDNSBL - look up URLs found in the message against several DNS > # blocklists. > # > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > # Hashcash - perform hashcash verification. > # > loadplugin Mail::SpamAssassin::Plugin::Hashcash > > # SPF - perform SPF verification. > # > loadplugin Mail::SpamAssassin::Plugin::SPF > =========================== > > Could I remove someone and still have a good spam detection ? > Sort of, yes. At least you can determine if it is what is slowing things down (start with the URIBL plugin, just comment it and restart MS)... But is that the only .pre file you have in /etc/mail/spamassassin? Likely not, and all will be read/used... Check them all. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From krgehlba at lexairinc.com Wed Feb 14 17:59:31 2007 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Wed Feb 14 17:04:04 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. In-Reply-To: <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> References: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> Message-ID: <45D33FF3.30002@lexairinc.com> shuttlebox wrote: > On 2/11/07, BB wrote: >> >> It's messing up my total scores causing spam not to be caught ? > > You could always reassign the score to any value you like: > > score BAYES_00 -0.5 > > Put that in a .cf file in the /etc/mail/spamassassin folder. > Or better yet, use sa-learn to relearn any spam marked BAYES_00. Or, for even better results, any spam not scoring BAYES_99. (While learning suitable ham, too.) The goal is not simply to lower the amount Bayes filtering messes up your scoring when it's wrong, continuing to permit it to assess spam incorrectly (if you don't want bayes to affect your scores, why use up the resources it requires?), but instead to have it actually correctly assess whether a message is in fact spam. Renee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Feb 14 18:22:52 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 14 17:27:19 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. In-Reply-To: <45D33FF3.30002@lexairinc.com> References: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> <45D33FF3.30002@lexairinc.com> Message-ID: <625385e30702140922i33c99fbfk51f588dfb8ef91ca@mail.gmail.com> On 2/14/07, Renee Gehlbach wrote: > Or better yet, use sa-learn to relearn any spam marked BAYES_00. Or, > for even better results, any spam not scoring BAYES_99. (While learning > suitable ham, too.) The goal is not simply to lower the amount Bayes > filtering messes up your scoring when it's wrong, continuing to permit > it to assess spam incorrectly (if you don't want bayes to affect your > scores, why use up the resources it requires?), but instead to have it > actually correctly assess whether a message is in fact spam. I agree with you on principle but to me Bayes is not as important as it used to be. With spammers using real text it's hard for it to do a good job. I would rather avoid the hassle of training it, to me it's not worth the effort but YMMV. -- /peter From r.berber at computer.org Wed Feb 14 18:48:52 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 14 17:53:40 2007 Subject: ClamAV 0.90, another bummer In-Reply-To: References: Message-ID: Jeff A. Earickson wrote: > More sad news on ClamAV 0.90 for you Solaris users... > > You have to configure it with --disable-bzip2, even if you have > the latest bzip2, version 1.0.4 installed. Clam expects a > shared library for bzip2, but the default makefile for bzip2 > just builds an archive lib. The "make -f Makefile-libbz2_so" > failed for me with Solaris 10 and gcc 4.1.0 so no shared bzip2 > lib, ergo no bzip2 in Clam. Solaris 10 ships with a shared bzip2 library, under /usr/lib, ClamAV compiles out of the box after you install gmp... only with other bzip2 installations there is a small problem: there is no symbolic link from libbz2.so to libbz2.so.1 or to the real library. -- Ren? Berber From Richard.Hall at ingenta.com Wed Feb 14 19:17:55 2007 From: Richard.Hall at ingenta.com (Richard.Hall) Date: Wed Feb 14 18:22:21 2007 Subject: ClamAV 0.90, another bummer In-Reply-To: Message-ID: On Wed, 14 Feb 2007, Ren? Berber wrote: > Jeff A. Earickson wrote: > > > More sad news on ClamAV 0.90 for you Solaris users... > > > > You have to configure it with --disable-bzip2, even if you have > > the latest bzip2, version 1.0.4 installed. Clam expects a > > shared library for bzip2, but the default makefile for bzip2 > > just builds an archive lib. The "make -f Makefile-libbz2_so" > > failed for me with Solaris 10 and gcc 4.1.0 so no shared bzip2 > > lib, ergo no bzip2 in Clam. > > Solaris 10 ships with a shared bzip2 library, under /usr/lib, ClamAV compiles > out of the box after you install gmp... only with other bzip2 installations > there is a small problem: there is no symbolic link from libbz2.so to > libbz2.so.1 or to the real library. > -- Is it just me?? My Solaris 8 and Solaris 9 machines also have this. I'm left wondering why anyone is installing it from SunFreeware in the first place? Now, if I could just understand this iconv stuff ... Richard From john at katy.com Wed Feb 14 19:25:53 2007 From: john at katy.com (John Schmerold) Date: Wed Feb 14 18:30:28 2007 Subject: OTBR: Is mail really getting through Message-ID: <45D35431.3000903@katy.com> Systems like Nagios do a fine job of making sure that an SMTP server is up, however it does not confirm mail is flowing. This morning, something was causing Postfix to throw "450 Server configuration problems" rejections (I think policyd died), a quick reboot solved the problem. I want to know about this before the phone rings. To me: a logical solution would be a program that sends emails every 10 minutes to itself through a relay, then checks its account via POP3 to make sure it got the message. If it doesn't get the email with 5 minutes it starts alerting me through SMS, fax, phone call whatever. Anyone know of such a beast? BTW: OTRB is OT But Related From john at netdirect.ca Wed Feb 14 19:35:14 2007 From: john at netdirect.ca (John Van Ostrand) Date: Wed Feb 14 18:39:46 2007 Subject: OTBR: Is mail really getting through In-Reply-To: <45D35431.3000903@katy.com> References: <45D35431.3000903@katy.com> Message-ID: <1171478114.7512.153.camel@venture.office.netdirect.ca> On Wed, 2007-02-14 at 12:25 -0600, John Schmerold wrote: > Systems like Nagios do a fine job of making sure that an SMTP server is > up, however it does not confirm mail is flowing. This morning, something > was causing Postfix to throw "450 Server configuration problems" > rejections (I think policyd died), a quick reboot solved the problem. > > I want to know about this before the phone rings. > > To me: a logical solution would be a program that sends emails every 10 > minutes to itself through a relay, then checks its account via POP3 to > make sure it got the message. If it doesn't get the email with 5 minutes > it starts alerting me through SMS, fax, phone call whatever. > > Anyone know of such a beast? > > BTW: OTRB is OT But Related Couldn't that be a Nagios script? Have a cron job submit the email at 1/5 (cron-speak) minutes, then have a Nagios script pull in at 0/5 to verify. That would give a full 4 minutes for the email server to process it. It would make sense to put a distinct tag in the email to make sure it sees the correct message. -- John Van Ostrand Net Direct Inc. CTO, co-CEO 564 Weber St. N. Unit 12 Waterloo, ON N2L 5C6 john@netdirect.ca ph: 518-883-1172 x5102 Linux Solutions / IBM Hardware fx: 519-883-8533 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070214/1fb09f40/attachment.bin From glenn.steen at gmail.com Wed Feb 14 19:39:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 18:44:04 2007 Subject: OTBR: Is mail really getting through In-Reply-To: <1171478114.7512.153.camel@venture.office.netdirect.ca> References: <45D35431.3000903@katy.com> <1171478114.7512.153.camel@venture.office.netdirect.ca> Message-ID: <223f97700702141039x5aa912jac60e2c2890dc30b@mail.gmail.com> On 14/02/07, John Van Ostrand wrote: > On Wed, 2007-02-14 at 12:25 -0600, John Schmerold wrote: > > Systems like Nagios do a fine job of making sure that an SMTP server is > > up, however it does not confirm mail is flowing. This morning, something > > was causing Postfix to throw "450 Server configuration problems" > > rejections (I think policyd died), a quick reboot solved the problem. > > > > I want to know about this before the phone rings. > > > > To me: a logical solution would be a program that sends emails every 10 > > minutes to itself through a relay, then checks its account via POP3 to > > make sure it got the message. If it doesn't get the email with 5 minutes > > it starts alerting me through SMS, fax, phone call whatever. > > > > Anyone know of such a beast? > > > > BTW: OTRB is OT But Related > > Couldn't that be a Nagios script? > > Have a cron job submit the email at 1/5 (cron-speak) minutes, then have > a Nagios script pull in at 0/5 to verify. That would give a full 4 > minutes for the email server to process it. It would make sense to put a > distinct tag in the email to make sure it sees the correct message. > Good suggestion. Another would be to try monitor policyd ... at least making sure it's there (this would be a very trivial script indeed:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Wed Feb 14 20:05:41 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Feb 14 19:10:24 2007 Subject: OTBR: Is mail really getting through In-Reply-To: <45D35431.3000903@katy.com> References: <45D35431.3000903@katy.com> Message-ID: <45D35D85.10604@netmagicsolutions.com> John Schmerold wrote: > Systems like Nagios do a fine job of making sure that an SMTP server is > up, however it does not confirm mail is flowing. This morning, something > was causing Postfix to throw "450 Server configuration problems" > rejections (I think policyd died), a quick reboot solved the problem. > > I want to know about this before the phone rings. > > To me: a logical solution would be a program that sends emails every 10 > minutes to itself through a relay, then checks its account via POP3 to > make sure it got the message. If it doesn't get the email with 5 minutes > it starts alerting me through SMS, fax, phone call whatever. > > Anyone know of such a beast? > > BTW: OTRB is OT But Related check_email_loop.pl in the contrib directory of the nagios-plugins distribution is the beast.. give it a try.. - dhawal From jaearick at colby.edu Wed Feb 14 20:09:02 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Feb 14 19:13:32 2007 Subject: ClamAV 0.90, another bummer In-Reply-To: References: Message-ID: On Wed, 14 Feb 2007, Richard.Hall wrote: > Date: Wed, 14 Feb 2007 18:17:55 +0000 (GMT) > From: Richard.Hall > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: ClamAV 0.90, another bummer > > > On Wed, 14 Feb 2007, Ren? Berber wrote: > >> Jeff A. Earickson wrote: >> >>> More sad news on ClamAV 0.90 for you Solaris users... >>> >>> You have to configure it with --disable-bzip2, even if you have >>> the latest bzip2, version 1.0.4 installed. Clam expects a >>> shared library for bzip2, but the default makefile for bzip2 >>> just builds an archive lib. The "make -f Makefile-libbz2_so" >>> failed for me with Solaris 10 and gcc 4.1.0 so no shared bzip2 >>> lib, ergo no bzip2 in Clam. >> >> Solaris 10 ships with a shared bzip2 library, under /usr/lib, ClamAV compiles >> out of the box after you install gmp... only with other bzip2 installations >> there is a small problem: there is no symbolic link from libbz2.so to >> libbz2.so.1 or to the real library. >> -- > > Is it just me?? My Solaris 8 and Solaris 9 machines also have this. I'm > left wondering why anyone is installing it from SunFreeware in the first > place? Doh!! You are right, there is a shared version in /usr/lib. I blew away the static version in /usr/local/lib, and clamav 0.90 compiled just fine. Many thanks! Jeff Earickson Colby College From ssilva at sgvwater.com Wed Feb 14 20:14:10 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 14 19:18:53 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> Message-ID: BB spake the following on 2/14/2007 5:53 AM: > > Who in the world would actually purchase(Viagra etc...) from these places ? > > Harvesting valid email address ? > > Bug the heck out of people like us ? > > Malicious payload if not already ? > Thats where I buy it! Along with the male member enlarging pills and the magic fat burner. Boy are all the women going to be after me!! << INSERT BIG ;-) >> -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Feb 14 20:22:06 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 14 19:30:25 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5812AD8624@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B5812AD8624@isabella.herefordshire.gov.uk> Message-ID: Randal, Phil spake the following on 2/14/2007 7:46 AM: > But what about the manual step of running > > upgrade_mailscanner_conf > upgrade_languages_conf > > AND CHECKING.... > > This will be completely overlooked in an automated "yum update" context. > Everything but the (AND CHECKING....) could be done in rpm macros. But then what would our bosses pay us the big bucks for? If I didn't work so hard, they would probably even charge me for the coffee! Actually, someone with decent coding skills could write a shell script to get the new version every month and do most of the work. It could do the upgrade of the scripts to a point of mailing a diff to the admin and stop there. But it only takes a few minutes a month to do it manually, unless you are testing the betas, then you have more time to spend with it anyway. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From sailer at bnl.gov Wed Feb 14 20:26:20 2007 From: sailer at bnl.gov (Tim Sailer) Date: Wed Feb 14 19:31:42 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> Message-ID: <20070214192620.GA3746@bnl.gov> On Wed, Feb 14, 2007 at 11:14:10AM -0800, Scott Silva wrote: > BB spake the following on 2/14/2007 5:53 AM: > > > > Who in the world would actually purchase(Viagra etc...) from these places ? > > > > Harvesting valid email address ? > > > > Bug the heck out of people like us ? > > > > Malicious payload if not already ? > > > Thats where I buy it! Along with the male member enlarging pills and the magic > fat burner. > Boy are all the women going to be after me!! Hey, who needs anyone else? I've won millions of dollars over and over again, I have an extremely large penis and very large breasts. Heck, I'm never leaving the house! :) Tim -- Tim Sailer DoE Intelligence and Counterintelligence - Cyber Division Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From ssilva at sgvwater.com Wed Feb 14 20:25:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 14 19:34:10 2007 Subject: OTBR: Is mail really getting through In-Reply-To: <45D35431.3000903@katy.com> References: <45D35431.3000903@katy.com> Message-ID: John Schmerold spake the following on 2/14/2007 10:25 AM: > Systems like Nagios do a fine job of making sure that an SMTP server is > up, however it does not confirm mail is flowing. This morning, something > was causing Postfix to throw "450 Server configuration problems" > rejections (I think policyd died), a quick reboot solved the problem. > > I want to know about this before the phone rings. > > To me: a logical solution would be a program that sends emails every 10 > minutes to itself through a relay, then checks its account via POP3 to > make sure it got the message. If it doesn't get the email with 5 minutes > it starts alerting me through SMS, fax, phone call whatever. > > Anyone know of such a beast? > > BTW: OTRB is OT But Related I have users that hit me up that fast! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Feb 14 20:47:57 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 14 19:52:48 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: <20070214192620.GA3746@bnl.gov> References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> <20070214192620.GA3746@bnl.gov> Message-ID: Tim Sailer spake the following on 2/14/2007 11:26 AM: > On Wed, Feb 14, 2007 at 11:14:10AM -0800, Scott Silva wrote: >> BB spake the following on 2/14/2007 5:53 AM: >>> Who in the world would actually purchase(Viagra etc...) from these places ? >>> >>> Harvesting valid email address ? >>> >>> Bug the heck out of people like us ? >>> >>> Malicious payload if not already ? >>> >> Thats where I buy it! Along with the male member enlarging pills and the magic >> fat burner. >> Boy are all the women going to be after me!! > > Hey, who needs anyone else? I've won millions of dollars over and over > again, I have an extremely large penis and very large breasts. Heck, > I'm never leaving the house! :) > > Tim > I'm still waiting for that Nigerian lawyer to transfer my millions into my bank account! Any day now!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.addis at pronet.co.nz Wed Feb 14 21:38:13 2007 From: brent.addis at pronet.co.nz (Brent Addis) Date: Wed Feb 14 20:48:33 2007 Subject: OTBR: Is mail really getting through References: <45D35431.3000903@katy.com> Message-ID: <7EF1F27F7292534D82933F70AB6996CC07AFB1@pro-ak-exch01.hosted.pronet.net.nz> What about one of these plugins for nagios that do... well, pretty much what you want? http://www.nagiosexchange.org/Search_Projects.43.0.html?tx_netnagext_pi1%5Bphrase%5D=email&tx_netnagext_pi1%5Bsearch%5D=1 ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of John Schmerold Sent: Thu 15/02/2007 7:25 a.m. To: mailscanner mailing list Subject: OTBR: Is mail really getting through Systems like Nagios do a fine job of making sure that an SMTP server is up, however it does not confirm mail is flowing. This morning, something was causing Postfix to throw "450 Server configuration problems" rejections (I think policyd died), a quick reboot solved the problem. I want to know about this before the phone rings. To me: a logical solution would be a program that sends emails every 10 minutes to itself through a relay, then checks its account via POP3 to make sure it got the message. If it doesn't get the email with 5 minutes it starts alerting me through SMS, fax, phone call whatever. Anyone know of such a beast? BTW: OTRB is OT But Related -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4637 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070215/73339dd7/attachment.bin From r.berber at computer.org Wed Feb 14 21:51:37 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Feb 14 20:56:32 2007 Subject: ClamAV 0.90, another bummer In-Reply-To: References: Message-ID: Richard.Hall wrote: > Is it just me?? My Solaris 8 and Solaris 9 machines also have this. I'm > left wondering why anyone is installing it from SunFreeware in the first > place? The Sunfreeware stuff is fine (usually), as pointed out by others 0.88.7 build fine w/o the link, something changed and I'm not sure if it was me (changing gcc and the new gcc being more strict about not using libbz2.so.1 only libbz2.so). Anyway the fast fix is creating the symbolic link. -- Ren? Berber From res at ausics.net Wed Feb 14 23:38:23 2007 From: res at ausics.net (Res) Date: Wed Feb 14 22:42:57 2007 Subject: Mqueue.in huge In-Reply-To: <200702141527.l1EFROJH011703@netra.database.it> References: <200702141527.l1EFROJH011703@netra.database.it> Message-ID: Hi, On Wed, 14 Feb 2007, Marcello Anderlini wrote: > But I do not use dcc/pyzor/razor, could you send me your MailScanner.conf to > compare with me ? As others have pointed out, this is in the sa prefs file Things I do are: dns_available no use_auto_whitelist 0 skip_rbl_checks 1 I've disabled the plugins for some things so: # paths to utilities #pyzor_path /usr/bin/pyzor #dcc_path /usr/local/bin/dccproc #dcc_home /var/dcc # Uncomment the lines below to stop using the specific service # To stop Razor2 checks, uncomment the following line # use_razor2 0 # To stop DCC checks, uncomment the following line # use_dcc 0 # To stop Pyzor checks, uncomment the following line # use_pyzor 0 #razor_timeout 10 #pyzor_timeout 10 in /etc/mail/spamassassin/v310.pre (or wherever it is on your system) comment out those 3 plugins. One last thing, if the above does not help you may need bayes_auto_learn 0 in local.cf Very lastly, set log speed = on and see where its falling down more, you may need to use a ramdrive as your /var/spool/MailScanner and make sure your spamassasin cache file is on that ramdrive as well. eg: SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Thu Feb 15 00:23:26 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 14 23:27:53 2007 Subject: What is the point of long rambling spam with gif attachments ? In-Reply-To: References: <787dcac20702140553u10d6c691r7d80075a42974698@mail.gmail.com> <20070214192620.GA3746@bnl.gov> Message-ID: <223f97700702141523u7c8b202pf73cdcbd3201ba55@mail.gmail.com> On 14/02/07, Scott Silva wrote: > Tim Sailer spake the following on 2/14/2007 11:26 AM: > > On Wed, Feb 14, 2007 at 11:14:10AM -0800, Scott Silva wrote: > >> BB spake the following on 2/14/2007 5:53 AM: > >>> Who in the world would actually purchase(Viagra etc...) from these places ? > >>> > >>> Harvesting valid email address ? > >>> > >>> Bug the heck out of people like us ? > >>> > >>> Malicious payload if not already ? > >>> > >> Thats where I buy it! Along with the male member enlarging pills and the magic > >> fat burner. > >> Boy are all the women going to be after me!! > > > > Hey, who needs anyone else? I've won millions of dollars over and over > > again, I have an extremely large penis and very large breasts. Heck, > > I'm never leaving the house! :) > > > > Tim > > > I'm still waiting for that Nigerian lawyer to transfer my millions into my > bank account! Any day now!!! > You silly silly men (or should I say boys:-).... Thanks for the chuckle though:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From chandler.lists at chapman.edu Thu Feb 15 00:45:25 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 14 23:49:54 2007 Subject: Site Rules Message-ID: <45D39F15.5080600@chapman.edu> I have a site rules directory that's NFS mounted to a central filestore. When I update a ruleset there, do I have to restart MailScanner, or will it detect this on the fly? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Failure to adjust for daylight savings time. From ssilva at sgvwater.com Thu Feb 15 00:51:25 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 14 23:56:24 2007 Subject: ClamAV 0.90 released In-Reply-To: <023501c75055$e88f5be0$0301a8c0@SAHOMELT> References: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> <023501c75055$e88f5be0$0301a8c0@SAHOMELT> Message-ID: Rick Cooper spake the following on 2/14/2007 8:33 AM: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Randal, Phil >> Sent: Wednesday, February 14, 2007 5:54 AM >> To: MailScanner discussion >> Subject: ClamAV 0.90 released >> >> Folks, >> >> Good news and bad news. >> >> First the good news - ClamAV 0.90 is now officially releases. >> >> And the bad - Mail::ClamAV has yet to be updated to work with it. >> >> Cheers, >> >> Phil >> -- > > I would think an update will take a while, they removed some entire > functions, and some have changed pretty major. Although notes inside the > last Mail::ClamAV dist would tend to make one believe the author was aware > of some of them at the time of the 0.90RCxx releases the changed yet again. > For instance the cl_scanbuffer was changed to cli_scanbuffer and now it > appears to have been replaced with cl_scanfile and no longer takes the same > arguments. I did manage to fix up the Mail::ClamAV package to a working > version but was going to need MS changes also. I ended up opting to use > clamd and clamdscan instead. If you decide to go that route you need to > remove the ExtraScanOptions from the wrapper, and remove the -r option from > SweepVirues.pm (or you will get a harmless error message telling you the -r > option was ignored). > > The clamdscan option seems to be pretty quick and works well. > > A Note to Julian: > > I was using the 0.90RC version on one server so I had to add some > code to SweepViruses to check the clamav version and modify the > $Scanners{clamav}->{CommonOptions} .= " --unrar=$rarcmd"; portion of > SweepViruses to check versions and if major is >= 0.90 then don't add the > --unrarcmd as 0.90 has a working unrar function. > > Rick I'm sure Julian would appreciate some tested patches to ease his workload. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From pete at enitech.com.au Thu Feb 15 04:55:33 2007 From: pete at enitech.com.au (Peter Russell) Date: Thu Feb 15 04:00:10 2007 Subject: ClamAV 0.90 released - and new SA 3.1.8 In-Reply-To: References: <86144ED6CE5B004DA23E1EAC0B569B5812AD848F@isabella.herefordshire.gov.uk> <023501c75055$e88f5be0$0301a8c0@SAHOMELT> Message-ID: <45D3D9B5.5010608@enitech.com.au> What we can we do to help with the a new sa-clamav installer? Scott Silva wrote: > Rick Cooper spake the following on 2/14/2007 8:33 AM: >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Randal, Phil >>> Sent: Wednesday, February 14, 2007 5:54 AM >>> To: MailScanner discussion >>> Subject: ClamAV 0.90 released >>> >>> Folks, >>> >>> Good news and bad news. >>> >>> First the good news - ClamAV 0.90 is now officially releases. >>> >>> And the bad - Mail::ClamAV has yet to be updated to work with it. >>> >>> Cheers, >>> >>> Phil >>> -- >> I would think an update will take a while, they removed some entire >> functions, and some have changed pretty major. Although notes inside the >> last Mail::ClamAV dist would tend to make one believe the author was aware >> of some of them at the time of the 0.90RCxx releases the changed yet again. >> For instance the cl_scanbuffer was changed to cli_scanbuffer and now it >> appears to have been replaced with cl_scanfile and no longer takes the same >> arguments. I did manage to fix up the Mail::ClamAV package to a working >> version but was going to need MS changes also. I ended up opting to use >> clamd and clamdscan instead. If you decide to go that route you need to >> remove the ExtraScanOptions from the wrapper, and remove the -r option from >> SweepVirues.pm (or you will get a harmless error message telling you the -r >> option was ignored). >> >> The clamdscan option seems to be pretty quick and works well. >> >> A Note to Julian: >> >> I was using the 0.90RC version on one server so I had to add some >> code to SweepViruses to check the clamav version and modify the >> $Scanners{clamav}->{CommonOptions} .= " --unrar=$rarcmd"; portion of >> SweepViruses to check versions and if major is >= 0.90 then don't add the >> --unrarcmd as 0.90 has a working unrar function. >> >> Rick > I'm sure Julian would appreciate some tested patches to ease his workload. > From chandler.lists at chapman.edu Thu Feb 15 05:43:57 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Thu Feb 15 04:48:30 2007 Subject: BAYES issues Message-ID: <45D3E50D.4030302@chapman.edu> Still having trouble getting Bayes to work. Followed the instructions at http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql. According to the below spamassassin lint, things SHOULD work perfectly. Below is the spamassassin command as run from cron as the postfix user. Why does it appear that the size of the Bayes database never changes from the starter file I uploaded? What should I be looking for in the logs? [51272] dbg: logger: adding facilities: all [51272] dbg: logger: logging level is DBG [51272] dbg: generic: SpamAssassin version 3.1.7 [51272] dbg: config: score set 0 chosen. [51272] dbg: util: running in taint mode? yes [51272] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [51272] dbg: util: PATH included '/etc', keeping [51272] dbg: util: PATH included '/bin', keeping [51272] dbg: util: PATH included '/sbin', keeping [51272] dbg: util: PATH included '/usr/bin', keeping [51272] dbg: util: PATH included '/usr/sbin', keeping [51272] dbg: util: final PATH set to: /etc:/bin:/sbin:/usr/bin:/usr/sbin [51272] dbg: message: ---- MIME PARSER START ---- [51272] dbg: message: main message type: text/plain [51272] dbg: message: parsing normal part [51272] dbg: message: added part, type: text/plain [51272] dbg: message: ---- MIME PARSER END ---- [51272] dbg: dns: is Net::DNS::Resolver available? yes [51272] dbg: dns: Net::DNS version: 0.59 [51272] dbg: diag: perl platform: 5.008008 freebsd [51272] dbg: diag: module installed: Digest::SHA1, version 2.11 [51272] dbg: diag: module installed: MIME::Base64, version 3.07 [51272] dbg: diag: module installed: HTML::Parser, version 3.56 [51272] dbg: diag: module installed: DB_File, version 1.814 [51272] dbg: diag: module installed: Net::DNS, version 0.59 [51272] dbg: diag: module installed: Net::SMTP, version 2.30 [51272] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [51272] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [51272] dbg: diag: module installed: Razor2::Client::Agent, version 2.82 [51272] dbg: diag: module installed: Net::Ident, version 1.20 [51272] dbg: diag: module installed: IO::Socket::INET6, version 2.51 [51272] dbg: diag: module installed: IO::Socket::SSL, version 1.02 [51272] dbg: diag: module installed: Time::HiRes, version 1.9704 [51272] dbg: diag: module installed: DBI, version 1.53 [51272] dbg: diag: module installed: Getopt::Long, version 2.35 [51272] dbg: diag: module installed: LWP::UserAgent, version 2.033 [51272] dbg: diag: module installed: HTTP::Date, version 1.47 [51272] dbg: diag: module installed: Archive::Tar, version 1.30 [51272] dbg: diag: module installed: IO::Zlib, version 1.04 [51272] dbg: ignore: using a test message to lint rules [51272] dbg: config: using "/usr/local/etc/mail/spamassassin" for site rules pre files [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/init.pre [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/v310.pre [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/v312.pre [51272] dbg: config: using "/var/lib/spamassassin/3.001007" for sys rules pre files [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org.pre [51272] dbg: config: using "/var/lib/spamassassin/3.001007" for default rules dir [51272] dbg: config: read file /var/lib/spamassassin/3.001007/00_fvgt_file001_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_header0_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_header1_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_html0_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_obfu0_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_obfu1_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_specific_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/72_sare_bml_post25x_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/88_fvgt_headers_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/99_fvgt_tripwire_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/99_sare_fraud_post25x_cf_sare_sa-update_dostech_net.cf [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf [51272] dbg: config: using "/usr/local/etc/mail/spamassassin" for site rules dir [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/20_dnsbl_ahbl.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_adult.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_genlsubj0.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_genlsubj1.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_header0.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_header1.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_html0.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_html1.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_obfu0.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_obfu1.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_oem.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_random.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_specific.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_spoof.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_stocks.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_unsub.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_uri0.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/70_sare_uri1.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/72_sare_bml_post25x.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/75_bad_domain.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/99_FVGT_Tripwire.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/99_sare_fraud_post25x.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/FuzzyOcr.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/backhair.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/bogus-virus-warnings.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/chickenpox.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/evilnumbers.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/imageinfo.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/mailscanner.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/mangled.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/random.cf [51272] dbg: config: read file /usr/local/etc/mail/spamassassin/weeds.cf [51272] dbg: config: mkdir /var/spool/postfix/.spamassassin failed: mkdir /var/spool/postfix/.spamassassin: Permission denied at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1530 [51272] dbg: config: Permission denied [51272] dbg: config: using "/usr/users/freebsd/spa/mailscanner.cf" for user prefs file [51272] dbg: config: read file /usr/users/freebsd/spa/mailscanner.cf [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9270490) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x92eb1d8) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x942e394) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [51272] dbg: dcc: local tests only, disabling DCC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x926322c) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [51272] dbg: pyzor: local tests only, disabling Pyzor [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x93fdd2c) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [51272] dbg: razor2: local tests only, skipping Razor [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x92acd5c) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [51272] dbg: reporter: local tests only, disabling SpamCop [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x92c9e74) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x945a17c) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x946897c) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9373bc4) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9381870) [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93940d0) [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/empty.pre [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/empty.pre" for included file [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/00_fvgt_file001_cf_sare_sa-update_dostech_net/200612231400.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/00_fvgt_file001_cf_sare_sa-update_dostech_net/200612231400.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/00_fvgt_file001_cf_sare_sa-update_dostech_net/200612231400.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net/200506020000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net/200510052000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net/200510052000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net/200510052000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net/200506020000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_header0_cf_sare_sa-update_dostech_net/200605212000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_header0_cf_sare_sa-update_dostech_net/200605212000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_header0_cf_sare_sa-update_dostech_net/200605212000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_header1_cf_sare_sa-update_dostech_net/200605212000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_header1_cf_sare_sa-update_dostech_net/200605212000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_header1_cf_sare_sa-update_dostech_net/200605212000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_html0_cf_sare_sa-update_dostech_net/200606040500.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_html0_cf_sare_sa-update_dostech_net/200606040500.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_html0_cf_sare_sa-update_dostech_net/200606040500.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_obfu0_cf_sare_sa-update_dostech_net/200510012000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_obfu0_cf_sare_sa-update_dostech_net/200510012000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_obfu0_cf_sare_sa-update_dostech_net/200510012000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_obfu1_cf_sare_sa-update_dostech_net/200510012000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_obfu1_cf_sare_sa-update_dostech_net/200510012000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_obfu1_cf_sare_sa-update_dostech_net/200510012000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_specific_cf_sare_sa-update_dostech_net/200605280300.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_specific_cf_sare_sa-update_dostech_net/200605280300.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_specific_cf_sare_sa-update_dostech_net/200605280300.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net/200701151000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net/200701151000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net/200701151000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net/200702091000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net/200702091000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net/200702091000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net/200608271034.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net/200608271034.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net/200608271034.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/72_sare_bml_post25x_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/72_sare_bml_post25x_cf_sare_sa-update_dostech_net/200506020000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/72_sare_bml_post25x_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net/200605160300.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net/200605160300.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/72_sare_redirect_post3_0_0_cf_sare_sa-update_dostech_net/200605160300.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/88_fvgt_headers_cf_sare_sa-update_dostech_net/200701020900.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/88_fvgt_headers_cf_sare_sa-update_dostech_net/200701020900.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/88_fvgt_headers_cf_sare_sa-update_dostech_net/200701020900.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/99_fvgt_tripwire_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/99_fvgt_tripwire_cf_sare_sa-update_dostech_net/200506020000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/99_fvgt_tripwire_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/99_sare_fraud_post25x_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/99_sare_fraud_post25x_cf_sare_sa-update_dostech_net/200506020000.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/99_sare_fraud_post25x_cf_sare_sa-update_dostech_net/200506020000.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/10_misc.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/10_misc.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/10_misc.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_advance_fee.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_advance_fee.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_advance_fee.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_anti_ratware.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_anti_ratware.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_anti_ratware.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_body_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_body_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_body_tests.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_compensate.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_compensate.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_compensate.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_dnsbl_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_dnsbl_tests.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_drugs.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_drugs.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_drugs.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_fake_helo_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_fake_helo_tests.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_head_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_head_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_head_tests.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_html_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_html_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_html_tests.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_meta_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_meta_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_meta_tests.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_net_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_net_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_net_tests.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_phrases.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_phrases.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_phrases.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_porn.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_porn.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_porn.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_ratware.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_ratware.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_ratware.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_uri_tests.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_uri_tests.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_uri_tests.cf [51272] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [51272] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [51272] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [51272] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [51272] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [51272] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i [51272] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [51272] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i [51272] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i [51272] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i [51272] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i [51272] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/23_bayes.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/23_bayes.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/23_bayes.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_accessdb.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_accessdb.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_accessdb.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_antivirus.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_antivirus.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_antivirus.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_body_tests_es.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_body_tests_es.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_body_tests_es.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_body_tests_pl.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_body_tests_pl.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_body_tests_pl.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_dcc.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_dcc.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_dcc.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_dkim.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_dkim.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_dkim.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_domainkeys.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_domainkeys.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_domainkeys.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_hashcash.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_hashcash.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_hashcash.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_pyzor.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_pyzor.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_pyzor.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_razor2.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_razor2.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_razor2.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_replace.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_replace.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_replace.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_spf.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_spf.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_spf.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_textcat.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_textcat.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_textcat.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_uribl.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/25_uribl.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/25_uribl.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_de.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_de.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_de.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_fr.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_fr.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_fr.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_nl.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_nl.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_nl.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_pl.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_pl.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_pl.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_pt_br.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_pt_br.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/30_text_pt_br.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/50_scores.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/50_scores.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/50_scores.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_awl.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/60_awl.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_awl.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_dk.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_dk.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_dk.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_dkim.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_dkim.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_spf.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_spf.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_spf.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_subject.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_subject.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/60_whitelist_subject.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/70_iadb.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/70_iadb.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/70_iadb.cf [51272] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/80_additional.cf [51272] dbg: config: using "/var/lib/spamassassin/3.001007/updates_spamassassin_org/80_additional.cf" for included file [51272] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/80_additional.cf [51272] dbg: plugin: loading Mail::SpamAssassin::Plugin::FuzzyOcr from @INC [51272] dbg: plugin: registered Mail::SpamAssassin::Plugin::FuzzyOcr=HASH(0x9e9a070) [51272] dbg: plugin: Mail::SpamAssassin::Plugin::FuzzyOcr=HASH(0x9e9a070) implements 'parse_config' [51272] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93940d0) implements 'finish_parsing_end' [51272] dbg: replacetags: replacing tags [51272] dbg: replacetags: done replacing tags [51272] dbg: bayes: using username: root [51272] dbg: bayes: database connection established [51272] dbg: bayes: found bayes db version 3 [51272] dbg: bayes: Using userid: 3 [51272] dbg: config: score set 2 chosen. [51272] dbg: message: ---- MIME PARSER START ---- [51272] dbg: message: main message type: text/plain [51272] dbg: message: parsing normal part [51272] dbg: message: added part, type: text/plain [51272] dbg: message: ---- MIME PARSER END ---- [51272] dbg: dns: is DNS available? 0 [51272] dbg: metadata: X-Spam-Relays-Trusted: [51272] dbg: metadata: X-Spam-Relays-Untrusted: [51272] dbg: metadata: X-Spam-Relays-Internal: [51272] dbg: metadata: X-Spam-Relays-External: [51272] dbg: message: no encoding detected [51272] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9270490) implements 'parsed_metadata' [51272] dbg: rules: local tests only, ignoring RBL eval [51272] dbg: check: running tests for priority: 0 [51272] dbg: rules: running header regexp tests; score so far=0 [51272] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [51272] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1171514341@lint_rules> [51272] dbg: rules: " [51272] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [51272] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got hit: "i" [51272] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1171514341" [51272] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [51272] dbg: eval: all '*To' addrs: [51272] dbg: rules: ran eval rule NO_RELAYS ======> got hit [51272] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [51272] dbg: rules: running body-text per-line regexp tests; score so far=-0.001 [51272] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [51272] dbg: uri: running uri tests; score so far=-0.001 [51272] dbg: bayes: corpus size: nspam = 1736, nham = 1745 [51272] dbg: bayes: tok_get_all: token count: 20 [51272] dbg: bayes: score = 0.130866336254804 [51272] dbg: rules: ran eval rule BAYES_20 ======> got hit [51272] dbg: rules: running raw-body-text per-line regexp tests; score so far=-0.741 [51272] dbg: rules: running full-text regexp tests; score so far=-0.741 [51272] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9270490) implements 'check_tick' [51272] dbg: check: running tests for priority: 500 [51272] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9270490) implements 'check_post_dnsbl' [51272] dbg: rules: running meta tests; score so far=-0.741 [51272] info: rules: meta test SARE_SUB_ACCEPT_CCARDS has undefined dependency '__SARE_SUB_FROM_PAYPAL' [51272] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' [51272] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' [51272] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' [51272] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' [51272] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' [51272] info: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' [51272] info: rules: meta test ACKME_OBFURL1 has undefined dependency 'ACKME_OBFURL1c' [51272] info: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' [51272] info: rules: meta test FP_MIXED_PORN3 has undefined dependency 'FP_PENETRATION' [51272] dbg: rules: running header regexp tests; score so far=1.416 [51272] dbg: rules: running body-text per-line regexp tests; score so far=1.416 [51272] dbg: uri: running uri tests; score so far=1.416 [51272] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.416 [51272] dbg: rules: running full-text regexp tests; score so far=1.416 [51272] dbg: check: running tests for priority: 900 [51272] dbg: rules: running meta tests; score so far=1.416 [51272] dbg: rules: running header regexp tests; score so far=1.416 [51272] dbg: rules: running body-text per-line regexp tests; score so far=1.416 [51272] dbg: uri: running uri tests; score so far=1.416 [51272] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.416 [51272] dbg: rules: running full-text regexp tests; score so far=1.416 [51272] dbg: check: running tests for priority: 1000 [51272] dbg: rules: running meta tests; score so far=1.416 [51272] dbg: rules: running header regexp tests; score so far=1.416 [51272] dbg: rules: running body-text per-line regexp tests; score so far=1.416 [51272] dbg: uri: running uri tests; score so far=1.416 [51272] dbg: rules: running raw-body-text per-line regexp tests; score so far=1.416 [51272] dbg: rules: running full-text regexp tests; score so far=1.416 [51272] dbg: check: is spam? score=1.416 required=5 [51272] dbg: check: tests=BAYES_20,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [51272] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Failure to adjust for daylight savings time. From a.peacock at chime.ucl.ac.uk Thu Feb 15 09:43:51 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 15 08:49:02 2007 Subject: BAYES issues In-Reply-To: <45D3E50D.4030302@chapman.edu> References: <45D3E50D.4030302@chapman.edu> Message-ID: <45D41D47.4060501@chime.ucl.ac.uk> Hi Jay, Jay Chandler wrote: > Still having trouble getting Bayes to work. > > Followed the instructions at > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql. > According to the below spamassassin lint, things SHOULD work perfectly. > > Below is the spamassassin command as run from cron as the postfix user. > Why does it appear that the size of the Bayes database never changes > from the starter file I uploaded? What should I be looking for in the > logs? > > [51272] dbg: logger: adding facilities: all > [51272] dbg: logger: logging level is DBG > [51272] dbg: check: > tests=BAYES_20,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE > [51272] dbg: check: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID This message got a BAYES_20 score. Your SA is using Bayes correctly. Why don't you think it is working? To change the size of the database you will need to make sure the Bayes system is learning new messages. I would recommend that you do this manually to start with, using the sa-learn command: http://spamassassin.apache.org/full/3.1.x/doc/sa-learn.html Feed it as many examples of your site's ham and spam as possible. Bayes is very sensitive to differences in 'types' of emails at sites, so a starter database may not be particularly relevant to your mail stream. Once you have it scoring accurately you could turn on Bayes auto-learn, but if you are going to do this I would suggest adjusting the threshold values, these are the ones I use: bayes_auto_learn_threshold_nonspam -0.1 bayes_auto_learn_threshold_spam 12.0 These are placed in SA's local.cf file. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From a.peacock at chime.ucl.ac.uk Thu Feb 15 09:53:09 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 15 08:57:44 2007 Subject: Why is BAYES_00 -2.60 scoring low like this. In-Reply-To: <625385e30702140922i33c99fbfk51f588dfb8ef91ca@mail.gmail.com> References: <787dcac20702111454g51410f25p5e0cc32d0e1aa3ab@mail.gmail.com> <625385e30702120930v61abddccx66d0f52f805a7d83@mail.gmail.com> <45D33FF3.30002@lexairinc.com> <625385e30702140922i33c99fbfk51f588dfb8ef91ca@mail.gmail.com> Message-ID: <45D41F75.7060903@chime.ucl.ac.uk> shuttlebox wrote: > On 2/14/07, Renee Gehlbach wrote: >> Or better yet, use sa-learn to relearn any spam marked BAYES_00. Or, >> for even better results, any spam not scoring BAYES_99. (While learning >> suitable ham, too.) The goal is not simply to lower the amount Bayes >> filtering messes up your scoring when it's wrong, continuing to permit >> it to assess spam incorrectly (if you don't want bayes to affect your >> scores, why use up the resources it requires?), but instead to have it >> actually correctly assess whether a message is in fact spam. > > I agree with you on principle but to me Bayes is not as important as > it used to be. With spammers using real text it's hard for it to do a > good job. I would rather avoid the hassle of training it, to me it's > not worth the effort but YMMV. YMMV But I have to disagree with that sentiment. Bayes is extremely accurate for our systems. And feeding in the odd FP and FN takes no time or effort at all. According to my MailWatch stats: BAYES_99 hit 96.8% spam BAYES_00 hit 89.1% ham I keep the Bayes scores as per the distribution and in combination with the other rulesets I 99.5% of all spam on average. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From lhaig at haigmail.com Thu Feb 15 10:06:34 2007 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 15 09:11:04 2007 Subject: OT---Sendmail Message-ID: <45D4229A.4050907@haigmail.com> I have tried a few things but I can't seem to get this to work. When my logwatch runs for my MS servers the from address is always root@loalhost.localdomain Where do I go to customise this? Thanks Lance From lhaig at haigmail.com Thu Feb 15 11:32:11 2007 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 15 10:36:39 2007 Subject: OT---Sendmail In-Reply-To: <45D4229A.4050907@haigmail.com> References: <45D4229A.4050907@haigmail.com> Message-ID: <45D436AB.5080106@haigmail.com> Nevermind my next google sorted me out Lance Lance Haig wrote: > I have tried a few things but I can't seem to get this to work. > > When my logwatch runs for my MS servers the from address is always > root@loalhost.localdomain > > Where do I go to customise this? > > Thanks > > Lance > From m.anderlini at database.it Thu Feb 15 11:55:57 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Feb 15 11:00:28 2007 Subject: Body msg as attach In-Reply-To: Message-ID: <200702151055.l1FAtt7V024962@netra.database.it> Hello to all, after I upgrade mailscanner to last stable version some clients notice me that the body msg compare also as attachment. Any suggest how to remove it ? Thanks and best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From m.anderlini at database.it Thu Feb 15 11:58:03 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Feb 15 11:02:35 2007 Subject: Mqueue.in huge In-Reply-To: Message-ID: <200702151058.l1FAw1AY026847@netra.database.it> Thanks to all for your kindly help, now I've set skip_rbl_checks 1 and it seems is going better. I'll try yours suggestion just in case of new troubles. Thanks again... Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: mercoledì 14 febbraio 2007 23.38 > To: MailScanner discussion > Subject: RE: Mqueue.in huge > > Hi, > > On Wed, 14 Feb 2007, Marcello Anderlini wrote: > > > But I do not use dcc/pyzor/razor, could you send me your > > MailScanner.conf to compare with me ? > > As others have pointed out, this is in the sa prefs file > Things I do are: > > dns_available no > use_auto_whitelist 0 > skip_rbl_checks 1 > > I've disabled the plugins for some things so: > # paths to utilities > #pyzor_path /usr/bin/pyzor > #dcc_path /usr/local/bin/dccproc > #dcc_home /var/dcc > > # Uncomment the lines below to stop using the specific > service # To stop Razor2 checks, uncomment the following line > # use_razor2 0 > # To stop DCC checks, uncomment the following line > # use_dcc 0 > # To stop Pyzor checks, uncomment the following line > # use_pyzor 0 > > #razor_timeout 10 > #pyzor_timeout 10 > > in /etc/mail/spamassassin/v310.pre (or wherever it is on your > system) comment out those 3 plugins. > > > One last thing, if the above does not help you may need > bayes_auto_learn 0 in local.cf > > Very lastly, set log speed = on and see where its falling > down more, you may need to use a ramdrive as your > /var/spool/MailScanner and make sure your spamassasin cache > file is on that ramdrive as well. > > eg: SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > > > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From andrew.frazer at sententia.co.nz Thu Feb 15 12:20:53 2007 From: andrew.frazer at sententia.co.nz (Andrew Frazer) Date: Thu Feb 15 11:25:29 2007 Subject: FSL is a joke?? I don't think so.. In-Reply-To: <200702122314.l1CNDuhF003468@safir.blacknight.ie> Message-ID: I just saw this in the digest, and it really suprized me. I've had FSL do some work for me, and I give them rave reviews! Very polite, professional and a very good job done for me, and I defintly will be using them again shortly.. No complaints at all from me.. And I'd recommend them to anyone that needs a hand with Mailscanner / Mailwatch. I hope that brings some balance to the story! On 13/2/07 12:14 PM, "mailscanner-request@lists.mailscanner.info" wrote: > ----------------------------- > > Message: 11 > Date: Mon, 12 Feb 2007 21:37:09 +0000 > From: emm1 > Subject: Re: OT: Hiring > To: "MailScanner discussion" > Message-ID: > <910ee2ac0702121337k43da7d2fsdf232ff1c0cffc2d@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Service provided by FSL is a joke. We've had nothing but problems with > this DefenderMX, it was poorly setup, they didn't optimize the server > to it's fullest and now we noticed that when they installed it in > december they used a DEMO licence which expired today and no reply > from them yet to fix this. From rcooper at dwford.com Thu Feb 15 13:36:21 2007 From: rcooper at dwford.com (Rick Cooper) Date: Thu Feb 15 12:40:59 2007 Subject: ClamAV 0.90 released In-Reply-To: Message-ID: <000f01c750fd$e6ddc4f0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: Wednesday, February 14, 2007 6:51 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: ClamAV 0.90 released > > Rick Cooper spake the following on 2/14/2007 8:33 AM: > > [...] > > A Note to Julian: > > > > I was using the 0.90RC version on one server so I had > to add some > > code to SweepViruses to check the clamav version and modify the > > $Scanners{clamav}->{CommonOptions} .= " --unrar=$rarcmd"; portion of > > SweepViruses to check versions and if major is >= 0.90 then > don't add the > > --unrarcmd as 0.90 has a working unrar function. > > > > Rick > I'm sure Julian would appreciate some tested patches to ease > his workload. > > -- > I would have get a newer version of MailScanner (running 4.52.2) to offer patches. I haven't updated in a while because I still have a couple of local patches I need to maintain and the last time there was a lot of code change I simply didn't had the time to rebuild working patches. I will see what I can do. There isn't much to change, except checking clamav version to exclude using an external rar if the version is 0.90+ Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From amoore at dekalbmemorial.com Thu Feb 15 14:42:36 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Feb 15 13:47:10 2007 Subject: Mqueue.in huge In-Reply-To: References: <200702141527.l1EFROJH011703@netra.database.it> Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F9A98D@exch1.dekalbmemorial.local> When I had problems with SpamAssassin being really slow I moved bayes and the awl to using SQL for the backend. If you are using dcc, make sure you are using dccifd instead of dccproc. Are you running a caching name server on your MailScanner box? -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From chandler.lists at chapman.edu Thu Feb 15 15:07:59 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Thu Feb 15 14:12:33 2007 Subject: BAYES issues In-Reply-To: <45D41D47.4060501@chime.ucl.ac.uk> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> Message-ID: <45D4693F.4030504@chapman.edu> Anthony Peacock wrote: > This message got a BAYES_20 score. Your SA is using Bayes correctly. > > Why don't you think it is working? aconcagua# cat /var/log/maillog |grep BAYES Feb 15 01:24:24 aconcagua MailScanner[57909]: Message A60174554E.EC45D from 65.54.246.232 (bf1997@hotmail.fr) to chapman.edu is spam, SpamAssassin (not cached, score=8.308, required 6, SARE_BAYES_5x7 0.60, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, SARE_FRAUD_X6 1.67, SARE_MILLIONSOF 0.32, SARE_URGBIZ 0.72) Feb 15 05:44:29 aconcagua MailScanner[98220]: Message 55C7A455C4.48148 from 146.142.40.232 (bounce-ximpim-351275@list.bls.gov) to chapman.edu is not spam, SpamAssassin (not cached, score=3.5, required 6, MANGLED_MEDS 2.30, SARE_BAYES_5x7 0.60, SARE_BAYES_6x7 0.60) aconcagua# This is for approximately ten thousand messages since six hours ago. Do I need a Bayes rule that defines scores for each level? I'm not sure I have one by default... > > -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: T-1's congested due to porn traffic to the news server. From am.lists at gmail.com Thu Feb 15 15:12:57 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 14:17:27 2007 Subject: [Semi-OT] Advice on large webmail setup In-Reply-To: References: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> Message-ID: <25a66d840702150612q734f1a6co8c0bdf83c7588e6c@mail.gmail.com> Another alternative that would be Linux (as opposed to somewhat proprietary HP/HP-UX implementation) I know that you have "no further information" -- but based purely on webhits (which we can interpret as some ratio of sending vs receiving mail, image (gui element) retrievals, etc.), Doing purely bogus linear math, 40M webhits / 600K users = only 67 webhits per user per month. That number could be attained by all of the users hitting the site at exactly the same time, or perfectly evenly distributed over the course of the month. Having run this stuff myself, I would say that probably 10% of the users make up 90% of the traffic. Maybe 20/80, but it's still some curve that looks like this. That being said, let's take a 20% estimate. 40MM/mo * 80% = 32MM just for that 20% of the users. 20% of the users = 120K users. Let's say that the 20% of the users are working the 10-ish hour day x 5 days/week and concentrate that usage during that time. Further reducing this down, I would estimate a number that says you need to support approximately 2750 gets/posts per second on your web front ends. Now. How to get 2750 gets/posts per second. Apache surely can achieve this but you have to spread it out. I, like Res, am a fan of Foundry's products. But I'm also a fan of the F5 line too. The F5 Big-IP stuff is quite comparable to Foundry in terms of functionality, but I favor the F5 on management interface. My setup would look like this: "Hardware load balancer out front" Webmail farm: 10 x Dual-Proc Intel/AMD-style boxes, Linux (CentOS 4 or RHEL 4). As for the software, I'm not an expert in Web GUI for mail. I've used Squirrel, Horde, and a slew of commercial ones. Whatever is suitable. ---Firewall to protect the frontends from the backends--- Backends: Centralized MySQL on a quad-cpu box, 16GB memory. Qmail/Mailscanner/SA: distributed across multiple boxes... but with centralized storage Storage: If you have 600K users with 10MB each, that pulls just under 6TB of data. The HP MSA stuff can give you that kind of storage in a mini-SAN (or NAS if you like) configuration. This could readily assign enough storage to both the SQL and Mail Store file systems. Angelo From steve.swaney at fsl.com Thu Feb 15 15:19:45 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Feb 15 14:24:16 2007 Subject: Site Rules In-Reply-To: <45D39F15.5080600@chapman.edu> References: <45D39F15.5080600@chapman.edu> Message-ID: <024f01c7510c$580b6e30$08224a90$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jay Chandler > Sent: Wednesday, February 14, 2007 6:45 PM > To: MailScanner discussion > Subject: Site Rules > > I have a site rules directory that's NFS mounted to a central > filestore. > > When I update a ruleset there, do I have to restart MailScanner, or > will > it detect this on the fly? > You'll need to reload MailScanner. No need to restart the MTA. The method to do this varies slightly depending on the Operating System but in Linux it's: service MailScanner reload Steve Steve Swaney steve@fsl.com From christiannygaard at gmail.com Thu Feb 15 15:40:13 2007 From: christiannygaard at gmail.com (Christian Nygaard) Date: Thu Feb 15 14:44:43 2007 Subject: blocking access to certain aliases based on domain or ip? Message-ID: <4d4321660702150640w2e7300dp13201fe28ae84b6e@mail.gmail.com> I'm using a Postfix and a Mailscanner setup. How do I only allow access to certain email alias addresses in /etc/postfix/aliases based on the sender domain or ip. In this case my own domain is example.com and it contains an examplealias which points to certain local users. Users from outside the network/domain may not send email to that alias. Only allow Mail to: examplealias@example.com From: example.com or 192.168.0.0/24 (if its a ip block or domain block doesnt matter) Recejet all other senders trying to send email to examplealias@example.com (It would be nice if one could return an SMTP error code if the sender is not allowed to send to the alias.) How do I do that? Thanks for your input! Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070215/c7fd5d47/attachment.html From am.lists at gmail.com Thu Feb 15 16:15:49 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 15:20:20 2007 Subject: Recent issue with SORBS Message-ID: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> I would prefix the suffix with OT, but this list seems pretty forgiving for topics that shift a bit. Our SMTP server (outbound) has an IP that is in a block that was assigned to us (we own about 40 IPs in the entire /24). Now, as the result of some other other customer's behavior, we have hoops to jump through to get off of that list. We contacted SORBS: They said that "it's up to [us] to choose where we want to be hosted, and we're currently hosting in the Internet equivalent of a crack slum" We contacted our Host Facility: They said that SORBS is essentially an extortionist organization. They ask you to pay a fine ($50) to delist the block. As a large organization, sometimes customers do send a message that is classified as spam. As a responsible hosting provider, they deal with them accordingly. Specifically, if one of the blacklists notifies them of an infraction, they give the customer one warning. There is no second warning and their account is turned off. So. We have two very different points of view. Who's right? Does anyone else have any experience with this sort of thing one way or the other? I believe we have our single-IP whitelisted on SORBS for now, but it sounds like this is an ugly, ugly situation. Angelo From am.lists at gmail.com Thu Feb 15 16:21:24 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 15:25:58 2007 Subject: Recent issue with SORBS In-Reply-To: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> Message-ID: <25a66d840702150721h29bbce4cu35f6301b620e3072@mail.gmail.com> Man, it's been a long morning. This: > Our SMTP server (outbound) has an IP that is in a block that was > assigned to us (we own about 40 IPs in the entire /24). Was supposed to say: Our SMTP server (outbound) has an IP that is in a block that was assigned to us (we own about 40 IPs in the entire /24). About two weeks ago, the whole /24 block was blacklisted at SORBS. From ka at pacific.net Thu Feb 15 17:26:46 2007 From: ka at pacific.net (Ken A) Date: Thu Feb 15 16:27:30 2007 Subject: Recent issue with SORBS In-Reply-To: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> Message-ID: <45D489C6.7000609@pacific.net> am.lists wrote: > I would prefix the suffix with OT, but this list seems pretty > forgiving for topics that shift a bit. > > Our SMTP server (outbound) has an IP that is in a block that was > assigned to us (we own about 40 IPs in the entire /24). > > Now, as the result of some other other customer's behavior, we have > hoops to jump through to get off of that list. > > We contacted SORBS: They said that "it's up to [us] to choose where > we want to be hosted, and we're currently hosting in the Internet > equivalent of a crack slum" That's the killer right there. You will find yourself listed by SORBS, and probably re-listed even if you pay the 'donation to charity' that they require in some cases. SORBS and others tend to list on /24 or larger blocks, probably just for ease of maintenance. Do a reverse lookup on all the IPs in your range. If they come back as 'xxx' 'marketing' and 'warez' or similar, move your hosting. It's not worth the pain. :-\ Ken A. Pacific.Net > We contacted our Host Facility: They said that SORBS is essentially an > extortionist organization. They ask you to pay a fine ($50) to delist > the block. As a large organization, sometimes customers do send a > message that is classified as spam. As a responsible hosting provider, > they deal with them accordingly. Specifically, if one of the > blacklists notifies them of an infraction, they give the customer one > warning. There is no second warning and their account is turned off. > > So. We have two very different points of view. Who's right? Does > anyone else have any experience with this sort of thing one way or the > other? > > I believe we have our single-IP whitelisted on SORBS for now, but it > sounds like this is an ugly, ugly situation. > > Angelo From steve.freegard at fsl.com Thu Feb 15 17:24:09 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Feb 15 16:28:41 2007 Subject: OT: Re: Recent issue with SORBS In-Reply-To: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> Message-ID: <45D48929.20806@fsl.com> Hi Angelo, am.lists wrote: > We contacted our Host Facility: They said that SORBS is essentially an > extortionist organization. They ask you to pay a fine ($50) to delist > the block. As a large organization, sometimes customers do send a > message that is classified as spam. As a responsible hosting provider, > they deal with them accordingly. Specifically, if one of the > blacklists notifies them of an infraction, they give the customer one > warning. There is no second warning and their account is turned off. I'm no fan of SORBS or their listing or de-listing policies, but what your hosting facility is telling you doesn't feel particularly right. Only companies such as AOL and Spamcop that provide the ability for their users to report spam back to them provide the means for the provider to notify the owner of the netblock (who has to register their IP ranges) via a FBL (feedback loop). RBLs like Spamhaus, CBL and SORBS do not have FBL mechanisms so the Hosting Facility would not receive a notice for these listings. I would check your entire /24 block in zen.spamhaus.org and list.dsbl.org and see if any of the IP addresses within the block are listed. If there are any listings present then go back to your host and call their bluff. A quick bit of shell-script can help here - e.g. if your /24 is 192.168.1.0/24 then: for i in `seq 1 1 254`; do host $i.1.168.192.zen.spamhaus.org | grep -i 'has address'; done Would give you a list of all the listed IPs. If not - then their isn't much you can do about the SORBS listing as they are notorious for such practices. Kind regards, Steve. From sandrews at andrewscompanies.com Thu Feb 15 17:25:24 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Feb 15 16:29:54 2007 Subject: Recent issue with SORBS References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A10A@winchester.andrewscompanies.com> SORBS seems to justify their shitty attitudes by the fact that they are volunteers...whatever. They do have a point though; companies that use the SORBS database do it by choice. I just wish fewer would make that choice. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of am.lists Sent: Thursday, February 15, 2007 10:16 AM To: MailScanner discussion Subject: Recent issue with SORBS I would prefix the suffix with OT, but this list seems pretty forgiving for topics that shift a bit. Our SMTP server (outbound) has an IP that is in a block that was assigned to us (we own about 40 IPs in the entire /24). Now, as the result of some other other customer's behavior, we have hoops to jump through to get off of that list. We contacted SORBS: They said that "it's up to [us] to choose where we want to be hosted, and we're currently hosting in the Internet equivalent of a crack slum" We contacted our Host Facility: They said that SORBS is essentially an extortionist organization. They ask you to pay a fine ($50) to delist the block. As a large organization, sometimes customers do send a message that is classified as spam. As a responsible hosting provider, they deal with them accordingly. Specifically, if one of the blacklists notifies them of an infraction, they give the customer one warning. There is no second warning and their account is turned off. So. We have two very different points of view. Who's right? Does anyone else have any experience with this sort of thing one way or the other? I believe we have our single-IP whitelisted on SORBS for now, but it sounds like this is an ugly, ugly situation. Angelo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From am.lists at gmail.com Thu Feb 15 17:39:29 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 16:44:08 2007 Subject: OT: Re: Recent issue with SORBS In-Reply-To: <45D48929.20806@fsl.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D48929.20806@fsl.com> Message-ID: <25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com> On 2/15/07, Steve Freegard wrote: > I would check your entire /24 block in zen.spamhaus.org and > list.dsbl.org and see if any of the IP addresses within the block are > listed. If there are any listings present then go back to your host and > call their bluff. Checked the entire block. Clean on both zen.spamhaus.org and list.dsbl.org. Guess we're stuck with the snobs at SORBS. I will likely be disabling them from my scanning, since I know, now firsthand, how they operate. /Angelo From wolfgang at sweet-haven.com Thu Feb 15 17:59:13 2007 From: wolfgang at sweet-haven.com (Lew Wolfgang) Date: Thu Feb 15 17:03:53 2007 Subject: OT: Re: Recent issue with SORBS In-Reply-To: <25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D48929.20806@fsl.com> <25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com> Message-ID: <45D49161.3070608@sweet-haven.com> am.lists wrote: > > Guess we're stuck with the snobs at SORBS. > > I will likely be disabling them from my scanning, since I know, now > firsthand, how they operate. Trouble is, your disabling SORBS will do nothing unless all the smtp servers you send to also drop them. Bottom line is unless you figure out how to get off their list or change your IP, you're going to loose outgoing mail. This just happened to me on a newly provisioned dedicated server. The previous IP user was a spammer. I caught it right away and had my provider come up with a clean IP. Now they're stuck with a contaminated IP, but that's their problem. Regards, Lew Wolfgang From am.lists at gmail.com Thu Feb 15 18:04:46 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 17:09:16 2007 Subject: OT: Re: Recent issue with SORBS In-Reply-To: <45D49161.3070608@sweet-haven.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D48929.20806@fsl.com> <25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com> <45D49161.3070608@sweet-haven.com> Message-ID: <25a66d840702150904w62cc16a1g3251780b4ce8f05b@mail.gmail.com> Hi Lew On 2/15/07, Lew Wolfgang wrote: > Trouble is, your disabling SORBS will do nothing unless > all the smtp servers you send to also drop them. Bottom > line is unless you figure out how to get off their > list or change your IP, you're going to loose outgoing > mail. Yeah, I'm fully aware that me choosing not to use them will only help my users for mail we receive, and won't help us for the outbound mail we send. I believe our management team has an open ticket with SORBS to get at least our single IP whitelisted with them for now. I know that's not a forever sort of thing, but any short term relief will help. Longer term, we're moving to a dfiferent netblock. We just have to work out the specifics of that move. From am.lists at gmail.com Thu Feb 15 18:09:52 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 17:14:24 2007 Subject: Upgrading MailScanner Message-ID: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> I'm a few minor revs back on MS, SA, and PostFix. My SA is 3.1.5. MS is 4.55, and PF is 2.2.2 Has anyone put together an upgrade plan for these? Is there a particular sequence that I should follow? Should I not go beyond 2.2.2 of PostFix for now? Thanks in advance. From mrm at medicine.wisc.edu Thu Feb 15 18:10:35 2007 From: mrm at medicine.wisc.edu (Michael Masse) Date: Thu Feb 15 17:15:58 2007 Subject: wildcards in whitelist Message-ID: <45D43FA1.7FBE.00FC.3@medicine.wisc.edu> I tried looking in the EXAMPLES file and I'm not quite clear on the best way to use wildcards within the spam whitelist. What I'm trying to do is whitelist all subdomains of a certain domain. ie.: sub1.domain.com sub2.domain.com etc... Would it be better to have: @*.domain.com or *.domain.com or does it make any difference? Mike From mikea at mikea.ath.cx Thu Feb 15 18:11:43 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Feb 15 17:16:20 2007 Subject: OT: Re: Recent issue with SORBS In-Reply-To: <25a66d840702150904w62cc16a1g3251780b4ce8f05b@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D48929.20806@fsl.com> <25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com> <45D49161.3070608@sweet-haven.com> <25a66d840702150904w62cc16a1g3251780b4ce8f05b@mail.gmail.com> Message-ID: <20070215171143.GJ54461@mikea.ath.cx> On Thu, Feb 15, 2007 at 12:04:46PM -0500, am.lists wrote: > Hi Lew > > On 2/15/07, Lew Wolfgang wrote: > >Trouble is, your disabling SORBS will do nothing unless > >all the smtp servers you send to also drop them. Bottom > >line is unless you figure out how to get off their > >list or change your IP, you're going to loose outgoing > >mail. > > Yeah, I'm fully aware that me choosing not to use them will only help > my users for mail we receive, and won't help us for the outbound mail > we send. > > I believe our management team has an open ticket with SORBS to get at > least our single IP whitelisted with them for now. I know that's not a > forever sort of thing, but any short term relief will help. > > Longer term, we're moving to a dfiferent netblock. We just have to > work out the specifics of that move. Shorter term, think about hiring an outbound smarthost in unlisted IP space. I don't know who provides such services, but suspect that most ISPs will do it for a nominal sum provided you pass their scrutiny. Remember, they're going to be tarred with your brush if you send spam through them, so they'll want to be careful. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From martinh at solidstatelogic.com Thu Feb 15 18:16:55 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 15 17:21:55 2007 Subject: Upgrading MailScanner In-Reply-To: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> Message-ID: <57c38eb756c3e941915bc4386585ece7@solidstatelogic.com> I'd do MS first, make sure things are ok Then SA (3.1.8 just came out) make sure things are OK And if anyone can confirm PF 2.3 works OK that last. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of am.lists > Sent: 15 February 2007 17:10 > To: MailScanner discussion > Subject: Upgrading MailScanner > > I'm a few minor revs back on MS, SA, and PostFix. > > My SA is 3.1.5. MS is 4.55, and PF is 2.2.2 > > Has anyone put together an upgrade plan for these? > > Is there a particular sequence that I should follow? > > Should I not go beyond 2.2.2 of PostFix for now? > > Thanks in advance. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mikea at mikea.ath.cx Thu Feb 15 18:40:36 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Feb 15 17:45:13 2007 Subject: wildcards in whitelist In-Reply-To: <45D43FA1.7FBE.00FC.3@medicine.wisc.edu> References: <45D43FA1.7FBE.00FC.3@medicine.wisc.edu> Message-ID: <20070215174036.GL54461@mikea.ath.cx> On Thu, Feb 15, 2007 at 11:10:35AM -0600, Michael Masse wrote: > I tried looking in the EXAMPLES file and I'm not quite clear on the best > way to use wildcards within the spam whitelist. What I'm trying to > do is whitelist all subdomains of a certain domain. ie.: > > sub1.domain.com > sub2.domain.com > etc... > > Would it be better to have: > @*.domain.com or > *.domain.com > > or does it make any difference? I think it does. Typically, I'll use whitelist entries in this form: FromOrTo: *@domain.com yes to catch the case in which good mail comes directly from domain.com, and FromOrTo: *@*.domain.com yes for cases in which all subdomains send good mail. If I know that certain subdomains are good and the rest are bad, I'll write rules using regular expressions to fail the bad 'uns and pass the good 'uns: FromOrTo: *@(bad1|bad2|bad3).domain.com no FromOrTo: *@*.domain.com yes for the case where we know all the bad senders, and FromOrTo: *@(good1|good2|good3).domain.com yes FromOrTo: *@*.domain.com no or FromOrTo: *@good[0-9].domain.com yes FromOrTo: *@*.domain.com no for the case in which we know all the good senders. Obviously you'll need to tailor the regular expressions to fit _your_ situation. In all the rules above, I've used tabs for whitespace. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From jon at radel.com Thu Feb 15 18:50:24 2007 From: jon at radel.com (Jon Radel) Date: Thu Feb 15 17:55:00 2007 Subject: Recent issue with SORBS In-Reply-To: <45D489C6.7000609@pacific.net> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D489C6.7000609@pacific.net> Message-ID: <45D49D60.7050800@radel.com> Ken A wrote: > That's the killer right there. You will find yourself listed by SORBS, > and probably re-listed even if you pay the 'donation to charity' that > they require in some cases. SORBS and others tend to list on /24 or > larger blocks, probably just for ease of maintenance. Do a reverse > lookup on all the IPs in your range. If they come back as 'xxx' > 'marketing' and 'warez' or similar, move your hosting. It's not worth > the pain. :-\ Whatever one might think of their tactics, I *have* found what SORBs says they will do and what they actually do to match pretty closely. They are pretty explicit about the fact that will list entire netblocks when listing single addresses doesn't appear to discourage the spammers. See http://www.au.sorbs.net/overview.shtml What I can't find right now are the statements I recall that they do this deliberately to encourage providers to give anybody who spams the boot immediately, and to generally apply pressure by making life painful for anybody who does business with anybody willing to host a spammer. And I must say, much as I too was irritated when I had to clean up after I got a tainted /20, the conversation here shows that it works. The only saving grace in my case was the that upstream provider in question had an energetic staff person whose primary job was to manage spammer tracking and delisting for other customers. Incidentally, if you are going to analyze a problem you're having, do yourself a huge favor and don't think solely in terms of the /24 you're in. Go to ARIN, RIPE, etc. and find the hierarchy of netblocks your addresses are assigned out of. --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070215/08540da1/smime.bin From daniel.maher at ubisoft.com Thu Feb 15 18:51:40 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu Feb 15 17:56:12 2007 Subject: Upgrading MailScanner In-Reply-To: <57c38eb756c3e941915bc4386585ece7@solidstatelogic.com> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20467587B@UBIMAIL1.ubisoft.org> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: February 15, 2007 12:17 PM > To: MailScanner discussion > Subject: RE: Upgrading MailScanner > > I'd do MS first, make sure things are ok > > Then SA (3.1.8 just came out) make sure things are OK > > And if anyone can confirm PF 2.3 works OK that last. I have had the newest stable SA, MS, and PF running in a test environment for a week now, with no problems. I plan to deploy to production next week, so for my part (at least), I confirm that it "works OK". :) -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Four elements! website! From a.peacock at chime.ucl.ac.uk Thu Feb 15 20:38:34 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 15 19:44:09 2007 Subject: BAYES issues In-Reply-To: <45D4693F.4030504@chapman.edu> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> Message-ID: <45D4B6BA.3060303@chime.ucl.ac.uk> Jay Chandler wrote: > Anthony Peacock wrote: >> This message got a BAYES_20 score. Your SA is using Bayes correctly. >> >> Why don't you think it is working? > > aconcagua# cat /var/log/maillog |grep BAYES > Feb 15 01:24:24 aconcagua MailScanner[57909]: Message A60174554E.EC45D > from 65.54.246.232 (bf1997@hotmail.fr) to chapman.edu is spam, > SpamAssassin (not cached, score=8.308, required 6, SARE_BAYES_5x7 0.60, > SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, > SARE_FRAUD_X6 1.67, SARE_MILLIONSOF 0.32, SARE_URGBIZ 0.72) > Feb 15 05:44:29 aconcagua MailScanner[98220]: Message 55C7A455C4.48148 > from 146.142.40.232 (bounce-ximpim-351275@list.bls.gov) to chapman.edu > is not spam, SpamAssassin (not cached, score=3.5, required 6, > MANGLED_MEDS 2.30, SARE_BAYES_5x7 0.60, SARE_BAYES_6x7 0.60) > aconcagua# > > This is for approximately ten thousand messages since six hours ago. > > Do I need a Bayes rule that defines scores for each level? I'm not sure > I have one by default... In which case I suspect that you have a working Bayes for whichever user you run the command line tests as, but not for the user which MailScanner runs as. Which user did you log in as to run the SA command line tests? Which user does MailScanner run as? By default SA will use different Bayes databases for different users. So if MailScanner runs as root it will use root's Bayes database, if you then run the SA command line as user jaychandler it will use that user's database. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From JeremyBlonde at grant.k12.ca.us Thu Feb 15 21:06:25 2007 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Thu Feb 15 20:11:17 2007 Subject: FuzzyOcr Message-ID: Has anyone been able to integrate FuzzyOcr into their MailScanner setups? I'm looking for some help as to why during the MailScanner scaning process, the spam images are not flagged. However, if I run spamassassin manually and feed in the same e-mail message, it does flag the images. I've verified that the FuzzyOcr.cf has the score bumped up to 30, so it should scan every e-mail. I turned logging up to the max for FuzzyOcr and it doesn't report any error messages. I must be missing something simple. Maybe the spamassassin timeout within MailScanner's config? Any help is much appreciated. Thanks, Jeremy Blonde Instructional Technology - Server Support Grant Joint Union High School District From am.lists at gmail.com Thu Feb 15 21:18:47 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 20:23:19 2007 Subject: FuzzyOcr In-Reply-To: References: Message-ID: <25a66d840702151218y42f017cex19f3c225e63cb50@mail.gmail.com> I have it working. It took some tweaking, but finally I have it working. A couple things to look at... Let's say your "low" spam score is 5 and your "high" spam score is 8. There is a default setting in FuzzyOcr.cf that says "if the score is already (10) then don't even bother scanning it." -- this (10) was keeping me from scanning messages. I pushed that up to 30 during my testing just so I could watch the functionality. I assume you have the MailWatch gui running? If so, does IT see the fuzzy ocr tests if you have it perform the spamassassin lint test? (you would see debug messages and several of them) I followed the instructions (forget where they are without looking) and they were close, it required (if I remember correctly) a couple extra permissions changes here and there. When you run your test message, make sure you run the test scripts as user postfix. e.g. su - postfix -s /bin/bash spamassassin -t < message_file Also, the sample messages that ship with the Fuzzy OCR distro work as well. On 2/15/07, Jeremy Blonde wrote: > Has anyone been able to integrate FuzzyOcr into their MailScanner > setups? I'm looking for some help as to why during the MailScanner > scaning process, the spam images are not flagged. However, if I run > spamassassin manually and feed in the same e-mail message, it does flag > the images. > > I've verified that the FuzzyOcr.cf has the score bumped up to 30, so it > should scan every e-mail. I turned logging up to the max for FuzzyOcr > and it doesn't report any error messages. I must be missing something > simple. Maybe the spamassassin timeout within MailScanner's config? > > Any help is much appreciated. > > Thanks, > Jeremy Blonde > Instructional Technology - Server Support > Grant Joint Union High School District > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Thu Feb 15 21:20:37 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 15 20:25:20 2007 Subject: Upgrading MailScanner In-Reply-To: <57c38eb756c3e941915bc4386585ece7@solidstatelogic.com> References: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> <57c38eb756c3e941915bc4386585ece7@solidstatelogic.com> Message-ID: Martin.Hepworth spake the following on 2/15/2007 9:16 AM: > I'd do MS first, make sure things are ok > > Then SA (3.1.8 just came out) make sure things are OK > > And if anyone can confirm PF 2.3 works OK that last. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of am.lists >> Sent: 15 February 2007 17:10 >> To: MailScanner discussion >> Subject: Upgrading MailScanner >> >> I'm a few minor revs back on MS, SA, and PostFix. >> >> My SA is 3.1.5. MS is 4.55, and PF is 2.2.2 >> >> Has anyone put together an upgrade plan for these? >> >> Is there a particular sequence that I should follow? >> >> Should I not go beyond 2.2.2 of PostFix for now? >> >> Thanks in advance. There are only specific issues with Postfix 2.3 and the latest MailScanner "IF" you use the milter interface and do any message manipulation like adding headers. I think it is about fixed, if not fixed, but I do not use postfix. If you have no immediate plans to use milters, you should be fine. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From am.lists at gmail.com Thu Feb 15 21:22:05 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 20:26:38 2007 Subject: Upgrading MailScanner In-Reply-To: References: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> <57c38eb756c3e941915bc4386585ece7@solidstatelogic.com> Message-ID: <25a66d840702151222n2594222td080b2e81f90e9f1@mail.gmail.com> On 2/15/07, Scott Silva wrote: > There are only specific issues with Postfix 2.3 and the latest MailScanner > "IF" you use the milter interface and do any message manipulation like adding > headers. I think it is about fixed, if not fixed, but I do not use postfix. > > If you have no immediate plans to use milters, you should be fine. Thanks Scott. I have no milters. Angelo From paul at welshfamily.com Thu Feb 15 21:25:15 2007 From: paul at welshfamily.com (Paul Welsh) Date: Thu Feb 15 20:30:10 2007 Subject: Image scanning - flesh tones In-Reply-To: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> Message-ID: <200702152030.l1FKU9nT014859@safir.blacknight.ie> My employer uses MessageLabs. Apart from the advantage of being outsourced, it also scans images in email for flesh tones and therefore blocks some unsuitable images in messages. As I recall, MailSweeper from Clearswift used to do this too. I know MailScanner can block video images by file type. Does anybody know of any add-on that does image filtering by content? From ssilva at sgvwater.com Thu Feb 15 21:33:06 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 15 20:37:49 2007 Subject: BAYES issues In-Reply-To: <45D4B6BA.3060303@chime.ucl.ac.uk> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> Message-ID: Anthony Peacock spake the following on 2/15/2007 11:38 AM: > Jay Chandler wrote: >> Anthony Peacock wrote: >>> This message got a BAYES_20 score. Your SA is using Bayes correctly. >>> >>> Why don't you think it is working? >> >> aconcagua# cat /var/log/maillog |grep BAYES >> Feb 15 01:24:24 aconcagua MailScanner[57909]: Message A60174554E.EC45D >> from 65.54.246.232 (bf1997@hotmail.fr) to chapman.edu is spam, >> SpamAssassin (not cached, score=8.308, required 6, SARE_BAYES_5x7 >> 0.60, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, >> SARE_FRAUD_X6 1.67, SARE_MILLIONSOF 0.32, SARE_URGBIZ 0.72) >> Feb 15 05:44:29 aconcagua MailScanner[98220]: Message 55C7A455C4.48148 >> from 146.142.40.232 (bounce-ximpim-351275@list.bls.gov) to chapman.edu >> is not spam, SpamAssassin (not cached, score=3.5, required 6, >> MANGLED_MEDS 2.30, SARE_BAYES_5x7 0.60, SARE_BAYES_6x7 0.60) >> aconcagua# >> >> This is for approximately ten thousand messages since six hours ago. >> >> Do I need a Bayes rule that defines scores for each level? I'm not >> sure I have one by default... > > In which case I suspect that you have a working Bayes for whichever user > you run the command line tests as, but not for the user which > MailScanner runs as. > > Which user did you log in as to run the SA command line tests? > > Which user does MailScanner run as? > > By default SA will use different Bayes databases for different users. So > if MailScanner runs as root it will use root's Bayes database, if you > then run the SA command line as user jaychandler it will use that user's > database. > But in sql, you need to just have the proper username in the bayes_sql_override_username setting, and it should work. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From JeremyBlonde at grant.k12.ca.us Thu Feb 15 21:35:27 2007 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Thu Feb 15 20:40:10 2007 Subject: FuzzyOcr Message-ID: > Let's say your "low" spam score is 5 and your "high" spam score is 8. > There is a default setting in FuzzyOcr.cf that says "if the score is > already (10) then don't even bother scanning it." -- this (10) was > keeping me from scanning messages. I pushed that up to 30 during my > testing just so I could watch the functionality. I've adjusted that value to 30 as well. > > I assume you have the MailWatch gui running? If so, does IT see the > fuzzy ocr tests if you have it perform the spamassassin lint test? > (you would see debug messages and several of them) > MailWatch is able to run the lint test and there are no errors at all (FuzzyOcr shows that it's loading). > > When you run your test message, make sure you run the test scripts as > user postfix. > > e.g. > > su - postfix -s /bin/bash > spamassassin -t < message_file Hmm....I'm not able to login as the postfix user. Can you (or someone else) provide me with a little help here. When I run that su command line, it doesn't do anything, I stay logged in as root. > > Also, the sample messages that ship with the Fuzzy OCR distro > work as well. > I can scan the samples using spamassassin and FuzzyOcr works just fine. But when FuzzyOcr runs within MailScanner's processes, nothing is flagged. > On 2/15/07, Jeremy Blonde wrote: > > Has anyone been able to integrate FuzzyOcr into their MailScanner > > setups? I'm looking for some help as to why during the MailScanner > > scaning process, the spam images are not flagged. However, if I run > > spamassassin manually and feed in the same e-mail message, > it does flag > > the images. > > > > I've verified that the FuzzyOcr.cf has the score bumped up > to 30, so it > > should scan every e-mail. I turned logging up to the max > for FuzzyOcr > > and it doesn't report any error messages. I must be > missing something > > simple. Maybe the spamassassin timeout within MailScanner's config? > > > > Any help is much appreciated. > > > > Thanks, > > Jeremy Blonde > > Instructional Technology - Server Support > > Grant Joint Union High School District > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From am.lists at gmail.com Thu Feb 15 21:38:03 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 20:42:34 2007 Subject: Image scanning - flesh tones In-Reply-To: <200702152030.l1FKU9nT014859@safir.blacknight.ie> References: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> <200702152030.l1FKU9nT014859@safir.blacknight.ie> Message-ID: <25a66d840702151238u58302e72p4af63e695aaf0941@mail.gmail.com> On 2/15/07, Paul Welsh wrote: > My employer uses MessageLabs. Apart from the advantage of being outsourced, > it also scans images in email for flesh tones and therefore blocks some > unsuitable images in messages. As I recall, MailSweeper from Clearswift > used to do this too. > > I know MailScanner can block video images by file type. Does anybody know > of any add-on that does image filtering by content? Not without adding a crapload of false positive review time to someone's schedule. From res at ausics.net Thu Feb 15 21:58:04 2007 From: res at ausics.net (Res) Date: Thu Feb 15 21:03:02 2007 Subject: [Semi-OT] Advice on large webmail setup In-Reply-To: <25a66d840702150612q734f1a6co8c0bdf83c7588e6c@mail.gmail.com> References: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> <25a66d840702150612q734f1a6co8c0bdf83c7588e6c@mail.gmail.com> Message-ID: On Thu, 15 Feb 2007, am.lists wrote: > Another alternative that would be Linux (as opposed to somewhat > proprietary HP/HP-UX implementation) Most (not all but most) HP servers can run linux :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From am.lists at gmail.com Thu Feb 15 22:06:27 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 21:10:58 2007 Subject: [Semi-OT] Advice on large webmail setup In-Reply-To: References: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> <25a66d840702150612q734f1a6co8c0bdf83c7588e6c@mail.gmail.com> Message-ID: <25a66d840702151306y4a3c2b47m3f87c47078c3ae88@mail.gmail.com> On 2/15/07, Res wrote: > On Thu, 15 Feb 2007, am.lists wrote: > > > Another alternative that would be Linux (as opposed to somewhat > > proprietary HP/HP-UX implementation) > > Most (not all but most) HP servers can run linux :) > Agreed.... you're not wrong. But seeing how the OP was in South Africa (or at least seemed to be based on his TLD), I wanted to offer a solution that was more "commodity" hardware-based in nature. I don't know firsthand how this works internationally, but I've heard that it can be easier to get a stack of $5,000 USD servers through customs than it is to get one $50,000 USD one through. From gerard at seibercom.net Thu Feb 15 22:10:03 2007 From: gerard at seibercom.net (Gerard) Date: Thu Feb 15 21:14:24 2007 Subject: Upgrading MailScanner In-Reply-To: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> References: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> Message-ID: <20070215160916.8100.GERARD@seibercom.net> On Thursday February 15, 2007 at 12:09:52 (PM) am.lists wrote: > Should I not go beyond 2.2.2 of PostFix for now? If you use TLS or employ sender_dependent_relaying, you will most certainly want to update to version 2.3.x as there have been major improvements in those areas. The stability of the product is mush better in 2.3.x then in pre 2.3 versions too. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois From res at ausics.net Thu Feb 15 22:15:28 2007 From: res at ausics.net (Res) Date: Thu Feb 15 21:20:06 2007 Subject: Recent issue with SORBS In-Reply-To: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> Message-ID: On Thu, 15 Feb 2007, am.lists wrote: > We contacted SORBS: They said that "it's up to [us] to choose where > we want to be hosted, and we're currently hosting in the Internet > equivalent of a crack slum" This is quite possible, some hosting companies dont care if their customers use raped windows boxes or whatever that are exploiting and hosting bouncers for hackers and other malicous acts, so long as they get paid their monthly host fee, they do nothing. There was a perdiod last year where I blocked a large porportion of the 66.x.x.x range on border routers for 2 months because of this, one of our customers had a customer in that range, who had a contact in the U.S and had that host providor bitch slapped for ignoring all the reports (apparently interpol had many complaints as well). > We contacted our Host Facility: They said that SORBS is essentially an > extortionist organization. They ask you to pay a fine ($50) to delist > the block. As a large organization, sometimes customers do send a > message that is classified as spam. As a responsible hosting provider, > they deal with them accordingly. Specifically, if one of the > blacklists notifies them of an infraction, they give the customer one > warning. There is no second warning and their account is turned off. It would be nice if RBL's did this but the reality is none except spamcop do (unless the spammer hits a spamtrap address in which case they dont) no other RBL has ever sent any warnings, so it is unfair to single out SORBS in this case. > So. We have two very different points of view. Who's right? Does > anyone else have any experience with this sort of thing one way or the > other? > > I believe we have our single-IP whitelisted on SORBS for now, but it > sounds like this is an ugly, ugly situation. I've dealt with SORBS at great length due having many many virus infected-spamming L-users, unless you are a regular offender they wont demand monies, we've never had to pay them, but we do take a hard line on spammers, where many companies don't. Also, they dont block you willy nilly on spam, they have an interesting criteria, one that I find accpetable and reasonably fool-proof for spam, so chances are it was deserving to be blocked at some time, regrettably probably not by you, it only takes one dropkick to reck it for a thousand. > > Angelo > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From ka at pacific.net Thu Feb 15 22:21:47 2007 From: ka at pacific.net (Ken A) Date: Thu Feb 15 21:22:31 2007 Subject: Image scanning - flesh tones In-Reply-To: <25a66d840702151238u58302e72p4af63e695aaf0941@mail.gmail.com> References: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> <200702152030.l1FKU9nT014859@safir.blacknight.ie> <25a66d840702151238u58302e72p4af63e695aaf0941@mail.gmail.com> Message-ID: <45D4CEEB.8040607@pacific.net> am.lists wrote: > On 2/15/07, Paul Welsh wrote: >> My employer uses MessageLabs. Apart from the advantage of being >> outsourced, >> it also scans images in email for flesh tones and therefore blocks some >> unsuitable images in messages. As I recall, MailSweeper from Clearswift >> used to do this too. >> >> I know MailScanner can block video images by file type. Does anybody >> know >> of any add-on that does image filtering by content? FuzzyOcr is an SA plugin that uses a variety of image manipulation software to recognize text in images. It could be made to recognize flesh tones by interpreting the output of some of that software and doing some math, but that's not it's normal use. http://fuzzyocr.own-hero.net/ Ken A Pacific.Net > > > Not without adding a crapload of false positive review time to > someone's schedule. From res at ausics.net Thu Feb 15 22:21:49 2007 From: res at ausics.net (Res) Date: Thu Feb 15 21:26:26 2007 Subject: Recent issue with SORBS In-Reply-To: <45D489C6.7000609@pacific.net> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D489C6.7000609@pacific.net> Message-ID: On Thu, 15 Feb 2007, Ken A wrote: > require in some cases. SORBS and others tend to list on /24 or larger blocks, Not true, we've only ever had individual IP's of mail servers in a /24 blocked, never the entire /24 However I suppose if they got the same spam, from multiple IP's in a /24 within a short period of time, I sure could understand them taking out the /24, I know I would. > probably just for ease of maintenance. Do a reverse lookup on all the IPs in > your range. If they come back as 'xxx' 'marketing' and 'warez' or similar, > move your hosting. It's not worth the pain. :-\ Last I heard that script only searches for entries to add into the DUL containing, typical dsl/dial/dhcp/ppp etc, it's not a general blocking. I had a 3 hour chat to the Matthew once (when he lived in the same city as me) to get a lot of clarifications when they blocked one of my SMTP's. -- Regards Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Thu Feb 15 22:27:15 2007 From: res at ausics.net (Res) Date: Thu Feb 15 21:31:52 2007 Subject: [Semi-OT] Advice on large webmail setup In-Reply-To: <25a66d840702151306y4a3c2b47m3f87c47078c3ae88@mail.gmail.com> References: <20070214065053.GC12314@eeyore.32.boerneef.vornavalley> <25a66d840702150612q734f1a6co8c0bdf83c7588e6c@mail.gmail.com> <25a66d840702151306y4a3c2b47m3f87c47078c3ae88@mail.gmail.com> Message-ID: On Thu, 15 Feb 2007, am.lists wrote: > On 2/15/07, Res wrote: >> On Thu, 15 Feb 2007, am.lists wrote: >> >> > Another alternative that would be Linux (as opposed to somewhat >> > proprietary HP/HP-UX implementation) >> >> Most (not all but most) HP servers can run linux :) >> > > Agreed.... you're not wrong. But seeing how the OP was in South Africa > (or at least seemed to be based on his TLD), I wanted to offer a > solution that was more "commodity" hardware-based in nature. I don't > know firsthand how this works internationally, but I've heard that it > can be easier to get a stack of $5,000 USD servers through customs > than it is to get one $50,000 USD one through. > Hrm, thats interesting since the South African President is apparently a great fan of the Internet, maybe they need write to his office if customs screw them around. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From ka at pacific.net Thu Feb 15 22:42:43 2007 From: ka at pacific.net (Ken A) Date: Thu Feb 15 21:43:26 2007 Subject: Recent issue with SORBS In-Reply-To: References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D489C6.7000609@pacific.net> Message-ID: <45D4D3D3.7040205@pacific.net> Res wrote: > On Thu, 15 Feb 2007, Ken A wrote: > >> require in some cases. SORBS and others tend to list on /24 or larger >> blocks, > > Not true, we've only ever had individual IP's of mail servers in a /24 > blocked, never the entire /24 > > However I suppose if they got the same spam, from multiple IP's in a /24 > within a short period of time, I sure could understand them taking out > the /24, I know I would. > > >> probably just for ease of maintenance. Do a reverse lookup on all the >> IPs in your range. If they come back as 'xxx' 'marketing' and 'warez' >> or similar, move your hosting. It's not worth the pain. :-\ > > Last I heard that script only searches for entries to add into the DUL > containing, typical dsl/dial/dhcp/ppp etc, it's not a general blocking. > I had a 3 hour chat to the Matthew once (when he lived in the same city > as me) to get a lot of clarifications when they blocked one of my SMTP's. > I wasn't referring to a particular script in use by SORBS. I'm only saying that knowing who your neighbors are can go a long way toward explaining things like this. You get what you pay for in hosting and the rest. Ken A. Pacific.Net > -- > Regards > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > From am.lists at gmail.com Thu Feb 15 22:44:27 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 21:48:58 2007 Subject: Recent issue with SORBS In-Reply-To: <45D4D3D3.7040205@pacific.net> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D489C6.7000609@pacific.net> <45D4D3D3.7040205@pacific.net> Message-ID: <25a66d840702151344q6d38c1a4v12dff9cc9f532558@mail.gmail.com> Part of what SORBS does by doing entire netblocks is intentionally causing pain/grief for the host. It's a negative reinforcement attitude. Punish the many for the deeds of a few, and everyone will [hopefully] learn from it and stop doing the bad things. In this situation, it forces providers to be stricter on their customers (well, in therory at least). Agree or disagree, it's an interesting approach. From am.lists at gmail.com Thu Feb 15 22:45:38 2007 From: am.lists at gmail.com (am.lists) Date: Thu Feb 15 21:50:08 2007 Subject: FuzzyOcr In-Reply-To: References: Message-ID: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> Jeremy, Try this: [root@mailgw ~]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) [root@mailgw ~]# su - postfix -s /bin/bash -bash-3.00$ id uid=89(postfix) gid=89(postfix) groups=12(mail),89(postfix) User postfix purposely has no shell for security reasons, so when debugging like this, you have to specify a shell on the su command line with the -s /path/to/shell argument. Once you've gotten yourself to appear as user postfix, let's test _that_ output from the sa debug lint. You can post it and let us see. From res at ausics.net Thu Feb 15 23:54:52 2007 From: res at ausics.net (Res) Date: Thu Feb 15 22:59:28 2007 Subject: Recent issue with SORBS In-Reply-To: <25a66d840702151344q6d38c1a4v12dff9cc9f532558@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D489C6.7000609@pacific.net> <45D4D3D3.7040205@pacific.net> <25a66d840702151344q6d38c1a4v12dff9cc9f532558@mail.gmail.com> Message-ID: On Thu, 15 Feb 2007, am.lists wrote: > Part of what SORBS does by doing entire netblocks is intentionally > causing pain/grief for the host. It's a negative reinforcement > attitude. Punish the many for the deeds of a few, and everyone will LIke I said in a previous post, it is not the normal way they do things, they might reserve the right to, and may in cases , like yours, do it, but given my other comment about blocking 66.x.x.x ranges I did, may in fact be the same reason SORBS use netblocks. > [hopefully] learn from it and stop doing the bad things. Mostly they do, but some dont, some just dont even want to know. > > In this situation, it forces providers to be stricter on their > customers (well, in therory at least). Providors have a responsibility to the internet community to keep their customers in check. They get one warning from me, then suspension until they can prove why I should let them back on, 3rd time I don't care you're gone, however if it is deliberate spam, no warnings, no suspensions, it's instant termination of all services, their acceptance of the service contract is the only warning they get, if like most custoemrs enver read the terms bewfore singing, well thats just tuff luck for them :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Fri Feb 16 00:01:28 2007 From: res at ausics.net (Res) Date: Thu Feb 15 23:06:14 2007 Subject: Recent issue with SORBS In-Reply-To: References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D489C6.7000609@pacific.net> <45D4D3D3.7040205@pacific.net> <25a66d840702151344q6d38c1a4v12dff9cc9f532558@mail.gmail.com> Message-ID: Oh my lots of typos. You get the jist of what I was saying.. I hope... Time for bed I think... On Fri, 16 Feb 2007, Res wrote: > On Thu, 15 Feb 2007, am.lists wrote: > >> Part of what SORBS does by doing entire netblocks is intentionally >> causing pain/grief for the host. It's a negative reinforcement >> attitude. Punish the many for the deeds of a few, and everyone will > > LIke I said in a previous post, it is not the normal way they do things, > they might reserve the right to, and may in cases , like yours, do it, but > given my other comment about blocking 66.x.x.x ranges I did, may in fact be > the same reason SORBS use netblocks. > >> [hopefully] learn from it and stop doing the bad things. > > Mostly they do, but some dont, some just dont even want to know. > >> >> In this situation, it forces providers to be stricter on their >> customers (well, in therory at least). > > Providors have a responsibility to the internet community to keep their > customers in check. They get one warning from me, then suspension until they > can prove why I should let them back on, 3rd time I don't care you're gone, > however if it is deliberate spam, no warnings, no suspensions, it's > instant termination of all services, their acceptance of the service > contract is the only warning they get, if like most custoemrs enver read the > terms bewfore singing, well thats just tuff luck for them :) > > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Fri Feb 16 00:13:34 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 15 23:18:12 2007 Subject: Upgrading MailScanner In-Reply-To: <20070215160916.8100.GERARD@seibercom.net> References: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> <20070215160916.8100.GERARD@seibercom.net> Message-ID: <223f97700702151513t66b4f3eco7d08db8d184b8ebc@mail.gmail.com> On 15/02/07, Gerard wrote: > On Thursday February 15, 2007 at 12:09:52 (PM) am.lists wrote: > > > Should I not go beyond 2.2.2 of PostFix for now? > > If you use TLS or employ sender_dependent_relaying, you will most > certainly want to update to version 2.3.x as there have been major > improvements in those areas. The stability of the product is mush better > in 2.3.x then in pre 2.3 versions too. > Hm... More stable than "rock solid"?:-). Actually I do agree, but if you don't have a need for anything that has been improved or plan to use any of the new features of 2.3, then you can well stay with 2.2... Then again, it is always a good idea to try keep close to what the devs think is currently stable. On the note about milters, I'm going to send off a few slightly touched up patches tomorrow to Jules (who asked me to hold off until he could make the recent stable release) regarding the milter handling/p record thingies. So far I've failed to come up with an economical way to handle full body edits (have been ill, and swamped with work.... didn't get better by being ill that last bit... Hopefully inspiration will strike, now that I'm mostly back up to speed again:-). If anyone is interrested in looking at them/coming with suggestions, I'll be more than happy to provide the patches here (quite small ones to PFDiskStore.pm and Postfix.pm). They do work well for 2.3, so that would be something at least, and one could easily implement a really inelegant way of making them safe for 2.4 and full body edits too:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From sandrews at andrewscompanies.com Fri Feb 16 00:14:44 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Feb 15 23:19:14 2007 Subject: OT: Re: Recent issue with SORBS References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D48929.20806@fsl.com><25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com> <45D49161.3070608@sweet-haven.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A12E@winchester.andrewscompanies.com> So much for the net-neutrality argument now that we've devolved to clean and contaminated IP. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Lew Wolfgang Sent: Thursday, February 15, 2007 11:59 AM To: MailScanner discussion Subject: Re: OT: Re: Recent issue with SORBS am.lists wrote: > > Guess we're stuck with the snobs at SORBS. > > I will likely be disabling them from my scanning, since I know, now > firsthand, how they operate. Trouble is, your disabling SORBS will do nothing unless all the smtp servers you send to also drop them. Bottom line is unless you figure out how to get off their list or change your IP, you're going to loose outgoing mail. This just happened to me on a newly provisioned dedicated server. The previous IP user was a spammer. I caught it right away and had my provider come up with a clean IP. Now they're stuck with a contaminated IP, but that's their problem. Regards, Lew Wolfgang -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Fri Feb 16 00:19:24 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Thu Feb 15 23:23:55 2007 Subject: OT: Re: Recent issue with SORBS References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com><45D48929.20806@fsl.com><25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com><45D49161.3070608@sweet-haven.com> <25a66d840702150904w62cc16a1g3251780b4ce8f05b@mail.gmail.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB04A0B4E@winchester.andrewscompanies.com> But that's the rub here; you're just passing the problem; and it's a reasonable solution considering what kind of pain they are to deal with so I'm not knocking your decision. The last two times I had to deal with SORBS it was because we got contaminated IP. I told SORBS about it and I got the "whatever, go bite your own ass or give us cash" type of email from them. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of am.lists Sent: Thursday, February 15, 2007 12:05 PM To: MailScanner discussion Subject: Re: OT: Re: Recent issue with SORBS Hi Lew On 2/15/07, Lew Wolfgang wrote: > Trouble is, your disabling SORBS will do nothing unless all the smtp > servers you send to also drop them. Bottom line is unless you figure > out how to get off their list or change your IP, you're going to loose > outgoing mail. Yeah, I'm fully aware that me choosing not to use them will only help my users for mail we receive, and won't help us for the outbound mail we send. I believe our management team has an open ticket with SORBS to get at least our single IP whitelisted with them for now. I know that's not a forever sort of thing, but any short term relief will help. Longer term, we're moving to a dfiferent netblock. We just have to work out the specifics of that move. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Feb 16 00:22:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 15 23:27:15 2007 Subject: FuzzyOcr In-Reply-To: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> Message-ID: <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> On 15/02/07, am.lists wrote: > Jeremy, > > Try this: > > [root@mailgw ~]# id > uid=0(root) gid=0(root) > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) > [root@mailgw ~]# su - postfix -s /bin/bash > -bash-3.00$ id > uid=89(postfix) gid=89(postfix) groups=12(mail),89(postfix) > > User postfix purposely has no shell for security reasons, so when > debugging like this, you have to specify a shell on the su command > line with the -s /path/to/shell argument. > > Once you've gotten yourself to appear as user postfix, let's test > _that_ output from the sa debug lint. > > You can post it and let us see. Eeeh, good gut feeling there, always check permissions first, but... Have we really been informed that Jeremy is using Postfix as MTA? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From JeremyBlonde at grant.k12.ca.us Fri Feb 16 00:27:18 2007 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Thu Feb 15 23:31:57 2007 Subject: FuzzyOcr Message-ID: > Try this: > > [root@mailgw ~]# id > uid=0(root) gid=0(root) > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) > [root@mailgw ~]# su - postfix -s /bin/bash > -bash-3.00$ id > uid=89(postfix) gid=89(postfix) groups=12(mail),89(postfix) > > User postfix purposely has no shell for security reasons, so when > debugging like this, you have to specify a shell on the su command > line with the -s /path/to/shell argument. > > Once you've gotten yourself to appear as user postfix, let's test > _that_ output from the sa debug lint. I found that I was unable to su to the postfix user unless I changed the shell in the /etc/passwd file. I changed it to point to /bin/bash and then I was able to su to the postfix user. After doing that I found out that the postfix didn't have change rights to the db files. So I moved the files to an appropriate folder and made sure that it had change rights to the db files and db.lock file. After those changes, I restarted mailscanner and that seems to have fixed the issues I was experiencing. Thank you very much for the help. Sometimes you get stuck in a rut troubleshooting these things and the most obvious solutions are the ones you forget. Jeremy Blonde From mkettler at evi-inc.com Fri Feb 16 00:29:10 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Feb 15 23:33:54 2007 Subject: FuzzyOcr In-Reply-To: <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> Message-ID: <45D4ECC6.8030802@evi-inc.com> Glenn Steen wrote: > Eeeh, good gut feeling there, always check permissions first, but... > Have we really been informed that Jeremy is using Postfix as MTA? > Received: from instexchfe1.Instructional.ghsd.local (unknown [10.253.254.24]) by mailscanner.grant.k12.ca.us (Postfix) with ESMTP id 91E56403BBF for ; I'd consider that pretty good evidence that he's using postfix. From glenn.steen at gmail.com Fri Feb 16 00:44:35 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 15 23:49:07 2007 Subject: FuzzyOcr In-Reply-To: <45D4ECC6.8030802@evi-inc.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> <45D4ECC6.8030802@evi-inc.com> Message-ID: <223f97700702151544t6aba3263vc5cb9c96c55c1246@mail.gmail.com> On 16/02/07, Matt Kettler wrote: > Glenn Steen wrote: > > > Eeeh, good gut feeling there, always check permissions first, but... > > Have we really been informed that Jeremy is using Postfix as MTA? > > > > Received: from instexchfe1.Instructional.ghsd.local (unknown [10.253.254.24]) > by mailscanner.grant.k12.ca.us (Postfix) with ESMTP id 91E56403BBF > for ; > > I'd consider that pretty good evidence that he's using postfix. Why should I assume he's mailing the list from the system he has problems with? I certainly don't, since I'm using gmail for lists (which of course hides these details almost as effectively as LookOut/M-Sexchange... But only "almost":-). Point is moot though, since Jeremy's FuzzyOcr problems are all right now... A bit funny that specifying an alternate shell didn't work for him. Then again, that isn't part of all "su" implementations, not even now, it seems:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Fri Feb 16 01:20:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 16 00:25:23 2007 Subject: FuzzyOcr In-Reply-To: <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/15/2007 3:22 PM: > On 15/02/07, am.lists wrote: >> Jeremy, >> >> Try this: >> >> [root@mailgw ~]# id >> uid=0(root) gid=0(root) >> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) >> [root@mailgw ~]# su - postfix -s /bin/bash >> -bash-3.00$ id >> uid=89(postfix) gid=89(postfix) groups=12(mail),89(postfix) >> >> User postfix purposely has no shell for security reasons, so when >> debugging like this, you have to specify a shell on the su command >> line with the -s /path/to/shell argument. >> >> Once you've gotten yourself to appear as user postfix, let's test >> _that_ output from the sa debug lint. >> >> You can post it and let us see. > Eeeh, good gut feeling there, always check permissions first, but... > Have we really been informed that Jeremy is using Postfix as MTA? > Reading his mail headers it looks like postfix. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Feb 16 01:22:31 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 16 00:29:33 2007 Subject: FuzzyOcr In-Reply-To: References: Message-ID: Jeremy Blonde spake the following on 2/15/2007 3:27 PM: >> Try this: >> >> [root@mailgw ~]# id >> uid=0(root) gid=0(root) >> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) >> [root@mailgw ~]# su - postfix -s /bin/bash >> -bash-3.00$ id >> uid=89(postfix) gid=89(postfix) groups=12(mail),89(postfix) >> >> User postfix purposely has no shell for security reasons, so when >> debugging like this, you have to specify a shell on the su command >> line with the -s /path/to/shell argument. >> >> Once you've gotten yourself to appear as user postfix, let's test >> _that_ output from the sa debug lint. > > I found that I was unable to su to the postfix user unless I changed the > shell in the /etc/passwd file. I changed it to point to /bin/bash and > then I was able to su to the postfix user. > > After doing that I found out that the postfix didn't have change rights > to the db files. So I moved the files to an appropriate folder and made > sure that it had change rights to the db files and db.lock file. > > After those changes, I restarted mailscanner and that seems to have > fixed the issues I was experiencing. > > Thank you very much for the help. Sometimes you get stuck in a rut > troubleshooting these things and the most obvious solutions are the ones > you forget. > > Jeremy Blonde > I'm sure you didn't forget to fix /etc/passwd back ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Fri Feb 16 01:59:09 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Feb 16 01:03:49 2007 Subject: FuzzyOcr In-Reply-To: <223f97700702151544t6aba3263vc5cb9c96c55c1246@mail.gmail.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> <45D4ECC6.8030802@evi-inc.com> <223f97700702151544t6aba3263vc5cb9c96c55c1246@mail.gmail.com> Message-ID: <45D501DD.4030605@evi-inc.com> Glenn Steen wrote: > On 16/02/07, Matt Kettler wrote: >> Glenn Steen wrote: >> >> > Eeeh, good gut feeling there, always check permissions first, but... >> > Have we really been informed that Jeremy is using Postfix as MTA? >> > >> >> Received: from instexchfe1.Instructional.ghsd.local (unknown >> [10.253.254.24]) >> by mailscanner.grant.k12.ca.us (Postfix) with ESMTP id >> 91E56403BBF >> for ; >> >> I'd consider that pretty good evidence that he's using postfix. > Why should I assume he's mailing the list from the system he has > problems with? I'll grant you it's a guess, but it's a guess with good evidence backing it up. And of course, if that guess is wrong, Jeremy can always point out that he's got a qmail box elsewhere in his network that also runs MailScanner. But based on that Received: line, it's at least a reasonable first guess that grant.k12.ca.us runs at least one postfix MTA with MailScanner on it. From glenn.steen at gmail.com Fri Feb 16 02:31:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 01:36:12 2007 Subject: FuzzyOcr In-Reply-To: <45D501DD.4030605@evi-inc.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> <45D4ECC6.8030802@evi-inc.com> <223f97700702151544t6aba3263vc5cb9c96c55c1246@mail.gmail.com> <45D501DD.4030605@evi-inc.com> Message-ID: <223f97700702151731p77f5bca6x5505320e76627ff1@mail.gmail.com> On 16/02/07, Matt Kettler wrote: > Glenn Steen wrote: > > On 16/02/07, Matt Kettler wrote: > >> Glenn Steen wrote: > >> > >> > Eeeh, good gut feeling there, always check permissions first, but... > >> > Have we really been informed that Jeremy is using Postfix as MTA? > >> > > >> > >> Received: from instexchfe1.Instructional.ghsd.local (unknown > >> [10.253.254.24]) > >> by mailscanner.grant.k12.ca.us (Postfix) with ESMTP id > >> 91E56403BBF > >> for ; > >> > >> I'd consider that pretty good evidence that he's using postfix. > > Why should I assume he's mailing the list from the system he has > > problems with? > > > I'll grant you it's a guess, but it's a guess with good evidence backing it up. > > And of course, if that guess is wrong, Jeremy can always point out that he's got > a qmail box elsewhere in his network that also runs MailScanner. > > But based on that Received: line, it's at least a reasonable first guess that > grant.k12.ca.us runs at least one postfix MTA with MailScanner on it. A guess, yes. Reasonable... Perhaps:-). But I think both you and Scott miss my point (ever so non-obvious, as usual:-)... If in doubt (and this was surely not crystal clear from the outset) on the details, ask for more information. Can't be a shocker. The second thing is: Don't assume people know their systems intimately. Most don't. Not even the intelligent and clever ones. As it turned out, Jeremy was clever enough, and knew enough to take the advice given, and resolv his problem, so ... (and yes, well, turns out that all you nit-picks were right this time:-D) That people know what they should is rare (Yeah, I had a shitty first day back at work... My thoughts on cow-orkers and people in general is pretty low today:/). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From chandler.lists at chapman.edu Fri Feb 16 02:40:58 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 01:45:42 2007 Subject: BAYES issues In-Reply-To: References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> Message-ID: <45D50BAA.1030802@chapman.edu> Scott Silva wrote: > Anthony Peacock spake the following on 2/15/2007 11:38 AM: > >> Jay Chandler wrote: >> >>> Anthony Peacock wrote: >>> >>>> This message got a BAYES_20 score. Your SA is using Bayes correctly. >>>> >>>> Why don't you think it is working? >>>> >>> aconcagua# cat /var/log/maillog |grep BAYES >>> Feb 15 01:24:24 aconcagua MailScanner[57909]: Message A60174554E.EC45D >>> from 65.54.246.232 (bf1997@hotmail.fr) to chapman.edu is spam, >>> SpamAssassin (not cached, score=8.308, required 6, SARE_BAYES_5x7 >>> 0.60, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, >>> SARE_FRAUD_X6 1.67, SARE_MILLIONSOF 0.32, SARE_URGBIZ 0.72) >>> Feb 15 05:44:29 aconcagua MailScanner[98220]: Message 55C7A455C4.48148 >>> from 146.142.40.232 (bounce-ximpim-351275@list.bls.gov) to chapman.edu >>> is not spam, SpamAssassin (not cached, score=3.5, required 6, >>> MANGLED_MEDS 2.30, SARE_BAYES_5x7 0.60, SARE_BAYES_6x7 0.60) >>> aconcagua# >>> >>> This is for approximately ten thousand messages since six hours ago. >>> >>> Do I need a Bayes rule that defines scores for each level? I'm not >>> sure I have one by default... >>> >> In which case I suspect that you have a working Bayes for whichever user >> you run the command line tests as, but not for the user which >> MailScanner runs as. >> >> Which user did you log in as to run the SA command line tests? >> >> Which user does MailScanner run as? >> >> By default SA will use different Bayes databases for different users. So >> if MailScanner runs as root it will use root's Bayes database, if you >> then run the SA command line as user jaychandler it will use that user's >> database. >> >> > But in sql, you need to just have the proper username in the > bayes_sql_override_username setting, and it should work. > > What's more is, I got that output from crontab, running the command as the postfix user... So I'm... rather confused. What should Bayes be showing as in my logs? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: T-1's congested due to porn traffic to the news server. From mikej at rogers.com Fri Feb 16 02:59:06 2007 From: mikej at rogers.com (Mike Jakubik) Date: Fri Feb 16 02:02:52 2007 Subject: Mailscanner repository for centos 4.x In-Reply-To: References: <86144ED6CE5B004DA23E1EAC0B569B5812AD8624@isabella.herefordshire.gov.uk> Message-ID: <45D50FEA.1050906@rogers.com> Scott Silva wrote: > Everything but the (AND CHECKING....) could be done in rpm macros. > But then what would our bosses pay us the big bucks for? > If I didn't work so hard, they would probably even charge me for the coffee! > > Actually, someone with decent coding skills could write a shell script to get > the new version every month and do most of the work. It could do the upgrade > of the scripts to a point of mailing a diff to the admin and stop there. > > But it only takes a few minutes a month to do it manually, unless you are > testing the betas, then you have more time to spend with it anyway. > Or, you could just use FreeBSD, where the port takes care of everything for you :P From mkettler at evi-inc.com Fri Feb 16 03:04:17 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Feb 16 02:08:53 2007 Subject: FuzzyOcr In-Reply-To: <223f97700702151731p77f5bca6x5505320e76627ff1@mail.gmail.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> <45D4ECC6.8030802@evi-inc.com> <223f97700702151544t6aba3263vc5cb9c96c55c1246@mail.gmail.com> <45D501DD.4030605@evi-inc.com> <223f97700702151731p77f5bca6x5505320e76627ff1@mail.gmail.com> Message-ID: <45D51121.1060400@evi-inc.com> Glenn Steen wrote: > A guess, yes. Reasonable... Perhaps:-). > But I think both you and Scott miss my point (ever so non-obvious, as > usual:-)... If in doubt (and this was surely not crystal clear from > the outset) on the details, ask for more information. Can't be a > shocker. True.. I myself usually take the approach of starting off with something like: "You didn't mention what (technology) you use, but based on (something) I'm guessing you use (product), if that's not the case, let us know what you do use.." But that said, I nearly always try to make a guess and propose some solution, or follow on questions, based on it. At least that way if my guess is right, they're closer to a solution.. > The second thing is: Don't assume people know their systems > intimately. Most don't. Not even the intelligent and clever ones. good point. > As it turned out, Jeremy was clever enough, and knew enough to take > the advice given, and resolv his problem, so ... (and yes, well, turns > out that all you nit-picks were right this time:-D) > That people know what they should is rare (Yeah, I had a shitty first > day back at work... My thoughts on cow-orkers and people in general is > pretty low today:/). Yeah, I feel ya on that one. But more seriously, you are right that it is best to try to write suggestions to be simple enough for someone who is over their head to work with. From chandler.lists at chapman.edu Fri Feb 16 03:47:00 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 02:51:35 2007 Subject: BAYES issues In-Reply-To: <45D50BAA.1030802@chapman.edu> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> Message-ID: <45D51B24.70400@chapman.edu> Jay Chandler wrote: > What's more is, I got that output from crontab, running the > command as the postfix user... > > So I'm... rather confused. What should Bayes be showing as in my logs? > Interesting. Just linted and got this: config: warning: score set for non-existent rule BAYES_99 config: warning: score set for non-existent rule BAYES_95 config: warning: score set for non-existent rule BAYES_00 config: warning: score set for non-existent rule BAYES_05 Is there a Bayes ruleset file that I'm potentially missing? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: According to Microsoft, it's by design From am.lists at gmail.com Fri Feb 16 03:49:34 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 16 02:54:06 2007 Subject: FuzzyOcr In-Reply-To: <45D51121.1060400@evi-inc.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> <45D4ECC6.8030802@evi-inc.com> <223f97700702151544t6aba3263vc5cb9c96c55c1246@mail.gmail.com> <45D501DD.4030605@evi-inc.com> <223f97700702151731p77f5bca6x5505320e76627ff1@mail.gmail.com> <45D51121.1060400@evi-inc.com> Message-ID: <25a66d840702151849m3a38f22dnc28774df231982c8@mail.gmail.com> I had based my first response to Jeremy based on my own problem that was exactly the way he was describing his problem... that is to say: when I lint and test as root, I see my focr results/tests. when I lint and test in the running config, I don't see focr scans happening. For me, I knew my config... and absent anyone else complaining about this particular issue on any other technology, that led me to the postfix user permissions issue that was not evident to me until I su'ed to the postfix user and ran the tests and compared the results to that of root's tests. Although I was right in my advice, I will be more thorough about understanding everything possible about the environment first when giving advice :-) From chandler.lists at chapman.edu Fri Feb 16 05:14:44 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 04:19:21 2007 Subject: Recent issue with SORBS In-Reply-To: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> Message-ID: <45D52FB4.7090902@chapman.edu> am.lists wrote: > I would prefix the suffix with OT, but this list seems pretty > forgiving for topics that shift a bit. > > Our SMTP server (outbound) has an IP that is in a block that was > assigned to us (we own about 40 IPs in the entire /24). > > Now, as the result of some other other customer's behavior, we have > hoops to jump through to get off of that list. > > We contacted SORBS: They said that "it's up to [us] to choose where > we want to be hosted, and we're currently hosting in the Internet > equivalent of a crack slum" Entirely possible. Matthew tends to be a bit... overzealous, sometimes, but he's got a nose for spam. If you don't mind my asking, who's your provider? If you're more comfortable emailing it to me off-list, I won't repost it. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: According to Microsoft, it's by design From ram at netcore.co.in Fri Feb 16 07:25:29 2007 From: ram at netcore.co.in (Ramprasad) Date: Fri Feb 16 06:30:20 2007 Subject: mailscanner behind a smtpd frontend trust network Message-ID: <1171607129.22188.16.camel@darkstar.netcore.co.in> Hello, If the MX is pointed to some machine and is then relayed to my MailScanner box how can I configure whitelisted IPs I currently use MailScanner on the MX box with MailScanner.conf ------------------- Is Definitely Not Spam= /path/whitelist And in the file ----------------- From: 1.1.1.1 and To: mydomain.com yes Will this work if I move the MailScanner box behind a smtpd frontend Thanks Ram From a.peacock at chime.ucl.ac.uk Fri Feb 16 09:08:37 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 16 08:13:20 2007 Subject: BAYES issues In-Reply-To: References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> Message-ID: <45D56685.7070200@chime.ucl.ac.uk> Scott Silva wrote: > Anthony Peacock spake the following on 2/15/2007 11:38 AM: >> Jay Chandler wrote: >>> Anthony Peacock wrote: >>>> This message got a BAYES_20 score. Your SA is using Bayes correctly. >>>> >>>> Why don't you think it is working? >>> aconcagua# cat /var/log/maillog |grep BAYES >>> Feb 15 01:24:24 aconcagua MailScanner[57909]: Message A60174554E.EC45D >>> from 65.54.246.232 (bf1997@hotmail.fr) to chapman.edu is spam, >>> SpamAssassin (not cached, score=8.308, required 6, SARE_BAYES_5x7 >>> 0.60, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, >>> SARE_FRAUD_X6 1.67, SARE_MILLIONSOF 0.32, SARE_URGBIZ 0.72) >>> Feb 15 05:44:29 aconcagua MailScanner[98220]: Message 55C7A455C4.48148 >>> from 146.142.40.232 (bounce-ximpim-351275@list.bls.gov) to chapman.edu >>> is not spam, SpamAssassin (not cached, score=3.5, required 6, >>> MANGLED_MEDS 2.30, SARE_BAYES_5x7 0.60, SARE_BAYES_6x7 0.60) >>> aconcagua# >>> >>> This is for approximately ten thousand messages since six hours ago. >>> >>> Do I need a Bayes rule that defines scores for each level? I'm not >>> sure I have one by default... >> In which case I suspect that you have a working Bayes for whichever user >> you run the command line tests as, but not for the user which >> MailScanner runs as. >> >> Which user did you log in as to run the SA command line tests? >> >> Which user does MailScanner run as? >> >> By default SA will use different Bayes databases for different users. So >> if MailScanner runs as root it will use root's Bayes database, if you >> then run the SA command line as user jaychandler it will use that user's >> database. >> > But in sql, you need to just have the proper username in the > bayes_sql_override_username setting, and it should work. > I know I use SQL for my Bayes set up. There was nothing in the original debug output from the OP that made me think that he was using SQL for his Bayes database. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From a.peacock at chime.ucl.ac.uk Fri Feb 16 09:14:18 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 16 08:19:02 2007 Subject: BAYES issues In-Reply-To: <45D51B24.70400@chapman.edu> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> Message-ID: <45D567DA.2010908@chime.ucl.ac.uk> Jay Chandler wrote: > Jay Chandler wrote: >> What's more is, I got that output from crontab, running the >> command as the postfix user... >> >> So I'm... rather confused. What should Bayes be showing as in my logs? >> > > Interesting. > > Just linted and got this: > config: warning: score set for non-existent rule BAYES_99 > config: warning: score set for non-existent rule BAYES_95 > config: warning: score set for non-existent rule BAYES_00 > config: warning: score set for non-existent rule BAYES_05 > > Is there a Bayes ruleset file that I'm potentially missing? > Hmm! That does look like you have a screwed up SA configuration. Those are standard rules that come with SA, so if they are missing you have a bad installation. The standard rule file with the Bayes rules in is called 23_bayes.cf It should be installed in /usr/local/share/spamassassin If you run sa-update you may also have a newer copy in /var/lib/spamassassin/3.001007/updates_spamassassin_org (or similar depending on SA version) I am still confused, as you seemed to be able to get a Bayes score when running from the command line, but not when running with MailScanner. There must be something different with the environments between those two. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From a.peacock at chime.ucl.ac.uk Fri Feb 16 09:15:19 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 16 08:20:13 2007 Subject: BAYES issues In-Reply-To: <45D56685.7070200@chime.ucl.ac.uk> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D56685.7070200@chime.ucl.ac.uk> Message-ID: <45D56817.1050509@chime.ucl.ac.uk> Anthony Peacock wrote: > Scott Silva wrote: >> Anthony Peacock spake the following on 2/15/2007 11:38 AM: >>> Jay Chandler wrote: >>>> Anthony Peacock wrote: >>>>> This message got a BAYES_20 score. Your SA is using Bayes correctly. >>>>> >>>>> Why don't you think it is working? >>>> aconcagua# cat /var/log/maillog |grep BAYES >>>> Feb 15 01:24:24 aconcagua MailScanner[57909]: Message A60174554E.EC45D >>>> from 65.54.246.232 (bf1997@hotmail.fr) to chapman.edu is spam, >>>> SpamAssassin (not cached, score=8.308, required 6, SARE_BAYES_5x7 >>>> 0.60, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, >>>> SARE_FRAUD_X6 1.67, SARE_MILLIONSOF 0.32, SARE_URGBIZ 0.72) >>>> Feb 15 05:44:29 aconcagua MailScanner[98220]: Message 55C7A455C4.48148 >>>> from 146.142.40.232 (bounce-ximpim-351275@list.bls.gov) to chapman.edu >>>> is not spam, SpamAssassin (not cached, score=3.5, required 6, >>>> MANGLED_MEDS 2.30, SARE_BAYES_5x7 0.60, SARE_BAYES_6x7 0.60) >>>> aconcagua# >>>> >>>> This is for approximately ten thousand messages since six hours ago. >>>> >>>> Do I need a Bayes rule that defines scores for each level? I'm not >>>> sure I have one by default... >>> In which case I suspect that you have a working Bayes for whichever user >>> you run the command line tests as, but not for the user which >>> MailScanner runs as. >>> >>> Which user did you log in as to run the SA command line tests? >>> >>> Which user does MailScanner run as? >>> >>> By default SA will use different Bayes databases for different users. So >>> if MailScanner runs as root it will use root's Bayes database, if you >>> then run the SA command line as user jaychandler it will use that user's >>> database. >>> >> But in sql, you need to just have the proper username in the >> bayes_sql_override_username setting, and it should work. >> > > I know I use SQL for my Bayes set up. > > There was nothing in the original debug output from the OP that made me > think that he was using SQL for his Bayes database. > Doh! Other than the first sentence stating that he had followed the instructions for setting up Bayes over SQL. Must try reading first... -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From martinh at solidstatelogic.com Fri Feb 16 09:53:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Feb 16 08:58:16 2007 Subject: mailscanner behind a smtpd frontend trust network In-Reply-To: <1171607129.22188.16.camel@darkstar.netcore.co.in> Message-ID: <32d9431ceb012d43a8b5e0b2caf4368c@solidstatelogic.com> Ram Close Is Definitely Not Spam= /path/whitelist.rules The .rules at the end is significant... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ramprasad > Sent: 16 February 2007 06:25 > To: MailScanner discussion > Subject: mailscanner behind a smtpd frontend trust network > > Hello, > > If the MX is pointed to some machine and is then relayed to my > MailScanner box how can I configure whitelisted IPs > > I currently use MailScanner on the MX box with > > MailScanner.conf > ------------------- > Is Definitely Not Spam= /path/whitelist > > > > And in the file > ----------------- > From: 1.1.1.1 and To: mydomain.com yes > > > > > > Will this work if I move the MailScanner box behind a smtpd frontend > > Thanks > Ram > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Fri Feb 16 09:59:00 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 09:03:33 2007 Subject: FuzzyOcr In-Reply-To: <25a66d840702151849m3a38f22dnc28774df231982c8@mail.gmail.com> References: <25a66d840702151345s323ebf1co6253438346554ad6@mail.gmail.com> <223f97700702151522m7e3d338fnfa94619c35261397@mail.gmail.com> <45D4ECC6.8030802@evi-inc.com> <223f97700702151544t6aba3263vc5cb9c96c55c1246@mail.gmail.com> <45D501DD.4030605@evi-inc.com> <223f97700702151731p77f5bca6x5505320e76627ff1@mail.gmail.com> <45D51121.1060400@evi-inc.com> <25a66d840702151849m3a38f22dnc28774df231982c8@mail.gmail.com> Message-ID: <223f97700702160059w73b48e95r79f0b2009534e177@mail.gmail.com> On 16/02/07, am.lists wrote: > I had based my first response to Jeremy based on my own problem that > was exactly the way he was describing his problem... > > that is to say: > > when I lint and test as root, I see my focr results/tests. > when I lint and test in the running config, I don't see focr scans happening. > > For me, I knew my config... and absent anyone else complaining about > this particular issue on any other technology, that led me to the > postfix user permissions issue that was not evident to me until I > su'ed to the postfix user and ran the tests and compared the results > to that of root's tests. > > Although I was right in my advice, I will be more thorough about > understanding everything possible about the environment first when > giving advice :-) Hey, no shadow over you, you did good here. Just us nit-picks doing just that ... picking nits:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Fri Feb 16 10:01:18 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Feb 16 09:06:00 2007 Subject: Image scanning - flesh tones In-Reply-To: <200702152030.l1FKU9nT014859@safir.blacknight.ie> Message-ID: <8dc8c20d913e39449d756bb058e88389@solidstatelogic.com> Given my experience of MailSweeper I'd steer well clear of this. I moved from MailSweeper to MailScanner and went from a 100% busy Dual PIII 1GB ram SCSI based system that could only hold 5 days of live data, hundreds of false positives, missed lots and lots of spam (false negatives!) and most of my time hand holding the thing to.. a 600mhz Celeron, 512MB ram and an IDE disk where I could keep 1 months live data (amost zero false positives, almost zero false negatives) and cpu free was enough to last me for another 2 years spam increase. Oh yeah and my working day back! It may have got better, but I'm not switching back. FuzzyOCR can do OCR based stuff, but for mpg/jpeg stuff like flesh tones etc you'll need something else. Might be worth asking on the Spamassassin-users list if anyone's got plugin that does this stuff (MaiLScanner calls Spamassassin for most of it's spam detection). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Welsh > Sent: 15 February 2007 20:25 > To: MailScanner discussion > Subject: Image scanning - flesh tones > > My employer uses MessageLabs. Apart from the advantage of being > outsourced, > it also scans images in email for flesh tones and therefore blocks some > unsuitable images in messages. As I recall, MailSweeper from Clearswift > used to do this too. > > I know MailScanner can block video images by file type. Does anybody know > of any add-on that does image filtering by content? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From shuttlebox at gmail.com Fri Feb 16 10:02:48 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 16 09:07:20 2007 Subject: wildcards in whitelist In-Reply-To: <20070215174036.GL54461@mikea.ath.cx> References: <45D43FA1.7FBE.00FC.3@medicine.wisc.edu> <20070215174036.GL54461@mikea.ath.cx> Message-ID: <625385e30702160102m3613a396q3bc8dd0bd083e04f@mail.gmail.com> On 2/15/07, mikea wrote: > I think it does. Typically, I'll use whitelist entries in this form: > > FromOrTo: *@domain.com yes > > to catch the case in which good mail comes directly from domain.com, > and > > FromOrTo: *@*.domain.com yes > > for cases in which all subdomains send good mail. Shouldn't just *domain.com cover that? -- /peter From glenn.steen at gmail.com Fri Feb 16 10:09:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 09:14:31 2007 Subject: BAYES issues In-Reply-To: <45D567DA.2010908@chime.ucl.ac.uk> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> Message-ID: <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> On 16/02/07, Anthony Peacock wrote: > Jay Chandler wrote: > > Jay Chandler wrote: > >> What's more is, I got that output from crontab, running the > >> command as the postfix user... > >> > >> So I'm... rather confused. What should Bayes be showing as in my logs? > >> > > > > Interesting. > > > > Just linted and got this: > > config: warning: score set for non-existent rule BAYES_99 > > config: warning: score set for non-existent rule BAYES_95 > > config: warning: score set for non-existent rule BAYES_00 > > config: warning: score set for non-existent rule BAYES_05 > > > > Is there a Bayes ruleset file that I'm potentially missing? > > > > Hmm! That does look like you have a screwed up SA configuration. > > Those are standard rules that come with SA, so if they are missing you > have a bad installation. > > The standard rule file with the Bayes rules in is called 23_bayes.cf > > It should be installed in /usr/local/share/spamassassin > > If you run sa-update you may also have a newer copy in > > /var/lib/spamassassin/3.001007/updates_spamassassin_org (or similar > depending on SA version) > > I am still confused, as you seemed to be able to get a Bayes score when > running from the command line, but not when running with MailScanner. > > There must be something different with the environments between those two. > I'd suspect the settings in MailScanner for things like "SpamAssassin Local State Dir" to be wrong. Since Jays SpamAssassin seems to get along famously without any particular setting, I think he should try setting that to a blank value (so that the "built-into-SA-defaults" kick in, wrt finding the sa-updated stuff), and if that fails set it to something like /var/lib/spamassassin (but only if it still fails). ... Or am I reading this backwards? Could it be some type of bum sa-update not copying everything as it should to the new location... Jay, if you "find /var -name \*bayes.cf -print" what do you get? Did you run/do you run periodically sa-update? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Fri Feb 16 10:24:10 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 16 09:28:56 2007 Subject: BAYES issues In-Reply-To: <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> Message-ID: <45D5783A.2030507@chime.ucl.ac.uk> Glenn Steen wrote: > On 16/02/07, Anthony Peacock wrote: >> Jay Chandler wrote: >> > Jay Chandler wrote: >> >> What's more is, I got that output from crontab, running the >> >> command as the postfix user... >> >> >> >> So I'm... rather confused. What should Bayes be showing as in my >> logs? >> >> >> > >> > Interesting. >> > >> > Just linted and got this: >> > config: warning: score set for non-existent rule BAYES_99 >> > config: warning: score set for non-existent rule BAYES_95 >> > config: warning: score set for non-existent rule BAYES_00 >> > config: warning: score set for non-existent rule BAYES_05 >> > >> > Is there a Bayes ruleset file that I'm potentially missing? >> > >> >> Hmm! That does look like you have a screwed up SA configuration. >> >> Those are standard rules that come with SA, so if they are missing you >> have a bad installation. >> >> The standard rule file with the Bayes rules in is called 23_bayes.cf >> >> It should be installed in /usr/local/share/spamassassin >> >> If you run sa-update you may also have a newer copy in >> >> /var/lib/spamassassin/3.001007/updates_spamassassin_org (or similar >> depending on SA version) >> >> I am still confused, as you seemed to be able to get a Bayes score when >> running from the command line, but not when running with MailScanner. >> >> There must be something different with the environments between those >> two. >> > I'd suspect the settings in MailScanner for things like "SpamAssassin > Local State Dir" to be wrong. Since Jays SpamAssassin seems to get > along famously without any particular setting, I think he should try > setting that to a blank value (so that the "built-into-SA-defaults" > kick in, wrt finding the sa-updated stuff), and if that fails set it > to something like /var/lib/spamassassin (but only if it still fails). That was my initial thought. But even if that is set incorrectly shouldn't SA 'fall back' on the base installed versions in /usr/local/share? Checking that setting will certainly help. > ... Or am I reading this backwards? Could it be some type of bum > sa-update not copying everything as it should to the new location... > Jay, if you "find /var -name \*bayes.cf -print" what do you get? Did > you run/do you run periodically sa-update? At the moment I suspect something like a screwed up sa-update download. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From glenn.steen at gmail.com Fri Feb 16 10:26:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 09:31:23 2007 Subject: Image scanning - flesh tones In-Reply-To: <200702152030.l1FKU9nT014859@safir.blacknight.ie> References: <25a66d840702150909h2036ca78sb5edf863fd13f733@mail.gmail.com> <200702152030.l1FKU9nT014859@safir.blacknight.ie> Message-ID: <223f97700702160126w5f7ebc03l7b664cdf60602a04@mail.gmail.com> On 15/02/07, Paul Welsh wrote: > My employer uses MessageLabs. Apart from the advantage of being outsourced, > it also scans images in email for flesh tones and therefore blocks some > unsuitable images in messages. As I recall, MailSweeper from Clearswift > used to do this too. > > I know MailScanner can block video images by file type. Does anybody know > of any add-on that does image filtering by content? > Um, Paul... Isn't this a bad idea? Ok, even if we assume there is little legit images in your corporate mail, lets assume someone sends a mail containing a portrait image... Maybe in a CV...? Or for that matter the CEOs wife sending him a sample of the photo from their vacation and it being labled as smut...? Sure, images in mail are generally evil, mail should be text only etc etc etc. But in reality, hasn't spam as such moved past the pure XXX porn sh*t by now? I don't have any figures, but I don't even recall last time we got XXX-type spam... So, is this really a valid solution at all? I'm quite aware that everyones mail-flow will differ radically, so perhaps you do get a lot of porn spam... Just asking:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 16 10:38:27 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 09:43:00 2007 Subject: wildcards in whitelist In-Reply-To: <625385e30702160102m3613a396q3bc8dd0bd083e04f@mail.gmail.com> References: <45D43FA1.7FBE.00FC.3@medicine.wisc.edu> <20070215174036.GL54461@mikea.ath.cx> <625385e30702160102m3613a396q3bc8dd0bd083e04f@mail.gmail.com> Message-ID: <223f97700702160138h45516e65q5a11b5c681363500@mail.gmail.com> On 16/02/07, shuttlebox wrote: > On 2/15/07, mikea wrote: > > I think it does. Typically, I'll use whitelist entries in this form: > > > > FromOrTo: *@domain.com yes > > > > to catch the case in which good mail comes directly from domain.com, > > and > > > > FromOrTo: *@*.domain.com yes > > > > for cases in which all subdomains send good mail. > > Shouldn't just *domain.com cover that? > Good question. ISTR Jules expostulating on that subject in the distant past... so I'd assume a list search could turn some nice tidbits up. One obvious flaw with the above would be that then "example.net" and "badexample.net", which are different domains, would likely both match that statement. Perhaps not what one wants. Better to have two lines then (one for *@exmple.net, the other for *@*.example.net). As usual, I might be wrong:-). Another good question is whether one should use envelope address whitelisting at all. Combined with IP addresses or perhaps a "From: ... AND To: ..." construct, but not just plain sender (easily spoofed, one would need other measures to be sure that it couldn't be the case, IMO). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 16 10:46:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 09:50:53 2007 Subject: mailscanner behind a smtpd frontend trust network In-Reply-To: <1171607129.22188.16.camel@darkstar.netcore.co.in> References: <1171607129.22188.16.camel@darkstar.netcore.co.in> Message-ID: <223f97700702160146g5c9ed202x8c3a4233534948a9@mail.gmail.com> On 16/02/07, Ramprasad wrote: > Hello, > > If the MX is pointed to some machine and is then relayed to my > MailScanner box how can I configure whitelisted IPs > > I currently use MailScanner on the MX box with > > MailScanner.conf > ------------------- > Is Definitely Not Spam= /path/whitelist > > > > And in the file > ----------------- > From: 1.1.1.1 and To: mydomain.com yes > > > > > > Will this work if I move the MailScanner box behind a smtpd frontend > If I read you right, I don't think it will. If all mail will "originate" from that "in front" smtp server, the IP address as a criterion would lose any meaning in this context. Why would you want to hide your MailScanner box behind another? If it is a firewall thing (like the icky SMTP proxy in a WatchGuard), simply don't use it, configure it as a simple port forward instead. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ram at netcore.co.in Fri Feb 16 11:17:15 2007 From: ram at netcore.co.in (Ramprasad) Date: Fri Feb 16 10:22:03 2007 Subject: mailscanner behind a smtpd frontend trust network In-Reply-To: <223f97700702160146g5c9ed202x8c3a4233534948a9@mail.gmail.com> References: <1171607129.22188.16.camel@darkstar.netcore.co.in> <223f97700702160146g5c9ed202x8c3a4233534948a9@mail.gmail.com> Message-ID: <1171621035.22188.31.camel@darkstar.netcore.co.in> On Fri, 2007-02-16 at 10:46 +0100, Glenn Steen wrote: > On 16/02/07, Ramprasad wrote: > > Hello, > > > > If the MX is pointed to some machine and is then relayed to my > > MailScanner box how can I configure whitelisted IPs > > > > I currently use MailScanner on the MX box with > > > > MailScanner.conf > > ------------------- > > Is Definitely Not Spam= /path/whitelist > > > > > > > > And in the file > > ----------------- > > From: 1.1.1.1 and To: mydomain.com yes > > > > > > > > > > > > Will this work if I move the MailScanner box behind a smtpd frontend > > > If I read you right, I don't think it will. If all mail will > "originate" from that "in front" smtp server, the IP address as a > criterion would lose any meaning in this context. > Why would you want to hide your MailScanner box behind another? If it > is a firewall thing (like the icky SMTP proxy in a WatchGuard), simply > don't use it, configure it as a simple port forward instead. > Cheers No I dont want to proxy the MTA, today my MX machines receive 350k messages an hour ( 16 loadbalanced machines ) and they do the RBL checks the spam checks , custom whitelist/blacklist etc I need to run a frontend SMTP box to do all the MTA checks and then relay the mails to the Scan box That would mean 60-80% of mails would get rejected before reaching the MailScanner machine But the whitelist/blacklist IPs should work as they were before Thanks Ram From glenn.steen at gmail.com Fri Feb 16 11:25:39 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 10:30:13 2007 Subject: mailscanner behind a smtpd frontend trust network In-Reply-To: <1171621035.22188.31.camel@darkstar.netcore.co.in> References: <1171607129.22188.16.camel@darkstar.netcore.co.in> <223f97700702160146g5c9ed202x8c3a4233534948a9@mail.gmail.com> <1171621035.22188.31.camel@darkstar.netcore.co.in> Message-ID: <223f97700702160225t23df4527v191832b3b26dfd45@mail.gmail.com> On 16/02/07, Ramprasad wrote: > On Fri, 2007-02-16 at 10:46 +0100, Glenn Steen wrote: > > On 16/02/07, Ramprasad wrote: > > > Hello, > > > > > > If the MX is pointed to some machine and is then relayed to my > > > MailScanner box how can I configure whitelisted IPs > > > > > > I currently use MailScanner on the MX box with > > > > > > MailScanner.conf > > > ------------------- > > > Is Definitely Not Spam= /path/whitelist > > > > > > > > > > > > And in the file > > > ----------------- > > > From: 1.1.1.1 and To: mydomain.com yes > > > > > > > > > > > > > > > > > > Will this work if I move the MailScanner box behind a smtpd frontend > > > > > If I read you right, I don't think it will. If all mail will > > "originate" from that "in front" smtp server, the IP address as a > > criterion would lose any meaning in this context. > > Why would you want to hide your MailScanner box behind another? If it > > is a firewall thing (like the icky SMTP proxy in a WatchGuard), simply > > don't use it, configure it as a simple port forward instead. > > Cheers > > No I dont want to proxy the MTA, today my MX machines receive 350k > messages an hour ( 16 loadbalanced machines ) and they do the RBL checks > the spam checks , custom whitelist/blacklist etc > > I need to run a frontend SMTP box to do all the MTA checks and then > relay the mails to the Scan box That would mean 60-80% of mails would > get rejected before reaching the MailScanner machine > > > But the whitelist/blacklist IPs should work as they were before > > Thanks > Ram Right. And as I said, I don't think this will work. How would you preserve the _sending server IP address_ when you effectively "replace" that with your frontend server IP (as viewed from the perspective of the MailScanner boxes? Might one ask if it wouldn't be better to teach all 16 incoming MTAs how to drop things fast? Yes, this would be more administrative work, I can see that. But functionally you'd be doing pretty much the same, wouldn't you? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From am.lists at gmail.com Fri Feb 16 15:57:13 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 16 15:01:51 2007 Subject: Recent issue with SORBS In-Reply-To: <45D52FB4.7090902@chapman.edu> References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com> <45D52FB4.7090902@chapman.edu> Message-ID: <25a66d840702160657x5c8dd2e8q9ce127624ca23ec2@mail.gmail.com> On 2/15/07, Jay Chandler wrote: > If you don't mind my asking, who's your > provider? If you're more comfortable emailing it to me off-list, I > won't repost it. Hi Jay. They're a widely known hosting company ( guess that can be both good and bad... ) The one that got blocked was Crystal Tech. They're based in Phoenix. We are working on building a second site that is based in Ohio. Angelo From amoore at dekalbmemorial.com Fri Feb 16 16:43:41 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Fri Feb 16 15:48:25 2007 Subject: OT: Re: Recent issue with SORBS In-Reply-To: References: <25a66d840702150715u5f383386n79762eb2c2d48a8d@mail.gmail.com><45D48929.20806@fsl.com><25a66d840702150839u6f96f9b3p2635fa50938d88fd@mail.gmail.com><45D49161.3070608@sweet-haven.com> Message-ID: <60D398EB2DB948409CA1F50D8AF1225701F9AD08@exch1.dekalbmemorial.local> am.lists wrote: > Hi Lew > > On 2/15/07, Lew Wolfgang wrote: >> Trouble is, your disabling SORBS will do nothing unless >> all the smtp servers you send to also drop them. Bottom >> line is unless you figure out how to get off their >> list or change your IP, you're going to loose outgoing >> mail. > Our IP accidentally blacklisted several subnets of static addresses assigned to their business clients a year or so ago while updating their dynamic addresses. Once it was pointed out to them what they had done, it took about 24 hours to get those blocks delisted. I've had a lot of problems with SORBS blacklisting mail servers of the cable provider here. They've outsourced their e-mail operations to AT&T. I only block at the MTA with SORBS' DUL and NOMAIL lists. I use the other SORBS black lists to extended the greylisting interval. That way if it's an "accidental" black listing we should eventually accept the message. I also build my own rbl by analyzing the mailwatch log for persistent spam sources. So should some spam get through the greylisting, it will just get added to my own blacklist. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com From jstevens at athensdistributing.com Fri Feb 16 17:18:08 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Fri Feb 16 16:22:53 2007 Subject: LookOUT 2007 Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> When a new product comes out we always approach it with patience knowing there will be some 'growing pains' to get used to a new GUI or moved/new features etc.. My boss HAD an Audi A8 sedan. It had all the bells and whistles one could imagine. So many every other week it was in the shop because a different bell or whistle was broken or causing issues. Everyone always admired the look of the vehicle and complimented its style and look. He was quick to respond that looks are not everything and rarely worth the price of admission. When asked about the guts of the car he always told the same story. When he wants to use the GPS maps he has to agree to a disclaimer turn a few 'mode' buttons activate the LCD turn of this etc.. and so forth. When he wants to listen to the radio he has to click or push 10 different buttons just to do it. When he want to use a Bluetooth device he has to jump through hoops every time. Why do I have to go through 10 steps every time I want to listen to the radio, he asks. Office 2007 in this way, has made each task more convoluted and tedious to accomplish. Please save yourselves and stay far away from it. THERE IS NO EASY BUTTON!! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, February 12, 2007 11:01 AM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 Res spake the following on 2/11/2007 1:04 PM: > On Sun, 11 Feb 2007, Mike Kercher wrote: > >> Right click the message itself and select Message Options. I find >> Outlook 2007 to be MUCH slower than 2003. I'm am not impressed by Vista >> or Office 2007 so far. > > > The add slogan goes "the wow starts now" > > they're right, "wow, we really gota use another OS, and now" > ..and one don't have to pay several hundreds of dollars for :P > > Just about every list im on many people have bagged it. > I still enjoy an M$ free zone :P > > It might even get the PHB's here interested in a Linux / Openoffice deployment. We'll see...... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From daniel.maher at ubisoft.com Fri Feb 16 17:42:44 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Fri Feb 16 16:47:21 2007 Subject: "replace this with that" strings Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2046A8859@UBIMAIL1.ubisoft.org> Hello all, Lately, I have received a large number of Spams which instruct my users to "replace with " in order to create a valid URL. I was wondering if anybody had an effective way to block these. My first instinct is to create a simple SA rule - if somebody else has already made one that seems to work, I'd rather not re-invent the wheel. :-) Thanks! -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Four elements! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/59e6f189/attachment.html From sconway at wlnet.com Fri Feb 16 17:48:58 2007 From: sconway at wlnet.com (Stephen Conway) Date: Fri Feb 16 16:50:44 2007 Subject: Allow Filetypes For Certain Recipients Message-ID: <0c4f01c751ea$5a5f7170$0f1e5450$@com> Hello: I have a user who needs to receive mpg files. Would using the Allow Filetypes = and creating a rule file be the right way to do this? What would my rule for my user look like, and the default should be? Thanks, Steve -- ShipMail Now 30% Faster -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/cc34cb67/attachment.html From martinh at solidstatelogic.com Fri Feb 16 17:49:34 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Feb 16 16:54:22 2007 Subject: Allow Filetypes For Certain Recipients In-Reply-To: <0c4f01c751ea$5a5f7170$0f1e5450$@com> Message-ID: <6516e44a784cfe45a272aba17ac0bf08@solidstatelogic.com> Steve You need to 'overload' the filename/types (to put in programming speek).. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Conway > Sent: 16 February 2007 16:49 > To: mailscanner@lists.mailscanner.info > Subject: Allow Filetypes For Certain Recipients > > Hello: > > > > I have a user who needs to receive mpg files. Would using the Allow > Filetypes = and creating a rule file be the right way to do this? What > would my rule for my user look like, and the default should be? > > > > Thanks, > > > Steve > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From JeremyBlonde at grant.k12.ca.us Fri Feb 16 17:54:32 2007 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Fri Feb 16 16:59:13 2007 Subject: FuzzyOcr Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: Thursday, February 15, 2007 4:23 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: FuzzyOcr > > I'm sure you didn't forget to fix /etc/passwd back ;-) > > Thanks for the heads up. I did make sure to change it back once I was done with my troubleshooting. Jeremy Blonde Instructional Technology - Server Support Grant Joint Union High School District From JeremyBlonde at grant.k12.ca.us Fri Feb 16 17:59:40 2007 From: JeremyBlonde at grant.k12.ca.us (Jeremy Blonde) Date: Fri Feb 16 17:04:25 2007 Subject: FuzzyOcr Message-ID: > Hey, no shadow over you, you did good here. Just us nit-picks doing > just that ... picking nits:-) Well no matter what, the information that was provided was enough to get me on the right track. For that I'm thankful. Jeremy Blonde Instructional Technology - Server Support Grant Joint Union High School District From mikea at mikea.ath.cx Fri Feb 16 18:28:49 2007 From: mikea at mikea.ath.cx (mikea) Date: Fri Feb 16 17:33:30 2007 Subject: wildcards in whitelist In-Reply-To: <625385e30702160102m3613a396q3bc8dd0bd083e04f@mail.gmail.com> References: <45D43FA1.7FBE.00FC.3@medicine.wisc.edu> <20070215174036.GL54461@mikea.ath.cx> <625385e30702160102m3613a396q3bc8dd0bd083e04f@mail.gmail.com> Message-ID: <20070216172849.GB60904@mikea.ath.cx> On Fri, Feb 16, 2007 at 10:02:48AM +0100, shuttlebox wrote: > On 2/15/07, mikea wrote: > >I think it does. Typically, I'll use whitelist entries in this form: > > > >FromOrTo: *@domain.com yes > > > >to catch the case in which good mail comes directly from domain.com, > >and > > > >FromOrTo: *@*.domain.com yes > > > >for cases in which all subdomains send good mail. > > Shouldn't just *domain.com cover that? No. *boo.com would cover boo.com, a.boo.com, and so on, but also would cover aboo.com, taboo.com, cariboo.com, and other possibly undesirable cases. The "." is important. My boss fell into a similar trap a year back, telling me to block all mail that matched /cialis/i and not realizing that he'd have me block these words: anarchosocialist, antisocialist, antisocialistic, antisocialistically, artificialism, biracialism, brain specialist, commercialism, commercialist, commercialistic, face specialist, financialist, foot specialist, glacialism, glacialist, guild socialism, guild socialist, guild-socialistic, interracialism, nonsocialist, nonsocialistic, nonspecialist, officialism, presocialism, presocialist, prespecialist, provincialism, provincialist, pseudo officialism, pseudo socialism, pseudo socialist, pseudo specialist, pseudosocialistic, quasi socialist, quasi specialist, racialism, racialist, semisocialism, socialism, socialist, socialistic, specialism, specialist, specialistic, state-socialist, sternofacialis, subspecialist, superficialism, superficialist, unsocialism, unsocialistic Similar problems exist for other regular expressions, and even I sometimes block things I shouldn't. The delimiters are important. Or am I answering the question you asked? -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From ka at pacific.net Fri Feb 16 18:38:35 2007 From: ka at pacific.net (Ken A) Date: Fri Feb 16 17:39:22 2007 Subject: "replace this with that" strings In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D2046A8859@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D2046A8859@UBIMAIL1.ubisoft.org> Message-ID: <45D5EC1B.6050204@pacific.net> Daniel Maher wrote: > Hello all, > > > > Lately, I have received a large number of Spams which instruct my users to "replace with " in order to create a valid URL. I was wondering if anybody had an effective way to block these. My first instinct is to create a simple SA rule - if somebody else has already made one that seems to work, I'd rather not re-invent the wheel. :-) > I'm not a regex expert. (ianare?) .. but this is working pretty well here - it probably hits a few ham, but I don't log non-spam, so not sure! body __LOCAL_BLOCK_REP_THING1 /\b(?:remove|replace|substitute)\s(?:"."|'.'|space)\s(?:with|for)\s(?:"."|'.')/i describe __LOCAL_BLOCK_REP_THING1 replace this with that body __LOCAL_BLOCK_REP_THING2 /\bremove ?(the)?\s(?:"."|'.'|space)\s(?:in the|from the|above|below)/i describe __LOCAL_BLOCK_REP_THING2 replace this with that meta LOCAL_BLOCK_REP_THING (__LOCAL_BLOCK_REP_THING1 || __LOCAL_BLOCK_REP_THING2) describe LOCAL_BLOCK_REP_THING replace or remove a char score LOCAL_BLOCK_REP_THING 2.0 other metrics usually push it over the top tho (combine it with a check for meds, etc..) Ken A Pacific.Net > > Thanks! > > > > -- > > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > > > Four elements! > > > > > From gerard at seibercom.net Fri Feb 16 18:43:27 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Feb 16 17:47:46 2007 Subject: LookOUT 2007 In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> Message-ID: <20070216123253.7926.GERARD@seibercom.net> On Friday February 16, 2007 at 11:18:08 (AM) James R. Stevens wrote: > When a new product comes out we always approach it with patience > knowing there will be some 'growing pains' to get used to a new GUI or > moved/new features etc.. > > My boss HAD an Audi A8 sedan. It had all the bells and whistles one > could imagine. So many every other week it was in the shop because a > different bell or whistle > > was broken or causing issues. Everyone > always admired the look of the vehicle and complimented its style and > look. He was quick to respond that looks are not everything and rarely > worth the price of admission. When asked about the guts of the car he > always told the same story. > > When he wants to use the GPS maps he has to agree to a disclaimer turn > a few 'mode' buttons activate the LCD turn of this etc.. and so forth. > When he wants to listen to the radio he has to click or push 10 > different buttons just to do it. When he want to use a Bluetooth device > he has to jump through hoops every time. > Why do I have to go through 10 steps every time I want to listen to the radio, he asks. > > Office 2007 in this way, has made each task more convoluted and > tedious to accomplish. Please save yourselves and stay far away from it. >THERE IS NO EASY BUTTON!! Please don't top post. If you don't know what that means, Google for it. Also, please try and wrap you lines at some at some reasonably setting; 72 would be a nice number. Obviously you have never heard of 'macros' or have even the faintest concept of configuring a toolbar or customizing a group. Yes, some of these tasks do require knowledge, but so does setting up BIND. Does the fact that a task has a learning curve mean that it should be ignored? I seriously doubt it. Now if you want something any idiot can handle, try PICO. I would suggest 'vi' but that has a learning curve also, obviously something you are not interested in. -- Gerard "It is not the OS's job to stop you from shooting your foot. If you so choose to do so, then it is OS's job to deliver Mr. Bullet to Mr Foot in the most efficient way it knows." From email at ace.net.au Fri Feb 16 19:18:43 2007 From: email at ace.net.au (Peter Nitschke) Date: Fri Feb 16 18:27:52 2007 Subject: LookOUT 2007 In-Reply-To: <20070216123253.7926.GERARD@seibercom.net> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> Message-ID: <200702170448430746.759DB8F5@smtp1.ace.net.au> >Please don't top post. If you don't know what that means, Google for it. >Also, please try and wrap you lines at some at some reasonably setting; >72 would be a nice number. > >Obviously you have never heard of 'macros' or have even the faintest >concept of configuring a toolbar or customizing a group. Yes, some of >these tasks do require knowledge, but so does setting up BIND. Does the >fact that a task has a learning curve mean that it should be ignored? I >seriously doubt it. Now if you want something any idiot can handle, try >PICO. I would suggest 'vi' but that has a learning curve also, obviously >something you are not interested in. > >-- >Gerard I think we found a grumpy dinosaur. Peter From Denis.Beauchemin at USherbrooke.ca Fri Feb 16 19:29:30 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 16 18:34:16 2007 Subject: LookOUT 2007 In-Reply-To: <20070216123253.7926.GERARD@seibercom.net> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> Message-ID: <45D5F80A.3030103@USherbrooke.ca> Gerard Seibert a ?crit : > Also, please try and wrap you lines at some at some reasonably setting; > 72 would be a nice number. > > Who cares about manual line wrap nowadays. Most potable mail clients do it automatically for you according to your screen size. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/f6a8a768/smime.bin From claude.gagne at multitech.qc.ca Fri Feb 16 19:31:08 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Fri Feb 16 18:34:43 2007 Subject: Maximum Archive Depth Message-ID: <45D5F86C.1010903@multitech.qc.ca> Hi, I'm trying to configure MailScanner in a way that he look inside the ZIP files for all user except one. I have found the parameter "Maximum Archive Depth" in my MailScanner.conf but if I change it for the value 0 it changes the parameter system wide. Is it possible ? Thanks ! Claude From jstevens at athensdistributing.com Fri Feb 16 19:33:06 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Fri Feb 16 18:37:46 2007 Subject: LookOUT 2007 Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608804@atlas.athensdistributing.com> Sorry for that, The message was sent from Outlook 2007. I have not found a way to wrap text at 72 CHAR yet. I don't see many options to configure toolbars. So far its all or nothing (On the Ribbon). MACROS? Would that make Office easier to use and faster? Yes, I am versed in vi. Thank you. Hope I didn't offend you. I am not afraid of new technologies or the time it takes to master newly acquired knowledge. That's half the fun. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard Seibert Sent: Friday, February 16, 2007 11:43 AM Please don't top post. If you don't know what that means, Google for it. Also, please try and wrap you lines at some at some reasonably setting; 72 would be a nice number. Obviously you have never heard of 'macros' or have even the faintest concept of configuring a toolbar or customizing a group. Yes, some of these tasks do require knowledge, but so does setting up BIND. Does the fact that a task has a learning curve mean that it should be ignored? I seriously doubt it. Now if you want something any idiot can handle, try PICO. I would suggest 'vi' but that has a learning curve also, obviously something you are not interested in. -- Gerard "It is not the OS's job to stop you from shooting your foot. If you so choose to do so, then it is OS's job to deliver Mr. Bullet to Mr Foot in the most efficient way it knows." -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From dhawal at netmagicsolutions.com Fri Feb 16 19:35:35 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 16 18:40:36 2007 Subject: LookOUT 2007 In-Reply-To: <45D5F80A.3030103@USherbrooke.ca> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <45D5F80A.3030103@USherbrooke.ca> Message-ID: <45D5F977.1050309@netmagicsolutions.com> Denis Beauchemin wrote: > Gerard Seibert a ?crit : >> Also, please try and wrap you lines at some at some reasonably setting; >> 72 would be a nice number. >> >> > Who cares about manual line wrap nowadays. Most potable mail clients do > it automatically for you according to your screen size. > > Denis > another grumpy dinosaur (me ofcourse.. who else) potable == fit for drinking.. though i'd love to have a potable MUA ;-) check mail.. drink download again.. rinse repeat.. From mike at vesol.com Fri Feb 16 19:32:47 2007 From: mike at vesol.com (Mike Kercher) Date: Fri Feb 16 18:42:20 2007 Subject: LookOUT 2007 References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> Message-ID: ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Gerard Seibert Sent: Fri 2/16/2007 11:43 AM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 Please don't top post. If you don't know what that means, Google for it. Also, please try and wrap you lines at some at some reasonably setting; 72 would be a nice number. Obviously you have never heard of 'macros' or have even the faintest concept of configuring a toolbar or customizing a group. Yes, some of these tasks do require knowledge, but so does setting up BIND. Does the fact that a task has a learning curve mean that it should be ignored? I seriously doubt it. Now if you want something any idiot can handle, try PICO. I would suggest 'vi' but that has a learning curve also, obviously something you are not interested in. -- Gerard People like this make me want to top post on purpose. Find something better to complain about...it's Friday! Ever heard of tolerance? Mike -------------- next part -------------- ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Gerard Seibert Sent: Fri 2/16/2007 11:43 AM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 Please don't top post. If you don't know what that means, Google for it. Also, please try and wrap you lines at some at some reasonably setting; 72 would be a nice number. Obviously you have never heard of 'macros' or have even the faintest concept of configuring a toolbar or customizing a group. Yes, some of these tasks do require knowledge, but so does setting up BIND. Does the fact that a task has a learning curve mean that it should be ignored? I seriously doubt it. Now if you want something any idiot can handle, try PICO. I would suggest 'vi' but that has a learning curve also, obviously something you are not interested in. -- Gerard People like this make me want to top post on purpose. Find something better to complain about...it's Friday! Ever heard of tolerance? Mike From chandler.lists at chapman.edu Fri Feb 16 19:43:04 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 18:47:55 2007 Subject: LookOUT 2007 In-Reply-To: <20070216123253.7926.GERARD@seibercom.net> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> Message-ID: <45D5FB38.8020503@chapman.edu> Gerard Seibert wrote: > Please don't top post. If you don't know what that means, Google for it. > Also, please try and wrap you lines at some at some reasonably setting; > 72 would be a nice number. > > Obviously you ...caught you on a morning where somebody peed in your cornflakes? > have never heard of 'macros' or have even the faintest > concept of configuring a toolbar or customizing a group. Yes, some of > these tasks do require knowledge, but so does setting up BIND. Does the > fact that a task has a learning curve mean that it should be ignored? I > seriously doubt it. Now if you want something any idiot can handle, try > PICO. I would suggest 'vi' but that has a learning curve also, obviously > something you are not interested in. > Both solid text editors. If you're seriously suggesting that vi or pico is designed more for "any idiot" than Office 2007, I've got a bridge to sell you. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: According to Microsoft, it's by design From chandler.lists at chapman.edu Fri Feb 16 19:43:45 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 18:48:42 2007 Subject: LookOUT 2007 In-Reply-To: <45D5F977.1050309@netmagicsolutions.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <45D5F80A.3030103@USherbrooke.ca> <45D5F977.1050309@netmagicsolutions.com> Message-ID: <45D5FB61.2000108@chapman.edu> Dhawal Doshy wrote: > another grumpy dinosaur (me ofcourse.. who else) potable == fit for > drinking.. though i'd love to have a potable MUA ;-) > Outlook drives me to drink, but I don't think that's what you meant... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: According to Microsoft, it's by design From chandler.lists at chapman.edu Fri Feb 16 19:46:18 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 18:51:32 2007 Subject: "replace this with that" strings In-Reply-To: <45D5EC1B.6050204@pacific.net> References: <1E293D3FF63A3740B10AD5AAD88535D2046A8859@UBIMAIL1.ubisoft.org> <45D5EC1B.6050204@pacific.net> Message-ID: <45D5FBFA.9000703@chapman.edu> Ken A wrote: > > > Daniel Maher wrote: >> Hello all, >> >> >> >> Lately, I have received a large number of Spams which instruct my >> users to "replace with " in order to create a valid >> URL. I was wondering if anybody had an effective way to block >> these. My first instinct is to create a simple SA rule - if somebody >> else has already made one that seems to work, I'd rather not >> re-invent the wheel. :-) >> > > I'm not a regex expert. (ianare?) .. but this is working pretty well > here - it probably hits a few ham, but I don't log non-spam, so not sure! > > body __LOCAL_BLOCK_REP_THING1 > /\b(?:remove|replace|substitute)\s(?:"."|'.'|space)\s(?:with|for)\s(?:"."|'.')/i > > describe __LOCAL_BLOCK_REP_THING1 replace this with that > > body __LOCAL_BLOCK_REP_THING2 /\bremove > ?(the)?\s(?:"."|'.'|space)\s(?:in the|from the|above|below)/i > describe __LOCAL_BLOCK_REP_THING2 replace this with that > > meta LOCAL_BLOCK_REP_THING (__LOCAL_BLOCK_REP_THING1 || > __LOCAL_BLOCK_REP_THING2) > describe LOCAL_BLOCK_REP_THING replace or remove a char > score LOCAL_BLOCK_REP_THING 2.0 > > other metrics usually push it over the top tho (combine it with a > check for meds, etc..) > > Ken A > Pacific.Net > >> >> Thanks! >> >> >> >> -- >> >> _ >> ?v? Daniel Maher >> /(_)\ Administrateur Syst?me Unix >> ^ ^ Unix System Administrator >> >> >> >> Four elements! >> >> >> >> >> I use this from the SARE list: spacecowboy# cat 75_bad_domain.cf # 2007-01-24 new rules (adapted from Henrik Krohns # on SA list) # http:// [user [:password] @] # + <1 illegal char> + # + ( or / or ? or :) uri local_OBFUDOM /https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9._\-]{1,30})?\@)?[a-z0-9._\-]{1,30}[^a-z0-9._\-\/:'\[][a-z0-9._\-\@]{1,30}(?:$|\/|\?|:[0-9])/i describe local_OBFUDOM Domain contains illegal characters score local_OBFUDOM 1.1 body __obfdomreq1 /\b(?:remove|replace|substitute)\b/i body __obfdomreq2 /(?:\bdomain\b|\baddress\b|"[^"]"|'[^']')/i body __obfdomreq3 /\bImportant!/i meta __obfudomreq (__obfdomreq1 + __obfdomreq2 +__obfdomreq3) > 1 meta local_OBFDOMREQ (local_OBFUDOM && __obfudomreq) describe local_OBFDOMREQ Request to modify obfuscated domain score local_OBFDOMREQ 3.1 body ACKME_OBFURL1a m/\bhttp:\/\/[a-z0-9\-.]+[!*%&, -]+\.?com\b/ describe ACKME_OBFURL1a URL that contains dodgy char score ACKME_OBFURL1a 2.0 body ACKME_OBFURL1b m/Remove "[!*%&, -]+" to make the link working!/i describe ACKME_OBFURL1b make spam link work score ACKME_OBFURL1b 2.0 #body ACKME_OBFURL1c m/(\( )*Important( )*(!|,)* Remove "[!*%&, -]+"( \))*/i #describe ACKME_OBFURL1c make spam link work #score ACKME_OBFURL1c 2.0 body ACKME_OBFURL1d m/Important(,|:)* Replace "[!*%&, -]+" with "."/i describe ACKME_OBFURL1d make spam link work score ACKME_OBFURL1d 2.0 meta ACKME_OBFURL1 (ACKME_OBFURL1a + ACKME_OBFURL1b + ACKME_OBFURL1c + ACKME_OBFURL1d > 1) describe ACKME_OBFURL1 obfuscated URLs and a make spam link work message score ACKME_OBFURL1 6.0 -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From chandler.lists at chapman.edu Fri Feb 16 19:47:52 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 18:52:50 2007 Subject: BAYES issues In-Reply-To: <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> Message-ID: <45D5FC58.7060308@chapman.edu> Glenn Steen wrote: > ... Or am I reading this backwards? Could it be some type of bum > sa-update not copying everything as it should to the new location... > Jay, if you "find /var -name \*bayes.cf -print" what do you get? Did > you run/do you run periodically sa-update? > Daily. spacecowboy# find /var -name \*bayes.cf -print /var/lib/spamassassin/3.001007/updates_spamassassin_org/23_bayes.cf Let me poke around in MailScanner.conf and figure out what's not working... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From glenn.steen at gmail.com Fri Feb 16 19:48:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 18:52:54 2007 Subject: Maximum Archive Depth In-Reply-To: <45D5F86C.1010903@multitech.qc.ca> References: <45D5F86C.1010903@multitech.qc.ca> Message-ID: <223f97700702161048x2cf6f6a6vea5b0293c6352ee3@mail.gmail.com> On 16/02/07, Claude Gagn? wrote: > Hi, > > I'm trying to configure MailScanner in a way that he look inside the ZIP > files for all user except one. I have found the parameter "Maximum > Archive Depth" in my MailScanner.conf but if I change it for the value 0 > it changes the parameter system wide. > > Is it possible ? > > Thanks ! > > Claude Yes. Use a ruleset on the setting you want to vary, something like: FromOrTo: user1@domain.tld 0 FromOrTo: default 2 ... The above applied on Maximum Archive Depth (just put it in a file in the rules directory (named .rules), then set the setting to = %rules-dir%/.rules ... and restart MS) would do MailScanner tests (AVs are generally not affected by this setting... They manage to unpack things themselves) for any archive file, and any archive file found in that "first level" archive... for everyone _except_ user1@domain.tld ... There are good examples for rulesets in /etc/MailScanner/rules (README and EXAMPLES) as well as in the wiki ... and of course: The Book. Buy it, if you haven't already;-). Cheers! -- -- Glenn (getting more tipsy by the minute:-) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From chandler.lists at chapman.edu Fri Feb 16 19:50:54 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 18:55:35 2007 Subject: BAYES issues In-Reply-To: <45D5FC58.7060308@chapman.edu> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5FC58.7060308@chapman.edu> Message-ID: <45D5FD0E.6020300@chapman.edu> Jay Chandler wrote: > > > Let me poke around in MailScanner.conf and figure out what's not > working... > Oh, son of a... /var/lib is NOT the same as /var/lib/spamassassin. I didn't go down a directory far enough. sa-update should now be far happier... Thanks, Glenn. As always, you rock. --Jay -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From glenn.steen at gmail.com Fri Feb 16 19:55:25 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 16 19:00:00 2007 Subject: LookOUT 2007 In-Reply-To: <45D5FB38.8020503@chapman.edu> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <45D5FB38.8020503@chapman.edu> Message-ID: <223f97700702161055r285da860r872514d29d7bedb1@mail.gmail.com> On 16/02/07, Jay Chandler wrote: > Gerard Seibert wrote: > > Please don't top post. If you don't know what that means, Google for it. > > Also, please try and wrap you lines at some at some reasonably setting; > > 72 would be a nice number. > > > > Obviously you > ...caught you on a morning where somebody peed in your cornflakes? > > have never heard of 'macros' or have even the faintest > > concept of configuring a toolbar or customizing a group. Yes, some of > > these tasks do require knowledge, but so does setting up BIND. Does the > > fact that a task has a learning curve mean that it should be ignored? I > > seriously doubt it. Now if you want something any idiot can handle, try > > PICO. I would suggest 'vi' but that has a learning curve also, obviously > > something you are not interested in. > > > Both solid text editors. If you're seriously suggesting that vi or pico > is designed more for "any idiot" than Office 2007, I've got a bridge to > sell you. > You wouldn't have a nice transceiver with AUI IF for him to go with that...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From chandler.lists at chapman.edu Fri Feb 16 19:57:42 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 19:02:34 2007 Subject: BAYES issues In-Reply-To: <45D5783A.2030507@chime.ucl.ac.uk> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5783A.2030507@chime.ucl.ac.uk> Message-ID: <45D5FEA6.7030208@chapman.edu> Anthony Peacock wrote: > Glenn Steen wrote: >> On 16/02/07, Anthony Peacock wrote: >>> Jay Chandler wrote: >>> > Jay Chandler wrote: >>> >> What's more is, I got that output from crontab, running the >>> >> command as the postfix user... >>> >> >>> >> So I'm... rather confused. What should Bayes be showing as in my >>> logs? >>> >> >>> > >>> > Interesting. >>> > >>> > Just linted and got this: >>> > config: warning: score set for non-existent rule BAYES_99 >>> > config: warning: score set for non-existent rule BAYES_95 >>> > config: warning: score set for non-existent rule BAYES_00 >>> > config: warning: score set for non-existent rule BAYES_05 >>> > >>> > Is there a Bayes ruleset file that I'm potentially missing? >>> > >>> >>> Hmm! That does look like you have a screwed up SA configuration. >>> >>> Those are standard rules that come with SA, so if they are missing you >>> have a bad installation. >>> >>> The standard rule file with the Bayes rules in is called 23_bayes.cf >>> >>> It should be installed in /usr/local/share/spamassassin >>> >>> If you run sa-update you may also have a newer copy in >>> >>> /var/lib/spamassassin/3.001007/updates_spamassassin_org (or similar >>> depending on SA version) >>> >>> I am still confused, as you seemed to be able to get a Bayes score when >>> running from the command line, but not when running with MailScanner. >>> >>> There must be something different with the environments between >>> those two. >>> >> I'd suspect the settings in MailScanner for things like "SpamAssassin >> Local State Dir" to be wrong. Since Jays SpamAssassin seems to get >> along famously without any particular setting, I think he should try >> setting that to a blank value (so that the "built-into-SA-defaults" >> kick in, wrt finding the sa-updated stuff), and if that fails set it >> to something like /var/lib/spamassassin (but only if it still fails). > > That was my initial thought. But even if that is set incorrectly > shouldn't SA 'fall back' on the base installed versions in > /usr/local/share? > > Checking that setting will certainly help. > Just fixed a couple path settings-- now I find that the modified rules I put in the directory that's shared by all the MX boxes are being supplanted by the /usr/local/share/spamassassin rules. For example: I set the URIBL score to 6, but now hits on that rule are getting scored a 3. How do I fix this? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From chandler.lists at chapman.edu Fri Feb 16 19:58:36 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 19:03:12 2007 Subject: BAYES issues In-Reply-To: <45D56817.1050509@chime.ucl.ac.uk> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D56685.7070200@chime.ucl.ac.uk> <45D56817.1050509@chime.ucl.ac.uk> Message-ID: <45D5FEDC.3060601@chapman.edu> Anthony Peacock wrote: > Doh! Other than the first sentence stating that he had followed the > instructions for setting up Bayes over SQL. > > Must try reading first... > Yes, I do show the SQL database as being hit by these servers. :-) At least I got THAT nonsense taken care of... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From paul at welshfamily.com Fri Feb 16 20:09:36 2007 From: paul at welshfamily.com (Paul Welsh) Date: Fri Feb 16 19:14:14 2007 Subject: Image scanning - flesh tones In-Reply-To: <200702161100.l1GB0AEN026535@safir.blacknight.ie> Message-ID: <200702161914.l1GJEDh5031628@safir.blacknight.ie> > Date: Fri, 16 Feb 2007 10:26:49 +0100 > From: "Glenn Steen" > Subject: Re: Image scanning - flesh tones > > Um, Paul... Isn't this a bad idea? > Ok, even if we assume there is little legit images in your corporate > mail, lets assume someone sends a mail containing a portrait image... > Maybe in a CV...? Or for that matter the CEOs wife sending him a > sample of the photo from their vacation and it being labled as > smut...? > Sure, images in mail are generally evil, mail should be text only etc > etc etc. But in reality, hasn't spam as such moved past the pure XXX > porn sh*t by now? Sure, this isn't a spam detection thing, it's for stopping unsuitable images being sent/received by users. Once they get into the company they get emailed around the internal mail system and back out again. I realise it's easy for users to circumvent this filtering by downloading images from their personal web mail accounts but we currently use MessageLabs at work and it does block unsuitable images going in or out. Of course, I have no idea whether it is failing to block lots of unsuitable images because I am only alerted to the ones it blocks. I think it does have its uses, but the easiest method is probably to quarantine image files over a certain size. I know I can quarantine images but not sure about filtering on file type + size with MailScanner. It will be trial and error, obviously. Naturally, the costs of MailScanner vs MessageLabs don't bear comparison. The former is GBP43 per user per year whereas MailScanner is the cost of 2 servers (one for redundancy) plus a commercial AV scanner. We have a Sophos site licence so the commercial AV licence is covered. I'd add Clam too. The only downside apart from the image scanning and the time it costs to setup and maintain is the slight overhead of spam and virus infected messages using up our leased line bandwidth (such messages don't make it down our leased line with MessageLabs). No contest. From Denis.Beauchemin at USherbrooke.ca Fri Feb 16 20:15:45 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 16 19:20:34 2007 Subject: "replace this with that" strings In-Reply-To: <45D5FBFA.9000703@chapman.edu> References: <1E293D3FF63A3740B10AD5AAD88535D2046A8859@UBIMAIL1.ubisoft.org> <45D5EC1B.6050204@pacific.net> <45D5FBFA.9000703@chapman.edu> Message-ID: <45D602E1.2090809@USherbrooke.ca> Jay Chandler a ?crit : > > I use this from the SARE list: > > spacecowboy# cat 75_bad_domain.cf > # 2007-01-24 new rules (adapted from Henrik Krohns > # on SA list) # http:// [user [:password] @] > # + <1 illegal char> + # + ( ofuri> or / or ? or :) > uri local_OBFUDOM > /https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9._\-]{1,30})?\@)?[a-z0-9._\-]{1,30}[^a-z0-9._\-\/:'\[][a-z0-9._\-\@]{1,30}(?:$|\/|\?|:[0-9])/i > > describe local_OBFUDOM Domain contains illegal > characters > score local_OBFUDOM 1.1 > > body __obfdomreq1 /\b(?:remove|replace|substitute)\b/i > body __obfdomreq2 /(?:\bdomain\b|\baddress\b|"[^"]"|'[^']')/i > body __obfdomreq3 /\bImportant!/i > meta __obfudomreq (__obfdomreq1 + __obfdomreq2 > +__obfdomreq3) > 1 > meta local_OBFDOMREQ (local_OBFUDOM && __obfudomreq) > describe local_OBFDOMREQ Request to modify obfuscated > domain > score local_OBFDOMREQ 3.1 > > body ACKME_OBFURL1a m/\bhttp:\/\/[a-z0-9\-.]+[!*%&, -]+\.?com\b/ > describe ACKME_OBFURL1a URL that contains dodgy char > score ACKME_OBFURL1a 2.0 > > body ACKME_OBFURL1b m/Remove "[!*%&, -]+" to make the link working!/i > describe ACKME_OBFURL1b make spam link work > score ACKME_OBFURL1b 2.0 > > #body ACKME_OBFURL1c m/(\( )*Important( )*(!|,)* Remove "[!*%&, > -]+"( \))*/i > #describe ACKME_OBFURL1c make spam link work > #score ACKME_OBFURL1c 2.0 > > body ACKME_OBFURL1d m/Important(,|:)* Replace "[!*%&, -]+" with "."/i > describe ACKME_OBFURL1d make spam link work > score ACKME_OBFURL1d 2.0 > > meta ACKME_OBFURL1 (ACKME_OBFURL1a + ACKME_OBFURL1b + > ACKME_OBFURL1c + ACKME_OBFURL1d > 1) > describe ACKME_OBFURL1 obfuscated URLs and a make spam link work message > score ACKME_OBFURL1 6.0 > > > Are you sure it's from SARE? I can't find it anywhere... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/a3a18963/smime.bin From Denis.Beauchemin at USherbrooke.ca Fri Feb 16 20:17:46 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 16 19:22:32 2007 Subject: LookOUT 2007 In-Reply-To: <45D5F977.1050309@netmagicsolutions.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <45D5F80A.3030103@USherbrooke.ca> <45D5F977.1050309@netmagicsolutions.com> Message-ID: <45D6035A.4060201@USherbrooke.ca> Dhawal Doshy a ?crit : > Denis Beauchemin wrote: >> Gerard Seibert a ?crit : >>> Also, please try and wrap you lines at some at some reasonably setting; >>> 72 would be a nice number. >>> >>> >> Who cares about manual line wrap nowadays. Most potable mail clients >> do it automatically for you according to your screen size. >> >> Denis >> > another grumpy dinosaur (me ofcourse.. who else) potable == fit for > drinking.. though i'd love to have a potable MUA ;-) > > check mail.. drink > download again.. > rinse repeat.. You're right... I should have used "potent" (I think)... but "potable" would have been ok in French... but I like your suggestion about the drink! ;) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/e7f0f178/smime.bin From claude.gagne at multitech.qc.ca Fri Feb 16 20:21:49 2007 From: claude.gagne at multitech.qc.ca (=?ISO-8859-1?Q?Claude_Gagn=E9?=) Date: Fri Feb 16 19:23:37 2007 Subject: Maximum Archive Depth In-Reply-To: <223f97700702161048x2cf6f6a6vea5b0293c6352ee3@mail.gmail.com> References: <45D5F86C.1010903@multitech.qc.ca> <223f97700702161048x2cf6f6a6vea5b0293c6352ee3@mail.gmail.com> Message-ID: <45D6044D.1060100@multitech.qc.ca> Thank you Glenn I'll try that very soon. :) Glenn Steen a ?crit : > On 16/02/07, Claude Gagn? wrote: >> Hi, >> >> I'm trying to configure MailScanner in a way that he look inside the ZIP >> files for all user except one. I have found the parameter "Maximum >> Archive Depth" in my MailScanner.conf but if I change it for the value 0 >> it changes the parameter system wide. >> >> Is it possible ? >> >> Thanks ! >> >> Claude > Yes. Use a ruleset on the setting you want to vary, something like: > FromOrTo: user1@domain.tld 0 > FromOrTo: default 2 > ... The above applied on Maximum Archive Depth (just put it in a file > in the rules directory (named .rules), then set the setting > to = %rules-dir%/.rules ... and restart MS) would do > MailScanner tests (AVs are generally not affected by this setting... > They manage to unpack things themselves) for any archive file, and any > archive file found in that "first level" archive... for everyone > _except_ user1@domain.tld ... There are good examples for rulesets in > /etc/MailScanner/rules (README and EXAMPLES) as well as in the wiki > ... and of course: The Book. Buy it, if you haven't already;-). > > Cheers! -- * Claude Gagn?* / Technicien informatique/ claude.gagne@multitech.qc.ca 226-A, chemin des Poirier Montmagny (Qc) G5V 3X8 T?l. : (418) 248-2247 T?l?c. : (418) 248-2230 *8, rue du Domaine Rivi?re-du-Loup (Qc) G5R 2P5 T?l. : (418) 867-3355 T?l?c. : (418) 867-2775 * -------------- next part -------------- Skipped content of type multipart/related From gerard at seibercom.net Fri Feb 16 20:24:32 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Feb 16 19:28:49 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070216123253.7926.GERARD@seibercom.net> Message-ID: <20070216142020.9461.GERARD@seibercom.net> On Friday February 16, 2007 at 01:32:47 (PM) Mike Kercher wrote: [snip] > People like this make me want to top post on purpose. Find something > better to complain about...it's Friday! > > Ever heard of tolerance? Yes, along with a lot of other words. Ever hear of "conventional norm"? By the way, what does reference to Friday have to do with it? I work 7 days a week. I intend to retire young and rich, not like a lot of the other fools I see out there. -- Gerard http://www.river.com/users/share/etiquette/ http://www.html-faq.com/etiquette/?toppost http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html http://www.neverending.org/~ftobin/resources/formatting_email_replies/ http://www.reedmedia.net/misc/mail/using-mailing-list.html http://groups.google.com/support/bin/answer.py?answer=12348&topic=250 http://en.wikipedia.org/wiki/Godwin's_law From sandrews at andrewscompanies.com Fri Feb 16 20:32:21 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Fri Feb 16 19:37:03 2007 Subject: LookOUT 2007 References: <20070216123253.7926.GERARD@seibercom.net> <20070216142020.9461.GERARD@seibercom.net> Message-ID: <1964AAFBC212F742958F9275BF63DBB042A15F@winchester.andrewscompanies.com> ...young, rich, and obviously cranky. ;) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard Seibert Sent: Friday, February 16, 2007 2:25 PM To: mailscanner@lists.mailscanner.info Subject: Re: LookOUT 2007 On Friday February 16, 2007 at 01:32:47 (PM) Mike Kercher wrote: [snip] > People like this make me want to top post on purpose. Find something > better to complain about...it's Friday! > > Ever heard of tolerance? Yes, along with a lot of other words. Ever hear of "conventional norm"? By the way, what does reference to Friday have to do with it? I work 7 days a week. I intend to retire young and rich, not like a lot of the other fools I see out there. -- Gerard http://www.river.com/users/share/etiquette/ http://www.html-faq.com/etiquette/?toppost http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html http://www.neverending.org/~ftobin/resources/formatting_email_replies/ http://www.reedmedia.net/misc/mail/using-mailing-list.html http://groups.google.com/support/bin/answer.py?answer=12348&topic=250 http://en.wikipedia.org/wiki/Godwin's_law -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From email at ace.net.au Fri Feb 16 20:31:52 2007 From: email at ace.net.au (Peter Nitschke) Date: Fri Feb 16 19:40:09 2007 Subject: LookOUT 2007 In-Reply-To: <20070216142020.9461.GERARD@seibercom.net> References: <20070216123253.7926.GERARD@seibercom.net> <20070216142020.9461.GERARD@seibercom.net> Message-ID: <200702170601520207.75E0AF61@smtp1.ace.net.au> On 16/02/2007 at 2:24 PM Gerard Seibert wrote: >By the way, what does reference to Friday have to do with it? I work 7 >days a week. I intend to retire young and rich, not like a lot of the >other fools I see out there. > >-- >Gerard Good luck, any chance it could be tomorrow? Peter From ka at pacific.net Fri Feb 16 20:42:27 2007 From: ka at pacific.net (Ken A) Date: Fri Feb 16 19:43:19 2007 Subject: "replace this with that" strings In-Reply-To: <45D602E1.2090809@USherbrooke.ca> References: <1E293D3FF63A3740B10AD5AAD88535D2046A8859@UBIMAIL1.ubisoft.org> <45D5EC1B.6050204@pacific.net> <45D5FBFA.9000703@chapman.edu> <45D602E1.2090809@USherbrooke.ca> Message-ID: <45D60923.1020904@pacific.net> Denis Beauchemin wrote: > Jay Chandler a ?crit : >> >> I use this from the SARE list: >> >> spacecowboy# cat 75_bad_domain.cf >> # 2007-01-24 new rules (adapted from Henrik Krohns >> # on SA list) # http:// [user [:password] @] >> # + <1 illegal char> + # + (> ofuri> or / or ? or :) >> uri local_OBFUDOM >> /https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9._\-]{1,30})?\@)?[a-z0-9._\-]{1,30}[^a-z0-9._\-\/:'\[][a-z0-9._\-\@]{1,30}(?:$|\/|\?|:[0-9])/i >> >> describe local_OBFUDOM Domain contains illegal >> characters >> score local_OBFUDOM 1.1 >> >> body __obfdomreq1 /\b(?:remove|replace|substitute)\b/i >> body __obfdomreq2 /(?:\bdomain\b|\baddress\b|"[^"]"|'[^']')/i >> body __obfdomreq3 /\bImportant!/i >> meta __obfudomreq (__obfdomreq1 + __obfdomreq2 >> +__obfdomreq3) > 1 >> meta local_OBFDOMREQ (local_OBFUDOM && __obfudomreq) >> describe local_OBFDOMREQ Request to modify obfuscated >> domain >> score local_OBFDOMREQ 3.1 >> >> body ACKME_OBFURL1a m/\bhttp:\/\/[a-z0-9\-.]+[!*%&, -]+\.?com\b/ >> describe ACKME_OBFURL1a URL that contains dodgy char >> score ACKME_OBFURL1a 2.0 >> >> body ACKME_OBFURL1b m/Remove "[!*%&, -]+" to make the link working!/i >> describe ACKME_OBFURL1b make spam link work >> score ACKME_OBFURL1b 2.0 >> >> #body ACKME_OBFURL1c m/(\( )*Important( )*(!|,)* Remove "[!*%&, >> -]+"( \))*/i >> #describe ACKME_OBFURL1c make spam link work >> #score ACKME_OBFURL1c 2.0 >> >> body ACKME_OBFURL1d m/Important(,|:)* Replace "[!*%&, -]+" with "."/i >> describe ACKME_OBFURL1d make spam link work >> score ACKME_OBFURL1d 2.0 >> >> meta ACKME_OBFURL1 (ACKME_OBFURL1a + ACKME_OBFURL1b + >> ACKME_OBFURL1c + ACKME_OBFURL1d > 1) >> describe ACKME_OBFURL1 obfuscated URLs and a make spam link work message >> score ACKME_OBFURL1 6.0 >> >> >> > Are you sure it's from SARE? I can't find it anywhere... > I think it was posted on the SA list, not a SARE rule as far as I know, but might have been contributed by one of the ninjas. I use it as well as the one I posted. Ken A. Pacific.Net > Denis > From Denis.Beauchemin at USherbrooke.ca Fri Feb 16 20:41:18 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 16 19:46:04 2007 Subject: Vulnerability in SpamAssassin < 3.1.8 Message-ID: <45D608DE.3080602@USherbrooke.ca> In case you didn't know what to do on you Friday afternoon/night: TITLE: SpamAssassin Long URI Denial of Service SECUNIA ADVISORY ID: SA24197 VERIFY ADVISORY: http://secunia.com/advisories/24197/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: SpamAssassin 3.x http://secunia.com/product/4506/ DESCRIPTION: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error and can be exploited to cause a DoS via overly long URIs in the message content. SOLUTION: Update to version 3.1.8. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/1ede7fc6/smime.bin From gerard at seibercom.net Fri Feb 16 20:44:50 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Feb 16 19:49:04 2007 Subject: LookOUT 2007 In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608804@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608804@atlas.athensdistributing.com> Message-ID: <20070216143943.024D.GERARD@seibercom.net> On Friday February 16, 2007 at 01:33:06 (PM) James R. Stevens wrote: > Sorry for that, > The message was sent from Outlook 2007. I have not found a way to wrap > text at 72 CHAR yet. I don't see many options to configure toolbars. So > far its all or nothing (On the Ribbon). MACROS? Would that make Office > easier to use and faster? Yes, I am versed in vi. Thank you. > > Hope I didn't offend you. I am not afraid of new technologies or the > time it takes to master newly acquired knowledge. That's half the fun. This works on Outlook 2002. Sorry, but I do not have the latest version installed on this machine. You can make changes there. You must also be sure to set the default email format to "Pain Text" in an earlier menu. If this does not work on Outlook 2007, I will find out how to do it and relay the information to you. -- Gerard Here is today's useless fact: A dime has 118 ridges around the edge From derek at adcatanzaro.com Fri Feb 16 20:44:37 2007 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Fri Feb 16 19:49:42 2007 Subject: Filename Rules Message-ID: <45D609A5.9050602@adcatanzaro.com> I have a .rules file which allows certain file types to come through based on the domain that is sending. For example, everything from abc.com is allowed. The problem I am having is that I want to allow everything from abc.com through including sub domains, ie. 123.abc.com. I am not sure how many sub-domains the abc.com domain has so I just wanted to know if I can use a wildcard like "*abc.com" in my rules file. Right now the file types I want to allow through are getting blocked if it comes from a sub-domain of abc.com Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Fri Feb 16 20:48:33 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 16 19:53:08 2007 Subject: LookOUT 2007 In-Reply-To: <20070216142020.9461.GERARD@seibercom.net> Message-ID: Gerard Seibert wrote: > On Friday February 16, 2007 at 01:32:47 (PM) Mike Kercher wrote: > > [snip] > >> People like this make me want to top post on purpose. Find something >> better to complain about...it's Friday! >> >> Ever heard of tolerance? > > Yes, along with a lot of other words. Ever hear of "conventional > norm"? > > By the way, what does reference to Friday have to do with it? I work 7 > days a week. I intend to retire young and rich, not like a lot of the > other fools I see out there. > > -- > Gerard > > http://www.river.com/users/share/etiquette/ > http://www.html-faq.com/etiquette/?toppost > http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html > http://www.neverending.org/~ftobin/resources/formatting_email_replies/ > http://www.reedmedia.net/misc/mail/using-mailing-list.html > http://groups.google.com/support/bin/answer.py?answer=12348&topic=250 > http://en.wikipedia.org/wiki/Godwin's_law The 'conventional norm' seems to vary from one newsgroup or email list to another. On this list, the norm is to roll with the punches, and as a matter of fact, our resident hero Julian frequently top posts himself. Since it's his baby, if it's good enough for him it's good enough for the rest of us. Another convention that we have here is to generally be very forgiving of people doing it a little differently than ourselves. It ain't worth losing sleep over. BTW, the conventional norm for signatures has historically been to limit them to four lines or less. Just thought you might want to know. :-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From jon at radel.com Fri Feb 16 20:54:33 2007 From: jon at radel.com (Jon Radel) Date: Fri Feb 16 19:59:30 2007 Subject: LookOUT 2007 In-Reply-To: <1964AAFBC212F742958F9275BF63DBB042A15F@winchester.andrewscompanies.com> References: <20070216123253.7926.GERARD@seibercom.net> <20070216142020.9461.GERARD@seibercom.net> <1964AAFBC212F742958F9275BF63DBB042A15F@winchester.andrewscompanies.com> Message-ID: <45D60BF9.5010702@radel.com> sandrews@andrewscompanies.com wrote: > ...young, rich, and obviously cranky. ;) > Working 7 days a week is frequently correlated with all 3. Particularly the first and last. Causality is a bit harder to determine. Wish me luck as I install Office 2007 on a sacrificial machine this afternoon to see what happens to a toolbar for Outlook and IE which we support. I'm so looking forward to this. :-) --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/9eb33dd7/smime.bin From ka at pacific.net Fri Feb 16 20:59:11 2007 From: ka at pacific.net (Ken A) Date: Fri Feb 16 19:59:58 2007 Subject: cheap hardware - new mailscanner box Message-ID: <45D60D0F.3020806@pacific.net> Depends on how you define cheap, but I wanted to sing the praises of our latest MailScanner box. It's nice when you can replace three 2U 2650s with a 1U 1950! - no I don't work for dell :-) These dual core processors are nice. Below are my not-so-organized notes from the install fwiw. Ken A. Pacific.Net new mailscanner box - (in inexact order) install a redhat clone (leaving the disk details out of this!) install sendmail, sendmail-cf, sendmail-devel, caching nameserver disable unwanted services setup iptables set selinux to disabled remove utf-8 from i18n setup /etc/aliases yum update setup ssh keys for access from admin servers for distribution of shared config files setup named.conf with zones for locally mirrored rbls setup milters (dnsrbl,null,link,regex,whatever) setup FuzzyOcr and all it's needed bits.. ugh. http://fuzzyocr.own-hero.net/wiki/Downloads http://fuzzyocr.own-hero.net/wiki/Installation-3.5.x yum install giflib-devel yum install giflib-utils yum install libtiff-devel yum install svgalib-devel yum install libX11-devel svn checkout https://svn.sourceforge.net/svnroot/netpbm/advanced netpbm ftp://ftp.uu.net/graphics/jpeg (yum install libjpeg-devel) ftp://quest.jpl.nasa.gov/pub/zlib (yum install zlib-devel) http://libpng.sourceforge.net (yum install libpng-devel) http://prdownloads.sourceforge.net/jocr/gocr-0.43.tar.gz ./configure --with-netpbm=/usr/local/src/netpbm http://ftp.gnu.org/gnu/ocrad/ocrad-0.16.tar.bz2 ./configure http://www.lcdf.org/gifsicle/gifsicle-1.46.tar.gz ./configure setup cpan: install... String::Approx Time::HiRes MLDBM::Sync LWP::Simple ( + whatever else for local use ) setup mailscanner (mailscanner.info) setup fstab with mailscanner incoming in tempfs setup sa + clamav (use easy install package from mailscanner.info) run sa-update-D install rules_du_jour script setup sendmail_in.cf with different .mc file for incoming sendmail for split recipients QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue.in, F=f, r=1, R=8, I=2m')dnl Squeuegroup R$* @ $* $# mqueue R$* $# mqueue setup cron jobs for various checks and cleanup jobs (re-mqueue, quarantine, etc) copy configs & misc scripts over from other mailscanner box /usr/local/[whatever] - scripts for release from quarantine, graphing, etc. /etc/mail - sendmail & milter configs /etc/mail/spamassassin - local rules /usr/lib/MailScanner/MailScanner/CustomFunctions/* - local custom functions /etc/init.d/MailScanner /etc/init.d/[milter start/stop scripts] From mailscanner at yeticomputers.com Fri Feb 16 21:14:34 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Fri Feb 16 20:19:21 2007 Subject: LookOUT 2007 In-Reply-To: <20070216142020.9461.GERARD@seibercom.net> References: <20070216123253.7926.GERARD@seibercom.net> <20070216142020.9461.GERARD@seibercom.net> Message-ID: <45D610AA.3040604@yeticomputers.com> Gerard Seibert wrote: > Yes, along with a lot of other words. Ever hear of "conventional norm"? Gerard, no matter what you (and other top-post extremists) want to think, top and inline posting are neither conventional nor the norm. Which form to use and how much (if any) to quote actually *should* vary, depending on the type of post, type of conversation, information being offered and probably a few other variables I didn't list. *Most* people in business *want* to top post, and they want their responses to be top posted, too. I get frequent requests from business email users to change their settings so that their email replies default to top posting. This basically boils down to personal preference, and how an individual actually reads their lists, whether it's Usenet, mailing lists or (back when I first started discussing this topic) BBS forums and Fidonet. People who use unthreaded clients and skim their lists usually hate top posting because they have to scroll around to see what the conversation is about. People who use threaded clients and read most or all of the posts (or at least most or all of given threads) are generally indifferent, tending to either top or bottom post (depending on their client's default) for quick responses and inline post for longer ones. I fall into the latter category. It's also pretty clear that in simple correspondence, top posting is likely to be more efficient. (Note that I'm not talking about lists in that last sentence, but about email exchanges.) You send me a question, I send you an answer. You don't need to read your own question again to see what you asked. If it's been a long time and you don't remember what you asked (which is going to be comparatively uncommon) then you can scroll, if necessary, through the bottom quoted text. It's when top, bottom or inline posting become a religion that we have problems. There is no flexibility in a religion. I, personally, can get frustrated with reading a long discussion in a threaded reader when a large number of people bottom post, overquoting and forcing me to scroll through every message, skipping tons of stuff I've already read. I don't post to the group complaining about people's posting style, though - I simply grit my teeth and make my way through the thread. Sometimes I decide that particular people post in a way that I simply do not enjoy reading and I filter them. I do agree that poor choices in which kind of post to make can make reading any given individual message difficult. Most readers which properly thread messages make the point mostly moot and return the issue to one of personal preference based on one's reading habits. My gripe is usually not about top or bottom posting, but those who insist that one or the other is always better. Rick From Denis.Beauchemin at USherbrooke.ca Fri Feb 16 21:50:38 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Feb 16 20:55:45 2007 Subject: cheap hardware - new mailscanner box In-Reply-To: <45D60D0F.3020806@pacific.net> References: <45D60D0F.3020806@pacific.net> Message-ID: <45D6191E.4050301@USherbrooke.ca> Ken A a ?crit : > remove utf-8 from i18n Not necessary. I leave it at its default value of "en_US.UTF-8" and have no problem. I will sometimes do an "export LANG=C" before compiling stuff, though... > setup cron jobs for various checks and cleanup jobs (re-mqueue, > quarantine, etc) I also use re-mqueue to move slow-moving emails to slower queues but you have to accept the fact that it's probably not using the same locking mechanism as sendmail's. Sendmail now uses POSIX locking while re-mqueue (and qtool) seem to still use flock. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/319da022/smime.bin From gerard at seibercom.net Fri Feb 16 22:02:37 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Feb 16 21:06:51 2007 Subject: LookOUT 2007 In-Reply-To: <45D610AA.3040604@yeticomputers.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> Message-ID: <20070216155327.532A.GERARD@seibercom.net> On Friday February 16, 2007 at 03:14:34 (PM) Rick Chadderdon wrote: [snip] It boils down to the inability to properly edit their reply. This post is an exaggerated example, but never-the-less an appropriate example. Prior to roughly 2000, AOL and it's ilk of idiots were confined to their own hell. Unfortunately, they have now evolved into Googlers. With their totally unprofessional posting methods, not to mention their glaring inability to display even rudimental spelling and sentence structure, they have proceeded to pollute discussion boards ad-infanitum. This, by the way, is not referring to you. Your posting's reflect an obviously intelligent individual with a defined posting style. Rather, I am referring to posters who are truly 'clueless'. -- Gerard From ka at pacific.net Fri Feb 16 22:20:37 2007 From: ka at pacific.net (Ken A) Date: Fri Feb 16 21:21:24 2007 Subject: cheap hardware - new mailscanner box In-Reply-To: <45D6191E.4050301@USherbrooke.ca> References: <45D60D0F.3020806@pacific.net> <45D6191E.4050301@USherbrooke.ca> Message-ID: <45D62025.5000900@pacific.net> Denis Beauchemin wrote: > Ken A a ?crit : >> remove utf-8 from i18n > Not necessary. I leave it at its default value of "en_US.UTF-8" and > have no problem. I will sometimes do an "export LANG=C" before > compiling stuff, though... >> setup cron jobs for various checks and cleanup jobs (re-mqueue, >> quarantine, etc) > I also use re-mqueue to move slow-moving emails to slower queues but you > have to accept the fact that it's probably not using the same locking > mechanism as sendmail's. Sendmail now uses POSIX locking while > re-mqueue (and qtool) seem to still use flock. Ah, good to know! That could explain the rare but occasional duplicate with body missing and replaced with <>. Thanks, Ken A. Pacific.Net > > Denis > From KGoods at AIAInsurance.com Fri Feb 16 22:29:50 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Fri Feb 16 21:34:32 2007 Subject: OT: RE: LookOUT 2007 Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C291CA@aiainsurance.com> Posting this top and bottom in an attempt to keep everyone happy! ;) Just got married recently and found out to my horror that my new wife likes bottom posting while I, on the other hand, prefer top posting... Sorry couldn't resist.... :) Thanks for a fun Friday (or mid-week depending on the actual day Gerard started his 24-7 job *wink*) distraction.... Kind regards everyone... Ken Gerard Seibert wrote: > On Friday February 16, 2007 at 03:14:34 (PM) Rick Chadderdon wrote: > > [snip] > > It boils down to the inability to properly edit their reply. This post > is an exaggerated example, but never-the-less an appropriate example. > > Prior to roughly 2000, AOL and it's ilk of idiots were confined to > their own hell. Unfortunately, they have now evolved into Googlers. > With their totally unprofessional posting methods, not to mention > their glaring inability to display even rudimental spelling and > sentence structure, they have proceeded to pollute discussion boards > ad-infanitum. > > This, by the way, is not referring to you. Your posting's reflect an > obviously intelligent individual with a defined posting style. > Rather, I am referring to posters who are truly 'clueless'. > > -- > Gerard Posting this top and bottom in an attempt to keep everyone happy! ;) Just got married recently and found out to my horror that my new wife likes bottom posting while I, on the other hand, prefer top posting... Sorry couldn't resist.... :) Thanks for a fun Friday (or mid-week depending on the actual day Gerard started his 24-7 job *wink*) distraction.... Kind regards everyone... Ken BTW.... this should have gone OT: a long time ago... just a little more fuel for the fire!!! :) Ken Goods Network Administrator CropUSA Insurance, Inc. From jon at radel.com Fri Feb 16 22:55:43 2007 From: jon at radel.com (Jon Radel) Date: Fri Feb 16 22:00:44 2007 Subject: OT: RE: LookOUT 2007 In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C291CA@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C291CA@aiainsurance.com> Message-ID: <45D6285F.9060807@radel.com> Ken Goods wrote: > Posting this top and bottom in an attempt to keep everyone happy! ;) > > Just got married recently and found out to my horror that my new wife > likes bottom posting while I, on the other hand, prefer top posting... One point I can't recall having ever seen in one of these discussions is the fact that, in my experience, top posters are much more likely to forward on juicy bits by accident. It can be very rewarding to read down to the bottom. I still remember the e-mail from a client company which came complete with the entire internal discussion planning how to weasel out of the contract with us. And to drag this around slightly closer to on-topic again, despite rants about how the AOL users destroyed the Internet, I think a fair amount of top-posting "blame" can be given to Outlook and other MUAs that came from the LANs and discovered the Internet late. I distinctly recall that the very first version of Outlook that I ever was involved in "connecting" to the Internet made it essentially impossible to bottom post. --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070216/0043adfb/smime.bin From chandler.lists at chapman.edu Fri Feb 16 23:13:26 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 16 22:18:05 2007 Subject: "replace this with that" strings In-Reply-To: <45D60923.1020904@pacific.net> References: <1E293D3FF63A3740B10AD5AAD88535D2046A8859@UBIMAIL1.ubisoft.org> <45D5EC1B.6050204@pacific.net> <45D5FBFA.9000703@chapman.edu> <45D602E1.2090809@USherbrooke.ca> <45D60923.1020904@pacific.net> Message-ID: <45D62C86.5010809@chapman.edu> Ken A wrote: > I think it was posted on the SA list, not a SARE rule as far as I > know, but might have been contributed by one of the ninjas. I use it > as well as the one I posted. > Ken A. > Pacific.Net I should have specified-- it was posted to the SARE Mailing List (not to be confused with the SA mailing list!). -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From res at ausics.net Fri Feb 16 23:54:35 2007 From: res at ausics.net (Res) Date: Fri Feb 16 22:59:18 2007 Subject: LookOUT 2007 In-Reply-To: <20070216123253.7926.GERARD@seibercom.net> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> Message-ID: go away you dont run this list, its dickheads like you that scare new members off to never posting again On Fri, 16 Feb 2007, Gerard Seibert wrote: > Please don't top post. If you don't know what that means, Google for it. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From mailscanner at yeticomputers.com Fri Feb 16 23:54:53 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Fri Feb 16 22:59:36 2007 Subject: LookOUT 2007 In-Reply-To: <20070216155327.532A.GERARD@seibercom.net> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> Message-ID: <45D6363D.3040606@yeticomputers.com> Gerard Seibert wrote: > Prior to roughly 2000, AOL and it's ilk of idiots were confined to their > own hell. Unfortunately, they have now evolved into Googlers. With their > totally unprofessional posting methods, not to mention their glaring > inability to display even rudimental spelling and sentence structure, > they have proceeded to pollute discussion boards ad-infanitum. > Well... Yes. I remember well the massive influx of AOL (and to a lesser degree Prodigy/Genie) idiots, although I recall it happening sometime 'round 1995. Suddenly, newsgroups were inundated by people who wrote poorly, couldn't spell - could barely frame a thought. Frequently, they popped into places just to announce that anyone taking about was , even though they themselves clearly didn't belong there. The Internet went from a fairly elite group of people to the lowest common denominator practically overnight. This is not to say that there haven't been some good things to come out of the explosion of popularity that the Internet experienced back then, but the positive aspects of growth do not, in my opinion, include any benefit to discussion groups. More <> Better. > This, by the way, is not referring to you. Your posting's reflect an > obviously intelligent individual with a defined posting style. Rather, I > am referring to posters who are truly 'clueless'. > Ah... Thank you. It felt as though you were one of those unreasonable people who didn't accept a "defined posting style" unless it was top posting. I apologize if I misread you, but you were rather adamant. :) Rick From res at ausics.net Fri Feb 16 23:57:14 2007 From: res at ausics.net (Res) Date: Fri Feb 16 23:01:53 2007 Subject: LookOUT 2007 In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608804@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608804@atlas.athensdistributing.com> Message-ID: Dont apologise to him :) he's the lists self appointed protocol wanker. On Fri, 16 Feb 2007, James R. Stevens wrote: > Sorry for that, > The message was sent from Outlook 2007. I have not found a way to wrap > text at 72 CHAR yet. I don't see many options to configure toolbars. So > far its all or nothing (On the Ribbon). MACROS? Would that make Office > easier to use and faster? Yes, I am versed in vi. Thank you. > > Hope I didn't offend you. I am not afraid of new technologies or the > time it takes to master newly acquired knowledge. That's half the fun. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard > Seibert > Sent: Friday, February 16, 2007 11:43 AM > > > > Please don't top post. If you don't know what that means, Google for it. > Also, please try and wrap you lines at some at some reasonably setting; > 72 would be a nice number. > > Obviously you have never heard of 'macros' or have even the faintest > concept of configuring a toolbar or customizing a group. Yes, some of > these tasks do require knowledge, but so does setting up BIND. Does the > fact that a task has a learning curve mean that it should be ignored? I > seriously doubt it. Now if you want something any idiot can handle, try > PICO. I would suggest 'vi' but that has a learning curve also, obviously > something you are not interested in. > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Sat Feb 17 00:00:56 2007 From: res at ausics.net (Res) Date: Fri Feb 16 23:05:37 2007 Subject: OT: RE: LookOUT 2007 In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C291CA@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C291CA@aiainsurance.com> Message-ID: ROFLMFAO On Fri, 16 Feb 2007, Ken Goods wrote: > Posting this top and bottom in an attempt to keep everyone happy! ;) > > Just got married recently and found out to my horror that my new wife > likes bottom posting while I, on the other hand, prefer top posting... > > Sorry couldn't resist.... :) > > Thanks for a fun Friday (or mid-week depending on the actual day > Gerard started his 24-7 job *wink*) distraction.... > > Kind regards everyone... > Ken > > Gerard Seibert wrote: >> On Friday February 16, 2007 at 03:14:34 (PM) Rick Chadderdon wrote: >> >> [snip] >> >> It boils down to the inability to properly edit their reply. This post >> is an exaggerated example, but never-the-less an appropriate example. >> >> Prior to roughly 2000, AOL and it's ilk of idiots were confined to >> their own hell. Unfortunately, they have now evolved into Googlers. >> With their totally unprofessional posting methods, not to mention >> their glaring inability to display even rudimental spelling and >> sentence structure, they have proceeded to pollute discussion boards >> ad-infanitum. >> >> This, by the way, is not referring to you. Your posting's reflect an >> obviously intelligent individual with a defined posting style. >> Rather, I am referring to posters who are truly 'clueless'. >> >> -- >> Gerard > > Posting this top and bottom in an attempt to keep everyone happy! ;) > > Just got married recently and found out to my horror that my new wife > likes bottom posting while I, on the other hand, prefer top posting... > > Sorry couldn't resist.... :) > > Thanks for a fun Friday (or mid-week depending on the actual day > Gerard started his 24-7 job *wink*) distraction.... > > Kind regards everyone... > Ken > > BTW.... this should have gone OT: a long time ago... just a little > more fuel for the fire!!! :) > > Ken Goods > Network Administrator > CropUSA Insurance, Inc. > > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From steve.swaney at fsl.com Sat Feb 17 00:51:15 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Feb 16 23:54:25 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> Message-ID: <010901c75225$5b440340$11cc09c0$@swaney@fsl.com> Please excuse the top post but . . . OK kids. Julian has been off for a week so this thread is still alive. I'd end it before he gets back which is soon. Just my 2p, Steve Steve Swaney steve@fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: Friday, February 16, 2007 5:55 PM > To: MailScanner discussion > Subject: Re: LookOUT 2007 > > > go away you dont run this list, its dickheads like you that scare new > members off to never posting again > > > On Fri, 16 Feb 2007, Gerard Seibert wrote: > > > Please don't top post. If you don't know what that means, Google for > it. > > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From chandler.lists at chapman.edu Sat Feb 17 09:50:39 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Sat Feb 17 08:55:20 2007 Subject: LookOUT 2007 In-Reply-To: <010901c75225$5b440340$11cc09c0$@swaney@fsl.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <010901c75225$5b440340$11cc09c0$@swaney@fsl.com> Message-ID: <45D6C1DF.20409@chapman.edu> Stephen Swaney wrote: > Please excuse the top post but . . . > > OK kids. Julian has been off for a week so this thread is still alive. I'd > end it before he gets back which is soon. > > Just my 2p, > > Steve > > Steve Swaney > steve@fsl.com > Eep! Is Dad gonna take his belt off? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From chandler.lists at chapman.edu Sat Feb 17 10:03:34 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Sat Feb 17 09:08:13 2007 Subject: clamAV 0.90 Message-ID: <45D6C4E6.4060505@chapman.edu> My machine is prompting me to install ClamAV 0.90. Is this going to break MailScanner in any way, shape, or form? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: A star wars satellite accidently blew up the WAN. From r.berber at computer.org Sat Feb 17 10:46:41 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sat Feb 17 09:51:44 2007 Subject: clamAV 0.90 In-Reply-To: <45D6C4E6.4060505@chapman.edu> References: <45D6C4E6.4060505@chapman.edu> Message-ID: Jay Chandler wrote: > My machine is prompting me to install ClamAV 0.90. Is this going to > break MailScanner in any way, shape, or form? Yes, if you are using clamavmodule MS will stop working (spins creating and terminating childs), Mail::ClamAV does not build under the new version -- things have changed and the perl module has not in more than a year. There is an option, using clamav (the wrapper for clamscan) which means less performance, or what I did, modified the wrapper and use clamdscan. -- Ren? Berber From email at ace.net.au Sat Feb 17 13:24:43 2007 From: email at ace.net.au (Peter Nitschke) Date: Sat Feb 17 12:32:09 2007 Subject: LookOUT 2007 In-Reply-To: <45D6C1DF.20409@chapman.edu> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <010901c75225$5b440340$11cc09c0$@swaney@fsl.com> <45D6C1DF.20409@chapman.edu> Message-ID: <200702172254430381.797FFAC7@smtp1.ace.net.au> On 17/02/2007 at 12:50 AM Jay Chandler wrote: >Eep! Is Dad gonna take his belt off? In this day and age, you might want to rephrase that! :) Peter From jaearick at colby.edu Sat Feb 17 14:26:40 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Feb 17 13:31:23 2007 Subject: problems with 0.90 clamav update? Message-ID: Hi, I just tried clamav 0.90 with MS 4.58.9, using clamav instead of clamavmodule. While MailScanner worked fine, the update_virus_scanners script didn't update the cvd files. I checked my virus.scanners.conf file (ok), hunted around, nothing obvious. Anybody else seen this? Jeff Earickson Colby College From raymond at prolocation.net Sat Feb 17 14:29:39 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Feb 17 13:34:13 2007 Subject: problems with 0.90 clamav update? In-Reply-To: References: Message-ID: Hi! > I just tried clamav 0.90 with MS 4.58.9, using clamav instead of > clamavmodule. While MailScanner worked fine, the update_virus_scanners > script didn't update the cvd files. I checked my virus.scanners.conf > file (ok), hunted around, nothing obvious. Anybody else seen this? The update mechanism is changed, doesnt surprise me really i must say. Bye, Raymond. From jaearick at colby.edu Sat Feb 17 15:40:01 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Feb 17 14:44:45 2007 Subject: problems with 0.90 clamav update? In-Reply-To: References: Message-ID: On Sat, 17 Feb 2007, Raymond Dijkxhoorn wrote: > Date: Sat, 17 Feb 2007 14:29:39 +0100 (CET) > From: Raymond Dijkxhoorn > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: problems with 0.90 clamav update? > > Hi! > >> I just tried clamav 0.90 with MS 4.58.9, using clamav instead of >> clamavmodule. While MailScanner worked fine, the update_virus_scanners >> script didn't update the cvd files. I checked my virus.scanners.conf >> file (ok), hunted around, nothing obvious. Anybody else seen this? > > The update mechanism is changed, doesnt surprise me really i must say. In what way? freshclam is still there. My /etc/clamav/freshclam.conf file didn't get overwritten by the install of 0.90, so I found the 0.90 version in the source code and diffed the two versions. No huge changes. I put the suitably fixed 0.90 version of freshclam.conf in place and tried things again -- still no update. Hmmm. Back to 0.88.7 for me. Jeff Earickson Colby College From raymond at prolocation.net Sat Feb 17 15:56:07 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Feb 17 15:00:43 2007 Subject: problems with 0.90 clamav update? In-Reply-To: References: Message-ID: Hi! >>> I just tried clamav 0.90 with MS 4.58.9, using clamav instead of >>> clamavmodule. While MailScanner worked fine, the update_virus_scanners >>> script didn't update the cvd files. I checked my virus.scanners.conf >>> file (ok), hunted around, nothing obvious. Anybody else seen this? >> The update mechanism is changed, doesnt surprise me really i must say. > In what way? freshclam is still there. My /etc/clamav/freshclam.conf > file didn't get overwritten by the install of 0.90, so I found the > 0.90 version in the source code and diffed the two versions. No huge > changes. I put the suitably fixed 0.90 version of freshclam.conf in > place and tried things again -- still no update. Hmmm. Back to 0.88.7 > for me. Check for 'scripted updates', the procedure is slightly different to increase traffic on the clam mirrors... http://www.clamav.net/binary.html 'One of the most important changes is the availability of scripted updates. Instead of transferring the whole cvd file at each update, only the differences between the latest cvds and the previous versions will be transferred. In case the local copy of the latest cvd is corrupted or the scripted update fails for some reason, freshclam will fallback to the old method. Similarly to cvd files, scripted updates are compressed and digitally signed and are already being distributed. They will dramatically reduce traffic on our mirrors and will allow us to release even more updates in the future.' Bye, Raymond. From glenn.steen at gmail.com Sat Feb 17 17:22:53 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 17 16:27:33 2007 Subject: problems with 0.90 clamav update? In-Reply-To: References: Message-ID: <223f97700702170822h19dbcfdfhca580aff38492d06@mail.gmail.com> On 17/02/07, Raymond Dijkxhoorn wrote: (snip) > Check for 'scripted updates', the procedure is slightly different to > increase traffic on the clam mirrors... Decrease, not increase;-) CHeers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From root at doctor.nl2k.ab.ca Sat Feb 17 18:15:55 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Feb 17 17:21:41 2007 Subject: problems with 0.90 clamav update? In-Reply-To: References: Message-ID: <20070217171555.GA22803@doctor.nl2k.ab.ca> On Sat, Feb 17, 2007 at 09:40:01AM -0500, Jeff A. Earickson wrote: > On Sat, 17 Feb 2007, Raymond Dijkxhoorn wrote: > > >Date: Sat, 17 Feb 2007 14:29:39 +0100 (CET) > >From: Raymond Dijkxhoorn > >Reply-To: MailScanner discussion > >To: MailScanner discussion > >Subject: Re: problems with 0.90 clamav update? > > > >Hi! > > > >>I just tried clamav 0.90 with MS 4.58.9, using clamav instead of > >>clamavmodule. While MailScanner worked fine, the update_virus_scanners > >>script didn't update the cvd files. I checked my virus.scanners.conf > >>file (ok), hunted around, nothing obvious. Anybody else seen this? > > > >The update mechanism is changed, doesnt surprise me really i must say. > > In what way? freshclam is still there. My /etc/clamav/freshclam.conf > file didn't get overwritten by the install of 0.90, so I found the > 0.90 version in the source code and diffed the two versions. No huge > changes. I put the suitably fixed 0.90 version of freshclam.conf in > place and tried things again -- still no update. Hmmm. Back to 0.88.7 > for me. > > Jeff Earickson > Colby College IT is bad enough that the clamav-milter does not recognize sendmail 8.14.0 . For me IMHO. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chandler.lists at chapman.edu Sat Feb 17 23:35:40 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Sat Feb 17 22:40:25 2007 Subject: Image scanning - flesh tones In-Reply-To: <200702161914.l1GJEDh5031628@safir.blacknight.ie> References: <200702161914.l1GJEDh5031628@safir.blacknight.ie> Message-ID: <45D7833C.2010205@chapman.edu> Paul Welsh wrote: > Naturally, the costs of MailScanner vs MessageLabs don't bear comparison. > The former is GBP43 per user per year whereas MailScanner is the cost of 2 > servers (one for redundancy) plus a commercial AV scanner. > s/former/latter/ -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Someone else stole your IP address, call the Internet detectives! From itdept at fractalweb.com Sun Feb 18 20:39:11 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Feb 18 19:44:37 2007 Subject: OT: SMTP authentication not working Message-ID: <45D8AB5F.1020700@fractalweb.com> Hi everyone, I really need some help with Sendmail/Saslauthd; I cannot get this development server to authenticate an SMTP user to allow relaying. I've spent hours RTFMing, googling, etc, but am obviously missing something, and another pair of eyes might help. This system is running Centos 4.4, with Sendmail (8.13.1-3.RHEL4.5), and Cyrus (cyrus-sasl-md5-2.1.19-5.EL4, cyrus-sasl-plain-2.1.19-5.EL4, cyrus-sasl-2.1.19-5.EL4). It's also running MailScanner, ClamAV, etc., but those are not likely involved in today's challenge. Here is the information I've been going over in an attempt to figure this out: Here are sections of sendmail.mc that seem to be related to this issue: # grep AUTH sendmail.mc define(`confAUTH_OPTIONS',`A') dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # Please remember that saslauthd needs to be running for AUTH. TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl # cat /usr/lib/sasl2/Sendmail.conf pwcheck_method:saslauthd I think that saslauthd seems to be working because if I check it in the shell with the correct password, it replies "Success", and fails with the wrong password. #testsaslauthd -u test@domain1.com -p testpass 0: OK "Success." #testsaslauthd -u test@domain1.com -p testpassxx 0: NO "authentication failed" I also tried stopping the saslauthd service and running it manually, then attempting to send a message: # /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -d saslauthd[4587] :main : num_procs : 5 saslauthd[4587] :main : mech_option: NULL saslauthd[4587] :main : run_path : /var/run/saslauthd saslauthd[4587] :main : auth_mech : shadow saslauthd[4587] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept saslauthd[4587] :detach_tty : master pid is: 0 saslauthd[4587] :ipc_init : listening on socket: /var/run/saslauthd/mux saslauthd[4587] :main : using process model saslauthd[4588] :get_accept_lock : acquired accept lock saslauthd[4587] :have_baby : forked child: 4588 saslauthd[4587] :have_baby : forked child: 4589 saslauthd[4587] :have_baby : forked child: 4590 saslauthd[4587] :have_baby : forked child: 4591 saslauthd[4588] :rel_accept_lock : released accept lock saslauthd[4589] :get_accept_lock : acquired accept lock saslauthd[4588] :do_auth : auth failure: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] saslauthd[4588] :do_request : response: NO # tail -f /var/log/maillog Feb 18 10:22:39 devel pop3-login: Login: test@domain1.com [::ffff:xx.xx.xx.xx] [here is a check from Vista "Windows Mail"] Feb 18 10:22:50 devel sendmail[4601]: l1IIMoiU004601: testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA [here is a check from Thunderbird] Feb 18 10:25:12 devel sendmail[4612]: l1IIP0Yu004612: testbox.someisp.net [xx.xx.xx.xx]: possible SMTP attack: command=AUTH, count=6 Feb 18 10:25:36 devel sendmail[4612]: l1IIP0Yu004612: testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA # tail -f /var/log/messages Feb 18 11:25:12 devel saslauthd[4589]: do_auth : auth failure: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] Feb 18 11:25:24 devel saslauthd[4588]: do_auth : auth failure: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db /etc/sasldb2: Bad file descriptor Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db /etc/sasldb2: Bad file descriptor Feb 18 11:25:43 devel sendmail[4894]: no secret in database Feb 18 11:25:43 devel saslauthd[4589]: do_auth : auth failure: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] Feb 18 11:25:43 devel sendmail[4894]: Password verification failed Feb 18 11:25:43 devel saslauthd[4588]: do_auth : auth failure: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db /etc/sasldb2: Bad file descriptor Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db /etc/sasldb2: Bad file descriptor Feb 18 11:25:50 devel sendmail[4894]: no secret in database Feb 18 11:25:50 devel saslauthd[4589]: do_auth : auth failure: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] Feb 18 11:25:50 devel sendmail[4894]: Password verification failed Feb 18 11:25:51 devel saslauthd[4588]: do_auth : auth failure: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] As you can see, I'm stuck. Any assistance would be very much appreciated. Thanks, Chris From mike at vesol.com Mon Feb 19 01:49:55 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Feb 19 00:58:09 2007 Subject: SMTP authentication not working In-Reply-To: <45D8AB5F.1020700@fractalweb.com> References: <45D8AB5F.1020700@fractalweb.com> Message-ID: Here's the relevant section from my sendmail.mc: dnl # TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN SASL')dnl dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl Then: [root@mail mail]# cat /etc/sysconfig/saslauthd # Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled to use. MECH=pam # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS= That's all I do to get saslauthd running. Mike : -----Original Message----- : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- : bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik : Sent: Sunday, February 18, 2007 1:39 PM : To: MailScanner discussion : Subject: OT: SMTP authentication not working : : Hi everyone, : : I really need some help with Sendmail/Saslauthd; I cannot get this : development server to authenticate an SMTP user to allow relaying. I've : spent hours RTFMing, googling, etc, but am obviously missing something, : and another pair of eyes might help. : : This system is running Centos 4.4, with Sendmail (8.13.1-3.RHEL4.5), : and : Cyrus (cyrus-sasl-md5-2.1.19-5.EL4, cyrus-sasl-plain-2.1.19-5.EL4, : cyrus-sasl-2.1.19-5.EL4). It's also running MailScanner, ClamAV, etc., : but those are not likely involved in today's challenge. : : Here is the information I've been going over in an attempt to figure : this out: : : Here are sections of sendmail.mc that seem to be related to this issue: : : # grep AUTH sendmail.mc : define(`confAUTH_OPTIONS',`A') : dnl define(`confAUTH_OPTIONS', `A p')dnl : dnl # Please remember that saslauthd needs to be running for AUTH. : TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl : define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 : LOGIN : PLAIN')dnl : : # cat /usr/lib/sasl2/Sendmail.conf : pwcheck_method:saslauthd : : I think that saslauthd seems to be working because if I check it in the : shell with the correct password, it replies "Success", and fails with : the wrong password. : : #testsaslauthd -u test@domain1.com -p testpass : 0: OK "Success." : #testsaslauthd -u test@domain1.com -p testpassxx : 0: NO "authentication failed" : : I also tried stopping the saslauthd service and running it manually, : then attempting to send a message: : : # /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -d : saslauthd[4587] :main : num_procs : 5 : saslauthd[4587] :main : mech_option: NULL : saslauthd[4587] :main : run_path : /var/run/saslauthd : saslauthd[4587] :main : auth_mech : shadow : saslauthd[4587] :ipc_init : using accept lock file: : /var/run/saslauthd/mux.accept : saslauthd[4587] :detach_tty : master pid is: 0 : saslauthd[4587] :ipc_init : listening on socket: : /var/run/saslauthd/mux : saslauthd[4587] :main : using process model : saslauthd[4588] :get_accept_lock : acquired accept lock : saslauthd[4587] :have_baby : forked child: 4588 : saslauthd[4587] :have_baby : forked child: 4589 : saslauthd[4587] :have_baby : forked child: 4590 : saslauthd[4587] :have_baby : forked child: 4591 : saslauthd[4588] :rel_accept_lock : released accept lock : saslauthd[4589] :get_accept_lock : acquired accept lock : saslauthd[4588] :do_auth : auth failure: [user=test] : [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] : saslauthd[4588] :do_request : response: NO : : # tail -f /var/log/maillog : Feb 18 10:22:39 devel pop3-login: Login: test@domain1.com : [::ffff:xx.xx.xx.xx] : [here is a check from Vista "Windows Mail"] : Feb 18 10:22:50 devel sendmail[4601]: l1IIMoiU004601: : testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN : during connection to MTA : [here is a check from Thunderbird] : Feb 18 10:25:12 devel sendmail[4612]: l1IIP0Yu004612: : testbox.someisp.net [xx.xx.xx.xx]: possible SMTP attack: command=AUTH, : count=6 : Feb 18 10:25:36 devel sendmail[4612]: l1IIP0Yu004612: : testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN : during connection to MTA : : # tail -f /var/log/messages : Feb 18 11:25:12 devel saslauthd[4589]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:24 devel saslauthd[4588]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:43 devel sendmail[4894]: no secret in database : Feb 18 11:25:43 devel saslauthd[4589]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:43 devel sendmail[4894]: Password verification failed : Feb 18 11:25:43 devel saslauthd[4588]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:50 devel sendmail[4894]: no secret in database : Feb 18 11:25:50 devel saslauthd[4589]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:50 devel sendmail[4894]: Password verification failed : Feb 18 11:25:51 devel saslauthd[4588]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : : As you can see, I'm stuck. Any assistance would be very much : appreciated. : : Thanks, : Chris : -- : MailScanner mailing list : mailscanner@lists.mailscanner.info : http://lists.mailscanner.info/mailman/listinfo/mailscanner : : Before posting, read http://wiki.mailscanner.info/posting : : Support MailScanner development - buy the book off the website! From mike at vesol.com Mon Feb 19 01:51:28 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Feb 19 00:59:39 2007 Subject: SMTP authentication not working In-Reply-To: <45D8AB5F.1020700@fractalweb.com> References: <45D8AB5F.1020700@fractalweb.com> Message-ID: Note: Your configs do not list SASL as a trusted mechanism. Mike : -----Original Message----- : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- : bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik : Sent: Sunday, February 18, 2007 1:39 PM : To: MailScanner discussion : Subject: OT: SMTP authentication not working : : Hi everyone, : : I really need some help with Sendmail/Saslauthd; I cannot get this : development server to authenticate an SMTP user to allow relaying. I've : spent hours RTFMing, googling, etc, but am obviously missing something, : and another pair of eyes might help. : : This system is running Centos 4.4, with Sendmail (8.13.1-3.RHEL4.5), : and : Cyrus (cyrus-sasl-md5-2.1.19-5.EL4, cyrus-sasl-plain-2.1.19-5.EL4, : cyrus-sasl-2.1.19-5.EL4). It's also running MailScanner, ClamAV, etc., : but those are not likely involved in today's challenge. : : Here is the information I've been going over in an attempt to figure : this out: : : Here are sections of sendmail.mc that seem to be related to this issue: : : # grep AUTH sendmail.mc : define(`confAUTH_OPTIONS',`A') : dnl define(`confAUTH_OPTIONS', `A p')dnl : dnl # Please remember that saslauthd needs to be running for AUTH. : TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl : define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 : LOGIN : PLAIN')dnl : : # cat /usr/lib/sasl2/Sendmail.conf : pwcheck_method:saslauthd : : I think that saslauthd seems to be working because if I check it in the : shell with the correct password, it replies "Success", and fails with : the wrong password. : : #testsaslauthd -u test@domain1.com -p testpass : 0: OK "Success." : #testsaslauthd -u test@domain1.com -p testpassxx : 0: NO "authentication failed" : : I also tried stopping the saslauthd service and running it manually, : then attempting to send a message: : : # /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -d : saslauthd[4587] :main : num_procs : 5 : saslauthd[4587] :main : mech_option: NULL : saslauthd[4587] :main : run_path : /var/run/saslauthd : saslauthd[4587] :main : auth_mech : shadow : saslauthd[4587] :ipc_init : using accept lock file: : /var/run/saslauthd/mux.accept : saslauthd[4587] :detach_tty : master pid is: 0 : saslauthd[4587] :ipc_init : listening on socket: : /var/run/saslauthd/mux : saslauthd[4587] :main : using process model : saslauthd[4588] :get_accept_lock : acquired accept lock : saslauthd[4587] :have_baby : forked child: 4588 : saslauthd[4587] :have_baby : forked child: 4589 : saslauthd[4587] :have_baby : forked child: 4590 : saslauthd[4587] :have_baby : forked child: 4591 : saslauthd[4588] :rel_accept_lock : released accept lock : saslauthd[4589] :get_accept_lock : acquired accept lock : saslauthd[4588] :do_auth : auth failure: [user=test] : [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown] : saslauthd[4588] :do_request : response: NO : : # tail -f /var/log/maillog : Feb 18 10:22:39 devel pop3-login: Login: test@domain1.com : [::ffff:xx.xx.xx.xx] : [here is a check from Vista "Windows Mail"] : Feb 18 10:22:50 devel sendmail[4601]: l1IIMoiU004601: : testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN : during connection to MTA : [here is a check from Thunderbird] : Feb 18 10:25:12 devel sendmail[4612]: l1IIP0Yu004612: : testbox.someisp.net [xx.xx.xx.xx]: possible SMTP attack: command=AUTH, : count=6 : Feb 18 10:25:36 devel sendmail[4612]: l1IIP0Yu004612: : testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN : during connection to MTA : : # tail -f /var/log/messages : Feb 18 11:25:12 devel saslauthd[4589]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:24 devel saslauthd[4588]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:43 devel sendmail[4894]: no secret in database : Feb 18 11:25:43 devel saslauthd[4589]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:43 devel sendmail[4894]: Password verification failed : Feb 18 11:25:43 devel saslauthd[4588]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db : /etc/sasldb2: Bad file descriptor : Feb 18 11:25:50 devel sendmail[4894]: no secret in database : Feb 18 11:25:50 devel saslauthd[4589]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : Feb 18 11:25:50 devel sendmail[4894]: Password verification failed : Feb 18 11:25:51 devel saslauthd[4588]: do_auth : auth failure: : [user=test] [service=smtp] [realm=domain1.com] [mech=shadow] : [reason=Unknown] : : As you can see, I'm stuck. Any assistance would be very much : appreciated. : : Thanks, : Chris : -- : MailScanner mailing list : mailscanner@lists.mailscanner.info : http://lists.mailscanner.info/mailman/listinfo/mailscanner : : Before posting, read http://wiki.mailscanner.info/posting : : Support MailScanner development - buy the book off the website! From itdept at fractalweb.com Mon Feb 19 03:17:25 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Mon Feb 19 02:22:41 2007 Subject: SMTP authentication not working In-Reply-To: References: <45D8AB5F.1020700@fractalweb.com> Message-ID: <45D908B5.9090901@fractalweb.com> Mike Kercher wrote: > Here's the relevant section from my sendmail.mc: > > dnl # > TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN SASL')dnl > > dnl # The following causes sendmail to additionally listen to port 587 > for > dnl # mail from MUAs that authenticate. Roaming users who can't reach > their > dnl # preferred sendmail daemon due to port 25 being blocked or > redirected find > dnl # this useful. > dnl # > DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl > > Then: > > [root@mail mail]# cat /etc/sysconfig/saslauthd > # Directory in which to place saslauthd's listening socket, pid file, > and so > # on. This directory must already exist. > SOCKETDIR=/var/run/saslauthd > > # Mechanism to use when checking passwords. Run "saslauthd -v" to get a > list > # of which mechanism your installation was compiled to use. > MECH=pam > > # Additional flags to pass to saslauthd on the command line. See > saslauthd(8) > # for the list of accepted flags. > FLAGS= > > That's all I do to get saslauthd running. > > Mike > Mike, Thanks for getting back to me. I have changed the sections of my sendmail.mc file to be the same as yours, and rebuilt sendmail.cf, and restarted MailScanner. Still doesn't work. I also tried changing my /etc/sysconfig/saslauthd file to have "MECH=pam" instead of "MECH=shadow" and restarted saslauthd, but still same problem. I've tried running tcpflow and checking further to see what's going on, and Thunderbird actually tries "AUTH CRAM-MD5" then "AUTH PLAIN" then "AUTH LOGIN" but each time gets "535 5.7.0 authentication failed". I've then taken the base64 strings and decoded them to see if the login/pass is the same (it is), but still not working. What else could it possibly be? Thanks, Chris From listacct at tulsaconnect.com Mon Feb 19 06:57:43 2007 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 19 06:02:24 2007 Subject: Queue files getting stuck - FreeBSD+exim split spool+MS4.58.9 Message-ID: <45D93C57.4060904@tulsaconnect.com> I just deployed a new MailScanner box tonight with the following specs: FreeBSD 6.2-RELEASE/amd64 perl 5.8.8 with threads installed from ports MailScanner 4.58.9 installed from tarball exim 4.66 installed from ports SpamAssassin 3.1.8 installed from tarball (w/Razor2 enabled) All Perl modules installed via CPAN MailScanner is configured for split spool on exim. When I first fired it up, it complained that I had forgotten to create /var/spool/MailScanner (and the subdirs), which I went ahead and did. After that, startup seemed to go fine, and I fired up exim. Everything seemed to go smoothly (and I did get some messages processed OK) until I noticed that the batch size consistently was around 27 messages, even though the box was very lightly loaded. I then grep'ed /var/log/maillog and discovered that MailScanner was processing the same messages over and over. I did a find /var/spool/ -name and found that the -H and -D files did exist in /var/spool/exim_incoming/input/X (where X was the split folder they happened to be in), and the same existed in /var/spool/MailScanner in several differently-named subdirectories, and every time MailScanner was restarted, it duplicated that message over and over in new subdirs. So, for whatever reason, those messages would never get moved to /var/spool/exim/input/X to be picked up by the MTA for delivery even though MailScanner did process them. A grep of /var/log/maillog confirmed that the msgid was received but never sent. Since the batch of messages was small and mostly spam, I decided to just clear them all from all folders I found them in. Once I did that and restarted, the problem seems to have disappeared and messages are being processed as expected. I just wanted to report this in case it is a known issue or is explainable based on my description of events. Unfortunately I did not keep copies of the messages, which I wish I had done to investigate further. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From bamcomp at yahoo.com Mon Feb 19 07:12:34 2007 From: bamcomp at yahoo.com (Brett Moss) Date: Mon Feb 19 06:17:21 2007 Subject: SMTP authentication not working In-Reply-To: <45D908B5.9090901@fractalweb.com> Message-ID: <20070219061234.70042.qmail@web36601.mail.mud.yahoo.com> --- Chris Yuzik wrote: > Mike Kercher wrote: > > Here's the relevant section from my sendmail.mc: > > > > dnl # > > TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 > LOGIN PLAIN')dnl > > define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI > DIGEST-MD5 CRAM-MD5 LOGIN > > PLAIN SASL')dnl > > > > dnl # The following causes sendmail to > additionally listen to port 587 > > for > > dnl # mail from MUAs that authenticate. Roaming > users who can't reach > > their > > dnl # preferred sendmail daemon due to port 25 > being blocked or > > redirected find > > dnl # this useful. > > dnl # > > DAEMON_OPTIONS(`Port=submission, Name=MSA, > M=Ea')dnl > > > > Then: > > > > [root@mail mail]# cat /etc/sysconfig/saslauthd > > # Directory in which to place saslauthd's > listening socket, pid file, > > and so > > # on. This directory must already exist. > > SOCKETDIR=/var/run/saslauthd > > > > # Mechanism to use when checking passwords. Run > "saslauthd -v" to get a > > list > > # of which mechanism your installation was > compiled to use. > > MECH=pam > > > > # Additional flags to pass to saslauthd on the > command line. See > > saslauthd(8) > > # for the list of accepted flags. > > FLAGS= > > > > That's all I do to get saslauthd running. > > > > Mike > > > > Mike, > > Thanks for getting back to me. I have changed the > sections of my > sendmail.mc file to be the same as yours, and > rebuilt sendmail.cf, and > restarted MailScanner. Still doesn't work. > > I also tried changing my /etc/sysconfig/saslauthd > file to have > "MECH=pam" instead of "MECH=shadow" and restarted > saslauthd, but still > same problem. > > I've tried running tcpflow and checking further to > see what's going on, > and Thunderbird actually tries "AUTH CRAM-MD5" then > "AUTH PLAIN" then > "AUTH LOGIN" but each time gets "535 5.7.0 > authentication failed". I've > then taken the base64 strings and decoded them to > see if the login/pass > is the same (it is), but still not working. > > What else could it possibly be? > > Thanks, > Chris Hello, On my CentOS 4.4 machines I use saslpasswd2 to create users. Your maillog seems to indicate it is looking for something in /etc/sasldb2. What do you get from the command sasldblistusers2? Perhaps you need to recreate the userlist using saslpasswd2 if you did not use that the first go 'round. hth, Brett ____________________________________________________________________________________ 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news From a.peacock at chime.ucl.ac.uk Mon Feb 19 09:50:54 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Feb 19 08:56:38 2007 Subject: BAYES issues In-Reply-To: <45D5FEA6.7030208@chapman.edu> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5783A.2030507@chime.ucl.ac.uk> <45D5FEA6.7030208@chapman.edu> Message-ID: <45D964EE.5010906@chime.ucl.ac.uk> Jay Chandler wrote: > Anthony Peacock wrote: >> Glenn Steen wrote: >>> On 16/02/07, Anthony Peacock wrote: >>>> Jay Chandler wrote: >>>> > Jay Chandler wrote: >>>> >> What's more is, I got that output from crontab, running the >>>> >> command as the postfix user... >>>> >> >>>> >> So I'm... rather confused. What should Bayes be showing as in my >>>> logs? >>>> >> >>>> > >>>> > Interesting. >>>> > >>>> > Just linted and got this: >>>> > config: warning: score set for non-existent rule BAYES_99 >>>> > config: warning: score set for non-existent rule BAYES_95 >>>> > config: warning: score set for non-existent rule BAYES_00 >>>> > config: warning: score set for non-existent rule BAYES_05 >>>> > >>>> > Is there a Bayes ruleset file that I'm potentially missing? >>>> > >>>> >>>> Hmm! That does look like you have a screwed up SA configuration. >>>> >>>> Those are standard rules that come with SA, so if they are missing you >>>> have a bad installation. >>>> >>>> The standard rule file with the Bayes rules in is called 23_bayes.cf >>>> >>>> It should be installed in /usr/local/share/spamassassin >>>> >>>> If you run sa-update you may also have a newer copy in >>>> >>>> /var/lib/spamassassin/3.001007/updates_spamassassin_org (or similar >>>> depending on SA version) >>>> >>>> I am still confused, as you seemed to be able to get a Bayes score when >>>> running from the command line, but not when running with MailScanner. >>>> >>>> There must be something different with the environments between >>>> those two. >>>> >>> I'd suspect the settings in MailScanner for things like "SpamAssassin >>> Local State Dir" to be wrong. Since Jays SpamAssassin seems to get >>> along famously without any particular setting, I think he should try >>> setting that to a blank value (so that the "built-into-SA-defaults" >>> kick in, wrt finding the sa-updated stuff), and if that fails set it >>> to something like /var/lib/spamassassin (but only if it still fails). >> >> That was my initial thought. But even if that is set incorrectly >> shouldn't SA 'fall back' on the base installed versions in >> /usr/local/share? >> >> Checking that setting will certainly help. >> > Just fixed a couple path settings-- now I find that the modified rules I > put in the directory that's shared by all the MX boxes are being > supplanted by the /usr/local/share/spamassassin rules. For example: I > set the URIBL score to 6, but now hits on that rule are getting scored a > 3. How do I fix this? Where do you change the settings? Be specific file name and directory. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From mailscanner at barendse.to Mon Feb 19 10:19:44 2007 From: mailscanner at barendse.to (Remco Barendse) Date: Mon Feb 19 10:37:54 2007 Subject: MailScanner Message-ID: I think that after upgrading to clamav 0.9 my MailScanner processes seem to go defunct: ps -A | grep -i ail reveals this: 30838 ? 00:00:00 sendmail 30842 ? 00:00:00 sendmail 30847 ? 00:00:00 sendmail 30871 ? 00:00:00 MailScanner 32495 ? 00:00:02 MailScanner 32547 ? 00:00:02 MailScanner 32594 ? 00:00:02 MailScanner 32643 ? 00:00:02 MailScanner 32692 ? 00:00:00 MailScanner 32712 ? 00:00:00 MailScanner Anyone else seeing this? Thanks! From res at ausics.net Mon Feb 19 11:38:31 2007 From: res at ausics.net (Res) Date: Mon Feb 19 10:43:24 2007 Subject: MailScanner In-Reply-To: References: Message-ID: Do you use clamavmodule? It will break, change to clamav in the interim if clamav is your only virus scanner On Mon, 19 Feb 2007, Remco Barendse wrote: > I think that after upgrading to clamav 0.9 my MailScanner processes seem to > go defunct: > > ps -A | grep -i ail reveals this: > 30838 ? 00:00:00 sendmail > 30842 ? 00:00:00 sendmail > 30847 ? 00:00:00 sendmail > 30871 ? 00:00:00 MailScanner > 32495 ? 00:00:02 MailScanner > 32547 ? 00:00:02 MailScanner > 32594 ? 00:00:02 MailScanner > 32643 ? 00:00:02 MailScanner > 32692 ? 00:00:00 MailScanner > 32712 ? 00:00:00 MailScanner > > Anyone else seeing this? > > Thanks! > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From martinh at solidstatelogic.com Mon Feb 19 11:39:45 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 19 10:44:38 2007 Subject: MailScanner In-Reply-To: Message-ID: <55310760c5f3a547b78eb2e4222ac83c@solidstatelogic.com> Clamscan or clammodule on the scanners... You'll need to run normal clamav, as the module doesn't work with 0.90 yet. Also looks like there some issues with the updater for clamav as well (well the way MS calls the updater anyway). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Remco Barendse > Sent: 19 February 2007 09:20 > To: MailScanner mailing list > Subject: MailScanner > > I think that after upgrading to clamav 0.9 my MailScanner processes seem > to go defunct: > > ps -A | grep -i ail reveals this: > 30838 ? 00:00:00 sendmail > 30842 ? 00:00:00 sendmail > 30847 ? 00:00:00 sendmail > 30871 ? 00:00:00 MailScanner > 32495 ? 00:00:02 MailScanner > 32547 ? 00:00:02 MailScanner > 32594 ? 00:00:02 MailScanner > 32643 ? 00:00:02 MailScanner > 32692 ? 00:00:00 MailScanner > 32712 ? 00:00:00 MailScanner > > Anyone else seeing this? > > Thanks! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From housey at sme-ecom.co.uk Mon Feb 19 12:38:48 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Mon Feb 19 11:43:40 2007 Subject: ramdisk for working dir Message-ID: Hi In the Optimization tips section of http://wiki.mailscanner.info/doku.php?id=maq:index there is a link to Use a ramdisk (tmpfs) for MailScanners working dir - http://www.mailscanner.info/serve/cache/120.html Its a dead link, does anyone know where the doc is? I used it before but have had to rebuild my server. Kind Regards Paul From res at ausics.net Mon Feb 19 12:47:54 2007 From: res at ausics.net (Res) Date: Mon Feb 19 11:52:57 2007 Subject: ramdisk for working dir In-Reply-To: References: Message-ID: On Mon, 19 Feb 2007, Paul Houselander wrote: > Hi > > In the Optimization tips section of > http://wiki.mailscanner.info/doku.php?id=maq:index there is a link to Use a > ramdisk (tmpfs) for MailScanners working dir - > http://www.mailscanner.info/serve/cache/120.html In /etc/fstab none /var/spool/MailScanner/incoming tmpfs size=2G,mode=0755 0 0 Also pays to have your spamassassin cache file located in this path Change the size= to something you can spare -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Mon Feb 19 12:58:02 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 12:02:52 2007 Subject: ramdisk for working dir In-Reply-To: References: Message-ID: <223f97700702190358q32750ec8x27a3ea026d188ad8@mail.gmail.com> On 19/02/07, Res wrote: > On Mon, 19 Feb 2007, Paul Houselander wrote: > > > Hi > > > > In the Optimization tips section of > > http://wiki.mailscanner.info/doku.php?id=maq:index there is a link to Use a > > ramdisk (tmpfs) for MailScanners working dir - > > http://www.mailscanner.info/serve/cache/120.html > > > In /etc/fstab > > none /var/spool/MailScanner/incoming tmpfs size=2G,mode=0755 0 0 > > Also pays to have your spamassassin cache file located in this path > Change the size= to something you can spare > > Used to be that this linked to the ol' faq-o-matic, which seems to have died (again). There are still a few links to it, especially in the MAQ... Res suggestion should work fine, and if someone has the time/energy... perhaps someone would volonteer adding it to the wiki:-). I'm still down with the flu, more or less (at least I hope it's that, and perhaps a bad reaction to my Crohns medications... Else it'd be something sinister:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pmnc at ispgaya.pt Mon Feb 19 13:28:03 2007 From: pmnc at ispgaya.pt (Pedro Cardoso) Date: Mon Feb 19 12:32:56 2007 Subject: MailScanner crashing loop Message-ID: <20070219122803.etg2a68qby9cwksc@webmail.ispgaya.pt> Hi there, I installed a server with MailScanner a year ago following the guide in http://www.hughesjr.com/content/view/14/. The server allways worked fast and stable until a few days ago. The process for MailScanner is in a crash loop for no apparent reason. I have instaled the latest stable version of MailScanner. I already search for possible causes of this with no success, so in my last hope to regain my mail server I ask where if anyone can give a clue of what is going on? I attach parts of the following logs for better understanding of my crazy problem... /var/log/maillog: Feb 19 12:13:00 artconta postfix/master[19398]: daemon started -- version 2.2.10, configuration /etc/postfix Feb 19 12:13:01 artconta MailScanner[19432]: MailScanner E-Mail Virus Scanner version 4.58.9 starting... Feb 19 12:13:01 artconta MailScanner[19432]: Read 764 hostnames from the phishing whitelist Feb 19 12:13:02 artconta MailScanner[19432]: Using SpamAssassin results cache Feb 19 12:13:02 artconta MailScanner[19432]: Connected to SpamAssassin cache database Feb 19 12:13:02 artconta MailScanner[19432]: Enabling SpamAssassin auto-whitelist functionality... Feb 19 12:13:06 artconta MailScanner[19433]: MailScanner E-Mail Virus Scanner version 4.58.9 starting... Feb 19 12:13:06 artconta MailScanner[19433]: Read 764 hostnames from the phishing whitelist Feb 19 12:13:07 artconta MailScanner[19433]: Using SpamAssassin results cache Feb 19 12:13:07 artconta MailScanner[19433]: Connected to SpamAssassin cache database Feb 19 12:13:07 artconta MailScanner[19433]: Enabling SpamAssassin auto-whitelist functionality... Feb 19 12:13:11 artconta MailScanner[19434]: MailScanner E-Mail Virus Scanner version 4.58.9 starting... Feb 19 12:13:11 artconta MailScanner[19434]: Read 764 hostnames from the phishing whitelist Feb 19 12:13:12 artconta MailScanner[19434]: Using SpamAssassin results cache Feb 19 12:13:12 artconta MailScanner[19434]: Connected to SpamAssassin cache database Feb 19 12:13:12 artconta MailScanner[19434]: Enabling SpamAssassin auto-whitelist functionality... Feb 19 12:13:16 artconta MailScanner[19435]: MailScanner E-Mail Virus Scanner version 4.58.9 starting... Feb 19 12:13:16 artconta MailScanner[19435]: Read 764 hostnames from the phishing whitelist Feb 19 12:13:17 artconta MailScanner[19435]: Using SpamAssassin results cache Feb 19 12:13:17 artconta MailScanner[19435]: Connected to SpamAssassin cache database Feb 19 12:13:17 artconta MailScanner[19435]: Enabling SpamAssassin auto-whitelist functionality... Feb 19 12:13:21 artconta MailScanner[19436]: MailScanner E-Mail Virus Scanner version 4.58.9 starting... Feb 19 12:13:21 artconta MailScanner[19436]: Read 764 hostnames from the phishing whitelist Feb 19 12:13:22 artconta MailScanner[19436]: Using SpamAssassin results cache Feb 19 12:13:22 artconta MailScanner[19436]: Connected to SpamAssassin cache database Feb 19 12:13:22 artconta MailScanner[19436]: Enabling SpamAssassin auto-whitelist functionality... Feb 19 12:13:26 artconta MailScanner[19438]: MailScanner E-Mail Virus Scanner version 4.58.9 starting... /var/log/messages: Feb 19 12:12:59 artconta MailScanner: succeeded Feb 19 12:13:00 artconta MailScanner: succeeded Feb 19 12:13:01 artconta MailScanner: MailScanner setting GID to postfix (89) Feb 19 12:13:01 artconta MailScanner: MailScanner setting UID to postfix (89) Feb 19 12:13:01 artconta MailScanner: succeeded Feb 19 12:13:11 artconta MailScanner: Process did not exit cleanly, returned 127 with signal 0 Feb 19 12:13:46 artconta last message repeated 7 times Regards, -- Pedro Cardoso [ pmnc@ispgaya.pt ] ---------------------------------------------------------------- Este email foi enviado via o webmail do ISPGaya Instituto Superior Polit?cnico Gaya From steve.freegard at fsl.com Mon Feb 19 13:30:35 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Feb 19 12:35:34 2007 Subject: MailScanner crashing loop In-Reply-To: <20070219122803.etg2a68qby9cwksc@webmail.ispgaya.pt> References: <20070219122803.etg2a68qby9cwksc@webmail.ispgaya.pt> Message-ID: <45D9986B.6040909@fsl.com> Hi Pedro, Pedro Cardoso wrote: > Hi there, > > I installed a server with MailScanner a year ago following the guide in > http://www.hughesjr.com/content/view/14/. > > The server allways worked fast and stable until a few days ago. > > The process for MailScanner is in a crash loop for no apparent reason. > > I have instaled the latest stable version of MailScanner. > > I already search for possible causes of this with no success, so in my last hope > to regain my mail server I ask where if anyone can give a clue of what is going > on? > > I attach parts of the following logs for better understanding of my crazy > problem... > > /var/log/maillog: Run 'MailScanner --debug' and post the output. Kind regards, Steve. From steve.freegard at fsl.com Mon Feb 19 13:51:56 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Feb 19 12:56:54 2007 Subject: MailScanner crashing loop In-Reply-To: <20070219124839.zv8b1q6s1ceoso4s@webmail.ispgaya.pt> References: <20070219122803.etg2a68qby9cwksc@webmail.ispgaya.pt> <45D9986B.6040909@fsl.com> <20070219124839.zv8b1q6s1ceoso4s@webmail.ispgaya.pt> Message-ID: <45D99D6B.3080505@fsl.com> Hi Pedro, Pedro Cardoso wrote: > First of all thanks for the quick response :) > > He''s the output: > [root@artconta ~]# MailScanner --debug > In Debugging mode, not forking... > /usr/bin/perl: symbol lookup error: > /usr/lib64/perl5/site_perl/5.8.5/x86_64-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so: > > undefined symbol: cl_buildtrie > > Some hint of what I can do to resolve this? See all of the posts regarding ClamAV 0.90 - it is not compatible with the Mail::ClamAV module. Change 'clamavmodule' to 'clamav' under your 'Virus Scanners' setting in MailScanner.conf and it will start working again. Kind regards, Steve. From itdept at fractalweb.com Mon Feb 19 14:53:44 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Mon Feb 19 13:59:51 2007 Subject: SMTP authentication not working In-Reply-To: <20070219061234.70042.qmail@web36601.mail.mud.yahoo.com> References: <20070219061234.70042.qmail@web36601.mail.mud.yahoo.com> Message-ID: <45D9ABE8.60607@fractalweb.com> Brett Moss wrote: > Hello, > On my CentOS 4.4 machines I use saslpasswd2 to create > users. Your maillog seems to indicate it is looking > for something in /etc/sasldb2. What do you get from > the command sasldblistusers2? > Perhaps you need to recreate the userlist using > saslpasswd2 if you did not use that the first go > 'round. > Brett, Here's what I get: # sasldblistusers2 listusers failed I don't understand why it's even looking for /etc/sasldb2 when my config only says to use "shadow". That said, I used "saslpasswd2 -c -u domain test@domain1.com" and added the user's password, then sent a message to my gmail account and it worked. "Yay" and "Rats" at the same time; since I'm going to have hundreds of users on this box, there's no way I can manage (manually) keeping this database in sync with /etc/passwd and /etc/shadow. How do I get this system to use the /etc/shadow file to check for passwords instead of /etc/sasldb2? Thanks, Chris From am.lists at gmail.com Mon Feb 19 15:31:52 2007 From: am.lists at gmail.com (am.lists) Date: Mon Feb 19 14:36:40 2007 Subject: MailScanner with MailWatch - add-ons and enhancements? Message-ID: <25a66d840702190631s2b6dcd5ele08f673c354c998f@mail.gmail.com> Because of how well MailWatch seems to work with MailScanner, I assume most of the people on this list are using both together. I know that's an assumption, but it seems like a popular one. I notice that the MailWatch portion seems rather stable but at the same time, a bit outdated. Are there other GUIs that might be more up to date and provide some greater functionality? Here's my wants/needs list: Need: Redesign the user quarantine emails Want: Reskin them per domain, with a default skin where no domain-based skin is found. Need: Rework the quarantine reports: Add "release and learn as ham" and "delete and learn as spam" buttons or links to the messages Want: Ability to mix users requests to do quarantine reports daily or weekly or per-message. (Right now I can only do it as daily or weekly and the low-spam notify messages always come through immediately) Need: Get rid of the "MailScanner has detected a possible fraud attempt" written inline in messages. I know why MS does this, but these days, with the way newsletters are written, links are written one way but the hrefs go somewhere else that track the click as a redirect... Unfortunately seemingly everyone does this now, so I'm not sure how I really feel about it. I would rather just disarm the hrefs. Is this possible? Thanks, Angelo From jstevens at athensdistributing.com Mon Feb 19 16:36:01 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Mon Feb 19 15:40:55 2007 Subject: SMTP authentication not working Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> I agree with Brett, Creating the accounts sounds like the step your missing. Several years ago we setup an smtp AUTH environment and although the password mechanism was different we DID have to create the accounts that were used by SMTP AUTH. > > Mike, > > Thanks for getting back to me. I have changed the > sections of my > sendmail.mc file to be the same as yours, and > rebuilt sendmail.cf, and > restarted MailScanner. Still doesn't work. > > I also tried changing my /etc/sysconfig/saslauthd > file to have > "MECH=pam" instead of "MECH=shadow" and restarted > saslauthd, but still > same problem. > > I've tried running tcpflow and checking further to > see what's going on, > and Thunderbird actually tries "AUTH CRAM-MD5" then > "AUTH PLAIN" then > "AUTH LOGIN" but each time gets "535 5.7.0 > authentication failed". I've > then taken the base64 strings and decoded them to > see if the login/pass > is the same (it is), but still not working. > > What else could it possibly be? > > Thanks, > Chris Hello, On my CentOS 4.4 machines I use saslpasswd2 to create users. Your maillog seems to indicate it is looking for something in /etc/sasldb2. What do you get from the command sasldblistusers2? Perhaps you need to recreate the userlist using saslpasswd2 if you did not use that the first go 'round. hth, Brett ________________________________________________________________________ ____________ 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From kwessel at intenex.net Mon Feb 19 16:55:39 2007 From: kwessel at intenex.net (Keith Wessel) Date: Mon Feb 19 16:00:34 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? Message-ID: <20070219155539.GB22673@zoot.intenex.net> Hello, I upgraded Mail::ClamAV to the latest version using CPAN this morning. It's been working great for me for the past couple years through a number of ClamAV and MailScanner upgrades. I upgraded the Perl module in an attempt to get rid of a MaxCompressionRatio problem I was having with ClamAV. Perl module wasn't reading the clamd.conf file. But after cpan> install Mail-ClamAV I now get ClamAV Perl not found, did you install it? in my mail log. I can run perl -e "require Mail::ClamAV" from a prompt without incident, so I know the module's installed. And I'm using /usr/bin/perl for both MailScanner and from the prompt, so I'm positive everything's running from the same Perl installation. Any thoughts on why MailScanner might not be finding the module after upgrading it? I've fallen back to using clamav instead of clamavmodule in the meantime to keep things up and running, but it doesn't seem to be as efficient. Any help would be appreciated. Thanks, Keith From alex at nkpanama.com Mon Feb 19 17:11:34 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 19 16:17:09 2007 Subject: SMTP authentication not working In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> Message-ID: <45D9CC36.8040807@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: SMTP authentication not working is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 BOTNET_BADDNS IP address doesn't have full circle DNS 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [200.75.226.223 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [200.75.226.223 listed in combined.njabl.org] 2.0 BOTNET Any Botnet rule hit -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman van der Hans Subject: Re: SMTP authentication not working Date: Mon, 19 Feb 2007 11:11:34 -0500 Size: 2830 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/7b75420b/attachment.mht From alex at nkpanama.com Mon Feb 19 17:12:53 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 19 16:18:20 2007 Subject: MailScanner In-Reply-To: <55310760c5f3a547b78eb2e4222ac83c@solidstatelogic.com> References: <55310760c5f3a547b78eb2e4222ac83c@solidstatelogic.com> Message-ID: <45D9CC85.3070902@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: MailScanner is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 BOTNET_BADDNS IP address doesn't have full circle DNS 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [200.75.226.223 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [200.75.226.223 listed in combined.njabl.org] 2.0 BOTNET Any Botnet rule hit -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman van der Hans Subject: Re: MailScanner Date: Mon, 19 Feb 2007 11:12:53 -0500 Size: 1337 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/6ee1116d/attachment.mht From alex at nkpanama.com Mon Feb 19 17:14:19 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 19 16:19:46 2007 Subject: ramdisk for working dir In-Reply-To: References: Message-ID: <45D9CCDB.3070101@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: ramdisk for working dir is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 BOTNET_BADDNS IP address doesn't have full circle DNS 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [200.75.226.223 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [200.75.226.223 listed in combined.njabl.org] 2.0 BOTNET Any Botnet rule hit -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman van der Hans Subject: Re: ramdisk for working dir Date: Mon, 19 Feb 2007 11:14:19 -0500 Size: 1335 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/7b66e9b7/attachment.mht From alex at nkpanama.com Mon Feb 19 17:18:46 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 19 16:24:22 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <20070219155539.GB22673@zoot.intenex.net> References: <20070219155539.GB22673@zoot.intenex.net> Message-ID: <45D9CDE6.6070404@nkpanama.com> Keith Wessel wrote: > Hello, > > I upgraded Mail::ClamAV to the latest version using CPAN this morning. > Any thoughts on why MailScanner might not be finding the module after > upgrading it? > I've fallen back to using clamav instead of clamavmodule in the meantime > to keep things up and running, but it doesn't seem to be as efficient. The module doesn't work with the latest version of clamav. See every other post regarding clamav .90 on the list. I guess we'll have to wait for someone to modify Mail::ClamAV in the meantime. From glenn.steen at gmail.com Mon Feb 19 17:27:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 16:32:21 2007 Subject: MailScanner with MailWatch - add-ons and enhancements? In-Reply-To: <25a66d840702190631s2b6dcd5ele08f673c354c998f@mail.gmail.com> References: <25a66d840702190631s2b6dcd5ele08f673c354c998f@mail.gmail.com> Message-ID: <223f97700702190827g2b6e2c4m8d0a9ab194f39ece@mail.gmail.com> On 19/02/07, am.lists wrote: > Because of how well MailWatch seems to work with MailScanner, I assume > most of the people on this list are using both together. I know that's > an assumption, but it seems like a popular one. > > I notice that the MailWatch portion seems rather stable but at the > same time, a bit outdated. Are there other GUIs that might be more up > to date and provide some greater functionality? No, this is it:-). There is a 2.0 in the works, but Steve hasn't produced more than tantalizing tidbits (there is a 2.0 wishlist in the MailWatch wiki at http://mailwatch.sf.net), and a working/work-in-progress demo of the interface... Search the _MailWatch list_ archives for a link to that. There are options though ... > Here's my wants/needs list: > > Need: Redesign the user quarantine emails > Want: Reskin them per domain, with a default skin where no > domain-based skin is found. These mail notices are either generated by MailScanner, or by the quarantine report ... Depends entirely on what you mean;-). If by MailScanner, you can use a ruleset to make different reports to different domains. > Need: Rework the quarantine reports: Add "release and learn as ham" > and "delete and learn as spam" buttons or links to the messages > Want: Ability to mix users requests to do quarantine reports daily or > weekly or per-message. (Right now I can only do it as daily or weekly > and the low-spam notify messages always come through immediately) I imagine you can write this yourself:-). It would likely fit better with what is planned for 2.0 than 1.x though. > Need: Get rid of the "MailScanner has detected a possible fraud > attempt" written inline in messages. I know why MS does this, but > these days, with the way newsletters are written, links are written > one way but the hrefs go somewhere else that track the click as a > redirect... Unfortunately seemingly everyone does this now, so I'm not > sure how I really feel about it. I would rather just disarm the hrefs. > Is this possible? This again is pure MailScanner... Either turn off the Phishing net or whitelist the culprits (domain part of address/URL). You do the latter by adding them (or a pattern that would match) to the phishing safe sites file (might need a reload of MS after that). You might help us all by reporting your additions to Jules for inclusion....;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Feb 19 17:35:01 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 16:39:49 2007 Subject: SMTP authentication not working In-Reply-To: <45D9CC36.8040807@nkpanama.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> <45D9CC36.8040807@nkpanama.com> Message-ID: <223f97700702190835o5a8f44b7n4a0916bd6ec75593@mail.gmail.com> (Intentional top-post) Alex, somethings up here.... Seen this a couple of times now. Relevant headers: ---- X-NKPANAMA-MailScanner-Information: Please contact the ISP for more information X-NKPANAMA-MailScanner: Found to be clean X-NKPANAMA-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=5.711, required 3.7, BOTNET 2.00, BOTNET_BADDNS 0.01, RCVD_IN_NJABL_DUL 1.71, RCVD_IN_SORBS_DUL 1.99) X-NKPANAMA-MailScanner-SpamScore: sssss X-NKPANAMA-MailScanner-From: alex@nkpanama.com X-NKPANAMA-MailScanner-To: mailscanner@lists.mailscanner.info X-Spam-Status: yes ---- Seems you should do some whitelisting:-):-) -- Glenn On 19/02/07, Alex Neuman van der Hans wrote: > Our MailScanner believes that the attachment to this message sent to you > > From: alex@nkpanama.com > Subject: Re: SMTP authentication not working > > is Unsolicited Commercial Email (spam). Unless you are sure that this message > is incorrectly thought to be spam, please delete this message without opening > it. Opening spam messages might allow the spammer to verify your email > address. > > If you believe that this message has been incorrectly marked as spam, please > forward this email to postmaster. > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 0.0 BOTNET_BADDNS IP address doesn't have full circle DNS > 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address > [200.75.226.223 listed in dnsbl.sorbs.net] > 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP > [200.75.226.223 listed in combined.njabl.org] > 2.0 BOTNET Any Botnet rule hit > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Feb 19 17:40:14 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 16:45:02 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <45D9CDE6.6070404@nkpanama.com> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> Message-ID: <223f97700702190840m421220a2y31c7463a5bc885f@mail.gmail.com> On 19/02/07, Alex Neuman van der Hans wrote: > Keith Wessel wrote: > > Hello, > > > > I upgraded Mail::ClamAV to the latest version using CPAN this morning. > > Any thoughts on why MailScanner might not be finding the module after > > upgrading it? > > I've fallen back to using clamav instead of clamavmodule in the meantime > > to keep things up and running, but it doesn't seem to be as efficient. > The module doesn't work with the latest version of clamav. See every > other post regarding clamav .90 on the list. I guess we'll have to wait > for someone to modify Mail::ClamAV in the meantime. Ah, I see you noticed...:-) ---- X-NKPANAMA-MailScanner-Information: Please contact the ISP for more information X-NKPANAMA-MailScanner: Found to be clean X-NKPANAMA-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=5.711, required 3.7, BOTNET 2.00, BOTNET_BADDNS 0.01, RCVD_IN_NJABL_DUL 1.71, RCVD_IN_SORBS_DUL 1.99) X-NKPANAMA-MailScanner-From: alex@nkpanama.com X-NKPANAMA-MailScanner-To: mailscanner@lists.mailscanner.info ---- Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gerard at seibercom.net Mon Feb 19 17:41:37 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 19 16:46:36 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <45D9CDE6.6070404@nkpanama.com> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> Message-ID: <20070219114137.46aa4c98@localhost> On Mon, 19 Feb 2007 11:18:46 -0500 Alex Neuman van der Hans wrote: > Keith Wessel wrote: > > Hello, > > > > I upgraded Mail::ClamAV to the latest version using CPAN this > > morning. Any thoughts on why MailScanner might not be finding the > > module after upgrading it? > > I've fallen back to using clamav instead of clamavmodule in the > > meantime to keep things up and running, but it doesn't seem to be > > as efficient. > The module doesn't work with the latest version of clamav. See every > other post regarding clamav .90 on the list. I guess we'll have to > wait for someone to modify Mail::ClamAV in the meantime. That someone would be Scott Beck . I have forwarded this to him in the hopes that he will look into this problem. -- Gerard What this country needs is a dime that will buy a good five-cent bagel. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/a00c7167/signature.bin From kwessel at intenex.net Mon Feb 19 18:11:10 2007 From: kwessel at intenex.net (Keith Wessel) Date: Mon Feb 19 17:16:09 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <45D9CDE6.6070404@nkpanama.com> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> Message-ID: <20070219171110.GA4359@zoot.intenex.net> Sorry, I didn't mean to imply that I upgraded ClamAV. I only upgraded the Perl module. I intentionally haven't gone to ClamAV .90 yet *because* I saw the posts to the list. My problem isn't ClamAV, it's simply MailScanner not detecting the Mail::ClamAV perl module. Any other thoughts? Thanks, Keith On Mon, Feb 19, 2007 at 11:18:46AM -0500, Alex Neuman van der Hans wrote: > Keith Wessel wrote: > >Hello, > > > >I upgraded Mail::ClamAV to the latest version using CPAN this morning. > >Any thoughts on why MailScanner might not be finding the module after > >upgrading it? > >I've fallen back to using clamav instead of clamavmodule in the meantime > >to keep things up and running, but it doesn't seem to be as efficient. > The module doesn't work with the latest version of clamav. See every > other post regarding clamav .90 on the list. I guess we'll have to wait > for someone to modify Mail::ClamAV in the meantime. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Mon Feb 19 18:17:11 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 19 17:22:08 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <20070219171110.GA4359@zoot.intenex.net> Message-ID: Ken Does the clammodule show in MailScanner -v Output? It could be perl path issues... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Keith Wessel > Sent: 19 February 2007 17:11 > To: MailScanner discussion > Subject: Re: After upgrading Mail-ClamAV: ClamAV Perl module not found, > did you install it? > > Sorry, I didn't mean to imply that I upgraded ClamAV. I only upgraded > the Perl module. I intentionally haven't gone to ClamAV .90 yet > *because* I saw the posts to the list. > > My problem isn't ClamAV, it's simply MailScanner not detecting the > Mail::ClamAV perl module. > > Any other thoughts? > > Thanks, > Keith > > On Mon, Feb 19, 2007 at 11:18:46AM -0500, Alex Neuman van der Hans wrote: > > Keith Wessel wrote: > > >Hello, > > > > > >I upgraded Mail::ClamAV to the latest version using CPAN this morning. > > >Any thoughts on why MailScanner might not be finding the module after > > >upgrading it? > > >I've fallen back to using clamav instead of clamavmodule in the > meantime > > >to keep things up and running, but it doesn't seem to be as efficient. > > The module doesn't work with the latest version of clamav. See every > > other post regarding clamav .90 on the list. I guess we'll have to wait > > for someone to modify Mail::ClamAV in the meantime. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From kwessel at intenex.net Mon Feb 19 18:30:02 2007 From: kwessel at intenex.net (Keith Wessel) Date: Mon Feb 19 17:35:00 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: References: <20070219171110.GA4359@zoot.intenex.net> Message-ID: <20070219173002.GA7724@zoot.intenex.net> Hi, Martin, MailScanner -v does in fact indicate "missing Mail::ClamAV". But as I said, I can run perl -e "require Mail::ClamAV" and it finds it fine. What do I need to do to get MailScanner to find the module? Thanks, Keith On Mon, Feb 19, 2007 at 05:17:11PM +0000, Martin.Hepworth wrote: > Ken > > Does the clammodule show in > > MailScanner -v > > Output? > > It could be perl path issues... > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Keith Wessel > > Sent: 19 February 2007 17:11 > > To: MailScanner discussion > > Subject: Re: After upgrading Mail-ClamAV: ClamAV Perl module not > found, > > did you install it? > > > > Sorry, I didn't mean to imply that I upgraded ClamAV. I only upgraded > > the Perl module. I intentionally haven't gone to ClamAV .90 yet > > *because* I saw the posts to the list. > > > > My problem isn't ClamAV, it's simply MailScanner not detecting the > > Mail::ClamAV perl module. > > > > Any other thoughts? > > > > Thanks, > > Keith > > > > On Mon, Feb 19, 2007 at 11:18:46AM -0500, Alex Neuman van der Hans > wrote: > > > Keith Wessel wrote: > > > >Hello, > > > > > > > >I upgraded Mail::ClamAV to the latest version using CPAN this > morning. > > > >Any thoughts on why MailScanner might not be finding the module > after > > > >upgrading it? > > > >I've fallen back to using clamav instead of clamavmodule in the > > meantime > > > >to keep things up and running, but it doesn't seem to be as > efficient. > > > The module doesn't work with the latest version of clamav. See every > > > other post regarding clamav .90 on the list. I guess we'll have to > wait > > > for someone to modify Mail::ClamAV in the meantime. > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gerard at seibercom.net Mon Feb 19 18:29:54 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 19 17:35:04 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: References: <20070219171110.GA4359@zoot.intenex.net> Message-ID: <20070219122954.70e9e6db@localhost> [snip] Is it possible for you to precede your 'signature' aka 'disclaimer' with a "sig delimiter"; i.e., '-- ' sans quotes? A twenty five + signature/disclaimer is a little much. My MUA would discard that crap if you would properly escaped it. Thank you! -- Gerard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/b497ccb0/signature.bin From alex at nkpanama.com Mon Feb 19 18:29:34 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 19 17:35:12 2007 Subject: SMTP authentication not working In-Reply-To: <223f97700702190835o5a8f44b7n4a0916bd6ec75593@mail.gmail.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> <45D9CC36.8040807@nkpanama.com> <223f97700702190835o5a8f44b7n4a0916bd6ec75593@mail.gmail.com> Message-ID: <45D9DE7E.6050200@nkpanama.com> Glenn Steen wrote: > (Intentional top-post) > Alex, somethings up here.... Seen this a couple of times now. > Relevant headers: > ---- > X-NKPANAMA-MailScanner-Information: Please contact the ISP for more > information > X-NKPANAMA-MailScanner: Found to be clean > X-NKPANAMA-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=5.711, required 3.7, BOTNET 2.00, BOTNET_BADDNS 0.01, > RCVD_IN_NJABL_DUL 1.71, RCVD_IN_SORBS_DUL 1.99) > X-NKPANAMA-MailScanner-SpamScore: sssss > X-NKPANAMA-MailScanner-From: alex@nkpanama.com > X-NKPANAMA-MailScanner-To: mailscanner@lists.mailscanner.info > X-Spam-Status: yes > ---- > Seems you should do some whitelisting:-):-) > I'm working from home today (it's *supposed* to be a holiday) and I wasn't using the VPN or SSH tunneling I'd normally use to avoid this situation. I only noticed a minute or so ago, and I don't like whitelisting dynamic IPs - but I guess I'll have to, for the time being :-) From alex at nkpanama.com Mon Feb 19 18:31:20 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 19 17:36:54 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <20070219114137.46aa4c98@localhost> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219114137.46aa4c98@localhost> Message-ID: <45D9DEE8.90409@nkpanama.com> Gerard Seibert wrote: >> The module doesn't work with the latest version of clamav. See every >> other post regarding clamav .90 on the list. I guess we'll have to >> wait for someone to modify Mail::ClamAV in the meantime. > That someone would be Scott Beck . I have > forwarded this to him in the hopes that he will look into this problem. The beauty of OSS is that "that someone" could also be you or I, if we were so inclined (and gifted)... Alas, I am more *challenged* than *gifted* when it comes to programming. Perl is all but greek to me... :-) From alex at nkpanama.com Mon Feb 19 18:32:59 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 19 17:38:28 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <20070219171110.GA4359@zoot.intenex.net> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219171110.GA4359@zoot.intenex.net> Message-ID: <45D9DF4B.6010408@nkpanama.com> Keith Wessel wrote: > Sorry, I didn't mean to imply that I upgraded ClamAV. I only upgraded > the Perl module. I intentionally haven't gone to ClamAV .90 yet > *because* I saw the posts to the list. > > My problem isn't ClamAV, it's simply MailScanner not detecting the > Mail::ClamAV perl module. > > Any other thoughts? If you're running an RPM-based distro, you could have clamav RPM's installed and not notice. A nighly yum/up2date might have upgraded clam "behind your back"... Just a thought. From gerard at seibercom.net Mon Feb 19 18:46:58 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 19 17:51:57 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <45D9DEE8.90409@nkpanama.com> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219114137.46aa4c98@localhost> <45D9DEE8.90409@nkpanama.com> Message-ID: <20070219124658.72aaae49@localhost> On Mon, 19 Feb 2007 12:31:20 -0500 Alex Neuman van der Hans wrote: [snip] > The beauty of OSS is that "that someone" could also be you or I, if > we were so inclined (and gifted)... Alas, I am more *challenged* than > *gifted* when it comes to programming. Perl is all but greek to me... What I was referring to, is the haphazard patching of a Perl module that might very well be used by other applications on the user's PC. Such patching could lead to the breaking of other application. Unless someone was going to create a custom module just for one specific version of Clamav and MailScanner and then have it included in the CPAN directory, I believe it is best left to the author of the module in question to first look into patching their module so that it maintains backward compatibility in as much as possible. I am sorry if I was not clear about that. -- Gerard "They told me I was gullible ... and I believed them!" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/56bcf969/signature-0001.bin From kwessel at intenex.net Mon Feb 19 19:05:48 2007 From: kwessel at intenex.net (Keith Wessel) Date: Mon Feb 19 18:10:51 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <45D9DF4B.6010408@nkpanama.com> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219171110.GA4359@zoot.intenex.net> <45D9DF4B.6010408@nkpanama.com> Message-ID: <20070219180548.GA12211@zoot.intenex.net> Hi, Nope, not running an RPM of ClamAV. In fact, because of my RHEL3 box not giving me the latest and greatest, I find it safer to run things like ClamAV compiled myself. clamsan --version reports: ClamAV 0.88.7/2605/Mon Feb 19 10:42:14 2007 It appears that MailScanner simply isn't finding the module. (and a look at the MailScanner source code indicates that the ClamAV Perl module not found log message is only generated when a 'require Mail::ClamAV' fails. Any other thoughts on why it's not finding it? Thanks, Keith On Mon, Feb 19, 2007 at 12:32:59PM -0500, Alex Neuman van der Hans wrote: > Keith Wessel wrote: > >Sorry, I didn't mean to imply that I upgraded ClamAV. I only upgraded > >the Perl module. I intentionally haven't gone to ClamAV .90 yet > >*because* I saw the posts to the list. > > > >My problem isn't ClamAV, it's simply MailScanner not detecting the > >Mail::ClamAV perl module. > > > >Any other thoughts? > If you're running an RPM-based distro, you could have clamav RPM's > installed and not notice. A nighly yum/up2date might have upgraded clam > "behind your back"... Just a thought. From glenn.steen at gmail.com Mon Feb 19 19:12:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 18:16:56 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <20070219180548.GA12211@zoot.intenex.net> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219171110.GA4359@zoot.intenex.net> <45D9DF4B.6010408@nkpanama.com> <20070219180548.GA12211@zoot.intenex.net> Message-ID: <223f97700702191012o704265f0h6a7cdb05bed783c3@mail.gmail.com> On 19/02/07, Keith Wessel wrote: > Hi, > > Nope, not running an RPM of ClamAV. In fact, because of my RHEL3 box not > giving me the latest and greatest, I find it safer to run things like > ClamAV compiled myself. Good strategy > clamsan --version reports: > ClamAV 0.88.7/2605/Mon Feb 19 10:42:14 2007 Looks Ok. > It appears that MailScanner simply isn't finding the module. (and a look > at the MailScanner source code indicates that the ClamAV Perl module not > found log message is only generated when a 'require Mail::ClamAV' fails. > > Any other thoughts on why it's not finding it? I surely don't know, but ... Do you perhaps run your MTA as another user than what you tested the require as? And that user might be having some strange, perhaps permission-related, problem finding/reading the module? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Mon Feb 19 19:18:46 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 19 18:25:03 2007 Subject: Filename Rules In-Reply-To: <45D609A5.9050602@adcatanzaro.com> References: <45D609A5.9050602@adcatanzaro.com> Message-ID: Derek Catanzaro spake the following on 2/16/2007 11:44 AM: > I have a .rules file which allows certain file types to come through > based on the domain that is sending. For example, everything from > abc.com is allowed. The problem I am having is that I want to allow > everything from abc.com through including sub domains, ie. 123.abc.com. > I am not sure how many sub-domains the abc.com domain has so I just > wanted to know if I can use a wildcard like "*abc.com" in my rules > file. Right now the file types I want to allow through are getting > blocked if it comes from a sub-domain of abc.com > > Thanks, > Derek > You will want to use *.abc.com, as *abc.com will also match things like xyzabc.com -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From simon.walter at hp-factory.de Mon Feb 19 19:21:17 2007 From: simon.walter at hp-factory.de (Simon Walter) Date: Mon Feb 19 18:26:13 2007 Subject: URL-encoded filenames in reports Message-ID: <87fy929ffm.fsf@hp-factory.de> Hello Is there a way to get the filename of files which got stored in quarantine as url-encoded string? Using $filename in reportfiles doesn't work for files with spaces or special characters if the filename is used as part of an url. See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410647 -- Regards Simon From ssilva at sgvwater.com Mon Feb 19 19:23:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 19 18:30:00 2007 Subject: LookOUT 2007 In-Reply-To: <45D6035A.4060201@USherbrooke.ca> References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <45D5F80A.3030103@USherbrooke.ca> <45D5F977.1050309@netmagicsolutions.com> <45D6035A.4060201@USherbrooke.ca> Message-ID: Denis Beauchemin spake the following on 2/16/2007 11:17 AM: > Dhawal Doshy a ?crit : >> Denis Beauchemin wrote: >>> Gerard Seibert a ?crit : >>>> Also, please try and wrap you lines at some at some reasonably setting; >>>> 72 would be a nice number. >>>> >>>> >>> Who cares about manual line wrap nowadays. Most potable mail clients >>> do it automatically for you according to your screen size. >>> >>> Denis >>> >> another grumpy dinosaur (me ofcourse.. who else) potable == fit for >> drinking.. though i'd love to have a potable MUA ;-) >> >> check mail.. drink >> download again.. >> rinse repeat.. > You're right... I should have used "potent" (I think)... but "potable" > would have been ok in French... but I like your suggestion about the > drink! ;) > > Denis > If you use "potent" would that make Outlook "impotent"? ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Feb 19 19:33:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 19 18:39:06 2007 Subject: LookOUT 2007 In-Reply-To: <45D6363D.3040606@yeticomputers.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> Message-ID: Rick Chadderdon spake the following on 2/16/2007 2:54 PM: > Gerard Seibert wrote: > >> Prior to roughly 2000, AOL and it's ilk of idiots were confined to their >> own hell. Unfortunately, they have now evolved into Googlers. With their >> totally unprofessional posting methods, not to mention their glaring >> inability to display even rudimental spelling and sentence structure, >> they have proceeded to pollute discussion boards ad-infanitum. >> > > Well... Yes. I remember well the massive influx of AOL (and to a > lesser degree Prodigy/Genie) idiots, although I recall it happening > sometime 'round 1995. Suddenly, newsgroups were inundated by people who > wrote poorly, couldn't spell - could barely frame a thought. > Frequently, they popped into places just to announce that anyone taking > about was , even though > they themselves clearly didn't belong there. The Internet went from a > fairly elite group of people to the lowest common denominator > practically overnight. This is not to say that there haven't been some > good things to come out of the explosion of popularity that the Internet > experienced back then, but the positive aspects of growth do not, in my > opinion, include any benefit to discussion groups. More <> Better. > >> This, by the way, is not referring to you. Your posting's reflect an >> obviously intelligent individual with a defined posting style. Rather, I >> am referring to posters who are truly 'clueless'. >> > > Ah... Thank you. It felt as though you were one of those unreasonable > people who didn't accept a "defined posting style" unless it was top > posting. I apologize if I misread you, but you were rather adamant. :) > > Rick What has done the most to damage communication is the inane use of contractions in cell-phone sms messaging, and those users moving that to regular use everywhere. Is it so hard to send messages WITH the vowels intact? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From itdept at fractalweb.com Mon Feb 19 19:36:49 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Mon Feb 19 18:43:08 2007 Subject: SMTP authentication not working In-Reply-To: <45D9CC36.8040807@nkpanama.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> <45D9CC36.8040807@nkpanama.com> Message-ID: <45D9EE41.8050601@fractalweb.com> Alex Neuman van der Hans wrote: > Any way of automating the shadow->sasldb2 "relationship", specially if > you don't necessarily know all the users' passwords? Good question. I have no idea. Anybody? From glenn.steen at gmail.com Mon Feb 19 19:38:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 18:43:38 2007 Subject: LookOUT 2007 In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608802@atlas.athensdistributing.com> <20070216123253.7926.GERARD@seibercom.net> <45D5F80A.3030103@USherbrooke.ca> <45D5F977.1050309@netmagicsolutions.com> <45D6035A.4060201@USherbrooke.ca> Message-ID: <223f97700702191038xe92f850l15275a55d28fc4b7@mail.gmail.com> On 19/02/07, Scott Silva wrote: > Denis Beauchemin spake the following on 2/16/2007 11:17 AM: (snip) > > You're right... I should have used "potent" (I think)... but "potable" > > would have been ok in French... but I like your suggestion about the > > drink! ;) > > > > Denis > > > If you use "potent" would that make Outlook "impotent"? ;-) Calling OutLook "impotent" would just correctly sum up the state it is in;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Mon Feb 19 19:51:39 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 19 18:57:19 2007 Subject: ramdisk for working dir In-Reply-To: <223f97700702190358q32750ec8x27a3ea026d188ad8@mail.gmail.com> References: <223f97700702190358q32750ec8x27a3ea026d188ad8@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/19/2007 3:58 AM: > On 19/02/07, Res wrote: >> On Mon, 19 Feb 2007, Paul Houselander wrote: >> >> > Hi >> > >> > In the Optimization tips section of >> > http://wiki.mailscanner.info/doku.php?id=maq:index there is a link >> to Use a >> > ramdisk (tmpfs) for MailScanners working dir - >> > http://www.mailscanner.info/serve/cache/120.html >> >> >> In /etc/fstab >> >> none /var/spool/MailScanner/incoming tmpfs size=2G,mode=0755 0 0 >> >> Also pays to have your spamassassin cache file located in this path >> Change the size= to something you can spare >> >> > Used to be that this linked to the ol' faq-o-matic, which seems to > have died (again). There are still a few links to it, especially in > the MAQ... > Res suggestion should work fine, and if someone has the time/energy... > perhaps someone would volonteer adding it to the wiki:-). I'm still > down with the flu, more or less (at least I hope it's that, and > perhaps a bad reaction to my Crohns medications... Else it'd be > something sinister:-). > > Cheers Does any one have a full archive of the old faq-o-matic? I could go through in my spare time and fix some of these if I had a source of the original docs. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Mon Feb 19 20:03:33 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 19:08:23 2007 Subject: ramdisk for working dir In-Reply-To: References: <223f97700702190358q32750ec8x27a3ea026d188ad8@mail.gmail.com> Message-ID: <223f97700702191103r227e6eb4g7bc6a79782e4b14c@mail.gmail.com> On 19/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/19/2007 3:58 AM: (snip) > > Used to be that this linked to the ol' faq-o-matic, which seems to > > have died (again). There are still a few links to it, especially in > > the MAQ... > > Res suggestion should work fine, and if someone has the time/energy... > > perhaps someone would volonteer adding it to the wiki:-). I'm still > > down with the flu, more or less (at least I hope it's that, and > > perhaps a bad reaction to my Crohns medications... Else it'd be > > something sinister:-). > > > > Cheers > Does any one have a full archive of the old faq-o-matic? > I could go through in my spare time and fix some of these if I had a source of > the original docs. Jules. I know of no other. I'll include him directly to try get his attention:-). Second relfection one could make is... Free time! Wtf, when did you start getting free time! Aren't you still carrying three jobs (not counting carousing with women while drinking...:-)? :-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kwessel at intenex.net Mon Feb 19 20:30:32 2007 From: kwessel at intenex.net (Keith Wessel) Date: Mon Feb 19 19:35:32 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <223f97700702191012o704265f0h6a7cdb05bed783c3@mail.gmail.com> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219171110.GA4359@zoot.intenex.net> <45D9DF4B.6010408@nkpanama.com> <20070219180548.GA12211@zoot.intenex.net> <223f97700702191012o704265f0h6a7cdb05bed783c3@mail.gmail.com> Message-ID: <20070219193032.GA29472@zoot.intenex.net> Hello, A little more to go on... First, MailScanner's running as root, so it's definitely not a permissions problem. I went ahead and put a "require Mail::ClamAV" at the top of my /usr/sbin/MailScanner to see what would happen, and I got the following. Looks like the Perl module can't find libclamav.so.1 (installed under /usr/local/lib which I added to ld.so.conf). Even with /usr/local/lib in ld.so.conf, I still get: MailScanner: Had problems bootstrapping Inline module 'Mail::ClamAV' Can't load '/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229. at /usr/lib/perl5/site_perl/5.8.0/Inline.pm line 500 at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm line 188 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm line 532. Compilation failed in require at /usr/sbin/MailScanner line 38. Any thoughts from anyone on how to tell the Perl module where libclamav.so.1 is? Thanks, keith On Mon, Feb 19, 2007 at 07:12:07PM +0100, Glenn Steen wrote: > On 19/02/07, Keith Wessel wrote: > >Hi, > > > >Nope, not running an RPM of ClamAV. In fact, because of my RHEL3 box not > >giving me the latest and greatest, I find it safer to run things like > >ClamAV compiled myself. > Good strategy > > >clamsan --version reports: > >ClamAV 0.88.7/2605/Mon Feb 19 10:42:14 2007 > Looks Ok. > > >It appears that MailScanner simply isn't finding the module. (and a look > >at the MailScanner source code indicates that the ClamAV Perl module not > >found log message is only generated when a 'require Mail::ClamAV' fails. > > > >Any other thoughts on why it's not finding it? > I surely don't know, but ... Do you perhaps run your MTA as another > user than what you tested the require as? And that user might be > having some strange, perhaps permission-related, problem > finding/reading the module? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Mon Feb 19 20:47:03 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 19 19:52:44 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <20070219193032.GA29472@zoot.intenex.net> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219171110.GA4359@zoot.intenex.net> <45D9DF4B.6010408@nkpanama.com> <20070219180548.GA12211@zoot.intenex.net> <223f97700702191012o704265f0h6a7cdb05bed783c3@mail.gmail.com> <20070219193032.GA29472@zoot.intenex.net> Message-ID: <45D9FEB7.50100@USherbrooke.ca> Keith Wessel a ?crit : > Hello, > > A little more to go on... > > First, MailScanner's running as root, so it's definitely not a > permissions problem. > > I went ahead and put a "require Mail::ClamAV" at the top of my > /usr/sbin/MailScanner to see what would happen, and I got the following. > Looks like the Perl module can't find libclamav.so.1 (installed under > /usr/local/lib which I added to ld.so.conf). Even with /usr/local/lib in > ld.so.conf, I still get: > > MailScanner: Had problems bootstrapping Inline module > 'Mail::ClamAV' > > Can't load > '/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: > No such file or directory at > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229. > at /usr/lib/perl5/site_perl/5.8.0/Inline.pm line 500 > Keith, Have you run ldconfig after modifying ld.so.conf? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/1719953e/smime.bin From Carl.Andrews at crackerbarrel.com Mon Feb 19 20:49:26 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Mon Feb 19 19:54:18 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <200702191931.l1JJVgvB025349@smtpgw1.crackerbarrel.com> Message-ID: <113A0DFC086C984AB9EFDF6B8614F075012514A0@exchange03.CBOCS.com> I had the same problem upgrading from 0.88.7. I had to revert back to the old version. I have not had a chance to try to fix it yet. Maybe this will help: MailScanner --version Running on Linux mdaemon.crackerbarrel.com 2.4.21-47.0.1.EL #1 Thu Oct 19 11:42:25 EDT 2006 i686 i686 i386 GNU/Linux This is CentOS release 3.8 (Final) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.57.6 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 1.4 Sys::Hostname::Long 0.08 Sys::Syslog 1.9704 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.806 DB_File 1.12 DBD::SQLite 1.50 DBI 1.00 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001007 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 1.24 Net::IP 0.48 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Keith Wessel Sent: Monday, February 19, 2007 1:31 PM To: MailScanner discussion Subject: Re: After upgrading Mail-ClamAV: ClamAV Perl module not found,did you install it? Hello, A little more to go on... First, MailScanner's running as root, so it's definitely not a permissions problem. I went ahead and put a "require Mail::ClamAV" at the top of my /usr/sbin/MailScanner to see what would happen, and I got the following. Looks like the Perl module can't find libclamav.so.1 (installed under /usr/local/lib which I added to ld.so.conf). Even with /usr/local/lib in ld.so.conf, I still get: MailScanner: Had problems bootstrapping Inline module 'Mail::ClamAV' Can't load '/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Mail/ClamAV /ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229. at /usr/lib/perl5/site_perl/5.8.0/Inline.pm line 500 at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm line 188 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Mail/ClamAV.pm line 532. Compilation failed in require at /usr/sbin/MailScanner line 38. Any thoughts from anyone on how to tell the Perl module where libclamav.so.1 is? Thanks, keith On Mon, Feb 19, 2007 at 07:12:07PM +0100, Glenn Steen wrote: > On 19/02/07, Keith Wessel wrote: > >Hi, > > > >Nope, not running an RPM of ClamAV. In fact, because of my RHEL3 box not > >giving me the latest and greatest, I find it safer to run things like > >ClamAV compiled myself. > Good strategy > > >clamsan --version reports: > >ClamAV 0.88.7/2605/Mon Feb 19 10:42:14 2007 > Looks Ok. > > >It appears that MailScanner simply isn't finding the module. (and a look > >at the MailScanner source code indicates that the ClamAV Perl module not > >found log message is only generated when a 'require Mail::ClamAV' fails. > > > >Any other thoughts on why it's not finding it? > I surely don't know, but ... Do you perhaps run your MTA as another > user than what you tested the require as? And that user might be > having some strange, perhaps permission-related, problem > finding/reading the module? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gerard at seibercom.net Mon Feb 19 21:01:40 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 19 20:06:40 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> Message-ID: <20070219150140.3f72fa1c@localhost> On Mon, 19 Feb 2007 10:33:40 -0800 Scott Silva wrote: [snip] > What has done the most to damage communication is the inane use of > contractions in cell-phone sms messaging, and those users moving that > to regular use everywhere. Is it so hard to send messages WITH the > vowels intact? You are taking the position that those violators of the English or whatever language you are referring to, have the capacity to properly spell a word to begin with. I would never make such an assumption myself, considering that a large percentage of those perpetuators of bad grammar are now or former AOL'ers or Googlers. They just cannot grok normal grammar and spelling skills. It has got to make you proud of our great learning institutions. -- Gerard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/5dd220d4/signature.bin From kwessel at intenex.net Mon Feb 19 21:14:15 2007 From: kwessel at intenex.net (Keith Wessel) Date: Mon Feb 19 20:19:11 2007 Subject: After upgrading Mail-ClamAV: ClamAV Perl module not found, did you install it? In-Reply-To: <45D9FEB7.50100@USherbrooke.ca> References: <20070219155539.GB22673@zoot.intenex.net> <45D9CDE6.6070404@nkpanama.com> <20070219171110.GA4359@zoot.intenex.net> <45D9DF4B.6010408@nkpanama.com> <20070219180548.GA12211@zoot.intenex.net> <223f97700702191012o704265f0h6a7cdb05bed783c3@mail.gmail.com> <20070219193032.GA29472@zoot.intenex.net> <45D9FEB7.50100@USherbrooke.ca> Message-ID: <20070219201415.GA4527@zoot.intenex.net> Oh, my... It's been a long day, aparently. Yes, Denis, I forgot ldconfig. (Duh!) Thanks!!! So, for the records, the soltuion was to add /usr/local/lib to the /etc/ld/so/conf file *AND* run ldconfig. After that, the Perl module initializes fine, and MailScanner's happy! (And so is the sysadmin!) Thanks, everyone, Keith On Mon, Feb 19, 2007 at 02:47:03PM -0500, Denis Beauchemin wrote: > Keith Wessel a ?crit : > >Hello, > > > >A little more to go on... > > > >First, MailScanner's running as root, so it's definitely not a > >permissions problem. > > > >I went ahead and put a "require Mail::ClamAV" at the top of my > >/usr/sbin/MailScanner to see what would happen, and I got the following. > >Looks like the Perl module can't find libclamav.so.1 (installed under > >/usr/local/lib which I added to ld.so.conf). Even with /usr/local/lib in > >ld.so.conf, I still get: > > > > MailScanner: Had problems bootstrapping Inline module > >'Mail::ClamAV' > > > >Can't load > >'/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so' > >for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: > >No such file or directory at > >/usr/lib/perl5/5.8.0/i386-linux-thread-multi/DynaLoader.pm line 229. > > at /usr/lib/perl5/site_perl/5.8.0/Inline.pm line 500 > > > Keith, > > Have you run ldconfig after modifying ld.so.conf? > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Feb 19 22:19:02 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 21:23:52 2007 Subject: LookOUT 2007 In-Reply-To: <20070219150140.3f72fa1c@localhost> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> Message-ID: <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> On 19/02/07, Gerard Seibert wrote: > On Mon, 19 Feb 2007 10:33:40 -0800 (snip) > bad grammar are now or former AOL'ers or Googlers. They just cannot Please define "Googlers". I'm sure I don't quite get this term. AOL users, shortened (IMO wrongly) to AOL'ers, sure... But "Googlers"? Perhaps it's something I miss as being non-native to the English languge? > grok normal grammar and spelling skills. It has got to make you proud > of our great learning institutions. I'm sure that "grok" is part and parcel of any modern dictionary too (feel free to find me some nice reference;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gerard at seibercom.net Mon Feb 19 23:16:08 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 19 22:21:10 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> Message-ID: <20070219171608.55784e8a@localhost> On Mon, 19 Feb 2007 22:19:02 +0100 "Glenn Steen" wrote: [snip] > > grok normal grammar and spelling skills. It has got to make you > > proud of our great learning institutions. > I'm sure that "grok" is part and parcel of any modern dictionary too > (feel free to find me some nice reference;-). http://www.webster.com/dictionary/grok Main Entry: grok Pronunciation: 'gr?k Function: transitive verb Inflected Form(s): grokked; grok?king Etymology: coined by Robert A. Heinlein died 1988 American author : to understand profoundly and intuitively Anything else you want to know? -- Gerard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/774d0613/signature.bin From ecasarero at gmail.com Mon Feb 19 23:18:09 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Feb 19 22:23:02 2007 Subject: mailscanner waits... in always looked up last Message-ID: <7d9b3cf20702191418h144c264ap12d3c232f61867cc@mail.gmail.com> Hi guys, i'm running MS 4.55.10 on Slackware 10.2 with the mailwatch.pmscript. Sometimes this part stucks, and always looked up last takes 500 segs!! after a stop-mailscanner and check_mailscanner (killing mailwatch) everything gets ok again. Does anyone has any idea? the database is ok because i have 4 servers that works ok but this randomly hangs. Thanks! Eduardo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/6766cd86/attachment.html From res at ausics.net Mon Feb 19 23:25:12 2007 From: res at ausics.net (Res) Date: Mon Feb 19 22:30:14 2007 Subject: LookOUT 2007 In-Reply-To: <20070219171608.55784e8a@localhost> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <20070219171608.55784e8a@localhost> Message-ID: yawn On Mon, 19 Feb 2007, Gerard Seibert wrote: > On Mon, 19 Feb 2007 22:19:02 +0100 > "Glenn Steen" wrote: > > [snip] > >>> grok normal grammar and spelling skills. It has got to make you >>> proud of our great learning institutions. >> I'm sure that "grok" is part and parcel of any modern dictionary too >> (feel free to find me some nice reference;-). > > http://www.webster.com/dictionary/grok > > Main Entry: grok > Pronunciation: 'gräk > Function: transitive verb > Inflected Form(s): grokked; grok·king > Etymology: coined by Robert A. Heinlein died 1988 American author > : to understand profoundly and intuitively > > Anything else you want to know? > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From housey at sme-ecom.co.uk Mon Feb 19 17:57:16 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Mon Feb 19 22:44:48 2007 Subject: catchthismail@* spam? Message-ID: Hi Has anyone else been being hammered today with spam from catchthismail@ Ive had thousands all aimed at different domains. They contain varients on the following:- Hi How are you ? Call me. Numerous studies Poor you, i don't even think how much spam you are recive. "true toys" 68796D6D78667171737C776D6833706668796E726E45746C747933747A I use SpamAssain 3.1.7 with sa-update,rules_du_jour, DCC, razor and sbl-xbl at the MTA There not firing on to many rules so ive been feeding them to bayes which has helped but still lots not getting flagged as spam. I use sendmail and was trying to use the access database to block them i.e. catchthismail@ ERROR:"550 User Unknown" but that didnt work so ive used MailScanners non spam action to just store them To: catchthismail@* store Is anyone else seeing this and how are you dealing with them? Cheers Paul From glenn.steen at gmail.com Mon Feb 19 23:43:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 19 22:48:11 2007 Subject: LookOUT 2007 In-Reply-To: <20070219171608.55784e8a@localhost> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <20070219171608.55784e8a@localhost> Message-ID: <223f97700702191443k264319f7t6ac27b8753e5ef95@mail.gmail.com> On 19/02/07, Gerard Seibert wrote: > On Mon, 19 Feb 2007 22:19:02 +0100 > "Glenn Steen" wrote: > > [snip] So you didn't know that you meant by the term Googlers after all. Yes, I'm being sarcastic. > > > grok normal grammar and spelling skills. It has got to make you > > > proud of our great learning institutions. > > I'm sure that "grok" is part and parcel of any modern dictionary too > > (feel free to find me some nice reference;-). > > http://www.webster.com/dictionary/grok > > Main Entry: grok > Pronunciation: 'gr?k > Function: transitive verb > Inflected Form(s): grokked; grok?king > Etymology: coined by Robert A. Heinlein died 1988 American author > : to understand profoundly and intuitively Which just goes to show that language evolves, I guess. > Anything else you want to know? Apart from the question you chose to ignore? No. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Mon Feb 19 23:45:31 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Feb 19 22:50:28 2007 Subject: catchthismail@* spam? In-Reply-To: References: Message-ID: <45DA288B.9060705@alexb.ch> On 2/19/2007 5:57 PM, Paul Houselander wrote: > Hi > > Has anyone else been being hammered today with spam from > > catchthismail@ > > Ive had thousands all aimed at different domains. > > They contain varients on the following:- > > Hi > How are you ? Call me. > Numerous studies > Poor you, i don't even think how much spam you are recive. > "true toys" > 68796D6D78667171737C776D6833706668796E726E45746C747933747A > > I use SpamAssain 3.1.7 with sa-update,rules_du_jour, DCC, razor and sbl-xbl > at the MTA > > There not firing on to many rules so ive been feeding them to bayes which > has helped but still lots not getting flagged as spam. I use sendmail and > was trying to use the access database to block them i.e. > > catchthismail@ ERROR:"550 User Unknown" > > but that didnt work so ive used MailScanners non spam action to just store > them > > To: catchthismail@* store > > Is anyone else seeing this and how are you dealing with them? > blacklist_to catchthismail@* has worked fine for me. Alex From gerard at seibercom.net Mon Feb 19 23:55:57 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Feb 19 23:00:56 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702191443k264319f7t6ac27b8753e5ef95@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <20070219171608.55784e8a@localhost> <223f97700702191443k264319f7t6ac27b8753e5ef95@mail.gmail.com> Message-ID: <20070219175557.26786e4e@localhost> On Mon, 19 Feb 2007 23:43:20 +0100 "Glenn Steen" wrote: [ snip ] > > Anything else you want to know? > Apart from the question you chose to ignore? No. Honestly, I thought that you were being sarcastic. If you really want me do, I will be glad to. I'll send it off-list to you. -- Gerard Love is in the offing. Be affectionate to one who adores you. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/0341ae0f/signature.bin From jstevens at athensdistributing.com Tue Feb 20 00:01:06 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Mon Feb 19 23:06:05 2007 Subject: SMTP authentication not working Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608807@atlas.athensdistributing.com> Again, it been some time since our SMTP AUTH project but, From what I remember the authentication mechanism still reads the /etc/shadow passwords via PAM. We just had to create the accounts of the mobile email folks before it would work. I thought of it as a whitelist of sorts... More forward in your testing. Change the shadow password via whatever means you like and see if the SMTP authentication attempts uses the new password. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik Sent: Monday, February 19, 2007 12:37 PM To: MailScanner discussion Subject: Re: SMTP authentication not working Alex Neuman van der Hans wrote: > Any way of automating the shadow->sasldb2 "relationship", specially if > you don't necessarily know all the users' passwords? Good question. I have no idea. Anybody? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From ssilva at sgvwater.com Tue Feb 20 00:12:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 19 23:24:09 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/19/2007 1:19 PM: > On 19/02/07, Gerard Seibert wrote: >> On Mon, 19 Feb 2007 10:33:40 -0800 > (snip) >> bad grammar are now or former AOL'ers or Googlers. They just cannot > Please define "Googlers". I'm sure I don't quite get this term. AOL > users, shortened (IMO wrongly) to AOL'ers, sure... But "Googlers"? > Perhaps it's something I miss as being non-native to the English > languge? > >> grok normal grammar and spelling skills. It has got to make you proud >> of our great learning institutions. > I'm sure that "grok" is part and parcel of any modern dictionary too > (feel free to find me some nice reference;-). > > Cheers Glenn, I would have to say that you are more capable and articulate in English than many of the people I went to school here with! I wish I could be so with a second language. Other than the small amount of Portuguese I picked up as a child, I am monolingual. I am only slightly functional in understanding Spanish also, but can not speak any. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 20 00:16:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 19 23:25:48 2007 Subject: ramdisk for working dir In-Reply-To: <223f97700702191103r227e6eb4g7bc6a79782e4b14c@mail.gmail.com> References: <223f97700702190358q32750ec8x27a3ea026d188ad8@mail.gmail.com> <223f97700702191103r227e6eb4g7bc6a79782e4b14c@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/19/2007 11:03 AM: > On 19/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/19/2007 3:58 AM: > (snip) >> > Used to be that this linked to the ol' faq-o-matic, which seems to >> > have died (again). There are still a few links to it, especially in >> > the MAQ... >> > Res suggestion should work fine, and if someone has the time/energy... >> > perhaps someone would volonteer adding it to the wiki:-). I'm still >> > down with the flu, more or less (at least I hope it's that, and >> > perhaps a bad reaction to my Crohns medications... Else it'd be >> > something sinister:-). >> > >> > Cheers >> Does any one have a full archive of the old faq-o-matic? >> I could go through in my spare time and fix some of these if I had a >> source of >> the original docs. > > Jules. I know of no other. I'll include him directly to try get his > attention:-). > > Second relfection one could make is... Free time! Wtf, when did you > start getting free time! Aren't you still carrying three jobs (not > counting carousing with women while drinking...:-)? :-) > > Cheers If I stick with women of means, I can give up the other 2 jobs! And more drinking time! ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 20 00:19:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 19 23:29:53 2007 Subject: SMTP authentication not working In-Reply-To: <45D9EE41.8050601@fractalweb.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> <45D9CC36.8040807@nkpanama.com> <45D9EE41.8050601@fractalweb.com> Message-ID: Chris Yuzik spake the following on 2/19/2007 10:36 AM: > Alex Neuman van der Hans wrote: >> Any way of automating the shadow->sasldb2 "relationship", specially if >> you don't necessarily know all the users' passwords? > Good question. I have no idea. Anybody? SMTP auth "should" just work through pam. Maybe something wrong with the pam stack? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.bolin at gmail.com Tue Feb 20 00:39:51 2007 From: brent.bolin at gmail.com (BB) Date: Mon Feb 19 23:44:40 2007 Subject: Anybody know what these errors are that I'm seeing in FuzzyORC logs Message-ID: <787dcac20702191539l54c0badap1c181c5e1da86db1@mail.gmail.com> Unexpected error in pipe to external programs. Please check that all helper programs are installed and in the correct path. (Pipe Command "/usr/local/bin/jpegtopnm", Pipe exit code 1 (""), Temporary file: "/tmp/.spamassassin428 FuzzyOCR appears to be working OK but I'm wondering what this pipe error is. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/b81ada20/attachment.html From r.berber at computer.org Tue Feb 20 02:06:23 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue Feb 20 01:11:35 2007 Subject: Anybody know what these errors are that I'm seeing in FuzzyORC logs In-Reply-To: <787dcac20702191539l54c0badap1c181c5e1da86db1@mail.gmail.com> References: <787dcac20702191539l54c0badap1c181c5e1da86db1@mail.gmail.com> Message-ID: BB wrote: > Unexpected error in pipe to external programs. > Please check that all helper programs are > installed and in the correct path. > (Pipe Command "/usr/local/bin/jpegtopnm", Pipe > exit code 1 (""), Temporary file: "/tmp/.spamassassin428 > > FuzzyOCR appears to be working OK but I'm wondering what this pipe error is. Does /usr/local/bin/jpegtopnm exist? does it work? The error is telling you that there is something wrong with it. Remember that even if you can use the program logged in as a user, SA in whatever form it's running may have a different LDPATH (i.e. can't execute the program). -- Ren? Berber From itdept at fractalweb.com Tue Feb 20 02:30:37 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Feb 20 01:36:00 2007 Subject: SMTP authentication not working In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> <45D9CC36.8040807@nkpanama.com> <45D9EE41.8050601@fractalweb.com> Message-ID: <45DA4F3D.5050707@fractalweb.com> Scott Silva wrote: > SMTP auth "should" just work through pam. Maybe something wrong with > the pam > stack? Scott, Any idea how I could test that? Chris From chandler.lists at chapman.edu Tue Feb 20 02:50:25 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 20 01:55:19 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> Message-ID: <45DA53E1.9070409@chapman.edu> Scott Silva wrote: > Glenn, > I would have to say that you are more capable and articulate in English than > many of the people I went to school here with! > I wish I could be so with a second language. Other than the small amount of > Portuguese I picked up as a child, I am monolingual. > I am only slightly functional in understanding Spanish also, but can not speak > any. > > Holy crap, English is Glenn's second language? I didn't know that, and I'm... pedantic, about proper grammar... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: The data on your hard drive is out of balance. From brent.bolin at gmail.com Tue Feb 20 02:52:36 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 20 01:57:26 2007 Subject: Anybody know what these errors are that I'm seeing in FuzzyORC logs In-Reply-To: References: <787dcac20702191539l54c0badap1c181c5e1da86db1@mail.gmail.com> Message-ID: <787dcac20702191752s4a19982cvd68dcb5bb3b60398@mail.gmail.com> Thanks for your reply. All of these helper programs exist - ##### Location of helper applications (path + binary) (Default values: /usr/local/bin/) ##### #focr_bin_giffix /usr/local/bin/giffix #focr_bin_giftext /usr/local/bin/giftext #focr_bin_gifasm /usr/local/bin/gifasm #focr_bin_gifinter /usr/local/bin/gifinter #focr_bin_giftopnm /usr/local/bin/giftopnm #focr_bin_jpegtopnm /usr/local/bin/jpegtopnm #focr_bin_pngtopnm /usr/local/bin/pngtopnm #focr_bin_ppmhist /usr/local/bin/ppmhist #focr_bin_convert /usr/local/bin/convert #focr_bin_identify /usr/local/bin/identify #focr_bin_gocr /usr/local/bin/gocr ############################################################################################ The Spamassassin lint test shows this for the path - final PATH set to: /sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin I wouldn't know how to test it to see if it actually works. Is PATH the same as LDPATH ? On 2/19/07, Ren? Berber wrote: > > BB wrote: > > > Unexpected error in pipe to external programs. > > Please check that all helper programs are > > installed and in the correct path. > > (Pipe Command "/usr/local/bin/jpegtopnm", Pipe > > exit code 1 (""), Temporary file: "/tmp/.spamassassin428 > > > > FuzzyOCR appears to be working OK but I'm wondering what this pipe error > is. > > Does /usr/local/bin/jpegtopnm exist? does it work? > > The error is telling you that there is something wrong with it. Remember > that > even if you can use the program logged in as a user, SA in whatever form > it's > running may have a different LDPATH (i.e. can't execute the program). > -- > Ren? Berber > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070219/3ee50442/attachment.html From r.berber at computer.org Tue Feb 20 03:17:40 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue Feb 20 02:22:52 2007 Subject: Anybody know what these errors are that I'm seeing in FuzzyORC logs In-Reply-To: <787dcac20702191752s4a19982cvd68dcb5bb3b60398@mail.gmail.com> References: <787dcac20702191539l54c0badap1c181c5e1da86db1@mail.gmail.com> <787dcac20702191752s4a19982cvd68dcb5bb3b60398@mail.gmail.com> Message-ID: BB wrote: > All of these helper programs exist - [snip] > The Spamassassin lint test shows this for the path - > > final PATH set to: > /sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin > > I wouldn't know how to test it to see if it actually works. If you have the FuzzyOcr source, go to directory samples and run: $ spamassassin -x -t -D FuzzyOcr < ocr-jpg.eml lots of output, should see ... [3340] info: FuzzyOcr: Using jpegtopnm => /usr/local/bin/jpegtopnm ... [3340] dbg: FuzzyOcr: Starting FuzzyOcr... ... [2724] dbg: FuzzyOcr: Exec : /usr/local/bin/jpegtopnm /tmp/.spamassassin3340ULRQYxtmp/image001.jpg [3340] dbg: FuzzyOcr: Saved pid: 2724 [2724] dbg: FuzzyOcr: Stdout: >/tmp/.spamassassin3340ULRQYxtmp/image001.jpg.pnm [2724] dbg: FuzzyOcr: Stderr: >>/tmp/.spamassassin3340ULRQYxtmp/image001.jpg.err [3340] dbg: FuzzyOcr: Elapsed [2724]: 0.358430 sec. (/usr/bin/jpegtopnm: exit 0) except you will not see the "exit 0". To save the error file (which may give a more detailed error message) change your FuzzyOcr.cf, at the end uncomment: focr_keep_bad_images 1 then look at the /tmp//image001.jpg.err and the other .err file (raw.eml.error or something similar). > Is PATH the same as LDPATH ? No, the first is for finding executables, the second is for finding libraries and it's not usually needed (the system has a global library path, but it depends on the system... Linux uses ldconfig, Solaris crle, ... to configure that path). -- Ren? Berber From alex at nkpanama.com Tue Feb 20 04:41:05 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 20 03:46:41 2007 Subject: SMTP authentication not working In-Reply-To: <45DA4F3D.5050707@fractalweb.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> <45D9CC36.8040807@nkpanama.com> <45D9EE41.8050601@fractalweb.com> <45DA4F3D.5050707@fractalweb.com> Message-ID: <45DA6DD1.5060207@nkpanama.com> Chris Yuzik wrote: > Scott Silva wrote: >> SMTP auth "should" just work through pam. Maybe something wrong with >> the pam >> stack? > Scott, > > Any idea how I could test that? > > Chris > Are you running the saslauthd service? It needs to be running - although you have to allow PLAIN and LOGIN authentication unless you want to manually (AFAIK) add the password for every user to the sasl db. From glenn.steen at gmail.com Tue Feb 20 09:41:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 08:46:03 2007 Subject: LookOUT 2007 In-Reply-To: <20070219175557.26786e4e@localhost> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <20070219171608.55784e8a@localhost> <223f97700702191443k264319f7t6ac27b8753e5ef95@mail.gmail.com> <20070219175557.26786e4e@localhost> Message-ID: <223f97700702200041q4756f541l6f79a5035ab008ca@mail.gmail.com> On 19/02/07, Gerard Seibert wrote: > On Mon, 19 Feb 2007 23:43:20 +0100 > "Glenn Steen" wrote: > > [ snip ] > > > > Anything else you want to know? > > Apart from the question you chose to ignore? No. > > Honestly, I thought that you were being sarcastic. If you really want > me do, I will be glad to. I'll send it off-list to you. > Me sarcastic? Naaah:-). Yes, I really did want to know what you meant by Googlers. The reference is a tad baffling to me, probably because of cultural differences ... So please do. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Tue Feb 20 09:48:28 2007 From: res at ausics.net (Res) Date: Tue Feb 20 08:53:34 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702200041q4756f541l6f79a5035ab008ca@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <20070219171608.55784e8a@localhost> <223f97700702191443k264319f7t6ac27b8753e5ef95@mail.gmail.com> <20070219175557.26786e4e@localhost> <223f97700702200041q4756f541l6f79a5035ab008ca@mail.gmail.com> Message-ID: please don't feed the self appointed list protocol wan... err troll *top posting because I can* On Tue, 20 Feb 2007, Glenn Steen wrote: > On 19/02/07, Gerard Seibert wrote: >> On Mon, 19 Feb 2007 23:43:20 +0100 >> "Glenn Steen" wrote: >> >> [ snip ] >> >> > > Anything else you want to know? >> > Apart from the question you chose to ignore? No. >> >> Honestly, I thought that you were being sarcastic. If you really want >> me do, I will be glad to. I'll send it off-list to you. >> > Me sarcastic? Naaah:-). > Yes, I really did want to know what you meant by Googlers. The > reference is a tad baffling to me, probably because of cultural > differences ... So please do. > > Cheers > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From Q.G.Campbell at newcastle.ac.uk Tue Feb 20 09:50:20 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Tue Feb 20 08:55:16 2007 Subject: MailScanner is ignoring some ClamAV 'viruses' from NDB signature databases Message-ID: <4165CF7A7F12DE4B96622CCBB905864709666B37@largo.campus.ncl.ac.uk> I recently started using some of the extra .NDB/.HDB signature databases for ClamAV from Sanesecurity - http://www.sanesecurity.com/clamav/. In some cases MailScanner is recognising a 'virus' detected by these but is still delivering the message rather than dropping it silently. All the log entries for messages behaving this way appear to have a corrupted path name in the virus "FOUND" log record from MailScanner: Feb 20 08:00:07 cheviot1 MailScanner[26921]: /var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header: Email.Spam.Gen103.Sanesecurity.07011703 FOUND [the faulty part above is "/l1K7xWrE017195.header:"] The "...MailScanner[12345]: Infected message..." log record also appears to be corrupt and has lost information: Feb 20 08:00:08 cheviot1 MailScanner[26921]: Infected message l1K7xWrE017195.header came from [missing the IP address after the "from"] A correctly formed virus "FOUND" log record from MailScanner should look like: Feb 20 08:26:45 cheviot1 MailScanner[27169]: /var/spool/MailScanner/incoming/27169/./l1K8QOTB029479/msg-27169-879.htm l: Html.Img.Gen013.Sanesecurity.06112900 FOUND and the "...MailScanner[12345]: Infected message..." log record should look like: Feb 20 08:26:46 cheviot1 MailScanner[27169]: Infected message l1K8QOTB029479 came from 77.124.14.204 The fault occurs with MailScanner-4.57.6-1 running with either ClamAV-0.87.7 or ClamAV-0.90. Appended are the full set of log records for: (1) a message whose handling shows the bug, and (2) a message whose handling was as expected. Quentin Campbell --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), Newcastle University, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------ ---- extracts from the Sendmail logs Below are the log records for a 'virus' message that should have been dropped silently: Feb 20 07:59:49 cheviot1 sendmail[17195]: l1K7xWrE017195: from=, size=1500, class=0, nrcpts=1, msgid=<432422272.75323578912331@thebat.net>, proto=ESMTP, daemon=MTA, relay=BT-LOADED-PPP15.BTI.NET.PH [203.115.176.15] (may be forged) Feb 20 07:59:49 cheviot1 sendmail[17195]: l1K7xWrE017195: to=, delay=00:00:04, mailer=esmtp, pri=31500, stat=queued Feb 20 07:59:57 cheviot1 MailScanner[26921]: Message l1K7xWrE017195 from 203.115.176.15 (kapprentice@sbcglobal.net) to ncl.ac.uk is spam, SpamAssassin (not cached, score=6.732, required 6, autolearn=disabled, DATE_IN_PAST_96_XX 1.57, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, SARE_LWHUGE 1.00, SARE_LWSYMFMT 1.66) Feb 20 08:00:04 cheviot1 MailScanner[26921]: Spam Actions: message l1K7xWrE017195 actions are attachment,deliver Feb 20 08:00:07 cheviot1 MailScanner[26921]: /var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header: Email.Spam.Gen103.Sanesecurity.07011703 FOUND Feb 20 08:00:08 cheviot1 MailScanner[26921]: Infected message l1K7xWrE017195.header came from Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: SMTP outgoing connect on cheviot1.ncl.ac.uk Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: to=, delay=00:00:23, xdelay=00:00:00, mailer=esmtp, pri=121500, relay=cyrus.ncl.ac.uk. [128.240.233.238], dsn=2.0.0, stat=Sent (l1K808jg011667 Message accepted for delivery) Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: done; delay=00:00:23, ntries=1 ---- Below are the log records for a 'virus' message that was correctly handled: Feb 20 08:26:31 cheviot1 sendmail[29479]: l1K8QOTB029479: from=, size=13226, class=0, nrcpts=1, msgid=<000901c754c8$cdeb22c0$017fe9fc@usyvimkq>, proto=ESMTP, daemon=MTA, relay=IGLD-77-124-14-204.inter.net.il [77.124.14.204] (may be forged) Feb 20 08:26:31 cheviot1 sendmail[29479]: l1K8QOTB029479: to=, delay=00:00:02, mailer=esmtp, pri=43226, stat=queued Feb 20 08:26:33 cheviot1 MailScanner[27169]: Message l1K8QOTB029479 from 77.124.14.204 (AAA.BBB@ncl.ac.uk) is whitelisted Feb 20 08:26:45 cheviot1 MailScanner[27169]: /var/spool/MailScanner/incoming/27169/./l1K8QOTB029479/msg-27169-879.htm l: Html.Img.Gen013.Sanesecurity.06112900 FOUND Feb 20 08:26:46 cheviot1 MailScanner[27169]: Infected message l1K8QOTB029479 came from 77.124.14.204 Feb 20 08:26:46 cheviot1 MailScanner[27169]: HTML Img tag found in message l1K8QOTB029479 from AAA.BBB@ncl.ac.uk From stef at aoc-uk.com Tue Feb 20 10:13:20 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Tue Feb 20 09:18:13 2007 Subject: Poor me... Message-ID: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> You know what really grinds my gears... I just started receiving spam with the following.. "Poor you, i don't even think how much spam you are recive." Some days I wonder why I get out of bed. Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. UK734421454 From glenn.steen at gmail.com Tue Feb 20 10:17:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 09:21:56 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> Message-ID: <223f97700702200117w159eab1cg7adf7a327c7f27c8@mail.gmail.com> On 20/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/19/2007 1:19 PM: > > On 19/02/07, Gerard Seibert wrote: > >> On Mon, 19 Feb 2007 10:33:40 -0800 > > (snip) > >> bad grammar are now or former AOL'ers or Googlers. They just cannot > > Please define "Googlers". I'm sure I don't quite get this term. AOL > > users, shortened (IMO wrongly) to AOL'ers, sure... But "Googlers"? > > Perhaps it's something I miss as being non-native to the English > > languge? > > > >> grok normal grammar and spelling skills. It has got to make you proud > >> of our great learning institutions. > > I'm sure that "grok" is part and parcel of any modern dictionary too > > (feel free to find me some nice reference;-). > > > > Cheers > Glenn, > I would have to say that you are more capable and articulate in English than > many of the people I went to school here with! Thank you. I do make an effort;). This is in part why I'd like the term "Googlers" explained (As you know, this is not the first time I'm asking about ... slang... on this list.:-) > I wish I could be so with a second language. Other than the small amount of > Portuguese I picked up as a child, I am monolingual. > I am only slightly functional in understanding Spanish also, but can not speak > any. Well ... Around here we're "forced" to learn English (and Swedish, of course:), and usually a third and maybe a forth language too... My French is abominable though (mainly from lack of use:-). I should've gone with German or Spanish:-). Anyway, all you really need is to know how to order a beer;). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 20 10:17:54 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 09:22:45 2007 Subject: LookOUT 2007 In-Reply-To: <45DA53E1.9070409@chapman.edu> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <45DA53E1.9070409@chapman.edu> Message-ID: <223f97700702200117h78f4cee6t77c57a6b369ed67f@mail.gmail.com> On 20/02/07, Jay Chandler wrote: > Scott Silva wrote: > > Glenn, > > I would have to say that you are more capable and articulate in English than > > many of the people I went to school here with! > > I wish I could be so with a second language. Other than the small amount of > > Portuguese I picked up as a child, I am monolingual. > > I am only slightly functional in understanding Spanish also, but can not speak > > any. > > > > > Holy crap, English is Glenn's second language? > > I didn't know that, and I'm... pedantic, about proper grammar... > .se == Sweden;) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 20 10:40:31 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 09:45:28 2007 Subject: MailScanner is ignoring some ClamAV 'viruses' from NDB signature databases In-Reply-To: <4165CF7A7F12DE4B96622CCBB905864709666B37@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB905864709666B37@largo.campus.ncl.ac.uk> Message-ID: <223f97700702200140g14e63dc1p6177378de1cc5c25@mail.gmail.com> On 20/02/07, Quentin Campbell wrote: > I recently started using some of the extra .NDB/.HDB signature databases > for ClamAV from Sanesecurity - http://www.sanesecurity.com/clamav/. > > In some cases MailScanner is recognising a 'virus' detected by these but > is still delivering the message rather than dropping it silently. All > the log entries for messages behaving this way appear to have a > corrupted path name in the virus "FOUND" log record from MailScanner: > > Feb 20 08:00:07 cheviot1 MailScanner[26921]: > /var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header: > Email.Spam.Gen103.Sanesecurity.07011703 FOUND > > [the faulty part above is "/l1K7xWrE017195.header:"] > I'm not entirely sure, but this looks like it erroneously is detecting the MailScanner generated file containing the message headers for that message ID. So that would be a false positive of sorts. Does it also find the actual message to contain a "virus"? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 20 10:48:16 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 09:53:08 2007 Subject: Poor me... In-Reply-To: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> References: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> Message-ID: <223f97700702200148t31064689u395a4b193fd6a1f7@mail.gmail.com> On 20/02/07, Stef Morrell wrote: > You know what really grinds my gears... I just started receiving spam > with the following.. > > "Poor you, i don't even think how much spam you are recive." That's it? No offers of any kind? Hilarious!;-) > Some days I wonder why I get out of bed. See it from the positive side Stef, getting up means you eventually get to go back to bed;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From itdept at fractalweb.com Tue Feb 20 13:46:18 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Feb 20 12:51:52 2007 Subject: OT: SMTP authentication problem - update Message-ID: <45DAED9A.8000006@fractalweb.com> Hi everyone, After much testing and troubleshooting, I have found that the problem I've been having with the new server not being able to authenticate SMTP users has much to do with the format of the username. For example: This doesn't work (generates multiple errors in /var/log/messages, and elsewhere): user@domain1.com But, this works: user#domain1.com The problem is that we need the full email address with the '@' for backwards compatibility with the server that this new one will replace. Is this a sendmail thing? A cyrus thing? Something else? And, is there a work-around? Thanks, Chris From MCG at mpsistemas.es Tue Feb 20 13:53:41 2007 From: MCG at mpsistemas.es (MANUEL CANSECO GARCIA) Date: Tue Feb 20 12:59:17 2007 Subject: OT: SMTP authentication problem - update Message-ID: **** Mensaje Automatico *** Este usuario no se encuentra operativo, para cualquier asunto le ruego se pongan en contacto con Leandro Gayango lgg@mpsistemas.es *************************************************************************************** >>> mailscanner 02/20/07 13:46 >>> Hi everyone, After much testing and troubleshooting, I have found that the problem I've been having with the new server not being able to authenticate SMTP users has much to do with the format of the username. For example: This doesn't work (generates multiple errors in /var/log/messages, and elsewhere): user@domain1.com But, this works: user#domain1.com The problem is that we need the full email address with the '@' for backwards compatibility with the server that this new one will replace. Is this a sendmail thing? A cyrus thing? Something else? And, is there a work-around? Thanks, Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mike at vesol.com Tue Feb 20 13:56:31 2007 From: mike at vesol.com (Mike Kercher) Date: Tue Feb 20 13:04:47 2007 Subject: Poor me... In-Reply-To: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> References: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> Message-ID: : -----Original Message----- : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- : bounces@lists.mailscanner.info] On Behalf Of Stef Morrell : Sent: Tuesday, February 20, 2007 3:13 AM : To: MailScanner discussion : Subject: Poor me... : : You know what really grinds my gears... I just started receiving spam : with the following.. : : "Poor you, i don't even think how much spam you are recive." : : Some days I wonder why I get out of bed. : Because all your base are belong to us? Mike From brent.bolin at gmail.com Tue Feb 20 14:13:25 2007 From: brent.bolin at gmail.com (BB) Date: Tue Feb 20 13:18:16 2007 Subject: Anybody know what these errors are that I'm seeing in FuzzyORC logs In-Reply-To: References: <787dcac20702191539l54c0badap1c181c5e1da86db1@mail.gmail.com> <787dcac20702191752s4a19982cvd68dcb5bb3b60398@mail.gmail.com> Message-ID: <787dcac20702200513r32071118o33d720aa756e097e@mail.gmail.com> I was able to run the tests that you talk about with no errors. Or a least I couldn't see any. When I put this option in it ignores it "focr_keep_bad_images 1", complaines it's not a recognized option. Good news when running your example test I could see pyzor not installed. Installed it but it didn't appear to be working. When I ran some of the test - razor discover razor ping The server name in .pyzor does not work. When I use the IP that Glenn suggested in another thread it works. What's the deal with Pyzor is it dead or dying ? On 2/19/07, Ren? Berber wrote: > > BB wrote: > > > All of these helper programs exist - > [snip] > > The Spamassassin lint test shows this for the path - > > > > final PATH set to: > > > /sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin > > > > I wouldn't know how to test it to see if it actually works. > > If you have the FuzzyOcr source, go to directory samples and run: > > $ spamassassin -x -t -D FuzzyOcr < ocr-jpg.eml > > lots of output, should see > ... > [3340] info: FuzzyOcr: Using jpegtopnm => /usr/local/bin/jpegtopnm > ... > [3340] dbg: FuzzyOcr: Starting FuzzyOcr... > ... > [2724] dbg: FuzzyOcr: Exec : /usr/local/bin/jpegtopnm > /tmp/.spamassassin3340ULRQYxtmp/image001.jpg > [3340] dbg: FuzzyOcr: Saved pid: 2724 > [2724] dbg: FuzzyOcr: Stdout: > >/tmp/.spamassassin3340ULRQYxtmp/image001.jpg.pnm > [2724] dbg: FuzzyOcr: Stderr: > >>/tmp/.spamassassin3340ULRQYxtmp/image001.jpg.err > [3340] dbg: FuzzyOcr: Elapsed [2724]: 0.358430 sec. (/usr/bin/jpegtopnm: > exit 0) > > except you will not see the "exit 0". > > To save the error file (which may give a more detailed error message) > change > your FuzzyOcr.cf, at the end uncomment: > > focr_keep_bad_images 1 > > then look at the /tmp//image001.jpg.err and the other .err file > (raw.eml.error or something similar). > > > Is PATH the same as LDPATH ? > > No, the first is for finding executables, the second is for finding > libraries > and it's not usually needed (the system has a global library path, but it > depends on the system... Linux uses ldconfig, Solaris crle, ... to > configure > that path). > -- > Ren? Berber > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070220/e3b4c3cf/attachment.html From tenderby at mailwash.com.au Tue Feb 20 15:07:40 2007 From: tenderby at mailwash.com.au (Tony Enderby) Date: Tue Feb 20 14:12:51 2007 Subject: Poor me... In-Reply-To: References: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> Message-ID: <45DB00AC.1010009@mailwash.com.au> Mike Kercher wrote: > : -----Original Message----- > : From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > : bounces@lists.mailscanner.info] On Behalf Of Stef Morrell > : Sent: Tuesday, February 20, 2007 3:13 AM > : To: MailScanner discussion > : Subject: Poor me... > : > : You know what really grinds my gears... I just started receiving spam > : with the following.. > : > : "Poor you, i don't even think how much spam you are recive." > : > : Some days I wonder why I get out of bed. > : > > Because all your base are belong to us? > > Mike > All of your dnsrbl are belong to us. ----------------------------------------------------------------------------------- Scanned by MailWash Australia - http://www.mailwash.com.au ----------------------------------------------------------------------------------- From itdept at fractalweb.com Tue Feb 20 16:23:57 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Feb 20 15:29:10 2007 Subject: OT: SMTP authentication problem - solved! In-Reply-To: <45DAED9A.8000006@fractalweb.com> References: <45DAED9A.8000006@fractalweb.com> Message-ID: <45DB128D.6090902@fractalweb.com> As my good friend Mike pointed out (thanks Mike), it turns out that I needed to add a flag to the "FLAGS=" section of /etc/sysconfig/saslauthd. It now reads "FLAGS= -r". Works like a charm. Hopefully if anyone else has this problem, they'll find this message. From Kevin_Miller at ci.juneau.ak.us Tue Feb 20 18:17:54 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Feb 20 17:22:41 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702200041q4756f541l6f79a5035ab008ca@mail.gmail.com> Message-ID: Glenn Steen wrote: > On 19/02/07, Gerard Seibert wrote: >> On Mon, 19 Feb 2007 23:43:20 +0100 >> "Glenn Steen" wrote: >> >> [ snip ] >> >>>> Anything else you want to know? >>> Apart from the question you chose to ignore? No. >> >> Honestly, I thought that you were being sarcastic. If you really want >> me do, I will be glad to. I'll send it off-list to you. >> > Me sarcastic? Naaah:-). > Yes, I really did want to know what you meant by Googlers. The > reference is a tad baffling to me, probably because of cultural > differences ... So please do. I expect he's referring to people who use google - google news usually catches flack from the net-cops on some newsgroups I follow, generally for it's default of top posting. Don't know what gmail defaults to, but maybe it does the same? On the other hand, maybe he's referring to disreputable old men in grimy trench coats that hang out in parks across from schoolyards. (Think Aqualung here.) Regardless, both it and grok probably fall in the slang department - your average person on the street won't catch the reference. It's still geek speak... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Tue Feb 20 18:19:30 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Feb 20 17:24:16 2007 Subject: Poor me... In-Reply-To: Message-ID: Mike Kercher wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Stef Morrell >> Sent: Tuesday, February 20, 2007 3:13 AM >> To: MailScanner discussion >> Subject: Poor me... >> >> You know what really grinds my gears... I just started receiving >> spam with the following.. >> >> "Poor you, i don't even think how much spam you are recive." >> >> Some days I wonder why I get out of bed. >> > > Because all your base are belong to us? > > Mike No, because getting out of bed causes swapping... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From r.berber at computer.org Tue Feb 20 18:29:23 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue Feb 20 17:34:45 2007 Subject: Anybody know what these errors are that I'm seeing in FuzzyORC logs In-Reply-To: <787dcac20702200513r32071118o33d720aa756e097e@mail.gmail.com> References: <787dcac20702191539l54c0badap1c181c5e1da86db1@mail.gmail.com> <787dcac20702191752s4a19982cvd68dcb5bb3b60398@mail.gmail.com> <787dcac20702200513r32071118o33d720aa756e097e@mail.gmail.com> Message-ID: BB wrote: > I was able to run the tests that you talk about with no errors. Or a > least I couldn't see any. That supports my guess about your user account being able to run the tool (jpegtopnm) but the user which runs MailScanner can't. So now, repeat the same test but with a su: su - -c "spamassassin -x -t -D FuzzyOcr < ocr-jpg.eml" if the user has no shell you'll have to omit the "-". > When I put this option in it ignores it > "focr_keep_bad_images 1", complaines it's not a recognized option. [snip] That means you are using an older version of FuzzyOcr, no problem, just makes finding the problem more difficult. -- Ren? Berber From jon at radel.com Tue Feb 20 18:57:56 2007 From: jon at radel.com (Jon Radel) Date: Tue Feb 20 18:03:06 2007 Subject: LookOUT 2007 In-Reply-To: References: Message-ID: <45DB36A4.2010008@radel.com> Kevin Miller wrote: > > Don't know what gmail defaults to, but > maybe it does the same? > Google Mail. It's the official name, during the perpetual beta at least. --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2828 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070220/b4b6ba24/smime.bin From mrm at medicine.wisc.edu Tue Feb 20 19:04:07 2007 From: mrm at medicine.wisc.edu (Michael Masse) Date: Tue Feb 20 18:09:24 2007 Subject: spam vs virus Message-ID: <45DAE3A6.7FBE.00FC.3@medicine.wisc.edu> If a sender is whitelisted from spam checking, do their emails still get scanned for viruses and file type/name rule violations? Mike From mike at vesol.com Tue Feb 20 19:06:18 2007 From: mike at vesol.com (Mike Kercher) Date: Tue Feb 20 18:15:02 2007 Subject: Poor me... References: Message-ID: ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kevin Miller Sent: Tue 2/20/2007 11:19 AM To: MailScanner discussion Subject: RE: Poor me... Mike Kercher wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Stef Morrell >> Sent: Tuesday, February 20, 2007 3:13 AM >> To: MailScanner discussion >> Subject: Poor me... >> >> You know what really grinds my gears... I just started receiving >> spam with the following.. >> >> "Poor you, i don't even think how much spam you are recive." >> >> Some days I wonder why I get out of bed. >> > > Because all your base are belong to us? > > Mike No, because getting out of bed causes swapping... ...Kevin -- Swapping? He needs more REM then! :) Mike -------------- next part -------------- ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kevin Miller Sent: Tue 2/20/2007 11:19 AM To: MailScanner discussion Subject: RE: Poor me... Mike Kercher wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Stef Morrell >> Sent: Tuesday, February 20, 2007 3:13 AM >> To: MailScanner discussion >> Subject: Poor me... >> >> You know what really grinds my gears... I just started receiving >> spam with the following.. >> >> "Poor you, i don't even think how much spam you are recive." >> >> Some days I wonder why I get out of bed. >> > > Because all your base are belong to us? > > Mike No, because getting out of bed causes swapping... ...Kevin -- Swapping? He needs more REM then! :) Mike From ssilva at sgvwater.com Tue Feb 20 19:15:02 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 20 18:20:17 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702200117w159eab1cg7adf7a327c7f27c8@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <223f97700702200117w159eab1cg7adf7a327c7f27c8@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/20/2007 1:17 AM: > On 20/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/19/2007 1:19 PM: >> > On 19/02/07, Gerard Seibert wrote: >> >> On Mon, 19 Feb 2007 10:33:40 -0800 >> > (snip) >> >> bad grammar are now or former AOL'ers or Googlers. They just cannot >> > Please define "Googlers". I'm sure I don't quite get this term. AOL >> > users, shortened (IMO wrongly) to AOL'ers, sure... But "Googlers"? >> > Perhaps it's something I miss as being non-native to the English >> > languge? >> > >> >> grok normal grammar and spelling skills. It has got to make you proud >> >> of our great learning institutions. >> > I'm sure that "grok" is part and parcel of any modern dictionary too >> > (feel free to find me some nice reference;-). >> > >> > Cheers >> Glenn, >> I would have to say that you are more capable and articulate in >> English than >> many of the people I went to school here with! > Thank you. I do make an effort;). This is in part why I'd like the > term "Googlers" explained (As you know, this is not the first time I'm > asking about ... slang... on this list.:-) > >> I wish I could be so with a second language. Other than the small >> amount of >> Portuguese I picked up as a child, I am monolingual. >> I am only slightly functional in understanding Spanish also, but can >> not speak >> any. > Well ... Around here we're "forced" to learn English (and Swedish, of > course:), and usually a third and maybe a forth language too... My > French is abominable though (mainly from lack of use:-). I should've > gone with German or Spanish:-). > Anyway, all you really need is to know how to order a beer;). > > Cheers In most pubs I've been in, you only have to be able to order the first one. After that the bartenders all seem to understand the finger pointing to the empty glass as the universal sign of "I'll have another"! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 20 19:19:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 20 18:25:08 2007 Subject: SMTP authentication not working In-Reply-To: <45DA4F3D.5050707@fractalweb.com> References: <1A65E6BAEADF9B4F865314484A13ECF1608805@atlas.athensdistributing.com> <45D9CC36.8040807@nkpanama.com> <45D9EE41.8050601@fractalweb.com> <45DA4F3D.5050707@fractalweb.com> Message-ID: Chris Yuzik spake the following on 2/19/2007 5:30 PM: > Scott Silva wrote: >> SMTP auth "should" just work through pam. Maybe something wrong with >> the pam >> stack? > Scott, > > Any idea how I could test that? > > Chris > I have never had to test it since mine just works, but google for a howto to get it going on your distro, and see if you missed a step. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 20 19:32:48 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 20 18:38:10 2007 Subject: Poor me... In-Reply-To: <223f97700702200148t31064689u395a4b193fd6a1f7@mail.gmail.com> References: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> <223f97700702200148t31064689u395a4b193fd6a1f7@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/20/2007 1:48 AM: > On 20/02/07, Stef Morrell wrote: >> You know what really grinds my gears... I just started receiving spam >> with the following.. >> >> "Poor you, i don't even think how much spam you are recive." > That's it? No offers of any kind? Hilarious!;-) > >> Some days I wonder why I get out of bed. > See it from the positive side Stef, getting up means you eventually > get to go back to bed;-). > > Cheers Why does the time between "go back to bed" and "get up in the morning" just seem shorter and shorter every year? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Kevin_Miller at ci.juneau.ak.us Tue Feb 20 19:38:45 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Feb 20 18:43:32 2007 Subject: spam vs virus In-Reply-To: <45DAE3A6.7FBE.00FC.3@medicine.wisc.edu> Message-ID: Michael Masse wrote: > If a sender is whitelisted from spam checking, do their emails still > get scanned for viruses and file type/name rule violations? > > Mike Viruses yes. Not sure about file name/type but I *think* they're also squelched... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From holger at noefer.org Tue Feb 20 20:04:23 2007 From: holger at noefer.org (Holger =?iso-8859-1?Q?N=F6fer?=) Date: Tue Feb 20 19:09:24 2007 Subject: New Mail::ClamAV Version Message-ID: <20070220190425.A8A65CE301F0@mail.noefer.org> Hi, there is a new Mail::ClamAV Version. http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ It seems to compile with ClamAV 0.90. Best regards, Holger From jfagan at firstlightnetworks.com Tue Feb 20 20:45:46 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Tue Feb 20 19:49:17 2007 Subject: New Mail::ClamAV Version In-Reply-To: <20070220190425.A8A65CE301F0@mail.noefer.org> References: <20070220190425.A8A65CE301F0@mail.noefer.org> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F087A@FLN1.fln.local> > > there is a new Mail::ClamAV Version. > > http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ > > It seems to compile with ClamAV 0.90. > > Best regards, > Holger >From the Changes file itself. Going to give this one a try. Revision history for Perl extension Mail::ClamAV. 0.17 Tue Feb 20 06:20:19 MST 2007 - Updated for new clamav release 0.90 From ssilva at sgvwater.com Tue Feb 20 20:45:23 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 20 19:50:32 2007 Subject: New Mail::ClamAV Version In-Reply-To: <20070220190425.A8A65CE301F0@mail.noefer.org> References: <20070220190425.A8A65CE301F0@mail.noefer.org> Message-ID: Holger N?fer spake the following on 2/20/2007 11:04 AM: > Hi, > > there is a new Mail::ClamAV Version. > > http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ > > It seems to compile with ClamAV 0.90. > > Best regards, > Holger > Is there still an issue with the clamav-autoupdate script? I don't remember seeing any resolution yet. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jfagan at firstlightnetworks.com Tue Feb 20 21:19:52 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Tue Feb 20 20:23:23 2007 Subject: New Mail::ClamAV Version In-Reply-To: References: <20070220190425.A8A65CE301F0@mail.noefer.org> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F087B@FLN1.fln.local> > Holger N?fer spake the following on 2/20/2007 11:04 AM: > > Hi, > > > > there is a new Mail::ClamAV Version. > > > > http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ > > > > It seems to compile with ClamAV 0.90. > > > > Best regards, > > Holger > > > Is there still an issue with the clamav-autoupdate script? > I don't remember seeing any resolution yet. It seems to be updating fine for me. My /usr/local/share/clamav/daily.inc has todays date and time as of 3 minutes or so ago. From alex at nkpanama.com Tue Feb 20 21:20:42 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 20 20:26:29 2007 Subject: New Mail::ClamAV Version In-Reply-To: References: <20070220190425.A8A65CE301F0@mail.noefer.org> Message-ID: <45DB581A.5030703@nkpanama.com> Scott Silva wrote: > Is there still an issue with the clamav-autoupdate script? > I don't remember seeing any resolution yet. You could, in the meantime, do a "freshclam" by cronjob every 10 minutes or so, right? From ssilva at sgvwater.com Tue Feb 20 21:26:18 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 20 20:31:31 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DB581A.5030703@nkpanama.com> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB581A.5030703@nkpanama.com> Message-ID: Alex Neuman van der Hans spake the following on 2/20/2007 12:20 PM: > Scott Silva wrote: >> Is there still an issue with the clamav-autoupdate script? >> I don't remember seeing any resolution yet. > You could, in the meantime, do a "freshclam" by cronjob every 10 minutes > or so, right? I was just checking if I missed something in the last week. I might not have time to test/update until later in the week. My department does all IT and data processing, and we are catching up from the holiday yesterday. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From daniel.maher at ubisoft.com Tue Feb 20 21:29:36 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue Feb 20 20:34:32 2007 Subject: more fun with regex (spamassassin rules) Message-ID: <1E293D3FF63A3740B10AD5AAD88535D204716CA2@UBIMAIL1.ubisoft.org> Hello, First thing's first, thanks to everybody that responded to my regex request. In case you're still in need of a spamassassin rule to find the "replace this with that" spams, here you go: body UBI_URL_OBFU01 /(remove|replace|substitute) ?(the)? ?(("|').("|')|space) ?(in|from|to make) (the)? ?(link|url|address)? ?(above|below|work)/i describe UBI_URL_OBFU01 6 score UBI_URL_OBFU01 URL obfuscation (01) I've found that it works quite nicely! Feel free to name it whatever you like, of course. :) Next up, I'm having a problem with another regex which detects the illegal characters in the common spam of this type lately. If I use it via egrep from the command line, it matches properly; however, spamassassin does not appear to match it: $ egrep -i "https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9._\-]{1,30})?\@)?[a-z0-9.-]{1,30}[^a-z0-9.-\/:'\[][a-z0-9.-\@]{1,30}" This will, for example, successfully match: http://www.domain .com http://www.domain+com Etc... The same regex as a spamassassin rule: body UBI_URL_OBFU02 /https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9._\-]{1,30})?\@)?[a-z0-9.-]{1,30}[^a-z0-9.-\/:'\[][a-z0-9.-\@]{1,30}/i score UBI_URL_OBFU02 1.5 describe UBI_URL_OBFU02 URL obfuscation (02) Unfortunately, this rule will not trigger on either of the domains noted above. Any ideas? -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Four elements! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070220/27de3a6a/attachment.html From Denis.Beauchemin at USherbrooke.ca Tue Feb 20 21:33:22 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 20 20:38:47 2007 Subject: New Mail::ClamAV Version In-Reply-To: References: <20070220190425.A8A65CE301F0@mail.noefer.org> Message-ID: <45DB5B12.7010104@USherbrooke.ca> Scott Silva a ?crit : > Holger N?fer spake the following on 2/20/2007 11:04 AM: > >> Hi, >> >> there is a new Mail::ClamAV Version. >> >> http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ >> >> It seems to compile with ClamAV 0.90. >> >> Best regards, >> Holger >> >> > Is there still an issue with the clamav-autoupdate script? > I don't remember seeing any resolution yet. > upgrade_virus_scanners (and freshclam) worked fine once I modified both /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf to modify the following lines: LogTime LogSyslog to: LogTime true LogSyslog true Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070220/2f89fa76/smime.bin From Denis.Beauchemin at USherbrooke.ca Tue Feb 20 21:47:54 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 20 20:54:02 2007 Subject: {POLLURIEL?} Re: more fun with regex (spamassassin rules) In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D204716CA2@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D204716CA2@UBIMAIL1.ubisoft.org> Message-ID: <45DB5E7A.7060506@USherbrooke.ca> Notre d?tecteur de polluriel croit que la pi?ce jointe ? ce courriel, re?ue: De: denis.beauchemin@usherbrooke.ca Sujet: Re: more fun with regex (spamassassin rules) est un courriel commercial non sollicit? (polluriel ou spam). Nous vous conseillons de d?truire ce courriel sans ouvrir la pi?ce jointe, ? moins que vous n'ayez une bonne raison de croire que notre logiciel ait pris une mauvaise d?cision. Si vous ouvrez un polluriel, vous risquez d'indiquer ? l'?metteur que votre adresse de courriel est active, ce qui va l'encourager ? vous en envoyer d'autres. - Si le message qualifi? de polluriel provient d'une liste de distribution (ou d'une adresse g?n?rique d'un organisme) : Si vous jugez que ce courriel a ?t? d?clar? polluriel alors qu'il n'en ?tait pas un, SVP faire suivre ? demandes-polluriel@USherbrooke.ca le pr?sent avis de polluriel AU COMPLET. - Si le message qualifi? de polluriel provient d'un individu, son adresse ne sera pas blanchie. S'il a ?t? class? automatiquement dans votre sous-dossier "polluriels", nous vous sugg?rons de cr?er une r?gle de classement avec l'adresse de votre correspondant (voir au https://www.USherbrooke.ca/courriel/gestion/ section filtres), puis de placer le filtre de polluriel APR?S vos propres r?gles. pts rule name description ---- ---------------------- -------------------------------------------------- -1.5 ALL_TRUSTED Passed through trusted hosts only via SMTP 2.4 TVD_SILLY_URI_OBFU BODY: TVD_SILLY_URI_OBFU 2.0 ACKME_OBFURL1a BODY: URL that contains dodgy char 1.1 local_OBFUDOM URI: Domain contains illegal characters -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 3.1 local_OBFDOMREQ Request to modify obfuscated domain -------------- next part -------------- An embedded message was scrubbed... From: Denis Beauchemin Subject: Re: more fun with regex (spamassassin rules) Date: Tue, 20 Feb 2007 15:47:54 -0500 Size: 8050 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070220/7d400c48/attachment-0001.mht From res at ausics.net Tue Feb 20 21:51:03 2007 From: res at ausics.net (Res) Date: Tue Feb 20 20:56:06 2007 Subject: LookOUT 2007 In-Reply-To: References: Message-ID: On Tue, 20 Feb 2007, Kevin Miller wrote: > > I expect he's referring to people who use google - google news usually > catches flack from the net-cops on some newsgroups I follow, generally > for it's default of top posting. Don't know what gmail defaults to, but > maybe it does the same? Theres also a probability it includes google mail users since they go to great lengths in most cases to hide the original posters ip, and ignore reports of spam etc (yahoo? anyone) I have threatened to block gmail if their lack of attention persists because I have no way of knowing the original senders isp to tlak to them directly instead. .....I also wont lose any sleep if I do block them either :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From listacct at tulsaconnect.com Tue Feb 20 21:54:24 2007 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 20 20:59:10 2007 Subject: New Mail::ClamAV Version In-Reply-To: <20070220190425.A8A65CE301F0@mail.noefer.org> References: <20070220190425.A8A65CE301F0@mail.noefer.org> Message-ID: <45DB6000.9050402@tulsaconnect.com> Holger N?fer wrote: > Hi, > > there is a new Mail::ClamAV Version. > > http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ > > It seems to compile with ClamAV 0.90. > > Best regards, > Holger > It does compile OK, but seems to blow up when run via MS: Feb 20 14:44:03 mscan1 MailScanner[49461]: ClamAVModule::LibClamAV Warning: cli_pdf: Object number missing Feb 20 14:44:08 mscan1 MailScanner[49461]: Virus Scanning: ClamAV Module found 1 infections Feb 20 14:45:03 mscan1 MailScanner[51163]: ClamAVModule::ERROR:: Zip module failure:: ./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 06.pdf Feb 20 14:45:10 mscan1 MailScanner[51163]: Virus Scanning: ClamAV Module found 1 infections -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From res at ausics.net Tue Feb 20 21:54:23 2007 From: res at ausics.net (Res) Date: Tue Feb 20 20:59:33 2007 Subject: spam vs virus In-Reply-To: <45DAE3A6.7FBE.00FC.3@medicine.wisc.edu> References: <45DAE3A6.7FBE.00FC.3@medicine.wisc.edu> Message-ID: On Tue, 20 Feb 2007, Michael Masse wrote: > If a sender is whitelisted from spam checking, do their emails still get > scanned for viruses and file type/name rule violations? Yes, if you want them to be excluded from all ( secondary MX's ) you need a ruleset under 'Scan Messages' -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From daniel.maher at ubisoft.com Tue Feb 20 21:58:25 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue Feb 20 21:03:20 2007 Subject: more fun with regex (spamassassin rules) In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D203F1B6D8@UBIMAIL1.ubisoft.org> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D204716D18@UBIMAIL1.ubisoft.org> Please note, for the "replace this with that" rule noted below, the "describe" and "score" strings should be swapped: body UBI_URL_OBFU01 /(remove|replace|substitute) ?(the)? ?(("|').("|')|space) ?(in|from|to make) (the)? ?(link|url|address)? ?(above|below|work)/i score UBI_URL_OBFU01 6 describe UBI_URL_OBFU01 URL obfuscation (01) Mea culpa. :P -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Four elements! ________________________________ From: Daniel Maher Sent: February 20, 2007 3:30 PM To: 'MailScanner discussion' Subject: more fun with regex (spamassassin rules) Hello, First thing's first, thanks to everybody that responded to my regex request. In case you're still in need of a spamassassin rule to find the "replace this with that" spams, here you go: body UBI_URL_OBFU01 /(remove|replace|substitute) ?(the)? ?(("|').("|')|space) ?(in|from|to make) (the)? ?(link|url|address)? ?(above|below|work)/i describe UBI_URL_OBFU01 6 score UBI_URL_OBFU01 URL obfuscation (01) I've found that it works quite nicely! Feel free to name it whatever you like, of course. :) Next up, I'm having a problem with another regex which detects the illegal characters in the common spam of this type lately. If I use it via egrep from the command line, it matches properly; however, spamassassin does not appear to match it: $ egrep -i "https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9._\-]{1,30})?\@)?[a-z0-9.-]{1,30}[^a-z0-9.-\/:'\[][a-z0-9.-\@]{1,30}" This will, for example, successfully match: http://www.domain .com http://www.domain+com Etc... The same regex as a spamassassin rule: body UBI_URL_OBFU02 /https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9._\-]{1,30})?\@)?[a-z0-9.-]{1,30}[^a-z0-9.-\/:'\[][a-z0-9.-\@]{1,30}/i score UBI_URL_OBFU02 1.5 describe UBI_URL_OBFU02 URL obfuscation (02) Unfortunately, this rule will not trigger on either of the domains noted above. Any ideas? -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Four elements! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070220/0edd870a/attachment.html From glenn.steen at gmail.com Tue Feb 20 22:09:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 21:14:40 2007 Subject: LookOUT 2007 In-Reply-To: References: <223f97700702200041q4756f541l6f79a5035ab008ca@mail.gmail.com> Message-ID: <223f97700702201309tbadcd2dndbf4783a6d2ee154@mail.gmail.com> On 20/02/07, Kevin Miller wrote: > Glenn Steen wrote: > > On 19/02/07, Gerard Seibert wrote: > >> On Mon, 19 Feb 2007 23:43:20 +0100 > >> "Glenn Steen" wrote: > >> > >> [ snip ] > >> > >>>> Anything else you want to know? > >>> Apart from the question you chose to ignore? No. > >> > >> Honestly, I thought that you were being sarcastic. If you really want > >> me do, I will be glad to. I'll send it off-list to you. > >> > > Me sarcastic? Naaah:-). > > Yes, I really did want to know what you meant by Googlers. The > > reference is a tad baffling to me, probably because of cultural > > differences ... So please do. > > I expect he's referring to people who use google - google news usually > catches flack from the net-cops on some newsgroups I follow, generally > for it's default of top posting. Don't know what gmail defaults to, but > maybe it does the same? Haven't used Google news much (at all:-), so that was news to me... Thanks Kev. Might be what he's refering to. Now, about Google Mail, this web-MUA is actually quite sane when it comes to replies, it'll prefix and line-wrap in a rather sane manner... It'll still put the cursor up top, but since I try to consequently do inline replies (with or without trimming, as necessary), that really doesn't "force" me much:-). And since you can set it to always use plain text, and it has a very sane threading (one of trhe best I've seen) it is a perfect fit for using with lists (where any concerns about personal integrity is beside the point anyway:-). One can hate Google mail for a lot of reasons, but not the UI;-). > On the other hand, maybe he's referring to disreputable old men in grimy > trench coats that hang out in parks across from schoolyards. (Think > Aqualung here.) :-) > Regardless, both it and grok probably fall in the slang department - > your average person on the street won't catch the reference. It's still > geek speak... Us geeks? No way, I'm way to cool to be a geek... Not:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Tue Feb 20 22:09:55 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 20 21:15:30 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DB6000.9050402@tulsaconnect.com> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> Message-ID: <45DB63A3.8020307@USherbrooke.ca> TCIS List Acct a ?crit : > > > Holger N?fer wrote: >> Hi, >> >> there is a new Mail::ClamAV Version. >> >> http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ >> >> It seems to compile with ClamAV 0.90. >> >> Best regards, >> Holger >> > > It does compile OK, but seems to blow up when run via MS: > > Feb 20 14:44:03 mscan1 MailScanner[49461]: ClamAVModule::LibClamAV > Warning: cli_pdf: Object number missing > Feb 20 14:44:08 mscan1 MailScanner[49461]: Virus Scanning: ClamAV > Module found 1 infections > Feb 20 14:45:03 mscan1 MailScanner[51163]: ClamAVModule::ERROR:: Zip > module failure:: ./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 > 06.pdf > Feb 20 14:45:10 mscan1 MailScanner[51163]: Virus Scanning: ClamAV > Module found 1 infections > It works fine here. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070220/ac69f023/smime.bin From chandler.lists at chapman.edu Tue Feb 20 22:11:33 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 20 21:16:33 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702200117h78f4cee6t77c57a6b369ed67f@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <45DA53E1.9070409@chapman.edu> <223f97700702200117h78f4cee6t77c57a6b369ed67f@mail.gmail.com> Message-ID: <45DB6405.9030101@chapman.edu> Glenn Steen wrote: >> Holy crap, English is Glenn's second language? >> >> I didn't know that, and I'm... pedantic, about proper grammar... >> > .se == Sweden;) > Holy crap, you mean your first language is Swedish Chef?! -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: high pressure system failure From lhaig at haigmail.com Tue Feb 20 22:12:27 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 20 21:17:22 2007 Subject: Setting up test server Message-ID: <45DB643B.9020107@haigmail.com> Hi, How do I copy every email that has been cleaned to another server? I am testing the new bongo mail server and I was wondering if I could tweak postfix somehow to copy all mail to this test server. Can someone point me in the right direction please. I am not sure what to google for so I thought I would ask I am running postfix on Fedora 4 with MS Thanks Lance From glenn.steen at gmail.com Tue Feb 20 22:16:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 21:21:51 2007 Subject: LookOUT 2007 In-Reply-To: References: Message-ID: <223f97700702201316r4230a42bj989f6ac85223c5b1@mail.gmail.com> On 20/02/07, Res wrote: > On Tue, 20 Feb 2007, Kevin Miller wrote: > > > > > I expect he's referring to people who use google - google news usually > > catches flack from the net-cops on some newsgroups I follow, generally > > for it's default of top posting. Don't know what gmail defaults to, but > > maybe it does the same? > > > Theres also a probability it includes google mail users > since they go to great lengths in most cases to hide the original > posters ip, and ignore reports of spam etc (yahoo? anyone) I have > threatened to block gmail if their lack of attention persists because I > have no way of knowing the original senders isp to tlak to them directly > instead. As said, there are plenty of reasons to hate Google mail, and plenty of reasons to like it too:-). Depends on the perspective. > .....I also wont lose any sleep if I do block them either :) No no, but we _know_ you're Dr Evil in (a very thin) disguise already... Dr Evil would _never_ lose sleep over something like that:-). (That was ironic humor, for our casual readers, and Res a) can take it, b) has proven to have a sense of humor already... I hope:-D:-). Cheers mate -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Tue Feb 20 22:18:08 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Feb 20 21:23:06 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DB6000.9050402@tulsaconnect.com> Message-ID: <01e101c75534$9e423d30$0301a8c0@SAHOMELT> Seems like there was something about pdfs and zip module if you compiled with experimental, did you perhaps? Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of TCIS List Acct > Sent: Tuesday, February 20, 2007 3:54 PM > To: MailScanner discussion > Subject: Re: New Mail::ClamAV Version > > > > Holger N?fer wrote: > > Hi, > > > > there is a new Mail::ClamAV Version. > > > > http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ > > > > It seems to compile with ClamAV 0.90. > > > > Best regards, > > Holger > > > > It does compile OK, but seems to blow up when run via MS: > > Feb 20 14:44:03 mscan1 MailScanner[49461]: > ClamAVModule::LibClamAV Warning: > cli_pdf: Object number missing > Feb 20 14:44:08 mscan1 MailScanner[49461]: Virus Scanning: > ClamAV Module found 1 > infections > Feb 20 14:45:03 mscan1 MailScanner[51163]: > ClamAVModule::ERROR:: Zip module > failure:: ./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 06.pdf > Feb 20 14:45:10 mscan1 MailScanner[51163]: Virus Scanning: > ClamAV Module found 1 > infections > > -- > > ----------------------------------------- > Mike Bacher / listacct@tulsaconnect.com > TCIS - TulsaConnect Internet Services > http://www.tulsaconnect.com > ----------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Feb 20 22:21:27 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 21:26:21 2007 Subject: LookOUT 2007 In-Reply-To: References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <223f97700702200117w159eab1cg7adf7a327c7f27c8@mail.gmail.com> Message-ID: <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> On 20/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/20/2007 1:17 AM: (snip) > > Well ... Around here we're "forced" to learn English (and Swedish, of > > course:), and usually a third and maybe a forth language too... My > > French is abominable though (mainly from lack of use:-). I should've > > gone with German or Spanish:-). > > Anyway, all you really need is to know how to order a beer;). > > > > Cheers > In most pubs I've been in, you only have to be able to order the first one. > After that the bartenders all seem to understand the finger pointing to the > empty glass as the universal sign of "I'll have another"! True. Only works for barteders though, I've tried it one my wife unsuccessfully on several occasions (for some reason she either just glares, mutters about "lazy oafs" or start throwing things...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jaearick at colby.edu Tue Feb 20 22:21:54 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Feb 20 21:27:03 2007 Subject: New Mail::ClamAV Version In-Reply-To: References: <20070220190425.A8A65CE301F0@mail.noefer.org> Message-ID: On Tue, 20 Feb 2007, Scott Silva wrote: > Date: Tue, 20 Feb 2007 11:45:23 -0800 > From: Scott Silva > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Re: New Mail::ClamAV Version > > Holger N?fer spake the following on 2/20/2007 11:04 AM: >> Hi, >> >> there is a new Mail::ClamAV Version. >> >> http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ >> >> It seems to compile with ClamAV 0.90. >> >> Best regards, >> Holger >> > Is there still an issue with the clamav-autoupdate script? > I don't remember seeing any resolution yet. Doh! I just found the reason for my original posting of the "update does not work" message. I copied over the 0.90 freshclam.conf file to my clam config space, edited it, but forgot to comment out the "Example" line near the top. It didn't work until I did that. Now my updating for 0.90 works. Now to try the clamavmodule instead of the plain clamav call in MailScanner. Jeff Earickson Colby College From mikea at mikea.ath.cx Tue Feb 20 22:27:31 2007 From: mikea at mikea.ath.cx (mikea) Date: Tue Feb 20 21:32:30 2007 Subject: Setting up test server In-Reply-To: <45DB643B.9020107@haigmail.com> References: <45DB643B.9020107@haigmail.com> Message-ID: <20070220212731.GA82275@mikea.ath.cx> On Tue, Feb 20, 2007 at 09:12:27PM +0000, Lance Haig wrote: > Hi, > > How do I copy every email that has been cleaned to another server? > > I am testing the new bongo mail server and I was wondering if I could > tweak postfix somehow to copy all mail to this test server. > > Can someone point me in the right direction please. I am not sure what > to google for so I thought I would ask > > I am running postfix on Fedora 4 with MS Anthony Howe's "roundhouse" program may do what you want. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From drew at technologytiger.net Tue Feb 20 22:37:22 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue Feb 20 21:42:19 2007 Subject: Setting up test server In-Reply-To: <45DB643B.9020107@haigmail.com> References: <45DB643B.9020107@haigmail.com> Message-ID: <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> On 20 Feb 2007, at 21:12, Lance Haig wrote: > Hi, > > How do I copy every email that has been cleaned to another server? > > I am testing the new bongo mail server and I was wondering if I > could tweak postfix somehow to copy all mail to this test server. > > Can someone point me in the right direction please. I am not sure > what to google for so I thought I would ask > > I am running postfix on Fedora 4 with MS > > Thanks > > Lance postfix will allow you t BCC all mail but as you asked for clean you would be better off looking at the Non Spam Actions = option in MailScanner.conf I think you should be able to do: Non Spam Actions = forward user@new.bongo.server deliver Make sure you either have DNS or an entry in hosts for the new server (Or indeed an entry in the transport maps file of Postfix) and you should be away. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From glenn.steen at gmail.com Tue Feb 20 22:40:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 21:45:42 2007 Subject: LookOUT 2007 In-Reply-To: <45DB6405.9030101@chapman.edu> References: <20070216142020.9461.GERARD@seibercom.net> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <45DA53E1.9070409@chapman.edu> <223f97700702200117h78f4cee6t77c57a6b369ed67f@mail.gmail.com> <45DB6405.9030101@chapman.edu> Message-ID: <223f97700702201340g6a3f471ck6f0708355bc0076b@mail.gmail.com> On 20/02/07, Jay Chandler wrote: > Glenn Steen wrote: > >> Holy crap, English is Glenn's second language? > >> > >> I didn't know that, and I'm... pedantic, about proper grammar... > >> > > .se == Sweden;) > > > Holy crap, you mean your first language is Swedish Chef?! Bork-bork.:-) Search the archives you'll find that a lot of the Americans on this list, and quite a few Brits as well, has had their little fun about this before (search for Bork, and you shall find;). I pity the guy... Imagine being lured to another country, where you don't ahave even a remote clue as to how to speak the local lingo, to cook on a show on national TV... and discover that the "show" is just you and the camera... I can well imagine him starting to mumble as he went about cooking. The his mumbling doesn't resemble Swedish even in any remote way is probably due to the very broad dialect he was speaking:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From holger at noefer.org Tue Feb 20 22:44:37 2007 From: holger at noefer.org (Holger =?iso-8859-1?Q?N=F6fer?=) Date: Tue Feb 20 21:49:35 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DB63A3.8020307@USherbrooke.ca> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> Message-ID: <20070220214439.44A95CE30474@mail.noefer.org> At 22:09 20.02.2007, you wrote: >TCIS List Acct a ?crit : >> >> >>Holger N?fer wrote: >>>Hi, >>> >>>there is a new Mail::ClamAV Version. >>> >>>http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ >>> >>>It seems to compile with ClamAV 0.90. >>> >>>Best regards, >>>Holger >> >>It does compile OK, but seems to blow up when run via MS: >> >>Feb 20 14:44:03 mscan1 MailScanner[49461]: >>ClamAVModule::LibClamAV Warning: cli_pdf: Object number missing >>Feb 20 14:44:08 mscan1 MailScanner[49461]: >>Virus Scanning: ClamAV Module found 1 infections >>Feb 20 14:45:03 mscan1 MailScanner[51163]: >>ClamAVModule::ERROR:: Zip module failure:: >>./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 06.pdf >>Feb 20 14:45:10 mscan1 MailScanner[51163]: >>Virus Scanning: ClamAV Module found 1 infections >It works fine here. Works fine for me, too. I will do more tests tomorrow. Holger >Denis > >-- > _ > ?v? Denis Beauchemin, analyste >/(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Feb 20 22:49:07 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 21:54:01 2007 Subject: Poor me... In-Reply-To: References: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com> <223f97700702200148t31064689u395a4b193fd6a1f7@mail.gmail.com> Message-ID: <223f97700702201349ra9e892aocbe6cca9f98b2ffe@mail.gmail.com> On 20/02/07, Scott Silva wrote: > Glenn Steen spake the following on 2/20/2007 1:48 AM: > > On 20/02/07, Stef Morrell wrote: > >> You know what really grinds my gears... I just started receiving spam > >> with the following.. > >> > >> "Poor you, i don't even think how much spam you are recive." > > That's it? No offers of any kind? Hilarious!;-) > > > >> Some days I wonder why I get out of bed. > > See it from the positive side Stef, getting up means you eventually > > get to go back to bed;-). > > > > Cheers > Why does the time between "go back to bed" and "get up in the morning" just > seem shorter and shorter every year? Not enough amber infusions? Bad memory? I can't recall....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Tue Feb 20 23:02:18 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 20 22:07:14 2007 Subject: Setting up test server In-Reply-To: <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> Message-ID: <45DB6FEA.1020000@haigmail.com> Drew, is there no way to do this for a whole domain? Lance Drew Marshall wrote: > On 20 Feb 2007, at 21:12, Lance Haig wrote: > >> Hi, >> >> How do I copy every email that has been cleaned to another server? >> >> I am testing the new bongo mail server and I was wondering if I could >> tweak postfix somehow to copy all mail to this test server. >> >> Can someone point me in the right direction please. I am not sure >> what to google for so I thought I would ask >> >> I am running postfix on Fedora 4 with MS >> >> Thanks >> >> Lance > > postfix will allow you t BCC all mail but as you asked for clean you > would be better off looking at the Non Spam Actions = option in > MailScanner.conf > > I think you should be able to do: > > Non Spam Actions = forward user@new.bongo.server deliver > > Make sure you either have DNS or an entry in hosts for the new server > (Or indeed an entry in the transport maps file of Postfix) and you > should be away. > > Drew > > --In line with our policy, this message has been scannedfor viruses > and dangerous content by the Technology Tiger MailScanner. > Further information can be found at www.technologytiger.net/policy > > Technology Tiger Limited is registered in Scotland with registration > number: 310997 > Registered Office 55-57 West High Street Inverurie AB51 3QQ > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --This message has been scanned for viruses and > dangerous content by Red Armour MailScanner, and is > believed to be clean. http://www.redarmour.co.uk > > > From ka at pacific.net Tue Feb 20 23:13:16 2007 From: ka at pacific.net (Ken A) Date: Tue Feb 20 22:14:20 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702201340g6a3f471ck6f0708355bc0076b@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <45DA53E1.9070409@chapman.edu> <223f97700702200117h78f4cee6t77c57a6b369ed67f@mail.gmail.com> <45DB6405.9030101@chapman.edu> <223f97700702201340g6a3f471ck6f0708355bc0076b@mail.gmail.com> Message-ID: <45DB727C.8010105@pacific.net> Glenn Steen wrote: > On 20/02/07, Jay Chandler wrote: >> Glenn Steen wrote: >> >> Holy crap, English is Glenn's second language? >> >> >> >> I didn't know that, and I'm... pedantic, about proper grammar... >> >> >> > .se == Sweden;) >> > >> Holy crap, you mean your first language is Swedish Chef?! > Bork-bork.:-) > Search the archives you'll find that a lot of the Americans on this > list, and quite a few Brits as well, has had their little fun about > this before (search for Bork, and you shall find;). > I pity the guy... Imagine being lured to another country, where you > don't ahave even a remote clue as to how to speak the local lingo, to > cook on a show on national TV... and discover that the "show" is just > you and the camera... I can well imagine him starting to mumble as he > went about cooking. The his mumbling doesn't resemble Swedish even in > any remote way is probably due to the very broad dialect he was > speaking:-). http://en.wikipedia.org/wiki/Swedish_Chef uh oh.. O.T. material causing swapping now.. Ken A Pacific.Net > > Cheers From listacct at tulsaconnect.com Tue Feb 20 23:15:09 2007 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 20 22:19:55 2007 Subject: New Mail::ClamAV Version In-Reply-To: <01e101c75534$9e423d30$0301a8c0@SAHOMELT> References: <01e101c75534$9e423d30$0301a8c0@SAHOMELT> Message-ID: <45DB72ED.80503@tulsaconnect.com> Rick Cooper wrote: > Seems like there was something about pdfs and zip module if you compiled > with experimental, did you perhaps? > > Rick Nope. Installed ClamAV from FreeBSD ports, all default options left on. Experimental code was not enabled. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From res at ausics.net Tue Feb 20 23:15:17 2007 From: res at ausics.net (Res) Date: Tue Feb 20 22:20:29 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702201316r4230a42bj989f6ac85223c5b1@mail.gmail.com> References: <223f97700702201316r4230a42bj989f6ac85223c5b1@mail.gmail.com> Message-ID: On Tue, 20 Feb 2007, Glenn Steen wrote: > No no, but we _know_ you're Dr Evil in (a very thin) disguise > already... Dr Evil would _never_ lose sleep over something like > that:-). damned straight! you also left out party? :) (as there wil be less spam complaints) > (That was ironic humor, for our casual readers, and Res a) can take > it, b) has proven to have a sense of humor already... I hope:-D:-). yup :D -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Tue Feb 20 23:39:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 20 22:44:52 2007 Subject: LookOUT 2007 In-Reply-To: <45DB727C.8010105@pacific.net> References: <20070216142020.9461.GERARD@seibercom.net> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <45DA53E1.9070409@chapman.edu> <223f97700702200117h78f4cee6t77c57a6b369ed67f@mail.gmail.com> <45DB6405.9030101@chapman.edu> <223f97700702201340g6a3f471ck6f0708355bc0076b@mail.gmail.com> <45DB727C.8010105@pacific.net> Message-ID: <223f97700702201439n11ee11d0nda58a8738601b513@mail.gmail.com> On 20/02/07, Ken A wrote: > > > Glenn Steen wrote: > > On 20/02/07, Jay Chandler wrote: > >> Glenn Steen wrote: > >> >> Holy crap, English is Glenn's second language? > >> >> > >> >> I didn't know that, and I'm... pedantic, about proper grammar... > >> >> > >> > .se == Sweden;) > >> > > >> Holy crap, you mean your first language is Swedish Chef?! > > Bork-bork.:-) > > Search the archives you'll find that a lot of the Americans on this > > list, and quite a few Brits as well, has had their little fun about > > this before (search for Bork, and you shall find;). > > I pity the guy... Imagine being lured to another country, where you > > don't ahave even a remote clue as to how to speak the local lingo, to > > cook on a show on national TV... and discover that the "show" is just > > you and the camera... I can well imagine him starting to mumble as he > > went about cooking. The his mumbling doesn't resemble Swedish even in > > any remote way is probably due to the very broad dialect he was > > speaking:-). > > http://en.wikipedia.org/wiki/Swedish_Chef Yes Ken, I'm quite aware of that:). Note the first sentence "A parody of televised cooking shows,..." ... What I'm talking about above is the actual guy the initial parody was based on. It was on some kind of non-commercial/public channel... Whatever that might mean in the US:-). > uh oh.. O.T. material causing swapping now.. Most definitely... Stories seems the subject matter swapped though, so no harm done:-P Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From itdept at fractalweb.com Tue Feb 20 23:39:43 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Feb 20 22:53:33 2007 Subject: Setting up test server In-Reply-To: <45DB6FEA.1020000@haigmail.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> Message-ID: <45DB78AF.1040803@fractalweb.com> Lance Haig wrote: > Drew, > > is there no way to do this for a whole domain? > > Lance Lance, Do you mean that you want to move everyone's inboxes over from server a to server b? If so, we've found the scp tool invaluable. Permissions can be tricky though if the userids/groupids are different on the new server, so watch for that. Let me know if you have any questions. Cheers, Chris From Kevin_Miller at ci.juneau.ak.us Wed Feb 21 00:01:49 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Feb 20 23:06:41 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net><45D610AA.3040604@yeticomputers.com><20070216155327.532A.GERARD@seibercom.net><45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost><223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com><223f97700702200117w159eab1cg7adf7a327c7f27c8@mail.gmail.com> <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> Message-ID: Glenn Steen wrote: >> In most pubs I've been in, you only have to be able to order the >> first one. After that the bartenders all seem to understand the >> finger pointing to the empty glass as the universal sign of "I'll >> have another"! > True. > Only works for barteders though, I've tried it one my wife > unsuccessfully on several occasions (for some reason she either just > glares, mutters about "lazy oafs" or start throwing things...:-) Well, here, try this technique: http://www.xkcd.com/c149.html ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From lhaig at haigmail.com Wed Feb 21 00:10:27 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 20 23:15:23 2007 Subject: Setting up test server In-Reply-To: <45DB78AF.1040803@fractalweb.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <45DB78AF.1040803@fractalweb.com> Message-ID: <45DB7FE3.8040206@haigmail.com> Hi Chris, I am just testing the software to see if it will replace my current set-up. I want to move my users from my netware server to an opensource one Lance Chris Yuzik wrote: > Lance Haig wrote: >> Drew, >> >> is there no way to do this for a whole domain? >> >> Lance > Lance, > > Do you mean that you want to move everyone's inboxes over from server > a to server b? > > If so, we've found the scp tool invaluable. Permissions can be tricky > though if the userids/groupids are different on the new server, so > watch for that. > > Let me know if you have any questions. > > Cheers, > Chris From dnsadmin at 1bigthink.com Wed Feb 21 00:17:50 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue Feb 20 23:22:58 2007 Subject: Setting up test server In-Reply-To: <45DB78AF.1040803@fractalweb.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <45DB78AF.1040803@fractalweb.com> Message-ID: <7.0.1.0.0.20070220181519.090a76f8@1bigthink.com> At 05:39 PM 2/20/2007, you wrote: >Lance Haig wrote: >>Drew, >> >>is there no way to do this for a whole domain? >> >>Lance >Lance, > >Do you mean that you want to move everyone's inboxes over from >server a to server b? > >If so, we've found the scp tool invaluable. Permissions can be >tricky though if the userids/groupids are different on the new >server, so watch for that. > >Let me know if you have any questions. > >Cheers, >Chris If same users and groups already exist on the target server, rsync (over SSH for security) will take care of it perfectly. Mind you, I'm a novice when it comes to postfix! But rsync will take goos care or uid/gid/permissions and recursively. Cheers! From drew at technologytiger.net Wed Feb 21 00:19:11 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue Feb 20 23:24:09 2007 Subject: Setting up test server In-Reply-To: <45DB6FEA.1020000@haigmail.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> Message-ID: <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> On 20 Feb 2007, at 22:02, Lance Haig wrote: > Drew, > > is there no way to do this for a whole domain? OK, I think I have slightly miss read your original question. Pretend I know nothing (Not hard!) and tell me what you are trying to achieve. Do you want to move the mail you have, duplicate the mail that you are receiving to a second box, duplicate some of the mail you are receiving to some users on the new box? Sorry, not enough beer yet... Drew > > Lance > > Drew Marshall wrote: >> On 20 Feb 2007, at 21:12, Lance Haig wrote: >> >>> Hi, >>> >>> How do I copy every email that has been cleaned to another server? >>> >>> I am testing the new bongo mail server and I was wondering if I >>> could tweak postfix somehow to copy all mail to this test server. >>> >>> Can someone point me in the right direction please. I am not sure >>> what to google for so I thought I would ask >>> >>> I am running postfix on Fedora 4 with MS >>> >>> Thanks >>> >>> Lance >> >> postfix will allow you t BCC all mail but as you asked for clean >> you would be better off looking at the Non Spam Actions = option >> in MailScanner.conf >> >> I think you should be able to do: >> >> Non Spam Actions = forward user@new.bongo.server deliver >> >> Make sure you either have DNS or an entry in hosts for the new >> server (Or indeed an entry in the transport maps file of Postfix) >> and you should be away. >> >> Drew >> >> --In line with our policy, this message has been scannedfor >> viruses and dangerous content by the Technology Tiger MailScanner. >> Further information can be found at www.technologytiger.net/policy >> >> Technology Tiger Limited is registered in Scotland with >> registration number: 310997 >> Registered Office 55-57 West High Street Inverurie AB51 3QQ >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> --This message has been scanned for viruses and >> dangerous content by Red Armour MailScanner, and is >> believed to be clean. http://www.redarmour.co.uk >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From ssilva at sgvwater.com Wed Feb 21 00:23:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 20 23:28:33 2007 Subject: LookOUT 2007 In-Reply-To: <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> References: <20070216142020.9461.GERARD@seibercom.net> <45D610AA.3040604@yeticomputers.com> <20070216155327.532A.GERARD@seibercom.net> <45D6363D.3040606@yeticomputers.com> <20070219150140.3f72fa1c@localhost> <223f97700702191319n503ecf68l2c254f0163619c8b@mail.gmail.com> <223f97700702200117w159eab1cg7adf7a327c7f27c8@mail.gmail.com> <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/20/2007 1:21 PM: > On 20/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/20/2007 1:17 AM: > (snip) >> > Well ... Around here we're "forced" to learn English (and Swedish, of >> > course:), and usually a third and maybe a forth language too... My >> > French is abominable though (mainly from lack of use:-). I should've >> > gone with German or Spanish:-). >> > Anyway, all you really need is to know how to order a beer;). >> > >> > Cheers >> In most pubs I've been in, you only have to be able to order the first >> one. >> After that the bartenders all seem to understand the finger pointing >> to the >> empty glass as the universal sign of "I'll have another"! > True. > Only works for barteders though, I've tried it one my wife > unsuccessfully on several occasions (for some reason she either just > glares, mutters about "lazy oafs" or start throwing things...:-) > Cheers I hear that! My wife just gives a finger back! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rob at robhq.com Wed Feb 21 01:03:46 2007 From: rob at robhq.com (Rob Freeman) Date: Wed Feb 21 00:08:54 2007 Subject: Setting up test server In-Reply-To: <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> Message-ID: <004b01c7554b$c2751670$475f4350$@com> If you have the user's and group's moved over, and this is a blank server, you can rsync the info over keeping the info intact. Just a quick off the head example: rsync -avru /home/ -e ssh root@testserverip:/home/ We do the above to keep a sync of data between redhat servers, so some tweaking may be needed, but works for us. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Drew Marshall Sent: Tuesday, February 20, 2007 5:19 PM To: MailScanner discussion Subject: Re: Setting up test server On 20 Feb 2007, at 22:02, Lance Haig wrote: > Drew, > > is there no way to do this for a whole domain? OK, I think I have slightly miss read your original question. Pretend I know nothing (Not hard!) and tell me what you are trying to achieve. Do you want to move the mail you have, duplicate the mail that you are receiving to a second box, duplicate some of the mail you are receiving to some users on the new box? Sorry, not enough beer yet... Drew > > Lance > > Drew Marshall wrote: >> On 20 Feb 2007, at 21:12, Lance Haig wrote: >> >>> Hi, >>> >>> How do I copy every email that has been cleaned to another server? >>> >>> I am testing the new bongo mail server and I was wondering if I >>> could tweak postfix somehow to copy all mail to this test server. >>> >>> Can someone point me in the right direction please. I am not sure >>> what to google for so I thought I would ask >>> >>> I am running postfix on Fedora 4 with MS >>> >>> Thanks >>> >>> Lance >> >> postfix will allow you t BCC all mail but as you asked for clean >> you would be better off looking at the Non Spam Actions = option >> in MailScanner.conf >> >> I think you should be able to do: >> >> Non Spam Actions = forward user@new.bongo.server deliver >> >> Make sure you either have DNS or an entry in hosts for the new >> server (Or indeed an entry in the transport maps file of Postfix) >> and you should be away. >> >> Drew >> >> --In line with our policy, this message has been scannedfor >> viruses and dangerous content by the Technology Tiger MailScanner. >> Further information can be found at www.technologytiger.net/policy >> >> Technology Tiger Limited is registered in Scotland with >> registration number: 310997 >> Registered Office 55-57 West High Street Inverurie AB51 3QQ >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> --This message has been scanned for viruses and >> dangerous content by Red Armour MailScanner, and is >> believed to be clean. http://www.redarmour.co.uk >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.18.3/694 - Release Date: 2/20/2007 1:44 PM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.18.3/694 - Release Date: 2/20/2007 1:44 PM From res at ausics.net Wed Feb 21 01:27:16 2007 From: res at ausics.net (Res) Date: Wed Feb 21 00:32:19 2007 Subject: Setting up test server In-Reply-To: <7.0.1.0.0.20070220181519.090a76f8@1bigthink.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <45DB78AF.1040803@fractalweb.com> <7.0.1.0.0.20070220181519.090a76f8@1bigthink.com> Message-ID: On Tue, 20 Feb 2007, dnsadmin 1bigthink.com wrote: > At 05:39 PM 2/20/2007, you wrote: > >> Lance Haig wrote: >>> Drew, >>> >>> is there no way to do this for a whole domain? >>> >>> Lance >> Lance, >> >> Do you mean that you want to move everyone's inboxes over from server a to >> server b? >> >> If so, we've found the scp tool invaluable. Permissions can be tricky >> though if the userids/groupids are different on the new server, so watch >> for that. >> >> Let me know if you have any questions. >> >> Cheers, >> Chris > > If same users and groups already exist on the target server, rsync (over SSH > for security) will take care of it perfectly. Mind you, I'm a novice when it > comes to postfix! But rsync will take goos care or uid/gid/permissions and > recursively. nothing beats tar > > Cheers! > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From gerard at seibercom.net Wed Feb 21 01:28:04 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Wed Feb 21 00:32:49 2007 Subject: LookOUT 2007 In-Reply-To: References: <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> Message-ID: <20070220192712.2DD1.GERARD@seibercom.net> On Tuesday February 20, 2007 at 06:23:15 (PM) Scott Silva wrote: [snip] > >> > Anyway, all you really need is to know how to order a beer;). > >> > > >> > Cheers > >> In most pubs I've been in, you only have to be able to order the first > >> one. > >> After that the bartenders all seem to understand the finger pointing > >> to the > >> empty glass as the universal sign of "I'll have another"! > > True. > > Only works for barteders though, I've tried it one my wife > > unsuccessfully on several occasions (for some reason she either just > > glares, mutters about "lazy oafs" or start throwing things...:-) > > Cheers > I hear that! My wife just gives a finger back! ;-P How many men does it take to open a beer? None. It should be opened by the time she brings it to you. -- Gerard From res at ausics.net Wed Feb 21 01:28:54 2007 From: res at ausics.net (Res) Date: Wed Feb 21 00:34:00 2007 Subject: Setting up test server In-Reply-To: <004b01c7554b$c2751670$475f4350$@com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <004b01c7554b$c2751670$475f4350$@com> Message-ID: On Tue, 20 Feb 2007, Rob Freeman wrote: > rsync -avru /home/ -e ssh root@testserverip:/home/ rsync by default uses ssh, and has done for a few of years now -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From ka at pacific.net Wed Feb 21 01:41:38 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 21 00:42:40 2007 Subject: LookOUT 2007 In-Reply-To: <20070220192712.2DD1.GERARD@seibercom.net> References: <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> <20070220192712.2DD1.GERARD@seibercom.net> Message-ID: <45DB9542.2050208@pacific.net> Gerard Seibert wrote: > On Tuesday February 20, 2007 at 06:23:15 (PM) Scott Silva wrote: > > [snip] > >>>>> Anyway, all you really need is to know how to order a beer;). >>>>> >>>>> Cheers >>>> In most pubs I've been in, you only have to be able to order the first >>>> one. >>>> After that the bartenders all seem to understand the finger pointing >>>> to the >>>> empty glass as the universal sign of "I'll have another"! >>> True. >>> Only works for barteders though, I've tried it one my wife >>> unsuccessfully on several occasions (for some reason she either just >>> glares, mutters about "lazy oafs" or start throwing things...:-) >>> Cheers >> I hear that! My wife just gives a finger back! ;-P > > How many men does it take to open a beer? > None. It should be opened by the time she brings it to you. > Yeah, then Wife goes shopping online, so it turns out to be an expensive beer. From rob at robhq.com Wed Feb 21 01:49:10 2007 From: rob at robhq.com (Rob Freeman) Date: Wed Feb 21 00:54:40 2007 Subject: Setting up test server In-Reply-To: References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <004b01c7554b$c2751670$475f4350$@com> Message-ID: <006b01c75552$26024270$7206c750$@com> Just old school here :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Tuesday, February 20, 2007 6:29 PM To: MailScanner discussion Subject: RE: Setting up test server On Tue, 20 Feb 2007, Rob Freeman wrote: > rsync -avru /home/ -e ssh root@testserverip:/home/ rsync by default uses ssh, and has done for a few of years now -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.18.3/694 - Release Date: 2/20/2007 1:44 PM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.441 / Virus Database: 268.18.3/694 - Release Date: 2/20/2007 1:44 PM From hmkash at arl.army.mil Wed Feb 21 02:08:31 2007 From: hmkash at arl.army.mil (Kash, Howard (Civ, ARL/CISD)) Date: Wed Feb 21 01:13:27 2007 Subject: MailScanner is ignoring some ClamAV 'viruses' from NDB signaturedatabases References: <4165CF7A7F12DE4B96622CCBB905864709666B37@largo.campus.ncl.ac.uk> Message-ID: <88991ECEE371C644986F0C8837C207B70146472D@ARLABML01.DS.ARL.ARMY.MIL> I've reported the same problem multiple times before with McAfee (both on list an in private): http://lists.mailscanner.info/pipermail/mailscanner/2006-October/066261.html Seems that if a silent virus is only detected in the .header file and not in the attachment itself, it is not properly flagged as silent. This becomes much more prevalent if you set "Max Spam Check Size" to a relatively low value (say 150k) since larger virus emails which are typically also blocked as spam start getting through (the virus doesn't get through, but the disinfected message does, even though it should have been dropped as a silent virus). Howard ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Quentin Campbell Sent: Tue 2/20/2007 3:50 AM To: MailScanner discussion Subject: MailScanner is ignoring some ClamAV 'viruses' from NDB signaturedatabases I recently started using some of the extra .NDB/.HDB signature databases for ClamAV from Sanesecurity - http://www.sanesecurity.com/clamav/. In some cases MailScanner is recognising a 'virus' detected by these but is still delivering the message rather than dropping it silently. All the log entries for messages behaving this way appear to have a corrupted path name in the virus "FOUND" log record from MailScanner: Feb 20 08:00:07 cheviot1 MailScanner[26921]: /var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header: Email.Spam.Gen103.Sanesecurity.07011703 FOUND [the faulty part above is "/l1K7xWrE017195.header:"] The "...MailScanner[12345]: Infected message..." log record also appears to be corrupt and has lost information: Feb 20 08:00:08 cheviot1 MailScanner[26921]: Infected message l1K7xWrE017195.header came from [missing the IP address after the "from"] A correctly formed virus "FOUND" log record from MailScanner should look like: Feb 20 08:26:45 cheviot1 MailScanner[27169]: /var/spool/MailScanner/incoming/27169/./l1K8QOTB029479/msg-27169-879.htm l: Html.Img.Gen013.Sanesecurity.06112900 FOUND and the "...MailScanner[12345]: Infected message..." log record should look like: Feb 20 08:26:46 cheviot1 MailScanner[27169]: Infected message l1K8QOTB029479 came from 77.124.14.204 The fault occurs with MailScanner-4.57.6-1 running with either ClamAV-0.87.7 or ClamAV-0.90. Appended are the full set of log records for: (1) a message whose handling shows the bug, and (2) a message whose handling was as expected. Quentin Campbell --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), Newcastle University, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------ ---- extracts from the Sendmail logs Below are the log records for a 'virus' message that should have been dropped silently: Feb 20 07:59:49 cheviot1 sendmail[17195]: l1K7xWrE017195: from=, size=1500, class=0, nrcpts=1, msgid=<432422272.75323578912331@thebat.net>, proto=ESMTP, daemon=MTA, relay=BT-LOADED-PPP15.BTI.NET.PH [203.115.176.15] (may be forged) Feb 20 07:59:49 cheviot1 sendmail[17195]: l1K7xWrE017195: to=, delay=00:00:04, mailer=esmtp, pri=31500, stat=queued Feb 20 07:59:57 cheviot1 MailScanner[26921]: Message l1K7xWrE017195 from 203.115.176.15 (kapprentice@sbcglobal.net) to ncl.ac.uk is spam, SpamAssassin (not cached, score=6.732, required 6, autolearn=disabled, DATE_IN_PAST_96_XX 1.57, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, SARE_LWHUGE 1.00, SARE_LWSYMFMT 1.66) Feb 20 08:00:04 cheviot1 MailScanner[26921]: Spam Actions: message l1K7xWrE017195 actions are attachment,deliver Feb 20 08:00:07 cheviot1 MailScanner[26921]: /var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header: Email.Spam.Gen103.Sanesecurity.07011703 FOUND Feb 20 08:00:08 cheviot1 MailScanner[26921]: Infected message l1K7xWrE017195.header came from Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: SMTP outgoing connect on cheviot1.ncl.ac.uk Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: to=, delay=00:00:23, xdelay=00:00:00, mailer=esmtp, pri=121500, relay=cyrus.ncl.ac.uk. [128.240.233.238], dsn=2.0.0, stat=Sent (l1K808jg011667 Message accepted for delivery) Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: done; delay=00:00:23, ntries=1 ---- Below are the log records for a 'virus' message that was correctly handled: Feb 20 08:26:31 cheviot1 sendmail[29479]: l1K8QOTB029479: from=, size=13226, class=0, nrcpts=1, msgid=<000901c754c8$cdeb22c0$017fe9fc@usyvimkq>, proto=ESMTP, daemon=MTA, relay=IGLD-77-124-14-204.inter.net.il [77.124.14.204] (may be forged) Feb 20 08:26:31 cheviot1 sendmail[29479]: l1K8QOTB029479: to=, delay=00:00:02, mailer=esmtp, pri=43226, stat=queued Feb 20 08:26:33 cheviot1 MailScanner[27169]: Message l1K8QOTB029479 from 77.124.14.204 (AAA.BBB@ncl.ac.uk) is whitelisted Feb 20 08:26:45 cheviot1 MailScanner[27169]: /var/spool/MailScanner/incoming/27169/./l1K8QOTB029479/msg-27169-879.htm l: Html.Img.Gen013.Sanesecurity.06112900 FOUND Feb 20 08:26:46 cheviot1 MailScanner[27169]: Infected message l1K8QOTB029479 came from 77.124.14.204 Feb 20 08:26:46 cheviot1 MailScanner[27169]: HTML Img tag found in message l1K8QOTB029479 from AAA.BBB@ncl.ac.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hden at kcbbs.gen.nz Wed Feb 21 04:47:39 2007 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Wed Feb 21 03:33:36 2007 Subject: Clarifying Whitelist syntax In-Reply-To: <88991ECEE371C644986F0C8837C207B70146472D@ARLABML01.DS.ARL.ARMY.MIL> References: <4165CF7A7F12DE4B96622CCBB905864709666B37@largo.campus.ncl.ac.uk> <88991ECEE371C644986F0C8837C207B70146472D@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: <20070221034739.GA4769@mew.kcbbs.gen.nz> We're trying to resolve some issues, and would appreciate clarification of the following. We have a common domain suffix as follows.. users@[various_school_names].school.nz and would like to whitelist all and any email with this suffix. So in whitelist rules, which of the folowing should we use? >From school.nz Yes OR? >From .school.nz Yes OR? >From *.school.nz Yes Cheers! Dave From res at ausics.net Wed Feb 21 04:33:39 2007 From: res at ausics.net (Res) Date: Wed Feb 21 03:38:40 2007 Subject: Clarifying Whitelist syntax In-Reply-To: <20070221034739.GA4769@mew.kcbbs.gen.nz> References: <4165CF7A7F12DE4B96622CCBB905864709666B37@largo.campus.ncl.ac.uk> <88991ECEE371C644986F0C8837C207B70146472D@ARLABML01.DS.ARL.ARMY.MIL> <20070221034739.GA4769@mew.kcbbs.gen.nz> Message-ID: On Wed, 21 Feb 2007, Hendrik den Hartog wrote: > We're trying to resolve some issues, and would appreciate clarification of > the following. > > We have a common domain suffix as follows.. > > users@[various_school_names].school.nz > > and would like to whitelist all and any email with this suffix. So in > whitelist rules, which of the folowing should we use? > >> From *.school.nz Yes Use From: *@*.school.nz yes If you have trusted IP's you could also use From: 1.2.3. yes > > Cheers! > Dave > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From lhaig at haigmail.com Wed Feb 21 07:19:15 2007 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 21 06:24:09 2007 Subject: Setting up test server In-Reply-To: <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> Message-ID: <45DBE463.40204@haigmail.com> Hi Drew, > OK, I think I have slightly miss read your original question. Pretend > I know nothing (Not hard!) and tell me what you are trying to achieve. > Do you want to move the mail you have, duplicate the mail that you are > receiving to a second box, duplicate some of the mail you are > receiving to some users on the new box? > > Sorry, not enough beer yet... > I think it is my explanation of what I want to achieve :-) My MS servers act as a gateway for my mail going to another server that is not running any opensource mail system. I want to duplicate the mail going through the gateways and deliver it to the new test server which runs the bongo server and its agents(MTA webaccess calendar etc) The reason for this is to change the front end to add extra features that it currently does not have and also integrate it with my portal system. I hope that this makes better sense. Thanks for taking the time to answer this Lance From lhaig at haigmail.com Wed Feb 21 09:32:13 2007 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 21 08:37:11 2007 Subject: Setting up test server In-Reply-To: <7.0.1.0.0.20070220181519.090a76f8@1bigthink.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <45DB78AF.1040803@fractalweb.com> <7.0.1.0.0.20070220181519.090a76f8@1bigthink.com> Message-ID: <45DC038D.2040705@haigmail.com> Hi thanks for the response I think I did not explain what I have properly The MS server do not host any mail and the mail servers are not running postfix or sendmail etc.. it looks like I will have to create non spam forwards with MailScanner to achieve what i want. Thanks again Lance dnsadmin 1bigthink.com wrote: > At 05:39 PM 2/20/2007, you wrote: > >> Lance Haig wrote: >>> Drew, >>> >>> is there no way to do this for a whole domain? >>> >>> Lance >> Lance, >> >> Do you mean that you want to move everyone's inboxes over from server >> a to server b? >> >> If so, we've found the scp tool invaluable. Permissions can be tricky >> though if the userids/groupids are different on the new server, so >> watch for that. >> >> Let me know if you have any questions. >> >> Cheers, >> Chris > > If same users and groups already exist on the target server, rsync > (over SSH for security) will take care of it perfectly. Mind you, I'm > a novice when it comes to postfix! But rsync will take goos care or > uid/gid/permissions and recursively. > > Cheers! From lhaig at haigmail.com Wed Feb 21 09:32:55 2007 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 21 08:37:52 2007 Subject: Setting up test server In-Reply-To: References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <45DB78AF.1040803@fractalweb.com> <7.0.1.0.0.20070220181519.090a76f8@1bigthink.com> Message-ID: <45DC03B7.30008@haigmail.com> I agree but it will not help me in this instance. Thanks for the suggestion though Lance Res wrote: > On Tue, 20 Feb 2007, dnsadmin 1bigthink.com wrote: > >> At 05:39 PM 2/20/2007, you wrote: >> >>> Lance Haig wrote: >>>> Drew, >>>> >>>> is there no way to do this for a whole domain? >>>> >>>> Lance >>> Lance, >>> >>> Do you mean that you want to move everyone's inboxes over from >>> server a to server b? >>> >>> If so, we've found the scp tool invaluable. Permissions can be >>> tricky though if the userids/groupids are different on the new >>> server, so watch for that. >>> >>> Let me know if you have any questions. >>> >>> Cheers, >>> Chris >> >> If same users and groups already exist on the target server, rsync >> (over SSH for security) will take care of it perfectly. Mind you, I'm >> a novice when it comes to postfix! But rsync will take goos care or >> uid/gid/permissions and recursively. > > > nothing beats tar > >> >> Cheers! > From stef at aoc-uk.com Wed Feb 21 10:33:29 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Wed Feb 21 09:38:24 2007 Subject: Poor me... References: <2861F1B24EB21D4EBD8A2A72DD8219050CE817@flatulous.aoc-uk.com><223f97700702200148t31064689u395a4b193fd6a1f7@mail.gmail.com> Message-ID: <2861F1B24EB21D4EBD8A2A72DD8219050CE820@flatulous.aoc-uk.com> On , mailscanner-bounces@lists.mailscanner.info wrote: > On 20/02/07, Scott Silva wrote: >> Glenn Steen spake the following on 2/20/2007 1:48 AM: >>> On 20/02/07, Stef Morrell wrote: >>>> You know what really grinds my gears... I just started receiving >>>> spam with the following.. >>>> >>>> "Poor you, i don't even think how much spam you are recive." >>> That's it? No offers of any kind? Hilarious!;-) >>> >>>> Some days I wonder why I get out of bed. >>> See it from the positive side Stef, getting up means you eventually >>> get to go back to bed;-). >>> >>> Cheers >> Why does the time between "go back to bed" and "get up in the >> morning" just seem shorter and shorter every year? > Not enough amber infusions? > Bad memory? I can't recall....:-) "Right. I had to get up in the morning at ten o'clock at night half an hour before I went to bed" ... (Monty Python Yorkshireman sketch). Seems familiar somehow... Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. UK734421454 From glenn.steen at gmail.com Wed Feb 21 10:45:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 21 09:50:35 2007 Subject: LookOUT 2007 In-Reply-To: <20070220192712.2DD1.GERARD@seibercom.net> References: <223f97700702201321q316ef3ebmcf9320ebe976bb01@mail.gmail.com> <20070220192712.2DD1.GERARD@seibercom.net> Message-ID: <223f97700702210145j151ad5abk2984011cd819a01@mail.gmail.com> On 21/02/07, Gerard Seibert wrote: > On Tuesday February 20, 2007 at 06:23:15 (PM) Scott Silva wrote: > > [snip] > > > >> > Anyway, all you really need is to know how to order a beer;). > > >> > > > >> > Cheers > > >> In most pubs I've been in, you only have to be able to order the first > > >> one. > > >> After that the bartenders all seem to understand the finger pointing > > >> to the > > >> empty glass as the universal sign of "I'll have another"! > > > True. > > > Only works for barteders though, I've tried it one my wife > > > unsuccessfully on several occasions (for some reason she either just > > > glares, mutters about "lazy oafs" or start throwing things...:-) > > > Cheers > > I hear that! My wife just gives a finger back! ;-P > > How many men does it take to open a beer? > None. It should be opened by the time she brings it to you. :-) Not married, are you?... These things only seem to work in jokes:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pr2007 at ibs.fr Wed Feb 21 11:39:28 2007 From: pr2007 at ibs.fr (pr2007@ibs.fr) Date: Wed Feb 21 10:44:08 2007 Subject: X509: size of collumn in attachment changes and causes body alteration Message-ID: <45DC2160.5070605@ibs.fr> Hi, As you know, when signing a message with X509 certificate, a checksum of the body is made. When the recipient opens the signed message, the body should not have changed. We have a *problem with attached files*. As Mailscanner *modified the body,* the *numeric signature is broken.* *_Here is a example:_* * Before mailscanner, this base64 attachment contained 73 columns.* --------------ms050704040207000105000505 Content-Type: application/x-pkcs7-signature; name="test.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIHnTCC A20wggJVoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwKzELMAkGA1UEBhMCRlIxDTALBgNVBAoT ... AKNb/vSOP5gprnSi0cbMds8btE8HttC5xc46qETIu24iciSmwjkbgwrT6kIREFRKm2m/fJaQ u/qieuH5tCOsQt8k4exj2A4xsZrQnGFsYfOHutdMSs1WAAAAAAAA --------------ms050704040207000105000505-- * After mailscanner, the base64 attachment contains 61 columns only.* --------------ms050704040207000105000505 Content-Type: application/x-pkcs7-signature; name="test.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIHnTCCA20wggJVoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwKzELMAkG ... tE8HttC5xc46qETIu24iciSmwjkbgwrT6kIREFRKm2m/fJaQu/qieuH5tCOs Qt8k4exj2A4xsZrQnGFsYfOHutdMSs1WAAAAAAAA --------------ms050704040207000105000505-- _* Context:*_ - Debian Testing - Postfix - Clamav with Perl Module - SpamAssassin version 3.1.7 - Perl version 5.8.8 (updated with CPAN) - MailScanner installed from debian package (v4.51.5) *Is the problem known and is there a workaround ?* Thanks in advance ! -- Pierre Rolland - Phone: +33(0)4 38 78 96 34 Institut de Biologie Structurale-CNRS (UMR 5075)/CEA/UJF - IBS 41 Av. Jules Horowitz - 38027 Grenoble Cedex 1 - France Trust in CNRS's certificates: http://igc.services.cnrs.fr/Doc/General/trust.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070221/d2659a78/attachment.html From Q.G.Campbell at newcastle.ac.uk Wed Feb 21 13:47:06 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Feb 21 12:52:08 2007 Subject: MailScanner is ignoring some ClamAV 'viruses' from NDBsignaturedatabases In-Reply-To: <88991ECEE371C644986F0C8837C207B70146472D@ARLABML01.DS.ARL.ARMY.MIL> References: <4165CF7A7F12DE4B96622CCBB905864709666B37@largo.campus.ncl.ac.uk> <88991ECEE371C644986F0C8837C207B70146472D@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: <4165CF7A7F12DE4B96622CCBB905864709666DA8@largo.campus.ncl.ac.uk> Howard Thanks for that info. It looks like we are seeing the same behaviour. It thus appears to be a long standing bug in MailScanner. A pity that Julian won't/cant' fix it. In our case I suspect a particular collection of new ClamAV signatures I am using _only_ operates on the message headers and not the message body and attachments. This is probably why the problem has a higher visability now because we have always tagged and delivered spam messages, rather than quarantining them, and I have never noticed this before. Please excuse my comment about corrupt pathnames in log files. Of course the logged pathname, /var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header, was correct and I should have realised that. :-( Quentin >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Kash, Howard (Civ, ARL/CISD) >Sent: 21 February 2007 01:09 >To: MailScanner discussion; MailScanner discussion >Subject: RE: MailScanner is ignoring some ClamAV 'viruses' >from NDBsignaturedatabases > >I've reported the same problem multiple times before with >McAfee (both on list an in private): > >http://lists.mailscanner.info/pipermail/mailscanner/2006-October/066261 .html > >Seems that if a silent virus is only detected in the .header >file and not in the attachment itself, it is not properly >flagged as silent. This becomes much more prevalent if you >set "Max Spam Check Size" to a relatively low value (say 150k) >since larger virus emails which are typically also blocked as >spam start getting through (the virus doesn't get through, but >the disinfected message does, even though it should have been >dropped as a silent virus). > > >Howard > > >________________________________ > >From: mailscanner-bounces@lists.mailscanner.info on behalf of >Quentin Campbell >Sent: Tue 2/20/2007 3:50 AM >To: MailScanner discussion >Subject: MailScanner is ignoring some ClamAV 'viruses' from >NDB signaturedatabases > > > >I recently started using some of the extra .NDB/.HDB signature >databases >for ClamAV from Sanesecurity - http://www.sanesecurity.com/clamav/. > >In some cases MailScanner is recognising a 'virus' detected by >these but >is still delivering the message rather than dropping it silently. All >the log entries for messages behaving this way appear to have a >corrupted path name in the virus "FOUND" log record from MailScanner: > >Feb 20 08:00:07 cheviot1 MailScanner[26921]: >/var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header: >Email.Spam.Gen103.Sanesecurity.07011703 FOUND > >[the faulty part above is "/l1K7xWrE017195.header:"] > >The "...MailScanner[12345]: Infected message..." log record >also appears >to be corrupt and has lost information: > >Feb 20 08:00:08 cheviot1 MailScanner[26921]: Infected message >l1K7xWrE017195.header came from > >[missing the IP address after the "from"] > >A correctly formed virus "FOUND" log record from MailScanner >should look >like: > >Feb 20 08:26:45 cheviot1 MailScanner[27169]: >/var/spool/MailScanner/incoming/27169/./l1K8QOTB029479/msg-2716 >9-879.htm >l: Html.Img.Gen013.Sanesecurity.06112900 FOUND > >and the "...MailScanner[12345]: Infected message..." log record should >look like: > >Feb 20 08:26:46 cheviot1 MailScanner[27169]: Infected message >l1K8QOTB029479 came from 77.124.14.204 > >The fault occurs with MailScanner-4.57.6-1 running with either >ClamAV-0.87.7 or ClamAV-0.90. > >Appended are the full set of log records for: (1) a message whose >handling shows the bug, and (2) a message whose handling was as >expected. > >Quentin Campbell >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > Newcastle University, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------ > > >---- extracts from the Sendmail logs > >Below are the log records for a 'virus' message that should have been >dropped silently: > >Feb 20 07:59:49 cheviot1 sendmail[17195]: l1K7xWrE017195: >from=, size=1500, class=0, nrcpts=1, >msgid=<432422272.75323578912331@thebat.net>, proto=ESMTP, daemon=MTA, >relay=BT-LOADED-PPP15.BTI.NET.PH [203.115.176.15] (may be forged) >Feb 20 07:59:49 cheviot1 sendmail[17195]: l1K7xWrE017195: >to=, delay=00:00:04, mailer=esmtp, pri=31500, >stat=queued >Feb 20 07:59:57 cheviot1 MailScanner[26921]: Message >l1K7xWrE017195 from >203.115.176.15 (kapprentice@sbcglobal.net) to ncl.ac.uk is spam, >SpamAssassin (not cached, score=6.732, required 6, autolearn=disabled, >DATE_IN_PAST_96_XX 1.57, RAZOR2_CF_RANGE_51_100 0.50, >RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, SARE_LWHUGE 1.00, >SARE_LWSYMFMT 1.66) >Feb 20 08:00:04 cheviot1 MailScanner[26921]: Spam Actions: message >l1K7xWrE017195 actions are attachment,deliver >Feb 20 08:00:07 cheviot1 MailScanner[26921]: >/var/spool/MailScanner/incoming/26921/./l1K7xWrE017195.header: >Email.Spam.Gen103.Sanesecurity.07011703 FOUND >Feb 20 08:00:08 cheviot1 MailScanner[26921]: Infected message >l1K7xWrE017195.header came from >Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: SMTP outgoing >connect on cheviot1.ncl.ac.uk >Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: >to=, delay=00:00:23, xdelay=00:00:00, mailer=esmtp, >pri=121500, relay=cyrus.ncl.ac.uk. [128.240.233.238], dsn=2.0.0, >stat=Sent (l1K808jg011667 Message accepted for delivery) >Feb 20 08:00:08 cheviot1 sendmail[17500]: l1K7xWrE017195: done; >delay=00:00:23, ntries=1 > >---- > >Below are the log records for a 'virus' message that was correctly >handled: > >Feb 20 08:26:31 cheviot1 sendmail[29479]: l1K8QOTB029479: >from=, size=13226, class=0, nrcpts=1, >msgid=<000901c754c8$cdeb22c0$017fe9fc@usyvimkq>, proto=ESMTP, >daemon=MTA, relay=IGLD-77-124-14-204.inter.net.il [77.124.14.204] (may >be forged) >Feb 20 08:26:31 cheviot1 sendmail[29479]: l1K8QOTB029479: >to=, delay=00:00:02, mailer=esmtp, pri=43226, >stat=queued >Feb 20 08:26:33 cheviot1 MailScanner[27169]: Message >l1K8QOTB029479 from >77.124.14.204 (AAA.BBB@ncl.ac.uk) is whitelisted >Feb 20 08:26:45 cheviot1 MailScanner[27169]: >/var/spool/MailScanner/incoming/27169/./l1K8QOTB029479/msg-2716 >9-879.htm >l: Html.Img.Gen013.Sanesecurity.06112900 FOUND >Feb 20 08:26:46 cheviot1 MailScanner[27169]: Infected message >l1K8QOTB029479 came from 77.124.14.204 >Feb 20 08:26:46 cheviot1 MailScanner[27169]: HTML Img tag found in >message l1K8QOTB029479 from AAA.BBB@ncl.ac.uk >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > From DrewB at united-systems.com Wed Feb 21 16:23:12 2007 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Feb 21 15:29:11 2007 Subject: Message ID Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F77850@uss2k01.united-systems.local> I'm using MailScanner in conjunction with Postfix. I know that when an attachment is stopped, there is a text file included that has the path to the file so you can release it if need be. Is there any way to include this file name (not the entire path, of course) into the headers of all mail that is sent? Drew Burchett United Systems & Software Ph: (270)527-3293 Fax: (270)527-3132 -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070221/b586d671/attachment.html From ka at pacific.net Wed Feb 21 17:36:02 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 21 16:37:07 2007 Subject: Setting up test server In-Reply-To: <45DBE463.40204@haigmail.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <45DBE463.40204@haigmail.com> Message-ID: <45DC74F2.7030101@pacific.net> Lance Haig wrote: > Hi Drew, > > >> OK, I think I have slightly miss read your original question. Pretend >> I know nothing (Not hard!) and tell me what you are trying to achieve. >> Do you want to move the mail you have, duplicate the mail that you are >> receiving to a second box, duplicate some of the mail you are >> receiving to some users on the new box? >> >> Sorry, not enough beer yet... >> > > I think it is my explanation of what I want to achieve :-) > > My MS servers act as a gateway for my mail going to another server that > is not running any opensource mail system. > I want to duplicate the mail going through the gateways and deliver it > to the new test server which runs the bongo server and its agents(MTA > webaccess calendar etc) > snertsoft's milter-roundhouse might work, depending on your current gateway implementation. Ken A Pacific.Net > The reason for this is to change the front end to add extra features > that it currently does not have and also integrate it with my portal > system. > > I hope that this makes better sense. > > Thanks for taking the time to answer this > > Lance > > From mike at vesol.com Wed Feb 21 17:42:32 2007 From: mike at vesol.com (Mike Kercher) Date: Wed Feb 21 16:52:11 2007 Subject: Setting up test server References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <45DBE463.40204@haigmail.com> Message-ID: ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Lance Haig Sent: Wed 2/21/2007 12:19 AM To: MailScanner discussion Subject: Re: Setting up test server Hi Drew, > OK, I think I have slightly miss read your original question. Pretend > I know nothing (Not hard!) and tell me what you are trying to achieve. > Do you want to move the mail you have, duplicate the mail that you are > receiving to a second box, duplicate some of the mail you are > receiving to some users on the new box? > > Sorry, not enough beer yet... > I think it is my explanation of what I want to achieve :-) My MS servers act as a gateway for my mail going to another server that is not running any opensource mail system. I want to duplicate the mail going through the gateways and deliver it to the new test server which runs the bongo server and its agents(MTA webaccess calendar etc) The reason for this is to change the front end to add extra features that it currently does not have and also integrate it with my portal system. I hope that this makes better sense. Thanks for taking the time to answer this Lance -- Could you not use the Archive function of MailScanner and "archive" a copy of mail to userA@domain.com to userA@bongo.server? Mike -------------- next part -------------- ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Lance Haig Sent: Wed 2/21/2007 12:19 AM To: MailScanner discussion Subject: Re: Setting up test server Hi Drew, > OK, I think I have slightly miss read your original question. Pretend > I know nothing (Not hard!) and tell me what you are trying to achieve. > Do you want to move the mail you have, duplicate the mail that you are > receiving to a second box, duplicate some of the mail you are > receiving to some users on the new box? > > Sorry, not enough beer yet... > I think it is my explanation of what I want to achieve :-) My MS servers act as a gateway for my mail going to another server that is not running any opensource mail system. I want to duplicate the mail going through the gateways and deliver it to the new test server which runs the bongo server and its agents(MTA webaccess calendar etc) The reason for this is to change the front end to add extra features that it currently does not have and also integrate it with my portal system. I hope that this makes better sense. Thanks for taking the time to answer this Lance -- Could you not use the Archive function of MailScanner and "archive" a copy of mail to userA@domain.com to userA@bongo.server? Mike From itdept at fractalweb.com Wed Feb 21 18:56:29 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 21 18:02:23 2007 Subject: Setting up test server In-Reply-To: <45DBE463.40204@haigmail.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <45DBE463.40204@haigmail.com> Message-ID: <45DC87CD.3000803@fractalweb.com> Lance Haig wrote: > I think it is my explanation of what I want to achieve :-) > > My MS servers act as a gateway for my mail going to another server > that is not running any opensource mail system. > I want to duplicate the mail going through the gateways and deliver it > to the new test server which runs the bongo server and its agents(MTA > webaccess calendar etc) > > The reason for this is to change the front end to add extra features > that it currently does not have and also integrate it with my portal > system. > > I hope that this makes better sense. > > Thanks for taking the time to answer this > > Lance Lance, I just did some googling on Bongo mail and calendar server, and unless I ended up on an old page, it's currently classed as "pre-alpha". Are you just testing this, or are you planning on putting it into a production environment? Chris From itdept at fractalweb.com Wed Feb 21 19:08:30 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 21 18:14:18 2007 Subject: performance testing new server, results Message-ID: <45DC8A9E.3070909@fractalweb.com> Hi everyone, As I mentioned in a previous thread or two, we're almost ready to roll out our new mail server. To stress test it, I have essentially captured several hours worth of live queue files from the current production server, both spam and ham. To be even more mean to the new box, I have disabled spamassassin caching. Finally, (and I feel like a bit of a mad scientist), I simply copied all of those queue files (about 4500) into /var/spool/mqueue.in. Mwahahaha. The server is chewing through them in batches of 30, with the recommended of 5 children per CPU (we have dual 3 GHz Xeons in this box) there are 10 children. With all the features turned on, including fuzzyocr (cranked up), bayes and clamav, but spamassassin caching off, it seems to be averaging about 140 seconds per batch of 30. Server load is averaging 2.56 over last 15 minutes. So in past 20 minutes, it's handled about 2500 messages. Does this performance seem about right? Or should it be significantly better? Thanks, Chris From am.lists at gmail.com Wed Feb 21 19:20:17 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 21 18:25:16 2007 Subject: performance testing new server, results In-Reply-To: <45DC8A9E.3070909@fractalweb.com> References: <45DC8A9E.3070909@fractalweb.com> Message-ID: <25a66d840702211020q488f6e76nf5c16b6e62cf22b2@mail.gmail.com> On 2/21/07, Chris Yuzik wrote: >I simply copied all of those queue files (about 4500) into > /var/spool/mqueue.in. Mwahahaha. >With all the features turned on, including > fuzzyocr (cranked up), bayes and clamav, but spamassassin caching off, > it seems to be averaging about 140 seconds per batch of 30. Server load > is averaging 2.56 over last 15 minutes. So in past 20 minutes, it's > handled about 2500 messages. Chris, Benchmarking performance like this is so difficult to get right. There are so many variables. For one, you've hobbled all of the things that the software can do to attain better performance. I sorta agree/sorta disagree here. On one hand, it gives you total worst-case-scenario numbers, but then on the other hand, you hope your server never has those conditions to work under. (So you really don't know how well it can perform, you only know how poorly it can perform.) Here's a better question: What throughput numbers (Msgs/minute) do you need to attain? Under load, how did the box perform? Was it CPU-bound? Memory-bound/swapping? Or was it pushing a limit on network bandwidth? (I would assume you were NOT sending mail out during the test...) Regards, Angelo From ka at pacific.net Wed Feb 21 19:33:19 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 21 18:34:25 2007 Subject: performance testing new server, results In-Reply-To: <45DC8A9E.3070909@fractalweb.com> References: <45DC8A9E.3070909@fractalweb.com> Message-ID: <45DC906F.3040702@pacific.net> Chris Yuzik wrote: > Hi everyone, > > As I mentioned in a previous thread or two, we're almost ready to roll > out our new mail server. To stress test it, I have essentially captured > several hours worth of live queue files from the current production > server, both spam and ham. To be even more mean to the new box, I have > disabled spamassassin caching. Finally, (and I feel like a bit of a mad > scientist), I simply copied all of those queue files (about 4500) into > /var/spool/mqueue.in. Mwahahaha. > > The server is chewing through them in batches of 30, with the > recommended of 5 children per CPU (we have dual 3 GHz Xeons in this box) > there are 10 children. With all the features turned on, including > fuzzyocr (cranked up), bayes and clamav, but spamassassin caching off, > it seems to be averaging about 140 seconds per batch of 30. Server load > is averaging 2.56 over last 15 minutes. So in past 20 minutes, it's > handled about 2500 messages. Seems close. If you don't have > 2gb of ram, consider it because if these are dual core processors, then you can up the children to 15 or so if you have enough ram. Have you done other performance tweaks - mailscanner incoming in tmpfs?, spools and logs on separate spindles?, Fuzzyocr.cf tweaks? We put about 200k messages through a similar box yesterday. Load avg stayed ~2 and batches were consistently very small, so it wasn't really breaking a sweat. We don't use bayes, but do split recipients, and use SA caching. Try 'vmstat 2', 'iostat -x 2' or similar to see what, if anything is bottlenecking. Ken A. Pacific.Net > > Does this performance seem about right? Or should it be significantly > better? > > Thanks, > Chris From itdept at fractalweb.com Wed Feb 21 19:37:01 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 21 18:42:50 2007 Subject: performance testing new server, results In-Reply-To: <25a66d840702211020q488f6e76nf5c16b6e62cf22b2@mail.gmail.com> References: <45DC8A9E.3070909@fractalweb.com> <25a66d840702211020q488f6e76nf5c16b6e62cf22b2@mail.gmail.com> Message-ID: <45DC914D.9000507@fractalweb.com> am.lists wrote: > Benchmarking performance like this is so difficult to get right. There > are so many variables. For one, you've hobbled all of the things that > the software can do to attain better performance. I sorta agree/sorta > disagree here. On one hand, it gives you total worst-case-scenario > numbers, but then on the other hand, you hope your server never has > those conditions to work under. (So you really don't know how well it > can perform, you only know how poorly it can perform.) Right. I wanted to see worst-case-scenario and make sure box didn't hang, crash, or otherwise implode. As I write this the queue is now empty. Total time to process the 4500 spams/hams + all the mail that hit our production server during the test, about 45 minutes. The current production server seems to average between 8k to 10k per day. My next test will be to reduce the fuzzyocr setting down to where it's supposed to be, so it isn't called all the time, and to enable spamassassin caching. > Here's a better question: What throughput numbers (Msgs/minute) do you > need to attain? Well, as I mentioned above, we're currently handling about 10k messages per day, but that's increasing on a monthly basis. Also, the email volume we send/receive isn't constant, with peak time typically between 11am and 2pm each weekday. I'd like to be confident that this server can handle 50k to 75k messages per day, including not getting overloaded during peak times. > Under load, how did the box perform? Was it CPU-bound? > Memory-bound/swapping? Or was it pushing a limit on network bandwidth? > (I would assume you were NOT sending mail out during the test...) The CPU seemed to bounce around between 34% and 80%, spending most of its time hovering around 50%. The swap remained at 0k used throughout the test. This box was not sending out any mail to the internet during the test. Thanks for your help. Chris From am.lists at gmail.com Wed Feb 21 20:13:02 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 21 19:18:01 2007 Subject: Slightly OT: Choosing an outbound MTA Setup Message-ID: <25a66d840702211113q33e6961fv2b8c3fd2d0b9e35c@mail.gmail.com> I have my inbound MTA as Postfix, coming into MailScanner. As my hosting organization grows, I'm trying to scale as smartly as possible. The before picture (even before MailScanner) was a single box running about 60 domains. Web, FTP, Mail (plus commercial spam/virus filtering tools). We suffered through enough DDOS and dictionary attacks on the mail server that we could justify putting a MailScanner proxy into place. While we're still converting domains over to that infrastructure, We're now looking at sorting out the mail sendout piece. I'd like to qo with either Qmail or Postfix on a dedicated box, this way we can have the resources to just pump out the mail. We do a considerable amount of newsletters / mail lists for our users (all opt-in of course!), My proposed config would be fairly light: - MTA - Domain Keys signing ability - Administration (webmin, or something more than just ssh to manage it) I'd also like to use domain keys on the outbound side to further legitimize our messages. Postfix has "dkfilter.out" for this, but I'm wondering if anyone here has any suggestions. PS: I purposely didn't go on to the Postfix list and ask "Postfix or Qmail?" because I'm not sure I would have gotten the most unbiased opinion there. :-P At least here I know people have epxerience with a variety of configurations. Thanks all, Angelo From Denis.Beauchemin at USherbrooke.ca Wed Feb 21 20:47:09 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Feb 21 19:52:20 2007 Subject: New Mail::ClamAV Version In-Reply-To: <20070220214439.44A95CE30474@mail.noefer.org> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> <20070220214439.44A95CE30474@mail.noefer.org> Message-ID: <45DCA1BD.8060603@USherbrooke.ca> Holger N?fer a ?crit : > At 22:09 20.02.2007, you wrote: >> TCIS List Acct a ?crit : >>> >>> >>> Holger N?fer wrote: >>>> Hi, >>>> >>>> there is a new Mail::ClamAV Version. >>>> >>>> http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ >>>> >>>> It seems to compile with ClamAV 0.90. >>>> >>>> Best regards, >>>> Holger >>> >>> It does compile OK, but seems to blow up when run via MS: >>> >>> Feb 20 14:44:03 mscan1 MailScanner[49461]: ClamAVModule::LibClamAV >>> Warning: cli_pdf: Object number missing >>> Feb 20 14:44:08 mscan1 MailScanner[49461]: Virus Scanning: ClamAV >>> Module found 1 infections >>> Feb 20 14:45:03 mscan1 MailScanner[51163]: ClamAVModule::ERROR:: Zip >>> module failure:: ./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 >>> 06.pdf >>> Feb 20 14:45:10 mscan1 MailScanner[51163]: Virus Scanning: ClamAV >>> Module found 1 infections >> It works fine here. > > Works fine for me, too. > I will do more tests tomorrow. > > Holger > > >> Denis >> >> -- >> _ >> ?v? Denis Beauchemin, analyste >> /(_)\ Universit? de Sherbrooke, S.T.I. >> ^ ^ T: 819.821.8000x62252 F: 819.821.8045 >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Looks like I also get some ClamAV failures on occasion: Feb 21 05:33:50 132.210.244.91 MailScanner[10511]: ClamAVModule::ERROR:: Zip module failure:: ./l1LAXQ3O004865/Microsoft Word - stage cassoulet 2007.doc.pdf Feb 21 09:49:21 132.210.244.93 MailScanner[5146]: ClamAVModule::ERROR:: Zip module failure:: ./l1LEmrqo028225/Intra310H07.pdf Feb 21 10:47:26 132.210.244.93 MailScanner[9536]: ClamAVModule::ERROR:: Zip module failure:: ./l1LFlBlC017161/Intra310H07.pdf Feb 21 11:20:10 132.210.244.90 MailScanner[11883]: ClamAVModule::ERROR:: Not supported data format:: ./l1LGJFk9010461/EV-VBR_ARCON.zip Feb 21 14:40:31 132.210.244.93 MailScanner[19758]: ClamAVModule::ERROR:: Zip module failure:: ./l1LJeJPR001149/WACMQ-Invariance-submission.pdf Funny because I tested both ZIP and PDF files yesterday and got no error message. I guess the ones that fail have something special... I also compiled with default options and --disable-zlib-vcheck on RHEL 4. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070221/67b94562/smime.bin From dave.list at pixelhammer.com Wed Feb 21 20:50:57 2007 From: dave.list at pixelhammer.com (DAve) Date: Wed Feb 21 19:56:25 2007 Subject: Slightly OT: Choosing an outbound MTA Setup In-Reply-To: <25a66d840702211113q33e6961fv2b8c3fd2d0b9e35c@mail.gmail.com> References: <25a66d840702211113q33e6961fv2b8c3fd2d0b9e35c@mail.gmail.com> Message-ID: <45DCA2A1.9050309@pixelhammer.com> am.lists wrote: > I have my inbound MTA as Postfix, coming into MailScanner. As my > hosting organization grows, I'm trying to scale as smartly as > possible. > > The before picture (even before MailScanner) was a single box running > about 60 domains. Web, FTP, Mail (plus commercial spam/virus filtering > tools). > > We suffered through enough DDOS and dictionary attacks on the mail > server that we could justify putting a MailScanner proxy into place. > While we're still converting domains over to that infrastructure, > We're now looking at sorting out the mail sendout piece. > > I'd like to qo with either Qmail or Postfix on a dedicated box, this > way we can have the resources to just pump out the mail. We do a > considerable amount of newsletters / mail lists for our users (all > opt-in of course!), > > My proposed config would be fairly light: > - MTA > - Domain Keys signing ability > - Administration (webmin, or something more than just ssh to manage it) > > I'd also like to use domain keys on the outbound side to further > legitimize our messages. > > Postfix has "dkfilter.out" for this, but I'm wondering if anyone here > has any suggestions. > > PS: I purposely didn't go on to the Postfix list and ask "Postfix or > Qmail?" because I'm not sure I would have gotten the most unbiased > opinion there. :-P At least here I know people have epxerience with a > variety of configurations. Postfix makes a good outbound server, fairly simple administer. We looked at it here (just moving to two dedicated outbound servers now in fact) but chose qmail. Only because we will be forcing all our users to relay outbound traffic through us, and we will be forcing the use of smtp-auth. We already have qmail smtp-auth in our network so setup and maintenance are already in place. qmail will do DK as well, we don't use it so I have no experience with it. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From holger at noefer.org Wed Feb 21 21:08:58 2007 From: holger at noefer.org (Holger =?iso-8859-1?Q?N=F6fer?=) Date: Wed Feb 21 20:14:00 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DCA1BD.8060603@USherbrooke.ca> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> <20070220214439.44A95CE30474@mail.noefer.org> <45DCA1BD.8060603@USherbrooke.ca> Message-ID: <20070221200900.933ABCE3048A@mail.noefer.org> At 20:47 21.02.2007, you wrote: >Holger N?fer a ?crit : >>At 22:09 20.02.2007, you wrote: >>>TCIS List Acct a ?crit : >>>> >>>> >>>>Holger N?fer wrote: >>>>>Hi, >>>>> >>>>>there is a new Mail::ClamAV Version. >>>>> >>>>>http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ >>>>> >>>>>It seems to compile with ClamAV 0.90. >>>>> >>>>>Best regards, >>>>>Holger >>>> >>>>It does compile OK, but seems to blow up when run via MS: >>>> >>>>Feb 20 14:44:03 mscan1 MailScanner[49461]: >>>>ClamAVModule::LibClamAV Warning: cli_pdf: Object number missing >>>>Feb 20 14:44:08 mscan1 MailScanner[49461]: >>>>Virus Scanning: ClamAV Module found 1 infections >>>>Feb 20 14:45:03 mscan1 MailScanner[51163]: >>>>ClamAVModule::ERROR:: Zip module failure:: >>>>./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 06.pdf >>>>Feb 20 14:45:10 mscan1 MailScanner[51163]: >>>>Virus Scanning: ClamAV Module found 1 infections >>>It works fine here. >> >>Works fine for me, too. >>I will do more tests tomorrow. >> >>Holger >> >> >>>Denis >>> >>>-- >>> _ >>> ?v? Denis Beauchemin, analyste >>>/(_)\ Universit? de Sherbrooke, S.T.I. >>> ^ ^ T: 819.821.8000x62252 F: 819.821.8045 >>> >>> >>> >>> >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >Looks like I also get some ClamAV failures on occasion: >Feb 21 05:33:50 132.210.244.91 >MailScanner[10511]: ClamAVModule::ERROR:: Zip >module failure:: ./l1LAXQ3O004865/Microsoft Word - stage cassoulet 2007.doc.pdf >Feb 21 09:49:21 132.210.244.93 >MailScanner[5146]: ClamAVModule::ERROR:: Zip >module failure:: ./l1LEmrqo028225/Intra310H07.pdf >Feb 21 10:47:26 132.210.244.93 >MailScanner[9536]: ClamAVModule::ERROR:: Zip >module failure:: ./l1LFlBlC017161/Intra310H07.pdf >Feb 21 11:20:10 132.210.244.90 >MailScanner[11883]: ClamAVModule::ERROR:: Not >supported data format:: ./l1LGJFk9010461/EV-VBR_ARCON.zip >Feb 21 14:40:31 132.210.244.93 >MailScanner[19758]: ClamAVModule::ERROR:: Zip >module failure:: ./l1LJeJPR001149/WACMQ-Invariance-submission.pdf > >Funny because I tested both ZIP and PDF files >yesterday and got no error message. I guess the >ones that fail have something special... > >I also compiled with default options and --disable-zlib-vcheck on RHEL 4. > >Denis > >-- > _ > ?v? Denis Beauchemin, analyste >/(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > Today I got this error, too. But only one. I asked the developer about it. Holger >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Wed Feb 21 21:32:12 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 21 20:37:28 2007 Subject: performance testing new server, results In-Reply-To: <45DC8A9E.3070909@fractalweb.com> Message-ID: <77930a5184ef6e49930a4d410386ddef@solidstatelogic.com> Chris I think the recommended number of children is start at 5 children per CPU CORE so you should be able to run 10 children. Tuning the batch size is next (add 5 see any difference, remove 5 note difference). Have a look in the wiki for optimisation tips.. http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips and see how these affect your performance... Also check which third party Spamassassin rules that a physically larger than others (bigevil.cf for example should NOT be used). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik > Sent: 21 February 2007 18:09 > To: MailScanner discussion > Subject: performance testing new server, results > > Hi everyone, > > As I mentioned in a previous thread or two, we're almost ready to roll > out our new mail server. To stress test it, I have essentially captured > several hours worth of live queue files from the current production > server, both spam and ham. To be even more mean to the new box, I have > disabled spamassassin caching. Finally, (and I feel like a bit of a mad > scientist), I simply copied all of those queue files (about 4500) into > /var/spool/mqueue.in. Mwahahaha. > > The server is chewing through them in batches of 30, with the > recommended of 5 children per CPU (we have dual 3 GHz Xeons in this box) > there are 10 children. With all the features turned on, including > fuzzyocr (cranked up), bayes and clamav, but spamassassin caching off, > it seems to be averaging about 140 seconds per batch of 30. Server load > is averaging 2.56 over last 15 minutes. So in past 20 minutes, it's > handled about 2500 messages. > > Does this performance seem about right? Or should it be significantly > better? > > Thanks, > Chris > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From res at ausics.net Wed Feb 21 22:17:16 2007 From: res at ausics.net (Res) Date: Wed Feb 21 21:22:22 2007 Subject: Slightly OT: Choosing an outbound MTA Setup In-Reply-To: <25a66d840702211113q33e6961fv2b8c3fd2d0b9e35c@mail.gmail.com> References: <25a66d840702211113q33e6961fv2b8c3fd2d0b9e35c@mail.gmail.com> Message-ID: On Wed, 21 Feb 2007, am.lists wrote: > I have my inbound MTA as Postfix, coming into MailScanner. As my > hosting organization grows, I'm trying to scale as smartly as > possible. > > The before picture (even before MailScanner) was a single box running > about 60 domains. Web, FTP, Mail (plus commercial spam/virus filtering > tools). > > We suffered through enough DDOS and dictionary attacks on the mail > server that we could justify putting a MailScanner proxy into place. > While we're still converting domains over to that infrastructure, > We're now looking at sorting out the mail sendout piece. > > I'd like to qo with either Qmail or Postfix on a dedicated box, this > way we can have the resources to just pump out the mail. We do a > considerable amount of newsletters / mail lists for our users (all > opt-in of course!), Ok, I'll use the largest mail-out MTA for your expample, which is clearly the list server :) Sendmail sends out mail on my list server, with, well the largest list has 1700 odd users, all mail is sent in typically 55 seconds. You can expect similar figures with Qmail. Qmail is by far the best MTA for virutual domains inbound MTA used with vpopmail, nothing else comes within miles of it. But outbound wouldnt make a diference what you run if setup correctly. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From itdept at fractalweb.com Wed Feb 21 22:24:06 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 21 21:29:37 2007 Subject: {**possible spam detected**} RE: performance testing new server, results In-Reply-To: <77930a5184ef6e49930a4d410386ddef@solidstatelogic.com> References: <77930a5184ef6e49930a4d410386ddef@solidstatelogic.com> Message-ID: <45DCB876.9090207@fractalweb.com> Martin.Hepworth wrote: > I think the recommended number of children is start at 5 children per > CPU CORE so you should be able to run 10 children. > Hi Martin, Yes, I have it at the recommended setting of 10. > Tuning the batch size is next (add 5 see any difference, remove 5 note > difference). > I should likely not tune the batch size when I'm artificially loading the server by dumping hundreds of messages into the queue dir. I'll wait until it's live then start playing with that. > Have a look in the wiki for optimisation tips.. > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > and see how these affect your performance... > Thanks for the link; I'll check it out. As it stands right now, my guess is that this server will handle about 100 messages per minute without too many complaints, given the current configuration. We don't currently see anywhere near this, but it's nice to know we've got the overhead. Now, stats are always a nice thing to know. I know about MailWatch, but it would be great to have something that logs the number of messages hitting our server per minute, average time in the queue, etc. I realize that we can turn on speed logging in the MailScanner.conf file, but manually going through the logs is not much fun. Do you know of anything that will give us this dashboard-type view to our server? Cheers, Chris From lhaig at haigmail.com Wed Feb 21 23:36:55 2007 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 21 22:41:53 2007 Subject: Setting up test server In-Reply-To: <45DC87CD.3000803@fractalweb.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <45DBE463.40204@haigmail.com> <45DC87CD.3000803@fractalweb.com> Message-ID: <45DCC987.7090001@haigmail.com> Chris Yuzik wrote: > Lance Haig wrote: >> I think it is my explanation of what I want to achieve :-) >> >> My MS servers act as a gateway for my mail going to another server >> that is not running any opensource mail system. >> I want to duplicate the mail going through the gateways and deliver >> it to the new test server which runs the bongo server and its >> agents(MTA webaccess calendar etc) >> >> The reason for this is to change the front end to add extra features >> that it currently does not have and also integrate it with my portal >> system. >> >> I hope that this makes better sense. >> >> Thanks for taking the time to answer this >> >> Lance > Lance, > > I just did some googling on Bongo mail and calendar server, and unless > I ended up on an old page, it's currently classed as "pre-alpha". Are > you just testing this, or are you planning on putting it into a > production environment? > > Chris > > Hi Chris, The page is www.bongo-project.org and yes it is pre alpha the smtp imap pop webcalender all work and are functioning quite well. I setup a server here http://mail02.haigmail.co.uk I have a username and password for those who want to test it. I am testing with the aim to make it production as soon as I am happy Thanks Lance From res at ausics.net Thu Feb 22 00:10:11 2007 From: res at ausics.net (Res) Date: Wed Feb 21 23:15:18 2007 Subject: {**possible spam detected**} RE: performance testing new server, results In-Reply-To: <45DCB876.9090207@fractalweb.com> References: <77930a5184ef6e49930a4d410386ddef@solidstatelogic.com> <45DCB876.9090207@fractalweb.com> Message-ID: On Wed, 21 Feb 2007, Chris Yuzik wrote: > As it stands right now, my guess is that this server will handle about 100 > messages per minute without too many complaints, given the current > configuration. We don't currently see anywhere near this, but it's nice to > know we've got the overhead. By fine tunning spamassassin you'll increase this dramatically, the biggest problem I found was dcc/pyzor/razor they add lots of time, when disabled even with a lot of local rules things improved out of sight, we do now use razor on some machines. Your looking at maybe 2 messages every second, we've run similar hardware on front ends (HP DL380G5's with 4 G ram) that do 6 to 15 (depending on time of day) per second, changing batch size to 50 removed any backlog, using tmpfs and spearate spool and log dirs we never see a load of above 1.5 However this is using f-prot, clam yielded loads of up to 5 and clamavmodule bailed for some unknown reason when it has a sh1teload of work, mind you not used it in some time now, because with f-prot, its a perfect setup, sure to use it in this environment it's not free like clamav, but you'll not regret the cost outlay. > would be great to have something that logs the number of messages hitting our > server per minute, average time in the queue, etc. I realize that we can turn > on speed logging in the MailScanner.conf file, but manually going through the http://mailscannermrtg.sourceforge.net is pretty close to what you want. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From alex at nkpanama.com Thu Feb 22 05:30:55 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 22 04:36:53 2007 Subject: New Mail::ClamAV Version In-Reply-To: <20070221200900.933ABCE3048A@mail.noefer.org> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> <20070220214439.44A95CE30474@mail.noefer.org> <45DCA1BD.8060603@USherbrooke.ca> <20070221200900.933ABCE3048A@mail.noefer.org> Message-ID: <45DD1C7F.4030408@nkpanama.com> >> I also compiled with default options and --disable-zlib-vcheck on >> RHEL 4. >> >> Denis Just asking, but... is it ok to download/compile/install the latest zlib from zlib.net? I know most bugfixes have been backported to whatever version of zlib ships with RHEL4 and its clones, but I'd like to know if there's anything I should look out for. From simon.walter at hp-factory.de Thu Feb 22 10:14:24 2007 From: simon.walter at hp-factory.de (Simon Walter) Date: Thu Feb 22 09:19:32 2007 Subject: URL-encoded filenames in reports In-Reply-To: <87fy929ffm.fsf@hp-factory.de> (Simon Walter's message of "Mon, 19 Feb 2007 19:21:17 +0100") References: <87fy929ffm.fsf@hp-factory.de> Message-ID: <874ppebllb.fsf@hp-factory.de> Simon Walter writes: > Is there a way to get the filename of files which got stored in > quarantine as url-encoded string? > > Using $filename in reportfiles doesn't work for files with spaces or > special characters if the filename is used as part of an url. > > See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410647 Anyone? -- Regards Simon From m.anderlini at database.it Thu Feb 22 11:06:28 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Feb 22 10:12:02 2007 Subject: [OT] Troubling sending mail to some smtp server In-Reply-To: Message-ID: Hello, I know this is OT but I don't know where I can found some help. I have a problem sending msg to account of fastwebnet.it. I always recive a message refused. Making test via a telnet connection I made this discover. If I close the message WITHOUT put the command Subject at the end of the msg, it's refused ============================================================== 220 aa022msr.fastwebnet.it ESMTP Service (7.3.105.6) Ready ehlo libero.it 250-aa022msr.fastwebnet.it 250-DSN 250-8BITMIME 250-PIPELINING 250-HELP 250-AUTH DIGEST-MD5 PLAIN 250-DELIVERBY 300 250 SIZE 30000000 mail from: 501 Syntax error in parameters or arguments to MAIL command MAIL FROM: 250 MAIL FROM: OK RCPT TO: 250 RCPT TO: OK data 354 Start mail input; end with . saluti . 554 Message refused ============================================================== Instead if I put the command Subject before closing the message it's accepted ============================================================== 220 aa022msr.fastwebnet.it ESMTP Service (7.3.105.6) ready ehlo l@libero.it 250-aa022msr.fastwebnet.it 250-DSN 250-8BITMIME 250-PIPELINING 250-HELP 250-AUTH DIGEST-MD5 PLAIN 250-DELIVERBY 300 250 SIZE 30000000 MAIL FROM:l@libero.it 501 Syntax error in parameters or arguments to MAIL command MAIL FROM: 250 MAIL FROM: OK RCPT TO:luciana@videorent.fastwebnet.it 501 Syntax error in parameters or arguments to RCPT command RCP TO: 500 RCP command unrecognized DATA 554 DATA Transaction failed, no recipients given RCPT TO: 250 RCPT TO: OK DATA 354 Start mail input; end with . CIAO Subject:questa è una prova . 250 <45D743D200AB851C> Mail accepted quit 221 aa022msr.fastwebnet.it QUIT ============================================================== This behavior could be caused by some sendmail setting ? If true how can change to work correctly ? If not could be caused by some client configuration ? Thanks to all for any kind of help Best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From martinh at solidstatelogic.com Thu Feb 22 11:22:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Feb 22 10:27:45 2007 Subject: [OT] Troubling sending mail to some smtp server In-Reply-To: Message-ID: Odd - maybe they're doing this as an anti-spam system Why you you be send no subjects in the message anyhow. I'd contact fastwebnet if you can and complain to them. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 22 February 2007 10:06 > To: MailScanner discussion > Subject: [OT] Troubling sending mail to some smtp server > > Hello, I know this is OT but I don't know where I can found some help. > > I have a problem sending msg to account of fastwebnet.it. > I always recive a message refused. > > Making test via a telnet connection I made this discover. > > If I close the message WITHOUT put the command Subject at the end of the > msg, it's refused > > ============================================================== > 220 aa022msr.fastwebnet.it ESMTP Service (7.3.105.6) > Ready > ehlo libero.it > 250-aa022msr.fastwebnet.it 250-DSN 250-8BITMIME 250-PIPELINING 250-HELP > 250-AUTH DIGEST-MD5 PLAIN 250-DELIVERBY 300 250 SIZE 30000000 mail > from: > 501 Syntax error in parameters or arguments to MAIL command MAIL > FROM: 250 MAIL FROM: OK RCPT > TO: > 250 RCPT TO: OK data > 354 Start mail input; end with . saluti . > 554 Message refused > ============================================================== > > > Instead if I put the command Subject before closing the message it's > accepted > ============================================================== > 220 aa022msr.fastwebnet.it ESMTP Service (7.3.105.6) ready ehlo > l@libero.it > 250-aa022msr.fastwebnet.it 250-DSN 250-8BITMIME 250-PIPELINING 250-HELP > 250-AUTH DIGEST-MD5 PLAIN 250-DELIVERBY 300 250 SIZE 30000000 MAIL > FROM:l@libero.it > 501 Syntax error in parameters or arguments to MAIL command MAIL > FROM: 250 MAIL FROM: OK RCPT > TO:luciana@videorent.fastwebnet.it > 501 Syntax error in parameters or arguments to RCPT command RCP > TO: > 500 RCP command unrecognized > DATA > 554 DATA Transaction failed, no recipients given RCPT > TO: > 250 RCPT TO: OK DATA > 354 Start mail input; end with . CIAO > Subject:questa ? una prova . > 250 <45D743D200AB851C> Mail accepted > quit > 221 aa022msr.fastwebnet.it QUIT > ============================================================== > > This behavior could be caused by some sendmail setting ? If true how can > change to work correctly ? If not could be caused by some client > configuration ? > > Thanks to all for any kind of help > > Best regards > > > Dr. Marcello Anderlini > m.anderlini@database.it > --------------------------------------------- > Database Informatica S.r.l. > Microsoft Certified Partner > Tel. +39059775070 > Fax. +39059779545 > http://www.database.it > --------------------------------------------- > > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From m.anderlini at database.it Thu Feb 22 11:28:47 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Feb 22 10:35:32 2007 Subject: [OT] Troubling sending mail to some smtp server In-Reply-To: Message-ID: Yes I know it, but the "true msg" contain the subject. I try to contact the postmaster of fastwebnet but nobody answer me... > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin.Hepworth > Sent: giovedì 22 febbraio 2007 11.23 > To: MailScanner discussion > Subject: RE: [OT] Troubling sending mail to some smtp server > > Odd - maybe they're doing this as an anti-spam system > > Why you you be send no subjects in the message anyhow. > > I'd contact fastwebnet if you can and complain to them. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > > Sent: 22 February 2007 10:06 > > To: MailScanner discussion > > Subject: [OT] Troubling sending mail to some smtp server > > > > Hello, I know this is OT but I don't know where I can found > some help. > > > > I have a problem sending msg to account of fastwebnet.it. > > I always recive a message refused. > > > > Making test via a telnet connection I made this discover. > > > > If I close the message WITHOUT put the command Subject at the end of > the > > msg, it's refused > > > > ============================================================== > > 220 aa022msr.fastwebnet.it ESMTP Service (7.3.105.6) Ready ehlo > > libero.it 250-aa022msr.fastwebnet.it 250-DSN 250-8BITMIME > > 250-PIPELINING > 250-HELP > > 250-AUTH DIGEST-MD5 PLAIN 250-DELIVERBY 300 250 SIZE 30000000 mail > > from: > > 501 Syntax error in parameters or arguments to MAIL command MAIL > > FROM: 250 MAIL FROM: OK RCPT > > TO: > > 250 RCPT TO: OK data > > 354 Start mail input; end with . saluti . > > 554 Message refused > > ============================================================== > > > > > > Instead if I put the command Subject before closing the > message it's > > accepted > > ============================================================== > > 220 aa022msr.fastwebnet.it ESMTP Service (7.3.105.6) ready ehlo > > l@libero.it 250-aa022msr.fastwebnet.it 250-DSN 250-8BITMIME > > 250-PIPELINING > 250-HELP > > 250-AUTH DIGEST-MD5 PLAIN 250-DELIVERBY 300 250 SIZE 30000000 MAIL > > FROM:l@libero.it > > 501 Syntax error in parameters or arguments to MAIL command MAIL > > FROM: 250 MAIL FROM: OK RCPT > > TO:luciana@videorent.fastwebnet.it > > 501 Syntax error in parameters or arguments to RCPT command RCP > > TO: > > 500 RCP command unrecognized > > DATA > > 554 DATA Transaction failed, no recipients given RCPT > > TO: > > 250 RCPT TO: OK DATA > > 354 Start mail input; end with . CIAO > Subject:questa è una > > prova . > > 250 <45D743D200AB851C> Mail accepted > > quit > > 221 aa022msr.fastwebnet.it QUIT > > ============================================================== > > > > This behavior could be caused by some sendmail setting ? If true how > can > > change to work correctly ? If not could be caused by some client > > configuration ? > > > > Thanks to all for any kind of help > > > > Best regards > > > > > > Dr. Marcello Anderlini > > m.anderlini@database.it > > --------------------------------------------- > > Database Informatica S.r.l. > > Microsoft Certified Partner > > Tel. +39059775070 > > Fax. +39059779545 > > http://www.database.it > > --------------------------------------------- > > > > > > > > -- > > Messaggio verificato dal servizio antivirus di Database Informatica > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are > intended for the addressee only and may be confidential. If > they come to you in error you must take no action based on > them, nor must you copy or show them to anyone. Please advise > the sender by replying to this e-mail immediately and then > delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely > those of the author and unless specifically stated to the > contrary, are not necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a > secure communications medium and can be subject to data > corruption. We advise that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and > any attachments are free from known viruses but in keeping > with good computing practice, you should ensure that they are > virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales (Company > No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, > Oxford OX5 1RU, United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > -- Messaggio verificato dal servizio antivirus di Database Informatica From mikael.kermorgant at gmail.com Thu Feb 22 11:48:07 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Thu Feb 22 10:53:10 2007 Subject: installation limited to /opt/Mailscanner Message-ID: <9711147e0702220248jbe35890oc9af3c0324253c4b@mail.gmail.com> Helllo, I'd like to install the latest version of Mailscanner on a debian sarge server. The install script install.sh seems to download several perl dependencies and deploy the on the filesystem, if I understand it correctly. Is it possible/easy to cleanly install mailscanner into /opt/Mailscanner without altering anything else ? Dependencies should then be handled via debian packages. Regards, -- Mikael Kermorgant From drew at technologytiger.net Thu Feb 22 14:14:12 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu Feb 22 13:19:28 2007 Subject: Slightly OT: Choosing an outbound MTA Setup In-Reply-To: <25a66d840702211113q33e6961fv2b8c3fd2d0b9e35c@mail.gmail.com> References: <25a66d840702211113q33e6961fv2b8c3fd2d0b9e35c@mail.gmail.com> Message-ID: <47559.194.70.180.170.1172150052.squirrel@www.technologytiger.net> On Wed, February 21, 2007 19:13, am.lists wrote: > I have my inbound MTA as Postfix, coming into MailScanner. As my > hosting organization grows, I'm trying to scale as smartly as > possible. > > The before picture (even before MailScanner) was a single box running > about 60 domains. Web, FTP, Mail (plus commercial spam/virus filtering > tools). > > We suffered through enough DDOS and dictionary attacks on the mail > server that we could justify putting a MailScanner proxy into place. > While we're still converting domains over to that infrastructure, > We're now looking at sorting out the mail sendout piece. > > I'd like to qo with either Qmail or Postfix on a dedicated box, this > way we can have the resources to just pump out the mail. We do a > considerable amount of newsletters / mail lists for our users (all > opt-in of course!), > > My proposed config would be fairly light: > - MTA > - Domain Keys signing ability > - Administration (webmin, or something more than just ssh to manage it) > > I'd also like to use domain keys on the outbound side to further > legitimize our messages. > > Postfix has "dkfilter.out" for this, but I'm wondering if anyone here > has any suggestions. > > PS: I purposely didn't go on to the Postfix list and ask "Postfix or > Qmail?" because I'm not sure I would have gotten the most unbiased > opinion there. :-P At least here I know people have epxerience with a > variety of configurations. I would use the same MTA for out bound as you do in (I mean as program not box!) as you are familiar with it and you can share some of the configs between the two to reduce your admin overhead. For example, I would keep the recipient maps in MySQL with passwords (Linked to your IMAP/ POP deamon) then tell Postfix to use the same details to auth the out going SMTP. You already know that Postfix can handle the load and has a pretty good queue processor, which really helps with mailing lists. My 2p worth Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From drew at technologytiger.net Thu Feb 22 14:40:57 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu Feb 22 13:46:15 2007 Subject: Setting up test server In-Reply-To: <45DCC987.7090001@haigmail.com> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <45DBE463.40204@haigmail.com> <45DC87CD.3000803@fractalweb.com> <45DCC987.7090001@haigmail.com> Message-ID: <47862.194.70.180.170.1172151657.squirrel@www.technologytiger.net> On Wed, February 21, 2007 22:36, Lance Haig wrote: >>> I think it is my explanation of what I want to achieve :-) >>> >>> My MS servers act as a gateway for my mail going to another server >>> that is not running any opensource mail system. >>> I want to duplicate the mail going through the gateways and deliver >>> it to the new test server which runs the bongo server and its >>> agents(MTA webaccess calendar etc) >>> >>> The reason for this is to change the front end to add extra features >>> that it currently does not have and also integrate it with my portal >>> system. Ok, how do you currently reject unknown recipients at the gateway (You do this don't you?!)? What about converting this to a virual alias table and adding an additional line for the bongo box? e.g. some.user@domain some.user@current.box some.user@bongo.box Make sure you have DNS or transport maps to the two boxes so Postfix knows how to get to them. Depending on what the commercial box is running, that could work. >>> Thanks for taking the time to answer this No worries Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From lhaig at haigmail.com Thu Feb 22 15:09:26 2007 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 22 14:14:28 2007 Subject: Setting up test server In-Reply-To: <47862.194.70.180.170.1172151657.squirrel@www.technologytiger.net> References: <45DB643B.9020107@haigmail.com> <248836D9-1924-4428-8349-709952B62A5C@technologytiger.net> <45DB6FEA.1020000@haigmail.com> <8A82A534-1DE0-429D-88D0-857777808A43@technologytiger.net> <45DBE463.40204@haigmail.com> <45DC87CD.3000803@fractalweb.com> <45DCC987.7090001@haigmail.com> <47862.194.70.180.170.1172151657.squirrel@www.technologytiger.net> Message-ID: <45DDA416.4080203@haigmail.com> Thanks Drew, I have captured about 1000 emails using the store forward suggestion you made. I have turned this off at the moment as I have enough to test with :-0 Thanks again for the help Lance Drew Marshall wrote: > On Wed, February 21, 2007 22:36, Lance Haig wrote: > >>>> I think it is my explanation of what I want to achieve :-) >>>> >>>> My MS servers act as a gateway for my mail going to another server >>>> that is not running any opensource mail system. >>>> I want to duplicate the mail going through the gateways and deliver >>>> it to the new test server which runs the bongo server and its >>>> agents(MTA webaccess calendar etc) >>>> >>>> The reason for this is to change the front end to add extra features >>>> that it currently does not have and also integrate it with my portal >>>> system. >>>> > > Ok, how do you currently reject unknown recipients at the gateway (You do > this don't you?!)? What about converting this to a virual alias table and > adding an additional line for the bongo box? > > e.g. > > some.user@domain some.user@current.box some.user@bongo.box > > Make sure you have DNS or transport maps to the two boxes so Postfix knows > how to get to them. Depending on what the commercial box is running, that > could work. > > >>>> Thanks for taking the time to answer this >>>> > > No worries > > Drew > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070222/f5a49585/attachment.html From mikael.kermorgant at gmail.com Thu Feb 22 16:41:17 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Thu Feb 22 15:46:19 2007 Subject: installation limited to /opt/Mailscanner In-Reply-To: <9711147e0702220248jbe35890oc9af3c0324253c4b@mail.gmail.com> References: <9711147e0702220248jbe35890oc9af3c0324253c4b@mail.gmail.com> Message-ID: <9711147e0702220741j2c33bf7ci304691f6edd91fee@mail.gmail.com> 2007/2/22, Mikael Kermorgant : > Helllo, > > I'd like to install the latest version of Mailscanner on a debian sarge server. > > Is it possible/easy to cleanly install mailscanner into > /opt/Mailscanner without altering anything else ? Sorry for this dumb question, I untarred Mailscanner from the perl-tar directory and it seems as easy as that. -- Mikael Kermorgant From listacct at tulsaconnect.com Thu Feb 22 17:22:39 2007 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Thu Feb 22 16:29:51 2007 Subject: Performance Suggestion with MS A/V scanning for Julian Message-ID: <45DDC34F.7070602@tulsaconnect.com> Hi Julian, Here is a thought -- When using multiple A/V scanners from within MS, would it be possible to: 1. Specify the order in which the A/V scanners are tried (this may already be the behavior based on order in the config, not sure). The rationale for this is that some scanners are faster than others (e.g. f-prot is faster than clamav). and, if 2. The first A/V scanner finds a virus, to not try any subsequent A/V scanners. The reason for this is, 99.9% of today's viruses are removed rather than cleaned, so if the attached infected file is getting removed anyway, what point is there to wasting resources in passing the infected file to subsequent A/V scanners? -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From ssilva at sgvwater.com Thu Feb 22 18:01:39 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 22 17:09:51 2007 Subject: performance testing new server, results In-Reply-To: <77930a5184ef6e49930a4d410386ddef@solidstatelogic.com> References: <45DC8A9E.3070909@fractalweb.com> <77930a5184ef6e49930a4d410386ddef@solidstatelogic.com> Message-ID: Martin.Hepworth spake the following on 2/21/2007 12:32 PM: > Chris > > I think the recommended number of children is start at 5 children per > CPU CORE so you should be able to run 10 children. > > Tuning the batch size is next (add 5 see any difference, remove 5 note > difference). > > Have a look in the wiki for optimisation tips.. AFAIR, recommended ram is also 1Gig per processor. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From prandal at herefordshire.gov.uk Thu Feb 22 18:05:15 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Feb 22 17:11:10 2007 Subject: Performance Suggestion with MS A/V scanning for Julian Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5812DC3DE4@isabella.herefordshire.gov.uk> There are other clever strategies which can be used as well. For example, Microsoft's Antigen can be configured to use its scan engines in an order determined by their past performance - so that the engine which gets the most hits gets tried first. I think the basic options are: 1: manual ordering (user configured) 2: heuristic ordering (determined over time based on hit rates) and Scan Viruses with all engines = Yes/No Now, in our case, we use ClamAV with additional phishing sigs and McAfee, and we'd want to be aware of malware which is detected by ClamAV and not McAfee so we can submit samples to Avert Labs. So we'd need to use both scanners. Be aware that the performance gain isn't going to be high unless a significant proportion of your processed emails contain "viruses", because you still have to scan all the uninfected emails with all virus scan engines. If only 1% of your incoming emails contain viruses, then scanning with multiple engines isn't going to cause much of a slowdown. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of TCIS List Acct > Sent: 22 February 2007 16:23 > To: MailScanner discussion > Subject: Performance Suggestion with MS A/V scanning for Julian > > Hi Julian, > > Here is a thought -- > > When using multiple A/V scanners from within MS, would it be > possible to: > > 1. Specify the order in which the A/V scanners are tried > (this may already be > the behavior based on order in the config, not sure). The > rationale for this is > that some scanners are faster than others (e.g. f-prot is > faster than clamav). > > and, if > > 2. The first A/V scanner finds a virus, to not try any > subsequent A/V scanners. > The reason for this is, 99.9% of today's viruses are > removed rather than > cleaned, so if the attached infected file is getting removed > anyway, what point > is there to wasting resources in passing the infected file to > subsequent A/V > scanners? > > -- > > ----------------------------------------- > Mike Bacher / listacct@tulsaconnect.com > TCIS - TulsaConnect Internet Services > http://www.tulsaconnect.com > ----------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From chandler.lists at chapman.edu Thu Feb 22 18:11:53 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Thu Feb 22 17:17:00 2007 Subject: Performance Suggestion with MS A/V scanning for Julian In-Reply-To: <45DDC34F.7070602@tulsaconnect.com> References: <45DDC34F.7070602@tulsaconnect.com> Message-ID: <45DDCED9.2030408@chapman.edu> TCIS List Acct wrote: > Hi Julian, > > Here is a thought -- > > When using multiple A/V scanners from within MS, would it be possible to: > > 1. Specify the order in which the A/V scanners are tried (this may > already be the behavior based on order in the config, not sure). The > rationale for this is that some scanners are faster than others (e.g. > f-prot is faster than clamav). > > and, if > > 2. The first A/V scanner finds a virus, to not try any subsequent A/V > scanners. The reason for this is, 99.9% of today's viruses are > removed rather than cleaned, so if the attached infected file is > getting removed anyway, what point is there to wasting resources in > passing the infected file to subsequent A/V scanners? > This has been suggested before, IIRC. The reasoning was it took more resources to strip the message out and recombine the batch than it did to simply keep going. Remember, MS works on a "batch of emails" principle, not the individual files themselves. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Party-bug in the Aloha protocol. From ssilva at sgvwater.com Thu Feb 22 18:13:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 22 17:19:14 2007 Subject: Performance Suggestion with MS A/V scanning for Julian In-Reply-To: <45DDC34F.7070602@tulsaconnect.com> References: <45DDC34F.7070602@tulsaconnect.com> Message-ID: TCIS List Acct spake the following on 2/22/2007 8:22 AM: > Hi Julian, > > Here is a thought -- > > When using multiple A/V scanners from within MS, would it be possible to: > > 1. Specify the order in which the A/V scanners are tried (this may > already be the behavior based on order in the config, not sure). The > rationale for this is that some scanners are faster than others (e.g. > f-prot is faster than clamav). > > and, if > > 2. The first A/V scanner finds a virus, to not try any subsequent A/V > scanners. The reason for this is, 99.9% of today's viruses are removed > rather than cleaned, so if the attached infected file is getting removed > anyway, what point is there to wasting resources in passing the infected > file to subsequent A/V scanners? > The files aren't passed to virus scanners serially. The batch of messages is unpacked/opened/decoded into the temporary work directory and all the virus scanners are called at the same time on the whole batch. Then MailScanner interprets the output from the virus scanners to do its logging. It does this over whatever comes in, up to your maximum batch size. So a system could be scanning 30 or more messages in a batch. If MailScanner was to do as you ask, it would take much longer to scan. Some of us use 3 or 4 virus scanners, and the batch time would be very long, especially on the 0-day stuff that only one virus scanner catches. What if the one scanner that catches the message was the last one called? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jfagan at firstlightnetworks.com Thu Feb 22 20:05:19 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Thu Feb 22 19:08:59 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DD1C7F.4030408@nkpanama.com> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> <20070220214439.44A95CE30474@mail.noefer.org> <45DCA1BD.8060603@USherbrooke.ca><20070221200900.933ABCE3048A@mail.noefer.org> <45DD1C7F.4030408@nkpanama.com> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F0886@FLN1.fln.local> > >> I also compiled with default options and --disable-zlib-vcheck on > >> RHEL 4. > >> > >> Denis > > Just asking, but... is it ok to download/compile/install the latest zlib > from zlib.net? I know most bugfixes have been backported to whatever > version of zlib ships with RHEL4 and its clones, but I'd like to know if > there's anything I should look out for. I have done this before. From what I recall, there were no problems. I forgot why the zlib package reports some version error, but I think it was a mistake. Try on a test server to yum remove zlib, then build from source. The only thing is this will be a package that you will have to update manualy in case of security/enhancements/changes. From holger at noefer.org Thu Feb 22 20:41:38 2007 From: holger at noefer.org (Holger =?iso-8859-1?Q?N=F6fer?=) Date: Thu Feb 22 19:46:51 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DB6000.9050402@tulsaconnect.com> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> Message-ID: <20070222194144.D385ACE30468@mail.noefer.org> Hi, has someone files that produces the error, so that I can forward them to the developer? The best way to get the files for me, is to download them from an ftp server or a website. Has someone a link for me? Kind regards, Holger At 21:54 20.02.2007, you wrote: >Holger N?fer wrote: >>Hi, >>there is a new Mail::ClamAV Version. >>http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ >>It seems to compile with ClamAV 0.90. >>Best regards, >>Holger > >It does compile OK, but seems to blow up when run via MS: > >Feb 20 14:44:03 mscan1 MailScanner[49461]: >ClamAVModule::LibClamAV Warning: cli_pdf: Object number missing >Feb 20 14:44:08 mscan1 MailScanner[49461]: Virus >Scanning: ClamAV Module found 1 infections >Feb 20 14:45:03 mscan1 MailScanner[51163]: >ClamAVModule::ERROR:: Zip module failure:: >./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 06.pdf >Feb 20 14:45:10 mscan1 MailScanner[51163]: Virus >Scanning: ClamAV Module found 1 infections > >-- > >----------------------------------------- >Mike Bacher / listacct@tulsaconnect.com >TCIS - TulsaConnect Internet Services >http://www.tulsaconnect.com >----------------------------------------- >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From chandler.lists at chapman.edu Thu Feb 22 20:55:00 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Thu Feb 22 20:00:07 2007 Subject: BAYES issues In-Reply-To: <45D964EE.5010906@chime.ucl.ac.uk> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5783A.2030507@chime.ucl.ac.uk> <45D5FEA6.7030208@chapman.edu> <45D964EE.5010906@chime.ucl.ac.uk> Message-ID: <45DDF514.1030406@chapman.edu> Anthony Peacock wrote: > > Where do you change the settings? Be specific file name and directory. > Got it sorted out-- the scores are apparently assigned in /var/lib/spamassassin/3.001007/updates_spamassassin_org/50_scores.cf My question now becomes, say I've assigned the URIBL_BLACK a score of 6 instead of its default of 3. What's to keep this from being overwritten by sa-update? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Party-bug in the Aloha protocol. From ssilva at sgvwater.com Thu Feb 22 21:07:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 22 20:13:19 2007 Subject: BAYES issues In-Reply-To: <45DDF514.1030406@chapman.edu> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5783A.2030507@chime.ucl.ac.uk> <45D5FEA6.7030208@chapman.edu> <45D964EE.5010906@chime.ucl.ac.uk> <45DDF514.1030406@chapman.edu> Message-ID: Jay Chandler spake the following on 2/22/2007 11:55 AM: > Anthony Peacock wrote: >> >> Where do you change the settings? Be specific file name and directory. >> > > Got it sorted out-- the scores are apparently assigned in > /var/lib/spamassassin/3.001007/updates_spamassassin_org/50_scores.cf > > My question now becomes, say I've assigned the URIBL_BLACK a score of 6 > instead of its default of 3. What's to keep this from being overwritten > by sa-update? > You need to add score changes to the spam.assassin.prefs.conf file, not make changes to any of spamassassin's managed files. Add something like this; score URIBL_BLACK 6.0 or score URIBL_BLACK 0 6.0 0 6.0 if you want to have different scores based on the net/no-net bayes/nobayes tests -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From chandler.lists at chapman.edu Thu Feb 22 21:36:21 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Thu Feb 22 20:41:27 2007 Subject: BAYES issues In-Reply-To: References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5783A.2030507@chime.ucl.ac.uk> <45D5FEA6.7030208@chapman.edu> <45D964EE.5010906@chime.ucl.ac.uk> <45DDF514.1030406@chapman.edu> Message-ID: <45DDFEC5.3020004@chapman.edu> Scott Silva wrote: > Jay Chandler spake the following on 2/22/2007 11:55 AM: > > You need to add score changes to the spam.assassin.prefs.conf file, not make > changes to any of spamassassin's managed files. > > Add something like this; > score URIBL_BLACK 6.0 > or > score URIBL_BLACK 0 6.0 0 6.0 > if you want to have different scores based on the net/no-net bayes/nobayes tests > > > VERY interesting. I'd made this change before, and hadn't correctly identified the /var/lib/spamassassin heirarchy within MailScanner.conf. As soon as I did this, the update rules took precedence. Is spam.assassin.prefs.conf supposed to act as an override on anything in the standard rules directories? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Party-bug in the Aloha protocol. From ebhoeve-ms at ehoeve.com Thu Feb 22 21:46:45 2007 From: ebhoeve-ms at ehoeve.com (Eric Hoeve) Date: Thu Feb 22 20:51:56 2007 Subject: New Mail::ClamAV Version In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F0886@FLN1.fln.local> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> <20070220214439.44A95CE30474@mail.noefer.org> <45DCA1BD.8060603@USherbrooke.ca> <20070221200900.933ABCE3048A@mail.noefer.org> <45DD1C7F.4030408@nkpanama.com> <59E4A3A1069C2640959AD0F7518C48122F0886@FLN1.fln.local> Message-ID: <45DE0135.1010503@ehoeve.com> James Fagan wrote: >>>> I also compiled with default options and --disable-zlib-vcheck on >>>> RHEL 4. >>>> >>>> Denis >> Just asking, but... is it ok to download/compile/install the latest > zlib >> from zlib.net? I know most bugfixes have been backported to whatever >> version of zlib ships with RHEL4 and its clones, but I'd like to know > if >> there's anything I should look out for. > > > I have done this before. From what I recall, there were no problems. I > forgot why the zlib package reports some version error, but I think it > was a mistake. Try on a test server to yum remove zlib, then build from > source. The only thing is this will be a package that you will have to > update manualy in case of security/enhancements/changes. Alex, I know it is tempting to install the latest versions of various pieces of software, but I would advise against it unless you have a compeling reason for a particular version. It also requires you to maintain that software on your own as James noted. As new versions come out, and old APIs become deprecated it has a tendency to break things. Thats why many distros backport fixes. -Eric -=-=-=-=-=-=-=-=-=-=-=- Eric Hoeve From ssilva at sgvwater.com Thu Feb 22 21:49:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 22 20:55:13 2007 Subject: BAYES issues In-Reply-To: <45DDFEC5.3020004@chapman.edu> References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5783A.2030507@chime.ucl.ac.uk> <45D5FEA6.7030208@chapman.edu> <45D964EE.5010906@chime.ucl.ac.uk> <45DDF514.1030406@chapman.edu> <45DDFEC5.3020004@chapman.edu> Message-ID: Jay Chandler spake the following on 2/22/2007 12:36 PM: > Scott Silva wrote: >> Jay Chandler spake the following on 2/22/2007 11:55 AM: >> You need to add score changes to the spam.assassin.prefs.conf file, >> not make >> changes to any of spamassassin's managed files. >> >> Add something like this; >> score URIBL_BLACK 6.0 >> or >> score URIBL_BLACK 0 6.0 0 6.0 >> if you want to have different scores based on the net/no-net >> bayes/nobayes tests >> >> >> > VERY interesting. > I'd made this change before, and hadn't correctly identified the > /var/lib/spamassassin heirarchy within MailScanner.conf. As soon as I > did this, the update rules took precedence. > > Is spam.assassin.prefs.conf supposed to act as an override on anything > in the standard rules directories? > > It gets loaded later, so it's scores will be the last changed. It should over ride any score changes, and it is a good place to add/keep any additional hand made rules. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From TGFurnish at herffjones.com Thu Feb 22 22:27:05 2007 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Thu Feb 22 21:32:23 2007 Subject: wildcards in whitelist In-Reply-To: <20070216172849.GB60904@mikea.ath.cx> Message-ID: <57573D714A832C43B9D80EAFBDA48D0302BAC8FA@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of mikea > Sent: Friday, February 16, 2007 12:29 PM > To: MailScanner discussion > Subject: Re: wildcards in whitelist > > On Fri, Feb 16, 2007 at 10:02:48AM +0100, shuttlebox wrote: > > On 2/15/07, mikea wrote: > > >I think it does. Typically, I'll use whitelist entries in > this form: > > > > > >FromOrTo: *@domain.com yes > > > > > >to catch the case in which good mail comes directly from > domain.com, > > >and > > > > > >FromOrTo: *@*.domain.com yes > > > > > >for cases in which all subdomains send good mail. > > > > Shouldn't just *domain.com cover that? > > No. > > *boo.com would cover boo.com, a.boo.com, and so on, but also > would cover aboo.com, taboo.com, cariboo.com, and other > possibly undesirable cases. The "." is important. Aren't they supposed to be perl regexes, and in that case, doesn't .boo.com still match aboo.com? In perl (and most other regex implementations AFAIK) the period represents a single occurance of (almost) any character, so the following command line: echo aboo | perl -ne 'print "yes\n" if (/.boo/)' ...does in fact print "yes". If you don't want . to match 'any character', then you should escape it with a backslash. Actually I've wondered frequently whether this weren't a mistake in the MailScanner examples, but have never taken the time to go through the code and decide for certain. There is an occurance of "\." in the rules/EXAMPLES file for escaping the periods between octets in an ip address. I don't see anything to indicate that it shouldn't also be used between domain parts. From chandler.lists at chapman.edu Fri Feb 23 00:02:17 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Thu Feb 22 23:07:23 2007 Subject: BAYES issues In-Reply-To: References: <45D3E50D.4030302@chapman.edu> <45D41D47.4060501@chime.ucl.ac.uk> <45D4693F.4030504@chapman.edu> <45D4B6BA.3060303@chime.ucl.ac.uk> <45D50BAA.1030802@chapman.edu> <45D51B24.70400@chapman.edu> <45D567DA.2010908@chime.ucl.ac.uk> <223f97700702160109x5613b241hb0a018a5aa2cd250@mail.gmail.com> <45D5783A.2030507@chime.ucl.ac.uk> <45D5FEA6.7030208@chapman.edu> <45D964EE.5010906@chime.ucl.ac.uk> <45DDF514.1030406@chapman.edu> <45DDFEC5.3020004@chapman.edu> Message-ID: <45DE20F9.1060400@chapman.edu> Scott Silva wrote: > It gets loaded later, so it's scores will be the last changed. It should over > ride any score changes, and it is a good place to add/keep any additional hand > made rules. > > Okay, looks like I may have pooched the order it uses to look at the rulesets, then. I'll have to break out the MailScanner book and figure out how best to fix it... Thanks! -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Firmware update in the coffee machine From chandler.lists at chapman.edu Fri Feb 23 09:22:03 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 23 08:27:12 2007 Subject: Postfix Queue question Message-ID: <45DEA42B.7010306@chapman.edu> Howdy. I realize this isn't a MailScanner question directly, but if I take it to the Postfix list they'll start screaming about queue message corruption. I have an outbound server that has a couple messages from three to four weeks ago stuck in its HOLD queue. What could cause something like this? I'll provide any information that you request... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: Firmware update in the coffee machine From glenn.steen at gmail.com Fri Feb 23 09:35:01 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 23 08:40:06 2007 Subject: wildcards in whitelist In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0302BAC8FA@inex3.herffjones.hj-int> References: <20070216172849.GB60904@mikea.ath.cx> <57573D714A832C43B9D80EAFBDA48D0302BAC8FA@inex3.herffjones.hj-int> Message-ID: <223f97700702230035x71e8cb0fkc48104ff2b318c26@mail.gmail.com> On 22/02/07, Furnish, Trever G wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of mikea > > Sent: Friday, February 16, 2007 12:29 PM > > To: MailScanner discussion > > Subject: Re: wildcards in whitelist > > > > On Fri, Feb 16, 2007 at 10:02:48AM +0100, shuttlebox wrote: > > > On 2/15/07, mikea wrote: > > > >I think it does. Typically, I'll use whitelist entries in > > this form: > > > > > > > >FromOrTo: *@domain.com yes > > > > > > > >to catch the case in which good mail comes directly from > > domain.com, > > > >and > > > > > > > >FromOrTo: *@*.domain.com yes > > > > > > > >for cases in which all subdomains send good mail. > > > > > > Shouldn't just *domain.com cover that? > > > > No. > > > > *boo.com would cover boo.com, a.boo.com, and so on, but also > > would cover aboo.com, taboo.com, cariboo.com, and other > > possibly undesirable cases. The "." is important. > > Aren't they supposed to be perl regexes, and in that case, doesn't > .boo.com still match aboo.com? > > In perl (and most other regex implementations AFAIK) the period > represents a single occurance of (almost) any character, so the > following command line: > > echo aboo | perl -ne 'print "yes\n" if (/.boo/)' > > ...does in fact print "yes". If you don't want . to match 'any > character', then you should escape it with a backslash. > > Actually I've wondered frequently whether this weren't a mistake in the > MailScanner examples, but have never taken the time to go through the > code and decide for certain. There is an occurance of "\." in the > rules/EXAMPLES file for escaping the periods between octets in an ip > address. I don't see anything to indicate that it shouldn't also be > used between domain parts. > You can actually test this;-). Observe: ----- # MailScanner --changed|grep virusscanning virusscanning yes RULESET:Default=yes # grep glenn.steen /etc/MailScanner/rules/virus.whitelist.rules From: glenn.steen@aa.ap1.se no # MailScanner --from=glenn.steen@aa.ap1.se --to=glenn.steen@ap1.se --value=virusscanning Looked up internal option name "virusscan" With sender = glenn.steen@aa.ap1.se recipient = glenn.steen@ap1.se Client IP = Virus = Result is "0" 0=No 1=Yes # MailScanner --from=glenn.steen@aaaap1.se --to=glenn.steen@ap1.se --value=virusscanning Looked up internal option name "virusscan" With sender = glenn.steen@aaaap1.se recipient = glenn.steen@ap1.se Client IP = Virus = Result is "1" 0=No 1=Yes # ----- So the answer is: No, that is not straight perl REs, if you want that you need enclose the RE in slashes like /.*@example.net/ (btw, a lone asterisk is _not_ a generic glob-like wildcard in perl, it is a "0 or more" repetition indicator... sort of a shorthand for {0,} ... You do need tell perl _what_ to repeat;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 23 09:44:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 23 08:49:26 2007 Subject: Postfix Queue question In-Reply-To: <45DEA42B.7010306@chapman.edu> References: <45DEA42B.7010306@chapman.edu> Message-ID: <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> On 23/02/07, Jay Chandler wrote: > Howdy. > > I realize this isn't a MailScanner question directly, but if I take it > to the Postfix list they'll start screaming about queue message corruption. > > I have an outbound server that has a couple messages from three to four > weeks ago stuck in its HOLD queue. What could cause something like > this? I'll provide any information that you request... > Does postcat work on them? Any "screaming" would be entirely out of ignorance... If they are in hold, they are untouched by MailScanner... So any problem would be either in Postfix proper, or (more likely) something making MailScanner ignore them. Postcat will show if the messages are "palatable" to postfix at least. If they seem corrupt... well, then they would've been that, MailScanner or no MailScanner;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Fri Feb 23 10:24:50 2007 From: res at ausics.net (Res) Date: Fri Feb 23 09:30:13 2007 Subject: Postfix Queue question In-Reply-To: <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> Message-ID: why dont u guys use an MTA that works without the constant dramas ;) like sendmail or qmail :P On Fri, 23 Feb 2007, Glenn Steen wrote: > Any "screaming" would be entirely out of ignorance... If they are in > hold, they are untouched by MailScanner... So any problem would be > either in Postfix proper, or (more likely) something making -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From uxbod at splatnix.net Fri Feb 23 11:03:00 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Feb 23 10:03:55 2007 Subject: New Mail::ClamAV Version In-Reply-To: <45DB63A3.8020307@USherbrooke.ca> References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> Message-ID: <20070223100300.567a078b@uxbod.splatnix.net> On Tue, 20 Feb 2007 16:09:55 -0500 Denis Beauchemin wrote: > TCIS List Acct a ?crit : > > > > > > Holger N?fer wrote: > >> Hi, > >> > >> there is a new Mail::ClamAV Version. > >> > >> http://search.cpan.org/~sabeck/Mail-ClamAV-0.20/ > >> > >> It seems to compile with ClamAV 0.90. > >> > >> Best regards, > >> Holger > >> > > > > It does compile OK, but seems to blow up when run via MS: > > > > Feb 20 14:44:03 mscan1 MailScanner[49461]: ClamAVModule::LibClamAV > > Warning: cli_pdf: Object number missing > > Feb 20 14:44:08 mscan1 MailScanner[49461]: Virus Scanning: ClamAV > > Module found 1 infections > > Feb 20 14:45:03 mscan1 MailScanner[51163]: ClamAVModule::ERROR:: Zip > > module failure:: ./1HJbqU-000DXw-Vk/Occuhealth Front Elevation 7 20 > > 06.pdf > > Feb 20 14:45:10 mscan1 MailScanner[51163]: Virus Scanning: ClamAV > > Module found 1 infections > > > It works fine here. > > Denis > Upgraded here and all works peachy. Also added the additional signatures from SaneSecurity and they work a treat :) -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikael.kermorgant at gmail.com Fri Feb 23 11:04:12 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Fri Feb 23 10:09:20 2007 Subject: report of what is in the quarantine Message-ID: <9711147e0702230204o120a2c3fv22e4e241b051ee61@mail.gmail.com> Hello, I have configured mailscanner to store spams with a score between 6 and 10, but I have desactivated notices to postmaster because I have not enough time reading everything. Has anyone written a script that creates on a periodical basis a comprehensive report of what is in the quarantine, so a decision of releasing can be made ? Regards, -- Mikael Kermorgant From glenn.steen at gmail.com Fri Feb 23 12:30:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 23 11:36:06 2007 Subject: Postfix Queue question In-Reply-To: References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> Message-ID: <223f97700702230330x67c39c5cp7edaf6bddcbe1f84@mail.gmail.com> On 23/02/07, Res wrote: > > why dont u guys use an MTA that works without the constant dramas ;) We like to live dangerously:-). It adds spice to our otherwise meaningless existance:-D > like sendmail or qmail :P Don't cuss, you top-poster!;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 23 12:34:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 23 11:39:47 2007 Subject: report of what is in the quarantine In-Reply-To: <9711147e0702230204o120a2c3fv22e4e241b051ee61@mail.gmail.com> References: <9711147e0702230204o120a2c3fv22e4e241b051ee61@mail.gmail.com> Message-ID: <223f97700702230334j2ca9f4fej7883f1692047acc6@mail.gmail.com> On 23/02/07, Mikael Kermorgant wrote: > Hello, > > I have configured mailscanner to store spams with a score between 6 > and 10, but I have desactivated notices to postmaster because I have > not enough time reading everything. > > Has anyone written a script that creates on a periodical basis a > comprehensive report of what is in the quarantine, so a decision of > releasing can be made ? > Have you looked at Quarantine report from FSL (http://www.fsl.com/support/)? It might do what you want. Another very nice option is to implement MailWatch (http://mailwatch.sf.net), which also contain a quarantine report script (apart from the very good grip you will get on things like this through the web interface). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Fri Feb 23 12:36:45 2007 From: res at ausics.net (Res) Date: Fri Feb 23 11:41:54 2007 Subject: Postfix Queue question In-Reply-To: <223f97700702230330x67c39c5cp7edaf6bddcbe1f84@mail.gmail.com> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <223f97700702230330x67c39c5cp7edaf6bddcbe1f84@mail.gmail.com> Message-ID: cuss cuss cuss cuss cuss :P I decided i now only know how to 'top post' but like we both know, I'm the evil rebel bunny ;) On Fri, 23 Feb 2007, Glenn Steen wrote: > On 23/02/07, Res wrote: >> >> why dont u guys use an MTA that works without the constant dramas ;) > We like to live dangerously:-). It adds spice to our otherwise > meaningless existance:-D > >> like sendmail or qmail :P > Don't cuss, you top-poster!;-) > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From dhawal at netmagicsolutions.com Fri Feb 23 13:12:49 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 23 12:18:12 2007 Subject: Postfix Queue question In-Reply-To: References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> Message-ID: <45DEDA41.6000105@netmagicsolutions.com> Res wrote: > > why dont u guys use an MTA that works without the constant dramas ;) > like sendmail or qmail :P We like better thrills than simply changing our lock types with every release.. > On Fri, 23 Feb 2007, Glenn Steen wrote: > >> Any "screaming" would be entirely out of ignorance... If they are in >> hold, they are untouched by MailScanner... So any problem would be >> either in Postfix proper, or (more likely) something making > > From m.anderlini at database.it Fri Feb 23 14:22:35 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Fri Feb 23 13:30:32 2007 Subject: How to instruct spamassassin In-Reply-To: <923895EE9E8AFD469E956C377346AD4807A760FB@beta.dbdomain.database.it> Message-ID: <007301c7574d$ae870110$0501a8c0@dbdomain.database.it> Hello, The first time I've installed spamassassin I've found instructions about teach spamassassin what is spam for me sending email to a particolar account. Now I cannot found the script and this instructions. Someone could help me ? Thanks and best regards Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From am.lists at gmail.com Fri Feb 23 15:35:38 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 14:40:46 2007 Subject: Dealing with large ISP Mailers Message-ID: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> As much as I would rather be draconian about this and say "tough, that's how it's designed", my users won't let this go on this way, so I need to fix it. Mail from one of the AOL mx servers gets caught in one of the RBLs. One of my users got the "we have detected UCE... click here to release the message" and they did, and they even logged in and whitelisted the sender. But another message came in later, and was still held up because of the RBL. Specifically, the IP is listed in TQM-SPAMTRAP and SORBS-SPAM. Is there a way that I can whitelist the AOL MX at the RBL level but continue to run rules against it to properly score it otherwise? In other words, I don't want to get a 123 friend greeting.exe or something like that from an AOL user just because I had to w/l their relay server. From am.lists at gmail.com Fri Feb 23 15:39:08 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 14:44:14 2007 Subject: How to instruct spamassassin In-Reply-To: <007301c7574d$ae870110$0501a8c0@dbdomain.database.it> References: <923895EE9E8AFD469E956C377346AD4807A760FB@beta.dbdomain.database.it> <007301c7574d$ae870110$0501a8c0@dbdomain.database.it> Message-ID: <25a66d840702230639x694255bbq417c87da6ea10eb7@mail.gmail.com> On 2/23/07, Marcello Anderlini wrote: > Hello, > > The first time I've installed spamassassin I've found instructions about > teach spamassassin what is spam for me sending email to a particolar > account. Now I cannot found the script and this instructions. > > Someone could help me ? Teaching spamassassin helps it become smarter about knowing what is spam (bad) and what is ham (looks like spam but really isn't). The command is sa-learn. If you run man sa-learn it will show you the instructions on how this works, but you should read up on how to load up what's known as a corpus. (google for sa-learn and corpus) Use a corpus of your own spam for the best results. My spam doesnt' look like your spam, so training your spam filter with my spam will be very ineffective. More here: http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-learn.html Regards. Angelo From alex at nkpanama.com Fri Feb 23 16:25:22 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 23 15:31:16 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> Message-ID: <45DF0762.8000405@nkpanama.com> am.lists wrote: > > But another message came in later, and was still held up because of > the RBL. > > Specifically, the IP is listed in TQM-SPAMTRAP and SORBS-SPAM. > > Is there a way that I can whitelist the AOL MX at the RBL level but > continue to run rules against it to properly score it otherwise? In > other words, I don't want to get a 123 friend greeting.exe or > something like that from an AOL user just because I had to w/l their > relay server. What's your MTA? Each goes about whitelisting in its own way... From am.lists at gmail.com Fri Feb 23 16:30:28 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 15:35:33 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <45DF0762.8000405@nkpanama.com> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> Message-ID: <25a66d840702230730s3e318ac7gfa56d7524e601678@mail.gmail.com> On 2/23/07, Alex Neuman van der Hans wrote: > What's your MTA? Each goes about whitelisting in its own way... Sorry, I should have said. It's Postfix 2.2.2. Angelo From prandal at herefordshire.gov.uk Fri Feb 23 16:15:27 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 23 15:41:38 2007 Subject: Dealing with large ISP Mailers Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5812FAF4FB@isabella.herefordshire.gov.uk> If you're using sendmail, see http://blue-labs.org/howto/access_hints.php . In your sendmail access file you could put Connect:aol.com RELAY Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of am.lists > Sent: 23 February 2007 14:36 > To: MailScanner discussion > Subject: Dealing with large ISP Mailers > > As much as I would rather be draconian about this and say "tough, > that's how it's designed", my users won't let this go on this way, so > I need to fix it. > > Mail from one of the AOL mx servers gets caught in one of the RBLs. > > One of my users got the "we have detected UCE... click here to release > the message" and they did, and they even logged in and whitelisted the > sender. > > But another message came in later, and was still held up > because of the RBL. > > Specifically, the IP is listed in TQM-SPAMTRAP and SORBS-SPAM. > > Is there a way that I can whitelist the AOL MX at the RBL level but > continue to run rules against it to properly score it otherwise? In > other words, I don't want to get a 123 friend greeting.exe or > something like that from an AOL user just because I had to w/l their > relay server. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From R.Sterenborg at netsourcing.nl Fri Feb 23 16:48:53 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Fri Feb 23 15:55:46 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <45DF0762.8000405@nkpanama.com> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488DF3C@WISENT.dcyb.net> >> But another message came in later, and was still held up because of >> the RBL. >> >> Specifically, the IP is listed in TQM-SPAMTRAP and SORBS-SPAM. >> >> Is there a way that I can whitelist the AOL MX at the RBL level but >> continue to run rules against it to properly score it otherwise? In >> other words, I don't want to get a 123 friend greeting.exe or >> something like that from an AOL user just because I had to w/l their >> relay server. > > What's your MTA? Each goes about whitelisting in its own way... Where are you using the RBL's? I wouldn't use SORBS at the MTA to block emails, but I would use SORBS in SpamAssassin to score an email. Grts, Rob From mikael.kermorgant at gmail.com Fri Feb 23 16:52:35 2007 From: mikael.kermorgant at gmail.com (Mikael Kermorgant) Date: Fri Feb 23 15:57:50 2007 Subject: report of what is in the quarantine In-Reply-To: <223f97700702230334j2ca9f4fej7883f1692047acc6@mail.gmail.com> References: <9711147e0702230204o120a2c3fv22e4e241b051ee61@mail.gmail.com> <223f97700702230334j2ca9f4fej7883f1692047acc6@mail.gmail.com> Message-ID: <9711147e0702230752x686f9eb4pa94d0d365d1f39f1@mail.gmail.com> > > Has anyone written a script that creates on a periodical basis a > > comprehensive report of what is in the quarantine, so a decision of > > releasing can be made ? > > > Have you looked at Quarantine report from FSL > (http://www.fsl.com/support/)? It might do what you want. Thanks, I've downloaded it but it seems problematic with postfix. Has anyone successfully installed it with postfix ? > Another very nice option is to implement MailWatch > (http://mailwatch.sf.net), which also contain a quarantine report > script (apart from the very good grip you will get on things like this > through the web interface). Yes, I've tried it but preferred not to use it as I finally used it very rarely and I have tried as much as I could to lower the load on my server. Regards, -- Mikael Kermorgant From am.lists at gmail.com Fri Feb 23 17:00:15 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 16:05:24 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <74ACEB3E6A055643A89B8CEC74C7BF2488DF3C@WISENT.dcyb.net> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> <74ACEB3E6A055643A89B8CEC74C7BF2488DF3C@WISENT.dcyb.net> Message-ID: <25a66d840702230800y77f33cc8jde1ed5d7efb6d171@mail.gmail.com> On 2/23/07, Rob Sterenborg wrote: > Where are you using the RBL's? > I wouldn't use SORBS at the MTA to block emails, but I would use SORBS > in SpamAssassin to score an email. Rob, Here is my Postfix main.cf relevant lines: [[[ snip ]]] smtpd_data_restrictions = reject_unauth_pipelining smtpd_recipient_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,reject_unauth_destination,check_recipient_access hash:/etc/postfix/recipient_access,check_policy_service inet:127.0.0.1:60000 [[[ snip ]]] So, from that, I guess it's already being done within MailScanner, so how would I tweak it from there? Is it the /etc/MailScanner/rules/spam.whitelist.rules file? I thought I might create a custom rule (e.g. customaol.cf) that negatively scores them based on sender, but they already pass by score (usually less than 2.0). It's since they are caught in the RBL that they get categorized as "low spam". Angelo From chandler.lists at chapman.edu Fri Feb 23 17:05:22 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 23 16:10:32 2007 Subject: Postfix Queue question In-Reply-To: References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> Message-ID: <45DF10C2.6020501@chapman.edu> Res wrote: > > why dont u guys use an MTA that works without the constant dramas ;) > like sendmail or qmail :P > Because I have both the O'Reilly Sendmail and Postfix books in my cube. The Postfix book takes a couple hours to get through, while the Sendmail book is mainly here to kill hobos with-- this thing is MASSIVE. There's something to be said for simplicity... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: You put the disk in upside down. From alex at nkpanama.com Fri Feb 23 17:05:25 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 23 16:16:10 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5812FAF4FB@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B5812FAF4FB@isabella.herefordshire.gov.uk> Message-ID: <45DF10C5.1040600@nkpanama.com> Randal, Phil wrote: > If you're using sendmail, see > http://blue-labs.org/howto/access_hints.php . > > In your sendmail access file you could put > > Connect:aol.com RELAY > > Cheers, > > Phil > He *did* say postfix, but... Wouldn't your suggestion allow anyone in AOL's network to relay *through* you? I believe it would be more appropriate to do it like: Connect:aol.com OK So that you'd *receive* mail from aol, not *relay* mail from aol to somewhere else. From am.lists at gmail.com Fri Feb 23 17:19:07 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 16:24:14 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <45DF10C5.1040600@nkpanama.com> References: <86144ED6CE5B004DA23E1EAC0B569B5812FAF4FB@isabella.herefordshire.gov.uk> <45DF10C5.1040600@nkpanama.com> Message-ID: <25a66d840702230819q41be3ea8u9e4c0ae2d87279d4@mail.gmail.com> On 2/23/07, Alex Neuman van der Hans wrote: > He *did* say postfix, but... Wouldn't your suggestion allow anyone in ... I did say Postfix, but I understand how people read and respond without seeing all future messages. No harm, no foul, Phil. Angelo From alex at nkpanama.com Fri Feb 23 17:23:53 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 23 16:29:43 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <25a66d840702230819q41be3ea8u9e4c0ae2d87279d4@mail.gmail.com> References: <86144ED6CE5B004DA23E1EAC0B569B5812FAF4FB@isabella.herefordshire.gov.uk> <45DF10C5.1040600@nkpanama.com> <25a66d840702230819q41be3ea8u9e4c0ae2d87279d4@mail.gmail.com> Message-ID: <45DF1519.4050605@nkpanama.com> am.lists wrote: > > I did say Postfix, but I understand how people read and respond > without seeing all future messages. No harm, no foul, Phil. None implied... Happens to me all the time. My worry was that adding a "RELAY" line to sendmail's access file is, IMHO, asking for trouble. I try to avoid it as much as possible. From am.lists at gmail.com Fri Feb 23 17:46:06 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 16:51:17 2007 Subject: Checking Domain Keys Inbound, anyone? Message-ID: <25a66d840702230846k5159c1b7o813c3a95ad79a363@mail.gmail.com> Config: Postfix 2.2.2, MailScanner 4.55, SpamAssassin 3.15. Sendmail is installed and available (8.13.7) but not running as the inbound listener for mail, PF is. Would like to add DKFilter for checking the validity of inbound mail that is signed. In my first round of research, I can't find any references to anyone else doing this, and I'm sure that's not consistent with reality. (or is it?) For DKFilter, there's a laundry list of perl modules to install. I have that pre-requisite work done. I just need to know how to piece it together such that MailScanner can score it. Thanks, Angelo From bpumphrey at woodmclaw.com Fri Feb 23 17:52:20 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Fri Feb 23 16:57:30 2007 Subject: Fixing Bayes Message-ID: <04D932B0071FE34FA63EBB1977B48D150241A3FF@woodenex.woodmaclaw.local> I spent quite a bit of time searching the archives; there is a ton of stuff there. I know the answer is there but I am just terrible at searching I guess. Please entertain my basic question. My bayes is causing a lot of false positives. I am guessing that I need to rebuild my bayes database. I do have: Rebuild Bayes Every = 432000 Wait During Bayes Rebuild = yes (was no until about 15 minutes ago when I found on the archive searching that this should be yes) Here is what I did, let me know if this is what I needed to do. I got the starter database from http://www.fsl.com/support.html and placed those files in /etc/MailScanner/bayes. Is that all that I need to do? Thank you -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Fri Feb 23 17:55:08 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Feb 23 17:00:14 2007 Subject: Checking Domain Keys Inbound, anyone? In-Reply-To: <25a66d840702230846k5159c1b7o813c3a95ad79a363@mail.gmail.com> References: <25a66d840702230846k5159c1b7o813c3a95ad79a363@mail.gmail.com> Message-ID: <0ee801c7576b$5febbaf0$1fc330d0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of am.lists > Sent: Friday, February 23, 2007 11:46 AM > To: MailScanner discussion > Subject: Checking Domain Keys Inbound, anyone? > > Config: > > Postfix 2.2.2, MailScanner 4.55, SpamAssassin 3.15. Sendmail is > installed and available (8.13.7) but not running as the inbound > listener for mail, PF is. > > Would like to add DKFilter for checking the validity of inbound mail > that is signed. > > In my first round of research, I can't find any references to anyone > else doing this, and I'm sure that's not consistent with reality. (or > is it?) > > For DKFilter, there's a laundry list of perl modules to install. I > have that pre-requisite work done. I just need to know how to piece it > together such that MailScanner can score it. > > Thanks, > Angelo I believe it's enabled as a SpamAssassin plug-in. In our setup it can be enabled by editing the file: /etc/mail/spamassassin/v312.pre If you have all the prerequisites installed just uncomment the line: #loadplugin Mail::SpamAssassin::Plugin::DKIM Steve Steve Steve Swaney steve@fsl.com From prandal at herefordshire.gov.uk Fri Feb 23 17:40:10 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 23 17:02:35 2007 Subject: Dealing with large ISP Mailers Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5812FAF5B1@isabella.herefordshire.gov.uk> Oops, my bad... Needless to say my access file is and was alway correct in this regard. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Alex Neuman van der Hans > Sent: 23 February 2007 16:05 > To: MailScanner discussion > Subject: Re: Dealing with large ISP Mailers > > Randal, Phil wrote: > > If you're using sendmail, see > > http://blue-labs.org/howto/access_hints.php . > > > > In your sendmail access file you could put > > > > Connect:aol.com RELAY > > > > Cheers, > > > > Phil > > > He *did* say postfix, but... Wouldn't your suggestion allow anyone in > AOL's network to relay *through* you? I believe it would be more > appropriate to do it like: > > Connect:aol.com OK > > So that you'd *receive* mail from aol, not *relay* mail from aol to > somewhere else. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From am.lists at gmail.com Fri Feb 23 18:01:41 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 17:06:52 2007 Subject: Checking Domain Keys Inbound, anyone? In-Reply-To: <-1093451887746668317@unknownmsgid> References: <25a66d840702230846k5159c1b7o813c3a95ad79a363@mail.gmail.com> <-1093451887746668317@unknownmsgid> Message-ID: <25a66d840702230901r70e59be5gcb52461539a471cf@mail.gmail.com> On 2/23/07, Stephen Swaney wrote: > I believe it's enabled as a SpamAssassin plug-in. In our setup it can be > enabled by editing the file: > > /etc/mail/spamassassin/v312.pre > > If you have all the prerequisites installed just uncomment the line: > > #loadplugin Mail::SpamAssassin::Plugin::DKIM Great. But that's DKIM, which ~<> Domain Keys. Same idea but slightly different implemenation. But at least now I know where to look. Thanks. Angelo From Kevin_Miller at ci.juneau.ak.us Fri Feb 23 18:06:42 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 23 17:11:42 2007 Subject: Fixing Bayes In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150241A3FF@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D150241A3FF@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey wrote: > I spent quite a bit of time searching the archives; there is a ton of > stuff there. I know the answer is there but I am just terrible at > searching I guess. Please entertain my basic question. > > My bayes is causing a lot of false positives. I am guessing that I > need to rebuild my bayes database. I do have: > Rebuild Bayes Every = 432000 > Wait During Bayes Rebuild = yes (was no until about 15 minutes ago > when I found on the archive searching that this should be yes) > > Here is what I did, let me know if this is what I needed to do. I got > the starter database from http://www.fsl.com/support.html and placed > those files in /etc/MailScanner/bayes. > > Is that all that I need to do? > > Thank you Assuming the permissions are correct that should pretty much do it. The starter kit will begin to learn as new ham/spam comes in. It is based on older spam, and your spam profile may not match fsl's, but it'll learn fast. Are you using MailWatch along with MailScanner? There's tools in there to monitor the health of your bayes database (as well as other things). My bayes database was corrupted some time back and I replaced it with the starter kit. Immediately saw improvement in the spam catching... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From chandler.lists at chapman.edu Fri Feb 23 18:10:19 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 23 17:15:31 2007 Subject: Postfix Queue question In-Reply-To: <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> Message-ID: <45DF1FFB.7080000@chapman.edu> Glenn Steen wrote: > On 23/02/07, Jay Chandler wrote: >> Howdy. >> >> I realize this isn't a MailScanner question directly, but if I take it >> to the Postfix list they'll start screaming about queue message >> corruption. >> >> I have an outbound server that has a couple messages from three to four >> weeks ago stuck in its HOLD queue. What could cause something like >> this? I'll provide any information that you request... >> > Does postcat work on them? Let's see... The one from Jan 31 is a non-delivery report that's 4.3 megs long, and postcat seems to work just fine. In fact, Postcat seems to work on all of them. So... what do I try next? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: You put the disk in upside down. From roger at rudnick.com.br Fri Feb 23 18:13:19 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Feb 23 17:19:03 2007 Subject: Spamassassin speed References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> <20070220214439.44A95CE30474@mail.noefer.org> <45DCA1BD.8060603@USherbrooke.ca><20070221200900.933ABCE3048A@mail.noefer.org><45DD1C7F.4030408@nkpanama.com> <59E4A3A1069C2640959AD0F7518C48122F0886@FLN1.fln.local> Message-ID: <085101c7576d$ea831760$0600a8c0@roger> In this new version of MailScanner is possible to log processing speed. This is very usefull. But whe it comes to spamassassin, there is only a total time in seconds that spamassassin toke to process the messages. Is there any way I could mesure how much time razor, pyzor, dcc, take to process the messages? Regards Roger Jochem From mailscanner at yeticomputers.com Fri Feb 23 18:29:13 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Fri Feb 23 17:34:27 2007 Subject: URL-encoded filenames in reports In-Reply-To: <87fy929ffm.fsf@hp-factory.de> References: <87fy929ffm.fsf@hp-factory.de> Message-ID: <45DF2469.4090507@yeticomputers.com> Simon Walter wrote: > Hello > > Is there a way to get the filename of files which got stored in > quarantine as url-encoded string? > > Using $filename in reportfiles doesn't work for files with spaces or > special characters if the filename is used as part of an url. > > See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410647 > I would probably handle this with PHP. The line in my corresponding report .txt file would be something like: http://my.mailscannerbox.com/download.php?id=$id&filename=$filename&datenumber=$datenumber&hostname=$hostname and I would use my script to handle directing people to the correct file. Unfortunately, I have too many users who would retrieve *any* file - virus, spam or other - to give them this kind of a tool. I just fiddled with it a little bit, and it seems as if this would work just fine. Now you made me want to test it... Rick From gerard at seibercom.net Fri Feb 23 19:17:12 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Feb 23 18:22:24 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <25a66d840702230730s3e318ac7gfa56d7524e601678@mail.gmail.com> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> <25a66d840702230730s3e318ac7gfa56d7524e601678@mail.gmail.com> Message-ID: <20070223131712.50c790ed@localhost> On Fri, 23 Feb 2007 10:30:28 -0500 "am.lists" wrote: > On 2/23/07, Alex Neuman van der Hans wrote: > > What's your MTA? Each goes about whitelisting in its own way... > > Sorry, I should have said. It's Postfix 2.2.2. http://www.postfix.org/SMTPD_ACCESS_README.html http://www.postfix.org/postconf.5.html http://www.postfix.org/addon.html This question might be appropriate for the Postfix forum. -- Gerard Max told his friend that he'd just as soon not go hiking in the hills. Said he, "I'm an anti-climb Max." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070223/ea874476/signature.bin From roger at rudnick.com.br Fri Feb 23 18:51:41 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Fri Feb 23 18:25:05 2007 Subject: Timeouts References: <20070220190425.A8A65CE301F0@mail.noefer.org> <45DB6000.9050402@tulsaconnect.com> <45DB63A3.8020307@USherbrooke.ca> <20070220214439.44A95CE30474@mail.noefer.org> <45DCA1BD.8060603@USherbrooke.ca><20070221200900.933ABCE3048A@mail.noefer.org><45DD1C7F.4030408@nkpanama.com> <59E4A3A1069C2640959AD0F7518C48122F0886@FLN1.fln.local> Message-ID: <08aa01c75773$46ffc010$0600a8c0@roger> How much time did you use for rbl, razor and pyzor timeouts in spam.assassin.prefs.conf? This lines are commented out, and I'm experiencing some delay in my message processing... Regards Roger Jochem From gerard at seibercom.net Fri Feb 23 19:27:14 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Feb 23 18:32:23 2007 Subject: Postfix Queue question In-Reply-To: <45DF10C2.6020501@chapman.edu> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DF10C2.6020501@chapman.edu> Message-ID: <20070223132714.64e36ccc@localhost> On Fri, 23 Feb 2007 08:05:22 -0800 Jay Chandler wrote: > > why dont u guys use an MTA that works without the constant dramas ;) > > like sendmail or qmail :P > > > Because I have both the O'Reilly Sendmail and Postfix books in my > cube. The Postfix book takes a couple hours to get through, while the > Sendmail book is mainly here to kill hobos with-- this thing is > MASSIVE. > > There's something to be said for simplicity... Absolutely. The O'Reilly 'Sendmail' book is 1205+ pages. The 'Book of Postfix' is only 464 pages. Plus, you can actually set up SASL and SSL/TLS in Postfix after reading it. Setting up SASL and SSL/TLS etc. in Sendmail can be a chore. The users of Sendmail have been decreasing while the users of alternative MTA's like Postfix, have been on the rise. Then again, there is Qmail, which is not even officially supported but still available for the adventurous. -- Gerard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070223/15c59dff/signature.bin From steinkel at pa.net Fri Feb 23 19:43:58 2007 From: steinkel at pa.net (Leland J. Steinke) Date: Fri Feb 23 18:48:19 2007 Subject: Postfix Queue question In-Reply-To: <45DF1FFB.7080000@chapman.edu> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DF1FFB.7080000@chapman.edu> Message-ID: <45DF35EE.5020900@pa.net> Jay Chandler wrote: > > So... what do I try next? > What are the permissions on the "held" queue files? Is the execute bit set? Leland From chandler.lists at chapman.edu Fri Feb 23 19:51:43 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Fri Feb 23 18:56:54 2007 Subject: Postfix Queue question In-Reply-To: <45DF35EE.5020900@pa.net> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DF1FFB.7080000@chapman.edu> <45DF35EE.5020900@pa.net> Message-ID: <45DF37BF.5070809@chapman.edu> Leland J. Steinke wrote: > Jay Chandler wrote: >> >> So... what do I try next? >> > > What are the permissions on the "held" queue files? Is the execute > bit set? > -rwx------ -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler@chapman.edu Today's Excuse: You put the disk in upside down. From am.lists at gmail.com Fri Feb 23 19:51:57 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 18:57:05 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <20070223131712.50c790ed@localhost> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> <25a66d840702230730s3e318ac7gfa56d7524e601678@mail.gmail.com> <20070223131712.50c790ed@localhost> Message-ID: <25a66d840702231051k336bfe3er529458b62c0d1abc@mail.gmail.com> On 2/23/07, Gerard Seibert wrote: > > > What's your MTA? Each goes about whitelisting in its own way... > > Sorry, I should have said. It's Postfix 2.2.2. > This question might be appropriate for the Postfix forum. Actually, Gerard, I'm not wanting Postfix to block it at the MTA, I'm more interested in having MailScanner's ability to weigh/score the given RBL rather than just having Postfix deny it at the door, so to speak. But thanks for the references, I'll read up on those. Angelo From gerard at seibercom.net Fri Feb 23 20:07:33 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Fri Feb 23 19:12:43 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <25a66d840702231051k336bfe3er529458b62c0d1abc@mail.gmail.com> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> <25a66d840702230730s3e318ac7gfa56d7524e601678@mail.gmail.com> <20070223131712.50c790ed@localhost> <25a66d840702231051k336bfe3er529458b62c0d1abc@mail.gmail.com> Message-ID: <20070223140733.188a0fa6@localhost> On Fri, 23 Feb 2007 13:51:57 -0500 "am.lists" wrote: > Actually, Gerard, I'm not wanting Postfix to block it at the MTA, I'm > more interested in having MailScanner's ability to weigh/score the > given RBL rather than just having Postfix deny it at the door, so to > speak. > > But thanks for the references, I'll read up on those. Maybe I am misunderstanding you; however, you did mention 'white-listing'. You would need to insure that Postfix does not block your intended audience to insure that it does in fact reach MailScanner. Of course, if you are not blocking at the MTA, that is not really a concern. Personally, I block the obvious, such as 'open relays' before they even get in the door. -- Gerard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070223/25a03ada/signature-0001.bin From bpumphrey at woodmclaw.com Fri Feb 23 20:08:16 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Fri Feb 23 19:13:29 2007 Subject: Fixing Bayes In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D150241A4C2@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > Sent: Friday, February 23, 2007 12:07 PM > To: MailScanner discussion > Subject: RE: Fixing Bayes > > Billy A. Pumphrey wrote: > > I spent quite a bit of time searching the archives; there is a ton of > > stuff there. I know the answer is there but I am just terrible at > > searching I guess. Please entertain my basic question. > > > > My bayes is causing a lot of false positives. I am guessing that I > > need to rebuild my bayes database. I do have: > > Rebuild Bayes Every = 432000 > > Wait During Bayes Rebuild = yes (was no until about 15 minutes ago > > when I found on the archive searching that this should be yes) > > > > Here is what I did, let me know if this is what I needed to do. I got > > the starter database from http://www.fsl.com/support.html and placed > > those files in /etc/MailScanner/bayes. > > > > Is that all that I need to do? > > > > Thank you > > Assuming the permissions are correct that should pretty much do it. The > starter kit will begin to learn as new ham/spam comes in. It is based > on older spam, and your spam profile may not match fsl's, but it'll > learn fast. Are you using MailWatch along with MailScanner? There's > tools in there to monitor the health of your bayes database (as well as > other things). > > My bayes database was corrupted some time back and I replaced it with > the starter kit. Immediately saw improvement in the spam catching... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > -- Ok, looks like I got it. I did have to reset the permissions. I found online a permission setting of: Chmod -R 770 /etc/MailScanner/bayes Before doing that the bayes in mailwatch would not show up. After doing the permissions ayes did show up. Bayes Database Information Number of Spam Messages: 1,963 Number of Ham Messages: 313 Number of Tokens: 158,099 Oldest Token: Tue, 29 Apr 2003 15:25:43 -0500 Newest Token: Fri, 23 Feb 2007 13:39:54 -0500 Last Journal Sync: Fri, 23 Feb 2007 13:37:00 -0500 Last Expiry: Wed, 31 Dec 1969 19:00:00 -0500 Last Expiry Reduction Count: 0 tokens Indeed I am using mailwatch. Thank you for your help. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From am.lists at gmail.com Fri Feb 23 20:20:40 2007 From: am.lists at gmail.com (am.lists) Date: Fri Feb 23 19:25:50 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <20070223140733.188a0fa6@localhost> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> <25a66d840702230730s3e318ac7gfa56d7524e601678@mail.gmail.com> <20070223131712.50c790ed@localhost> <25a66d840702231051k336bfe3er529458b62c0d1abc@mail.gmail.com> <20070223140733.188a0fa6@localhost> Message-ID: <25a66d840702231120qc49f854r917ac80396a90621@mail.gmail.com> On 2/23/07, Gerard Seibert wrote: > Maybe I am misunderstanding you; however, you did mention > 'white-listing'. You would need to insure that Postfix does not block > your intended audience to insure that it does in fact reach MailScanner. > Of course, if you are not blocking at the MTA, that is not really a > concern. Personally, I block the obvious, such as 'open relays' before > they even get in the door. Sorry Gerard, My mistake. Yes, I'm talking about whitelisting. But really, to put it into simple terms, I don't want MailScanner to automatically flag certain things (RBL failure being the case in point) to flat 'definitely is spam' for things that I can put on a whitelist. My main concern is this made up example of someone like an Avon salesperson using their AOL account to send special offer mail to everyone on their ditribution list. Of course it's spam to me based on my content rules (such as talking about offers, low price, limited time, etc.) but because I have to whitelist AOL to get the legit mail past the RBL blocks, I don't want this particular mail to get a free pass. Hopefully that's more clear. Sorry, it's Friday and I've only had one cup of coffee. From amujicaz at gmail.com Fri Feb 23 22:10:40 2007 From: amujicaz at gmail.com (Andres) Date: Fri Feb 23 21:20:16 2007 Subject: Solaris 10 and Java Enterprise System Messaging Server Message-ID: Hello all! I need some info about using mailscanner on solaris 10 and Java Enterprise System Messaging Server Is it possible to use MailScanner with this? it's going to run on a SunFireT2000. Thanks for your info and pointers to further information. Regards, Andres From res at ausics.net Fri Feb 23 23:33:07 2007 From: res at ausics.net (Res) Date: Fri Feb 23 22:38:24 2007 Subject: Postfix Queue question In-Reply-To: <45DEDA41.6000105@netmagicsolutions.com> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DEDA41.6000105@netmagicsolutions.com> Message-ID: On Fri, 23 Feb 2007, Dhawal Doshy wrote: > Res wrote: >> >> why dont u guys use an MTA that works without the constant dramas ;) >> like sendmail or qmail :P > > We like better thrills than simply changing our lock types with every > release.. ohhhh never had to change them with qmail :P and only once with sendmail hehe but i think thats OK, not bad at all considering all the queue dramas postmix has ;) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From Kevin_Miller at ci.juneau.ak.us Sat Feb 24 00:47:36 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 23 23:52:47 2007 Subject: What happens when you archive... Message-ID: Right now I deep six all high scoring spam, quarantine regular spam for 30 days and forward ham to our Exchange server. I got to thinking, it would be cheap insurance to archive the ham for a couple weeks, in the odd event that the exchange server goes belly up in the middle of the night, after the backup has finished. Some mail would be lost, but if it's archived on the MailScanner box it would be safely there for me to just resend when the internal mail server is restored. I only want to archive the ham. The spam already is by virtue of the quarantine, and the high scoring spam is toast regardless. If I just set: Archive Mail = /var/spool/MailScanner/archive will that do it, or will I need to create a ruleset to only save the ham? Have a great weekend... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Sat Feb 24 00:58:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 24 00:04:24 2007 Subject: What happens when you archive... In-Reply-To: References: Message-ID: Kevin Miller spake the following on 2/23/2007 3:47 PM: > Right now I deep six all high scoring spam, quarantine regular spam for > 30 days and forward ham to our Exchange server. I got to thinking, it > would be cheap insurance to archive the ham for a couple weeks, in the > odd event that the exchange server goes belly up in the middle of the > night, after the backup has finished. Some mail would be lost, but if > it's archived on the MailScanner box it would be safely there for me to > just resend when the internal mail server is restored. > > I only want to archive the ham. The spam already is by virtue of the > quarantine, and the high scoring spam is toast regardless. If I just > set: > Archive Mail = /var/spool/MailScanner/archive > will that do it, or will I need to create a ruleset to only save the > ham? > > Have a great weekend... > > ...Kevin I think that will archive "everything", ham, spam, and high scoring. You could have a forward rule in non-spam actions to a local mail account on the mailscanner machine. It would be up to you to parse that back out to the exchange server if needed. Or you could use a store rule on your non-spam actions, and let the quarantine rules take care of the older stuff. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From drew at technologytiger.net Sat Feb 24 11:58:13 2007 From: drew at technologytiger.net (Drew Marshall) Date: Sat Feb 24 11:03:27 2007 Subject: Postfix Queue question In-Reply-To: References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DEDA41.6000105@netmagicsolutions.com> Message-ID: On 23 Feb 2007, at 22:33, Res wrote: > On Fri, 23 Feb 2007, Dhawal Doshy wrote: > >> Res wrote: >>> why dont u guys use an MTA that works without the constant dramas ;) >>> like sendmail or qmail :P >> >> We like better thrills than simply changing our lock types with >> every release.. > > ohhhh never had to change them with qmail :P > and only once with sendmail hehe > but i think thats OK, not bad at all considering all the queue > dramas postmix has ;) Postfix doesn't do dramas, it's more a soap opera :) I'll leave you to work out the characters and who plays them ;) Like all good soaps we all know that through a 5 year cycle every body will end up having some form of intimate relationship with everyone else before having a huge bust up (Rinse and repeat). We have seen the bust up, must be nearly time for the PF/ MS world to start loving each other soon (Not totally sure this is an image I wish to continue to visualise. Julian and Wietse transcending all boundaries...) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From email at ace.net.au Sat Feb 24 16:14:47 2007 From: email at ace.net.au (Peter Nitschke) Date: Sat Feb 24 15:20:51 2007 Subject: What happens when you archive... In-Reply-To: References: Message-ID: <200702250144470933.1C19E8D5@smtp1.ace.net.au> On 23/02/2007 at 2:47 PM Kevin Miller wrote: >Right now I deep six all high scoring spam, quarantine regular spam for >30 days and forward ham to our Exchange server. I got to thinking, it >would be cheap insurance to archive the ham for a couple weeks, in the >odd event that the exchange server goes belly up in the middle of the >night, after the backup has finished. Some mail would be lost, but if >it's archived on the MailScanner box it would be safely there for me to >just resend when the internal mail server is restored. > >I only want to archive the ham. The spam already is by virtue of the >quarantine, and the high scoring spam is toast regardless. If I just >set: > Archive Mail = /var/spool/MailScanner/archive >will that do it, or will I need to create a ruleset to only save the >ham? > >Have a great weekend... > >...Kevin I use qf/df files, so just setting: Non Spam Actions = store deliver Means that ham gets quarantined as well (into a seperate folder), so I could dump them back into the system any time I liked. You would need to adjust your clean-quarantine script if you wanted them kept for a different time to your spam quarantine. Peter From res at ausics.net Sat Feb 24 23:12:22 2007 From: res at ausics.net (Res) Date: Sat Feb 24 22:17:40 2007 Subject: Postfix Queue question In-Reply-To: References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DEDA41.6000105@netmagicsolutions.com> Message-ID: On Sat, 24 Feb 2007, Drew Marshall wrote: >> ohhhh never had to change them with qmail :P >> and only once with sendmail hehe >> but i think thats OK, not bad at all considering all the queue dramas >> postmix has ;) > > Postfix doesn't do dramas, it's more a soap opera :) hahahaha, I'll pay that one, you go to top of the class > > I'll leave you to work out the characters and who plays them ;) LOL, yeah we best not mention any names, they'll expect royalties or something :) > nearly time for the PF/ MS world to start loving each other soon (Not totally > sure this is an image I wish to continue to visualise. Julian and Wietse > transcending all boundaries...) That will be the day, maybe when he falls out with the amav... mate of his that helps him attack MS on his list. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From brent.bolin at gmail.com Sun Feb 25 16:35:16 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 25 15:40:31 2007 Subject: Webmail on localhost is not being scanned by MailScanner Message-ID: <787dcac20702250735k7fe4e77dt301a006cfef46436@mail.gmail.com> I have just noticed mail sent from SquirrelMail running on the same box that MailScanner runs on is not being scanned. Modified MailScanner.conf to include a file containing ques Incoming Queue Dir = /usr/local/etc/MailScanner/mqueue.in.list.conf /var/spool/mqueue.in /var/spool/clientmqueue Here are my sendmail processes - sendmail: accepting connections (sendmail) sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) sendmail: accepting connections (sendmail) sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) This kinda makes sense because sendmail needs to accept mail in a queue. MailScanner then needs to process and deliver back to sendmail for delivery. I believe that mail generated on the localhost uses clientmqueue, but I don't think MailScanner is working correctly with sendmail to accomplish this. What am I missing ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070225/e79558d4/attachment.html From shuttlebox at gmail.com Sun Feb 25 17:07:05 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Feb 25 16:12:22 2007 Subject: Solaris 10 and Java Enterprise System Messaging Server In-Reply-To: References: Message-ID: <625385e30702250807j2cb55ee4j4249f8c302ab8398@mail.gmail.com> On 2/23/07, Andres wrote: > Hello all! > > I need some info about using mailscanner on solaris 10 and Java Enterprise > System Messaging Server > > Is it possible to use MailScanner with this? > > it's going to run on a SunFireT2000. > > Thanks for your info and pointers to further information. Isn't Java Enterprise System Messaging Server the equivalent of Exchange, Notes and so on? Then it doesn't matter for MailScanner since it just delivers the mail to your system of choice. The normal setup is an internet-facing MTA running e.g. Sendmail and MailScanner delivering mail to the internal mail system. -- /peter From glenn.steen at gmail.com Sun Feb 25 21:45:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 25 20:50:28 2007 Subject: Dealing with large ISP Mailers In-Reply-To: <25a66d840702231120qc49f854r917ac80396a90621@mail.gmail.com> References: <25a66d840702230635t2a4314d2t9f7423fd32a0b465@mail.gmail.com> <45DF0762.8000405@nkpanama.com> <25a66d840702230730s3e318ac7gfa56d7524e601678@mail.gmail.com> <20070223131712.50c790ed@localhost> <25a66d840702231051k336bfe3er529458b62c0d1abc@mail.gmail.com> <20070223140733.188a0fa6@localhost> <25a66d840702231120qc49f854r917ac80396a90621@mail.gmail.com> Message-ID: <223f97700702251245g58ce2ad2x4acb08c5ecb65a92@mail.gmail.com> On 23/02/07, am.lists wrote: > On 2/23/07, Gerard Seibert wrote: > > Maybe I am misunderstanding you; however, you did mention > > 'white-listing'. You would need to insure that Postfix does not block > > your intended audience to insure that it does in fact reach MailScanner. > > Of course, if you are not blocking at the MTA, that is not really a > > concern. Personally, I block the obvious, such as 'open relays' before > > they even get in the door. > > > Sorry Gerard, My mistake. Yes, I'm talking about whitelisting. But > really, to put it into simple terms, I don't want MailScanner to > automatically flag certain things (RBL failure being the case in > point) to flat 'definitely is spam' for things that I can put on a > whitelist. My main concern is this made up example of someone like an > Avon salesperson using their AOL account to send special offer mail to > everyone on their ditribution list. Of course it's spam to me based on > my content rules (such as talking about offers, low price, limited > time, etc.) but because I have to whitelist AOL to get the legit mail > past the RBL blocks, I don't want this particular mail to get a free > pass. > > Hopefully that's more clear. Sorry, it's Friday and I've only had one > cup of coffee. Look into the SpamAssassin "defailt whitelist" things... Either use the rcvd_from or spf one for that particular mx... The whole problem seems to be entirely SA, at least from afar:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Feb 25 21:51:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 25 20:56:59 2007 Subject: Postfix Queue question In-Reply-To: <45DF1FFB.7080000@chapman.edu> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DF1FFB.7080000@chapman.edu> Message-ID: <223f97700702251251n78a4b916hde54246a520484c@mail.gmail.com> On 23/02/07, Jay Chandler wrote: > Glenn Steen wrote: > > On 23/02/07, Jay Chandler wrote: > >> Howdy. > >> > >> I realize this isn't a MailScanner question directly, but if I take it > >> to the Postfix list they'll start screaming about queue message > >> corruption. > >> > >> I have an outbound server that has a couple messages from three to four > >> weeks ago stuck in its HOLD queue. What could cause something like > >> this? I'll provide any information that you request... > >> > > Does postcat work on them? > Let's see... > > The one from Jan 31 is a non-delivery report that's 4.3 megs long, and > postcat seems to work just fine. > In fact, Postcat seems to work on all of them. > > So... what do I try next? Running MS in debug doesn't show anything? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Feb 25 21:57:01 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 25 21:02:18 2007 Subject: Webmail on localhost is not being scanned by MailScanner In-Reply-To: <787dcac20702250735k7fe4e77dt301a006cfef46436@mail.gmail.com> References: <787dcac20702250735k7fe4e77dt301a006cfef46436@mail.gmail.com> Message-ID: <223f97700702251257x799779f3h7318e04cb006e09a@mail.gmail.com> On 25/02/07, BB wrote: > > I have just noticed mail sent from SquirrelMail running on the same box that > MailScanner runs on is not being scanned. > > Modified MailScanner.conf to include a file containing ques > > Incoming Queue Dir = > /usr/local/etc/MailScanner/mqueue.in.list.conf > /var/spool/mqueue.in > /var/spool/clientmqueue > > > Here are my sendmail processes - > sendmail: accepting connections (sendmail) > sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) > sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) > sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) > sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) > sendmail: accepting connections (sendmail) > sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) > > > This kinda makes sense because sendmail needs to accept mail in a queue. > MailScanner then needs to process and deliver back to sendmail for delivery. > > I believe that mail generated on the localhost uses clientmqueue, but I > don't think MailScanner is working correctly with sendmail to accomplish > this. > > What am I missing ? > I'm surely no Sendmail guru, but ... can't you just set squirrelmail to send "via the front gate" instead (meaning that you use the fqdn/IP of the real IF instead of loopback/localhost)? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brent.bolin at gmail.com Sun Feb 25 22:10:56 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 25 21:16:12 2007 Subject: Webmail on localhost is not being scanned by MailScanner In-Reply-To: <223f97700702251257x799779f3h7318e04cb006e09a@mail.gmail.com> References: <787dcac20702250735k7fe4e77dt301a006cfef46436@mail.gmail.com> <223f97700702251257x799779f3h7318e04cb006e09a@mail.gmail.com> Message-ID: <787dcac20702251310t682356e5qa8ce96fe9c9c8811@mail.gmail.com> You crazy sweed what ever would make you think that would work. It did! tku On 2/25/07, Glenn Steen wrote: > > On 25/02/07, BB wrote: > > > > I have just noticed mail sent from SquirrelMail running on the same box > that > > MailScanner runs on is not being scanned. > > > > Modified MailScanner.conf to include a file containing ques > > > > Incoming Queue Dir = > > /usr/local/etc/MailScanner/mqueue.in.list.conf > > /var/spool/mqueue.in > > /var/spool/clientmqueue > > > > > > Here are my sendmail processes - > > sendmail: accepting connections (sendmail) > > sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) > > sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) > > sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) > > sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) > > sendmail: accepting connections (sendmail) > > sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) > > > > > > This kinda makes sense because sendmail needs to accept mail in a queue. > > MailScanner then needs to process and deliver back to sendmail for > delivery. > > > > I believe that mail generated on the localhost uses clientmqueue, but I > > don't think MailScanner is working correctly with sendmail to accomplish > > this. > > > > What am I missing ? > > > I'm surely no Sendmail guru, but ... can't you just set squirrelmail > to send "via the front gate" instead (meaning that you use the fqdn/IP > of the real IF instead of loopback/localhost)? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070225/8cacf225/attachment.html From holger at noefer.org Sun Feb 25 22:17:27 2007 From: holger at noefer.org (Holger =?iso-8859-1?Q?N=F6fer?=) Date: Sun Feb 25 21:22:57 2007 Subject: Webmail on localhost is not being scanned by MailScanner In-Reply-To: <787dcac20702250735k7fe4e77dt301a006cfef46436@mail.gmail.co m> References: <787dcac20702250735k7fe4e77dt301a006cfef46436@mail.gmail.com> Message-ID: <20070225211733.5B86DCE304B6@mail.noefer.org> Hi, what do you mean with not scanned? Not beeing sent by sendmail or not scanned for spam, filetypes and so on? Have a look at /etc/MailScanner/rules/scan.messages.rules Perhaps 127.0.0.1 is set to no. Best regards, Holger At 16:35 25.02.2007, you wrote: >I have just noticed mail sent from SquirrelMail running on the same >box that MailScanner runs on is not being scanned. > >Modified MailScanner.conf to include a file containing ques > >Incoming Queue Dir = /usr/local/etc/MailScanner/mqueue.in.list.conf >/var/spool/mqueue.in >/var/spool/clientmqueue > > >Here are my sendmail processes - >sendmail: accepting connections (sendmail) >sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) >sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) >sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) >sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) >sendmail: accepting connections (sendmail) >sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) > > >This kinda makes sense because sendmail needs to accept mail in a >queue. MailScanner then needs to process and deliver back to >sendmail for delivery. > >I believe that mail generated on the localhost uses clientmqueue, >but I don't think MailScanner is working correctly with sendmail to >accomplish this. > >What am I missing ? >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Sun Feb 25 22:27:19 2007 From: brent.bolin at gmail.com (BB) Date: Sun Feb 25 21:32:35 2007 Subject: Webmail on localhost is not being scanned by MailScanner In-Reply-To: <20070225211733.5B86DCE304B6@mail.noefer.org> References: <787dcac20702250735k7fe4e77dt301a006cfef46436@mail.gmail.com> <20070225211733.5B86DCE304B6@mail.noefer.org> Message-ID: <787dcac20702251327v60b8bd57x9b4c10e3146bdf19@mail.gmail.com> It has to do with the queue it drops into from the localhost. localhost mail is sent to /var/spool/clientmqueue That is never scanned by MailScanner. As noted in a previous thread, Glenn's suggestion worked. The default configuration for SquirrelMail wants to use localhost:25 On 2/25/07, Holger N?fer wrote: > > Hi, > > what do you mean with not scanned? > Not beeing sent by sendmail or not scanned for spam, filetypes and so on? > > Have a look at /etc/MailScanner/rules/scan.messages.rules > > Perhaps 127.0.0.1 is set to no. > > Best regards, > Holger > > At 16:35 25.02.2007, you wrote: > > >I have just noticed mail sent from SquirrelMail running on the same > >box that MailScanner runs on is not being scanned. > > > >Modified MailScanner.conf to include a file containing ques > > > >Incoming Queue Dir = /usr/local/etc/MailScanner/mqueue.in.list.conf > >/var/spool/mqueue.in > >/var/spool/clientmqueue > > > > > >Here are my sendmail processes - > >sendmail: accepting connections (sendmail) > >sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) > >sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) > >sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) > >sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) > >sendmail: accepting connections (sendmail) > >sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) > > > > > >This kinda makes sense because sendmail needs to accept mail in a > >queue. MailScanner then needs to process and deliver back to > >sendmail for delivery. > > > >I believe that mail generated on the localhost uses clientmqueue, > >but I don't think MailScanner is working correctly with sendmail to > >accomplish this. > > > >What am I missing ? > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070225/13f0c092/attachment.html From hden at kcbbs.gen.nz Mon Feb 26 02:23:50 2007 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Mon Feb 26 01:10:06 2007 Subject: Further clarification please In-Reply-To: <223f97700702251251n78a4b916hde54246a520484c@mail.gmail.com> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DF1FFB.7080000@chapman.edu> <223f97700702251251n78a4b916hde54246a520484c@mail.gmail.com> Message-ID: <20070226012350.GA6697@mew.kcbbs.gen.nz> In whitelist rules, is the use of '' correct, or are contributors being careful and avoiding the '@' i.e. is From * *.domain.com yes correct, or do we need to use From *@*.domain.com yes Clarification appreciated... Cheers! Dave From res at ausics.net Mon Feb 26 02:52:12 2007 From: res at ausics.net (Res) Date: Mon Feb 26 01:57:35 2007 Subject: Further clarification please In-Reply-To: <20070226012350.GA6697@mew.kcbbs.gen.nz> References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DF1FFB.7080000@chapman.edu> <223f97700702251251n78a4b916hde54246a520484c@mail.gmail.com> <20070226012350.GA6697@mew.kcbbs.gen.nz> Message-ID: On Mon, 26 Feb 2007, Hendrik den Hartog wrote: > In whitelist rules, is the use of '' correct, or are contributors > being careful and avoiding the '@' > > From *@*.domain.com yes This is the correct method -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From hden at kcbbs.gen.nz Mon Feb 26 07:44:39 2007 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Mon Feb 26 06:30:58 2007 Subject: Further clarification please In-Reply-To: References: <45DEA42B.7010306@chapman.edu> <223f97700702230044r597ebb8j4b92b20b5df4441f@mail.gmail.com> <45DF1FFB.7080000@chapman.edu> <223f97700702251251n78a4b916hde54246a520484c@mail.gmail.com> <20070226012350.GA6697@mew.kcbbs.gen.nz> Message-ID: <20070226064439.GA6788@mew.kcbbs.gen.nz> Res, thanks [again]. Clarification appreciated! Cheers! Dave On Mon, Feb 26, 2007 at 11:52:12AM +1000, Res wrote: > On Mon, 26 Feb 2007, Hendrik den Hartog wrote: > > >In whitelist rules, is the use of '' correct, or are contributors > >being careful and avoiding the '@' > > > > From *@*.domain.com yes > > This is the correct method > > -- > Cheers > Res > > "We can be Heroes, just for one day" - Davey (Jones) Bowie > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From joakim at cefalk.com Mon Feb 26 13:39:16 2007 From: joakim at cefalk.com (Joakim Cefalk) Date: Mon Feb 26 12:47:15 2007 Subject: How often need bayes to be rebuild Message-ID: <45E2D4F4.3070203@cefalk.com> Hello! I have not rebuild my bayes db since i started to using it in 2005. I have only 200 messages a day, about 30% i high scoring spam and 5-10% low scoring. What should i set my "Rebuild Bayes Every" to? I'm using MySQL as storage for the bayes db. Joakim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/c3a3f161/attachment.html From emreersin at baskent.edu.tr Mon Feb 26 14:52:06 2007 From: emreersin at baskent.edu.tr (Emre Ersin) Date: Mon Feb 26 13:57:22 2007 Subject: MailScanner stopped using spamassassin In-Reply-To: <20070223140733.188a0fa6@localhost> Message-ID: <20070226135200.472C73846F8@ankara.baskent.edu.tr> Hi, I am using postfix(rpm)+mailscanner(targz)+sa(rpm)+clamav(targz) on RHEL4 and now (for a week) mailscanner completely stopped using spamassassin. "MailScanner --lint" shows no problem. There is not any error in any of the log files. Where do I have to look? From Phil.Udel at SalemCorp.com Mon Feb 26 15:48:30 2007 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Mon Feb 26 14:54:09 2007 Subject: A Ton Of Spam This Weekend Message-ID: <200702261448.l1QEmVrR012677@mail.salemcorp.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 14364 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/1583ca99/attachment.gif From TGFurnish at herffjones.com Mon Feb 26 16:34:37 2007 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Mon Feb 26 15:41:10 2007 Subject: wildcards in whitelist In-Reply-To: <223f97700702230035x71e8cb0fkc48104ff2b318c26@mail.gmail.com> Message-ID: <57573D714A832C43B9D80EAFBDA48D0302BAC8FF@inex3.herffjones.hj-int> Thanks, Glenn. I didn't even realize those options for the MailScanner executable existed. That'll be useful in the future. -- Trever > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Friday, February 23, 2007 3:35 AM > To: MailScanner discussion > Subject: Re: wildcards in whitelist > > On 22/02/07, Furnish, Trever G wrote: > > Aren't they supposed to be perl regexes, and in that case, doesn't > > .boo.com still match aboo.com? > > > > In perl (and most other regex implementations AFAIK) the period > > represents a single occurance of (almost) any character, so the > > following command line: > > > > echo aboo | perl -ne 'print "yes\n" if (/.boo/)' > > > > ...does in fact print "yes". If you don't want . to match 'any > > character', then you should escape it with a backslash. > > > > Actually I've wondered frequently whether this weren't a mistake in > > the MailScanner examples, but have never taken the time to > > go through > > the code and decide for certain. There is an occurance of > > "\." in the > > rules/EXAMPLES file for escaping the periods between octets > > in an ip > > address. I don't see anything to indicate that it > > shouldn't also be > > used between domain parts. > You can actually test this;-). > Observe: > ----- > # MailScanner --changed|grep virusscanning > virusscanning yes RULESET:Default=yes > # grep glenn.steen /etc/MailScanner/rules/virus.whitelist.rules > From: glenn.steen@aa.ap1.se no > # MailScanner --from=glenn.steen@aa.ap1.se > --to=glenn.steen@ap1.se --value=virusscanning Looked up > internal option name "virusscan" > With sender = glenn.steen@aa.ap1.se > recipient = glenn.steen@ap1.se > Client IP = > Virus = > Result is "0" > > 0=No 1=Yes > # MailScanner --from=glenn.steen@aaaap1.se > --to=glenn.steen@ap1.se --value=virusscanning Looked up > internal option name "virusscan" > With sender = glenn.steen@aaaap1.se > recipient = glenn.steen@ap1.se > Client IP = > Virus = > Result is "1" > > 0=No 1=Yes > # > ----- > So the answer is: No, that is not straight perl REs, if you > want that you need enclose the RE in slashes like > /.*@example.net/ (btw, a lone asterisk is _not_ a generic > glob-like wildcard in perl, it is a "0 or more" repetition > indicator... sort of a shorthand for {0,} ... You do need > tell perl _what_ to repeat;-). > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From john at katy.com Mon Feb 26 16:51:21 2007 From: john at katy.com (John Schmerold) Date: Mon Feb 26 15:56:45 2007 Subject: A Ton Of Spam This Weekend In-Reply-To: <200702261448.l1QEmVrR012677@mail.salemcorp.com> References: <200702261448.l1QEmVrR012677@mail.salemcorp.com> Message-ID: <45E301F9.5020303@katy.com> We seem to be catching most of them, however our Ham / SPAM ratio is running 1-2% it makes me real nervous about false positives, though we really haven't seen evidence of false positives. John Schmerold Katy Computer & Wireless 347 Clarkson Rd Ellisville MO 63011 636-861-6900 v 775-227-6947 f Phil Udel wrote: > For some reason We got dumped on this weekend. and not sure why. Has > this happened to anyone else? > > Running.. > Cent OS > MS 4.55 > SA 3.1.8 > Most of the SARE Configs > > They all look like this for the most part; > > Return-Path: > > Received: from flexibleart.net ([201.36.168.172]) > by mail.salemcorp.com (8.13.1/8.13.1) with SMTP id l1QD4R33024364; > Mon, 26 Feb 2007 08:04:36 -0500 > Message-ID: > > From: "Lakesha" > > To: "Lavonda Fuller" > > Cc: "Jene Grant" >, > "Alane Franklin" >, > "Jade Kelly" >, > "Tamra Kelly" > > Subject: Any New Ideas > Date: Mon, 26 Feb 2007 03:39:28 -0900 > MIME-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="----=_NextPart_015_EFC4_926356FC.B5031013" > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 5.50.4522.1200 > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 > X-SalemCorp-MailScanner-Information: Please contact the ISP for more > information > X-SalemCorp-MailScanner: Found to be clean > X-SalemCorp-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=2.96, required 5, INLINE_IMAGE 1.50, MY_CID_AND_STYLE 0.71, > SARE_GIF_ATTACH 0.75) > X-SalemCorp-MailScanner-SpamScore: ss > X-SalemCorp-MailScanner-From: sfnuhoaj@flexibleart.net > > X-SalemCorp-Spam-Status: No > > > > > From tjc at ecs.soton.ac.uk Mon Feb 26 17:36:37 2007 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Mon Feb 26 16:42:18 2007 Subject: Julian Field in hospital Message-ID: <20070226163637.GC29278@login.ecs.soton.ac.uk> Hi, I work with Jules at the University of Southampton and sadly we have to report that he was admitted to hospital on Friday having been found collapsed at home. He's currently in a critical condition in hospital, but is stable. Obviously there will not be any mailscanner development or maintenence by Jules for the immediate future, but we hope everyone on this list will join us in wishing him all the best towards a full recovery. We'll let the list know of significant changes in his condition, and in due course where get well messages or cards can be sent. If someone here has permissions to post the message on to the mailscanner announce list, please do so. -- Tim From Kevin_Miller at ci.juneau.ak.us Mon Feb 26 17:37:18 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Feb 26 16:42:34 2007 Subject: What happens when you archive... In-Reply-To: <200702250144470933.1C19E8D5@smtp1.ace.net.au> References: <200702250144470933.1C19E8D5@smtp1.ace.net.au> Message-ID: Peter Nitschke wrote: > On 23/02/2007 at 2:47 PM Kevin Miller wrote: snip > > I use qf/df files, so just setting: > > Non Spam Actions = store deliver > > Means that ham gets quarantined as well (into a seperate folder), so I > could dump them back into the system any time I liked. > > You would need to adjust your clean-quarantine script if you wanted > them kept for a different time to your spam quarantine. Thanks Peter, that should work. I'm running sendmail so have the qf/df files as well. What folder will the ham get dumped in by default? Or do I need to specify where? I presume I'd do that with the "Archive Mail = /var/spool/MailScanner/archive" configuration option? Appreciate the help... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From a.peacock at chime.ucl.ac.uk Mon Feb 26 17:45:40 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Feb 26 16:51:16 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E30EB4.7060001@chime.ucl.ac.uk> Hi, Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. I am very sorry to hear this. My thoughts are with Jules at this time. Wishing him a speedy recovery. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From uxbod at splatnix.net Mon Feb 26 17:44:58 2007 From: uxbod at splatnix.net (uxbod) Date: Mon Feb 26 16:52:51 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <415ce93f601726719efc7811db9cd40a@62.49.223.244> No, the SPAM got Julian :( On a serious note Jules, I do hope you get better soon and I am sure that is a heart felt feeling from the whole community. Best wishes, UxBoD -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raymond at prolocation.net Mon Feb 26 17:51:21 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Feb 26 16:56:37 2007 Subject: Julian Field in hospital In-Reply-To: <45E30EB4.7060001@chime.ucl.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E30EB4.7060001@chime.ucl.ac.uk> Message-ID: Hi! >> He's currently in a critical condition in hospital, but is stable. >> >> Obviously there will not be any mailscanner development or maintenence >> by Jules for the immediate future, but we hope everyone on this list >> will join us in wishing him all the best towards a full recovery. >> >> We'll let the list know of significant changes in his condition, and >> in due course where get well messages or cards can be sent. >> >> If someone here has permissions to post the message on to the mailscanner >> announce list, please do so. > I am very sorry to hear this. My thoughts are with Jules at this time. > Wishing him a speedy recovery. If there is anything we can do, you Julian or his familly please tell. All the best the comming days. News like aint things people wanne read about, it sadely happens anyway. All the best Julian! A guy like you should not be in the hospital at all, sad you cant write perl code to block human virusses. On mail you are the best. Bye, Raymond. From AHKAPLAN at PARTNERS.ORG Mon Feb 26 17:50:54 2007 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Feb 26 16:56:39 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <9C63A4713C4E3342B90428CE44806A7302679C33@PHSXMB5.partners.org> God speed to Julian for a complete recovery from whatever ails him. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tim Chown Sent: Monday, February 26, 2007 11:37 AM To: mailscanner@lists.mailscanner.info Subject: Julian Field in hospital Hi, I work with Jules at the University of Southampton and sadly we have to report that he was admitted to hospital on Friday having been found collapsed at home. He's currently in a critical condition in hospital, but is stable. Obviously there will not be any mailscanner development or maintenence by Jules for the immediate future, but we hope everyone on this list will join us in wishing him all the best towards a full recovery. We'll let the list know of significant changes in his condition, and in due course where get well messages or cards can be sent. If someone here has permissions to post the message on to the mailscanner announce list, please do so. -- Tim -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. From bpumphrey at woodmclaw.com Mon Feb 26 18:02:06 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Mon Feb 26 17:07:36 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <04D932B0071FE34FA63EBB1977B48D150241A749@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Tim Chown > Sent: Monday, February 26, 2007 11:37 AM > To: mailscanner@lists.mailscanner.info > Subject: Julian Field in hospital > > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > -- > Tim > -- Thank you for letting us know. I look forward to hearing that you are recovered Julian. Thank you for your work and get better soon. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rabellino at di.unito.it Mon Feb 26 18:10:48 2007 From: rabellino at di.unito.it (Rabellino Sergio) Date: Mon Feb 26 17:16:30 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E31498.1010801@di.unito.it> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > 'Cause my poor english knowledge, i can't find the right words to say what I think about. Be with us as soon as possible ! -- Ing. Sergio Rabellino Head of ICT Services Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From ka at pacific.net Mon Feb 26 18:16:28 2007 From: ka at pacific.net (Ken A) Date: Mon Feb 26 17:17:51 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E315EC.7040800@pacific.net> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > Very sad to hear this. Our prayers are with Julian and his family. Ken A. > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > From ka at pacific.net Mon Feb 26 18:16:36 2007 From: ka at pacific.net (Ken A) Date: Mon Feb 26 17:17:59 2007 Subject: A Ton Of Spam This Weekend In-Reply-To: <200702261448.l1QEmVrR012677@mail.salemcorp.com> References: <200702261448.l1QEmVrR012677@mail.salemcorp.com> Message-ID: <45E315F4.9040200@pacific.net> Phil Udel wrote: > For some reason We got dumped on this weekend. and not sure why. Has this > happened to anyone else? > > Running.. > Cent OS > MS 4.55 > SA 3.1.8 > Most of the SARE Configs No FuzzyOcr ? It's a pita to get going, and consumes a bit of cpu, but well worth it if you want to stomp this stuff. Ken A Pacific.Net > > They all look like this for the most part; > > Return-Path: > Received: from flexibleart.net ([201.36.168.172]) > by mail.salemcorp.com (8.13.1/8.13.1) with SMTP id l1QD4R33024364; > Mon, 26 Feb 2007 08:04:36 -0500 > Message-ID: > From: "Lakesha" > To: "Lavonda Fuller" > > Cc: "Jene Grant" >, > "Alane Franklin" >, > "Jade Kelly" >, > "Tamra Kelly" > > Subject: Any New Ideas > Date: Mon, 26 Feb 2007 03:39:28 -0900 > MIME-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="----=_NextPart_015_EFC4_926356FC.B5031013" > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 5.50.4522.1200 > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 > X-SalemCorp-MailScanner-Information: Please contact the ISP for more > information > X-SalemCorp-MailScanner: Found to be clean > X-SalemCorp-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=2.96, required 5, INLINE_IMAGE 1.50, MY_CID_AND_STYLE 0.71, > SARE_GIF_ATTACH 0.75) > X-SalemCorp-MailScanner-SpamScore: ss > X-SalemCorp-MailScanner-From: sfnuhoaj@flexibleart.net > X-SalemCorp-Spam-Status: No > > > > > > > From ugob at camo-route.com Mon Feb 26 18:12:37 2007 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Feb 26 17:18:27 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > Thanks for letting us know. I'm very sorry to hear that, and I wish him to heal as quickly as possible. Ugo From oliver at linux-kernel.at Mon Feb 26 18:16:38 2007 From: oliver at linux-kernel.at (Oliver Falk) Date: Mon Feb 26 17:22:05 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E315F6.8030605@linux-kernel.at> Am 2007-02-26 17:36, Tim Chown schrieb: > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. Best wished from Austria also. I hope he recovers soon! Best, Oiver From glenn.steen at gmail.com Mon Feb 26 18:23:45 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 26 17:29:07 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <223f97700702260923w27c0c647r58515162af4b6ac@mail.gmail.com> On 26/02/07, Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > Thank you Tim for letting us know. This is dire news indeed, in view of his medical condition. All we can do is hope, and pray, for a speedy recovery. I hope you will keep us posted on _any_ news Tim... Jules is very valued here, and we do care deeply about his health and well-being. Best regards -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From satya at fsl.com Mon Feb 26 18:27:46 2007 From: satya at fsl.com (SatyaDev Sharma) Date: Mon Feb 26 17:33:07 2007 Subject: Julian Field in hospital In-Reply-To: <45E315F6.8030605@linux-kernel.at> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E315F6.8030605@linux-kernel.at> Message-ID: <8d5fd62c0702260927v22793fa7t6fe8f628bfa48f8d@mail.gmail.com> Best wishes for Julian, and hope he recover very fast !! ~Satya !! FSL On 2/26/07, Oliver Falk wrote: > > Am 2007-02-26 17:36, Tim Chown schrieb: > > I work with Jules at the University of Southampton and sadly we have > > to report that he was admitted to hospital on Friday having been > > found collapsed at home. > > > > He's currently in a critical condition in hospital, but is stable. > > > > Obviously there will not be any mailscanner development or maintenence > > by Jules for the immediate future, but we hope everyone on this list > > will join us in wishing him all the best towards a full recovery. > > > > We'll let the list know of significant changes in his condition, and > > in due course where get well messages or cards can be sent. > > > > If someone here has permissions to post the message on to the > mailscanner > > announce list, please do so. > > Best wished from Austria also. I hope he recovers soon! > > Best, > Oiver > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/e6421c1b/attachment.html From roger at rudnick.com.br Mon Feb 26 18:31:27 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Mon Feb 26 17:37:14 2007 Subject: Julian Field in hospital References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E315F6.8030605@linux-kernel.at> Message-ID: <05cf01c759cb$f237e110$0600a8c0@roger> Our best wishes from Brazil too.Get better soon, Julian! > Am 2007-02-26 17:36, Tim Chown schrieb: >> I work with Jules at the University of Southampton and sadly we have to >> report that he was admitted to hospital on Friday having been found >> collapsed at home. >> >> He's currently in a critical condition in hospital, but is stable. >> >> Obviously there will not be any mailscanner development or maintenence >> by Jules for the immediate future, but we hope everyone on this list >> will join us in wishing him all the best towards a full recovery. >> >> We'll let the list know of significant changes in his condition, and >> in due course where get well messages or cards can be sent. >> >> If someone here has permissions to post the message on to the mailscanner >> announce list, please do so. From q at snj.ca Mon Feb 26 18:33:27 2007 From: q at snj.ca (Quintin Giesbrecht) Date: Mon Feb 26 17:39:33 2007 Subject: Julian Field in hospital In-Reply-To: <05cf01c759cb$f237e110$0600a8c0@roger> References: <20070226163637.GC29278@login.ecs.soton.ac.uk><45E315F6.8030605@linux-kernel.at> <05cf01c759cb$f237e110$0600a8c0@roger> Message-ID: <2BE78592B3B1824F97A2685E96221F6234EB25@mail.snj.mb.ca> Please accept my well-wishes on Julian's behalf. He will be in my prayers. Quintin Giesbrecht IT Manager ----- Smith Neufeld Jodoin LLP 85 PTH 12 North Steinbach, MB R5G 1A7 Office: 204.326.3442 Direct Line: 204.346.5106 q@snj.ca -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Roger Jochem Sent: Monday, February 26, 2007 11:31 AM To: MailScanner discussion Subject: Re: Julian Field in hospital Our best wishes from Brazil too.Get better soon, Julian! > Am 2007-02-26 17:36, Tim Chown schrieb: >> I work with Jules at the University of Southampton and sadly we have >> to report that he was admitted to hospital on Friday having been >> found collapsed at home. >> >> He's currently in a critical condition in hospital, but is stable. >> >> Obviously there will not be any mailscanner development or >> maintenence by Jules for the immediate future, but we hope everyone >> on this list will join us in wishing him all the best towards a full recovery. >> >> We'll let the list know of significant changes in his condition, and >> in due course where get well messages or cards can be sent. >> >> If someone here has permissions to post the message on to the >> mailscanner announce list, please do so. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From krice at tlcdelivers.com Mon Feb 26 18:26:55 2007 From: krice at tlcdelivers.com (Ken Rice) Date: Mon Feb 26 17:48:04 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: On Mon, 26 Feb 2007, Tim Chown wrote: > Date: Mon, 26 Feb 2007 16:36:37 +0000 > From: Tim Chown > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Julian Field in hospital > > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. A fine individual whose work benefits so many... We will add him to our prayers. Thank you for informing us, Ken Rice TLC > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > -- > Tim > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From KGoods at AIAInsurance.com Mon Feb 26 18:43:37 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon Feb 26 17:49:10 2007 Subject: Julian Field in hospital Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C291E8@aiainsurance.com> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the > mailscanner announce list, please do so. > > -- > Tim Very sorry to hear of your health problems Julian. I'm sure I can speak for everyone who reads this list when I say our prayers and positive thoughts are with you. You, along with the SA, Clam, BD, and other (too many to mention) developers, have affected literally millions of people in a positive way whether they know it or not. They don't have to deal with spam and viruses because of your wonderful work. Not to mention you have made email filtering much easier on the admins that already have to much on their plates. Please accept my personal eternal thanks. I really mean it when I say Get Well Soon! Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From drew at technologytiger.net Mon Feb 26 18:59:19 2007 From: drew at technologytiger.net (Drew Marshall) Date: Mon Feb 26 18:04:55 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <57010.194.70.180.170.1172512759.squirrel@www.technologytiger.net> On Mon, February 26, 2007 16:36, Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. Tim If you could pass my best wishes to Jules and wish him a speedy recovery. The Spam will be waiting for him when he gets back in to things and in the mean time, it can wait! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From alvaro at hostalia.com Mon Feb 26 19:01:44 2007 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Mon Feb 26 18:07:12 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E32088.6000103@hostalia.com> Hello :( Best wishes for Julian. I hope he recovers soon! Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From KGoods at AIAInsurance.com Mon Feb 26 19:17:35 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon Feb 26 18:23:08 2007 Subject: OT: Need some system advice please Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> Set up: Sendmail/Mailscanner/SA/Clamav/Bitdefender as a gateway to our internal Exchange Server serving several domains. Gateway server is designated secondary mailserver (MX 20) in DNS and the exchange server (which has both public and private IP's) is MX 10. All outbound mail is sent directly from the Exchange Server. (We're a small shop and not really concerned with scanning outbound mail. Inbound mail is routed to the MailScanner box by blocking port 25 to the Exchange Server from the big "I" (inbound mail then gets resent to the secondary). Goal: Have some of our Outlook users connect directly to our exchange server through our VPN (already implemented and working well), and have others that have no need for scheduling and calendar connect using POP to save resources and support calls. Problem: Using a guide (from where I can't remember) I have blocked port 25 inbound to our Exchange Server and this does a couple things. It cuts down the spam that is sent directly to the primary mail server as these are, for the most part, not resent to the secondary if a connection to the primary can't be made. It also keeps dictionary attacks from hitting our Exchange server. (I use virtusertables in sendmail on the filter box to only accept email to real users) But I need to allow the POP users to send outbound from the Primary (Exchange Server) and they can't do this with port 25 blocked. I do have port 110 open from the internet to the Exchange I like the idea of being able to open port 25 to the Exchange server if something goes wrong with the MailScanner box and have no interruption in mail, even though it wouldn't be scanned until the MailScanner box was up and running again. I like the way everything is set up now and it's working wonderfully so I'm not happy about the thought of changing the DNS MX records and making the MailScanner box the primary. For one thing, a lot of spam is sent directly to the secondary servers in the hopes that they would have no filtering done on them which would be the case here. This would increase spam getting through greatly. Possible solutions: As far as I know there are only a couple reasonable ways to do this. I'm sure there are many others that I haven't thought of and that's why I posted this here. I know this isn't the best place to post this type of question but the email admins on this list are the most knowledgeable and helpful I have found anywhere on the net. 1. Have Exchange inbound SMPT listen on an alternate port and configure the email clients to use this as their outgoing mail server port. Pros: Allows me to continue blocking port 25 to the Exchange Server from the internet. Fairly easy to implement. Cons: If something when wrong with the MailScanner box I would have to change the port back to 25 and open it to get regular mail and this would break the POP users accounts. It's possible (though not likely) that spammers could discover the port that SMTP is listening on and direct their spam to that port effectively rendering filtering useless. And there could be other problems that changing the SMTP port could do on an Exchange Server that I don't even know about. :) 2. Set up the MailScanner box to relay outgoing email from POP users (and/or possibly just set up mailboxes for all POP users and never have their mail even delivered to the Exchange Box. Pros: This would keep the POP user accounts completely off of the Exchange box which would be a Good Thing (tm). Cons: I'm not sure exactly how this would be accomplished. i.e. Can *some* users of the same domain have their email stored locally on the MailScanner box while the rest gets forwarded to the Exchange Server? Seems like this is possible but could be an administration nightmare. LDAP is not available (NT 4.0 domain controllers... I know... don't ask) :) If anyone has any ideas or offerings I'd be more than happy to hear them. Anyone done something similar? Keep in mind I'm only fairly comfortable with *nix boxes and have multiple systems to administer, AS400, Oracle server, a couple MS SQL servers, Citrix server, IIS, proxy server, SNA server, DNS, etc...etc... so whatever I come up with must be stable and semi-easy to administer and maintain. Thanks for any and all suggestions.... Kind Regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/7e202346/attachment.html From jfagan at firstlightnetworks.com Mon Feb 26 19:29:20 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Mon Feb 26 18:33:19 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F088E@FLN1.fln.local> All the best to Julian and a speedy recovery. Please let us know where we can send cards ect and if there is any other way to help. James From ssilva at sgvwater.com Mon Feb 26 19:33:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 26 18:39:04 2007 Subject: How often need bayes to be rebuild In-Reply-To: <45E2D4F4.3070203@cefalk.com> References: <45E2D4F4.3070203@cefalk.com> Message-ID: Joakim Cefalk spake the following on 2/26/2007 4:39 AM: > Hello! > > I have not rebuild my bayes db since i started to using it in 2005. I > have only 200 messages a day, about 30% i high scoring spam and 5-10% > low scoring. > What should i set my "Rebuild Bayes Every" to? I'm using MySQL as > storage for the bayes db. > > Joakim > I rebuild daily, and it only takes a minute or so. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Denis.Beauchemin at USherbrooke.ca Mon Feb 26 19:37:33 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Feb 26 18:43:03 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E328ED.7040500@USherbrooke.ca> This is a sad news... I join my voice to the other's in wishing Jules a speedy recovery. Denis Tim Chown a ?crit : > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/e8ab12a2/smime.bin From bbdokken at dokkenengineering.com Mon Feb 26 19:44:24 2007 From: bbdokken at dokkenengineering.com (Brad Dokken) Date: Mon Feb 26 18:49:25 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <5A3FEF92FC07F34B9EE30C0D139571643AFD92@monarchs.dokkenengineering.com> > > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the > mailscanner > announce list, please do so. > I hope you get better soon, Julian. Our thoughts and prayers are with you. Take care of yourself now and don't worry about MailScanner. Brad From G.Pentland at soton.ac.uk Mon Feb 26 19:45:28 2007 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Mon Feb 26 18:52:25 2007 Subject: Julian Field in hospital Message-ID: Obviously my thoughts are with Julian as well. Gary Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or > maintenence by Jules for the immediate future, but we hope everyone > on this list will join us in wishing him all the best towards a full > recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the > mailscanner announce list, please do so. > > -- > Tim From jimc at laridian.com Mon Feb 26 19:48:48 2007 From: jimc at laridian.com (Jim Coates) Date: Mon Feb 26 18:57:14 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <008701c759d6$c0b6d730$6501a8c0@zorak> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Tim Chown > Sent: Monday, February 26, 2007 10:37 AM > To: mailscanner@lists.mailscanner.info > Subject: Julian Field in hospital > > > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or > maintenence by Jules for the immediate future, but we hope > everyone on this list will join us in wishing him all the > best towards a full recovery. > > We'll let the list know of significant changes in his > condition, and in due course where get well messages or cards > can be sent. > > If someone here has permissions to post the message on to the > mailscanner announce list, please do so. > Jules, You have my prayers. Here's to a speedy recovery! Jim From ssilva at sgvwater.com Mon Feb 26 19:53:14 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 26 18:59:12 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: Tim Chown spake the following on 2/26/2007 8:36 AM: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > I would also like to join the chorus of well wishers! Get well Julian! Don't let the bad guys win! . . . . ... :``..': ... :``..': . . : ````.' :'': ````.' :''::' ':''' :'..``:':... . ..:.. : ..:.. : .'' : : '' : : : ''. ``. `: .``. `: .' : : : : :: : : : : : : : : : :: :: : : : : : : : : : : : : : : : : : : : : ...: : : : : :..'': : :..''''``::...::. ''''.``.. : ...:..' : ...:..' .'' .: ..:'' .' .' .' .' .::::' .: ...''':::::.. :..'''``:::::::..'''``::::::: :::::: ' `:::' `:::: ::::' `::. `::. :::' `:: `:: ::' :::. :::. .::: ..:.:.::'`. ::..:.:.::'`. ::'`. . : : . . :.: ..' ..' `:.: :: :' .:. .. :: .: .:``.: .:``::: : .: :: : .: ..'' .: ..'' :::.' :': : : .'' : .'' .:: : : ' : :: .'`:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ======================================= \\ :: :: :: // \\---------::-------::---::----// \\ :: :: :: // || :: :: :: || || :: :: :: || \\ :: :: :: // || :: :: :: || || :: :: :: || || :: :: :: || || :: :: :: || || :: :: :: || || :: :: :: || || :: :: :: || || :: :: :: || // :: :: :: \\ // :: :: :: \\ || :::: :: || || :::: :: || || . . . || \\=======================// Virtual flowers if it wraps beyond recognition! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From iarteaga at cwpanama.net Mon Feb 26 19:45:01 2007 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Mon Feb 26 19:07:43 2007 Subject: Julian Field in hospital In-Reply-To: References: Message-ID: Very sad to hear that, i hope that Julian get a plenty and speedy recovery.. from here in my prayers, and best wishes for him. --Ivan. On Mon, 26 Feb 2007 18:45:28 -0000 "Pentland G." wrote: > Obviously my thoughts are with Julian as well. > > Gary > > Tim Chown wrote: >> Hi, >> >> I work with Jules at the University of Southampton and >>sadly we have >> to report that he was admitted to hospital on Friday >>having been >> found collapsed at home. >> >> He's currently in a critical condition in hospital, but >>is stable. >> >> Obviously there will not be any mailscanner development >>or >> maintenence by Jules for the immediate future, but we >>hope everyone >> on this list will join us in wishing him all the best >>towards a full >> recovery. >> >> We'll let the list know of significant changes in his >>condition, and >> in due course where get well messages or cards can be >>sent. >> >> If someone here has permissions to post the message on >>to the >> mailscanner announce list, please do so. >> >> -- >> Tim > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read >http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the >website! From joost at waversveld.nl Mon Feb 26 20:41:18 2007 From: joost at waversveld.nl (Joost Waversveld) Date: Mon Feb 26 19:46:37 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <20070226204118.5i64esvy0w44so4o@webmail.waversveld.nl> Damn... Not good to here this... All the best to Julian... Joost Waversveld ----- Bericht van tjc@ecs.soton.ac.uk --------- Datum: Mon, 26 Feb 2007 16:36:37 +0000 Van: Tim Chown Antwoorden aan:MailScanner discussion Onderwerp: Julian Field in hospital Aan: mailscanner@lists.mailscanner.info > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > -- > Tim > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ----- Einde bericht van tjc@ecs.soton.ac.uk ----- From tjones at isthmus.com Mon Feb 26 20:46:35 2007 From: tjones at isthmus.com (Thom Jones) Date: Mon Feb 26 19:52:44 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <200702261346.35129.tjones@isthmus.com> On Monday 26 February 2007, Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we > have to report that he was admitted to hospital on Friday having > been found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or > maintenence by Jules for the immediate future, but we hope everyone > on this list will join us in wishing him all the best towards a > full recovery. > > We'll let the list know of significant changes in his condition, > and in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the > mailscanner announce list, please do so. > > -- > Tim Jules. Get well. We are all pulling for you. Thom Jones From holger at noefer.org Mon Feb 26 21:04:30 2007 From: holger at noefer.org (Holger =?iso-8859-1?Q?N=F6fer?=) Date: Mon Feb 26 20:09:59 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <20070226200433.049E5CE304B4@mail.noefer.org> At 17:36 26.02.2007, you wrote: >Hi, >I work with Jules at the University of Southampton and sadly we have >to report that he was admitted to hospital on Friday having been >found collapsed at home. >He's currently in a critical condition in hospital, but is stable. >Obviously there will not be any mailscanner development or maintenence >by Jules for the immediate future, but we hope everyone on this list >will join us in wishing him all the best towards a full recovery. >We'll let the list know of significant changes in his condition, and >in due course where get well messages or cards can be sent. >If someone here has permissions to post the message on to the mailscanner >announce list, please do so. > >-- >Tim Jules, get well soon. Best regards from germany. All the best to you, Holger From email at ace.net.au Mon Feb 26 21:10:55 2007 From: email at ace.net.au (Peter Nitschke) Date: Mon Feb 26 20:17:17 2007 Subject: What happens when you archive... In-Reply-To: References: <200702250144470933.1C19E8D5@smtp1.ace.net.au> Message-ID: <200702270640550045.2775BB9C@smtp1.ace.net.au> Kevin, The files get put into your normal quarantine directory but under /nonspam instead of /spam. Nice and easy! Peter *********** REPLY SEPARATOR *********** On 26/02/2007 at 7:37 AM Kevin Miller wrote: >Peter Nitschke wrote: >> On 23/02/2007 at 2:47 PM Kevin Miller wrote: >snip >> >> I use qf/df files, so just setting: >> >> Non Spam Actions = store deliver >> >> Means that ham gets quarantined as well (into a seperate folder), so I >> could dump them back into the system any time I liked. >> >> You would need to adjust your clean-quarantine script if you wanted >> them kept for a different time to your spam quarantine. > >Thanks Peter, that should work. I'm running sendmail so have the qf/df >files as well. What folder will the ham get dumped in by default? Or >do I need to specify where? I presume I'd do that with the "Archive >Mail = /var/spool/MailScanner/archive" configuration option? > >Appreciate the help... > > >...Kevin From email at ace.net.au Mon Feb 26 21:16:58 2007 From: email at ace.net.au (Peter Nitschke) Date: Mon Feb 26 20:22:55 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <200702270646580568.277B479F@smtp1.ace.net.au> Best wishes from down-under. Peter *********** REPLY SEPARATOR *********** On 26/02/2007 at 4:36 PM Tim Chown wrote: >Hi, > >I work with Jules at the University of Southampton and sadly we have >to report that he was admitted to hospital on Friday having been >found collapsed at home. > >He's currently in a critical condition in hospital, but is stable. > >Obviously there will not be any mailscanner development or maintenence >by Jules for the immediate future, but we hope everyone on this list >will join us in wishing him all the best towards a full recovery. > >We'll let the list know of significant changes in his condition, and >in due course where get well messages or cards can be sent. > >If someone here has permissions to post the message on to the mailscanner >announce list, please do so. > >-- >Tim >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From michele at blacknight.ie Mon Feb 26 21:22:38 2007 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Mon Feb 26 20:28:07 2007 Subject: Julian Field in hospital In-Reply-To: <200702270646580568.277B479F@smtp1.ace.net.au> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <200702270646580568.277B479F@smtp1.ace.net.au> Message-ID: <45E3418E.8070506@blacknight.ie> Sorry to hear about Julian's illness. Hope he gets well soon Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Fax. +353 (0) 59 9164239 From email at ace.net.au Mon Feb 26 21:26:30 2007 From: email at ace.net.au (Peter Nitschke) Date: Mon Feb 26 20:34:29 2007 Subject: OT: Need some system advice please In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> Message-ID: <200702270656300110.27840035@smtp1.ace.net.au> Just a quick off the cuff reply. Delist the exchange server as an MX, so only have the MailScanner box accept email from the outside world. Use sendmail mailertable to route the processed mail to the Exchange box. Use smf-sav to verify users on the exchange box - eliminates dictionary etc attacks. Store no mail on the MS box, users can either pop or use Outlook from the Exchange box. Have external users also use the MS box for smtp even though they are popping from Exchange. Have done a few recently, works really well. Peter *********** REPLY SEPARATOR *********** On 26/02/2007 at 10:17 AM Ken Goods wrote: >Set up: Sendmail/Mailscanner/SA/Clamav/Bitdefender as a gateway to our >internal Exchange Server serving several domains. Gateway server is >designated secondary mailserver (MX 20) in DNS and the exchange server >(which has both public and private IP's) is MX 10. All outbound mail is >sent >directly from the Exchange Server. (We're a small shop and not really >concerned with scanning outbound mail. Inbound mail is routed to the >MailScanner box by blocking port 25 to the Exchange Server from the big "I" >(inbound mail then gets resent to the secondary). > >Goal: Have some of our Outlook users connect directly to our exchange >server >through our VPN (already implemented and working well), and have others >that >have no need for scheduling and calendar connect using POP to save >resources >and support calls. > >Problem: Using a guide (from where I can't remember) I have blocked port 25 >inbound to our Exchange Server and this does a couple things. It cuts down >the spam that is sent directly to the primary mail server as these are, for >the most part, not resent to the secondary if a connection to the primary >can't be made. It also keeps dictionary attacks from hitting our Exchange >server. (I use virtusertables in sendmail on the filter box to only accept >email to real users) >But I need to allow the POP users to send outbound from the Primary >(Exchange Server) and they can't do this with port 25 blocked. I do have >port 110 open from the internet to the Exchange I like the idea of being >able to open port 25 to the Exchange server if something goes wrong with >the >MailScanner box and have no interruption in mail, even though it wouldn't >be >scanned until the MailScanner box was up and running again. > >I like the way everything is set up now and it's working wonderfully so I'm >not happy about the thought of changing the DNS MX records and making the >MailScanner box the primary. For one thing, a lot of spam is sent directly >to the secondary servers in the hopes that they would have no filtering >done >on them which would be the case here. This would increase spam getting >through greatly. > >Possible solutions: >As far as I know there are only a couple reasonable ways to do this. I'm >sure there are many others that I haven't thought of and that's why I >posted >this here. I know this isn't the best place to post this type of question >but the email admins on this list are the most knowledgeable and helpful I >have found anywhere on the net. > >1. Have Exchange inbound SMPT listen on an alternate port and configure the >email clients to use this as their outgoing mail server port. >Pros: Allows me to continue blocking port 25 to the Exchange Server from >the >internet. Fairly easy to implement. >Cons: If something when wrong with the MailScanner box I would have to >change the port back to 25 and open it to get regular mail and this would >break the POP users accounts. It's possible (though not likely) that >spammers could discover the port that SMTP is listening on and direct their >spam to that port effectively rendering filtering useless. And there could >be other problems that changing the SMTP port could do on an Exchange >Server >that I don't even know about. :) > >2. Set up the MailScanner box to relay outgoing email from POP users >(and/or >possibly just set up mailboxes for all POP users and never have their mail >even delivered to the Exchange Box. >Pros: This would keep the POP user accounts completely off of the Exchange >box which would be a Good Thing (tm). >Cons: I'm not sure exactly how this would be accomplished. i.e. Can *some* >users of the same domain have their email stored locally on the MailScanner >box while the rest gets forwarded to the Exchange Server? Seems like this >is >possible but could be an administration nightmare. LDAP is not available >(NT >4.0 domain controllers... I know... don't ask) :) > >If anyone has any ideas or offerings I'd be more than happy to hear them. >Anyone done something similar? Keep in mind I'm only fairly comfortable >with >*nix boxes and have multiple systems to administer, AS400, Oracle server, a >couple MS SQL servers, Citrix server, IIS, proxy server, SNA server, DNS, >etc...etc... so whatever I come up with must be stable and semi-easy to >administer and maintain. > >Thanks for any and all suggestions.... > >Kind Regards, >Ken > >Ken Goods >Network Administrator >CropUSA Insurance, Inc. > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From joakim at cefalk.com Mon Feb 26 21:29:38 2007 From: joakim at cefalk.com (Joakim Cefalk) Date: Mon Feb 26 20:35:14 2007 Subject: How often need bayes to be rebuild In-Reply-To: References: <45E2D4F4.3070203@cefalk.com> Message-ID: <45E34332.7030908@cefalk.com> What settings should i change more then Rebuild Bayes Every. Scott Silva skrev: > Joakim Cefalk spake the following on 2/26/2007 4:39 AM: > >> Hello! >> >> I have not rebuild my bayes db since i started to using it in 2005. I >> have only 200 messages a day, about 30% i high scoring spam and 5-10% >> low scoring. >> What should i set my "Rebuild Bayes Every" to? I'm using MySQL as >> storage for the bayes db. >> >> Joakim >> >> > I rebuild daily, and it only takes a minute or so. > > From ssilva at sgvwater.com Mon Feb 26 21:40:24 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 26 20:46:23 2007 Subject: How often need bayes to be rebuild In-Reply-To: <45E34332.7030908@cefalk.com> References: <45E2D4F4.3070203@cefalk.com> <45E34332.7030908@cefalk.com> Message-ID: Joakim Cefalk spake the following on 2/26/2007 12:29 PM: > What settings should i change more then Rebuild Bayes Every. > > Scott Silva skrev: >> Joakim Cefalk spake the following on 2/26/2007 4:39 AM: >> >>> Hello! >>> >>> I have not rebuild my bayes db since i started to using it in 2005. I >>> have only 200 messages a day, about 30% i high scoring spam and 5-10% >>> low scoring. >>> What should i set my "Rebuild Bayes Every" to? I'm using MySQL as >>> storage for the bayes db. >>> >>> Joakim >>> >>> >> I rebuild daily, and it only takes a minute or so. >> >> If you have never done a bayes rebuild, I would recommend you do a manual rebuild first. (sa-learn --force-expire) Then the following is what I have for a daily run; # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. # Note: If you enable this feature, set "bayes_auto_expire 0" in # spam.assasssin.prefs.conf which you will find in the same # directory as this file. Rebuild Bayes Every = 86400 # The Bayesian database rebuild and expiry may take a 2 or 3 minutes # to complete. During this time you can either wait, or simply # disable SpamAssassin checks until it has completed. Wait During Bayes Rebuild = yes I would recommend that you set "wait during bayes rebuild = yes" so the expiry runs don't get killed by spamassassin accessing the bayes db. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solidstatelogic.com Mon Feb 26 22:00:43 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Feb 26 21:06:27 2007 Subject: MailScanner stopped using spamassassin In-Reply-To: <20070226135200.472C73846F8@ankara.baskent.edu.tr> Message-ID: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> Hi Stop MailScanner then run "MailScanner -debug -debugsa " as the Postfix user.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Emre Ersin > Sent: 26 February 2007 13:52 > To: MailScanner discussion > Subject: MailScanner stopped using spamassassin > > > Hi, > > I am using postfix(rpm)+mailscanner(targz)+sa(rpm)+clamav(targz) on RHEL4 > and now (for a week) mailscanner completely stopped using spamassassin. > "MailScanner --lint" shows no problem. There is not any error in any of > the > log files. > > Where do I have to look? > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Kevin_Miller at ci.juneau.ak.us Mon Feb 26 22:08:25 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Feb 26 21:13:45 2007 Subject: OT: Need some system advice please In-Reply-To: <200702270656300110.27840035@smtp1.ace.net.au> References: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> <200702270656300110.27840035@smtp1.ace.net.au> Message-ID: Peter Nitschke wrote: > Just a quick off the cuff reply. > > Delist the exchange server as an MX, so only have the MailScanner box > accept email from the outside world. > > Use sendmail mailertable to route the processed mail to the Exchange > box. > > Use smf-sav to verify users on the exchange box - eliminates > dictionary etc attacks. > > Store no mail on the MS box, users can either pop or use Outlook from > the Exchange box. > > Have external users also use the MS box for smtp even though they are > popping from Exchange. > > Have done a few recently, works really well. That's almost exactly what I'm doing as well, and it has worked out very well for us. I have a couple of mx gateways running MS for redundancy rather than just one. For outside users getting to Exchange however, we use OWA filtered through a reverse proxy. Squid would fit the bill nicely. Outsiders never touch the Exchange server directly, but they can get their email quite easily. OWA is pretty robust in IE and OK in other browsers. The guide you mentioned is out on the wiki I think. I know it used to be in the FAQ-O-Matic. I never liked the idea of publishing a pointer to my Exchange server, then denying access. Made more sense to me to run an internal and external DNS server. You can easily configure Bind to do different views based on ACLs so you inside users see Exchange as the primary MX, and outside users see the MS gateway. (Or build a 2nd DNS and point inside users at it and outside users at the other.) It's a bit more efficient making your primary MX a MailScanner box, as the outside sending servers don't have to wait for the primary MX (Exchange) to time out. Not that users will ever notice the few second delay. I just think it's a bit cleaner... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From res at ausics.net Mon Feb 26 22:20:21 2007 From: res at ausics.net (Res) Date: Mon Feb 26 21:26:09 2007 Subject: Julian Field in hospital In-Reply-To: <223f97700702260923w27c0c647r58515162af4b6ac@mail.gmail.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <223f97700702260923w27c0c647r58515162af4b6ac@mail.gmail.com> Message-ID: On Mon, 26 Feb 2007, Glenn Steen wrote: > On 26/02/07, Tim Chown wrote: >> Hi, >> >> I work with Jules at the University of Southampton and sadly we have >> to report that he was admitted to hospital on Friday having been >> found collapsed at home. >> >> He's currently in a critical condition in hospital, but is stable. >> >> Obviously there will not be any mailscanner development or maintenence >> by Jules for the immediate future, but we hope everyone on this list >> will join us in wishing him all the best towards a full recovery. >> >> We'll let the list know of significant changes in his condition, and >> in due course where get well messages or cards can be sent. >> >> If someone here has permissions to post the message on to the mailscanner >> announce list, please do so. >> > Thank you Tim for letting us know. This is dire news indeed, in view > of his medical condition. > All we can do is hope, and pray, for a speedy recovery. > I hope you will keep us posted on _any_ news Tim... Jules is very > valued here, and we do care deeply about his health and well-being. Seconded! -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From res at ausics.net Mon Feb 26 22:25:12 2007 From: res at ausics.net (Res) Date: Mon Feb 26 21:30:39 2007 Subject: OT: Need some system advice please In-Reply-To: <200702270656300110.27840035@smtp1.ace.net.au> References: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> <200702270656300110.27840035@smtp1.ace.net.au> Message-ID: And perhaps next time he will not ask such questions on this list, there are thousands of micro$lop newsgroups/lists/forums out there, and there is always the sendmail newsgroup/mailing list On Tue, 27 Feb 2007, Peter Nitschke wrote: > Just a quick off the cuff reply. > > Delist the exchange server as an MX, so only have the MailScanner box > accept email from the outside world. > > Use sendmail mailertable to route the processed mail to the Exchange box. > > Use smf-sav to verify users on the exchange box - eliminates dictionary etc > attacks. > > Store no mail on the MS box, users can either pop or use Outlook from the > Exchange box. > > Have external users also use the MS box for smtp even though they are > popping from Exchange. > > Have done a few recently, works really well. > > Peter > > > *********** REPLY SEPARATOR *********** > > On 26/02/2007 at 10:17 AM Ken Goods wrote: > >> Set up: Sendmail/Mailscanner/SA/Clamav/Bitdefender as a gateway to our >> internal Exchange Server serving several domains. Gateway server is >> designated secondary mailserver (MX 20) in DNS and the exchange server >> (which has both public and private IP's) is MX 10. All outbound mail is >> sent >> directly from the Exchange Server. (We're a small shop and not really >> concerned with scanning outbound mail. Inbound mail is routed to the >> MailScanner box by blocking port 25 to the Exchange Server from the big > "I" >> (inbound mail then gets resent to the secondary). >> >> Goal: Have some of our Outlook users connect directly to our exchange >> server >> through our VPN (already implemented and working well), and have others >> that >> have no need for scheduling and calendar connect using POP to save >> resources >> and support calls. >> >> Problem: Using a guide (from where I can't remember) I have blocked port > 25 >> inbound to our Exchange Server and this does a couple things. It cuts down >> the spam that is sent directly to the primary mail server as these are, > for >> the most part, not resent to the secondary if a connection to the primary >> can't be made. It also keeps dictionary attacks from hitting our Exchange >> server. (I use virtusertables in sendmail on the filter box to only accept >> email to real users) >> But I need to allow the POP users to send outbound from the Primary >> (Exchange Server) and they can't do this with port 25 blocked. I do have >> port 110 open from the internet to the Exchange I like the idea of being >> able to open port 25 to the Exchange server if something goes wrong with >> the >> MailScanner box and have no interruption in mail, even though it wouldn't >> be >> scanned until the MailScanner box was up and running again. >> >> I like the way everything is set up now and it's working wonderfully so > I'm >> not happy about the thought of changing the DNS MX records and making the >> MailScanner box the primary. For one thing, a lot of spam is sent directly >> to the secondary servers in the hopes that they would have no filtering >> done >> on them which would be the case here. This would increase spam getting >> through greatly. >> >> Possible solutions: >> As far as I know there are only a couple reasonable ways to do this. I'm >> sure there are many others that I haven't thought of and that's why I >> posted >> this here. I know this isn't the best place to post this type of question >> but the email admins on this list are the most knowledgeable and helpful I >> have found anywhere on the net. >> >> 1. Have Exchange inbound SMPT listen on an alternate port and configure > the >> email clients to use this as their outgoing mail server port. >> Pros: Allows me to continue blocking port 25 to the Exchange Server from >> the >> internet. Fairly easy to implement. >> Cons: If something when wrong with the MailScanner box I would have to >> change the port back to 25 and open it to get regular mail and this would >> break the POP users accounts. It's possible (though not likely) that >> spammers could discover the port that SMTP is listening on and direct > their >> spam to that port effectively rendering filtering useless. And there could >> be other problems that changing the SMTP port could do on an Exchange >> Server >> that I don't even know about. :) >> >> 2. Set up the MailScanner box to relay outgoing email from POP users >> (and/or >> possibly just set up mailboxes for all POP users and never have their mail >> even delivered to the Exchange Box. >> Pros: This would keep the POP user accounts completely off of the Exchange >> box which would be a Good Thing (tm). >> Cons: I'm not sure exactly how this would be accomplished. i.e. Can *some* >> users of the same domain have their email stored locally on the > MailScanner >> box while the rest gets forwarded to the Exchange Server? Seems like this >> is >> possible but could be an administration nightmare. LDAP is not available >> (NT >> 4.0 domain controllers... I know... don't ask) :) >> >> If anyone has any ideas or offerings I'd be more than happy to hear them. >> Anyone done something similar? Keep in mind I'm only fairly comfortable >> with >> *nix boxes and have multiple systems to administer, AS400, Oracle server, > a >> couple MS SQL servers, Citrix server, IIS, proxy server, SNA server, DNS, >> etc...etc... so whatever I come up with must be stable and semi-easy to >> administer and maintain. >> >> Thanks for any and all suggestions.... >> >> Kind Regards, >> Ken >> >> Ken Goods >> Network Administrator >> CropUSA Insurance, Inc. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From gcle at smcaus.com.au Mon Feb 26 22:27:01 2007 From: gcle at smcaus.com.au (Gerard Cleary) Date: Mon Feb 26 21:32:36 2007 Subject: Julian Field in hospital Message-ID: <200702270827.02180.gcle@smcaus.com.au> Sad to hear that Julian is sick. Hope he is back with us soon. All the best from Australia. Gerard. -- Gerard Cleary System Administrator SMC Pneumatics Australia Pty Ltd -- This email message and any related attachments are confidential and should only be read by those persons to whom they were addressed. They may contain copyright, personal or legally privileged information. If you are not the intended recipient of this email, any use of this information is strictly prohibited and it must be deleted from your system. Views expressed in this message are the views of the sender and are not necessarily views of SMC Corporation, or it's subsidiaries, except where the message expressly states otherwise. Any advice contained herein should be treated as preliminary advice only and subject to formal written confirmation. Although this email and any attachments are believed to be free of any virus or any other defect which may cause damage or loss, it is the responsibility of the recipient to ensure that they are virus-free. SMC accepts no liability for any loss or damage that may occur as a result of the transmission of this email or its attachments to the recipient. From ms-list at alexb.ch Mon Feb 26 22:41:29 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Feb 26 21:46:57 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E35409.6050808@alexb.ch> On 2/26/2007 5:36 PM, Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. Our thoughts are with Julian Alex From am.lists at gmail.com Mon Feb 26 22:49:13 2007 From: am.lists at gmail.com (am.lists) Date: Mon Feb 26 21:54:37 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <25a66d840702261349y4ed09487tebf1237506206cee@mail.gmail.com> On 2/26/07, Tim Chown wrote: > He's currently in a critical condition in hospital, but is stable. Tim, Although it's poor etiquette, especially in this forum, to say "me too" so I won't say that. However, I'm sure I speak for everyone when I say that we all wish Julian the speediest of recoveries, and our prayers are with him. I recognize the balance of privacy versus sharing of information, but if we could get any kind of update, that would be great. Again, our warmest and best wishes for Julian. -Angelo From csweeney at osubucks.org Mon Feb 26 22:52:05 2007 From: csweeney at osubucks.org (Chris Sweeney) Date: Mon Feb 26 21:57:40 2007 Subject: Julian Field in hospital In-Reply-To: <45E35409.6050808@alexb.ch> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E35409.6050808@alexb.ch> Message-ID: <45E35685.9050704@osubucks.org> Wow I really hope you get well soon Julian! > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5188 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/3ce755e3/smime.bin From AFarah at qlan.com Mon Feb 26 22:56:59 2007 From: AFarah at qlan.com (Abed Farah) Date: Mon Feb 26 22:02:14 2007 Subject: Julian Field in hospital Message-ID: <3D3B512E0675C142B7E46D6D7D6ED2AF34CE77@qlanserver1.qlandomain.local> I'm very sorry to hear that, and I wish him speedy recovery as quickly as possible. Any Updates on his condition Abed From rowan at rownetco.com Mon Feb 26 23:12:39 2007 From: rowan at rownetco.com (rowan) Date: Mon Feb 26 22:16:33 2007 Subject: Yahoo!'s lack of resolution in Geocities spam forwarding site creation Message-ID: <45E35B57.3080506@rownetco.com> The problem with Geocities allowing people to create web sites that are relays to Spamvertised sites has been around since at least 2005 from what I can tell. Since the spammers are routing through open relays, bot nets or some other varying mechanism the only way to eliminate the trash from my inbox was a procmail recipe which /dev/nulled anything with a geocities.com link in the body. I had tried complaining to Yahoo! but there is never a response from domainadmins@yahoo-inc.com. The volume of this type trash continues to climb so I figured I would forward a copy to Yahoo! so they could share my pain. This way they can see that spammers have created a new site and shut it down, IF they even read mail sent to domainadmins@yahoo-inc.com. Below is the procmail recipe I use. NOTE make sure if you put this in your /home/.procmailrc file you do not put your regular email address in the BCC line as that will cause an infinite loop. The BCC line is not necessary, I just have it there so I can see that the problem is ongoing and Yahoo! is being advised of the problem. :0 B * geocities.com * ! ^X-Loop: *@vrod\.mydomainname\.com { VERBOSE=yes TMPFILE=tmp.$$ TOADDRESS=`formail -uReceived: | formail -xReceived: | sed -e 's/^.*for ;.*$//'` :0 ac: $TMPFILE :0 ah | (formail -rA "X-Loop: postmaster@mydomainname.com" \ -I "Precedence: junk" -I "From: postmaster@mydomainname.com" \ -I "To: domainadmins@yahoo-inc.com" \ -I "BCC: myotheremail@mydomainname.com" \ -I "Subject: Violations of your terms of service" ; \ echo "More spamvertisement relays from Geocities.com based web sites" ; \ echo "below is their trash:" ; \ echo "" ; \ cat ./$TMPFILE) | $SENDMAIL -oi -t -f'postmaster@mydomainname.com';rm -f $TMPFILE LOGFILE=$HOME/spam :0 /dev/null } -------------- next part -------------- A non-text attachment was scrubbed... Name: rowan.vcf Type: text/x-vcard Size: 313 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/6a422464/rowan.vcf From john at katy.com Mon Feb 26 23:31:30 2007 From: john at katy.com (John Schmerold) Date: Mon Feb 26 22:36:56 2007 Subject: SpamAssassin local rules Message-ID: <45E35FC2.5070109@katy.com> Over the week-end, I populated the SpamAssassin local rules file with email addresses that tend to get marked as SPAM. These are messages I don't want to white list because I suspect they may be used by SPAMMERS. Anyone else try this? What should I worry about and address? BTW: I get a bunch of SPAM that seems to be harvested from Whois - our old street address was Meramec - LOCAL__H_meramec is meant to deal with that issue, not sure why, but I also get SPAM with the word manchester on the subject line. The Meramec & Manchester spam are the only items that consistently come thru our filter. For the record, here's my /etc/mail/spamassassin/local.cf score LOCAL__geocities 2.2 score LOCAL__H_horoscope 3.0 score LOCAL__H_meramec 2.0 score LOCAL__H_manchester 2.0 score LOCAL__H_from_nfib -2.0 score LOCAL__H_from_adweek -2.0 score LOCAL__H_from_woodyswatch -2.0 body LOCAL__geocities /geocities/i describe LOCAL__geocities Includes reference to geocities header LOCAL__H_horoscope Subject =~ /horoscope/i describe LOCAL__H_horoscope horoscope in Subject header LOCAL__H_meramec Subject =~ /meramec/i describe LOCAL__H_meramec meramec in Subject header LOCAL__H_manchester Subject =~ /manchester/i describe LOCAL__H_manchester manchester in Subject header LOCAL__H_from_nfib From =~ /nfib\.org/i describe LOCAL__H_from_nfib NFIB newsletters header LOCAL__H_from_adweek From =~ /adweek\.com/i describe LOCAL__H_from_adweek adweek newsletters header LOCAL__H_from_woodyswatch From =~ /woodyswatch\.com/i describe LOCAL__H_from_woodyswatch woodyswatch newsletters From mkettler at evi-inc.com Mon Feb 26 23:33:04 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 26 22:38:36 2007 Subject: Yahoo!'s lack of resolution in Geocities spam forwarding site creation In-Reply-To: <45E35B57.3080506@rownetco.com> References: <45E35B57.3080506@rownetco.com> Message-ID: <45E36020.9010405@evi-inc.com> rowan wrote: > The problem with Geocities allowing people to create web sites that are > relays to Spamvertised sites has been around since at least 2005 from > what I can tell. Since the spammers are routing through open relays, > bot nets or some other varying mechanism the only way to eliminate the > trash from my inbox was a procmail recipe which /dev/nulled anything > with a geocities.com link in the body. I had tried complaining to > Yahoo! but there is never a response from domainadmins@yahoo-inc.com. Why would you.. Is there anywhere in the world telling you to use domainadmins@yahoo-inc.com as an abuse reporting service? That's the administrative contact for the domain. Yahoo's abuse desk is abuse@yahoo.com. That said, this is also unlikely to go answered, but at least you are sending it to the proper place. That said, I've not seen many geocities redirectors lately. Last week I received a total of 60 messages with geocities URLs in them. Total, including all the nonspams. (I still have an info rule in my SA config matching all geocities URIs, and MailScanner is set so it logs the SA results of all nonspam and spam messages.) By comparison, my site received 23k+ emails last week, 13k+ of them tagged as spam by SpamAssassin. I have to say I'm wondering how you're seeing so much of this mail. Sure there's some spam with it, but even if all 60 are spam it's still less than 0.5% of my site's spam volume. By comparison, about a year ago (ie: spring 2006) spam containing geocities URL's used to account for over half the spam received here. I'd say they've made considerable progress since then, given that it's a full two orders of magnitude less common. Is it different at your site? Are you still getting over 10% of your spam being geocities redirectors? From mkettler at evi-inc.com Mon Feb 26 23:44:28 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 26 22:49:56 2007 Subject: SpamAssassin local rules In-Reply-To: <45E35FC2.5070109@katy.com> References: <45E35FC2.5070109@katy.com> Message-ID: <45E362CC.8010809@evi-inc.com> John Schmerold wrote: > Over the week-end, I populated the SpamAssassin local rules file with > email addresses that tend to get marked as SPAM. These are messages I > don't want to white list because I suspect they may be used by SPAMMERS. > > Anyone else try this? What should I worry about and address? I use a lot of this kind of thing, although the scores I use are much smaller. Generally I use them mostly to help me track various kinds of spam activity. I can just grep my logs for rule hits. I also use them to disqualify mail with certain phrases from the bayes autolearner. That said, I see nothing wrong with doing stuff like this, but I would recommend giving your rules a "trial run" at scores less than 0.5 for a week, check your logs, then up the scores if they aren't hitting any nonspam. > > BTW: I get a bunch of SPAM that seems to be harvested from Whois - our > old street address was Meramec - LOCAL__H_meramec is meant to deal with > that issue, not sure why, but I also get SPAM with the word manchester > on the subject line. The Meramec & Manchester spam are the only items > that consistently come thru our filter. > > For the record, here's my > /etc/mail/spamassassin/local.cf > > score LOCAL__geocities 2.2 > score LOCAL__H_horoscope 3.0 > score LOCAL__H_meramec 2.0 > score LOCAL__H_manchester 2.0 > score LOCAL__H_from_nfib -2.0 > score LOCAL__H_from_adweek -2.0 > score LOCAL__H_from_woodyswatch -2.0 > > body LOCAL__geocities /geocities/i > describe LOCAL__geocities Includes reference to geocities Heh, learn something new every day. SA used to not handle things properly if the score came before the rule.. apparently they changed that. From res at ausics.net Mon Feb 26 23:52:39 2007 From: res at ausics.net (Res) Date: Mon Feb 26 22:58:10 2007 Subject: Yahoo!'s lack of resolution in Geocities spam forwarding site creation In-Reply-To: <45E35B57.3080506@rownetco.com> References: <45E35B57.3080506@rownetco.com> Message-ID: On Mon, 26 Feb 2007, rowan wrote: > The problem with Geocities allowing people to create web sites that are > relays to Spamvertised sites has been around since at least 2005 from what I try 1995 :) (or there abouts) > continues to climb so I figured I would forward a copy to Yahoo! so they > could share my pain. This way they can see that spammers have created a new pitty they wouldn't bother to read it tough. > site and shut it down, IF they even read mail sent to > domainadmins@yahoo-inc.com. Below is the procmail recipe I use. NOTE make This is really OT for this list. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From joakim at cefalk.com Tue Feb 27 00:17:48 2007 From: joakim at cefalk.com (Joakim Cefalk) Date: Mon Feb 26 23:23:21 2007 Subject: How often need bayes to be rebuild In-Reply-To: References: <45E2D4F4.3070203@cefalk.com> <45E34332.7030908@cefalk.com> Message-ID: <45E36A9C.5090801@cefalk.com> Do i need to rebuild my bayes db? Becuse after my rebuild a lot of spam are passing thru. I have restored the bayes db from the backup again. Scott Silva skrev: > Joakim Cefalk spake the following on 2/26/2007 12:29 PM: > >> What settings should i change more then Rebuild Bayes Every. >> >> Scott Silva skrev: >> >>> Joakim Cefalk spake the following on 2/26/2007 4:39 AM: >>> >>> >>>> Hello! >>>> >>>> I have not rebuild my bayes db since i started to using it in 2005. I >>>> have only 200 messages a day, about 30% i high scoring spam and 5-10% >>>> low scoring. >>>> What should i set my "Rebuild Bayes Every" to? I'm using MySQL as >>>> storage for the bayes db. >>>> >>>> Joakim >>>> >>>> >>>> >>> I rebuild daily, and it only takes a minute or so. >>> >>> >>> > If you have never done a bayes rebuild, I would recommend you do a manual > rebuild first. (sa-learn --force-expire) > Then the following is what I have for a daily run; > > # If you are using the Bayesian statistics engine on a busy server, > # you may well need to force a Bayesian database rebuild and expiry > # at regular intervals. This is measures in seconds. > # 1 day = 86400 seconds. > # To disable this feature set this to 0. > # Note: If you enable this feature, set "bayes_auto_expire 0" in > # spam.assasssin.prefs.conf which you will find in the same > # directory as this file. > Rebuild Bayes Every = 86400 > > # The Bayesian database rebuild and expiry may take a 2 or 3 minutes > # to complete. During this time you can either wait, or simply > # disable SpamAssassin checks until it has completed. > Wait During Bayes Rebuild = yes > > > I would recommend that you set "wait during bayes rebuild = yes" > so the expiry runs don't get killed by spamassassin accessing the bayes db. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070227/7f940a6b/attachment.html From ssilva at sgvwater.com Tue Feb 27 00:37:10 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 26 23:42:57 2007 Subject: How often need bayes to be rebuild In-Reply-To: <45E36A9C.5090801@cefalk.com> References: <45E2D4F4.3070203@cefalk.com> <45E34332.7030908@cefalk.com> <45E36A9C.5090801@cefalk.com> Message-ID: Joakim Cefalk spake the following on 2/26/2007 3:17 PM: > Do i need to rebuild my bayes db? Becuse after my rebuild a lot of spam > are passing thru. I have restored the bayes db from the backup again. > > Scott Silva skrev: >> Joakim Cefalk spake the following on 2/26/2007 12:29 PM: >> >>> What settings should i change more then Rebuild Bayes Every. >>> >>> Scott Silva skrev: >>> >>>> Joakim Cefalk spake the following on 2/26/2007 4:39 AM: >>>> >>>> >>>>> Hello! >>>>> >>>>> I have not rebuild my bayes db since i started to using it in 2005. I >>>>> have only 200 messages a day, about 30% i high scoring spam and 5-10% >>>>> low scoring. >>>>> What should i set my "Rebuild Bayes Every" to? I'm using MySQL as >>>>> storage for the bayes db. >>>>> >>>>> Joakim >>>>> >>>>> >>>>> >>>> I rebuild daily, and it only takes a minute or so. >>>> >>>> >>>> >> If you have never done a bayes rebuild, I would recommend you do a manual >> rebuild first. (sa-learn --force-expire) >> Then the following is what I have for a daily run; >> >> # If you are using the Bayesian statistics engine on a busy server, >> # you may well need to force a Bayesian database rebuild and expiry >> # at regular intervals. This is measures in seconds. >> # 1 day = 86400 seconds. >> # To disable this feature set this to 0. >> # Note: If you enable this feature, set "bayes_auto_expire 0" in >> # spam.assasssin.prefs.conf which you will find in the same >> # directory as this file. >> Rebuild Bayes Every = 86400 >> >> # The Bayesian database rebuild and expiry may take a 2 or 3 minutes >> # to complete. During this time you can either wait, or simply >> # disable SpamAssassin checks until it has completed. >> Wait During Bayes Rebuild = yes >> >> >> I would recommend that you set "wait during bayes rebuild = yes" >> so the expiry runs don't get killed by spamassassin accessing the bayes db. >> >> A rebuild is only supposed to clean up old and expired entries. It shouldn't affect scoring. Your bayes might have been auto-rebuilding anyway, because I think that is the default in the newer spamassassins. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From john at katy.com Tue Feb 27 00:44:20 2007 From: john at katy.com (John Schmerold) Date: Mon Feb 26 23:49:44 2007 Subject: SpamAssassin local rules In-Reply-To: <45E362CC.8010809@evi-inc.com> References: <45E35FC2.5070109@katy.com> <45E362CC.8010809@evi-inc.com> Message-ID: <45E370D4.3090601@katy.com> I figured putting scores on top - bottom would work fine for bottom posters :-) would let me easily tweak the scores. Good advise - I'm going to reduce a couple of the scores Matt Kettler wrote: > John Schmerold wrote: > >> Over the week-end, I populated the SpamAssassin local rules file with >> email addresses that tend to get marked as SPAM. These are messages I >> don't want to white list because I suspect they may be used by SPAMMERS. >> >> For the record, here's my >> /etc/mail/spamassassin/local.cf >> >> score LOCAL__geocities 2.2 >> score LOCAL__H_horoscope 3.0 >> >> body LOCAL__geocities /geocities/i >> describe LOCAL__geocities Includes reference to geocities >> > Heh, learn something new every day. SA used to not handle things properly if the > score came before the rule.. apparently they changed that. > -------------- next part -------------- A non-text attachment was scrubbed... Name: john.vcf Type: text/x-vcard Size: 241 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/945ccb90/john.vcf From csweeney at osubucks.org Tue Feb 27 01:27:40 2007 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Feb 27 00:33:14 2007 Subject: OT: Need some system advice please In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> Message-ID: <45E37AFC.3030502@osubucks.org> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5188 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070226/49d91566/smime.bin From email at ace.net.au Tue Feb 27 01:37:16 2007 From: email at ace.net.au (Peter Nitschke) Date: Tue Feb 27 00:43:18 2007 Subject: OT: Need some system advice please In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> <200702270656300110.27840035@smtp1.ace.net.au> Message-ID: <200702271107160375.286996AE@smtp1.ace.net.au> I thought it was reasonable, certainly more so that your quoting 3 full posts just to have a bitch about it. Peter *********** REPLY SEPARATOR *********** On 27/02/2007 at 7:25 AM Res wrote: >And perhaps next time he will not ask such questions on this list, >there are thousands of micro$lop newsgroups/lists/forums out there, and >there is always the sendmail newsgroup/mailing list >-- >Cheers >Res > >"We can be Heroes, just for one day" - Davey (Jones) Bowie > From res at ausics.net Tue Feb 27 01:41:47 2007 From: res at ausics.net (Res) Date: Tue Feb 27 00:47:16 2007 Subject: OT: Need some system advice please In-Reply-To: <200702271107160375.286996AE@smtp1.ace.net.au> References: <13C0059880FDD3118DC600508B6D4A6D01C291E9@aiainsurance.com> <200702270656300110.27840035@smtp1.ace.net.au> <200702271107160375.286996AE@smtp1.ace.net.au> Message-ID: *yawn* On Tue, 27 Feb 2007, Peter Nitschke wrote: > I thought it was reasonable, certainly more so that your quoting 3 full > posts just to have a bitch about it. > > Peter > > > *********** REPLY SEPARATOR *********** > > On 27/02/2007 at 7:25 AM Res wrote: > >> And perhaps next time he will not ask such questions on this list, >> there are thousands of micro$lop newsgroups/lists/forums out there, and >> there is always the sendmail newsgroup/mailing list >> -- >> Cheers >> Res >> >> "We can be Heroes, just for one day" - Davey (Jones) Bowie >> > > > -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From rob at robhq.com Tue Feb 27 01:46:53 2007 From: rob at robhq.com (Rob Freeman) Date: Tue Feb 27 00:52:30 2007 Subject: Julian Field in hospital In-Reply-To: References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <223f97700702260923w27c0c647r58515162af4b6ac@mail.gmail.com> Message-ID: <004001c75a08$cde4a360$69adea20$@com> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Monday, February 26, 2007 3:20 PM To: MailScanner discussion Subject: Re: Julian Field in hospital On Mon, 26 Feb 2007, Glenn Steen wrote: > On 26/02/07, Tim Chown wrote: >> Hi, >> >> I work with Jules at the University of Southampton and sadly we have >> to report that he was admitted to hospital on Friday having been >> found collapsed at home. >> >> He's currently in a critical condition in hospital, but is stable. >> >> Obviously there will not be any mailscanner development or maintenence >> by Jules for the immediate future, but we hope everyone on this list >> will join us in wishing him all the best towards a full recovery. >> >> We'll let the list know of significant changes in his condition, and >> in due course where get well messages or cards can be sent. >> >> If someone here has permissions to post the message on to the mailscanner >> announce list, please do so. >> > Thank you Tim for letting us know. This is dire news indeed, in view > of his medical condition. > All we can do is hope, and pray, for a speedy recovery. > I hope you will keep us posted on _any_ news Tim... Jules is very > valued here, and we do care deeply about his health and well-being. Here is hoping for a fast recovery Julian!! My prayers and hopes from across the pond are with you!!! -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.4/703 - Release Date: 2/26/2007 2:56 PM From KGoods at AIAInsurance.com Tue Feb 27 01:57:57 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Tue Feb 27 01:03:31 2007 Subject: OT: Need some system advice please Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C291ED@aiainsurance.com> Chris wrote: You could use a port forwarding solution. Forward say port 993 external to port 25 internal. That way if something breaks as you put it and you need to open port 25 from the internet you still can and it won't break anything. There simple fix. Chris > 1. Have Exchange inbound SMPT listen on an alternate port and > configure the email clients to use this as their outgoing mail server > port. > Pros: Allows me to continue blocking port 25 to the Exchange Server > from the internet. Fairly easy to implement. > Cons: If something when wrong with the MailScanner box I would have to > change the port back to 25 and open it to get regular mail and this > would break the POP users accounts. It's possible (though not likely) > that spammers could discover the port that SMTP is listening on and > direct their spam to that port effectively rendering filtering > useless. And there could be other problems that changing the SMTP port > could do on an Exchange Server that I don't even know about. :) > > Chris, Excellent! Never even thought of that... too many other things to think about. :) Thanks so much Chris... I was looking for something easy and this could very well fit the bill. I've never done port forwarding but I'm assuming this could be done on my firewall (linux iptables in bridge mode) through NAT or masquerading? Am I close??? If so I think I can figure it out from there. If I'm way off base I'd appreciate a nudge in the right direction. I know I could use setups as were suggested earlier in this thread (and I do appreciate the suggestions), but I have much more to do than just email. As a matter of fact if I spend more than 30 minutes a week on the email server the boss frowns a bit. :) I'm thinking if I port forward as you suggested all I'd have to do is to point the users SMTP server port to the external port and whala... done! One or two lines in the firewall rules and I'm good to go. Or am I oversimplifing? Thanks again for a wonderfully simple yet workable fix. Pure genius! :) Ken Goods Network Administrator CropUSA Insurance, Inc. From Jeff.Mills at versacold.com.au Tue Feb 27 02:02:13 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Tue Feb 27 01:07:39 2007 Subject: Strange Missing Mail Message-ID: An email was sent to our system to three users, but for some reason, only two of them received the email. I have attached part of the header below, and also what is seen in MailWatch. The only difference I can see between the users is that the first user has a comma in their name. I'm wondering if mailscanner is picking this up as a separator. I'm running version 4.51.5 Has anyone seen this before, or know if it was fixed in a later version? To: "User, Some" , "Some User2" , "Some User3" X-OriginalArrivalTime: 26 Feb 2007 23:39:13.0599 (UTC) FILETIME=[52520CF0:01C759FF] From: anotheruser@somedomain.com [Add to Whitelist | Add to Blacklist] To: Some.User2@versacold.com.au Some.User@versacold.com.au Rgs, Jeff From pete at enitech.com.au Tue Feb 27 03:33:18 2007 From: pete at enitech.com.au (Peter Russell) Date: Tue Feb 27 02:38:47 2007 Subject: Julian Field in hospital In-Reply-To: <2BE78592B3B1824F97A2685E96221F6234EB25@mail.snj.mb.ca> References: <20070226163637.GC29278@login.ecs.soton.ac.uk><45E315F6.8030605@linux-kernel.at> <05cf01c759cb$f237e110$0600a8c0@roger> <2BE78592B3B1824F97A2685E96221F6234EB25@mail.snj.mb.ca> Message-ID: <45E3986E.5040103@enitech.com.au> BEST wishes from Australia. Looking forward to seeing the "Julian is gonna be ok" post. Pete Quintin Giesbrecht wrote: > Please accept my well-wishes on Julian's behalf. He will be in my > prayers. > > Quintin Giesbrecht > IT Manager > ----- > Smith Neufeld Jodoin LLP > 85 PTH 12 North > Steinbach, MB R5G 1A7 > Office: 204.326.3442 > Direct Line: 204.346.5106 > q@snj.ca > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Roger > Jochem > Sent: Monday, February 26, 2007 11:31 AM > To: MailScanner discussion > Subject: Re: Julian Field in hospital > > Our best wishes from Brazil too.Get better soon, Julian! > >> Am 2007-02-26 17:36, Tim Chown schrieb: >>> I work with Jules at the University of Southampton and sadly we have >>> to report that he was admitted to hospital on Friday having been >>> found collapsed at home. >>> >>> He's currently in a critical condition in hospital, but is stable. >>> >>> Obviously there will not be any mailscanner development or >>> maintenence by Jules for the immediate future, but we hope everyone >>> on this list will join us in wishing him all the best towards a full > recovery. >>> We'll let the list know of significant changes in his condition, and >>> in due course where get well messages or cards can be sent. >>> >>> If someone here has permissions to post the message on to the >>> mailscanner announce list, please do so. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From res at ausics.net Tue Feb 27 03:37:23 2007 From: res at ausics.net (Res) Date: Tue Feb 27 02:42:50 2007 Subject: Strange Missing Mail In-Reply-To: References: Message-ID: Jeff, On Tue, 27 Feb 2007, Jeff Mills wrote: > An email was sent to our system to three users, but for some reason, > only two of them received the email. > To: "User, Some" , Commas are not the problem.. Sent two tests, one using local whitelist, the other a non whitelisted competitors dialup account... Date: Tue, 27 Feb 2007 13:30:18 +1100 From: xxxxxxx@optusnet.com.au To: "res, r" Subject: commas n stuff ping -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From Jeff.Mills at versacold.com.au Tue Feb 27 03:43:18 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Tue Feb 27 02:48:44 2007 Subject: Strange Missing Mail References: Message-ID: Res, > > Commas are not the problem.. > > Sent two tests, one using local whitelist, the other a non > whitelisted competitors dialup account... Thanks for that. To be honest I haven't come across this problem before, and I have been using this version for a while. I will look further into it. From res at ausics.net Tue Feb 27 03:50:17 2007 From: res at ausics.net (Res) Date: Tue Feb 27 02:55:46 2007 Subject: Strange Missing Mail In-Reply-To: References: Message-ID: On Tue, 27 Feb 2007, Jeff Mills wrote: > Res, > >> >> Commas are not the problem.. >> >> Sent two tests, one using local whitelist, the other a non >> whitelisted competitors dialup account... > > Thanks for that. > To be honest I haven't come across this problem before, and I have been > using this version for a while. > I will look further into it. Best of luck, if your MTA is sendmail, look in the logs for the message, look for nrcpts=? this might give you a pointer as to if it hit your network at all. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From support at alphanet.net.au Tue Feb 27 03:58:58 2007 From: support at alphanet.net.au (support) Date: Tue Feb 27 03:02:29 2007 Subject: Julian Field in hospital In-Reply-To: <45E3986E.5040103@enitech.com.au> References: <20070226163637.GC29278@login.ecs.soton.ac.uk><45E315F6.8030605@linux-kernel.at> <05cf01c759cb$f237e110$0600a8c0@roger> <2BE78592B3B1824F97A2685E96221F6234EB25@mail.snj.mb.ca> <45E3986E.5040103@enitech.com.au> Message-ID: <45E39E72.7050907@alphanet.net.au> Julian, Get well soon form down under! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Jeff.Mills at versacold.com.au Tue Feb 27 04:01:07 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Tue Feb 27 03:06:33 2007 Subject: Strange Missing Mail References: Message-ID: > > Best of luck, if your MTA is sendmail, look in the logs for > the message, look for nrcpts=? this might give you a pointer > as to if it hit your network at all. > MTA is postfix.. Maybe this is one of those missing email problems that the postfix developers keep harping on about ;) > > -- > Cheers > Res From res at ausics.net Tue Feb 27 04:10:09 2007 From: res at ausics.net (Res) Date: Tue Feb 27 03:15:49 2007 Subject: Strange Missing Mail In-Reply-To: References: Message-ID: On Tue, 27 Feb 2007, Jeff Mills wrote: >> Best of luck, if your MTA is sendmail, look in the logs for >> the message, look for nrcpts=? this might give you a pointer >> as to if it hit your network at all. >> > > MTA is postfix.. Maybe this is one of those missing email problems that > the postfix developers keep harping on about ;) > Maybe :) just change to Sendmail, unless you're hosting many domains then use Qmail and all those nightmares will go away hehe :P -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From markee at bandwidthco.com Tue Feb 27 04:32:11 2007 From: markee at bandwidthco.com (markee) Date: Tue Feb 27 03:40:27 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <00be01c75a1f$dda96260$0300a8c0@bandwidthco.com> Subject: Julian Field in hospital Hi, I work with Jules at the University of Southampton and sadly we have to report that he was admitted to hospital on Friday having been found collapsed at home. He's currently in a critical condition in hospital, but is stable. Obviously there will not be any mailscanner development or maintenence by Jules for the immediate future, but we hope everyone on this list will join us in wishing him all the best towards a full recovery. We'll let the list know of significant changes in his condition, and in due course where get well messages or cards can be sent. If someone here has permissions to post the message on to the mailscanner announce list, please do so. -- Tim ########## Julian attempted to subtly tell us all a month ago or so how ill he was. It was surely a surprise to me how he could accomplish what he did under such circumstances. For Julian: You are one of the finest human beings I have never met and you have produced one of the most valuable software programs I have ever used. You are a gifted individual. We need you to get well soon and get back here with us all. ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From lhaig at haigmail.com Tue Feb 27 07:11:01 2007 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 27 06:16:20 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E3CB75.9020306@haigmail.com> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > I add my wishes to all the others on the list. I will keep Julian and his family in my thoughts during this difficult time. Please let us know wher we can send cards and flowers and things Lance From hvdkooij at vanderkooij.org Tue Feb 27 08:16:45 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Feb 27 07:22:13 2007 Subject: Strange Missing Mail In-Reply-To: References: Message-ID: On Tue, 27 Feb 2007, Jeff Mills wrote: > An email was sent to our system to three users, but for some reason, > only two of them received the email. ... > To: "User, Some" , > "Some User2" , > "Some User3" > X-OriginalArrivalTime: 26 Feb 2007 23:39:13.0599 (UTC) > FILETIME=[52520CF0:01C759FF] > From: > anotheruser@somedomain.com [Add to Whitelist | Add to Blacklist] > To: Some.User2@versacold.com.au > Some.User@versacold.com.au I say you need to verify the SMTP envelope. One can put in 1 thing in the To: section of the header and do something else completely by stating different address during SMTP setup. You need to verify your logs to find the real used addresses. Then it may make perfect sense. Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Tue Feb 27 08:26:44 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Feb 27 07:32:11 2007 Subject: Strange Missing Mail In-Reply-To: References: Message-ID: On Tue, 27 Feb 2007, Res wrote: > Maybe :) just change to Sendmail, unless you're hosting many domains then use > Qmail and all those nightmares will go away hehe :P There seems to be a lot of postfix bashing around here. But I have not seen someone do the rather obvious thing and bridge the gap of 2 philosofies. If someone can write a small helper in C for example it can listen all day for SMTP on port 10125 for example and write messages to a queue. And another little helper to do the other way around. I once saw a proposal in the archives once to do it in Perl but for a longterm job a C program seems more reasonable and effective solution. I, for one, have a number of reasons to keep running postfix. We have to support different vendors with solutions around postfix so using it myself is the best way to keep up to speed. And I have build some config options I can no longer figure out how to do with sendmail for example. Unfortunatly I have not gone past the 'hello world' stage on C coding so it is not something I can do myself (any time soon). Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From dhawal at netmagicsolutions.com Tue Feb 27 09:02:26 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 27 08:08:07 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E3E592.9080003@netmagicsolutions.com> This is indeed sad news.. and i pray for a very speedy recovery. Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. From Howard at harper-adams.ac.uk Tue Feb 27 10:51:29 2007 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Tue Feb 27 09:58:20 2007 Subject: Moving Quarantine Message-ID: Dear list I would like to move the whole quarantine directory to another partition to make better use of disk space and reduce the chance of running out of disk space on the /var partition which is getting fairly full. Am I right in adopting the following? Is it that simple? 1) stop mailscanner 2) copy quarantine to it's new location. 3) alter MailScanner.conf so it points to the new location. 4) restart MailScanner. Assuming this is correct does anything need changing in mailwatch or will it pick up the details from MailScanner.conf - it looks like it will? Thanks Regards Howard Robinson, (Senior Technical Development Officer), Harper Adams University College, Edgmond, Newport, Shropshire , TF10 8NB. Tel. Direct 01952 815253 Tel. Switch Board 01952 820280 Fax 01952 814783 Email hrobinson@harper-adams.ac.uk Web www.harper-adams.ac.uk From drew at technologytiger.net Tue Feb 27 13:01:27 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue Feb 27 12:07:05 2007 Subject: Strange Missing Mail In-Reply-To: References: Message-ID: <59759.194.70.180.170.1172577687.squirrel@www.technologytiger.net> On Tue, February 27, 2007 03:01, Jeff Mills wrote: > >> >> Best of luck, if your MTA is sendmail, look in the logs for >> the message, look for nrcpts=? this might give you a pointer >> as to if it hit your network at all. >> > > MTA is postfix.. Maybe this is one of those missing email problems that > the postfix developers keep harping on about ;) I doubt it as Postfix won't have split the queue file so the message will have either gone missing or been delivered. What is there in the logs? Can you post a log excerpt for the relevent message? (Postfix also logs number of recipients :) ) Oh and in answer to Res' switch to Sendmail/ qMail and you problems will go away, he missed a bit off the end which should say 'and you will have a host of different ones' :) Drew PS No Holy war here, I know Res will take the comment in the spirit intended ;) -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From res at ausics.net Tue Feb 27 13:16:07 2007 From: res at ausics.net (Res) Date: Tue Feb 27 12:21:36 2007 Subject: Strange Missing Mail In-Reply-To: <59759.194.70.180.170.1172577687.squirrel@www.technologytiger.net> References: <59759.194.70.180.170.1172577687.squirrel@www.technologytiger.net> Message-ID: On Tue, 27 Feb 2007, Drew Marshall wrote: > I doubt it as Postfix won't have split the queue file so the message will > have either gone missing or been delivered. What is there in the logs? Can > you post a log excerpt for the relevent message? (Postfix also logs number > of recipients :) ) > > Oh and in answer to Res' switch to Sendmail/ qMail and you problems will > go away, he missed a bit off the end which should say 'and you will have a > host of different ones' :) Yeah, like too much damned free time, and you end up sitting on lists and usenet all day :P > PS No Holy war here, I know Res will take the comment in the spirit > intended ;) lol... awwww come on, the wars fun tooooooo :) one day I'll get bored of picking on postmix and find something new...one day, not just yet though :) -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From shuttlebox at gmail.com Tue Feb 27 13:36:07 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Feb 27 12:41:34 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <625385e30702270436p10653aa4x7c9d604398dcf383@mail.gmail.com> On 2/26/07, Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. I'm sorry to hear this and I hope for a full and speedy recovery. Best wishes from Sweden. -- /peter From edwardbruce at sbcglobal.net Tue Feb 27 13:48:36 2007 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Tue Feb 27 12:54:04 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E428A4.8050409@sbcglobal.net> I too wish to express my hope for a speedy recovery for Jules. From john at tradoc.fr Tue Feb 27 14:15:45 2007 From: john at tradoc.fr (John Wilcock) Date: Tue Feb 27 13:21:17 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E42F01.6040405@tradoc.fr> Having been on the same undergraduate course as Julian at Southampton (and indeed a school friend from sixth form before that) I can but add my own personal best wishes to those already expressed by other list members. Here's to hoping that the sheer volume of good wishes will whisk Julian to a speedy recovery. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From dave.list at pixelhammer.com Tue Feb 27 14:40:56 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 27 13:46:30 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E434E8.5010702@pixelhammer.com> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > Where might we send cards and or flowers? Not sure what the custom is in England for wishing good health, please let us know. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From martinh at solidstatelogic.com Tue Feb 27 14:47:38 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Feb 27 13:53:14 2007 Subject: Julian Field in hospital In-Reply-To: <45E434E8.5010702@pixelhammer.com> Message-ID: Dave If he's in hospital they'll be no flowers allowed. I guess he's in Southampton General..can someone provide ward details and please print out all these emails for him please.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of DAve > Sent: 27 February 2007 13:41 > To: MailScanner discussion > Subject: Re: Julian Field in hospital > > Tim Chown wrote: > > Hi, > > > > I work with Jules at the University of Southampton and sadly we have > > to report that he was admitted to hospital on Friday having been > > found collapsed at home. > > > > He's currently in a critical condition in hospital, but is stable. > > > > Obviously there will not be any mailscanner development or maintenence > > by Jules for the immediate future, but we hope everyone on this list > > will join us in wishing him all the best towards a full recovery. > > > > We'll let the list know of significant changes in his condition, and > > in due course where get well messages or cards can be sent. > > > > If someone here has permissions to post the message on to the > mailscanner > > announce list, please do so. > > > > Where might we send cards and or flowers? Not sure what the custom is in > England for wishing good health, please let us know. > > DAve > > -- > Three years now I've asked Google why they don't have a > logo change for Memorial Day. Why do they choose to do logos > for other non-international holidays, but nothing for > Veterans? > > Maybe they forgot who made that choice possible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From brian.duncan at kattenlaw.com Tue Feb 27 14:59:41 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Tue Feb 27 14:05:13 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> I have no idea how the stuff like this works, but if someone closer to Julian than any of us (Tim Chown?) Could organize a method to donate on-line to a "get well" gift for Julian, it would be a nice gesture to Julian to show him we are all thinking about him and wish him a speedy recovery. I have no idea what the rules are with Pay Pal, just an idea. Get well Julian! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Tim Chown > Sent: Monday, February 26, 2007 10:37 AM > To: mailscanner@lists.mailscanner.info > Subject: Julian Field in hospital > > Hi, > > I work with Jules at the University of Southampton and sadly > we have to report that he was admitted to hospital on Friday > having been found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or > maintenence by Jules for the immediate future, but we hope > everyone on this list will join us in wishing him all the > best towards a full recovery. > > We'll let the list know of significant changes in his > condition, and in due course where get well messages or cards > can be sent. > > If someone here has permissions to post the message on to the > mailscanner announce list, please do so. > > -- > Tim > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From srhitch at mecheng1.uwaterloo.ca Tue Feb 27 15:11:32 2007 From: srhitch at mecheng1.uwaterloo.ca (Steve Hitchman) Date: Tue Feb 27 14:17:37 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <018201c75a79$34769dc0$202e6181@NEXUS.UWATERLOO.CA> Best wishes from Canada Julian. Get well soon! Steve > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Tim Chown > Sent: February 26, 2007 11:37 AM > To: mailscanner@lists.mailscanner.info > Subject: Julian Field in hospital > > Hi, > > I work with Jules at the University of Southampton and sadly > we have to report that he was admitted to hospital on Friday > having been found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or > maintenence by Jules for the immediate future, but we hope > everyone on this list will join us in wishing him all the > best towards a full recovery. > > We'll let the list know of significant changes in his > condition, and in due course where get well messages or cards > can be sent. > > If someone here has permissions to post the message on to the > mailscanner announce list, please do so. > > -- > Tim > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From richard.siddall at elirion.net Tue Feb 27 15:27:40 2007 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue Feb 27 14:33:50 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> Message-ID: <45E43FDC.5060506@elirion.net> Duncan, Brian M. wrote: > I have no idea how the stuff like this works, but if someone closer to > Julian than any of us (Tim Chown?) > > Could organize a method to donate on-line to a "get well" gift for > Julian, it would be a nice gesture to Julian > to show him we are all thinking about him and wish him a speedy > recovery. > > I have no idea what the rules are with Pay Pal, just an idea. > > Get well Julian! I would think the standard MailScanner donation page would work: http://www.mailscanner.info/donate.html It's probably set up as a business account, so Julian will lose about 2% of everything you donate, but at least it's up and working. There's also his Amazon wish list on the same page... Regards, Richard. From bbecken at aafp.org Tue Feb 27 15:28:22 2007 From: bbecken at aafp.org (Brad Beckenhauer) Date: Tue Feb 27 14:34:08 2007 Subject: Julian Field in hospital Message-ID: <45E3EBA602000068000C7BB6@MTA.AAFP.ORG> That is indeed very sad news.. Best wishes from Missouri U.S.A. -- Brad >>> Tim Chown 02/26/07 10:36 AM >>> Hi, I work with Jules at the University of Southampton and sadly we have to report that he was admitted to hospital on Friday having been found collapsed at home. He's currently in a critical condition in hospital, but is stable. Obviously there will not be any mailscanner development or maintenence by Jules for the immediate future, but we hope everyone on this list will join us in wishing him all the best towards a full recovery. We'll let the list know of significant changes in his condition, and in due course where get well messages or cards can be sent. If someone here has permissions to post the message on to the mailscanner announce list, please do so. -- Tim -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Tue Feb 27 15:31:45 2007 From: res at ausics.net (Res) Date: Tue Feb 27 14:37:17 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> Message-ID: On Tue, 27 Feb 2007, Duncan, Brian M. wrote: > > > I have no idea how the stuff like this works, but if someone closer to > Julian than any of us (Tim Chown?) > > Could organize a method to donate on-line to a "get well" gift for > Julian, it would be a nice gesture to Julian > to show him we are all thinking about him and wish him a speedy > recovery. > I completely support this idea -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From glenn.steen at gmail.com Tue Feb 27 15:46:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 27 14:52:10 2007 Subject: Moving Quarantine In-Reply-To: References: Message-ID: <223f97700702270646r35a9835cq7d5c96c9951484df@mail.gmail.com> On 27/02/07, Howard Robinson wrote: > Dear list > I would like to move the whole quarantine directory to another > partition to make better use of disk space and reduce the chance of > running out of disk space on the /var partition which is getting fairly > full. > > Am I right in adopting the following? Is it that simple? > 1) stop mailscanner > 2) copy quarantine to it's new location. > 3) alter MailScanner.conf so it points to the new location. > 4) restart MailScanner. > > Assuming this is correct does anything need changing in mailwatch or > will it pick up the details from MailScanner.conf - it looks like it > will? > > Thanks > Should be taht simple, yes. If you want to play it safe, a) use a tar-copy (or similar measure) to preserve rights/ownership, b) after the copy, instead of changing your config, use mount to make the new quarantine available at the "old place"... Modern linux distros will let you do --bind mounts (appeared with the 2.4 kernel), so perhaps use that...:) But basically you are correct, your list should work fine too. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dyioulos at firstbhph.com Tue Feb 27 15:49:26 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue Feb 27 14:55:02 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <200702270949.26577.dyioulos@firstbhph.com> On Monday 26 February 2007 11:36 am, Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > -- > Tim > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Might I add my prayers and best wishes for a speedy and full recovery for our beloved Julian. Dimitri PS - Tim, I and perhaps others, would like to send a card to Julian (I feel it's much more personal than email). If you could provide us with an address (maybe at the University?), that would be great. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brian.duncan at kattenlaw.com Tue Feb 27 15:49:59 2007 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Tue Feb 27 14:55:37 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? References: <20070226163637.GC29278@login.ecs.soton.ac.uk><65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> <45E43FDC.5060506@elirion.net> Message-ID: <65234743FE1555428435CE39E6AC4078B38D41@CHI-US-EXCH-01.us.kmz.com> I have already donated to the project in the past. I am talking about something specific to this situation. Something we all do/get together. I know we could all dump some cash in the MailScanner donation page, I figured something specific to this situation would be more personal and heartfelt. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Richard Siddall > Sent: Tuesday, February 27, 2007 8:28 AM > To: MailScanner discussion > Subject: Re: PayPal or some other form of on-line donation > for a "get well" gift for Julian? -- Tim Chown? > > Duncan, Brian M. wrote: > > I have no idea how the stuff like this works, but if > someone closer to > > Julian than any of us (Tim Chown?) > > > > Could organize a method to donate on-line to a "get well" gift for > > Julian, it would be a nice gesture to Julian to show him we are all > > thinking about him and wish him a speedy recovery. > > > > I have no idea what the rules are with Pay Pal, just an idea. > > > > Get well Julian! > > I would think the standard MailScanner donation page would work: > http://www.mailscanner.info/donate.html > > It's probably set up as a business account, so Julian will > lose about 2% of everything you donate, but at least it's up > and working. > > There's also his Amazon wish list on the same page... > > Regards, > > Richard. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From rgreen at trayerproducts.com Tue Feb 27 16:03:03 2007 From: rgreen at trayerproducts.com (Rodney Green) Date: Tue Feb 27 15:08:57 2007 Subject: SpamAssassin 3.1.8 Message-ID: <45E44827.5080901@trayerproducts.com> Hello, Has anyone here installed the new version (3.1.8) of SpamAssassin? Any problems with it running with MailScanner? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From derek at csolve.net Tue Feb 27 16:02:45 2007 From: derek at csolve.net (Derek Buttineau) Date: Tue Feb 27 15:09:37 2007 Subject: Black List and Max Spam Check Size Message-ID: <88B8753C-2575-466F-B086-3D8C8E56C697@csolve.net> Hey all, Ran into a bit of an issue with the 4.58.9 release and the way the Max Spam Check Size is implemented. In Message.pm the Max Spam Check Size skip is ahead of the Black List check, which allows a sender to bypass the blacklist simply by sending a message larger than what's defined. I've included a patch that moves the Max Size check below the Blacklist/Whitelist check, if everything is in order could this perhaps be incorporated in the next release? Or if there's a reason that it should come before the list check that I'm missing, please let me know. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.4.58.9.patch Type: application/octet-stream Size: 2021 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070227/165967a7/Message.pm.4.58.9.obj -------------- next part -------------- -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From P.G.M.Peters at utwente.nl Tue Feb 27 16:06:47 2007 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Tue Feb 27 15:12:29 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E44907.5030400@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Chown wrote on 26-2-2007 17:36: > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. Best wishes for a speedy recovery. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5EkHelLo80lrIdIRAt+fAJ4ooWj+8OzxPNmf+oS/O1dhIz2sxQCgjJD1 6On2CK/pmeEbtwrkhCZp1Wc= =tmx2 -----END PGP SIGNATURE----- From Richard.Frovarp at sendit.nodak.edu Tue Feb 27 16:12:16 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Feb 27 15:17:41 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <45E44827.5080901@trayerproducts.com> References: <45E44827.5080901@trayerproducts.com> Message-ID: <45E44A50.3080005@sendit.nodak.edu> Rodney Green wrote: > Hello, > > Has anyone here installed the new version (3.1.8) of SpamAssassin? Any > problems with it running with MailScanner? > > Thanks, > Rod > > > No problems here. From john at katy.com Tue Feb 27 16:28:23 2007 From: john at katy.com (John Schmerold) Date: Tue Feb 27 15:33:50 2007 Subject: VPS servers Message-ID: <45E44E17.7010107@katy.com> Anyone successfully using VPS servers for backup &/or primary MailScanner gateway servers? I'm rather skeptical OTOH, the economics are enticing. Shared experiences would be helpful. From mailscanner at yeticomputers.com Tue Feb 27 17:16:52 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Tue Feb 27 16:22:23 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E45974.3030002@yeticomputers.com> Best wishes from Florida. Get well soon, Julian. Rick From derek at csolve.net Tue Feb 27 17:25:17 2007 From: derek at csolve.net (Derek Buttineau) Date: Tue Feb 27 16:31:10 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <4D226666-7D86-41A2-834B-C8E20764367E@csolve.net> Best wishes from Canada Julian. Get well soon! -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From ssilva at sgvwater.com Tue Feb 27 17:39:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 27 16:44:53 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <45E44A50.3080005@sendit.nodak.edu> References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> Message-ID: Richard Frovarp spake the following on 2/27/2007 7:12 AM: > Rodney Green wrote: >> Hello, >> >> Has anyone here installed the new version (3.1.8) of SpamAssassin? Any >> problems with it running with MailScanner? >> >> Thanks, >> Rod >> >> >> > No problems here. Great here, too! I even had some free time and hacked Julian's spamassassin-clamav tarball with it and clam 0.90 and clam module 0.20. All are working wonderfully! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Tue Feb 27 17:50:35 2007 From: ka at pacific.net (Ken A) Date: Tue Feb 27 16:52:03 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38D41@CHI-US-EXCH-01.us.kmz.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk><65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> <45E43FDC.5060506@elirion.net> <65234743FE1555428435CE39E6AC4078B38D41@CHI-US-EXCH-01.us.kmz.com> Message-ID: <45E4615B.1000901@pacific.net> Duncan, Brian M. wrote: > I have already donated to the project in the past. > > I am talking about something specific to this situation. > > Something we all do/get together. > > I know we could all dump some cash in the MailScanner donation page, I > figured something specific to this situation would be more personal and > heartfelt. > FSL or Blacknight? You have websites, and are trusted on this list, I think :-). How about it? Maybe put up a "get well" page, linked to a paypal account? Julian's wish list is a good starting point for ideas. http://www.amazon.co.uk/gp/registry/1W99HT2WWW5PB/ref=wl_s_3/203-5532969-2187136 Any news? Ken A. Pacific.Net > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Richard Siddall >> Sent: Tuesday, February 27, 2007 8:28 AM >> To: MailScanner discussion >> Subject: Re: PayPal or some other form of on-line donation >> for a "get well" gift for Julian? -- Tim Chown? >> >> Duncan, Brian M. wrote: >>> I have no idea how the stuff like this works, but if >> someone closer to >>> Julian than any of us (Tim Chown?) >>> >>> Could organize a method to donate on-line to a "get well" gift for >>> Julian, it would be a nice gesture to Julian to show him we are all >>> thinking about him and wish him a speedy recovery. >>> >>> I have no idea what the rules are with Pay Pal, just an idea. >>> >>> Get well Julian! >> I would think the standard MailScanner donation page would work: >> http://www.mailscanner.info/donate.html >> >> It's probably set up as a business account, so Julian will >> lose about 2% of everything you donate, but at least it's up >> and working. >> >> There's also his Amazon wish list on the same page... >> >> Regards, >> >> Richard. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > =========================================================== > CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. > =========================================================== > CONFIDENTIALITY NOTICE: > This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. > =========================================================== > NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). > =========================================================== From denis at croombs.org Tue Feb 27 17:56:12 2007 From: denis at croombs.org (denis@croombs.org) Date: Tue Feb 27 17:01:39 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> Message-ID: <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> > Richard Frovarp spake the following on 2/27/2007 7:12 AM: >> Rodney Green wrote: >>> Hello, >>> >>> Has anyone here installed the new version (3.1.8) of SpamAssassin? Any >>> problems with it running with MailScanner? >>> >>> Thanks, >>> Rod >>> >>> >>> >> No problems here. > Great here, too! > I even had some free time and hacked Julian's spamassassin-clamav tarball > with > it and clam 0.90 and clam module 0.20. > All are working wonderfully! Hi Are you able to share that tarball ? I could do with a copy. Regards Denis From q at snj.ca Tue Feb 27 18:12:01 2007 From: q at snj.ca (Quintin Giesbrecht) Date: Tue Feb 27 17:18:13 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? In-Reply-To: References: <20070226163637.GC29278@login.ecs.soton.ac.uk><65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> Message-ID: <2BE78592B3B1824F97A2685E96221F6234EB3C@mail.snj.mb.ca> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res Sent: Tuesday, February 27, 2007 8:32 AM To: MailScanner discussion Subject: Re: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? On Tue, 27 Feb 2007, Duncan, Brian M. wrote: > > > I have no idea how the stuff like this works, but if someone closer to > Julian than any of us (Tim Chown?) > > Could organize a method to donate on-line to a "get well" gift for > Julian, it would be a nice gesture to Julian to show him we are all > thinking about him and wish him a speedy recovery. > I completely support this idea __________________________________________________________ I support this idea as well! Quintin Giesbrecht IT Manager ----- Smith Neufeld Jodoin LLP 85 PTH 12 North Steinbach, MB R5G 1A7 Office: 204.326.3442 Direct Line: 204.346.5106 q@snj.ca From ssilva at sgvwater.com Tue Feb 27 18:30:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 27 17:36:07 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> Message-ID: denis@croombs.org spake the following on 2/27/2007 8:56 AM: >> Richard Frovarp spake the following on 2/27/2007 7:12 AM: >>> Rodney Green wrote: >>>> Hello, >>>> >>>> Has anyone here installed the new version (3.1.8) of SpamAssassin? Any >>>> problems with it running with MailScanner? >>>> >>>> Thanks, >>>> Rod >>>> >>>> >>>> >>> No problems here. >> Great here, too! >> I even had some free time and hacked Julian's spamassassin-clamav tarball >> with >> it and clam 0.90 and clam module 0.20. >> All are working wonderfully! > Hi > > Are you able to share that tarball ? > I could do with a copy. > > Regards > > Denis > http://tinyurl.com/yuu4rc -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Tue Feb 27 18:30:40 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 27 17:36:55 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E46AC0.6070702@nkpanama.com> Best wishes for a speedy recovery from Panama... Our thoughts go to Julian and his family... From chandler.lists at chapman.edu Tue Feb 27 20:59:09 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Tue Feb 27 20:04:38 2007 Subject: Message Too Large Message-ID: <45E48D8D.1020700@chapman.edu> First, best wishes to Julian. Secondly, I'm getting a few spam messages tagged "Not spam (too large)." Has anyone else seen this? If so, what did you do to correct for it? I'm leery of increasing the message size within MailScanner without checking with those more knowledgeable than myself. From ssilva at sgvwater.com Tue Feb 27 21:01:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 27 20:07:07 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> Message-ID: Scott Silva spake the following on 2/27/2007 9:30 AM: > denis@croombs.org spake the following on 2/27/2007 8:56 AM: >>> Richard Frovarp spake the following on 2/27/2007 7:12 AM: >>>> Rodney Green wrote: >>>>> Hello, >>>>> >>>>> Has anyone here installed the new version (3.1.8) of SpamAssassin? Any >>>>> problems with it running with MailScanner? >>>>> >>>>> Thanks, >>>>> Rod >>>>> >>>>> >>>>> >>>> No problems here. >>> Great here, too! >>> I even had some free time and hacked Julian's spamassassin-clamav tarball >>> with >>> it and clam 0.90 and clam module 0.20. >>> All are working wonderfully! >> Hi >> >> Are you able to share that tarball ? >> I could do with a copy. >> >> Regards >> >> Denis >> > http://tinyurl.com/yuu4rc > > Does anybody have some good links to file hosting sites? Places to put stuff like this. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From prandal at herefordshire.gov.uk Tue Feb 27 21:17:55 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 27 20:23:27 2007 Subject: SpamAssassin 3.1.8 Message-ID: <79755AA4E018084793EE618A2731F24C03A5ED@HC-MBX01.herefordshire.gov.uk> It's really easy to update using a slightly modified copy of Julian's install-Clam-0.88.7-SA-3.1.7.tar.gz. Unpack, drop Mail-SpamAssassin-3.1.8.tar.gz, clamav-0.90.tar.gz, and Mail-ClamAV-0.20.tar.gz into the perl-tar subdirectory. Then edit install.sh changing version numbers for ClamAV, Mail-ClamAV, and spamassassin. Then run install.sh and all's happy. If you haven't got Mail-ClamAV-0.20.tar.gz to hand, don't update Mail::ClamAV at this stage but install it from CPAN afterwards - perl -MCPAN -e shell install Mail::ClamAV quit and then restart MailScanner. If you're using clamavmodule as one of your virus scanners, you'll probably want to change a line in MailScanner.conf to something like this (all on one line): Monitors for ClamAV Updates = /usr/local/share/clamav/daily.inc/daily.info /usr/local/share/clamav/*.?db I monitor the second wildcard filename because we use the MSRBL and SameSecurity additional patterns with ClamAV. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rodney Green Sent: Tuesday, February 27, 2007 3:03 PM To: MailScanner discussion Subject: SpamAssassin 3.1.8 Hello, Has anyone here installed the new version (3.1.8) of SpamAssassin? Any problems with it running with MailScanner? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dyioulos at firstbhph.com Tue Feb 27 21:23:57 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue Feb 27 20:29:33 2007 Subject: Message Too Large In-Reply-To: <45E48D8D.1020700@chapman.edu> References: <45E48D8D.1020700@chapman.edu> Message-ID: <200702271523.57237.dyioulos@firstbhph.com> On Tuesday 27 February 2007 2:59 pm, Jay Chandler wrote: > First, best wishes to Julian. > > Secondly, I'm getting a few spam messages tagged "Not spam (too large)." > > Has anyone else seen this? If so, what did you do to correct for it? > I'm leery of increasing the message size within MailScanner without > checking with those more knowledgeable than myself. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Yes. I adjusted the "Max Spam Check Size" in MailScanner.conf. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at technologytiger.net Tue Feb 27 21:29:24 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue Feb 27 20:34:55 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> Message-ID: <8CBB56FD-5E3E-42E9-9A9B-B5194072A06D@technologytiger.net> On 27 Feb 2007, at 20:01, Scott Silva wrote: > Does anybody have some good links to file hosting sites? > Places to put stuff like this. While Jules is out of action, why not mail Michele or Paul at Blacknight and see if they can drop it into the MailScanner site? That way the 'Julian easy to install package' is kept up todate and is a bit less for him to do when he gets out. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From Sylvain.Phaneuf at imsu.ox.ac.uk Tue Feb 27 21:37:26 2007 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Tue Feb 27 20:43:00 2007 Subject: Julian Field in hospital In-Reply-To: <45E46AC0.6070702@nkpanama.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E46AC0.6070702@nkpanama.com> Message-ID: <45E4968A.FEA8.00EB.0@imsu.ox.ac.uk> Julian you must have learned enough French after asking so many times for translation for the language.cong file: Nous pensons tr?s fort ? toi Julian. Meilleurs voeux et prompt r?tablissement! Sylvain Oxford From csweeney at osubucks.org Tue Feb 27 21:40:21 2007 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Feb 27 20:45:58 2007 Subject: SpamAssassin 3.1.8 Clam install file In-Reply-To: References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> Message-ID: <45E49735.9080603@osubucks.org> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5188 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070227/1837161b/smime.bin From ssilva at sgvwater.com Tue Feb 27 21:52:49 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 27 20:58:33 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <79755AA4E018084793EE618A2731F24C03A5ED@HC-MBX01.herefordshire.gov.uk> References: <79755AA4E018084793EE618A2731F24C03A5ED@HC-MBX01.herefordshire.gov.uk> Message-ID: Randal, Phil spake the following on 2/27/2007 12:17 PM: > It's really easy to update using a slightly modified copy of Julian's > install-Clam-0.88.7-SA-3.1.7.tar.gz. > > Unpack, drop Mail-SpamAssassin-3.1.8.tar.gz, clamav-0.90.tar.gz, and > Mail-ClamAV-0.20.tar.gz into the perl-tar subdirectory. > > Then edit install.sh changing version numbers for ClamAV, Mail-ClamAV, > and spamassassin. > > Then run install.sh and all's happy. If you haven't got > Mail-ClamAV-0.20.tar.gz to hand, don't update Mail::ClamAV at this stage > but install it from CPAN afterwards - > > perl -MCPAN -e shell > install Mail::ClamAV > quit <> I didn't say it was hard, I just wanted to give a little more back. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From andy at tireswing.net Tue Feb 27 21:54:03 2007 From: andy at tireswing.net (Andy Norris) Date: Tue Feb 27 21:02:40 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <200702272053.l1RKrdEn001293@tireweb.arsalon.net> Best wishes for a strong and swift recovery from Lawrence, KS. Would be great if there were enough honor among the spammers subscribed to this list to give it one day off in honor of such a formidable adversary as Julian has been to their like. Anyway, I will be optimistically awaiting an update to his condition. Best, Andy Norris From technician at cenpac.net.nr Tue Feb 27 22:01:20 2007 From: technician at cenpac.net.nr (Jon Leeman) Date: Tue Feb 27 21:06:33 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E49C20.7030106@cenpac.net.nr> A speedy recovery and the very best wishes from Nauru in the Central Pacific. Jon Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > From hvdkooij at vanderkooij.org Tue Feb 27 22:54:48 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Feb 27 22:00:18 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> Message-ID: On Tue, 27 Feb 2007, Scott Silva wrote: > Does anybody have some good links to file hosting sites? > Places to put stuff like this. Not really. But if needed I can put it somewhere on server in a hosting centre. If you provide an atomic directory with a description page and the patch(es) I can put it up somewhere as part of a website. I could even make it subhost if you like. If you are interrested I suggest you contact me off-list to work out the details. Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From alex at nkpanama.com Tue Feb 27 23:04:20 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 27 22:10:31 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> Message-ID: <45E4AAE4.2030502@nkpanama.com> Hugo van der Kooij wrote: > On Tue, 27 Feb 2007, Scott Silva wrote: > >> Does anybody have some good links to file hosting sites? >> Places to put stuff like this. > > Not really. But if needed I can put it somewhere on server in a > hosting centre. If you provide an atomic directory with a description > page and the patch(es) I can put it up somewhere as part of a website. > > I could even make it subhost if you like. If you are interrested I > suggest you contact me off-list to work out the details. > > Hugo. > If it's ok I'd be happy to supply a place to mirror stuff from, available by http: and/or ftp. From res at ausics.net Tue Feb 27 23:07:11 2007 From: res at ausics.net (Res) Date: Tue Feb 27 22:12:53 2007 Subject: Message Too Large In-Reply-To: <45E48D8D.1020700@chapman.edu> References: <45E48D8D.1020700@chapman.edu> Message-ID: On Tue, 27 Feb 2007, Jay Chandler wrote: > First, best wishes to Julian. > > Secondly, I'm getting a few spam messages tagged "Not spam (too large)." > > Has anyone else seen this? If so, what did you do to correct for it? I'm > leery of increasing the message size within MailScanner without checking with > those more knowledgeable than myself. A few of us have upped the figure to larger than out MTA level, ensuring this test is applied to all mail. This was recommended by Julian. My settings Max Spam Check Size = 11000000 -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From james.gray at dot.com.au Tue Feb 27 23:08:47 2007 From: james.gray at dot.com.au (James Gray) Date: Tue Feb 27 22:30:35 2007 Subject: Julian Field in hospital References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: Tim Chown wrote: > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. Our hearts and thoughts go out to Julian and those who are close to him. Best wishes and get well soon from Sydney Australia. Regards, -- Jammes Gray james@grayoffline.id.au s/off/on/ Senior Unix Administrator Sydney, NSW, Australia Let a fool hold his tongue and he will pass for a sage. -- Publilius Syrus From dave.list at pixelhammer.com Tue Feb 27 23:45:28 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Feb 27 22:51:02 2007 Subject: Julian Field in hospital In-Reply-To: References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E4B488.8070001@pixelhammer.com> James Gray wrote: > Tim Chown wrote: > >> I work with Jules at the University of Southampton and sadly we have >> to report that he was admitted to hospital on Friday having been >> found collapsed at home. >> >> He's currently in a critical condition in hospital, but is stable. > > Our hearts and thoughts go out to Julian and those who are close to him. > Best wishes and get well soon from Sydney Australia. > > Regards, > We need a world map with a push pin for every "Get Well Soon" I've seen today... DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From tjc at ecs.soton.ac.uk Tue Feb 27 23:48:34 2007 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Tue Feb 27 22:54:21 2007 Subject: Julian Field in hospital In-Reply-To: References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <20070227224833.GC6003@login.ecs.soton.ac.uk> Hi, Thanks everyone for their kind words. We're saving messages and will be sure to pass them to Jules as and when he can appreciate them. I'm sure his parents who are at his bedside will also be very grateful for all the good wishes from around the world. I visited the hospital today. Jules is still in a very critical condition, though in the last 24 hours he has not had any setbacks and has had his drug level reduced slightly. We'll also make a contact point public for cards, etc as soon as it's practical to deliver them to him. I'll keep updates flowing and will check the list daily to save out the messages for him. Thanks again, -- Tim From Kevin_Miller at ci.juneau.ak.us Wed Feb 28 00:05:08 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Feb 27 23:10:30 2007 Subject: Julian Field in hospital In-Reply-To: <20070227224833.GC6003@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070227224833.GC6003@login.ecs.soton.ac.uk> Message-ID: Tim Chown wrote: > I'll keep updates flowing and will check the list daily to save out > the messages for him. Thanks Tim. He's in my thoughts and prayers here in the frozen north... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From hvdkooij at vanderkooij.org Wed Feb 28 00:15:27 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Feb 27 23:20:58 2007 Subject: Message Too Large In-Reply-To: References: <45E48D8D.1020700@chapman.edu> Message-ID: On Wed, 28 Feb 2007, Res wrote: > On Tue, 27 Feb 2007, Jay Chandler wrote: > >> First, best wishes to Julian. >> >> Secondly, I'm getting a few spam messages tagged "Not spam (too large)." >> >> Has anyone else seen this? If so, what did you do to correct for it? I'm >> leery of increasing the message size within MailScanner without checking >> with those more knowledgeable than myself. > > A few of us have upped the figure to larger than out MTA level, ensuring this > test is applied to all mail. This was recommended by Julian. > > My settings Max Spam Check Size = 11000000 So you scan anything up to 11 MB for SPAM? Frankly I have never seens SPAM over 100kB in size. Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From dfilchak at sympatico.ca Wed Feb 28 00:18:54 2007 From: dfilchak at sympatico.ca (Dave Filchak) Date: Tue Feb 27 23:25:22 2007 Subject: Best Wishes from Toronto Message-ID: <45E4BC5E.6070700@sympatico.ca> My very best wishes for your speedy return to health. My thoughts and those of all the people I work with are with you and your family. Dave Filchak - President Zuka Inc. | ShareView www.zuka.net | www.shareview.ca -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Wed Feb 28 00:23:48 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Feb 27 23:29:17 2007 Subject: Julian Field in hospital In-Reply-To: <20070227224833.GC6003@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070227224833.GC6003@login.ecs.soton.ac.uk> Message-ID: <006101c75ac6$55e08370$01a18a50$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Tim Chown > Sent: Tuesday, February 27, 2007 5:49 PM > To: MailScanner discussion > Subject: Re: Julian Field in hospital > > Hi, > > Thanks everyone for their kind words. We're saving messages and will > be sure to pass them to Jules as and when he can appreciate them. I'm > sure his parents who are at his bedside will also be very grateful for > all the good wishes from around the world. > > I visited the hospital today. Jules is still in a very critical > condition, though in the last 24 hours he has not had any setbacks and > has had his drug level reduced slightly. > > We'll also make a contact point public for cards, etc as soon as it's > practical to deliver them to him. > > I'll keep updates flowing and will check the list daily to save out the > messages for him. > > Thanks again, > > -- > Tim > Thanks Tim for the update. This is encouraging news. Julian is not only our business partner but a very good friend and one of the nicest, best people I know. All of us here want him back and well as soon as possible! I'm keeping a collection of all the wonderful email you all have sent and will probably have put together into a little presentation package for when he's well enough to read them. As for gifts, cards etc. Julian's donation page / wish list is the easiest way to send a present. As far as setting up a web page for donations, I don't think that really necessary. If any of you want to send cash, you can send to paypay@fsl.com, Just mark it "Well deserved loot for Julian". I know he'll appreciate that sentiment :). We'll keep the funds in a separate tank and let him buy what he wants to help him through the boring parts of his recovery. Thanks to all for the wishes and prayers. We'll make sure he sees how many friends are pulling for his speedy recovery as soon as he's able. Steve and the rest of Julian's friend at FSL. Steve Swaney steve@fsl.com From ka at pacific.net Wed Feb 28 00:47:32 2007 From: ka at pacific.net (Ken A) Date: Tue Feb 27 23:49:00 2007 Subject: Julian Field in hospital In-Reply-To: <006101c75ac6$55e08370$01a18a50$@swaney@fsl.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070227224833.GC6003@login.ecs.soton.ac.uk> <006101c75ac6$55e08370$01a18a50$@swaney@fsl.com> Message-ID: <45E4C314.3090100@pacific.net> Stephen Swaney wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Tim Chown >> Sent: Tuesday, February 27, 2007 5:49 PM >> To: MailScanner discussion >> Subject: Re: Julian Field in hospital >> >> Hi, >> >> Thanks everyone for their kind words. We're saving messages and will >> be sure to pass them to Jules as and when he can appreciate them. I'm >> sure his parents who are at his bedside will also be very grateful for >> all the good wishes from around the world. >> >> I visited the hospital today. Jules is still in a very critical >> condition, though in the last 24 hours he has not had any setbacks and >> has had his drug level reduced slightly. >> >> We'll also make a contact point public for cards, etc as soon as it's >> practical to deliver them to him. >> >> I'll keep updates flowing and will check the list daily to save out the >> messages for him. >> >> Thanks again, >> >> -- >> Tim >> > > Thanks Tim for the update. This is encouraging news. > > Julian is not only our business partner but a very good friend and one of > the nicest, best people I know. All of us here want him back and well as > soon as possible! > > I'm keeping a collection of all the wonderful email you all have sent and > will probably have put together into a little presentation package for when > he's well enough to read them. > > As for gifts, cards etc. Julian's donation page / wish list is the easiest > way to send a present. As far as setting up a web page for donations, I > don't think that really necessary. If any of you want to send cash, you can > send to paypay@fsl.com, Just mark it "Well deserved loot for Julian". I know > he'll appreciate that sentiment :). We'll keep the funds in a separate tank > and let him buy what he wants to help him through the boring parts of his > recovery. Steve, Thanks! "Well deserved loot for Julian" is right. Ken A. Pacific.Net > Thanks to all for the wishes and prayers. We'll make sure he sees how many > friends are pulling for his speedy recovery as soon as he's able. > > Steve and the rest of Julian's friend at FSL. > > Steve Swaney > steve@fsl.com > From pete at enitech.com.au Wed Feb 28 00:51:38 2007 From: pete at enitech.com.au (Peter Russell) Date: Tue Feb 27 23:57:13 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? In-Reply-To: <2BE78592B3B1824F97A2685E96221F6234EB3C@mail.snj.mb.ca> References: <20070226163637.GC29278@login.ecs.soton.ac.uk><65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> <2BE78592B3B1824F97A2685E96221F6234EB3C@mail.snj.mb.ca> Message-ID: <45E4C40A.7050908@enitech.com.au> count me in Quintin Giesbrecht wrote: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: Tuesday, February 27, 2007 8:32 AM > To: MailScanner discussion > Subject: Re: PayPal or some other form of on-line donation for a "get > well" gift for Julian? -- Tim Chown? > > On Tue, 27 Feb 2007, Duncan, Brian M. wrote: > >> >> I have no idea how the stuff like this works, but if someone closer to > >> Julian than any of us (Tim Chown?) >> >> Could organize a method to donate on-line to a "get well" gift for >> Julian, it would be a nice gesture to Julian to show him we are all >> thinking about him and wish him a speedy recovery. >> > > I completely support this idea > > __________________________________________________________ > > I support this idea as well! > > Quintin Giesbrecht > IT Manager > ----- > Smith Neufeld Jodoin LLP > 85 PTH 12 North > Steinbach, MB R5G 1A7 > Office: 204.326.3442 > Direct Line: 204.346.5106 > q@snj.ca From chandler.lists at chapman.edu Wed Feb 28 01:07:39 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 28 00:13:15 2007 Subject: URIBL False Positives Message-ID: <45E4C7CB.3050305@chapman.edu> I've gotten a few false positives on URIBL_BLACK. I've checked every URL in the message, and it's NOT listed. What should my next troubleshooting step be? -- Jay From am.lists at gmail.com Wed Feb 28 01:31:25 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 28 00:36:57 2007 Subject: Quick question: Prepending subject Message-ID: <25a66d840702271631r1fb90b6crfdfa0e4228e0a605@mail.gmail.com> Currently, my low score is store/notify. I want to change it to store/deliver/prepend the subject with [spam?]. But prepending the subject doesn't seem to be a valid "Spam Action" setting. SA can do this, but that seems to be ignored when SA is invoked from MS. What am I missing? Angelo From ssilva at sgvwater.com Wed Feb 28 01:44:02 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 28 00:49:41 2007 Subject: Quick question: Prepending subject In-Reply-To: <25a66d840702271631r1fb90b6crfdfa0e4228e0a605@mail.gmail.com> References: <25a66d840702271631r1fb90b6crfdfa0e4228e0a605@mail.gmail.com> Message-ID: am.lists spake the following on 2/27/2007 4:31 PM: > Currently, my low score is store/notify. I want to change it to > store/deliver/prepend the subject with [spam?]. > > But prepending the subject doesn't seem to be a valid "Spam Action" > setting. > > SA can do this, but that seems to be ignored when SA is invoked from MS. > > What am I missing? > > Angelo Look in mailscanner.conf for the following and modify to suit; # If the message is spam, do you want to modify the subject line? # This can be 1 of 4 values: # no = Do not modify the subject line, or # start = Add text to the start of the subject line, or <<<<<< # yes = Add text to the start of the subject line, or <<<<<< # end = Add text to the end of the subject line. # This makes filtering in Outlook very easy. # This can also be the filename of a ruleset. Spam Modify Subject = end # This is the text to add to the start of the subject if the # "Spam Modify Subject" option is set. # The exact string "_SCORE_" will be replaced by the numeric # SpamAssassin score. # The exact string "_STARS_" will be replaced by a row of stars # whose length is the SpamAssassin score. # This can also be the filename of a ruleset. Spam Subject Text = {Spam? Score _SCORE_} -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Wed Feb 28 01:59:09 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Feb 28 01:04:25 2007 Subject: URIBL False Positives In-Reply-To: <45E4C7CB.3050305@chapman.edu> References: <45E4C7CB.3050305@chapman.edu> Message-ID: <00cd01c75ad3$a7768470$f6638d50$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jay Chandler > Sent: Tuesday, February 27, 2007 7:08 PM > To: MailScanner discussion > Subject: URIBL False Positives > > I've gotten a few false positives on URIBL_BLACK. I've checked every > URL in the message, and it's NOT listed. What should my next > troubleshooting step be? > > -- Jay Jay, That list is a little aggressive. We have some customers who can take it - and some who have turned it off. Best regards, Steve Steve Swaney steve@fsl.com From res at ausics.net Wed Feb 28 02:08:13 2007 From: res at ausics.net (Res) Date: Wed Feb 28 01:13:47 2007 Subject: Message Too Large In-Reply-To: References: <45E48D8D.1020700@chapman.edu> Message-ID: On Wed, 28 Feb 2007, Hugo van der Kooij wrote: >> My settings Max Spam Check Size = 11000000 > > So you scan anything up to 11 MB for SPAM? Frankly I have never seens SPAM > over 100kB in size. Several of us have seen them up to 2 MB, I set 11MB because sendmail will reject anything over 10MB, thereby ensuring it will scan everything. Don't kid yourself, these low life scumbag privacy invading maggots frequent this list, either members, or regulary use the archives, not only ours, but all mediums involving all software to stop them, how else do you think they try keep up with us trying to keep one step ahead of them :) As soon as you say 100kb size limit, they will ensure there crud exceeds this size, we've seen enough of it months ago to warrant stopping the "above this is not going to be spam" checks. It costs spammers nothing, because its not their personal links they use, its all the winblows infected pc's they sieze control of. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From steve.swaney at fsl.com Wed Feb 28 02:09:27 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Feb 28 01:14:38 2007 Subject: PayPal or some other form of on-line donation for a "get well" gift for Julian? -- Tim Chown? In-Reply-To: <45E4C40A.7050908@enitech.com.au> References: <20070226163637.GC29278@login.ecs.soton.ac.uk><65234743FE1555428435CE39E6AC4078B38D40@CHI-US-EXCH-01.us.kmz.com> <2BE78592B3B1824F97A2685E96221F6234EB3C@mail.snj.mb.ca> <45E4C40A.7050908@enitech.com.au> Message-ID: <00d001c75ad5$17ca0d40$475e27c0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Peter Russell > Sent: Tuesday, February 27, 2007 6:52 PM > To: MailScanner discussion > Subject: Re: PayPal or some other form of on-line donation for a "get > well" gift for Julian? -- Tim Chown? > > count me in > > Quintin Giesbrecht wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > > Sent: Tuesday, February 27, 2007 8:32 AM > > To: MailScanner discussion > > Subject: Re: PayPal or some other form of on-line donation for a "get > > well" gift for Julian? -- Tim Chown? > > > > On Tue, 27 Feb 2007, Duncan, Brian M. wrote: > > > >> > >> I have no idea how the stuff like this works, but if someone closer > to > > > >> Julian than any of us (Tim Chown?) > >> > >> Could organize a method to donate on-line to a "get well" gift for > >> Julian, it would be a nice gesture to Julian to show him we are all > >> thinking about him and wish him a speedy recovery. > >> > > > > I completely support this idea > > > > __________________________________________________________ > > > > I support this idea as well! > > > > Quintin Giesbrecht > > IT Manager > > ----- If you just have to send cash, just use PayPal and send the dough to paypal@fsl.com and mark the payment "Well deserved loot for Julian". We'll get the cash to Julian. Trust me `:] Now if I can just figure out some way to sneak his favorite Chablis into the hospital, I'm sure he'll recover a lot faster. Steve Steve Steve Swaney steve@fsl.com From gregk at infosecsolutions.com.au Wed Feb 28 02:30:53 2007 From: gregk at infosecsolutions.com.au (Greg Krzeszkowski) Date: Wed Feb 28 01:36:24 2007 Subject: email receives 'Message is too big for spam checks' and disappears Message-ID: <59fa88fc4f5ad876d1ab7f0280238d92@infosecsolutions.com.au> Hi, I've got a situation where a particular email is being logged as too big for spam checks and then isn't delivered to the user, isn't quarantined, isn't forwarded to my spam collector and no further log entries exist. What troubleshooting steps should I be taking? I'm running 4.58-9 (installed yesterday!) log entries are as below: Feb 27 15:09:04 localhost sendmail[9634]: l1R48jIp009634: from=, size=587818, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=[192.168.1.254] Feb 27 15:09:04 localhost sendmail[9634]: l1R48jIp009634: to=, delay=00:00:15, mailer=smtp, pri=617818, stat=queued Feb 27 15:09:06 localhost MailScanner[30332]: New Batch: Found 232 messages waiting Feb 27 15:09:06 localhost MailScanner[30332]: New Batch: Scanning 1 messages, 588341 bytes Feb 27 15:09:06 localhost MailScanner[30332]: Spam Checks: Starting Feb 27 15:09:06 localhost MailScanner[30332]: Message l1R48jIp009634 from 192.168.1.254 (removed) to removed is too big for spam checks (588341 > 150000 bytes) From email at ace.net.au Wed Feb 28 03:07:25 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 28 02:11:38 2007 Subject: Message Too Large In-Reply-To: References: <45E48D8D.1020700@chapman.edu> Message-ID: <200702281237250885.2DE045F2@smtp1.ace.net.au> On 28/02/2007 at 12:15 AM Hugo van der Kooij wrote: >So you scan anything up to 11 MB for SPAM? Frankly I have never seens SPAM >over 100kB in size. > >Hugo. We are seeing spam from China including pdf's etc which can get quite large. Peter From subscriptions at burakueda.com Wed Feb 28 03:08:22 2007 From: subscriptions at burakueda.com (Burak Ueda) Date: Wed Feb 28 02:14:05 2007 Subject: Julian Field in hospital In-Reply-To: <20070227224833.GC6003@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070227224833.GC6003@login.ecs.soton.ac.uk> Message-ID: <45E4E416.1070900@burakueda.com> Altough I am very new to this list, I am a long time user of MailScanner. I always thought that there is a big organization or company behind this wonderful application. Now I know a brilliant individual is behind all of this. I don't know him much, but I hope he will be with us soon, and give me a chance to know him better :D Best wishes from Japan (and Turkey..) Ganbatte!.. Jules!... Tim Chown wrote: > Hi, > > Thanks everyone for their kind words. We're saving messages and will > be sure to pass them to Jules as and when he can appreciate them. I'm > sure his parents who are at his bedside will also be very grateful for > all the good wishes from around the world. > > I visited the hospital today. Jules is still in a very critical > condition, though in the last 24 hours he has not had any setbacks and > has had his drug level reduced slightly. > > We'll also make a contact point public for cards, etc as soon as it's > practical to deliver them to him. > > I'll keep updates flowing and will check the list daily to save out the > messages for him. > > Thanks again, > > From subscriptions at burakueda.com Wed Feb 28 03:12:27 2007 From: subscriptions at burakueda.com (Burak Ueda) Date: Wed Feb 28 02:18:02 2007 Subject: Julian Field in hospital In-Reply-To: <20070227224833.GC6003@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070227224833.GC6003@login.ecs.soton.ac.uk> Message-ID: <45E4E50B.90808@burakueda.com> Although I am very new to this list, I am a long time user of MailScanner. I always thought that there is a big organization or company behind this wonderful application. Now I know a brilliant individual is behind all of this. I don't know him much, but I hope he will be with us soon, and give me a chance to know him better :D Best wishes from Japan (and Turkey..) Ganbatte!.. Jules!... Tim Chown wrote: > Hi, > > Thanks everyone for their kind words. We're saving messages and will > be sure to pass them to Jules as and when he can appreciate them. I'm > sure his parents who are at his bedside will also be very grateful for > all the good wishes from around the world. > > I visited the hospital today. Jules is still in a very critical > condition, though in the last 24 hours he has not had any setbacks and > has had his drug level reduced slightly. > > We'll also make a contact point public for cards, etc as soon as it's > practical to deliver them to him. > > I'll keep updates flowing and will check the list daily to save out the > messages for him. > > Thanks again, > > From email at ace.net.au Wed Feb 28 03:16:27 2007 From: email at ace.net.au (Peter Nitschke) Date: Wed Feb 28 02:20:10 2007 Subject: Quick question: Prepending subject In-Reply-To: <25a66d840702271631r1fb90b6crfdfa0e4228e0a605@mail.gmail.com> References: <25a66d840702271631r1fb90b6crfdfa0e4228e0a605@mail.gmail.com> Message-ID: <200702281246270884.2DE88B22@smtp1.ace.net.au> Have you read right through the config file? There is a whole setion titled "Changes to the subject: line" Peter *********** REPLY SEPARATOR *********** On 27/02/2007 at 7:31 PM am.lists wrote: >Currently, my low score is store/notify. I want to change it to >store/deliver/prepend the subject with [spam?]. > >But prepending the subject doesn't seem to be a valid "Spam Action" >setting. > >SA can do this, but that seems to be ignored when SA is invoked from MS. > >What am I missing? > >Angelo >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From res at ausics.net Wed Feb 28 03:17:21 2007 From: res at ausics.net (Res) Date: Wed Feb 28 02:22:54 2007 Subject: email receives 'Message is too big for spam checks' and disappears In-Reply-To: <59fa88fc4f5ad876d1ab7f0280238d92@infosecsolutions.com.au> References: <59fa88fc4f5ad876d1ab7f0280238d92@infosecsolutions.com.au> Message-ID: Hi, On Wed, 28 Feb 2007, Greg Krzeszkowski wrote: > Hi, > > I've got a situation where a particular email is being logged as too big for spam checks and then isn't delivered to the user, isn't quarantined, isn't forwarded to my spam collector and no further log entries exist. What troubleshooting steps should I be taking? > > I'm running 4.58-9 (installed yesterday!) > Is this any message over size limit?, or just one type? whats the attachment type? If you clear you MS queue, stop MailScanner, keep sendmail running, then mail yourself the mail, then run ./MailScanner --lint Try making that a lot higher, most spammers defeat it, so try 5000000 at least. -- Cheers Res "We can be Heroes, just for one day" - Davey (Jones) Bowie From sujithem at cdacb.ernet.in Wed Feb 28 03:57:52 2007 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 28 03:03:26 2007 Subject: Julian Field in hospital In-Reply-To: <45E4E50B.90808@burakueda.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070227224833.GC6003@login.ecs.soton.ac.uk> <45E4E50B.90808@burakueda.com> Message-ID: <1d1e72700702271857p75f49315yffeea52f85930ca1@mail.gmail.com> Get Well soon wishes India. ~ Sujith Emmanuel From sujithem at cdacb.ernet.in Wed Feb 28 03:59:28 2007 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 28 03:04:58 2007 Subject: Julian Field in hospital In-Reply-To: <1d1e72700702271857p75f49315yffeea52f85930ca1@mail.gmail.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070227224833.GC6003@login.ecs.soton.ac.uk> <45E4E50B.90808@burakueda.com> <1d1e72700702271857p75f49315yffeea52f85930ca1@mail.gmail.com> Message-ID: <1d1e72700702271859m22ea09cex219ecca90b5ce6f4@mail.gmail.com> Hi, that was get well soon wishes from India. :-) On 2/28/07, Sujith Emmanuel wrote: > Get Well soon wishes India. > > ~ Sujith Emmanuel > From markee at bandwidthco.com Wed Feb 28 04:03:31 2007 From: markee at bandwidthco.com (markee) Date: Wed Feb 28 03:11:39 2007 Subject: PayPal or some other form of on-line donation for a "get well"gift for Julian? -- Tim Chown? In-Reply-To: <65234743FE1555428435CE39E6AC4078B38D41@CHI-US-EXCH-01.us.kmz.com> Message-ID: <006b01c75ae5$06efadd0$0300a8c0@bandwidthco.com> I agree Brian. We need to do something very very special. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, Brian M. Sent: Tuesday, February 27, 2007 6:50 AM To: MailScanner discussion Subject: RE: PayPal or some other form of on-line donation for a "get well"gift for Julian? -- Tim Chown? I have already donated to the project in the past. I am talking about something specific to this situation. Something we all do/get together. I know we could all dump some cash in the MailScanner donation page, I figured something specific to this situation would be more personal and heartfelt. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Richard Siddall > Sent: Tuesday, February 27, 2007 8:28 AM > To: MailScanner discussion > Subject: Re: PayPal or some other form of on-line donation > for a "get well" gift for Julian? -- Tim Chown? > > Duncan, Brian M. wrote: > > I have no idea how the stuff like this works, but if > someone closer to > > Julian than any of us (Tim Chown?) > > > > Could organize a method to donate on-line to a "get well" gift for > > Julian, it would be a nice gesture to Julian to show him we are all > > thinking about him and wish him a speedy recovery. > > > > I have no idea what the rules are with Pay Pal, just an idea. > > > > Get well Julian! > > I would think the standard MailScanner donation page would work: > http://www.mailscanner.info/donate.html > > It's probably set up as a business account, so Julian will > lose about 2% of everything you donate, but at least it's up > and working. > > There's also his Amazon wish list on the same page... > > Regards, > > Richard. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From r.berber at computer.org Wed Feb 28 04:22:57 2007 From: r.berber at computer.org (=?UTF-8?B?UmVuw6kgQmVyYmVy?=) Date: Wed Feb 28 03:28:56 2007 Subject: email receives 'Message is too big for spam checks' and disappears In-Reply-To: <59fa88fc4f5ad876d1ab7f0280238d92@infosecsolutions.com.au> References: <59fa88fc4f5ad876d1ab7f0280238d92@infosecsolutions.com.au> Message-ID: Greg Krzeszkowski wrote: > I've got a situation where a particular email is being logged as too big for > spam checks and then isn't delivered to the user, isn't quarantined, isn't > forwarded to my spam collector and no further log entries exist. What > troubleshooting steps should I be taking? > > I'm running 4.58-9 (installed yesterday!) > > log entries are as below: > [snip] > 15:09:06 localhost MailScanner[30332]: Spam Checks: Starting Feb 27 15:09:06 > localhost MailScanner[30332]: Message l1R48jIp009634 from 192.168.1.254 > (removed) to removed is too big for spam checks (588341 > 150000 bytes) --^^^^^^^^^ That _removed_ should be clear enough, is what you have in your configuration. -- Ren? Berber From am.lists at gmail.com Wed Feb 28 04:24:53 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 28 03:30:20 2007 Subject: Quick question: Prepending subject In-Reply-To: <200702281246270884.2DE88B22@smtp1.ace.net.au> References: <25a66d840702271631r1fb90b6crfdfa0e4228e0a605@mail.gmail.com> <200702281246270884.2DE88B22@smtp1.ace.net.au> Message-ID: <25a66d840702271924m4cfb9a38v5a4e8c8b80d4f390@mail.gmail.com> On 2/27/07, Peter Nitschke wrote: > Have you read right through the config file? Groan. I was burned by vi and case sensitivity. /subject <> /Subject Thanks.... Now, I'm off to go smacking myself in the head. From eaperezh at gmail.com Wed Feb 28 05:08:56 2007 From: eaperezh at gmail.com (Erick Perez) Date: Wed Feb 28 04:14:23 2007 Subject: Besides clamav what other AV for MS Message-ID: I use clamav+MS in a small business. Besides clamav, what other AV engine that is also free can i use in a business? I see bitdefender has a free scanner but is targeted at home use. -- ------------------------------------------------------------ Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ------------------------------------------------------------ From alex at nkpanama.com Wed Feb 28 05:14:09 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 28 04:20:24 2007 Subject: PayPal or some other form of on-line donation for a "get well"gift for Julian? -- Tim Chown? In-Reply-To: <006b01c75ae5$06efadd0$0300a8c0@bandwidthco.com> References: <006b01c75ae5$06efadd0$0300a8c0@bandwidthco.com> Message-ID: <45E50191.2050702@nkpanama.com> How about postcards/get well cards from all around the world? Maybe a short video snippet saying "get well" and "thanks" from everybody? markee wrote: > > I agree Brian. We need to do something very very special. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Duncan, > Brian M. > Sent: Tuesday, February 27, 2007 6:50 AM > To: MailScanner discussion > Subject: RE: PayPal or some other form of on-line donation for a "get > well"gift for Julian? -- Tim Chown? > > > I have already donated to the project in the past. > > I am talking about something specific to this situation. > > Something we all do/get together. > > > I know we could all dump some cash in the MailScanner donation page, I > figured something specific to this situation would be more personal and > heartfelt. > > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> > > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> > > >> Of Richard Siddall >> Sent: Tuesday, February 27, 2007 8:28 AM >> To: MailScanner discussion >> Subject: Re: PayPal or some other form of on-line donation >> > > >> for a "get well" gift for Julian? -- Tim Chown? >> >> > > >> Duncan, Brian M. wrote: >> >>> I have no idea how the stuff like this works, but if >>> > > >> someone closer to >> > > >>> Julian than any of us (Tim Chown?) >>> >>> > > >>> Could organize a method to donate on-line to a "get well" gift for >>> > > >>> Julian, it would be a nice gesture to Julian to show him we are all >>> > > >>> thinking about him and wish him a speedy recovery. >>> >>> > > >>> I have no idea what the rules are with Pay Pal, just an idea. >>> >>> > > >>> Get well Julian! >>> > > >> I would think the standard MailScanner donation page would work: >> > > >> http://www.mailscanner.info/donate.html >> >> > > >> It's probably set up as a business account, so Julian will >> > > >> lose about 2% of everything you donate, but at least it's up >> > > >> and working. >> >> > > >> There's also his Amazon wish list on the same page... >> >> > > >> Regards, >> >> > > >> Richard. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > >> Before posting, read http://wiki.mailscanner.info/posting >> >> > > >> Support MailScanner development - buy the book off the website! >> > > > > > =========================================================== > CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before > the Internal Revenue Service, any tax advice contained herein is not > intended or written to be used and cannot be used by a taxpayer for the > purpose of avoiding tax penalties that may be imposed on the taxpayer. > =========================================================== > CONFIDENTIALITY NOTICE: > This electronic mail message and any attached files contain information > intended for the exclusive use of the individual or entity to whom it is > addressed and may contain information that is proprietary, privileged, > confidential and/or exempt from disclosure under applicable law. If you are > not the intended recipient, you are hereby notified that any viewing, > copying, disclosure or distribution of this information may be subject to > legal restriction or sanction. Please notify the sender, by electronic mail > or telephone, of any unintended recipients and delete the original message > without making any copies. > =========================================================== > NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability > partnership that has elected to be governed by the Illinois Uniform > Partnership Act (1997). > =========================================================== > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ######################################################## > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > postmaster@bandwidthco.com > MailScanner at Bandwidthco Computer Security is for your absolute > protection. > ######################################################## > > > > > ######################################################## > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > postmaster@bandwidthco.com > MailScanner at Bandwidthco Computer Security is for your absolute protection. > ######################################################## > > From ka at pacific.net Wed Feb 28 05:20:49 2007 From: ka at pacific.net (Ken) Date: Wed Feb 28 04:26:18 2007 Subject: PayPal or some other form of on-line donation for a "get well"gift for Julian? -- Tim Chown? In-Reply-To: <006b01c75ae5$06efadd0$0300a8c0@bandwidthco.com> References: <006b01c75ae5$06efadd0$0300a8c0@bandwidthco.com> Message-ID: <45E50321.6010704@pacific.net> markee wrote: > > I agree Brian. We need to do something very very special. > There was a message posted by Steve Freegard of FSL with several good suggestions for options for donations, including a special paypal designation. I believe Tim has said he will keep the list informed of Julian's condition. I'm praying. That is very very special. Ken A. Pacific.Net From gregk at infosecsolutions.com.au Wed Feb 28 05:22:19 2007 From: gregk at infosecsolutions.com.au (Greg Krzeszkowski) Date: Wed Feb 28 04:27:48 2007 Subject: email receives 'Message is too big for spam checks' anddisappears Message-ID: <6d5cdabc0e7234466b1ddafa2fa68e17@infosecsolutions.com.au> > Greg Krzeszkowski wrote: > > > I've got a situation where a particular email is being logged as too big for > > spam checks and then isn't delivered to the user, isn't quarantined, isn't > > forwarded to my spam collector and no further log entries exist. What > > troubleshooting steps should I be taking? > > > > I'm running 4.58-9 (installed yesterday!) > > > > log entries are as below: > > > [snip] > > 15:09:06 localhost MailScanner[30332]: Spam Checks: Starting Feb 27 15:09:06 > > localhost MailScanner[30332]: Message l1R48jIp009634 from 192.168.1.254 > > (removed) to removed is too big for spam checks (588341 > 150000 bytes) > --^^^^^^^^^ > That _removed_ should be clear enough, is what you have in your configuration. > -- > Ren? Berber I put that text in to obfuscate the email address info... it actually was (sender_email_address) to recipient_domain > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From itdept at fractalweb.com Wed Feb 28 05:49:11 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 28 04:55:39 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E509C7.8020803@fractalweb.com> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > Julian, Our thoughts and prayers are with you for a speedy recovery. Chris From hvdkooij at vanderkooij.org Wed Feb 28 07:26:40 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Feb 28 06:32:12 2007 Subject: URIBL False Positives In-Reply-To: <00cd01c75ad3$a7768470$f6638d50$@swaney@fsl.com> References: <45E4C7CB.3050305@chapman.edu> <00cd01c75ad3$a7768470$f6638d50$@swaney@fsl.com> Message-ID: On Tue, 27 Feb 2007, Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jay Chandler >> Sent: Tuesday, February 27, 2007 7:08 PM >> To: MailScanner discussion >> Subject: URIBL False Positives >> >> I've gotten a few false positives on URIBL_BLACK. I've checked every >> URL in the message, and it's NOT listed. What should my next >> troubleshooting step be? > > That list is a little aggressive. We have some customers who can take it - > and some who have turned it off. In my view the list is not aggresive enough. If you have repeated spam with URL's listed of dubious sites and they are still rejected then I think they are rather conservative. But I think the point is that no URL in the message is recognized on the site. Jay: How much time was there between the message and your verification? I can image some entries have been on the blacklist for a while untill someone complains and they get transfered to another list. Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Wed Feb 28 07:36:34 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Feb 28 06:42:09 2007 Subject: Message Too Large In-Reply-To: <200702281237250885.2DE045F2@smtp1.ace.net.au> References: <45E48D8D.1020700@chapman.edu> <200702281237250885.2DE045F2@smtp1.ace.net.au> Message-ID: On Wed, 28 Feb 2007, Peter Nitschke wrote: > On 28/02/2007 at 12:15 AM Hugo van der Kooij wrote: > >> So you scan anything up to 11 MB for SPAM? Frankly I have never seens SPAM > >> over 100kB in size. > > We are seeing spam from China including pdf's etc which can get quite > large. It could be that other restricions always take care of those. I blacklist notorious networks that hit the greylist a lot and which can identified well enough. The first one was each sending machine with abo.wanadoo.fr that tried to do a direct connect. These wanadoo.fr users are supposed to use their ISP or forever hold their peace. I like to build my defense in depths using an aggresive forward defense strategy. In this regard all Dutch and Belgium connects get special attention so the ISP is notified at once on any spam event. Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From z at ziff.net Wed Feb 28 08:39:47 2007 From: z at ziff.net (Zivago Lee) Date: Wed Feb 28 07:45:51 2007 Subject: clamav and mailscanner In-Reply-To: <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> Message-ID: <1172648388.21763.0.camel@miyagip.ziff.net.> Hello, I've been noticing an issue with clamav and mailscanner. I can run clamscan just fine separately, however, in mailscanner, I get this error in debug mode: Feb 26 13:18:38 www MailScanner[2871]: Commencing scanning by clamav... Feb 26 13:18:38 www MailScanner[2871]: ERROR: Unable to open file or directory Feb 26 13:18:38 www MailScanner[2871]: Completed scanning by clamav Any ideas on what directories I need it to give permissions on? Thanks, Zivago -- Zivago Lee From glenn.steen at gmail.com Wed Feb 28 09:45:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 28 08:51:35 2007 Subject: Besides clamav what other AV for MS In-Reply-To: References: Message-ID: <223f97700702280045u4b66cfc0k338da9ef71043292@mail.gmail.com> On 28/02/07, Erick Perez wrote: > I use clamav+MS in a small business. Besides clamav, what other AV > engine that is also free can i use in a business? I see bitdefender > has a free scanner but is targeted at home use. > Although it isn't easy to find, one can probably still DL BitDefender commandline (bdc for short)... version 7.1... It is very usable in small to medium setups, but not that swell for the large to really large setups (number of messages/day being the defining factor... I've heard people being less than enthused by its CPU-hungry behaviour on systems handling 100k+200k/day). Other than that, no-cost options _for businesses_ is pretty scarce... There are some less expensive than others, but you generally get what you pay for (and in some cases you don't even get that). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 28 09:51:51 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 28 08:57:22 2007 Subject: Besides clamav what other AV for MS In-Reply-To: <223f97700702280045u4b66cfc0k338da9ef71043292@mail.gmail.com> References: <223f97700702280045u4b66cfc0k338da9ef71043292@mail.gmail.com> Message-ID: <223f97700702280051r355bc861k1addb3d6162018c7@mail.gmail.com> On 28/02/07, Glenn Steen wrote: (snip) > Although it isn't easy to find, one can probably still DL BitDefender Note to self: Check before you type... It's actually really easy to find (again... For a while one had to more or less know where on the ftp server it was situated, but not anymore:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 28 09:57:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 28 09:02:48 2007 Subject: email receives 'Message is too big for spam checks' anddisappears In-Reply-To: <6d5cdabc0e7234466b1ddafa2fa68e17@infosecsolutions.com.au> References: <6d5cdabc0e7234466b1ddafa2fa68e17@infosecsolutions.com.au> Message-ID: <223f97700702280057l2e3d2f4awd247bd9fc60111fe@mail.gmail.com> On 28/02/07, Greg Krzeszkowski wrote: > > Greg Krzeszkowski wrote: > > > > > I've got a situation where a particular email is being logged as too big for > > > spam checks and then isn't delivered to the user, isn't quarantined, isn't > > > forwarded to my spam collector and no further log entries exist. What > > > troubleshooting steps should I be taking? > > > > > > I'm running 4.58-9 (installed yesterday!) > > > > > > log entries are as below: > > > > > [snip] > > > 15:09:06 localhost MailScanner[30332]: Spam Checks: Starting Feb 27 15:09:06 > > > localhost MailScanner[30332]: Message l1R48jIp009634 from 192.168.1.254 > > > (removed) to removed is too big for spam checks (588341 > 150000 bytes) > > --^^^^^^^^^ > > That _removed_ should be clear enough, is what you have in your configuration. > > -- > > Ren? Berber > > > I put that text in to obfuscate the email address info... > > it actually was (sender_email_address) to recipient_domain Right, and it is nowhere visible in your incoming queue? As a stopgap/permanent solution, do as Res suggests. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 28 10:01:01 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 28 09:06:30 2007 Subject: clamav and mailscanner In-Reply-To: <1172648388.21763.0.camel@miyagip.ziff.net.> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> <1172648388.21763.0.camel@miyagip.ziff.net.> Message-ID: <223f97700702280101n12bc444cnf64420c1afc546d5@mail.gmail.com> On 28/02/07, Zivago Lee wrote: > Hello, > > I've been noticing an issue with clamav and mailscanner. I can run > clamscan just fine separately, however, in mailscanner, I get this error > in debug mode: > > Feb 26 13:18:38 www MailScanner[2871]: Commencing scanning by clamav... > Feb 26 13:18:38 www MailScanner[2871]: ERROR: Unable to open file or > directory > Feb 26 13:18:38 www MailScanner[2871]: Completed scanning by clamav > > Any ideas on what directories I need it to give permissions on? > > Thanks, > Zivago /Var/spool/MailScanner/incoming perhaps? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From zichovsky at trul.cz Wed Feb 28 10:19:44 2007 From: zichovsky at trul.cz (Pavel Zichovsky) Date: Wed Feb 28 09:25:25 2007 Subject: Julian Field in hospital In-Reply-To: <45E509C7.8020803@fractalweb.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E509C7.8020803@fractalweb.com> Message-ID: <001101c75b19$95ee7050$1701a8c0@NBZICHOVSKY2> Hi, Get well soon and all the best to Julian, the most outstanding person in community which i have recognized in last years, goes from Czech Republic: Vse nejlepsi a rychle se uzdrav, vsichni na tebe myslime. With regards Pavel Zichovsky (zichovsky@trul) From ebhoeve-ms at ehoeve.com Wed Feb 28 11:02:05 2007 From: ebhoeve-ms at ehoeve.com (Eric Hoeve) Date: Wed Feb 28 10:07:43 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <45E5531D.2060107@ehoeve.com> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > Best wishes from Wisconsin, USA. Wishing Julian a speedy and full recovery. -Eric From nauman at worldcall.net.pk Wed Feb 28 11:15:12 2007 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Wed Feb 28 10:22:01 2007 Subject: Julian Field in hospital References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E5531D.2060107@ehoeve.com> Message-ID: <008d01c75b21$55c1c880$23c051cb@ictnoc> > Tim Chown wrote: >> Hi, >> >> I work with Jules at the University of Southampton and sadly we have >> to report that he was admitted to hospital on Friday having been >> found collapsed at home. >> We'll let the list know of significant changes in his condition, and >> in due course where get well messages or cards can be sent. >> >> If someone here has permissions to post the message on to the mailscanner >> announce list, please do so. >> > > > Best wishes from Wisconsin, USA. Wishing Julian a speedy and full > recovery. > > -Eric Best wishes from Pakistan . Wishing Julian an even Better and enjoyable life ahead. M.Nauman Habib Network Engineer Cell : 0321-4311830 From matt at coders.co.uk Wed Feb 28 11:38:53 2007 From: matt at coders.co.uk (Matt Hampton) Date: Wed Feb 28 10:44:37 2007 Subject: Julian Field in hospital In-Reply-To: <008d01c75b21$55c1c880$23c051cb@ictnoc> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <45E5531D.2060107@ehoeve.com> <008d01c75b21$55c1c880$23c051cb@ictnoc> Message-ID: <45E55BBD.3020001@coders.co.uk> Tim Chown wrote: > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. Bets wishes to Jules. He's a good bloke - even though he works for ECS ;-) Matt (ex ISS) From liz at indract.freeserve.co.uk Wed Feb 28 11:52:39 2007 From: liz at indract.freeserve.co.uk (liz@indract.freeserve.co.uk) Date: Wed Feb 28 10:58:09 2007 Subject: Julian Field in hospital Message-ID: <8123477.79521172659959166.JavaMail.www@wwinf3102> So sorry to hear about this, Julian. You are in our thoughts and prayers and prayers have been requested at Walsingham for you. Get well soon! Fran Kent From gerard at seibercom.net Wed Feb 28 11:55:31 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Wed Feb 28 11:00:50 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: <20070228055010.4225.GERARD@seibercom.net> On Monday February 26, 2007 at 11:36:37 (AM) Tim Chown wrote: > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. I just heard about Julian being hospitalised. Obviously, I am deeply troubled to hear of this tragedy. I certainly hope for his speedy recovery. I was wondering if there was any announcement as to what his prognosis is and what caused his hospitalization? I am sorry if that has already been mentioned; however, this is the first time I have had a chance to read this thread. -- Gerard From prandal at herefordshire.gov.uk Wed Feb 28 12:11:38 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 28 11:17:54 2007 Subject: SpamAssassin 3.1.8 Message-ID: <79755AA4E018084793EE618A2731F24C02B32B@HC-MBX01.herefordshire.gov.uk> Scott Silva wrote: > Randal, Phil spake the following on 2/27/2007 12:17 PM: >> It's really easy to update using a slightly modified copy of Julian's >> install-Clam-0.88.7-SA-3.1.7.tar.gz. >> >> Unpack, drop Mail-SpamAssassin-3.1.8.tar.gz, clamav-0.90.tar.gz, and >> Mail-ClamAV-0.20.tar.gz into the perl-tar subdirectory. >> >> Then edit install.sh changing version numbers for ClamAV, >> Mail-ClamAV, and spamassassin. >> >> Then run install.sh and all's happy. If you haven't got >> Mail-ClamAV-0.20.tar.gz to hand, don't update Mail::ClamAV at this >> stage but install it from CPAN afterwards - >> >> perl -MCPAN -e shell >> install Mail::ClamAV >> quit > <> > I didn't say it was hard, I just wanted to give a little more back. And I certainly appreciate your efforts. I just wanted to knowledge-share with other users and get the full procedure in the list's archives. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From mailscanner at mckerrs.net Wed Feb 28 12:37:57 2007 From: mailscanner at mckerrs.net (Mailscanner Admin) Date: Wed Feb 28 11:43:40 2007 Subject: VPS servers In-Reply-To: <45E44E17.7010107@katy.com> References: <45E44E17.7010107@katy.com> Message-ID: <45E56995.2060702@mckerrs.net> John Schmerold wrote: > Anyone successfully using VPS servers for backup &/or primary > MailScanner gateway servers? I'm rather skeptical OTOH, the economics > are enticing. > > Shared experiences would be helpful. John, I have had great success running mailscanner in a openvz VPS. http://openvz.org I even managed to get the mailscanner VPS running in a DMZ even although the physical box is part of a LAN. If you are interested I'd be quite happy to share this information. Cheers, Brian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roger at rudnick.com.br Wed Feb 28 12:46:58 2007 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 28 11:52:39 2007 Subject: SpamAssassin 3.1.8 Clam install file References: <45E44827.5080901@trayerproducts.com> <45E44A50.3080005@sendit.nodak.edu> <55557.87.238.80.64.1172595372.squirrel@www.croombs.org> <45E49735.9080603@osubucks.org> Message-ID: <02b601c75b2e$276f0940$0600a8c0@roger> Thanks for the install-Clam-SA package. I just downloaded and installed it. It's all working fine... ----- Original Message ----- From: Chris Sweeney To: MailScanner discussion Sent: Tuesday, February 27, 2007 5:40 PM Subject: SpamAssassin 3.1.8 Clam install file If it helps I have posted it to one of my servers. http://www.cincitydevils.com/sweeney/install-Clam-0.90-SA-3.1.8.tar.gz Does anybody have some good links to file hosting sites? Places to put stuff like this. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070228/622d1f40/attachment.html From binaryflow at gmail.com Wed Feb 28 13:20:32 2007 From: binaryflow at gmail.com (Douglas Ward) Date: Wed Feb 28 12:26:02 2007 Subject: Julian Field in hospital In-Reply-To: <20070226163637.GC29278@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> Message-ID: Hi Julian, Best wishes from Raleigh, NC. We are praying for your recovery! Douglas Ward IT Director NC Methodist Conference On 2/26/07, Tim Chown wrote: > > Hi, > > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. > > Obviously there will not be any mailscanner development or maintenence > by Jules for the immediate future, but we hope everyone on this list > will join us in wishing him all the best towards a full recovery. > > We'll let the list know of significant changes in his condition, and > in due course where get well messages or cards can be sent. > > If someone here has permissions to post the message on to the mailscanner > announce list, please do so. > > -- > Tim > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070228/8fa8858b/attachment.html From glenn.steen at gmail.com Wed Feb 28 13:22:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 28 12:28:04 2007 Subject: Julian Field in hospital In-Reply-To: <20070228055010.4225.GERARD@seibercom.net> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070228055010.4225.GERARD@seibercom.net> Message-ID: <223f97700702280422v64b5250bm201cc25520e054d2@mail.gmail.com> On 28/02/07, Gerard Seibert wrote: > On Monday February 26, 2007 at 11:36:37 (AM) Tim Chown wrote: > > > I work with Jules at the University of Southampton and sadly we have > > to report that he was admitted to hospital on Friday having been > > found collapsed at home. > > > > He's currently in a critical condition in hospital, but is stable. > > I just heard about Julian being hospitalised. Obviously, I am deeply > troubled to hear of this tragedy. I certainly hope for his speedy > recovery. > > I was wondering if there was any announcement as to what his prognosis > is and what caused his hospitalization? I am sorry if that has already > been mentioned; however, this is the first time I have had a chance to > read this thread. > Hello Gerard, Tim has promised to keep us posted, and he/they will bring this thread (more or less) to him when he is in a state to appreciate it (hardcopy, of course). As to what ails Jules, we really don't know ... He has described his medical condition in this thread: http://comments.gmane.org/gmane.mail.virus.mailscanner/47823 ... But what exactly the current problems stem from (of all the serious problems he has), we can only guess. I'm full of trust that he is receiving the best possible medical care and attention, and hope he will be able to make as full a recovery as possible. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Wed Feb 28 13:51:23 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Feb 28 12:56:56 2007 Subject: Besides clamav what other AV for MS In-Reply-To: <223f97700702280045u4b66cfc0k338da9ef71043292@mail.gmail.com> References: <223f97700702280045u4b66cfc0k338da9ef71043292@mail.gmail.com> Message-ID: On Wed, 28 Feb 2007, Glenn Steen wrote: > On 28/02/07, Erick Perez wrote: >> I use clamav+MS in a small business. Besides clamav, what other AV >> engine that is also free can i use in a business? I see bitdefender >> has a free scanner but is targeted at home use. >> > Although it isn't easy to find, one can probably still DL BitDefender > commandline (bdc for short)... version 7.1... It is very usable in > small to medium setups, but not that swell for the large to really > large setups (number of messages/day being the defining factor... I've > heard people being less than enthused by its CPU-hungry behaviour on > systems handling 100k+200k/day). > Other than that, no-cost options _for businesses_ is pretty scarce... > There are some less expensive than others, but you generally get what > you pay for (and in some cases you don't even get that). If you known what you are doing there are about a dozen different scanners you can install and keep up2date with on Linux. Their qualities differ. As does the CPU impact. I guess I need to include timing details in my overview beside the scan results themselves. Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From root at doctor.nl2k.ab.ca Wed Feb 28 14:04:13 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Feb 28 13:12:42 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <79755AA4E018084793EE618A2731F24C02B32B@HC-MBX01.herefordshire.gov.uk> References: <79755AA4E018084793EE618A2731F24C02B32B@HC-MBX01.herefordshire.gov.uk> Message-ID: <20070228130412.GC235@doctor.nl2k.ab.ca> On Wed, Feb 28, 2007 at 11:11:38AM -0000, Randal, Phil wrote: > Scott Silva wrote: > > > Randal, Phil spake the following on 2/27/2007 12:17 PM: > >> It's really easy to update using a slightly modified copy of Julian's > >> install-Clam-0.88.7-SA-3.1.7.tar.gz. > >> > >> Unpack, drop Mail-SpamAssassin-3.1.8.tar.gz, clamav-0.90.tar.gz, and > >> Mail-ClamAV-0.20.tar.gz into the perl-tar subdirectory. > >> > >> Then edit install.sh changing version numbers for ClamAV, > >> Mail-ClamAV, and spamassassin. > >> > >> Then run install.sh and all's happy. If you haven't got > >> Mail-ClamAV-0.20.tar.gz to hand, don't update Mail::ClamAV at this > >> stage but install it from CPAN afterwards - > >> > >> perl -MCPAN -e shell > >> install Mail::ClamAV > >> quit > > <> > > > I didn't say it was hard, I just wanted to give a little more back. > > And I certainly appreciate your efforts. > > I just wanted to knowledge-share with other users and get the full > procedure in the list's archives. > > Cheers, > > Phil > Please stay with Clamav 0.88.7 . Clamav 0.90 is not properly open sourced IMHO. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From claude.gagne at multitech.qc.ca Wed Feb 28 14:13:29 2007 From: claude.gagne at multitech.qc.ca (=?UTF-8?B?Q2xhdWRlIEdhZ27DqQ==?=) Date: Wed Feb 28 13:17:00 2007 Subject: Julian Field in hospital In-Reply-To: <415ce93f601726719efc7811db9cd40a@62.49.223.244> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <415ce93f601726719efc7811db9cd40a@62.49.223.244> Message-ID: <45E57FF9.8070606@multitech.qc.ca> uxbod a ?crit : > No, the SPAM got Julian :( > > On a serious note Jules, I do hope you get better soon and I am sure that is a heart felt feeling from the whole community. > > Best wishes, > > UxBoD > > > Best wishes from Quebec, Canada ! From Andreas.Doerfler at kempten.de Wed Feb 28 14:12:55 2007 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Wed Feb 28 13:18:27 2007 Subject: SpamAssassin 3.1.8 Message-ID: any sources for this ? > > Please stay with Clamav 0.88.7 . Clamav 0.90 is not properly > open sourced IMHO. > From Andreas.Doerfler at kempten.de Wed Feb 28 14:20:56 2007 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Wed Feb 28 13:26:32 2007 Subject: Julian Field in hospital Message-ID: oh dear, i wish jul only the best. fight julian ! the community is with you greetings andy > I work with Jules at the University of Southampton and sadly we have > to report that he was admitted to hospital on Friday having been > found collapsed at home. > > He's currently in a critical condition in hospital, but is stable. From am.lists at gmail.com Wed Feb 28 14:21:56 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 28 13:27:25 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <20070228130412.GC235@doctor.nl2k.ab.ca> References: <79755AA4E018084793EE618A2731F24C02B32B@HC-MBX01.herefordshire.gov.uk> <20070228130412.GC235@doctor.nl2k.ab.ca> Message-ID: <25a66d840702280521sf9c8b53xf1f8069618942ba3@mail.gmail.com> On 2/28/07, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Please stay with Clamav 0.88.7 . Clamav 0.90 is not properly > open sourced IMHO. Umm... Are you suggesting that the license has changed between 0.88.7 --> 0.90 or are you just not 100% comfortable with the source code? Usually licenses aren't subject to opinion. I just checked the website and it still lists the product as GPL. Angelo From tjc at ecs.soton.ac.uk Wed Feb 28 14:36:10 2007 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Wed Feb 28 13:42:08 2007 Subject: Julian Field in hospital In-Reply-To: <223f97700702280422v64b5250bm201cc25520e054d2@mail.gmail.com> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070228055010.4225.GERARD@seibercom.net> <223f97700702280422v64b5250bm201cc25520e054d2@mail.gmail.com> Message-ID: <20070228133610.GM19530@login.ecs.soton.ac.uk> On Wed, Feb 28, 2007 at 01:22:30PM +0100, Glenn Steen wrote: > > Tim has promised to keep us posted, and he/they will bring this thread > (more or less) to him when he is in a state to appreciate it > (hardcopy, of course). > As to what ails Jules, we really don't know ... He has described his > medical condition in this thread: > http://comments.gmane.org/gmane.mail.virus.mailscanner/47823 ... But > what exactly the current problems stem from (of all the serious > problems he has), we can only guess. > I'm full of trust that he is receiving the best possible medical care > and attention, and hope he will be able to make as full a recovery as > possible. Hi all, I suspect Jules has deliberately played down his health issues because that's the sort of person he is. He'll do a fantastic job for everyone he works with and not complain. It's a long term condition of 10 years now, and one which has no name. The doctors can't just look it up in a text book. The thread above gives more detail than I ever could. On Thursday he was helped home feeling unwell. He came in Friday but again felt unwell so went home. He was then found by his cleaner who called the ambulance. I understand he had collapsed having suffered internal bleeding. Based on my visit yesterday, he'd had no new bleeding for 24 hours, and had made a very small improvement in that his drug level had been turned down, but he is being kept unconscious by the drugs. He's receiving the best possible care in the ICU. Regarding cards/gifts etc, let's please wait a little before doing anything. I'll make sure his very closest friends here discuss this with his parents to see what they would like, and I'll then pass that on to the list. And again, I will make sure that every message is passed on. They will mean a lot. -- Tim From pablo at lacnic.net Wed Feb 28 15:57:20 2007 From: pablo at lacnic.net (Pablo Allietti) Date: Wed Feb 28 13:56:24 2007 Subject: Julian Field in hospital In-Reply-To: <20070228133610.GM19530@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070228055010.4225.GERARD@seibercom.net> <223f97700702280422v64b5250bm201cc25520e054d2@mail.gmail.com> <20070228133610.GM19530@login.ecs.soton.ac.uk> Message-ID: <20070228145720.GB93814@micron.lacnic.net.uy> On Wed, Feb 28, 2007 at 01:36:10PM +0000, Tim Chown wrote: > On Wed, Feb 28, 2007 at 01:22:30PM +0100, Glenn Steen wrote: Thanks Tim for the Info. keep us inform please > > > > Tim has promised to keep us posted, and he/they will bring this thread > > (more or less) to him when he is in a state to appreciate it > > (hardcopy, of course). > > As to what ails Jules, we really don't know ... He has described his > > medical condition in this thread: > > http://comments.gmane.org/gmane.mail.virus.mailscanner/47823 ... But > > what exactly the current problems stem from (of all the serious > > problems he has), we can only guess. > > I'm full of trust that he is receiving the best possible medical care > > and attention, and hope he will be able to make as full a recovery as > > possible. > > Hi all, > > I suspect Jules has deliberately played down his health issues because > that's the sort of person he is. He'll do a fantastic job for everyone > he works with and not complain. > > It's a long term condition of 10 years now, and one which has no name. > The doctors can't just look it up in a text book. The thread above > gives more detail than I ever could. > > On Thursday he was helped home feeling unwell. He came in Friday but > again felt unwell so went home. He was then found by his cleaner > who called the ambulance. I understand he had collapsed having > suffered internal bleeding. > > Based on my visit yesterday, he'd had no new bleeding for 24 hours, and > had made a very small improvement in that his drug level had been turned > down, but he is being kept unconscious by the drugs. He's receiving > the best possible care in the ICU. > > Regarding cards/gifts etc, let's please wait a little before doing > anything. I'll make sure his very closest friends here discuss this with > his parents to see what they would like, and I'll then pass that on to > the list. > > And again, I will make sure that every message is passed on. They will > mean a lot. > > -- > Tim > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- .- Pablo Allietti E-mail: pablo@lacnic.net | LACNIC Phone : +598 2 6042222 | http://LACNIC.NET From am.lists at gmail.com Wed Feb 28 15:01:50 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 28 14:07:29 2007 Subject: Domain Keys Message-ID: <25a66d840702280601j2c8620a4j9118b3e0682c14ee@mail.gmail.com> If you're using them, are you giving hefty rewards for pass/verify or just penalties for failing? I currently am in "pilot" mode on DK, so my scores are +/- 0.001 for the tests, but I'm seeing stuff that should be spam showing up with the potential of being rewarded for being a legitimate company and knowing how to put a DK signature on mails. Has anyone else had any experience on this? I guess it sorta comes back to what we want our policy to be on this sort of thing. Angelo From matt at coders.co.uk Wed Feb 28 15:11:14 2007 From: matt at coders.co.uk (Matt Hampton) Date: Wed Feb 28 14:16:54 2007 Subject: Julian Field in hospital Message-ID: <45E58D82.8060409@coders.co.uk> DAve said: > We need a world map with a push pin for every "Get Well Soon" I've > seen today... Folks - I have put a page up on my site with a ClustrMap (same as on the MailScanner home page so I thought it would be appropriate) http://www.bastionmail.co.uk/best-wishes-to-jules-field/ If you visit the link the ClustrMap will generate the map for us. If you want to leave you name and location as a comment feel free. Once Jules is better I'll get the graph printed and drop it over and to him. cheers Matt (I used to work with Jules and he was one of my supervisors when I was a student in Southampton!) From matt at coders.co.uk Wed Feb 28 15:12:38 2007 From: matt at coders.co.uk (Matt Hampton) Date: Wed Feb 28 14:18:13 2007 Subject: Julian Field in hospital In-Reply-To: <45E58D82.8060409@coders.co.uk> References: <45E58D82.8060409@coders.co.uk> Message-ID: <45E58DD6.3030503@coders.co.uk> Top posting and replying to myself (I must use postfix ;-) ) - I forgot to say that I'll get it framed etc..... matt Matt Hampton wrote: > Once Jules is better I'll get the graph printed and drop it over and to > him. From tjc at ecs.soton.ac.uk Wed Feb 28 15:26:04 2007 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Wed Feb 28 14:31:49 2007 Subject: PayPal or some other form of on-line donation for a "get well"gift for Julian? -- Tim Chown? In-Reply-To: <45E50321.6010704@pacific.net> References: <006b01c75ae5$06efadd0$0300a8c0@bandwidthco.com> <45E50321.6010704@pacific.net> Message-ID: <20070228142603.GN19530@login.ecs.soton.ac.uk> Hi, We'll make sure his parents are consulted for something that Jules would appreciate. One example might be a JustGiving page set up for the Ellen MacArthur Trust which Jules is a big supporter of, as that would let people leave messages as well as donate to a cause that Jules admires. But let's hold on doing anything 'formal' for a little while please. More news as and when we get it. Tim From dave.list at pixelhammer.com Wed Feb 28 15:46:00 2007 From: dave.list at pixelhammer.com (DAve) Date: Wed Feb 28 14:51:43 2007 Subject: Julian Field in hospital In-Reply-To: <45E58D82.8060409@coders.co.uk> References: <45E58D82.8060409@coders.co.uk> Message-ID: <45E595A8.30308@pixelhammer.com> Matt Hampton wrote: > DAve said: > > > We need a world map with a push pin for every "Get Well Soon" I've > > seen today... > > Folks - I have put a page up on my site with a ClustrMap (same as on the > MailScanner home page so I thought it would be appropriate) > > http://www.bastionmail.co.uk/best-wishes-to-jules-field/ > > If you visit the link the ClustrMap will generate the map for us. > > If you want to leave you name and location as a comment feel free. > > Once Jules is better I'll get the graph printed and drop it over and to > him. > Thank you, I wish I had thought of that. I hope you don't mind but I cross posted your clustermap URL to the SpamAssassin list as I have not seen any mention of Julian there. I would like to see that map lite up by the time Julian gets it. I think it is a good way to show both Julian and his family how far reaching his efforts are. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From matt at coders.co.uk Wed Feb 28 16:07:03 2007 From: matt at coders.co.uk (Matt Hampton) Date: Wed Feb 28 15:12:46 2007 Subject: Julian Field in hospital In-Reply-To: <45E595A8.30308@pixelhammer.com> References: <45E58D82.8060409@coders.co.uk> <45E595A8.30308@pixelhammer.com> Message-ID: <45E59A97.6010506@coders.co.uk> DAve wrote: > Thank you, I wish I had thought of that. Sudden flash of inspiration. > > I hope you don't mind but I cross posted your clustermap URL to the > SpamAssassin list as I have not seen any mention of Julian there. I saw! (and groaned - I've turned on wp-cache which has eased it a bit) - no problems though > I would like to see that map lite up by the time Julian gets it. I think > it is a good way to show both Julian and his family how far reaching his > efforts are. I am going to contact clustrmap and see if I can get a larger image generated when I get it printed. matt From z at ziff.net Wed Feb 28 16:52:31 2007 From: z at ziff.net (Zivago Lee) Date: Wed Feb 28 15:58:30 2007 Subject: clamav and mailscanner In-Reply-To: <223f97700702280101n12bc444cnf64420c1afc546d5@mail.gmail.com> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> <1172648388.21763.0.camel@miyagip.ziff.net.> <223f97700702280101n12bc444cnf64420c1afc546d5@mail.gmail.com> Message-ID: <1172677951.14411.2.camel@miyagip.ziff.net.> On Wed, 2007-02-28 at 10:01 +0100, Glenn Steen wrote: > On 28/02/07, Zivago Lee wrote: > > I've been noticing an issue with clamav and mailscanner. I can run > > clamscan just fine separately, however, in mailscanner, I get this error > > in debug mode: > > > > Feb 26 13:18:38 www MailScanner[2871]: Commencing scanning by clamav... > > Feb 26 13:18:38 www MailScanner[2871]: ERROR: Unable to open file or > > directory > > Feb 26 13:18:38 www MailScanner[2871]: Completed scanning by clamav > > Any ideas on what directories I need it to give permissions on? > > /Var/spool/MailScanner/incoming perhaps? Here are my current perms: drwx------ 4 postfix postfix 4096 Feb 28 07:49 incoming I don't think I changed anything recently besides updating clamav to 0.90. Are these the correct perms for this directory? I'm assuming that the postfix user is running clamscan so it shouldn't have any issues, correct? -- Zivago Lee From glenn.steen at gmail.com Wed Feb 28 17:06:47 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 28 16:12:40 2007 Subject: clamav and mailscanner In-Reply-To: <1172677951.14411.2.camel@miyagip.ziff.net.> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> <1172648388.21763.0.camel@miyagip.ziff.net.> <223f97700702280101n12bc444cnf64420c1afc546d5@mail.gmail.com> <1172677951.14411.2.camel@miyagip.ziff.net.> Message-ID: <223f97700702280806l4327b7c9jeabab6c737c5d2fa@mail.gmail.com> On 28/02/07, Zivago Lee wrote: > On Wed, 2007-02-28 at 10:01 +0100, Glenn Steen wrote: > > On 28/02/07, Zivago Lee wrote: > > > I've been noticing an issue with clamav and mailscanner. I can run > > > clamscan just fine separately, however, in mailscanner, I get this error > > > in debug mode: > > > > > > Feb 26 13:18:38 www MailScanner[2871]: Commencing scanning by clamav... > > > Feb 26 13:18:38 www MailScanner[2871]: ERROR: Unable to open file or > > > directory > > > Feb 26 13:18:38 www MailScanner[2871]: Completed scanning by clamav > > > Any ideas on what directories I need it to give permissions on? > > > > /Var/spool/MailScanner/incoming perhaps? > > Here are my current perms: > > drwx------ 4 postfix postfix 4096 Feb 28 07:49 incoming > > I don't think I changed anything recently besides updating clamav to > 0.90. Are these the correct perms for this directory? I'm assuming > that the postfix user is running clamscan so it shouldn't have any > issues, correct? > Try it as that user: su - postfix -s /bin/bash clamscan .... and perhaps try the wrapper too. Should show a more eloquent error, if any. When you call the wrapper, you should use the options as specified in SweepViruses.pm ... Something like /usr/lib/MailScanner/clamav-wrapper /usr/local -r --disable-summary --stdout . .... somewhere appropriate. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Kevin_Miller at ci.juneau.ak.us Wed Feb 28 17:22:12 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Feb 28 16:27:36 2007 Subject: Besides clamav what other AV for MS In-Reply-To: References: Message-ID: Erick Perez wrote: > I use clamav+MS in a small business. Besides clamav, what other AV > engine that is also free can i use in a business? I see bitdefender > has a free scanner but is targeted at home use. I've been using F-Secure in addition to bitdefender and clamav. It uses three different av engines; f-prot; kasperski, and some other one I can't recall at the moment. Not sure how they do that, but I've been quite happy with it. Gotta pay for it, of course, but it's a lot cheaper than the IT department cleaning up an outbreak! :-) Truth be told however, I see very few viruses hitting my MailScanner box. I reject an awful lot of emails at the MTA via greet-pause and recipient/sender checking. I suspect that many of what would be virus laden messages are thus squelched before they're allowed anywhere near my mail servers. That shouldn't be construed as a suggestion that anybody slacken their AV profile - I'm just curious to know what sort of virus hit rate others see... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ka at pacific.net Wed Feb 28 17:37:45 2007 From: ka at pacific.net (Ken A) Date: Wed Feb 28 16:39:15 2007 Subject: Julian Field in hospital In-Reply-To: <45E58DD6.3030503@coders.co.uk> References: <45E58D82.8060409@coders.co.uk> <45E58DD6.3030503@coders.co.uk> Message-ID: <45E5AFD9.5060403@pacific.net> Matt Hampton wrote: > Top posting and replying to myself (I must use postfix ;-) ) - I forgot > to say that I'll get it framed etc..... > > matt > > Matt Hampton wrote: > >> Once Jules is better I'll get the graph printed and drop it over and >> to him. Great idea Matt. Thanks, Ken A Pacific.Net From ssilva at sgvwater.com Wed Feb 28 17:51:31 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 28 16:57:29 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <20070228130412.GC235@doctor.nl2k.ab.ca> References: <79755AA4E018084793EE618A2731F24C02B32B@HC-MBX01.herefordshire.gov.uk> <20070228130412.GC235@doctor.nl2k.ab.ca> Message-ID: Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem spake the following on 2/28/2007 5:04 AM: > On Wed, Feb 28, 2007 at 11:11:38AM -0000, Randal, Phil wrote: >> Scott Silva wrote: >> >>> Randal, Phil spake the following on 2/27/2007 12:17 PM: >>>> It's really easy to update using a slightly modified copy of Julian's >>>> install-Clam-0.88.7-SA-3.1.7.tar.gz. >>>> >>>> Unpack, drop Mail-SpamAssassin-3.1.8.tar.gz, clamav-0.90.tar.gz, and >>>> Mail-ClamAV-0.20.tar.gz into the perl-tar subdirectory. >>>> >>>> Then edit install.sh changing version numbers for ClamAV, >>>> Mail-ClamAV, and spamassassin. >>>> >>>> Then run install.sh and all's happy. If you haven't got >>>> Mail-ClamAV-0.20.tar.gz to hand, don't update Mail::ClamAV at this >>>> stage but install it from CPAN afterwards - >>>> >>>> perl -MCPAN -e shell >>>> install Mail::ClamAV >>>> quit >>> <> >>> I didn't say it was hard, I just wanted to give a little more back. >> And I certainly appreciate your efforts. >> >> I just wanted to knowledge-share with other users and get the full >> procedure in the list's archives. >> >> Cheers, >> >> Phil >> > > Please stay with Clamav 0.88.7 . Clamav 0.90 is not properly > open sourced IMHO. > If you want 0.88.7 and spamassassin 3.18, you can get a tarball from the mailscanner site http://www.mailscanner.info/files/4/install-Clam-0.88.7-SA-3.1.8.tar.gz -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Feb 28 17:56:46 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 28 17:05:42 2007 Subject: New slanted imagespam Message-ID: I just got a new imagespam on my home account. The text is slanted at about 15 degrees, probably to attempt foiling ocr engines. I haven't got any on the main servers, so I guess they are getting caught, but was just curious if fuzzyocr was catching them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From sandrews at andrewscompanies.com Wed Feb 28 18:12:29 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed Feb 28 17:17:59 2007 Subject: New slanted imagespam References: Message-ID: <1964AAFBC212F742958F9275BF63DBB04B029D@winchester.andrewscompanies.com> Not currently catching them for us; one just got through. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Wednesday, February 28, 2007 11:57 AM To: mailscanner@lists.mailscanner.info Subject: New slanted imagespam I just got a new imagespam on my home account. The text is slanted at about 15 degrees, probably to attempt foiling ocr engines. I haven't got any on the main servers, so I guess they are getting caught, but was just curious if fuzzyocr was catching them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From am.lists at gmail.com Wed Feb 28 18:16:32 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 28 17:22:04 2007 Subject: New slanted imagespam In-Reply-To: References: Message-ID: <25a66d840702280916r6b7cf96fsa416239dd82cb93f@mail.gmail.com> I have one, but it was picked off before FOCR kicked in. :( If anyone wants the sample, I can provide it. (Duh, I almost attached it to this message!) Angelo On 2/28/07, Scott Silva wrote: > I just got a new imagespam on my home account. The text is slanted at about 15 > degrees, probably to attempt foiling ocr engines. I haven't got any on the > main servers, so I guess they are getting caught, but was just curious if > fuzzyocr was catching them. > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From luisj_ramos at yahoo.com Wed Feb 28 18:19:15 2007 From: luisj_ramos at yahoo.com (Luis Ramos) Date: Wed Feb 28 17:24:46 2007 Subject: Julian Field in hospital In-Reply-To: Message-ID: <325927.9917.qm@web38814.mail.mud.yahoo.com> Best wishes from San Juan , PR Julian. Get well soon! Luis Douglas Ward wrote: Hi Julian, Best wishes from Raleigh, NC. We are praying for your recovery! Douglas Ward IT Director NC Methodist Conference On 2/26/07, Tim Chown wrote: Hi, I work with Jules at the University of Southampton and sadly we have to report that he was admitted to hospital on Friday having been found collapsed at home. He's currently in a critical condition in hospital, but is stable. Obviously there will not be any mailscanner development or maintenence by Jules for the immediate future, but we hope everyone on this list will join us in wishing him all the best towards a full recovery. We'll let the list know of significant changes in his condition, and in due course where get well messages or cards can be sent. If someone here has permissions to post the message on to the mailscanner announce list, please do so. -- Tim -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070228/78f3cc54/attachment.html From waytotheweb at googlemail.com Wed Feb 28 18:27:28 2007 From: waytotheweb at googlemail.com (Sarah Trayser) Date: Wed Feb 28 17:32:59 2007 Subject: clamav and mailscanner In-Reply-To: <1172648388.21763.0.camel@miyagip.ziff.net.> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> <1172648388.21763.0.camel@miyagip.ziff.net.> Message-ID: On 28/02/07, Zivago Lee wrote: > Hello, > > I've been noticing an issue with clamav and mailscanner. I can run > clamscan just fine separately, however, in mailscanner, I get this error > in debug mode: > > Feb 26 13:18:38 www MailScanner[2871]: Commencing scanning by clamav... > Feb 26 13:18:38 www MailScanner[2871]: ERROR: Unable to open file or > directory > Feb 26 13:18:38 www MailScanner[2871]: Completed scanning by clamav > > Any ideas on what directories I need it to give permissions on? Check /usr/local/share/clamav/daily.inc. We've found several servers having problems after upgrading clamav to 0.90 and using clamavmodule. Seems like the new daily.inc directory has been created with the wrong permissions - it was 700 but I think needs to be 755 so that the mailscanner user can read it. -- Regards, Sarah Trayser Way to the Web Ltd Server Management Services: http://www.configserver.com Web Hosting: http://www.waytotheweb.com From am.lists at gmail.com Wed Feb 28 18:30:14 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 28 17:35:48 2007 Subject: New slanted imagespam In-Reply-To: <25a66d840702280916r6b7cf96fsa416239dd82cb93f@mail.gmail.com> References: <25a66d840702280916r6b7cf96fsa416239dd82cb93f@mail.gmail.com> Message-ID: <25a66d840702280930p33e9bd13xdf763dad729d206@mail.gmail.com> On 2/28/07, am. lists wrote: > I have one, but it was picked off before FOCR kicked in. :( > If anyone wants the sample, I can provide it. It's here for those interested in checking it out. http://tinyurl.com/3dvv2o /Angelo From z at ziff.net Wed Feb 28 18:59:14 2007 From: z at ziff.net (Zivago Lee) Date: Wed Feb 28 18:04:46 2007 Subject: clamav and mailscanner In-Reply-To: References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> <1172648388.21763.0.camel@miyagip.ziff.net.> Message-ID: <26942.209.104.55.7.1172685554.squirrel@mail.ziff.net> On 28/02/07, Zivago Lee wrote: > On Wed, 2007-02-28 at 10:01 +0100, Glenn Steen wrote: > > On 28/02/07, Zivago Lee wrote: > > > I've been noticing an issue with clamav and mailscanner. I can run > > > clamscan just fine separately, however, in mailscanner, I get this error > > > in debug mode: > > > > > > Feb 26 13:18:38 www MailScanner[2871]: Commencing scanning by clamav... > > > Feb 26 13:18:38 www MailScanner[2871]: ERROR: Unable to open file or > > > directory > > > Feb 26 13:18:38 www MailScanner[2871]: Completed scanning by clamav > > > Any ideas on what directories I need it to give permissions on? > > > > /Var/spool/MailScanner/incoming perhaps? > > Here are my current perms: > > drwx------ 4 postfix postfix 4096 Feb 28 07:49 incoming > > I don't think I changed anything recently besides updating clamav to > 0.90. Are these the correct perms for this directory? I'm assuming > that the postfix user is running clamscan so it shouldn't have any > issues, correct? > Try it as that user: su - postfix -s /bin/bash clamscan .... and perhaps try the wrapper too. Should show a more eloquent error, if any. When you call the wrapper, you should use the options as specified in SweepViruses.pm ... Something like /usr/lib/MailScanner/clamav-wrapper /usr/local -r --disable-summary --stdout . .... somewhere appropriate. Cheers -- -- Glenn > Check /usr/local/share/clamav/daily.inc. We've found several servers > having problems after upgrading clamav to 0.90 and using clamavmodule. > Seems like the new daily.inc directory has been created with the wrong > permissions - it was 700 but I think needs to be 755 so that the > mailscanner user can read it. > > -- > Regards, > Sarah Trayser Thanks Glenn and Sarah. Using Glenn's suggestion I got this: -sh-3.00$ clamscan LibClamAV Error: cli_loaddbdir(): Can't open directory /var/clamav/daily.inc ERROR: Unable to open file or directory So it looks like Sarah is correct. I did notice that I tried changing the /var/clamav/daily.inc directory to 755 before to get the clamavmodule to work but for some reason, it would change back to 700 after a day so I went back to using the normal clamav as it would still process mail. I'll try it again but it looks that you guys found the culprit. Thanks! Zivago -- Zivago Lee z@ziff.net From itdept at fractalweb.com Wed Feb 28 19:10:57 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 28 18:31:36 2007 Subject: Image spam Message-ID: <45E5C5B1.9080208@fractalweb.com> My impression is that pretty much anything that arrives with an attached GIF these days is image spam. Are you seeing much ham with an attached GIF? I suppose some people perhaps have their company logo attached to their emails, but would it be better if they just had the appropriate code in their signature to pull the company logo image from their website? I would love to do something...anything...to thwart this damned image spam. It's tempting to just strip GIF files out of emails, but then the spam would likely start to arrive as a JPG or PNG. Eventually, we might have to go back to the good old days when email was plain text only. Ideas? From rob at robhq.com Wed Feb 28 19:42:15 2007 From: rob at robhq.com (rob) Date: Wed Feb 28 18:48:16 2007 Subject: Image spam In-Reply-To: <45E5C5B1.9080208@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> Message-ID: <20070228184030.M93684@robhq.com> On Wed, 28 Feb 2007 10:10:57 -0800, Chris Yuzik wrote > My impression is that pretty much anything that arrives with an attached > GIF these days is image spam. Are you seeing much ham with an attached GIF? > > I suppose some people perhaps have their company logo attached to their > emails, but would it be better if they just had the appropriate code in > their signature to pull the company logo image from their website? > > I would love to do something...anything...to thwart this damned image > spam. It's tempting to just strip GIF files out of emails, but then the > spam would likely start to arrive as a JPG or PNG. > > Eventually, we might have to go back to the good old days when email was > plain text only. > > Ideas? > We add a spam score to all 3 image attachments. At the begining we would get some false positives, but have whitelisted user's who are valid with these in their emails. Currently, we might get 1 false positive every other day with a user who has some kind of silly sig. From krgehlba at lexairinc.com Wed Feb 28 19:42:42 2007 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Wed Feb 28 18:48:18 2007 Subject: Image spam In-Reply-To: <45E5C5B1.9080208@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> Message-ID: <45E5CD22.3050206@lexairinc.com> Chris Yuzik wrote: > My impression is that pretty much anything that arrives with an > attached GIF these days is image spam. Are you seeing much ham with an > attached GIF? I see plenty of ham w/ attached gifs through one of my servers, but very little from others. Yet another example there being no one standard pattern for ham. > I suppose some people perhaps have their company logo attached to > their emails, but would it be better if they just had the appropriate > code in their signature to pull the company logo image from their > website? Hmm.... why exactly would this be preferable? We tend to set email clients not to permit the display non-attached images in html messages. Thunderbird and Squirrelmail, I believe, even do this by default. I've heard plenty of arguments against allowing email clients to go retrieve pictures, do you have arguments for it? > I would love to do something...anything...to thwart this damned image > spam. It's tempting to just strip GIF files out of emails, but then > the spam would likely start to arrive as a JPG or PNG. Do you use Fuzzy OCR? It's the only way I've found to really target image spam. Renee Gehlbach -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chandler.lists at chapman.edu Wed Feb 28 19:42:50 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 28 18:48:23 2007 Subject: URIBL False Positives In-Reply-To: References: <45E4C7CB.3050305@chapman.edu> <00cd01c75ad3$a7768470$f6638d50$@swaney@fsl.com> Message-ID: <45E5CD2A.6010509@chapman.edu> Hugo van der Kooij wrote: > On Tue, 27 Feb 2007, Stephen Swaney wrote: > >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Jay Chandler >>> Sent: Tuesday, February 27, 2007 7:08 PM >>> To: MailScanner discussion >>> Subject: URIBL False Positives >>> >>> I've gotten a few false positives on URIBL_BLACK. I've checked every >>> URL in the message, and it's NOT listed. What should my next >>> troubleshooting step be? >> >> That list is a little aggressive. We have some customers who can take >> it - >> and some who have turned it off. > > In my view the list is not aggresive enough. If you have repeated spam > with URL's listed of dubious sites and they are still rejected then I > think they are rather conservative. > > But I think the point is that no URL in the message is recognized on > the site. > > Jay: How much time was there between the message and your verification? > Less than 24 hours. This has happened a few times now-- I suspect it's an issue with my side, as a retest of the same message gets through just fine. I've been very happy with the URIBL blacklist, just not so happy with a message false positiving when every URI in the message is quite clean... From Richard.Frovarp at sendit.nodak.edu Wed Feb 28 19:52:32 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Feb 28 18:58:03 2007 Subject: URIBL False Positives In-Reply-To: <45E5CD2A.6010509@chapman.edu> References: <45E4C7CB.3050305@chapman.edu> <00cd01c75ad3$a7768470$f6638d50$@swaney@fsl.com> <45E5CD2A.6010509@chapman.edu> Message-ID: <45E5CF70.8020601@sendit.nodak.edu> Jay Chandler wrote: > Hugo van der Kooij wrote: >> On Tue, 27 Feb 2007, Stephen Swaney wrote: >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Jay Chandler >>>> Sent: Tuesday, February 27, 2007 7:08 PM >>>> To: MailScanner discussion >>>> Subject: URIBL False Positives >>>> >>>> I've gotten a few false positives on URIBL_BLACK. I've checked every >>>> URL in the message, and it's NOT listed. What should my next >>>> troubleshooting step be? >>> >>> That list is a little aggressive. We have some customers who can >>> take it - >>> and some who have turned it off. >> >> In my view the list is not aggresive enough. If you have repeated >> spam with URL's listed of dubious sites and they are still rejected >> then I think they are rather conservative. >> >> But I think the point is that no URL in the message is recognized on >> the site. >> >> Jay: How much time was there between the message and your verification? >> > > Less than 24 hours. This has happened a few times now-- I suspect > it's an issue with my side, as a retest of the same message gets > through just fine. I've been very happy with the URIBL blacklist, > just not so happy with a message false positiving when every URI in > the message is quite clean... > You're not using some sort of funky DNS provider? The name of the one that has caused problems in the past fails me at the moment. From glenn.steen at gmail.com Wed Feb 28 20:06:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 28 19:12:33 2007 Subject: clamav and mailscanner In-Reply-To: <26942.209.104.55.7.1172685554.squirrel@mail.ziff.net> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> <1172648388.21763.0.camel@miyagip.ziff.net.> <26942.209.104.55.7.1172685554.squirrel@mail.ziff.net> Message-ID: <223f97700702281106m3e6fdf70sef8c2701a725bc18@mail.gmail.com> On 28/02/07, Zivago Lee wrote: (snip) > > Check /usr/local/share/clamav/daily.inc. We've found several servers > > having problems after upgrading clamav to 0.90 and using clamavmodule. > > Seems like the new daily.inc directory has been created with the wrong > > permissions - it was 700 but I think needs to be 755 so that the > > mailscanner user can read it. > > > > -- > > Regards, > > Sarah Trayser > > Thanks Glenn and Sarah. Using Glenn's suggestion I got this: > > -sh-3.00$ clamscan > LibClamAV Error: cli_loaddbdir(): Can't open directory /var/clamav/daily.inc > ERROR: Unable to open file or directory > > So it looks like Sarah is correct. I did notice that I tried changing the > /var/clamav/daily.inc directory to 755 before to get the clamavmodule to > work but for some reason, it would change back to 700 after a day so I > went back to using the normal clamav as it would still process mail. I'll > try it again but it looks that you guys found the culprit. > Hm, this sounds like you have some form of "permissions/security" system running... Reminds me of the troubles one can get if running Mandriva at an elevated security level... The msec service will check/amend all "system" files permissions, so if one needs change them, one has to tell the security system too. I used to do just that with msec (not the best documented feature of Mandriva:-), but now I instead secure a "Standard level" by hand instead... that way system updates have very little chance of messing that particular thing up. Not knowing what OS you run Zivago, I/we can't be more specific than "look for a system like that, and 'fix it'":-). Might t even be ClamAV itself doing this? BTW, thanks Sarah for the (as it turns out) very correct suggestion. Cheers, -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From z at ziff.net Wed Feb 28 20:27:10 2007 From: z at ziff.net (Zivago Lee) Date: Wed Feb 28 19:32:42 2007 Subject: clamav and mailscanner In-Reply-To: <223f97700702281106m3e6fdf70sef8c2701a725bc18@mail.gmail.com> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com> <4106.209.104.55.7.1172525095.squirrel@mail.ziff.net> <1172648388.21763.0.camel@miyagip.ziff.net.> <26942.209.104.55.7.1172685554.squirrel@mail.ziff.net> <223f97700702281106m3e6fdf70sef8c2701a725bc18@mail.gmail.com> Message-ID: <22107.209.104.55.7.1172690830.squirrel@mail.ziff.net> > On 28/02/07, Zivago Lee wrote: > (snip) >> > Check /usr/local/share/clamav/daily.inc. We've found several servers >> > having problems after upgrading clamav to 0.90 and using clamavmodule. >> > Seems like the new daily.inc directory has been created with the wrong >> > permissions - it was 700 but I think needs to be 755 so that the >> > mailscanner user can read it. >> > >> Thanks Glenn and Sarah. Using Glenn's suggestion I got this: >> >> -sh-3.00$ clamscan >> LibClamAV Error: cli_loaddbdir(): Can't open directory >> /var/clamav/daily.inc >> ERROR: Unable to open file or directory >> >> So it looks like Sarah is correct. I did notice that I tried changing >> the >> /var/clamav/daily.inc directory to 755 before to get the clamavmodule to >> work but for some reason, it would change back to 700 after a day so I >> went back to using the normal clamav as it would still process mail. >> I'll >> try it again but it looks that you guys found the culprit. >> > Hm, this sounds like you have some form of "permissions/security" > system running... Reminds me of the troubles one can get if running > Mandriva at an elevated security level... The msec service will > check/amend all "system" files permissions, so if one needs change > them, one has to tell the security system too. > I used to do just that with msec (not the best documented feature of > Mandriva:-), but now I instead secure a "Standard level" by hand > instead... that way system updates have very little chance of messing > that particular thing up. > > Not knowing what OS you run Zivago, I/we can't be more specific than > "look for a system like that, and 'fix it'":-). > > Might t even be ClamAV itself doing this? I'm running centos4. I checked the cron.daily's freshclam, and it doesn't seem to be doing it (at least from quick glance at the script). I'm currently not running any tripwire-type of thing so it's pretty odd. I also ran freshclam manually and it didn't change the permissions, either. When I have more time, i'll look around more deeply and if I find anything useful, I will let you guys know... :) -- Zivago Lee z@ziff.net From jfagan at firstlightnetworks.com Wed Feb 28 20:43:43 2007 From: jfagan at firstlightnetworks.com (James Fagan) Date: Wed Feb 28 19:48:12 2007 Subject: clamav and mailscanner In-Reply-To: <22107.209.104.55.7.1172690830.squirrel@mail.ziff.net> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com><4106.209.104.55.7.1172525095.squirrel@mail.ziff.net><1172648388.21763.0.camel@miyagip.ziff.net.><26942.209.104.55.7.1172685554.squirrel@mail.ziff.net><223f97700702281106m3e6fdf70sef8c2701a725bc18@mail.gmail.com> <22107.209.104.55.7.1172690830.squirrel@mail.ziff.net> Message-ID: <59E4A3A1069C2640959AD0F7518C48122F08A0@FLN1.fln.local> > > Not knowing what OS you run Zivago, I/we can't be more specific than > > "look for a system like that, and 'fix it'":-). > > > > Might t even be ClamAV itself doing this? > > I'm running centos4. I checked the cron.daily's freshclam, and it doesn't > seem to be doing it (at least from quick glance at the script). I'm > currently not running any tripwire-type of thing so it's pretty odd. > > I also ran freshclam manually and it didn't change the permissions, > either. > > When I have more time, i'll look around more deeply and if I find anything > useful, I will let you guys know... :) > Could be selinux . I hate that thing. It can be dissabled/enabled untill reboot, or completely. From sandrews at andrewscompanies.com Wed Feb 28 20:46:09 2007 From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com) Date: Wed Feb 28 19:51:45 2007 Subject: New slanted imagespam References: <25a66d840702280916r6b7cf96fsa416239dd82cb93f@mail.gmail.com> <25a66d840702280930p33e9bd13xdf763dad729d206@mail.gmail.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B02A2@winchester.andrewscompanies.com> Our's was slanted all different directions and each had an outline box...similar concept though. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of am.lists Sent: Wednesday, February 28, 2007 12:30 PM To: MailScanner discussion Subject: Re: New slanted imagespam On 2/28/07, am. lists wrote: > I have one, but it was picked off before FOCR kicked in. :( If anyone > wants the sample, I can provide it. It's here for those interested in checking it out. http://tinyurl.com/3dvv2o /Angelo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From itdept at fractalweb.com Wed Feb 28 20:58:24 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 28 20:04:58 2007 Subject: Image spam In-Reply-To: <45E5CD22.3050206@lexairinc.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> Message-ID: <45E5DEE0.4090802@fractalweb.com> Renee Gehlbach wrote: > I see plenty of ham w/ attached gifs through one of my servers, but > very little from others. Yet another example there being no one > standard pattern for ham. > > Hmm.... why exactly would this be preferable? We tend to set email > clients not to permit the display non-attached images in html > messages. Thunderbird and Squirrelmail, I believe, even do this by > default. I've heard plenty of arguments against allowing email > clients to go retrieve pictures, do you have arguments for it? > > Do you use Fuzzy OCR? It's the only way I've found to really target > image spam. Renee, We are experimenting with Fuzzy OCR, and while in our tests it does catch some image spam, it's not doing very well with image spam where the image has background noise, slanted text, etc. I agree that having a link to an external image is not (necessarily) a good idea, and in fact can activate web-bugs and such on spam that does manage to get through. I find it interesting that Barracuda is advertising that they block "all image spam". Abaca is advertising they block 99% of all image spam. How are these guys achieving this success rate? Chris From edwardbruce at sbcglobal.net Wed Feb 28 21:08:58 2007 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Feb 28 20:14:29 2007 Subject: Image spam In-Reply-To: <45E5DEE0.4090802@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> Message-ID: <45E5E15A.40605@sbcglobal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Yuzik wrote: > Renee Gehlbach wrote: >> I see plenty of ham w/ attached gifs through one of my servers, but >> very little from others. Yet another example there being no one >> standard pattern for ham. >> >> Hmm.... why exactly would this be preferable? We tend to set email >> clients not to permit the display non-attached images in html >> messages. Thunderbird and Squirrelmail, I believe, even do this by >> default. I've heard plenty of arguments against allowing email >> clients to go retrieve pictures, do you have arguments for it? >> >> Do you use Fuzzy OCR? It's the only way I've found to really target >> image spam. > Renee, > > We are experimenting with Fuzzy OCR, and while in our tests it does > catch some image spam, it's not doing very well with image spam where > the image has background noise, slanted text, etc. > > I agree that having a link to an external image is not (necessarily) a > good idea, and in fact can activate web-bugs and such on spam that does > manage to get through. > > I find it interesting that Barracuda is advertising that they block "all > image spam". Abaca is advertising they block 99% of all image spam. How > are these guys achieving this success rate? > > Chris Do they have honey pots that collect this spam and then immediately update all their clients???? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5eFapdNaP9x3McgRAuucAJ4pJ/fguA0OeGwCBOdE1VUiCQ+21wCeIgst NqoinSj5vzjJs21zYjQH8pw= =3HIV -----END PGP SIGNATURE----- From am.lists at gmail.com Wed Feb 28 21:12:42 2007 From: am.lists at gmail.com (am.lists) Date: Wed Feb 28 20:18:14 2007 Subject: Image spam In-Reply-To: <45E5E15A.40605@sbcglobal.net> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <45E5E15A.40605@sbcglobal.net> Message-ID: <25a66d840702281212s71795bf2y1faf0791268a0392@mail.gmail.com> On 2/28/07, Ed Bruce wrote: > Do they have honey pots that collect this spam and then immediately > update all their clients???? Not sure, maybe. But from the image spam I've seen, the backgrounds do mutate. This is an easy way for them to avoid hash-based learning. From clacroix at cegep-ste-foy.qc.ca Wed Feb 28 21:14:26 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Feb 28 20:19:50 2007 Subject: Image spam In-Reply-To: <45E5DEE0.4090802@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> Message-ID: <200702281514.27007.clacroix@cegep-ste-foy.qc.ca> On Wednesday 28 February 2007 14:58, Chris Yuzik wrote: > Renee Gehlbach wrote: > > I see plenty of ham w/ attached gifs through one of my servers, but > > very little from others. Yet another example there being no one > > standard pattern for ham. > > > > Hmm.... why exactly would this be preferable? We tend to set email > > clients not to permit the display non-attached images in html > > messages. Thunderbird and Squirrelmail, I believe, even do this by > > default. I've heard plenty of arguments against allowing email > > clients to go retrieve pictures, do you have arguments for it? > > > > Do you use Fuzzy OCR? It's the only way I've found to really target > > image spam. > > Renee, > > We are experimenting with Fuzzy OCR, and while in our tests it does > catch some image spam, it's not doing very well with image spam where > the image has background noise, slanted text, etc. > > I agree that having a link to an external image is not (necessarily) a > good idea, and in fact can activate web-bugs and such on spam that does > manage to get through. > > I find it interesting that Barracuda is advertising that they block "all > image spam". Abaca is advertising they block 99% of all image spam. How > are these guys achieving this success rate? > > Chris Hi, I catch tones of image spam with Fuzzy OCR, which is ran just after Barracuda anti-spam firewall 400 is done with it's filtering. bottom line, we can't say "all" image spam On the other hand, the Fuzzy OCR has problem with some french image signatures where it detects about 15 keywords which aren't even into the image. I lowered the score so it doesn't hit so hard, and i also whitelisted the few individuals which this caused me problems. Charles From steve.swaney at fsl.com Wed Feb 28 21:25:29 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Feb 28 20:28:59 2007 Subject: Image spam In-Reply-To: <45E5DEE0.4090802@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> Message-ID: <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik > Sent: Wednesday, February 28, 2007 2:58 PM > To: MailScanner discussion > Subject: Re: Image spam > > Renee Gehlbach wrote: > > I see plenty of ham w/ attached gifs through one of my servers, but > > very little from others. Yet another example there being no one > > standard pattern for ham. > > > > Hmm.... why exactly would this be preferable? We tend to set email > > clients not to permit the display non-attached images in html > > messages. Thunderbird and Squirrelmail, I believe, even do this by > > default. I've heard plenty of arguments against allowing email > > clients to go retrieve pictures, do you have arguments for it? > > > > Do you use Fuzzy OCR? It's the only way I've found to really target > > image spam. > Renee, > > We are experimenting with Fuzzy OCR, and while in our tests it does > catch some image spam, it's not doing very well with image spam where > the image has background noise, slanted text, etc. > > I agree that having a link to an external image is not (necessarily) a > good idea, and in fact can activate web-bugs and such on spam that does > manage to get through. > > I find it interesting that Barracuda is advertising that they block > "all > image spam". Abaca is advertising they block 99% of all image spam. How > are these guys achieving this success rate? > > Chris They're probably not :) I know that Barracuda has exaggerated performance claims in the past. We're seeing almost no little image spam (none for the last week at least) getting through without using FuzzOCR (too much load). How - Just SpamAssassin with: SARE rule sets Milter-ahead (Snertsoft) Milter-link (Snertsoft) Razor DCC GreetPause Spamhaus (zen) BTW For those who use them, Anthony Howe has new releases (today) of many of his milters and the libsnert library now available at www.snertsoft.com Steve Steve Swaney Fort Systems Ltd. steve@fsl.com From itdept at fractalweb.com Wed Feb 28 21:14:16 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 28 20:32:19 2007 Subject: Image spam In-Reply-To: <45E5C5B1.9080208@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> Message-ID: <45E5E298.3000806@fractalweb.com> I'm reading in other forums that people are having luck catching image spam by scoring messages higher if they contain "Content-Type: multipart/related;" in the header. Apparently this seems to be a common attribute amongst the image spams, but apparently is quite rare in ham. Anyone have any thoughts on this? From chandler.lists at chapman.edu Wed Feb 28 21:32:02 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 28 20:37:44 2007 Subject: An example of a false positive URIBL Message-ID: <45E5E6C2.3090500@chapman.edu> -------- Original Message -------- Return-Path: X-Original-To: redacted@chapman.edu Delivered-To: redacted@chapman.edu Received: from lyris.collegeboard.com (water.lyris.net [64.62.197.96]) by aconcagua.chapman.edu (Postfix) with SMTP id C69244558F for ; Wed, 28 Feb 2007 11:01:41 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-r eply-to:mime-version:content-type:content-transfer-encoding:content-disposit ion:references; b=QExGWghop21XEtZTqgtuFVRltyiUyZckKYDp/rZAOsOfyrUflqDWOj/W4FKYwvsgc12VbC+l/U NyfNRfkOOYEm//bpUsyH3OUnOJzrkWf5nGst+RgHGfe5Qlp3mMKiPBHrr0xYOWlGpo5ZK7KxNLcq HFl8/6DJlxBfIaekVAjbs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content- type:content-transfer-encoding:content-disposition:references; b=qL8pqttk1PFL6wFgBgqVR4V0779wVQm4xVWCkmOoxX4QxiVx22ThT2LLu3pzKzM+H4H4DlpVkb WKuhMEmGelmrVUlQxJ3PdjhqqJiivIn/uXNkh5WSqEFhx8/FOJRfLSQohXvGrOEC9w6lHyFBPTLd eoJZaOTkGpVBI2sggEDL8= Message-ID: Date: Tue, 27 Feb 2007 18:47:27 -0600 From: "Jason Cordes" To: "AP Computer Science" Subject: *****SPAM***** Re: [ap-compsci] Default settings for JCreator In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Reply-To: "AP Computer Science" X-Chapman-MailScanner-Information: Please contact the ISP for more information X-Chapman-MailScanner: Found to be clean X-Chapman-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=8.346, required 6, BAYES_50 0.10, DATE_IN_PAST_12_24 1.25, FORGED_RCVD_HELO 0.14, HELO_MISMATCH_COM 0.55, HOST_MISMATCH_NET 0.31, URIBL_BLACK 6.00) X-Chapman-MailScanner-SpamScore: ssssssss X-Chapman-MailScanner-From: bounce-2822662-6082435@lyris.collegeboard.com X-Spam-Status: Yes -----Original Message----- From: Jason Cordes [mailto:cordes@gmail.com] Sent: Tuesday, February 27, 2007 4:47 PM To: AP Computer Science Subject: *****SPAM***** Re: [ap-compsci] Default settings for JCreator That isn't done by JCreator, that is done by Java. And really, they aren't public, they are "package" level access, which means anything in the same file (and possibly folder, I haven't tried recently) can access it. This is distinctly different from C++ class behavior which DOES default to private. If you are a C++ programmer, pretend that Java classes are actually struct, that might help :) On 2/26/07, Ron Ouwerkerk wrote: > Hi, > > When writing prorgams with JCreator LE, all instance variables seem to > default to public unless we explicitly state that they are private. Does > anyone know how to change the settings in JCreator so that the variables > default to private? > > Cheers, > Ron Ouwerkerk > Computer Science - ICT Department > St. George's School > > > > ==== > Course related websites: > http://apcentral.collegeboard.com/compscia > http://apcentral.collegeboard.com/compsciab > > --- > ap-compsci is an Electronic Discussion Group (EDG) of The College Board > TO CHANGE YOUR EMAIL ADDRESS, PASSWORD OR SETTINGS, go to > http://lyris.collegeboard.com/read/my_account/edit > To UNSUBSCRIBE click the unsubscribe button on your Forums page: > http://lyris.collegeboard.com/read/my_forums/ > -- Jason Cordes >>>>> http://www.frenzy.com/~jaebear --- http://mail.bryanisd.org/~jcordes <<<<< "I can't think of a job I'd rather do than computer programming. All day, you create patterns and structure out of the formless void, and you solve dozens of smaller puzzles along the way." Peter Van Der Linden "Expert C Programming: Deep C Secrets" ==== Course related websites: http://apcentral.collegeboard.com/compscia http://apcentral.collegeboard.com/compsciab --- ap-compsci is an Electronic Discussion Group (EDG) of The College Board TO CHANGE YOUR EMAIL ADDRESS, PASSWORD OR SETTINGS, go to http://lyris.collegeboard.com/read/my_account/edit To UNSUBSCRIBE click the unsubscribe button on your Forums page: http://lyris.collegeboard.com/read/my_forums/ From chandler.lists at chapman.edu Wed Feb 28 21:35:24 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 28 20:40:57 2007 Subject: URIBL False Positives In-Reply-To: <45E5CF70.8020601@sendit.nodak.edu> References: <45E4C7CB.3050305@chapman.edu> <00cd01c75ad3$a7768470$f6638d50$@swaney@fsl.com> <45E5CD2A.6010509@chapman.edu> <45E5CF70.8020601@sendit.nodak.edu> Message-ID: <45E5E78C.7060206@chapman.edu> Richard Frovarp wrote: > You're not using some sort of funky DNS provider? The name of the one > that has caused problems in the past fails me at the moment. We run our own DNS here-- chapman.edu. Our upstream provider is Cogent... And none of the other blacklists are FPing to my knowledge... --J From martinh at solidstatelogic.com Wed Feb 28 21:35:37 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Feb 28 20:41:14 2007 Subject: An example of a false positive URIBL In-Reply-To: <45E5E6C2.3090500@chapman.edu> Message-ID: Have you sent a correction notice to URIBL.com? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jay Chandler > Sent: 28 February 2007 20:32 > To: MailScanner discussion > Subject: An example of a false positive URIBL > > > > -------- Original Message -------- > > Return-Path: > X-Original-To: redacted@chapman.edu > Delivered-To: redacted@chapman.edu > Received: from lyris.collegeboard.com (water.lyris.net [64.62.197.96]) > by aconcagua.chapman.edu (Postfix) with SMTP id C69244558F > for ; Wed, 28 Feb 2007 11:01:41 -0800 (PST) > DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; > h=domainkey-signature:received:received:message- > id:date:from:to:subject:in-r > eply-to:mime-version:content-type:content-transfer-encoding:content- > disposit > ion:references; > b=QExGWghop21XEtZTqgtuFVRltyiUyZckKYDp/rZAOsOfyrUflqDWOj/W4FKYwvsgc12VbC +l > /U > NyfNRfkOOYEm//bpUsyH3OUnOJzrkWf5nGst+RgHGfe5Qlp3mMKiPBHrr0xYOWlGpo5ZK7Kx NL > cq > HFl8/6DJlxBfIaekVAjbs= > DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; > h=received:message-id:date:from:to:subject:in-reply-to:mime- > version:content- > type:content-transfer-encoding:content-disposition:references; > b=qL8pqttk1PFL6wFgBgqVR4V0779wVQm4xVWCkmOoxX4QxiVx22ThT2LLu3pzKzM+H4H4Dl pV > kb > WKuhMEmGelmrVUlQxJ3PdjhqqJiivIn/uXNkh5WSqEFhx8/FOJRfLSQohXvGrOEC9w6lHyFB PT > Ld > eoJZaOTkGpVBI2sggEDL8= > Message-ID: > redacted#chapman.edu@lyris.collegebo > ard.com> > Date: Tue, 27 Feb 2007 18:47:27 -0600 > From: "Jason Cordes" > To: "AP Computer Science" > Subject: *****SPAM***** Re: [ap-compsci] Default settings for JCreator > In-Reply-To: > cordes#gmail.com@lyris.collegebo > ard.com> > MIME-Version: 1.0 > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > Reply-To: "AP Computer Science" > X-Chapman-MailScanner-Information: Please contact the ISP for more > information > X-Chapman-MailScanner: Found to be clean > X-Chapman-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=8.346, > required 6, BAYES_50 0.10, DATE_IN_PAST_12_24 1.25, > FORGED_RCVD_HELO 0.14, HELO_MISMATCH_COM 0.55, > HOST_MISMATCH_NET 0.31, URIBL_BLACK 6.00) > X-Chapman-MailScanner-SpamScore: ssssssss > X-Chapman-MailScanner-From: bounce-2822662-6082435@lyris.collegeboard.com > X-Spam-Status: Yes > > > -----Original Message----- > From: Jason Cordes [mailto:cordes@gmail.com] > Sent: Tuesday, February 27, 2007 4:47 PM > To: AP Computer Science > Subject: *****SPAM***** Re: [ap-compsci] Default settings for JCreator > > That isn't done by JCreator, that is done by Java. > And really, they aren't public, they are "package" level access, which > means anything in the same file (and possibly folder, I haven't tried > recently) can access it. > > This is distinctly different from C++ class behavior which DOES > default to private. > If you are a C++ programmer, pretend that Java classes are actually > struct, that might help :) > > On 2/26/07, Ron Ouwerkerk wrote: > > Hi, > > > > When writing prorgams with JCreator LE, all instance variables seem to > > default to public unless we explicitly state that they are private. > Does > > anyone know how to change the settings in JCreator so that the variables > > default to private? > > > > Cheers, > > Ron Ouwerkerk > > Computer Science - ICT Department > > St. George's School > > > > > > > > ==== > > Course related websites: > > http://apcentral.collegeboard.com/compscia > > http://apcentral.collegeboard.com/compsciab > > > > --- > > ap-compsci is an Electronic Discussion Group (EDG) of The College Board > > TO CHANGE YOUR EMAIL ADDRESS, PASSWORD OR SETTINGS, go to > > http://lyris.collegeboard.com/read/my_account/edit > > To UNSUBSCRIBE click the unsubscribe button on your Forums page: > > http://lyris.collegeboard.com/read/my_forums/ > > > > > -- > Jason Cordes > >>>>> http://www.frenzy.com/~jaebear --- > http://mail.bryanisd.org/~jcordes <<<<< > "I can't think of a job I'd rather do than computer programming. All > day, you create patterns and structure out of the formless void, and > you solve dozens of smaller puzzles along the way." Peter Van Der > Linden "Expert C Programming: Deep C Secrets" > > ==== > Course related websites: > http://apcentral.collegeboard.com/compscia > http://apcentral.collegeboard.com/compsciab > > --- > ap-compsci is an Electronic Discussion Group (EDG) of The College Board > TO CHANGE YOUR EMAIL ADDRESS, PASSWORD OR SETTINGS, go to > http://lyris.collegeboard.com/read/my_account/edit > To UNSUBSCRIBE click the unsubscribe button on your Forums page: > http://lyris.collegeboard.com/read/my_forums/ > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From itdept at fractalweb.com Wed Feb 28 21:34:28 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 28 20:41:49 2007 Subject: Image spam In-Reply-To: <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> Message-ID: <45E5E754.6060004@fractalweb.com> Stephen Swaney wrote: > > They're probably not :) I know that Barracuda has exaggerated performance > claims in the past. > > We're seeing almost no little image spam (none for the last week at least) > getting through without using FuzzOCR (too much load). How - Just > SpamAssassin with: > > SARE rule sets > Milter-ahead (Snertsoft) > Milter-link (Snertsoft) > Razor > DCC > GreetPause > Spamhaus (zen) > > BTW For those who use them, Anthony Howe has new releases (today) of many of > his milters and the libsnert library now available at www.snertsoft.com > Steve, As usual, excellent information. We'll be looking at implementing the Snertsoft (great company name, btw) milters asap. How long of a GreetPause are you using? Thanks, Chris From michele at blacknight.ie Wed Feb 28 21:38:04 2007 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Wed Feb 28 20:43:38 2007 Subject: Image spam In-Reply-To: <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> Message-ID: <45E5E82C.3060005@blacknight.ie> > > SARE rule sets Which ones? :) -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Fax. +353 (0) 59 9164239 From chandler.lists at chapman.edu Wed Feb 28 21:38:12 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 28 20:43:48 2007 Subject: An example of a false positive URIBL In-Reply-To: <45E5E6C2.3090500@chapman.edu> References: <45E5E6C2.3090500@chapman.edu> Message-ID: <45E5E834.5000101@chapman.edu> Jay Chandler wrote: [snip] I'm an idiot. frenzy dot com was listed-- didn't see it on my first pass through. I'll have to check the rest of my FPs and see if I'm dreaming or not... From chandler.lists at chapman.edu Wed Feb 28 21:40:54 2007 From: chandler.lists at chapman.edu (Jay Chandler) Date: Wed Feb 28 20:46:27 2007 Subject: URIBL FP-- better example Message-ID: <45E5E8D6.80403@chapman.edu> Here's a better example-- I checked all the URLs I could find by hand... -------- Original Message -------- Return-Path: X-Original-To: redacted@chapman.edu Delivered-To: redacted@chapman.edu Received: from smtp2.mathworks.com (smtp2.mathworks.com [144.212.95.218]) by spacecowboy.chapman.edu (Postfix) with ESMTP id 1E5F15C13F; Wed, 28 Feb 2007 10:56:08 -0800 (PST) Received: from mail-vif.mathworks.com (fred-ce0.mathworks.com [144.212.95.18]) by smtp2.mathworks.com (8.13.8/8.12.11) with ESMTP id l1SInvOG009769; Wed, 28 Feb 2007 13:52:10 -0500 (EST) Received: from fred-ce0.mathworks.com (mail-vif [144.212.95.101]) by mail-vif.mathworks.com (8.11.7/8.11.7) with ESMTP id l1SIeXd09937; Wed, 28 Feb 2007 13:40:33 -0500 (EST) Received: (from majordom@localhost) by fred-ce0.mathworks.com (8.11.7/8.11.6) id l1SIeX709933; Wed, 28 Feb 2007 13:40:33 -0500 (EST) X-Authentication-Warning: fred.mathworks.com: majordom set sender to owner-toasters@mathworks.com using -f Received: from smtp.mathworks.com (ginger [144.212.95.28]) by mail-vif.mathworks.com (8.11.7/8.11.7) with ESMTP id l1SIeQd09821 for ; Wed, 28 Feb 2007 13:40:26 -0500 (EST) Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by smtp.mathworks.com (8.13.8/8.12.11) with SMTP id l1SIeO8o006090 for ; Wed, 28 Feb 2007 13:40:25 -0500 (EST) Received: from smtp2.corp.netapp.com ([10.57.159.114]) by mx2.netapp.com with ESMTP; 28 Feb 2007 10:37:10 -0800 X-IronPort-AV: i="4.14,231,1170662400"; d="scan'208"; a="37155937:sNHT30089311" Received: from svlexc02.hq.netapp.com (svlexc02.corp.netapp.com [10.57.157.136]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id l1SIb9PL008173; Wed, 28 Feb 2007 10:37:09 -0800 (PST) Received: from SACEXMV01.hq.netapp.com ([10.99.190.107]) by svlexc02.hq.netapp.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 28 Feb 2007 10:38:17 -0800 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 28 Feb 2007 10:37:08 -0800 Message-ID: In-Reply-To: <33A166465FC5A042A53EDA8EB7681610014FD74D@satladmdlmb37.delta.rl.delta.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: autosupport stops functioning Thread-Index: AcdadAYGFBWHqExdTu+usTKdpoxkzwAL57RAAC4/reAAAgU/QA== References: <33A166465FC5A042A53EDA8EB7681610014FD74D@satladmdlmb37.delta.rl.delta.com> From: "Learmonth, Peter" To: "Bender, Marilee" , X-OriginalArrivalTime: 28 Feb 2007 18:38:17.0279 (UTC) FILETIME=[9CBDC4F0:01C75B67] X-Greylist: Delayed for 00:03:14 by milter-greylist-2.0.2 (smtp.mathworks.com [144.212.95.12]); Wed, 28 Feb 2007 13:40:25 -0500 (EST) X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.2.28.100436 X-PerlMx-Spam: Gauge=IIIIIII, Probability=7%, Report='__C230066_P5 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail-vif.mathworks.com id l1SIeUd09880 Sender: owner-toasters@mathworks.com Precedence: bulk X-Chapman-MailScanner-Information: Please contact the ISP for more information X-Chapman-MailScanner: Found to be clean X-Chapman-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.7, required 6, BAYES_50 0.10, J_CHICKENPOX_21 0.60, URIBL_BLACK 6.00) X-Chapman-MailScanner-SpamScore: ssssss X-Chapman-MailScanner-From: owner-toasters@mathworks.com Subject: *****SPAM***** RE: autosupport stops functioning X-Spam-Status: Yes -----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Learmonth, Peter Sent: Wednesday, February 28, 2007 10:37 AM To: Bender, Marilee; toasters@mathworks.com Subject: *****SPAM***** RE: autosupport stops functioning Hi There I realize some of you may know this, but just in case... Asup to NetApp, as of around 6.4 or 6.5, has the option of sending to NetApp via HTTP or HTTPS. This was implemented because of issues Mike Sphar mentioned (SMTP relays not being configured to allow the filer to send to netapp.com or the config changing). Unless you block HTTP out of your datacenter, you should really use this transport. If you block direct HTTP, but have a proxy, there's an option for that too. autosupport.support.enable on autosupport.support.proxy autosupport.support.to autosupport@netapp.com <<<< Only used for SMTP autosupport.support.transport https autosupport.support.url support.netapp.com/asupprod/post/1.0/postAsup (url is hard-coded) HTTPS is the default for new installs. Systems that have been installed since before this option existed, or have been upgraded from an install that predates this may still be set to their original SMTP settings. I don't know off top of my head if any ONTAP upgrades change this at all. HTTP does not have the same message size limits that SMTP usually does. These options must be set from the CLI (console or telnet/SSH), since they're not exposed in FilerView. If you want to check if asup is working at all, when you might not be getting messages, ask support or your SE to check for asups at our end. The filer also syslogs errors encountered by asup, by default in /etc/messages and on the console, if connected when the problem occurs. The other reason I bring this up is that even if your filer is not under support, NetApp will still receive the asup messages. We just won't open or act on cases automatically if there is no support in place. The messages are still useful in many ways, including if you ever decide to reactivate support, we have history we can use to help you. Also, if you want to upgrade (add-on or head swap), your NetApp SE can give you advice based on the asup info. Share and enjoy! Peter -----Original Message----- From: Bender, Marilee [mailto:Marilee.Bender@delta.com] Sent: Wednesday, February 28, 2007 9:26 AM To: toasters@mathworks.com Subject: FW: autosupport stops functioning We had this issue too. I agree with the post below that it could be message size. However, if it's just past asups that were too large because of the messages file (or one of the other attachments), you can set the autosupport.content size to minimal to delete all the queued asups, then "doit" to generate one without the attachments to see if you receive it, then put the content back to complete. It cleared the issue on one of our NearStores....the other one appears to have a "corrupt" character in the data chunk as viewed from the smtp server logs. -----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Sphar, Mike Sent: Tuesday, February 27, 2007 2:19 PM To: toasters@mathworks.com Subject: RE: autosupport stops functioning I don't think this is the same problem as the one originally posted, but we once had a similar problem here where autosupport messages stopped being received by netapp because our mail gateway was rejecting all messages larger than a certain size. We didn't even know they were bouncing (we weren't getting the bounces) until one of the mail admins finally said something about it. -- Michael W. Sphar - IS&T - Lead Systems Administrator SMBU Engineering Support Services, BMC Software -----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Stephen C. Losen Sent: Tuesday, February 27, 2007 6:55 AM To: Leeds, Daniel Cc: toasters@mathworks.com Subject: Re: autosupport stops functioning > > anyone else have this happen? > > suddenly one of our filers stops generating autosupport messages. both autosupport.enable and autosupport.support.enable are on. if i generate a test email with the autosupport.doit option nothing happens. not even a failed message, the console just sits there as if i never generated one. > > needless to say neither netapp or our email server gets anything from this filer and nothing hits the console about generating any autosupport emails. > > One of our filers stopped sending weekly autosupports because the /etc/messages file was huge (170MB). It gets sent to netapp as part of the autosupport. I got an automatic email from Netapp support telling me that they hadn't received an autosupport for two weeks. Buried in my huge /etc/messages file was an error indicating that autosupport had failed, but no reason why. This particular filer holds our home directories and gets a lot of CIFS logins, which we want to log. We have enabled CIFS login tracing, which is very verbose. I used /etc/syslog.conf to divert the CIFS auth messages to another file: *.warning;auth.none /dev/console *.info;auth.none /etc/messages auth.info /etc/cifs_auth_log I rotate the cifs_auth_log with a cron job because I think ONTAP will only rotate /etc/messages. Now /etc/messages only grows to about 200K and autosupport is working again. Steve Losen scl@virginia.edu phone: 434-924-0640 University of Virginia ITC Unix Support From hvdkooij at vanderkooij.org Wed Feb 28 21:53:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Feb 28 20:59:24 2007 Subject: Image spam In-Reply-To: <45E5E754.6060004@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> <45E5E754.6060004@fractalweb.com> Message-ID: On Wed, 28 Feb 2007, Chris Yuzik wrote: > As usual, excellent information. We'll be looking at implementing the > Snertsoft (great company name, btw) milters asap. Well. Snert in Dutch is either: - A thick pee soup. In orde to qualify one must be able to stick a sppon in and it should not fall sideway immediatly. It is closely related to skating outdoor. (But global warming disabled that feature here.) - A negative indicator. For example a 'snert fiets' is a louzy bike. (Which usually ends up in the canals by the dozens.) Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From alex at nkpanama.com Wed Feb 28 22:02:17 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 28 21:08:34 2007 Subject: Image spam In-Reply-To: References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> <45E5E754.6060004@fractalweb.com> Message-ID: <45E5EDD9.6000900@nkpanama.com> Hugo van der Kooij wrote: > Well. Snert in Dutch is either: > > - A thick pee soup. In orde to qualify one must be able to stick a sppon > in and it should not fall sideway immediatly. It is closely related to > skating outdoor. (But global warming disabled that feature here.) My ancestors were Dutch - but I don't recall them having anything closely resembling "pee soup" or any other dish which calls for "pee" as an ingredient ... ;-) From ms-list at alexb.ch Wed Feb 28 22:16:34 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Feb 28 21:22:09 2007 Subject: An example of a false positive URIBL In-Reply-To: <45E5E834.5000101@chapman.edu> References: <45E5E6C2.3090500@chapman.edu> <45E5E834.5000101@chapman.edu> Message-ID: <45E5F132.7000603@alexb.ch> On 2/28/2007 9:38 PM, Jay Chandler wrote: > Jay Chandler wrote: > > [snip] > > > I'm an idiot. > > frenzy dot com was listed-- didn't see it on my first pass through. > > I'll have to check the rest of my FPs and see if I'm dreaming or not... a hitfarm domain? no content except a fake search engine? suggest you do a NANAS lookup on this domain why should this be delisted? You'll be better off with a skip_uri rule on your systems. Alex From hvdkooij at vanderkooij.org Wed Feb 28 22:21:00 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Feb 28 21:26:35 2007 Subject: Image spam In-Reply-To: <45E5EDD9.6000900@nkpanama.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> <45E5E754.6060004@fractalweb.com> <45E5EDD9.6000900@nkpanama.com> Message-ID: On Wed, 28 Feb 2007, Alex Neuman van der Hans wrote: > Hugo van der Kooij wrote: >> Well. Snert in Dutch is either: >> >> - A thick pee soup. In orde to qualify one must be able to stick a sppon >> in and it should not fall sideway immediatly. It is closely related to >> skating outdoor. (But global warming disabled that feature here.) > My ancestors were Dutch - but I don't recall them having anything closely > resembling "pee soup" or any other dish which calls for "pee" as an > ingredient ... ;-) s/pee/pea (Sometimes there is a odd mismatch between mind and fingers resulting is funny typo's.) See also: http://en.wikipedia.org/wiki/Pea_soup Hugo. -- hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From jaearick at colby.edu Wed Feb 28 22:04:45 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Feb 28 21:30:05 2007 Subject: Julian Field in hospital In-Reply-To: <20070228133610.GM19530@login.ecs.soton.ac.uk> References: <20070226163637.GC29278@login.ecs.soton.ac.uk> <20070228055010.4225.GERARD@seibercom.net> <223f97700702280422v64b5250bm201cc25520e054d2@mail.gmail.com> <20070228133610.GM19530@login.ecs.soton.ac.uk> Message-ID: On Wed, 28 Feb 2007, Tim Chown wrote: > On Wed, Feb 28, 2007 at 01:22:30PM +0100, Glenn Steen wrote: >> >> Tim has promised to keep us posted, and he/they will bring this thread >> (more or less) to him when he is in a state to appreciate it >> (hardcopy, of course). >> As to what ails Jules, we really don't know ... He has described his >> medical condition in this thread: >> http://comments.gmane.org/gmane.mail.virus.mailscanner/47823 ... But >> what exactly the current problems stem from (of all the serious >> problems he has), we can only guess. >> I'm full of trust that he is receiving the best possible medical care >> and attention, and hope he will be able to make as full a recovery as >> possible. > > Hi all, > > I suspect Jules has deliberately played down his health issues because > that's the sort of person he is. He'll do a fantastic job for everyone > he works with and not complain. > > It's a long term condition of 10 years now, and one which has no name. > The doctors can't just look it up in a text book. The thread above > gives more detail than I ever could. > > On Thursday he was helped home feeling unwell. He came in Friday but > again felt unwell so went home. He was then found by his cleaner > who called the ambulance. I understand he had collapsed having > suffered internal bleeding. > > Based on my visit yesterday, he'd had no new bleeding for 24 hours, and > had made a very small improvement in that his drug level had been turned > down, but he is being kept unconscious by the drugs. He's receiving > the best possible care in the ICU. > > Regarding cards/gifts etc, let's please wait a little before doing > anything. I'll make sure his very closest friends here discuss this with > his parents to see what they would like, and I'll then pass that on to > the list. > > And again, I will make sure that every message is passed on. They will > mean a lot. Boy was I depressed when I read the gmane thread. I've always thought that Jules was a hero for writing MailScanner, but he has moved into superhero status now -- doing amazing things in impossible circumstances. The rest of us would be happy just to tie our shoes if we had to put up with such pain and massive painkiller pills. How does Jules write such great code? My hat is off to you and my prayers are with you. Jeff Earickson Colby College From z at ziff.net Wed Feb 28 22:29:29 2007 From: z at ziff.net (Zivago Lee) Date: Wed Feb 28 21:35:06 2007 Subject: clamav and mailscanner In-Reply-To: <59E4A3A1069C2640959AD0F7518C48122F08A0@FLN1.fln.local> References: <0e5c1b86ea5f784cbbe5cc5739a4766d@solidstatelogic.com><4106.209.104.55.7.1172525095.squirrel@mail.ziff.net><1172648388.21763.0.camel@miyagip.ziff.net.><26942.209.104.55.7.1172685554.squirrel@mail.ziff.net><223f97700702281106m3e6fdf70sef8c2701a725bc18@mail.gmail.com> <22107.209.104.55.7.1172690830.squirrel@mail.ziff.net> <59E4A3A1069C2640959AD0F7518C48122F08A0@FLN1.fln.local> Message-ID: <31180.209.104.55.7.1172698169.squirrel@mail.ziff.net> > Could be selinux . I hate that thing. It can be dissabled/enabled untill > reboot, or completely. I hate selinux too. :) Definitely disabled here, too... -- Zivago Lee z@ziff.net From mikea at mikea.ath.cx Wed Feb 28 22:34:26 2007 From: mikea at mikea.ath.cx (mikea) Date: Wed Feb 28 21:40:00 2007 Subject: Image spam In-Reply-To: <45E5C5B1.9080208@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> Message-ID: <20070228213426.GB48419@mikea.ath.cx> On Wed, Feb 28, 2007 at 10:10:57AM -0800, Chris Yuzik wrote: > My impression is that pretty much anything that arrives with an attached > GIF these days is image spam. Are you seeing much ham with an attached GIF? > > I suppose some people perhaps have their company logo attached to their > emails, but would it be better if they just had the appropriate code in > their signature to pull the company logo image from their website? > > I would love to do something...anything...to thwart this damned image > spam. It's tempting to just strip GIF files out of emails, but then the > spam would likely start to arrive as a JPG or PNG. > > Eventually, we might have to go back to the good old days when email was > plain text only. > > Ideas? I work in a government agency that has been described as the largest civil engineering shop in the state. We build highways, bridges, and similar structures. As much as I'd love to go back to pure text mail and ship files voa webservers and the like, I can't get that to fly: too many people inside and outside depend on E-mail to move files, and add thereby to my woes. It's hard to stuff all the neutrons back into that sphere of Pu. I see GIFs, JPGs, PNGs, various formats of CAD files, audio and video files[1], PDF, PS, about 10 different word-processor and spreadsheet formats, PowerPoint and its look-alikes, and you-name-it. Whatever we do, as long as it's not pure text mail, the spammers and botnet operators will construct countermeasures. We are, as Tom Lehrer wrote, involved in a game of "escalatio". But we all knew that. You want ideas? I'm fresh out. [1] I *did* manage to get an authorized list of audio and video senders for inbound and outbound mail, to keep the home videos, pirated audio files, and "funny files" down, but even that was a struggle. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From alex at nkpanama.com Wed Feb 28 22:41:26 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 28 21:47:43 2007 Subject: Image spam In-Reply-To: <20070228213426.GB48419@mikea.ath.cx> References: <45E5C5B1.9080208@fractalweb.com> <20070228213426.GB48419@mikea.ath.cx> Message-ID: <45E5F706.2080802@nkpanama.com> mikea wrote: > > Whatever we do, as long as it's not pure text mail, the spammers and > botnet operators will construct countermeasures. We are, as Tom Lehrer > wrote, involved in a game of "escalatio". But we all knew that. > > You want ideas? I'm fresh out. How about pure text + attachments, no inline html or gif? :-) From steve.swaney at fsl.com Wed Feb 28 23:48:19 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Feb 28 22:51:48 2007 Subject: Image spam In-Reply-To: <45E5E754.6060004@fractalweb.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> <45E5E754.6060004@fractalweb.com> Message-ID: <024301c75b8a$8b082610$a1187230$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik > Sent: Wednesday, February 28, 2007 3:34 PM > To: MailScanner discussion > Subject: Re: Image spam > > Stephen Swaney wrote: > > > > They're probably not :) I know that Barracuda has exaggerated > performance > > claims in the past. > > > > We're seeing almost no little image spam (none for the last week at > least) > > getting through without using FuzzOCR (too much load). How - Just > > SpamAssassin with: > > > > SARE rule sets > > Milter-ahead (Snertsoft) > > Milter-link (Snertsoft) > > Razor > > DCC > > GreetPause > > Spamhaus (zen) > > > > BTW For those who use them, Anthony Howe has new releases (today) of > many of > > his milters and the libsnert library now available at > www.snertsoft.com > > > Steve, > > As usual, excellent information. We'll be looking at implementing the > Snertsoft (great company name, btw) milters asap. > They are very effective. > How long of a GreetPause are you using? > 650 ms on our service bureau for a long time now and never one complaint. Steve Swaney steve@fsl.com From root at doctor.nl2k.ab.ca Wed Feb 28 23:54:08 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Feb 28 23:00:15 2007 Subject: SpamAssassin 3.1.8 In-Reply-To: <25a66d840702280521sf9c8b53xf1f8069618942ba3@mail.gmail.com> References: <79755AA4E018084793EE618A2731F24C02B32B@HC-MBX01.herefordshire.gov.uk> <20070228130412.GC235@doctor.nl2k.ab.ca> <25a66d840702280521sf9c8b53xf1f8069618942ba3@mail.gmail.com> Message-ID: <20070228225408.GA18194@doctor.nl2k.ab.ca> On Wed, Feb 28, 2007 at 08:21:56AM -0500, am.lists wrote: > On 2/28/07, Dave Shariff Yadallee - System Administrator a.k.a. The > Root of the Problem wrote: > >Please stay with Clamav 0.88.7 . Clamav 0.90 is not properly > >open sourced IMHO. > > > Umm... Are you suggesting that the license has changed between 0.88.7 > --> 0.90 or are you just not 100% comfortable with the source code? > Usually licenses aren't subject to opinion. I just checked the website > and it still lists the product as GPL. > More likely Linux Public License. > Angelo > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Wed Feb 28 23:55:16 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Feb 28 23:02:17 2007 Subject: Image spam In-Reply-To: <024301c75b8a$8b082610$a1187230$@swaney@fsl.com> References: <45E5C5B1.9080208@fractalweb.com> <45E5CD22.3050206@lexairinc.com> <45E5DEE0.4090802@fractalweb.com> <022b01c75b76$977738f0$c665aad0$@swaney@fsl.com> <45E5E754.6060004@fractalweb.com> <024301c75b8a$8b082610$a1187230$@swaney@fsl.com> Message-ID: <45E60854.3010402@fractalweb.com> Stephen Swaney wrote: >> How long of a GreetPause are you using? >> >> > > 650 ms on our service bureau for a long time now and never one complaint. > Steve, And do you have any stats on just how effective the greet_pause is? Is it blocking 5% of spam? More? Chris