From ananitya at prachanda.info  Mon Jan  1 21:10:14 2007
From: ananitya at prachanda.info (Ananitya)
Date: Mon Jan  1 20:11:53 2007
Subject: MailScanner trying to access all directories under /var/*
Message-ID: <200701020140.27684.Ananitya@prachanda.hub>

Hi friends,
I am writing SELinux policy for mailscanner and while enabling a test policy 
for it I found MailScanner is trying to access all directories under /var.
Why MailScanner is trying to access all directories under /var ?

TIA

-- 
Because I don't need to worry about finances I can ignore Microsoft
and take over the (computing) world from the grassroots.
	-- Linus Torvalds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070102/cace7d05/attachment.bin
From prandal at herefordshire.gov.uk  Mon Jan  1 22:07:59 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan  1 21:09:11 2007
Subject: McAfee and lack of detection
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768202@isabella.herefordshire.gov.uk>

McAfee do sometimes release in weekends, and certainly should have in
the last few days.

Figures here since midnight on December 29th:

 ClamAV Trojan.Downloader-388: 111, McAfee 0
 ClamAV Trojan.Downloader-390: 791, McAfee 0

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A
Sent: Sunday, December 31, 2006 10:26 PM
To: MailScanner discussion
Subject: Re: McAfee and lack of detection

Rob Freeman wrote:
> We used to use mcafee but stopped using it as it did not detected
nearly the
> amount of virus's that clamav and f-prot were getting.  Just added
overhead.
> 

My experience with Mcafee is that they don't update dats on weekends. 
This just plain sucks. I work on weekends, and virus writers do too!

> drwxr-xr-x    2 root root 4096 Dec 29 10:09 4929
> lrwxrwxrwx    1 root root    4 Dec 29 10:09 current -> 4929
> drwxr-xr-x    2 root root 4096 Dec 28 09:11 4928
> drwxr-xr-x    2 root root 4096 Dec 27 09:06 4927
> drwxr-xr-x    2 root root 4096 Dec 26 09:03 4926
> drwxr-xr-x    2 root root 4096 Dec 22 09:04 4925
> drwxr-xr-x    2 root root 4096 Dec 21 10:08 4924
> drwxr-xr-x    2 root root 4096 Dec 20 09:03 4923
> drwxr-xr-x    2 root root 4096 Dec 19 09:04 4922
> drwxr-xr-x    2 root root 4096 Dec 18 11:11 4921
> drwxr-xr-x    2 root root 4096 Dec 15 09:05 4920

:-(

Ken A
Pacific.Net

> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott
Silva
> Sent: Saturday, December 30, 2006 12:08 PM
> To: mailscanner@lists.mailscanner.info
> Subject: McAfee and lack of detection
> 
> Is any one else using McAfee with the 5100 engine seen a lack of
detection
> lately? Maybe a month or so. I just had some time to look back through
logs
> and noticed that McAfee isn't hitting, and a mail test today missed
all but
> a
> straight eicar.com test.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From res at ausics.net  Mon Jan  1 23:11:22 2007
From: res at ausics.net (Res)
Date: Mon Jan  1 22:12:33 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <200701020140.27684.Ananitya@prachanda.hub>
References: <200701020140.27684.Ananitya@prachanda.hub>
Message-ID: <Pine.LNX.4.64.0701020809290.12846@ebfjryy.nhfvpf.arg>

On Tue, 2 Jan 2007, Ananitya wrote:

> Hi friends,
> I am writing SELinux policy for mailscanner and while enabling a test policy
> for it I found MailScanner is trying to access all directories under /var.
> Why MailScanner is trying to access all directories under /var ?

This might have somthing to do with the fact the mail directories that are 
used all have to be on the same partition, and as sendmail, postfix and 
qmail all use different directories it might be testing for all 
possabilities.



-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From ananitya at prachanda.info  Tue Jan  2 06:48:17 2007
From: ananitya at prachanda.info (Ananitya)
Date: Tue Jan  2 05:49:59 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <Pine.LNX.4.64.0701020809290.12846@ebfjryy.nhfvpf.arg>
References: <200701020140.27684.Ananitya@prachanda.hub>
	<Pine.LNX.4.64.0701020809290.12846@ebfjryy.nhfvpf.arg>
Message-ID: <200701021118.35667.Ananitya@prachanda.hub>

On Tuesday 02 January 2007 03:41, Res wrote:
> This might have somthing to do with the fact the mail directories that are
> used all have to be on the same partition, and as sendmail, postfix and
> qmail all use different directories it might be testing for all
> possabilities.
Hi,
So MailScanner bypasses its configuration file options at startup ? Since I 
have configures MailScanner for postfix and used only postfix related options 
in MailScanner.conf, still then why it is trying to access all directories 
under /var/*.

TIA

-- 
A couch is as good as a chair.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070102/40aa1f55/attachment.bin
From res at ausics.net  Tue Jan  2 07:09:14 2007
From: res at ausics.net (Res)
Date: Tue Jan  2 06:10:28 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <200701021118.35667.Ananitya@prachanda.hub>
References: <200701020140.27684.Ananitya@prachanda.hub>
	<Pine.LNX.4.64.0701020809290.12846@ebfjryy.nhfvpf.arg>
	<200701021118.35667.Ananitya@prachanda.hub>
Message-ID: <Pine.LNX.4.64.0701021553440.14530@ebfjryy.nhfvpf.arg>

On Tue, 2 Jan 2007, Ananitya wrote:

> On Tuesday 02 January 2007 03:41, Res wrote:
>> This might have somthing to do with the fact the mail directories that are
>> used all have to be on the same partition, and as sendmail, postfix and
>> qmail all use different directories it might be testing for all
>> possabilities.

> Hi,
> So MailScanner bypasses its configuration file options at startup ?

No :) I don't think so, however there are hard coded defaults inplace 
incase someone 0 bytes the conf file it has somthing to fall back on to 
at least try keep running.

> under /var/*.

Does it really matter though? I don't use sel because it causes more 
dramas than what the damned things worth on production servers, if it
accesses it, it does it for a reason :)

But a quick look here with sendmail, mailscanner, spamassassin and f-prot

stat64("/var/lock
stat64("/var/spool/MailScanner
stat64("/var/spool/mqueue
connect(7, {sa_family=AF_FILE, path="/var/run/nscd/socket"}
stat64("/var/lib/3.001007"
stat64("/var/tmp"

Nothing that shouldn't be there as far as I can see.



-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From hofu12 at physik.tu-darmstadt.de  Tue Jan  2 12:23:08 2007
From: hofu12 at physik.tu-darmstadt.de (Joachim Holzfuss)
Date: Tue Jan  2 11:46:18 2007
Subject: MailScanner start/stop issues on SuSE 10.2
Message-ID: <loom.20070102T121621-913@post.gmane.org>

Hi,

Stopping MailScanner with the init.d script leaves the huge number of
individual sendmail  connections alive, it stops the sendmail daemons though.
Starting MailScanner with the init.d script fails to start the sendmail
daemon afterwards. After killing the sendmail procs manually starting succeeds
as expected.

This is a fresh install of MailScanner version 4.57.6 on SuSE 10.2.

Greetings Joachim Holzfuss


From martinh at solidstatelogic.com  Tue Jan  2 13:06:56 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan  2 12:22:52 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <200701021118.35667.Ananitya@prachanda.hub>
Message-ID: <7df6a2f8ba90414da1508d67dee33c94@solidstatelogic.com>

When you say trying to access what exactly do you mean?

Do you mean looking for email to scan in /var?? If so what is your
"Incoming Queue Dir" in Mailscanner.conf

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Ananitya
> Sent: 02 January 2007 05:48
> To: mailscanner@lists.mailscanner.info
> Subject: Re: MailScanner trying to access all directories under /var/*
>
> On Tuesday 02 January 2007 03:41, Res wrote:
> > This might have somthing to do with the fact the mail directories
that
> are
> > used all have to be on the same partition, and as sendmail, postfix
and
> > qmail all use different directories it might be testing for all
> > possabilities.
> Hi,
> So MailScanner bypasses its configuration file options at startup ?
Since
> I
> have configures MailScanner for postfix and used only postfix related
> options
> in MailScanner.conf, still then why it is trying to access all
directories
> under /var/*.
>
> TIA
>
> --
> A couch is as good as a chair.




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From res at ausics.net  Tue Jan  2 13:47:07 2007
From: res at ausics.net (Res)
Date: Tue Jan  2 12:48:21 2007
Subject: MailScanner start/stop issues on SuSE 10.2
In-Reply-To: <loom.20070102T121621-913@post.gmane.org>
References: <loom.20070102T121621-913@post.gmane.org>
Message-ID: <Pine.LNX.4.64.0701022244190.15668@ebfjryy.nhfvpf.arg>

On Tue, 2 Jan 2007, Joachim Holzfuss wrote:

> Hi,
>
> Stopping MailScanner with the init.d script leaves the huge number of
> individual sendmail  connections alive, it stops the sendmail daemons though.


This is correct method, stopping sendmail stops the listeners, it wont 
nor should it kill any existing sendmail children in a transaction, once 
the transaction is complete the childs die off anyway.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From pete at pwdk.com  Tue Jan  2 13:54:42 2007
From: pete at pwdk.com (pete@pwdk.com)
Date: Tue Jan  2 12:55:52 2007
Subject: Zombies
Message-ID: <459A5612.4040705@pwdk.com>

Hi

Happy New Year :-)

I've just been looking at my process list and noticed quite a few 
Zombies, 15 in total, 8 MailScann and 7 sh, the email system seems to be 
working correctly as far as I can tell, so I'm not sure why I'm getting 
these Zombies.

Top output :-

2202 mailnull  20   0     0    0    0 Z    0  0.0   0:00.14 MailScann
21103 nobody    23   0     0    0    0 Z    0  0.0   0:00.00 sh


Are these normal?
Should I be worried about them?
Can anything be done about them?
Am I loosing emails?

I'm running CentOS 4.4 with cPanel, and used the MailScanner Service 
supplied by configserver.com

Thanks
Pete


From hofu12 at physik.tu-darmstadt.de  Tue Jan  2 14:35:58 2007
From: hofu12 at physik.tu-darmstadt.de (Joachim Holzfuss)
Date: Tue Jan  2 13:37:22 2007
Subject: MailScanner start/stop issues on SuSE 10.2
References: <loom.20070102T121621-913@post.gmane.org>
	<Pine.LNX.4.64.0701022244190.15668@ebfjryy.nhfvpf.arg>
Message-ID: <loom.20070102T142704-486@post.gmane.org>



Res <res <at> ausics.net> writes:

> 
> On Tue, 2 Jan 2007, Joachim Holzfuss wrote:
> 
> > Hi,
> >
> > Stopping MailScanner with the init.d script leaves the huge number of
> > individual sendmail  connections alive, it stops the sendmail daemons though.
> 
> This is correct method, stopping sendmail stops the listeners, it wont 
> nor should it kill any existing sendmail children in a transaction, once 
> the transaction is complete the childs die off anyway.
> 

Hi,

but starting with 
/etc/init.d/MailScanner start
fails to start the sendmail "accepting connections" listener
if any old sendmail children are existing (queue runners are started).
Start only succeeds starting the listener after they have been killed.
Greetings j.

PS: 
This one is missing after restart:
root     10766     1  2 13:06 ?        00:02:02 sendmail: accepting connections


From martinh at solidstatelogic.com  Tue Jan  2 14:43:30 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan  2 13:44:41 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <200701021118.35667.Ananitya@prachanda.hub>
Message-ID: <134ebdabd8918240b35c9648827bdfb1@solidstatelogic.com>


Hi

I'd check you have the directories for Incoming etc defined properly in
MailScanner.conf....

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Ananitya
> Sent: 02 January 2007 05:48
> To: mailscanner@lists.mailscanner.info
> Subject: Re: MailScanner trying to access all directories under /var/*
>
> On Tuesday 02 January 2007 03:41, Res wrote:
> > This might have somthing to do with the fact the mail directories
that
> are
> > used all have to be on the same partition, and as sendmail, postfix
and
> > qmail all use different directories it might be testing for all
> > possabilities.
> Hi,
> So MailScanner bypasses its configuration file options at startup ?
Since
> I
> have configures MailScanner for postfix and used only postfix related
> options
> in MailScanner.conf, still then why it is trying to access all
directories
> under /var/*.
>
> TIA
>
> --
> A couch is as good as a chair.




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From res at ausics.net  Tue Jan  2 14:50:03 2007
From: res at ausics.net (Res)
Date: Tue Jan  2 13:51:20 2007
Subject: MailScanner start/stop issues on SuSE 10.2
In-Reply-To: <loom.20070102T142704-486@post.gmane.org>
References: <loom.20070102T121621-913@post.gmane.org>
	<Pine.LNX.4.64.0701022244190.15668@ebfjryy.nhfvpf.arg>
	<loom.20070102T142704-486@post.gmane.org>
Message-ID: <Pine.LNX.4.64.0701022346150.15770@ebfjryy.nhfvpf.arg>

On Tue, 2 Jan 2007, Joachim Holzfuss wrote:

>
>
> Res <res <at> ausics.net> writes:
>
>>
>> On Tue, 2 Jan 2007, Joachim Holzfuss wrote:
>>
>>> Hi,
>>>
>>> Stopping MailScanner with the init.d script leaves the huge number of
>>> individual sendmail  connections alive, it stops the sendmail daemons though.
>>
>> This is correct method, stopping sendmail stops the listeners, it wont
>> nor should it kill any existing sendmail children in a transaction, once
>> the transaction is complete the childs die off anyway.
>>
>
> Hi,
>
> but starting with
> /etc/init.d/MailScanner start
> fails to start the sendmail "accepting connections" listener
> if any old sendmail children are existing (queue runners are started).
> Start only succeeds starting the listener after they have been killed.
> Greetings j.
>
> PS:
> This one is missing after restart:
> root     10766     1  2 13:06 ?        00:02:02 sendmail: accepting connections


Hrmm, try running it via strace to see what the go is, but a cure you 
could use is,  adding at the beginning of the "start" procedure in the 
init file:

kill -9 `head -n 1 /var/run/sendmail.in`


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From glenn.steen at gmail.com  Tue Jan  2 15:41:19 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan  2 14:42:28 2007
Subject: Zombies
In-Reply-To: <459A5612.4040705@pwdk.com>
References: <459A5612.4040705@pwdk.com>
Message-ID: <223f97700701020641s4f21898bn56c1368a2535072e@mail.gmail.com>

On 02/01/07, pete@pwdk.com <pete@pwdk.com> wrote:
> Hi
>
> Happy New Year :-)
>
> I've just been looking at my process list and noticed quite a few
> Zombies, 15 in total, 8 MailScann and 7 sh, the email system seems to be
> working correctly as far as I can tell, so I'm not sure why I'm getting
> these Zombies.

Q: What is a Zombie?
A: A dead-process-placeholder, preventing (child) process ID reuse
before the parent process has either noticed it being dead (by a wait
call), or the parent being terminated itself.

A simple google (just google for "zombie processes") will give you
several excellent explanations to this effect.
A zombie takes no real system resources, nor "interracts" with teh
system in any noticable way, apart from taking up a slot in the
process list...

> Top output :-
>
> 2202 mailnull  20   0     0    0    0 Z    0  0.0   0:00.14 MailScann
> 21103 nobody    23   0     0    0    0 Z    0  0.0   0:00.00 sh
>
>
> Are these normal?
Definitely, you have zobies all the time. If they "stick around", they
_may_ be an indication of a problem, but more likely not.
In this particular case, you can likely deduce that these are MS
"helpers" that run things like AV scanners etc, and they should go
away relatively swiftly (to be replaced with new ones). It depends a
bit on what is happening, and the relative speed of your system etc.
Look at your maillog, if you see SpamAssassin timeouts etc... then you
really do have a problem to work with. But then the zombbies "sticking
around" is just an indicator, not a real problem in and off itself.

> Should I be worried about them?
Not really, no.

> Can anything be done about them?
If you know which parent process (use ps;-), you _could_ kill that ...
but that is _not_ recommended. As said, they should clear up by
themselves (or rather by way of the parent:-).

> Am I loosing emails?
Not due to that, no.
But do check your logs carefully... If the zombies are due to
extremely slow I/O (broken disk, network problem, whatever) you could
be losing mails due to that specific fault;).

>
> I'm running CentOS 4.4 with cPanel, and used the MailScanner Service
> supplied by configserver.com
There are a few on this list who do (I don't), so maybe they'll jump
in with some pertinent advice:)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Olaf.Ohlenmacher at colt.net  Tue Jan  2 16:41:51 2007
From: Olaf.Ohlenmacher at colt.net (Ohlenmacher, Olaf)
Date: Tue Jan  2 15:43:02 2007
Subject: AW: whitelist_to getting exploited
Message-ID: <08AD7B42A2698345BA90F9E33A46F2C4EC3722@ULPGCTMVMAI003.EU.COLT>


Hi to all,

> -----Urspr?ngliche Nachricht-----
> Von: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] Im 
> Auftrag von Ramprasad
> Gesendet: Freitag, 29. Dezember 2006 08:16
> An: mailscanner@lists.mailscanner.info
> Betreff: whitelist_to getting exploited
> 
> 
> In our setup where we do email scanning for our clients we 
> have a feature by which clients can opt-out some ids from spamscan 
> 
> So I use in Mailscanner.conf
> 
> Spam Checks = spamcheck.rules
> 
> This file has 
> 
> To: user-1 NO
> default YES
> 
> Now a spammer marks a mail to multiple people with user-1  in 
> BCC and the mail passes straight 
> How can I get rid of this problem. If I use the 
> user_in_whitelist_to feature at spamassassin then too I would 
> have the same issue 

Configure your MTA to singularise the Mail first. How to to that depends on the MTA you are using.

Because MailScanner is not an MTA (and it should not behave like one) it can not split a mail depending on recipients and rules. That's a job for your MTA. Just configure it to save them as individual mails into the incoming queue.

@Ram: just call me under COLT 8-491-7825

Regards, 
  Olf

PS:
No i can not truncate the annoying appandage :-(


*************************************************************************************
The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way. 

The contents of this message and its attachments are confidential and may also be subject to legal privilege.  If you are not the named addressee and/or have received this message in error, please advise us by e-mailing security@colt.net and delete the message and any attachments without retaining any copies. 

Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses. 

No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party.  

Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900.

From ssilva at sgvwater.com  Tue Jan  2 17:08:26 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan  2 16:10:01 2007
Subject: McAfee and lack of detection
In-Reply-To: <000801c72c5d$fe5e6bd0$6689a8c0@di.unito.it>
References: <en69u3$7h6$1@sea.gmane.org> <000001c72c43$6f84beb0$4e8e3c10$@com>
	<000801c72c5d$fe5e6bd0$6689a8c0@di.unito.it>
Message-ID: <ene01p$93h$1@sea.gmane.org>

Sergio Rabellino spake the following on 12/30/2006 2:00 PM:
> I'm using mcafee on my solaris box as follow
> 
> Scan engine v4.4.00 for Solaris.
> Virus data file v4929 created Dec 29 2006
> Scanning for 221898 viruses, trojans and variants.
> 
> I'vent noticed any lack in detection for viruses.
> 
Maybe the 5.1.00 engine has changed the output just slightly and MailScanner
isn't picking it up. I might go back to the 4.4.00 engine on one box and see
what happens.
I think I will try a 30 day test of f-prot also.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From mailscanner at wealdclose.co.uk  Tue Jan  2 17:11:34 2007
From: mailscanner at wealdclose.co.uk (Kris Shaw)
Date: Tue Jan  2 16:13:30 2007
Subject: Virus Scanning when MailScanner is set to ignore domain
Message-ID: <00b201c72e88$acfd2650$09086f0a@gb010.itgr.net>

Hello,

I building a new mail relay and it currently sits in front of an existing MailScanner server that is working OK. The new relay has MailScanner installed, but as I don't want to double scan messages until I switch things over I have created a ruleset that disables MailScanner scanning by default.

Scan Messages = %rules-dir%/scan.messages.rules

scan.messages.rules contains:
To:             kshaw@xxxx.co.uk       yes
FromOrTo:       default                 no

Even though it takes no action, MailScanner is still virus checking messages, as seen by clamav activity using 'top'. Running MailScanner in debug mode reveals:

Jan  2 14:02:24 mx2 MailScanner[28092]: MailScanner E-Mail Virus Scanner version
 4.57.6 starting...
Jan  2 14:02:25 mx2 MailScanner[28092]: Read 759 hostnames from the phishing whi
telist
Jan  2 14:02:25 mx2 MailScanner[28092]: Using SpamAssassin results cache
Jan  2 14:02:25 mx2 MailScanner[28092]: Connected to SpamAssassin cache database

Jan  2 14:02:25 mx2 MailScanner[28092]: Enabling SpamAssassin auto-whitelist fun
ctionality...
Jan  2 14:02:28 mx2 MailScanner[28092]: lock.pl sees Config  LockType =  posix
Jan  2 14:02:28 mx2 MailScanner[28092]: lock.pl sees have_module =  0
Jan  2 14:02:28 mx2 MailScanner[28092]: Using locktype = posix
Jan  2 14:02:28 mx2 MailScanner[28092]: Creating hardcoded struct_flock subrouti
ne for linux (Linux-type)
Jan  2 14:02:28 mx2 MailScanner[28092]: New Batch: Scanning 5 messages, 90497 by
tes
Jan  2 14:02:28 mx2 MailScanner[28092]: Created attachment dirs for 5 messages
Jan  2 14:02:28 mx2 MailScanner[28092]: About to deliver 5 messages
Jan  2 14:02:28 mx2 MailScanner[28092]: Unscanned: Delivered 5 messages
Jan  2 14:02:28 mx2 MailScanner[28092]: Virus and Content Scanning: Starting
Jan  2 14:02:28 mx2 MailScanner[28092]: Commencing scanning by clamav...
Jan  2 14:02:36 mx2 MailScanner[28092]: Completed scanning by clamav
Jan  2 14:02:36 mx2 MailScanner[28092]: Completed checking by /usr/bin/file
Jan  2 14:02:36 mx2 MailScanner[28092]: MailScanner child dying of old age

Mailscanner version:
root@mx2:~# /opt/MailScanner/bin/MailScanner --version
Running on
Linux mx2 2.4.33.3 #21 Fri Sep 1 04:42:41 CDT 2006 i686 athlon-4 i386 GNU/Linux
This is Perl version 5.008008 (5.8.8)
This is MailScanner version 4.57.6

Any ideas??


Regards,

Kris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070102/5d103378/attachment.html
From ssilva at sgvwater.com  Tue Jan  2 17:12:33 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan  2 16:16:20 2007
Subject: {MailScanner: Spam} RE: McAfee and lack of detection
In-Reply-To: <Pine.LNX.4.64.0701010202360.14668@ebfjryy.nhfvpf.arg>
References: <sentsun31dec2006131318gmtbstajos1@sonicbadger.com>
	<Pine.LNX.4.64.0701010202360.14668@ebfjryy.nhfvpf.arg>
Message-ID: <ene09h$93h$2@sea.gmane.org>

Res spake the following on 12/31/2006 8:03 AM:
> On Sun, 31 Dec 2006, ajos1@onion.demon.co.uk wrote:
> 
>> -
>>
>> Eeek-a-rama!  I did not realise that it was all changing again. 
>> Thanks for giving the deadlines...
>>
>> Looks like I will have another mare trying to get the linux version. 
>> Hertfordshire County Council do not supply the Linux versions... as
>> they do not know what Linux is...
>>
> 
> 
> If you are going to [ay for a commercial scnaner you mightn as well get
> a good linux supported one, f-prot, you wont be disapoiunted
> 
I use McAfee only because it is included with our desktop licensing.
I hadn't noticed it earlier because most of what would be caught as viruses
seems to get dropped from the MTA blacklists. A large percentage of virus
detections are phishing stuff with clam.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Tue Jan  2 17:23:36 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan  2 16:24:57 2007
Subject: McAfee and lack of detection
In-Reply-To: <ene01p$93h$1@sea.gmane.org>
References: <en69u3$7h6$1@sea.gmane.org>
	<000001c72c43$6f84beb0$4e8e3c10$@com>	<000801c72c5d$fe5e6bd0$6689a8c0@di.unito.it>
	<ene01p$93h$1@sea.gmane.org>
Message-ID: <ene0u7$gin$1@sea.gmane.org>

Scott Silva spake the following on 1/2/2007 8:08 AM:
> Sergio Rabellino spake the following on 12/30/2006 2:00 PM:
>> I'm using mcafee on my solaris box as follow
>>
>> Scan engine v4.4.00 for Solaris.
>> Virus data file v4929 created Dec 29 2006
>> Scanning for 221898 viruses, trojans and variants.
>>
>> I'vent noticed any lack in detection for viruses.
>>
> Maybe the 5.1.00 engine has changed the output just slightly and MailScanner
> isn't picking it up. I might go back to the 4.4.00 engine on one box and see
> what happens.
> I think I will try a 30 day test of f-prot also.
> 
I just did a test with the latest round of "greeting card.exe" and McAfee
doesn't detect it still. I submitted a sample.
Even the old free BitDefender is getting this one. Shame on you McAfee!!!
I hope they are still hung over!


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From john at katy.com  Tue Jan  2 17:31:25 2007
From: john at katy.com (John Schmerold)
Date: Tue Jan  2 16:32:37 2007
Subject: Happy NW - Not
Message-ID: <459A88DD.4040400@katy.com>

What's everyone doing to get rid of the endless emails with Happy NW on 
the subject line?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: john.vcf
Type: text/x-vcard
Size: 241 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070102/cbddd06f/john.vcf
From keith at 12345678.org  Tue Jan  2 17:45:21 2007
From: keith at 12345678.org (keith)
Date: Tue Jan  2 16:46:41 2007
Subject: Rules for blocking in & out bound mail without address
Message-ID: <20070102163801.M77793@12345678.org>

Dear All,
 I have using MS 4.56.7-1 in CentOS 4, I read the google for while but still
can't find how to use MS rules to block or reject the in and out mail with the
sender or receipent address, because I found the mailq have over  6k to 7k
dead mail is such problem , I need to remove them manually, so I think the MS
can handle this job, who can ask to me how to do this.

Thank you .
Keith 
Regards

--

From ssilva at sgvwater.com  Tue Jan  2 17:46:13 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan  2 16:47:31 2007
Subject: McAfee and lack of detection
In-Reply-To: <ene0u7$gin$1@sea.gmane.org>
References: <en69u3$7h6$1@sea.gmane.org>	<000001c72c43$6f84beb0$4e8e3c10$@com>	<000801c72c5d$fe5e6bd0$6689a8c0@di.unito.it>	<ene01p$93h$1@sea.gmane.org>
	<ene0u7$gin$1@sea.gmane.org>
Message-ID: <ene28k$l1q$1@sea.gmane.org>

Scott Silva spake the following on 1/2/2007 8:23 AM:
> Scott Silva spake the following on 1/2/2007 8:08 AM:
>> Sergio Rabellino spake the following on 12/30/2006 2:00 PM:
>>> I'm using mcafee on my solaris box as follow
>>>
>>> Scan engine v4.4.00 for Solaris.
>>> Virus data file v4929 created Dec 29 2006
>>> Scanning for 221898 viruses, trojans and variants.
>>>
>>> I'vent noticed any lack in detection for viruses.
>>>
>> Maybe the 5.1.00 engine has changed the output just slightly and MailScanner
>> isn't picking it up. I might go back to the 4.4.00 engine on one box and see
>> what happens.
>> I think I will try a 30 day test of f-prot also.
>>
> I just did a test with the latest round of "greeting card.exe" and McAfee
> doesn't detect it still. I submitted a sample.
> Even the old free BitDefender is getting this one. Shame on you McAfee!!!
> I hope they are still hung over!
> 
> 
McAfee finally gets this with the 4930 dats. Detected on the 30th of December,
and just released the dats. Time to look elseware for virus protection.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From fabien.garziano at caliseo.com  Tue Jan  2 17:11:47 2007
From: fabien.garziano at caliseo.com (Fabien GARZIANO)
Date: Tue Jan  2 16:50:31 2007
Subject: Mailscanner and mailscanner-mrtg
Message-ID: <E93824E60464F54389679978BC3B20520E86F2@srv01.Caliseo.local>


First, happy new year to all of you. 

I got MailScanner v.4.53.8. and mailscanner-mrtg and both work well,
except i got some ugly output in my log file : 

Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: ERROR: Quarantine
Directory not specified in /etc/MailScanner/mailscanner-mrtg.conf -
Skipping quarantine
Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a
mountpoint for /var/spool.  Please set Spool Directory in
mailscanner-mrtg.conf to a valid mountpoint.  You can see a list of
mointpoints on your system by using the df command.
Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a
mountpoint for /var/spool/MailScanner/incoming.  Please set MailScanner
Work Directory in mailscanner-mrtg.conf to a valid mountpoint.  You can
see a list of mointpoints on your system by using the df command

I think this is more a mailscanner-mrtg issue, but I just hope some of
you are also using mailscanner-mrtg and already fixed this problem.

Thanks !
From martinh at solidstatelogic.com  Tue Jan  2 17:56:40 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan  2 16:57:57 2007
Subject: Rules for blocking in & out bound mail without address
In-Reply-To: <20070102163801.M77793@12345678.org>
Message-ID: <b4e9f57925ca1548952339833d2f0264@solidstatelogic.com>

Keith

You mean block email for invalid recipients??? This is best done at the
MTA level.. which MTA?

Or you mean spam from certain people? I'd suggest adding more rules to
Spamassassin (eg the SARE rules from www.rulesemporium.com).

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of keith
> Sent: 02 January 2007 16:45
> To: mailscanner@lists.mailscanner.info
> Subject: Rules for blocking in & out bound mail without address
>
> Dear All,
>  I have using MS 4.56.7-1 in CentOS 4, I read the google for while but
> still
> can't find how to use MS rules to block or reject the in and out mail
with
> the
> sender or receipent address, because I found the mailq have over  6k
to 7k
> dead mail is such problem , I need to remove them manually, so I think
the
> MS
> can handle this job, who can ask to me how to do this.
>
> Thank you .
> Keith
> Regards
>
> --
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From TGFurnish at herffjones.com  Tue Jan  2 18:02:51 2007
From: TGFurnish at herffjones.com (Furnish, Trever G)
Date: Tue Jan  2 17:04:33 2007
Subject: whitelist_to getting exploited
Message-ID: <57573D714A832C43B9D80EAFBDA48D0302BAC622@inex3.herffjones.hj-int>

Thanks for your comments, Glenn.  Some responses below.

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Glenn Steen
> Sent: Saturday, December 30, 2006 6:39 AM
> To: MailScanner discussion
> Subject: Re: whitelist_to getting exploited
> 
> Hi Trever,
> 
> Just a few odd comments below...
> 
> > > Of Ramprasad
> > > Sent: Friday, December 29, 2006 5:22 AM
> > > To: MailScanner discussion
> > > Subject: Re: whitelist_to getting exploited
> > >
> > > On Fri, 2006-12-29 at 19:34 +1000, Res wrote:
> > > > On Fri, 29 Dec 2006, Ramprasad wrote:
> > > But user-1 wants all mails including spam  , not others
> > >
> > > For eg If I want to allow abuse@mydomain to get all mail without 
> > > check someone sends a mail To:the_top_man@domain,abuse@domain
> > >
> > > Then this mail would bypass spam checks and reach 
> > > the_top_man@domain 
> > > Obviously this would be a concern to everyone , how are you folks 
> > > getting over this issue
> >
> > Mailscanner can't split one message into several and treat them 
> > differently based on recipient.  Doing so would risk queue filename 
> > conflicts.
 
> This should be possible to handle....:-).

Sure -- anything's possible.  And I suppose I never actually
read that this is the reason MS doesn't do the splitting --
I just assumed that's the reason.

> > There are some definite caveats to consider though:
> >         - you'll use more bandwidth, since you're
> >           delivering multiple copies of a message where
> >           before you only delivered one.  This may or may
> >           not be significant for you.
> 
> With gateway systems (which is a very common setup, after all, of
> MailScanner) this is generally not a concern, since you will 
> have a very much more capable LAN/"internal WAN" link than 
> "internet-facing" link.

Good point.  In my case it's only significant because the
'internal WAN' links are much smaller than the WAN link, AND
because we don't impose any size limit on incoming messages
(because we lack a suitable replacement mechanism to give
to users for receiving large files. :-( ).

> >         - you'll increase the number of rows in your
> >           mailwatch tables, if you're using mailwatch.
> >                 - However, mailwatch 1.x is 'broken' in that
> >                   it only records one recipient per message
> >                   anyway, so while you're increasing the load
> >                   a bit, you also may be saving yourself a
> >                   different headache later.
> 
> Both these are true, and if I understood how Steve intends to 
> handle these for multiple recipient mails in 2.0 (fixing the 
> broken behaviour of 1.x) the first point will continue to be 
> a real concern for sites with large amounts of messages... 
> Splitting will likely make it one of your jobs to keep on top 
> of daily. Sigh. One more ...:-). But if one has a low volume 
> setup, it doesn't matter that much.

In my case the mailwatch bug mentioned above was enough of a problem
that I had to either fix it myself or replace the whole system
(including mailscanner) with some other tool.  Management dictated 1.)
use of quarantine, 2.) allowing users to release their own messages, and
3.) total lack of authentication, unless it was tied into Active
Directory.  I took a cue from Steve's notes for 2.0 and created a
separate table for relating message IDs to message recipients, then
changed all of the queries on the pages that I was interested in so that
they use the new table for queries that need to list all messages to a
given recipient.  That also improves performance, since the new table is
a small fraction of the maillog table -- nightly reports were taking
many hours, but now they take only a few minutes.

However, that kind of change also "breaks" the reporting interface,
among other things, so I have two mailwatch installs -- one that is just
a stock 1.0 install for the most part, and one that is heavily modified
to present a very stripped down interface for individual users and to
use the new table for improved performance and accurate lists of the
messages to their addresses.

My needs might also be a lot different from everyone else's -- I need to
keep around ten days worth of messages in the database and have it be
responsive enough to let users browse around quickly and to generate
nightly reports in only a few minutes.  We get about 180k messages per
day, so that's almost two million messages in the database at all times.
And for the web interface, I needed the users to be able to see a very
stripped down version that shows only their own messages without any
authentication at all -- they get a link and a report in email each
morning and can only view their own quarantined messages.  No searching,
reporting, or authenticating.  The only "authentication" is receipt of
the URL via email -- if you received the nightly report, then you have a
URL that will let you into the online version of that report for viewing
and releasing individual messages.

The changes I made are pretty straightforward, but they're also very
specific to my company's needs, enough so that I don't believe they'd be
useful for anyone else.  And I wouldn't want to distract from mw2.0.
And I anticipate much personal pain at some point in the future when I
decide to try to port the functional changes over to a mw2.0 install.


> >         - you'll increase the number of log entries -- this
> >           is probably insignificant.
> Agreed.
> 
> >         - you'll increase the mailscanner processing load,
> >           since e.g. one message may become five messages.
> 
> The worst "hog" in MS is SA, and with the SpamAssassin result 
> cache feature on, you really take the sting out of this one. 
> True, you'll likely see a bit of load from AV scanners etc, 
> but SA should yield only the cache fingerprint "cost" and 
> nothing more.

Good point -- I hadn't considered that!

> > I used to split all inbound messages.  I wish I still 
> could, but in my 
> > case I started bumping against the limits of my hardware 
> and opted to 
> > gain some performance by turning off the splitting.
> 
> Do you by any chance run BDC still? It can "hurt" things 
> bad... Or do you have a lot of BLs in MS? That could well be 
> "hurtfull too, depending on what limit you encounter... Or 
> was it the MW bit you mention? Hopefully 2.0 will make a lot 
> of difference there:-)

Did you mean to write DCC, not "BDC"?  I'm not familiar with "BDC" in a
mailscanner context.  If you meant DCC, I don't run Pyzor or DCC.  I do
use Razor, but didn't have enough confidence in the others to use them.

I don't use BLs in MailScanner -- ideally those would be at the MTA
level, but I prefer to be able to weight different BLs differently, so I
only use most BLs at the SA level.  The only BL I currently use at the
MTA level is SBL+XBL (which has been nothing short of amazingly
effective).

Regarding MW contributing to the load, it was really only a heavy
resource user when I was browsing the web interface.  The changes I made
seem to have helped out tremendously there.

> Anyway, as said, just a few random comment from a mind 
> definitely still on holiday leave:-) Best Regards & Happy New Year!
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se

Thanks for your thoughts, and happy new year to you too!

--
Trever
From TGFurnish at herffjones.com  Tue Jan  2 18:09:00 2007
From: TGFurnish at herffjones.com (Furnish, Trever G)
Date: Tue Jan  2 17:10:48 2007
Subject: Happy NW - Not
Message-ID: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>

In my case bayes_99 is hitting most of them, but that's not enough to
catch on its own.  Still catching a lot of them though due to other
rules' contributions.

Here's a report from one that was caught:

X-HJ-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=10.249,
	required 5, BAYES_99 3.50, FORGED_RCVD_HELO 0.14,
	RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
	RAZOR2_CHECK 0.50, SARE_LWSHORTT 0.79, SARE_MLB_Stock1 1.66,
	SARE_MLB_Stock2 1.66)

Razor has started to hit on them too.  The ones that were missed at my
site didn't trip the SARE or Razor rules listed above, but that seems to
have stopped happening.  They're mostly being caught for me. 

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of John Schmerold
> Sent: Tuesday, January 02, 2007 11:31 AM
> To: MailScanner discussion
> Subject: Happy NW - Not
> 
> What's everyone doing to get rid of the endless emails with 
> Happy NW on the subject line?
> 
> 
From ssilva at sgvwater.com  Tue Jan  2 18:29:50 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan  2 17:31:09 2007
Subject: Happy NW - Not
In-Reply-To: <459A88DD.4040400@katy.com>
References: <459A88DD.4040400@katy.com>
Message-ID: <ene4qd$thi$1@sea.gmane.org>

John Schmerold spake the following on 1/2/2007 8:31 AM:
> What's everyone doing to get rid of the endless emails with Happy NW on the
> subject line?
> 
Not a problem here;

SpamAssassin Score:	17.18

3.50	BAYES_99	Bayesian spam probability is 99 to 100%
2.00	BOTNET	The submitting mail server looks like part of a Botnet
0.01	BOTNET_BADDNS	IP address doesn't have full circle DNS
0.01	BOTNET_CLIENT	Hostname looks like a client hostname
0.01	BOTNET_CLIENTWORDS	Hostname contains client-like substrings
0.01	BOTNET_IPINHOSTNAME	Hostname contains its own IP address
0.48	DATE_IN_PAST_03_06	Date: is 3 to 6 hours before Received: date
2.17	DCC_CHECK	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
2.50	DIGEST_MULTIPLE	Message hits more than one network digest check
1.00	FORGED_RCVD_HELO	Received: contains a forged HELO
1.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
1.50	RAZOR2_CF_RANGE_E4_51_100	Razor2 gives engine 4 confidence level above 50%
1.50	RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
1.00	RCVD_IN_UCE_PFSM_2	Received via a relay in UCE_PFSM_2

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ka at pacific.net  Tue Jan  2 18:34:05 2007
From: ka at pacific.net (Ken A)
Date: Tue Jan  2 17:32:10 2007
Subject: Happy NW - Not
In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>
Message-ID: <459A978D.3030505@pacific.net>


Some of this stuff is pretty short on content, and when it's from a 
fresh botnet, you pretty much have to write a quick rule to nail that 
particular spam.

body    LOCAL_STOCK_1_PHYA      /(PHYA)/
describe        LOCAL_STOCK_1_PHYA      (PHYA) stock spam
score   LOCAL_STOCK_1_PHYA      5.5

I add these type of rules frequently. :-\
And remove them when they stop hitting.

Ken A
Pacific.Net


Furnish, Trever G wrote:
> In my case bayes_99 is hitting most of them, but that's not enough to
> catch on its own.  Still catching a lot of them though due to other
> rules' contributions.
> 
> Here's a report from one that was caught:
> 
> X-HJ-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> score=10.249,
> 	required 5, BAYES_99 3.50, FORGED_RCVD_HELO 0.14,
> 	RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
> 	RAZOR2_CHECK 0.50, SARE_LWSHORTT 0.79, SARE_MLB_Stock1 1.66,
> 	SARE_MLB_Stock2 1.66)
> 
> Razor has started to hit on them too.  The ones that were missed at my
> site didn't trip the SARE or Razor rules listed above, but that seems to
> have stopped happening.  They're mostly being caught for me. 
> 
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info 
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
>> Of John Schmerold
>> Sent: Tuesday, January 02, 2007 11:31 AM
>> To: MailScanner discussion
>> Subject: Happy NW - Not
>>
>> What's everyone doing to get rid of the endless emails with 
>> Happy NW on the subject line?
>>
>>
From martinh at solidstatelogic.com  Tue Jan  2 18:40:23 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan  2 17:41:40 2007
Subject: Happy NW - Not
In-Reply-To: <459A978D.3030505@pacific.net>
Message-ID: <13ecb1230bafda4a9427016034020c1d@solidstatelogic.com>

My bayes and DCC,pyzor and razor2 are doing a good job on my system

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Ken A
> Sent: 02 January 2007 17:34
> To: MailScanner discussion
> Subject: Re: Happy NW - Not
>
>
> Some of this stuff is pretty short on content, and when it's from a
> fresh botnet, you pretty much have to write a quick rule to nail that
> particular spam.
>
> body    LOCAL_STOCK_1_PHYA      /(PHYA)/
> describe        LOCAL_STOCK_1_PHYA      (PHYA) stock spam
> score   LOCAL_STOCK_1_PHYA      5.5
>
> I add these type of rules frequently. :-\
> And remove them when they stop hitting.
>
> Ken A
> Pacific.Net
>
>
> Furnish, Trever G wrote:
> > In my case bayes_99 is hitting most of them, but that's not enough
to
> > catch on its own.  Still catching a lot of them though due to other
> > rules' contributions.
> >
> > Here's a report from one that was caught:
> >
> > X-HJ-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> > score=10.249,
> > 	required 5, BAYES_99 3.50, FORGED_RCVD_HELO 0.14,
> > 	RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
> > 	RAZOR2_CHECK 0.50, SARE_LWSHORTT 0.79, SARE_MLB_Stock1 1.66,
> > 	SARE_MLB_Stock2 1.66)
> >
> > Razor has started to hit on them too.  The ones that were missed at
my
> > site didn't trip the SARE or Razor rules listed above, but that
seems to
> > have stopped happening.  They're mostly being caught for me.
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> >> Of John Schmerold
> >> Sent: Tuesday, January 02, 2007 11:31 AM
> >> To: MailScanner discussion
> >> Subject: Happy NW - Not
> >>
> >> What's everyone doing to get rid of the endless emails with
> >> Happy NW on the subject line?
> >>
> >>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From ssilva at sgvwater.com  Tue Jan  2 18:52:48 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan  2 17:54:07 2007
Subject: Mailscanner and mailscanner-mrtg
In-Reply-To: <E93824E60464F54389679978BC3B20520E86F2@srv01.Caliseo.local>
References: <E93824E60464F54389679978BC3B20520E86F2@srv01.Caliseo.local>
Message-ID: <ene65j$435$1@sea.gmane.org>

Fabien GARZIANO spake the following on 1/2/2007 8:11 AM:
> First, happy new year to all of you. 
> 
> I got MailScanner v.4.53.8. and mailscanner-mrtg and both work well,
> except i got some ugly output in my log file : 
> 
> Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: ERROR: Quarantine
> Directory not specified in /etc/MailScanner/mailscanner-mrtg.conf -
> Skipping quarantine
> Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a
> mountpoint for /var/spool.  Please set Spool Directory in
> mailscanner-mrtg.conf to a valid mountpoint.  You can see a list of
> mointpoints on your system by using the df command.
> Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a
> mountpoint for /var/spool/MailScanner/incoming.  Please set MailScanner
> Work Directory in mailscanner-mrtg.conf to a valid mountpoint.  You can
> see a list of mointpoints on your system by using the df command
> 
> I think this is more a mailscanner-mrtg issue, but I just hope some of
> you are also using mailscanner-mrtg and already fixed this problem.
> 
> Thanks !
Edit your mailscanner-mrtg.conf file to fix everything mentioned in the
errors. It is telling you what it needs. It needs the actual mountpoint for
the filesystem they are in ( IE.. /var for /var/spool/MailScanner/incoming)


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From pete at pwdk.com  Tue Jan  2 19:44:21 2007
From: pete at pwdk.com (pete@pwdk.com)
Date: Tue Jan  2 18:45:39 2007
Subject: Zombies
In-Reply-To: <223f97700701020641s4f21898bn56c1368a2535072e@mail.gmail.com>
References: <459A5612.4040705@pwdk.com>
	<223f97700701020641s4f21898bn56c1368a2535072e@mail.gmail.com>
Message-ID: <459AA805.50200@pwdk.com>



Glenn Steen wrote:
> On 02/01/07, pete@pwdk.com <pete@pwdk.com> wrote:
>> Hi
>>
>> Happy New Year :-)
>>
>> I've just been looking at my process list and noticed quite a few
>> Zombies, 15 in total, 8 MailScann and 7 sh, the email system seems to be
>> working correctly as far as I can tell, so I'm not sure why I'm getting
>> these Zombies.
> 
> Q: What is a Zombie?
> A: A dead-process-placeholder, preventing (child) process ID reuse
> before the parent process has either noticed it being dead (by a wait
> call), or the parent being terminated itself.
> 
> A simple google (just google for "zombie processes") will give you
> several excellent explanations to this effect.
> A zombie takes no real system resources, nor "interracts" with teh
> system in any noticable way, apart from taking up a slot in the
> process list...
> 
>> Top output :-
>>
>> 2202 mailnull  20   0     0    0    0 Z    0  0.0   0:00.14 MailScann
>> 21103 nobody    23   0     0    0    0 Z    0  0.0   0:00.00 sh
>>
>>
>> Are these normal?
> Definitely, you have zobies all the time. If they "stick around", they
> _may_ be an indication of a problem, but more likely not.
> In this particular case, you can likely deduce that these are MS
> "helpers" that run things like AV scanners etc, and they should go
> away relatively swiftly (to be replaced with new ones). It depends a
> bit on what is happening, and the relative speed of your system etc.
> Look at your maillog, if you see SpamAssassin timeouts etc... then you
> really do have a problem to work with. But then the zombbies "sticking
> around" is just an indicator, not a real problem in and off itself.
> 
>> Should I be worried about them?
> Not really, no.
> 
>> Can anything be done about them?
> If you know which parent process (use ps;-), you _could_ kill that ...
> but that is _not_ recommended. As said, they should clear up by
> themselves (or rather by way of the parent:-).
> 
>> Am I loosing emails?
> Not due to that, no.
> But do check your logs carefully... If the zombies are due to
> extremely slow I/O (broken disk, network problem, whatever) you could
> be losing mails due to that specific fault;).
> 
>>
>> I'm running CentOS 4.4 with cPanel, and used the MailScanner Service
>> supplied by configserver.com
> There are a few on this list who do (I don't), so maybe they'll jump
> in with some pertinent advice:)
> 
> Cheers




*************************************
 >> Are these normal?
 > Definitely, you have zobies all the time. If they "stick around", they
 > _may_ be an indication of a problem, but more likely not.
 > In this particular case, you can likely deduce that these are MS
 > "helpers" that run things like AV scanners etc, and they should go
 > away relatively swiftly (to be replaced with new ones). It depends a
 > bit on what is happening, and the relative speed of your system etc.
 > Look at your maillog, if you see SpamAssassin timeouts etc... then you
 > really do have a problem to work with. But then the zombies "sticking
 > around" is just an indicator, not a real problem in and off itself.
*************************************


I've searched the maillog and these are the only error messages I've found.


There are several messages like this
**********************
Jan  2 05:00:07 woody MailScanner[3790]: MailScanner child caught a SIGHUP
**********************

At one minute past the hour messages like this

**********************
Jan  2 05:01:01 woody ClamAV-autoupdate[7595]: ClamAV update warning: 
ERROR: Problem with internal logger.

Jan  2 05:01:01 woody ClamAV-autoupdate[7595]: ClamAV update warning: 
ERROR: Can't open /tmp/ClamAV.update.log in append mode (check 
permissions!).

Jan  2 05:01:01 woody ClamAV-autoupdate[7595]: ClamAV updater failed
**********************


I then set the permissions on /tmp/ClamAV.update.log and waited to see 
what happened when the next ClamAv update occurred. Straight after the 
update I saw the following messages repeated several times.

*************************
MailScanner[7156]: ClamAV update of /usr/local/share/clamav/daily.cvd 
detected, resetting ClamAV Module

MailScanner[7156]: ClamAV virus database has been updated, killing this 
child

MailScanner[7156]: Config: calling custom end function MailWatchLogging

MailScanner[7156]: MailScanner child dying of old age
*************************


This seems to have cured the MailScann zombies hanging around problem, I 
still have 5 or 6 MailScann zombies but they don't hang around too long now.


I still have 7 "sh" constant PID Zombies, but they may well be another 
possibly unrelated issue, although I'm not sure what is causing those 
and why.

Pete



From campbell at cnpapers.com  Tue Jan  2 20:03:13 2007
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue Jan  2 19:04:38 2007
Subject: Happy NW - Not
In-Reply-To: <459A978D.3030505@pacific.net>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>
	<459A978D.3030505@pacific.net>
Message-ID: <1167764593.459aac7172fc0@perdition.cnpapers.net>

Quoting Ken A <ka@pacific.net>:

> 
> Some of this stuff is pretty short on content, and when it's from a 
> fresh botnet, you pretty much have to write a quick rule to nail that 
> particular spam.
> 
> body    LOCAL_STOCK_1_PHYA      /(PHYA)/
> describe        LOCAL_STOCK_1_PHYA      (PHYA) stock spam
> score   LOCAL_STOCK_1_PHYA      5.5
> 
> I add these type of rules frequently. :-\
> And remove them when they stop hitting.
> 
> Ken A
> Pacific.Net

I agree here with Ken, except I used

header rulename Subject =~ /Happy NW/i

line in my rules. I figured there might not be many false positives, and do the
same after it passes. I don't use Razor, or that other stuff. My machines are
pretty tight on cycles due to BitDefender and ClamAV. A simple reload makes it
effective right away.

Steve Campbell


> 
> 
> Furnish, Trever G wrote:
> > In my case bayes_99 is hitting most of them, but that's not enough to
> > catch on its own.  Still catching a lot of them though due to other
> > rules' contributions.
> > 
> > Here's a report from one that was caught:
> > 
> > X-HJ-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> > score=10.249,
> > 	required 5, BAYES_99 3.50, FORGED_RCVD_HELO 0.14,
> > 	RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
> > 	RAZOR2_CHECK 0.50, SARE_LWSHORTT 0.79, SARE_MLB_Stock1 1.66,
> > 	SARE_MLB_Stock2 1.66)
> > 
> > Razor has started to hit on them too.  The ones that were missed at my
> > site didn't trip the SARE or Razor rules listed above, but that seems to
> > have stopped happening.  They're mostly being caught for me. 
> > 
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info 
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> >> Of John Schmerold
> >> Sent: Tuesday, January 02, 2007 11:31 AM
> >> To: MailScanner discussion
> >> Subject: Happy NW - Not
> >>
> >> What's everyone doing to get rid of the endless emails with 
> >> Happy NW on the subject line?
> >>
> >>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
From ka at pacific.net  Tue Jan  2 20:19:14 2007
From: ka at pacific.net (Ken A)
Date: Tue Jan  2 19:17:16 2007
Subject: Happy NW - Not
In-Reply-To: <1167764593.459aac7172fc0@perdition.cnpapers.net>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>	<459A978D.3030505@pacific.net>
	<1167764593.459aac7172fc0@perdition.cnpapers.net>
Message-ID: <459AB032.3050702@pacific.net>



Steve Campbell wrote:
> Quoting Ken A <ka@pacific.net>:
> 
>> Some of this stuff is pretty short on content, and when it's from a 
>> fresh botnet, you pretty much have to write a quick rule to nail that 
>> particular spam.
>>
>> body    LOCAL_STOCK_1_PHYA      /(PHYA)/
>> describe        LOCAL_STOCK_1_PHYA      (PHYA) stock spam
>> score   LOCAL_STOCK_1_PHYA      5.5
>>
>> I add these type of rules frequently. :-\
>> And remove them when they stop hitting.
>>
>> Ken A
>> Pacific.Net
> 
> I agree here with Ken, except I used
> 
> header rulename Subject =~ /Happy NW/i
> 
> line in my rules. I figured there might not be many false positives, and do the
> same after it passes. I don't use Razor, or that other stuff. My machines are
> pretty tight on cycles due to BitDefender and ClamAV. A simple reload makes it
> effective right away.


I do use Razor and DCC, but I'm weary of FPs, too many DNS lookups, and 
new software in general, so I haven't tried the botnet plugin (yet!). 
One or two in a thousand tends to slip through without a specific rule, 
and I like to kill ALL spam. :-)

Oh, and Happy NW.. New Wear?.. I dunno.. are spammers really this dumb?

Ken A
Pacific.Net

> Steve Campbell
> 
> 
>>
>> Furnish, Trever G wrote:
>>> In my case bayes_99 is hitting most of them, but that's not enough to
>>> catch on its own.  Still catching a lot of them though due to other
>>> rules' contributions.
>>>
>>> Here's a report from one that was caught:
>>>
>>> X-HJ-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
>>> score=10.249,
>>> 	required 5, BAYES_99 3.50, FORGED_RCVD_HELO 0.14,
>>> 	RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
>>> 	RAZOR2_CHECK 0.50, SARE_LWSHORTT 0.79, SARE_MLB_Stock1 1.66,
>>> 	SARE_MLB_Stock2 1.66)
>>>
>>> Razor has started to hit on them too.  The ones that were missed at my
>>> site didn't trip the SARE or Razor rules listed above, but that seems to
>>> have stopped happening.  They're mostly being caught for me. 
>>>
>>>> -----Original Message-----
>>>> From: mailscanner-bounces@lists.mailscanner.info 
>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
>>>> Of John Schmerold
>>>> Sent: Tuesday, January 02, 2007 11:31 AM
>>>> To: MailScanner discussion
>>>> Subject: Happy NW - Not
>>>>
>>>> What's everyone doing to get rid of the endless emails with 
>>>> Happy NW on the subject line?
>>>>
>>>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
>>
> 
> 
> 
> 
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
From ssilva at sgvwater.com  Tue Jan  2 21:05:20 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan  2 20:06:45 2007
Subject: Happy NW - Not
In-Reply-To: <459AB032.3050702@pacific.net>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>	<459A978D.3030505@pacific.net>	<1167764593.459aac7172fc0@perdition.cnpapers.net>
	<459AB032.3050702@pacific.net>
Message-ID: <enedtv$vvv$1@sea.gmane.org>

Ken A spake the following on 1/2/2007 11:19 AM:
> 
> 
> Steve Campbell wrote:
>> Quoting Ken A <ka@pacific.net>:
>>
>>> Some of this stuff is pretty short on content, and when it's from a
>>> fresh botnet, you pretty much have to write a quick rule to nail that
>>> particular spam.
>>>
>>> body    LOCAL_STOCK_1_PHYA      /(PHYA)/
>>> describe        LOCAL_STOCK_1_PHYA      (PHYA) stock spam
>>> score   LOCAL_STOCK_1_PHYA      5.5
>>>
>>> I add these type of rules frequently. :-\
>>> And remove them when they stop hitting.
>>>
>>> Ken A
>>> Pacific.Net
>>
>> I agree here with Ken, except I used
>>
>> header rulename Subject =~ /Happy NW/i
>>
>> line in my rules. I figured there might not be many false positives,
>> and do the
>> same after it passes. I don't use Razor, or that other stuff. My
>> machines are
>> pretty tight on cycles due to BitDefender and ClamAV. A simple reload
>> makes it
>> effective right away.
> 
> 
> I do use Razor and DCC, but I'm weary of FPs, too many DNS lookups, and
> new software in general, so I haven't tried the botnet plugin (yet!).
> One or two in a thousand tends to slip through without a specific rule,
> and I like to kill ALL spam. :-)
> 
> Oh, and Happy NW.. New Wear?.. I dunno.. are spammers really this dumb?
> 
I wish they all were that stupid! Or is it an intentional typo?
A local caching nameserver can help with the lookups a lot, and doesn't add
that much overhead.
I have been testing the botnet plugin, but tweaked the score down a bit for a
while.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ananitya at prachanda.info  Tue Jan  2 22:12:29 2007
From: ananitya at prachanda.info (Ananitya)
Date: Tue Jan  2 21:19:50 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <7df6a2f8ba90414da1508d67dee33c94@solidstatelogic.com>
References: <7df6a2f8ba90414da1508d67dee33c94@solidstatelogic.com>
Message-ID: <200701030242.47495.Ananitya@prachanda.hub>

On Tuesday 02 January 2007 17:36, Martin.Hepworth wrote:
> When you say trying to access what exactly do you mean?
Hi,
I meant MailScanner process tries to access all directory under /var/* as 
audit log shows.
> Do you mean looking for email to scan in /var?? If so what is your
> "Incoming Queue Dir" in Mailscanner.conf

grep "Incoming Queue Dir" /etc/MailScanner/MailScanner.conf
#Incoming Queue Dir = /var/spool/mqueue.in
Incoming Queue Dir = /var/spool/postfix/hold

-- 
People respond to people who respond.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070103/79b69cb1/attachment.bin
From ananitya at prachanda.info  Tue Jan  2 22:22:19 2007
From: ananitya at prachanda.info (Ananitya)
Date: Tue Jan  2 21:23:47 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <Pine.LNX.4.64.0701021553440.14530@ebfjryy.nhfvpf.arg>
References: <200701020140.27684.Ananitya@prachanda.hub>
	<200701021118.35667.Ananitya@prachanda.hub>
	<Pine.LNX.4.64.0701021553440.14530@ebfjryy.nhfvpf.arg>
Message-ID: <200701030252.20452.Ananitya@prachanda.hub>

On Tuesday 02 January 2007 11:39, Res wrote:
> Does it really matter though? I don't use sel because it causes more
> dramas than what the damned things worth on production servers, if it
> accesses it, it does it for a reason :)
Well SEL does provides lots of security features and once policy been written 
carefully it works all transparently. Though it happened sometimes that 
enabling SEL does highlights some of the undesireable feature/bug of 
concerned software.
>
> But a quick look here with sendmail, mailscanner, spamassassin and f-prot
>
> stat64("/var/lock
> stat64("/var/spool/MailScanner
> stat64("/var/spool/mqueue
> connect(7, {sa_family=AF_FILE, path="/var/run/nscd/socket"}
> stat64("/var/lib/3.001007"
> stat64("/var/tmp"
>
> Nothing that shouldn't be there as far as I can see.

Yeah okay, maybe I would need to rewrite policies of all the helper apps 
{spamassassin, clamav, razor, dcc, postfix) along with MailScanner policy so 
they all can work together more peacefully.

Anyway thanks for reply.

-- 
Hello, GORRY-O!!  I'm a GENIUS from HARVARD!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070103/c04a3960/attachment.bin
From res at ausics.net  Tue Jan  2 23:48:28 2007
From: res at ausics.net (Res)
Date: Tue Jan  2 22:49:43 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <200701030252.20452.Ananitya@prachanda.hub>
References: <200701020140.27684.Ananitya@prachanda.hub>
	<200701021118.35667.Ananitya@prachanda.hub>
	<Pine.LNX.4.64.0701021553440.14530@ebfjryy.nhfvpf.arg>
	<200701030252.20452.Ananitya@prachanda.hub>
Message-ID: <Pine.LNX.4.64.0701030835520.20143@ebfjryy.nhfvpf.arg>

On Wed, 3 Jan 2007, Ananitya wrote:

>> stat64("/var/lock
>> stat64("/var/spool/MailScanner
>> stat64("/var/spool/mqueue
>> connect(7, {sa_family=AF_FILE, path="/var/run/nscd/socket"}
>> stat64("/var/lib/3.001007"
>> stat64("/var/tmp"
>>
>> Nothing that shouldn't be there as far as I can see.
>
> Yeah okay, maybe I would need to rewrite policies of all the helper apps
> {spamassassin, clamav, razor, dcc, postfix) along with MailScanner policy so
> they all can work together more peacefully.

Yup, maybe thats the answer, as it does not try access any other dir under 
var, not at least on these systems which are slackware so it's the tarball 
version, the RPM does its usual RPM thing and puts things all over the 
shop, I hate that, and have not used RPM since I decommisioned my last RH 
server a year ago (RH9 was solid and stable but a pain to keep patched 
since RH stopped 9 support years ago), tried Fedora server a few times, it 
was just not stable enough, but Fedora is not supposed to be stable, it 
supposed to be bleeding edge, and sometimes in servers it sure bleeds.

We use Fedora desktops and the first thing I do after an install is get 
rid of the red-hat-atised things that shouldn't be butchered by them, so I 
know where everything is, I mean if we were meant to have 4 packages to 
install EG clamav im sure the good folk at clamav would release it in 4 
pkgs and sendmail would release 3 pkgs :) anyway strayed way OT, so if you 
have this problem with RPM, let me know and I'll install it on one and 
see what it does.

> Anyway thanks for reply.

No problems, one thing though, you could try disable SA and its
user progs and see if the accesses reduce, unless someone else on list 
running postfix can do a check for you.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From ajos1 at onion.demon.co.uk  Wed Jan  3 00:28:40 2007
From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk)
Date: Wed Jan  3 00:30:38 2007
Subject: Mailscanner and mailscanner-mrtg
Message-ID: <sentwed03jan2007002840gmtbstajos1@sonicbadger.com>

--

I set both values to / and it seemed to work...

/etc/MailScanner/mailscanner-mrtg.conf
======================================

# The MailScanner work directory, often in tmpfs for those who are worried
# about performance.  Usually /var/spool/MailScanner/incoming.
# If this is not set to a mount point the graph will be blank
##### AJOS1 CHANGE #####
#x# MailScanner Work Directory = /var/spool/MailScanner/incoming
##### AJOS1 CHANGE #####
MailScanner Work Directory = /

# The spool directory
# If this is not set to a mount point the graph will be blank
##### AJOS1 CHANGE #####
#x# Spool Directory = /var/spool
##### AJOS1 CHANGE #####
Spool Directory = /


-----Original Message-----
From: MailScanner discussion <mailscanner@lists.mailscanner.info
Subj: Mailscanner and mailscanner-mrtg
Date: Tue, 2 Jan 2007 17:11:47 +0100


First, happy new year to all of you. 

I got MailScanner v.4.53.8. and mailscanner-mrtg and both work well,
except i got some ugly output in my log file : 

Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: ERROR: Quarantine
Directory not specified in /etc/MailScanner/mailscanner-mrtg.conf -
Skipping quarantine
Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a
mountpoint for /var/spool.  Please set Spool Directory in
mailscanner-mrtg.conf to a valid mountpoint.  You can see a list of
mointpoints on your system by using the df command.
Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a
mountpoint for /var/spool/MailScanner/incoming.  Please set MailScanner
Work Directory in mailscanner-mrtg.conf to a valid mountpoint.  You can
see a list of mointpoints on your system by using the df command

I think this is more a mailscanner-mrtg issue, but I just hope some of
you are also using mailscanner-mrtg and already fixed this problem.

Thanks !

==
=====================================================================
=
= "The council has asked residents with Christmas trees that are
=  unsuitable for use as maypoles to chop them up and put them in
=  recycling bins to be collected after the holiday."
=
=  Need help dealing with Parking Tickets, Bailiffs, Capita or NTL...
=  Call...    +44 8457 90 90 90    http://www.samaritans.org/
=
=====================================================================
From keith at 12345678.org  Wed Jan  3 02:15:33 2007
From: keith at 12345678.org (keith)
Date: Wed Jan  3 01:16:55 2007
Subject: Rules for blocking in & out bound mail without address
In-Reply-To: <b4e9f57925ca1548952339833d2f0264@solidstatelogic.com>
References: <20070102163801.M77793@12345678.org>
	<b4e9f57925ca1548952339833d2f0264@solidstatelogic.com>
Message-ID: <20070103011241.M80861@12345678.org>

Thank for your kindly suggestion, because I seen my server was receiving the
spam mail is no sender address, and some user pc was sending out a spam is
invalid receiptent address , so I think need to block it directly, when the MS
checked the mail is missing the sender or receiptent address, it will reject
and delete .

Happy new Year
Thanks

On Tue, 02 Jan 2007 16:56:40 +0000, Martin.Hepworth wrote
> Keith
> 
> You mean block email for invalid recipients??? This is best done at the
> MTA level.. which MTA?
> 
> Or you mean spam from certain people? I'd suggest adding more rules 
> to Spamassassin (eg the SARE rules from www.rulesemporium.com).
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of keith
> > Sent: 02 January 2007 16:45
> > To: mailscanner@lists.mailscanner.info
> > Subject: Rules for blocking in & out bound mail without address
> >
> > Dear All,
> >  I have using MS 4.56.7-1 in CentOS 4, I read the google for while but
> > still
> > can't find how to use MS rules to block or reject the in and out mail
> with
> > the
> > sender or receipent address, because I found the mailq have over  6k
> to 7k
> > dead mail is such problem , I need to remove them manually, so I think
> the
> > MS
> > can handle this job, who can ask to me how to do this.
> >
> > Thank you .
> > Keith
> > Regards
> >
> > --
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
> 
> **********************************************************************
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!


--

From markee at bandwidthco.com  Wed Jan  3 05:10:44 2007
From: markee at bandwidthco.com (markee)
Date: Wed Jan  3 04:07:36 2007
Subject: Mailscanner and mailscanner-mrtg
In-Reply-To: <E93824E60464F54389679978BC3B20520E86F2@srv01.Caliseo.local>
Message-ID: <006201c72eed$23c37f50$0300a8c0@bandwidthco.com>


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Fabien
GARZIANO
Sent: Tuesday, January 02, 2007 8:12 AM
To: MailScanner discussion
Subject: Mailscanner and mailscanner-mrtg


First, happy new year to all of you. 

I got MailScanner v.4.53.8. and mailscanner-mrtg and both work well, except
i got some ugly output in my log file : 

Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: ERROR: Quarantine Directory
not specified in /etc/MailScanner/mailscanner-mrtg.conf - Skipping
quarantine Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a
mountpoint for /var/spool.  Please set Spool Directory in
mailscanner-mrtg.conf to a valid mountpoint.  You can see a list of
mointpoints on your system by using the df command.
Jan  2 16:40:04 califw3 MailScanner-MRTG[25016]: Unable to find a mountpoint
for /var/spool/MailScanner/incoming.  Please set MailScanner Work Directory
in mailscanner-mrtg.conf to a valid mountpoint.  You can see a list of
mointpoints on your system by using the df command

I think this is more a mailscanner-mrtg issue, but I just hope some of you
are also using mailscanner-mrtg and already fixed this problem.

Thanks !
--

Set these parameters in your mailscanner-mrtg.conf file and all should be
fine:

MailScanner Work Directory = /var
Spool Directory = /var

It just wants the "mount point" to the root of the file system (/) which is
/var. If your /var/directory was on the same partitions as /, then you could
get away with listing the full directory path.



########################################################
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at Bandwidthco Computer Security is for your absolute protection.
########################################################

From taz at taz-mania.com  Wed Jan  3 05:59:03 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Wed Jan  3 05:01:06 2007
Subject: Happy NW - Not
In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>
Message-ID: <459B3817.30301@taz-mania.com>

All the ones I got were caught by ClamAV and quarantined... I got about 
700 in a 24 hour period.

Furnish, Trever G wrote:
> In my case bayes_99 is hitting most of them, but that's not enough to
> catch on its own.  Still catching a lot of them though due to other
> rules' contributions.
>
> Here's a report from one that was caught:
>
> X-HJ-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> score=10.249,
> 	required 5, BAYES_99 3.50, FORGED_RCVD_HELO 0.14,
> 	RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
> 	RAZOR2_CHECK 0.50, SARE_LWSHORTT 0.79, SARE_MLB_Stock1 1.66,
> 	SARE_MLB_Stock2 1.66)
>
> Razor has started to hit on them too.  The ones that were missed at my
> site didn't trip the SARE or Razor rules listed above, but that seems to
> have stopped happening.  They're mostly being caught for me. 
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info 
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
>> Of John Schmerold
>> Sent: Tuesday, January 02, 2007 11:31 AM
>> To: MailScanner discussion
>> Subject: Happy NW - Not
>>
>> What's everyone doing to get rid of the endless emails with 
>> Happy NW on the subject line?
>>
>>
>>     
From fabien.garziano at caliseo.com  Wed Jan  3 10:22:05 2007
From: fabien.garziano at caliseo.com (Fabien GARZIANO)
Date: Wed Jan  3 09:23:30 2007
Subject: Mailscanner and mailscanner-mrtg
Message-ID: <E93824E60464F54389679978BC3B20520E8713@srv01.Caliseo.local>


Thanks for the anwser. Actually, my spool and work dir are in /var which
is not on a dedicated partition. So I set to / and i don't get errors
anymore.


> Set these parameters in your mailscanner-mrtg.conf file and 
> all should be
> fine:
> 
> MailScanner Work Directory = /var
> Spool Directory = /var
> 
> It just wants the "mount point" to the root of the file 
> system (/) which is /var. If your /var/directory was on the 
> same partitions as /, then you could get away with listing 
> the full directory path.
From glenn.steen at gmail.com  Wed Jan  3 11:56:25 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan  3 10:57:36 2007
Subject: Zombies
In-Reply-To: <459AA805.50200@pwdk.com>
References: <459A5612.4040705@pwdk.com>
	<223f97700701020641s4f21898bn56c1368a2535072e@mail.gmail.com>
	<459AA805.50200@pwdk.com>
Message-ID: <223f97700701030256x36ef3257ubac524c664a318c7@mail.gmail.com>

On 02/01/07, pete@pwdk.com <pete@pwdk.com> wrote:
>
>
> Glenn Steen wrote:
(snippety-snip)
>
> *************************************
>  >> Are these normal?
>  > Definitely, you have zobies all the time. If they "stick around", they
>  > _may_ be an indication of a problem, but more likely not.
>  > In this particular case, you can likely deduce that these are MS
>  > "helpers" that run things like AV scanners etc, and they should go
>  > away relatively swiftly (to be replaced with new ones). It depends a
>  > bit on what is happening, and the relative speed of your system etc.
>  > Look at your maillog, if you see SpamAssassin timeouts etc... then you
>  > really do have a problem to work with. But then the zombies "sticking
>  > around" is just an indicator, not a real problem in and off itself.
> *************************************
>
>
> I've searched the maillog and these are the only error messages I've found.
>
>
> There are several messages like this
> **********************
> Jan  2 05:00:07 woody MailScanner[3790]: MailScanner child caught a SIGHUP
> **********************
>
> At one minute past the hour messages like this
>
> **********************
> Jan  2 05:01:01 woody ClamAV-autoupdate[7595]: ClamAV update warning:
> ERROR: Problem with internal logger.
>
> Jan  2 05:01:01 woody ClamAV-autoupdate[7595]: ClamAV update warning:
> ERROR: Can't open /tmp/ClamAV.update.log in append mode (check
> permissions!).
>
> Jan  2 05:01:01 woody ClamAV-autoupdate[7595]: ClamAV updater failed
> **********************
>
>
> I then set the permissions on /tmp/ClamAV.update.log and waited to see
> what happened when the next ClamAv update occurred. Straight after the
> update I saw the following messages repeated several times.
>
> *************************
> MailScanner[7156]: ClamAV update of /usr/local/share/clamav/daily.cvd
> detected, resetting ClamAV Module
>
> MailScanner[7156]: ClamAV virus database has been updated, killing this
> child
>
> MailScanner[7156]: Config: calling custom end function MailWatchLogging
>
> MailScanner[7156]: MailScanner child dying of old age
> *************************
>
>
> This seems to have cured the MailScann zombies hanging around problem, I
> still have 5 or 6 MailScann zombies but they don't hang around too long now.

Excellent, so there really was a problem that was rather easy to find
and fix:-). Good.

> I still have 7 "sh" constant PID Zombies, but they may well be another
> possibly unrelated issue, although I'm not sure what is causing those
> and why.
>
> Pete

What is the parent process of these? Is it the same PIDs all the time,
or are they different over a few minutes? Can be a starting point at
least...
As I'm sure you've read up on this, you know by now that both flakey
HW and drivers can cause excessive zombies to "stick around" virtually
forever, so don't limit yourself only to the maillog... Look through
syslog and/or messages too.
And if HW/drivers are the "root cause", then you might need reboot to
clear them. Not that you really likely _need_ clear them, you can
probably just rest assured that the next scheduled reboot will make
them go away (if they really are "stuck forever").

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From kte at nexis.be  Wed Jan  3 12:25:39 2007
From: kte at nexis.be (kte@nexis.be)
Date: Wed Jan  3 11:26:51 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <Pine.LNX.4.64.0701030835520.20143@ebfjryy.nhfvpf.arg>
Message-ID: <OF46717EA8.57821050-ONC1257258.003EB5B8-C1257258.003F13AF@nexis.be>

yust use CentOS a RHEL clone where you can use yum to patch your OS

Koen




Res <res@ausics.net> 
Sent by: mailscanner-bounces@lists.mailscanner.info
02/01/2007 23:48
Please respond to
MailScanner discussion <mailscanner@lists.mailscanner.info>


To
MailScanner discussion <mailscanner@lists.mailscanner.info>
cc

Subject
Re: MailScanner trying to access all directories under /var/*






On Wed, 3 Jan 2007, Ananitya wrote:

>> stat64("/var/lock
>> stat64("/var/spool/MailScanner
>> stat64("/var/spool/mqueue
>> connect(7, {sa_family=AF_FILE, path="/var/run/nscd/socket"}
>> stat64("/var/lib/3.001007"
>> stat64("/var/tmp"
>>
>> Nothing that shouldn't be there as far as I can see.
>
> Yeah okay, maybe I would need to rewrite policies of all the helper apps
> {spamassassin, clamav, razor, dcc, postfix) along with MailScanner 
policy so
> they all can work together more peacefully.

Yup, maybe thats the answer, as it does not try access any other dir under 

var, not at least on these systems which are slackware so it's the tarball 

version, the RPM does its usual RPM thing and puts things all over the 
shop, I hate that, and have not used RPM since I decommisioned my last RH 
server a year ago (RH9 was solid and stable but a pain to keep patched 
since RH stopped 9 support years ago), tried Fedora server a few times, it 

was just not stable enough, but Fedora is not supposed to be stable, it 
supposed to be bleeding edge, and sometimes in servers it sure bleeds.

We use Fedora desktops and the first thing I do after an install is get 
rid of the red-hat-atised things that shouldn't be butchered by them, so I 

know where everything is, I mean if we were meant to have 4 packages to 
install EG clamav im sure the good folk at clamav would release it in 4 
pkgs and sendmail would release 3 pkgs :) anyway strayed way OT, so if you 

have this problem with RPM, let me know and I'll install it on one and 
see what it does.

> Anyway thanks for reply.

No problems, one thing though, you could try disable SA and its
user progs and see if the accesses reduce, unless someone else on list 
running postfix can do a check for you.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070103/10f70c2b/attachment.html
From glenn.steen at gmail.com  Wed Jan  3 12:58:53 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan  3 12:00:06 2007
Subject: whitelist_to getting exploited
In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0302BAC622@inex3.herffjones.hj-int>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC622@inex3.herffjones.hj-int>
Message-ID: <223f97700701030358h1fdaf445pf05264e442a3f9a3@mail.gmail.com>

On 02/01/07, Furnish, Trever G <TGFurnish@herffjones.com> wrote:
> Thanks for your comments, Glenn.  Some responses below.
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info
> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> > Of Glenn Steen
> > Sent: Saturday, December 30, 2006 6:39 AM
> > To: MailScanner discussion
> > Subject: Re: whitelist_to getting exploited
> >
> > Hi Trever,
> >
> > Just a few odd comments below...
> >
> > > > Of Ramprasad
> > > > Sent: Friday, December 29, 2006 5:22 AM
> > > > To: MailScanner discussion
> > > > Subject: Re: whitelist_to getting exploited
> > > >
> > > > On Fri, 2006-12-29 at 19:34 +1000, Res wrote:
> > > > > On Fri, 29 Dec 2006, Ramprasad wrote:
> > > > But user-1 wants all mails including spam  , not others
> > > >
> > > > For eg If I want to allow abuse@mydomain to get all mail without
> > > > check someone sends a mail To:the_top_man@domain,abuse@domain
> > > >
> > > > Then this mail would bypass spam checks and reach
> > > > the_top_man@domain
> > > > Obviously this would be a concern to everyone , how are you folks
> > > > getting over this issue
> > >
> > > Mailscanner can't split one message into several and treat them
> > > differently based on recipient.  Doing so would risk queue filename
> > > conflicts.
>
> > This should be possible to handle....:-).
>
> Sure -- anything's possible.  And I suppose I never actually
> read that this is the reason MS doesn't do the splitting --
> I just assumed that's the reason.

I think teh reasoning is more to the tune of "why reinvent the wheel
when there is a perfectly good spare in the trunk":-). Meaning the
MTAs are good at this, so let them do it.

> > > There are some definite caveats to consider though:
> > >         - you'll use more bandwidth, since you're
> > >           delivering multiple copies of a message where
> > >           before you only delivered one.  This may or may
> > >           not be significant for you.
> >
> > With gateway systems (which is a very common setup, after all, of
> > MailScanner) this is generally not a concern, since you will
> > have a very much more capable LAN/"internal WAN" link than
> > "internet-facing" link.
>
> Good point.  In my case it's only significant because the
> 'internal WAN' links are much smaller than the WAN link, AND
> because we don't impose any size limit on incoming messages
> (because we lack a suitable replacement mechanism to give
> to users for receiving large files. :-( ).
>
Ah. That sounds like an ... awkward situation. See your point.

> > >         - you'll increase the number of rows in your
> > >           mailwatch tables, if you're using mailwatch.
> > >                 - However, mailwatch 1.x is 'broken' in that
> > >                   it only records one recipient per message
> > >                   anyway, so while you're increasing the load
> > >                   a bit, you also may be saving yourself a
> > >                   different headache later.
> >
> > Both these are true, and if I understood how Steve intends to
> > handle these for multiple recipient mails in 2.0 (fixing the
> > broken behaviour of 1.x) the first point will continue to be
> > a real concern for sites with large amounts of messages...
> > Splitting will likely make it one of your jobs to keep on top
> > of daily. Sigh. One more ...:-). But if one has a low volume
> > setup, it doesn't matter that much.
>
> In my case the mailwatch bug mentioned above was enough of a problem
> that I had to either fix it myself or replace the whole system
> (including mailscanner) with some other tool.  Management dictated 1.)
> use of quarantine, 2.) allowing users to release their own messages, and
> 3.) total lack of authentication, unless it was tied into Active
> Directory.  I took a cue from Steve's notes for 2.0 and created a
> separate table for relating message IDs to message recipients, then
> changed all of the queries on the pages that I was interested in so that
> they use the new table for queries that need to list all messages to a
> given recipient.  That also improves performance, since the new table is
> a small fraction of the maillog table -- nightly reports were taking
> many hours, but now they take only a few minutes.
>
> However, that kind of change also "breaks" the reporting interface,
> among other things, so I have two mailwatch installs -- one that is just
> a stock 1.0 install for the most part, and one that is heavily modified
> to present a very stripped down interface for individual users and to
> use the new table for improved performance and accurate lists of the
> messages to their addresses.
>
> My needs might also be a lot different from everyone else's -- I need to
> keep around ten days worth of messages in the database and have it be
> responsive enough to let users browse around quickly and to generate
> nightly reports in only a few minutes.  We get about 180k messages per
> day, so that's almost two million messages in the database at all times.
> And for the web interface, I needed the users to be able to see a very
> stripped down version that shows only their own messages without any
> authentication at all -- they get a link and a report in email each
> morning and can only view their own quarantined messages.  No searching,
> reporting, or authenticating.  The only "authentication" is receipt of
> the URL via email -- if you received the nightly report, then you have a
> URL that will let you into the online version of that report for viewing
> and releasing individual messages.
>
> The changes I made are pretty straightforward, but they're also very
> specific to my company's needs, enough so that I don't believe they'd be
> useful for anyone else.  And I wouldn't want to distract from mw2.0.
> And I anticipate much personal pain at some point in the future when I
> decide to try to port the functional changes over to a mw2.0 install.
>
You did look at the patches for integrating AD authentication into
1.0, I suppose?
Sounds like you'll have your work cut out for you, come 2.0:-).

> > >         - you'll increase the number of log entries -- this
> > >           is probably insignificant.
> > Agreed.
> >
> > >         - you'll increase the mailscanner processing load,
> > >           since e.g. one message may become five messages.
> >
> > The worst "hog" in MS is SA, and with the SpamAssassin result
> > cache feature on, you really take the sting out of this one.
> > True, you'll likely see a bit of load from AV scanners etc,
> > but SA should yield only the cache fingerprint "cost" and
> > nothing more.
>
> Good point -- I hadn't considered that!
>
> > > I used to split all inbound messages.  I wish I still
> > could, but in my
> > > case I started bumping against the limits of my hardware
> > and opted to
> > > gain some performance by turning off the splitting.
> >
> > Do you by any chance run BDC still? It can "hurt" things
> > bad... Or do you have a lot of BLs in MS? That could well be
> > "hurtfull too, depending on what limit you encounter... Or
> > was it the MW bit you mention? Hopefully 2.0 will make a lot
> > of difference there:-)
>
> Did you mean to write DCC, not "BDC"?  I'm not familiar with "BDC" in a
> mailscanner context.  If you meant DCC, I don't run Pyzor or DCC.  I do
> use Razor, but didn't have enough confidence in the others to use them.

BDC == BitDefender Commandline AV scanner... Is a bit of a CPU hog,
one that you don't want to have to fork/exec excessively (and
splitting would perhaps do that, at least when you have 180k
messages/day). On small setups like mine, you can well live with it
though (depending on HW, of course:).

> I don't use BLs in MailScanner -- ideally those would be at the MTA
> level, but I prefer to be able to weight different BLs differently, so I
> only use most BLs at the SA level.  The only BL I currently use at the
> MTA level is SBL+XBL (which has been nothing short of amazingly
> effective).

Same here... Mostly due to equally draconian policies, it seems, or
perhaps one should spell that "PHB":-D.

> Regarding MW contributing to the load, it was really only a heavy
> resource user when I was browsing the web interface.  The changes I made
> seem to have helped out tremendously there.

Hopefully Steves 2.0 will do the same for the rest of us. The
intentions declared surely point that way at least:).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From daniel at danielf.ch  Wed Jan  3 13:15:19 2007
From: daniel at danielf.ch (Daniel Fuhrer)
Date: Wed Jan  3 12:19:51 2007
Subject: Process old Mails
Message-ID: <96EF3FB3C374A64187CCB0D0DA716F242106@idefix.danielf.local>

Hi all
I have Mailscanner running on a freebsd 5.3 box. 
This morning I had a lot of mails in the directory /var/spool/mqueue.in
So I moved this directory to a other name, recreatet the Directory and restarted Mailscanner. Now everything is running fine. My question is: how can i start process the old files in the old mqueue.in? I tried to copy just file by file to the new directory. But mailscanner doesent process this mail.
 
Thanks for your answer.
 
Cheers Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070103/497db16d/attachment.html
From glenn.steen at gmail.com  Wed Jan  3 13:44:23 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan  3 12:45:34 2007
Subject: Happy NW - Not
In-Reply-To: <459B3817.30301@taz-mania.com>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>
	<459B3817.30301@taz-mania.com>
Message-ID: <223f97700701030444r63d588a2xc6faeba3a3e3f2f2@mail.gmail.com>

On 03/01/07, Dennis Willson <taz@taz-mania.com> wrote:
> All the ones I got were caught by ClamAV and quarantined... I got about
> 700 in a 24 hour period.
>
> Furnish, Trever G wrote:
> > In my case bayes_99 is hitting most of them, but that's not enough to
> > catch on its own.  Still catching a lot of them though due to other
> > rules' contributions.
> >
> > Here's a report from one that was caught:
> >
> > X-HJ-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> > score=10.249,
> >       required 5, BAYES_99 3.50, FORGED_RCVD_HELO 0.14,
> >       RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
> >       RAZOR2_CHECK 0.50, SARE_LWSHORTT 0.79, SARE_MLB_Stock1 1.66,
> >       SARE_MLB_Stock2 1.66)
> >
> > Razor has started to hit on them too.  The ones that were missed at my
> > site didn't trip the SARE or Razor rules listed above, but that seems to
> > have stopped happening.  They're mostly being caught for me.
> >
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> >> Of John Schmerold
> >> Sent: Tuesday, January 02, 2007 11:31 AM
> >> To: MailScanner discussion
> >> Subject: Happy NW - Not
> >>
> >> What's everyone doing to get rid of the endless emails with
> >> Happy NW on the subject line?
> >>
> >>
> >>
Since the 28:th (when these started up here) I've received 1082
messages with one (1) false negative. The rest got picked up by the
digests (Razor, Pyzor and DCC) and Bayes.
The FN was caused by only Bayes triggering... But the frwequency is
low enough that I'll not bother with a custom rule for it:-).
As usual, I expect a lot more to have been dropped at the MTA due to
RFC violations, but since I drop them... I can't really say for
sure:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mailscanner at lists.com.ar  Wed Jan  3 13:56:09 2007
From: mailscanner at lists.com.ar (Leonardo Helman)
Date: Wed Jan  3 12:58:02 2007
Subject: whitelist_to getting exploited
In-Reply-To: <223f97700701030358h1fdaf445pf05264e442a3f9a3@mail.gmail.com>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC622@inex3.herffjones.hj-int>
	<223f97700701030358h1fdaf445pf05264e442a3f9a3@mail.gmail.com>
Message-ID: <20070103125609.GB7617@pert.com.ar>

On Wed, Jan 03, 2007 at 12:58:31PM +0100, Glenn Steen wrote:
> On 02/01/07, Furnish, Trever G <TGFurnish@herffjones.com> wrote:
> >Thanks for your comments, Glenn.  Some responses below.
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> >> Of Glenn Steen
> >> Sent: Saturday, December 30, 2006 6:39 AM
> >> To: MailScanner discussion
> >> Subject: Re: whitelist_to getting exploited
> >>
> >> Hi Trever,
> >>
> >> Just a few odd comments below...
> >>
> >> > > Of Ramprasad
> >> > > Sent: Friday, December 29, 2006 5:22 AM
> >> > > To: MailScanner discussion
> >> > > Subject: Re: whitelist_to getting exploited
> >> > >
> >> > > On Fri, 2006-12-29 at 19:34 +1000, Res wrote:
> >> > > > On Fri, 29 Dec 2006, Ramprasad wrote:
> >> > > But user-1 wants all mails including spam  , not others
> >> > >
> >> > > For eg If I want to allow abuse@mydomain to get all mail without
> >> > > check someone sends a mail To:the_top_man@domain,abuse@domain
> >> > >
> >> > > Then this mail would bypass spam checks and reach
> >> > > the_top_man@domain
> >> > > Obviously this would be a concern to everyone , how are you folks
> >> > > getting over this issue
> >> >
> >> > Mailscanner can't split one message into several and treat them
> >> > differently based on recipient.  Doing so would risk queue filename
> >> > conflicts.
> >
> >> This should be possible to handle....:-).
> >
> 

I am splitting the message letting equal choices in antivirus
scanning and antispam scanning to be kept together

We don't have filename conflicts in zmailer (the name of the file
is the inode numbers)
I don't know how to apply (if it could be applied) to other MTAs


This is my patch (I'm using zmailer, and doesn't mind if there
are a few messages more)
The patch worked a very long time ago, maybe there where modifications
over there, so I don't know if it can be applied as is or if
you have to tweak it a little.

The idea is, you have a custom function choosing what the recipients
wants to do with their mails (if they wan't AV/AS)
For example
Virus Scanning = &DBI_AVCheck( "/path/to/avasconfig/file.conf" )
Spam Checks = &DBI_ASCheck( "/path/to/avasconfig/file.conf" )
Split Message Function List = DBI_AVCheck,DBI_ASCheck

If the custom function is analyzed in array context it returns an array with
1/0 for each rcpt "Spam Checks"

Then that array is used for splitting the mail (Split Message Function List)

But if the custom function is analyzed in scalar context, it returns
if the first recipient wants "Spam Checks" or no (1/0)





diff -Naur MailScanner-4.54.1.auth/lib/MailScanner/ConfigDefs.pl MailScanner-4.54.1/lib/MailScanner/ConfigDefs.pl
--- MailScanner-4.54.1.auth/lib/MailScanner/ConfigDefs.pl	Thu May 11 15:05:36 2006
+++ MailScanner-4.54.1/lib/MailScanner/ConfigDefs.pl	Thu May 11 16:59:17 2006
@@ -179,6 +179,7 @@
 spamstarscharacter		= spamscorecharacter
 spamstarsheader			= spamscoreheader
 spamwhitelist			= isdefinitelynotspam
+splitfunctions			= splitmessagefunctionlist
 storedcontentmessage		= storedbadcontentmessagereport
 storedfilenamemessage		= storedbadfilenamemessagereport
 storedvirusmessage		= storedvirusmessagereport
@@ -483,6 +484,7 @@
 MCPSubjectText			{Restricted?}
 SpamSubjectText			{SPAM?}
 SpamStarsHeader			X-MailScanner-SpamScore:
+SplitFunctions		
 MCPHeader			X-MailScanner-MCPCheck:
 IdHeader			X-MailScanner-Id:
 UnscannedHeader			Not scanned: please contact your Internet E-Mail Service Provider for details
diff -Naur MailScanner-4.54.1.auth/lib/MailScanner/Message.pm MailScanner-4.54.1/lib/MailScanner/Message.pm
--- MailScanner-4.54.1.auth/lib/MailScanner/Message.pm	Thu May 11 15:05:36 2006
+++ MailScanner-4.54.1/lib/MailScanner/Message.pm	Thu May 11 16:59:17 2006
@@ -244,12 +244,69 @@
 
   bless $this, $type;
 
+  if( $this->SplitMail($this) ) {
+    return undef;
+  }
+
   # PERT-BBY: generate msids (uniq ids)
   $this->msids;
 
   return $this;
 }
 
+# Split mail with the "Split Message Function List parameter"
+sub SplitMail {
+  my( $this )=@_;
+  my @partsarray=();
+  if( MailScanner::Config::Value('splitfunctions') ) {
+    for my $funcname (split(/\s*,\s*/,MailScanner::Config::Value('splitfunctions'))){
+      if ($funcname) {
+        $funcname = 'MailScanner::CustomConfig::' . $funcname;
+        no strict 'refs';
+        push @partsarray, [ &$funcname($this) ];
+        use strict 'refs';
+        #return $result;
+      }
+    }
+    # A: Here we have ( [ 1 1 0 1 0 ] [ 1 1 1 0 0 ] ... ), one per splitfunction
+    # A: We want to join the users who can be processed together
+    if( (my @splitted=$this->PartsArray2To( @partsarray )) > 1 ) {
+      $this->{store}->WriteSplittedByDestination( $this, @splitted );
+      return 1;
+    }
+  }
+  return 0;
+}
+
+## Toma un array de arrays anonimos de 1 y 0. Una linea por cada 
+# pregunta (tiene antivirus?, antispan?), y un 0 o un 1 para cada
+# "To" que haya en el mail, y devuelve una array de arrays anonimos
+# con grupos de "To"s, en los que hay que cortar el mail con la
+# funcion WriteSplittedByDestination
+# El algoritmo de separacion de los mails es el siguiente:
+# Dado el array:
+# ([a_11 a_12 ... a_1in] [a_21 a_22... a_2in] [a_jn1 a_jn2 ...a_jnin])
+# Hago las sumatorias de a_j para cada i
+# Y en base a eso, separo los mails en:
+# a) Todos los que dan jn  (toda la columna en 1)
+# b) Todos los que dan 0
+# c) Todos los demas por separado
+sub PartsArray2To {
+  my( $this, @partsarray )=@_;
+
+  my %distintos=();
+  my $iN=0;
+  map({$iN=@$_ if(@$_ > $iN );} @partsarray);
+  for( my $i=0; $i<$iN;$i++) {
+    my $key="";
+    for( my $j=0; $j<@partsarray;$j++) {
+      $key.= $partsarray[$j][$i] . "X";
+    }
+    push @{$distintos{$key}}, $this->{to}[$i];
+  }
+
+  return values(%distintos);
+}
 
 # Take an email address. Return (user, domain).
 sub address2userdomain {
diff -Naur MailScanner-4.54.1.auth/lib/MailScanner/ZMDiskStore.pm MailScanner-4.54.1/lib/MailScanner/ZMDiskStore.pm
--- MailScanner-4.54.1.auth/lib/MailScanner/ZMDiskStore.pm	Wed May 10 13:59:40 2006
+++ MailScanner-4.54.1/lib/MailScanner/ZMDiskStore.pm	Thu May 11 16:59:17 2006
@@ -250,6 +250,68 @@
   MailScanner::Log::InfoLog("ZM: message %s renamed into %s",$message->{id},$message->{newid});
 }
 
+# Write n messges in the inqueue, filtering destination address
+# @destination_list is a list of references to lists
+# If there are n elements in @destination_list, it will
+# make n new archives, and delete the original one
+# Performance tip: Call this function only if there are
+# multiple types of destinations
+sub WriteSplittedByDestination {
+	my($this, $message, @destination_list) = @_;
+
+	my($tfile, $Tf);
+
+	my @original_metadata= @{$message->{metadata}};
+	my $archive_number=1;
+	for my $array_destination (@destination_list) {
+		# Borro todos los mails que estan en todos 
+		my @borrar=map({@$_} @destination_list);
+		for my $to (@$array_destination) {
+			@borrar= grep( {$_ ne $to} @borrar);
+		}
+		
+		$message->{metadata}=[@original_metadata];
+		for my $to (@borrar) {
+			$global::MS->{mta}->DeleteRecipients($message,$to);
+		}
+		$tfile = $this->{dir} . '/' . $this->{tname} . "-" . $archive_number++;
+
+		umask 0077; # Add this to try to stop 0666 qf files
+		$Tf = new FileHandle;
+		MailScanner::Lock::openlock($Tf, ">$tfile", "w")
+			or MailScanner::Log::DieLog("Cannot create + lock clean tempfile %s, %s",
+																	$tfile, $!);
+
+		# Esto no sirve por que WriteEntireMessage, escribe desde el env-end
+		# y CreateQf,  escribe \n \n al final
+		#$global::MS->{mta}->AddHeadersToQf($message);
+		#MailScanner::Sendmail::CreateQf($message))
+
+		unless( grep( /^env-end$|^env-eof$/i, @{$message->{metadata}} ) ) {
+			push @{$message->{metadata}}, 'env-end';
+		}
+		$Tf->print( join("\n", @{$message->{metadata}}) . "\n" )
+					or MailScanner::Log::DieLog("Failed to write headers for unscanned " .
+																			"message %s, %s", $message->{id}, $!);
+
+		$this->WriteEntireMessage( $message, $Tf );
+
+		MailScanner::Lock::unlockclose($Tf);
+
+		my $newid = MailScanner::Sendmail::HDOutFileName($tfile);
+		my $hdoutfile=$tfile;
+		$message->{newid} = $newid;
+		$hdoutfile =~ s/[^\/]+$/$newid/;
+		#print STDERR "tfile = $tfile and hdoutfile = $hdoutfile\n";
+		rename "$tfile", "$hdoutfile"
+							or MailScanner::Log::DieLog("Cannot split clean %s to %s, %s",
+																					$tfile, $hdoutfile, $!);
+		MailScanner::Log::InfoLog("ZM: message %s splitted into %s",$message->{id},$message->{newid});
+	}
+	$this->DeleteUnlock();
+
+}
+
 
 # Return the size of the message (Header+body)
 #REVISO LEOH




-------------- next part --------------
diff -Naur MailScanner-4.54.1.auth/lib/MailScanner/ConfigDefs.pl MailScanner-4.54.1/lib/MailScanner/ConfigDefs.pl
--- MailScanner-4.54.1.auth/lib/MailScanner/ConfigDefs.pl	Thu May 11 15:05:36 2006
+++ MailScanner-4.54.1/lib/MailScanner/ConfigDefs.pl	Thu May 11 16:59:17 2006
@@ -179,6 +179,7 @@
 spamstarscharacter		= spamscorecharacter
 spamstarsheader			= spamscoreheader
 spamwhitelist			= isdefinitelynotspam
+splitfunctions			= splitmessagefunctionlist
 storedcontentmessage		= storedbadcontentmessagereport
 storedfilenamemessage		= storedbadfilenamemessagereport
 storedvirusmessage		= storedvirusmessagereport
@@ -483,6 +484,7 @@
 MCPSubjectText			{Restricted?}
 SpamSubjectText			{SPAM?}
 SpamStarsHeader			X-MailScanner-SpamScore:
+SplitFunctions		
 MCPHeader			X-MailScanner-MCPCheck:
 IdHeader			X-MailScanner-Id:
 UnscannedHeader			Not scanned: please contact your Internet E-Mail Service Provider for details
diff -Naur MailScanner-4.54.1.auth/lib/MailScanner/Message.pm MailScanner-4.54.1/lib/MailScanner/Message.pm
--- MailScanner-4.54.1.auth/lib/MailScanner/Message.pm	Thu May 11 15:05:36 2006
+++ MailScanner-4.54.1/lib/MailScanner/Message.pm	Thu May 11 16:59:17 2006
@@ -244,12 +244,69 @@
 
   bless $this, $type;
 
+  if( $this->SplitMail($this) ) {
+    return undef;
+  }
+
   # PERT-BBY: generate msids (uniq ids)
   $this->msids;
 
   return $this;
 }
 
+# Split mail with the "Split Message Function List parameter"
+sub SplitMail {
+  my( $this )=@_;
+  my @partsarray=();
+  if( MailScanner::Config::Value('splitfunctions') ) {
+    for my $funcname (split(/\s*,\s*/,MailScanner::Config::Value('splitfunctions'))){
+      if ($funcname) {
+        $funcname = 'MailScanner::CustomConfig::' . $funcname;
+        no strict 'refs';
+        push @partsarray, [ &$funcname($this) ];
+        use strict 'refs';
+        #return $result;
+      }
+    }
+    # A: Here we have ( [ 1 1 0 1 0 ] [ 1 1 1 0 0 ] ... ), one per splitfunction
+    # A: We want to join the users who can be processed together
+    if( (my @splitted=$this->PartsArray2To( @partsarray )) > 1 ) {
+      $this->{store}->WriteSplittedByDestination( $this, @splitted );
+      return 1;
+    }
+  }
+  return 0;
+}
+
+## Toma un array de arrays anonimos de 1 y 0. Una linea por cada 
+# pregunta (tiene antivirus?, antispan?), y un 0 o un 1 para cada
+# "To" que haya en el mail, y devuelve una array de arrays anonimos
+# con grupos de "To"s, en los que hay que cortar el mail con la
+# funcion WriteSplittedByDestination
+# El algoritmo de separacion de los mails es el siguiente:
+# Dado el array:
+# ([a_11 a_12 ... a_1in] [a_21 a_22... a_2in] [a_jn1 a_jn2 ...a_jnin])
+# Hago las sumatorias de a_j para cada i
+# Y en base a eso, separo los mails en:
+# a) Todos los que dan jn  (toda la columna en 1)
+# b) Todos los que dan 0
+# c) Todos los demas por separado
+sub PartsArray2To {
+  my( $this, @partsarray )=@_;
+
+  my %distintos=();
+  my $iN=0;
+  map({$iN=@$_ if(@$_ > $iN );} @partsarray);
+  for( my $i=0; $i<$iN;$i++) {
+    my $key="";
+    for( my $j=0; $j<@partsarray;$j++) {
+      $key.= $partsarray[$j][$i] . "X";
+    }
+    push @{$distintos{$key}}, $this->{to}[$i];
+  }
+
+  return values(%distintos);
+}
 
 # Take an email address. Return (user, domain).
 sub address2userdomain {
diff -Naur MailScanner-4.54.1.auth/lib/MailScanner/ZMDiskStore.pm MailScanner-4.54.1/lib/MailScanner/ZMDiskStore.pm
--- MailScanner-4.54.1.auth/lib/MailScanner/ZMDiskStore.pm	Wed May 10 13:59:40 2006
+++ MailScanner-4.54.1/lib/MailScanner/ZMDiskStore.pm	Thu May 11 16:59:17 2006
@@ -250,6 +250,68 @@
   MailScanner::Log::InfoLog("ZM: message %s renamed into %s",$message->{id},$message->{newid});
 }
 
+# Write n messges in the inqueue, filtering destination address
+# @destination_list is a list of references to lists
+# If there are n elements in @destination_list, it will
+# make n new archives, and delete the original one
+# Performance tip: Call this function only if there are
+# multiple types of destinations
+sub WriteSplittedByDestination {
+	my($this, $message, @destination_list) = @_;
+
+	my($tfile, $Tf);
+
+	my @original_metadata= @{$message->{metadata}};
+	my $archive_number=1;
+	for my $array_destination (@destination_list) {
+		# Borro todos los mails que estan en todos 
+		my @borrar=map({@$_} @destination_list);
+		for my $to (@$array_destination) {
+			@borrar= grep( {$_ ne $to} @borrar);
+		}
+		
+		$message->{metadata}=[@original_metadata];
+		for my $to (@borrar) {
+			$global::MS->{mta}->DeleteRecipients($message,$to);
+		}
+		$tfile = $this->{dir} . '/' . $this->{tname} . "-" . $archive_number++;
+
+		umask 0077; # Add this to try to stop 0666 qf files
+		$Tf = new FileHandle;
+		MailScanner::Lock::openlock($Tf, ">$tfile", "w")
+			or MailScanner::Log::DieLog("Cannot create + lock clean tempfile %s, %s",
+																	$tfile, $!);
+
+		# Esto no sirve por que WriteEntireMessage, escribe desde el env-end
+		# y CreateQf,  escribe \n \n al final
+		#$global::MS->{mta}->AddHeadersToQf($message);
+		#MailScanner::Sendmail::CreateQf($message))
+
+		unless( grep( /^env-end$|^env-eof$/i, @{$message->{metadata}} ) ) {
+			push @{$message->{metadata}}, 'env-end';
+		}
+		$Tf->print( join("\n", @{$message->{metadata}}) . "\n" )
+					or MailScanner::Log::DieLog("Failed to write headers for unscanned " .
+																			"message %s, %s", $message->{id}, $!);
+
+		$this->WriteEntireMessage( $message, $Tf );
+
+		MailScanner::Lock::unlockclose($Tf);
+
+		my $newid = MailScanner::Sendmail::HDOutFileName($tfile);
+		my $hdoutfile=$tfile;
+		$message->{newid} = $newid;
+		$hdoutfile =~ s/[^\/]+$/$newid/;
+		#print STDERR "tfile = $tfile and hdoutfile = $hdoutfile\n";
+		rename "$tfile", "$hdoutfile"
+							or MailScanner::Log::DieLog("Cannot split clean %s to %s, %s",
+																					$tfile, $hdoutfile, $!);
+		MailScanner::Log::InfoLog("ZM: message %s splitted into %s",$message->{id},$message->{newid});
+	}
+	$this->DeleteUnlock();
+
+}
+
 
 # Return the size of the message (Header+body)
 #REVISO LEOH
From glenn.steen at gmail.com  Wed Jan  3 14:49:41 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan  3 13:50:53 2007
Subject: Process old Mails
In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F242106@idefix.danielf.local>
References: <96EF3FB3C374A64187CCB0D0DA716F242106@idefix.danielf.local>
Message-ID: <223f97700701030549i3cf56e0eu77a056eb1423a052@mail.gmail.com>

On 03/01/07, Daniel Fuhrer <daniel@danielf.ch> wrote:
>
> Hi all
> I have Mailscanner running on a freebsd 5.3 box.
> This morning I had a lot of mails in the directory /var/spool/mqueue.in
> So I moved this directory to a other name, recreatet the Directory and
> restarted Mailscanner. Now everything is running fine. My question is: how
> can i start process the old files in the old mqueue.in? I tried to copy just
> file by file to the new directory. But mailscanner doesent process this
> mail.
>
> Thanks for your answer.
>
> Cheers Daniel
Sounds like Sendmail to me... Not my MTA of choice, but ... Did you
copy both the df and the qf file over to the new directory?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From daniel.maher at ubisoft.com  Wed Jan  3 16:35:29 2007
From: daniel.maher at ubisoft.com (Daniel Maher)
Date: Wed Jan  3 15:36:43 2007
Subject: "Virus Scanning" ruleset being ignored?
Message-ID: <1E293D3FF63A3740B10AD5AAD88535D203F163D9@UBIMAIL1.ubisoft.org>

Hello all,

 

I am attempting to set up a very simple ruleset for the "Virus Scanning" directive.  In this ruleset, there is one From address for which virus scanning is disabled, followed by a default of yes.  I then pointed the directive in MailScanner.conf to the path and filename of the ruleset.  Unfortunately, the ruleset is apparently being ignored.

 

MailScanner.conf:

...

Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules

...

 

virus.scanning.rules:

From:       somebody@somewhere.org        no

From:       default                       yes

 

Mail from "somebody@somewhere.org" will still be scanned for viruses, however.  Following this attempt, I decided to see if the following simple ruleset would have any effect:

FromOrTo:   default                       no

 

This was also ignored, as all mail was still scanned.  The only way that I could manage any effect whatsoever was to set the following in MailScanner.conf:

Virus Scanning = no

 

This did exactly what it's supposed to do - though it's hardly the solution I'm looking for. :P

 

The permissions on path and filename for the ruleset are fine; in fact, I'm using another ruleset for a different directive already, in the same format (and it works properly).  Any ideas on why the new one doesn't appear to have any effect would be greatly appreciated.  Thank you!

 

--

  _
 ?v?  Daniel Maher
/(_)\ Administrateur Syst?me Unix
 ^ ^  Unix System Administrator

 

SMASH '5' FOR VICTORY!

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070103/07b0f485/attachment.html
From martinh at solidstatelogic.com  Wed Jan  3 16:42:08 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan  3 15:43:46 2007
Subject: "Virus Scanning" ruleset being ignored?
In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D203F163D9@UBIMAIL1.ubisoft.org>
Message-ID: <93577539ec1aa245a9a44e1eb908e7b7@solidstatelogic.com>

Daniel

Depends on the actual envelope-from in the email not the 'From:' line

Check on the Post MailScanner email. There should be a
X-MailScanner-From: header line

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> Sent: 03 January 2007 15:35
> To: MailScanner discussion
> Subject: "Virus Scanning" ruleset being ignored?
>
> Hello all,
>
>
>
> I am attempting to set up a very simple ruleset for the "Virus
Scanning"
> directive.  In this ruleset, there is one From address for which virus
> scanning is disabled, followed by a default of yes.  I then pointed
the
> directive in MailScanner.conf to the path and filename of the ruleset.
> Unfortunately, the ruleset is apparently being ignored.
>
>
>
> MailScanner.conf:
>
> ...
>
> Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules
>
> ...
>
>
>
> virus.scanning.rules:
>
> From:       somebody@somewhere.org        no
>
> From:       default                       yes
>
>
>
> Mail from "somebody@somewhere.org" will still be scanned for viruses,
> however.  Following this attempt, I decided to see if the following
simple
> ruleset would have any effect:
>
> FromOrTo:   default                       no
>
>
>
> This was also ignored, as all mail was still scanned.  The only way
that I
> could manage any effect whatsoever was to set the following in
> MailScanner.conf:
>
> Virus Scanning = no
>
>
>
> This did exactly what it's supposed to do - though it's hardly the
> solution I'm looking for. :P
>
>
>
> The permissions on path and filename for the ruleset are fine; in
fact,
> I'm using another ruleset for a different directive already, in the
same
> format (and it works properly).  Any ideas on why the new one doesn't
> appear to have any effect would be greatly appreciated.  Thank you!
>
>
>
> --
>
>   _
>  ?v?  Daniel Maher
> /(_)\ Administrateur Syst?me Unix
>  ^ ^  Unix System Administrator
>
>
>
> SMASH '5' FOR VICTORY!
>
>





**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From ssilva at sgvwater.com  Wed Jan  3 17:10:49 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan  3 16:12:17 2007
Subject: Happy NW - Not
In-Reply-To: <459B3817.30301@taz-mania.com>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC623@inex3.herffjones.hj-int>
	<459B3817.30301@taz-mania.com>
Message-ID: <engki8$3a7$1@sea.gmane.org>

Dennis Willson spake the following on 1/2/2007 8:59 PM:
> All the ones I got were caught by ClamAV and quarantined... I got about
> 700 in a 24 hour period.
> 
Are you sure clam fired on these? It was a stock spam, not a virus or a
phishing attempt.
-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From daniel.maher at ubisoft.com  Wed Jan  3 17:38:14 2007
From: daniel.maher at ubisoft.com (Daniel Maher)
Date: Wed Jan  3 16:39:27 2007
Subject: "Virus Scanning" ruleset being ignored?
In-Reply-To: <93577539ec1aa245a9a44e1eb908e7b7@solidstatelogic.com>
Message-ID: <1E293D3FF63A3740B10AD5AAD88535D203F164E8@UBIMAIL1.ubisoft.org>

Thanks for the reply,

I agree with your statement; however, that does not explain why files are still scanned for viruses if the ruleset is:
FromOrTo:   default                       no

Interestingly enough, with that set, the I see this in the logs when the email is processed by MailScanner:
Jan  3 11:25:41 ad-postfix MailScanner[28089]: Virus and Content Scanning: Starting
Jan  3 11:25:44 ad-postfix MailScanner[28089]: /var/spool/MailScanner/incoming/28089/./C62F81A65DB.211F7/eicar_com.zip: Eicar-Test-Signature FOUND
Jan  3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: ClamAV found 1 infections
Jan  3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: Found 1 viruses
Jan  3 11:25:44 ad-postfix MailScanner[28089]: Filename Checks: Allowing C62F81A65DB.211F7 eicar_com.zip

However, in the headers for the email once it has been received, I see this:
X-Ubisoft-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details

So what's the deal?  Is it being scanned, or isn't it?  The output from MailScanner appears to be suggesting both. :P

--
  _
 ?v?  Daniel Maher
/(_)\ Administrateur Syst?me Unix
 ^ ^  Unix System Administrator
 
SMASH '5' FOR VICTORY!

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth
> Sent: January 3, 2007 10:42 AM
> To: MailScanner discussion
> Subject: RE: "Virus Scanning" ruleset being ignored?
> 
> Daniel
> 
> Depends on the actual envelope-from in the email not the 'From:' line
> 
> Check on the Post MailScanner email. There should be a
> X-MailScanner-From: header line
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> > Sent: 03 January 2007 15:35
> > To: MailScanner discussion
> > Subject: "Virus Scanning" ruleset being ignored?
> >
> > Hello all,
> >
> >
> >
> > I am attempting to set up a very simple ruleset for the "Virus
> Scanning"
> > directive.  In this ruleset, there is one From address for which virus
> > scanning is disabled, followed by a default of yes.  I then pointed
> the
> > directive in MailScanner.conf to the path and filename of the ruleset.
> > Unfortunately, the ruleset is apparently being ignored.
> >
> >
> >
> > MailScanner.conf:
> >
> > ...
> >
> > Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules
> >
> > ...
> >
> >
> >
> > virus.scanning.rules:
> >
> > From:       somebody@somewhere.org        no
> >
> > From:       default                       yes
> >
> >
> >
> > Mail from "somebody@somewhere.org" will still be scanned for viruses,
> > however.  Following this attempt, I decided to see if the following
> simple
> > ruleset would have any effect:
> >
> > FromOrTo:   default                       no
> >
> >
> >
> > This was also ignored, as all mail was still scanned.  The only way
> that I
> > could manage any effect whatsoever was to set the following in
> > MailScanner.conf:
> >
> > Virus Scanning = no
> >
> >
> >
> > This did exactly what it's supposed to do - though it's hardly the
> > solution I'm looking for. :P
> >
> >
> >
> > The permissions on path and filename for the ruleset are fine; in
> fact,
> > I'm using another ruleset for a different directive already, in the
> same
> > format (and it works properly).  Any ideas on why the new one doesn't
> > appear to have any effect would be greatly appreciated.  Thank you!
> >
> >
> >
> > --
> >
> >   _
> >  ?v?  Daniel Maher
> > /(_)\ Administrateur Syst?me Unix
> >  ^ ^  Unix System Administrator
> >
> >
> >
> > SMASH '5' FOR VICTORY!
> >
> >
> 
> 
> 
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From martinh at solidstatelogic.com  Wed Jan  3 17:49:03 2007
From: martinh at solidstatelogic.com (martinh@solidstatelogic.com)
Date: Wed Jan  3 16:50:31 2007
Subject: "Virus Scanning" ruleset being ignored?
In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D203F164E8@UBIMAIL1.ubisoft.org>
Message-ID: <5a25805bc674464e9d3b501449a7e753@solidstatelogic.com>

Daniel

I'd run this in debug mode....looks like somethings going wrong
somewhere....!


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> Sent: 03 January 2007 16:38
> To: MailScanner discussion
> Subject: RE: "Virus Scanning" ruleset being ignored?
>
> Thanks for the reply,
>
> I agree with your statement; however, that does not explain why files
are
> still scanned for viruses if the ruleset is:
> FromOrTo:   default                       no
>
> Interestingly enough, with that set, the I see this in the logs when
the
> email is processed by MailScanner:
> Jan  3 11:25:41 ad-postfix MailScanner[28089]: Virus and Content
Scanning:
> Starting
> Jan  3 11:25:44 ad-postfix MailScanner[28089]:
>
/var/spool/MailScanner/incoming/28089/./C62F81A65DB.211F7/eicar_com.zip:
> Eicar-Test-Signature FOUND
> Jan  3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: ClamAV
> found 1 infections
> Jan  3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: Found 1
> viruses
> Jan  3 11:25:44 ad-postfix MailScanner[28089]: Filename Checks:
Allowing
> C62F81A65DB.211F7 eicar_com.zip
>
> However, in the headers for the email once it has been received, I see
> this:
> X-Ubisoft-MailScanner: Not scanned: please contact your Internet
E-Mail
> Service Provider for details
>
> So what's the deal?  Is it being scanned, or isn't it?  The output
from
> MailScanner appears to be suggesting both. :P
>
> --
>   _
>  ?v?  Daniel Maher
> /(_)\ Administrateur Syst?me Unix
>  ^ ^  Unix System Administrator
>
> SMASH '5' FOR VICTORY!
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth
> > Sent: January 3, 2007 10:42 AM
> > To: MailScanner discussion
> > Subject: RE: "Virus Scanning" ruleset being ignored?
> >
> > Daniel
> >
> > Depends on the actual envelope-from in the email not the 'From:'
line
> >
> > Check on the Post MailScanner email. There should be a
> > X-MailScanner-From: header line
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > > bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> > > Sent: 03 January 2007 15:35
> > > To: MailScanner discussion
> > > Subject: "Virus Scanning" ruleset being ignored?
> > >
> > > Hello all,
> > >
> > >
> > >
> > > I am attempting to set up a very simple ruleset for the "Virus
> > Scanning"
> > > directive.  In this ruleset, there is one From address for which
virus
> > > scanning is disabled, followed by a default of yes.  I then
pointed
> > the
> > > directive in MailScanner.conf to the path and filename of the
ruleset.
> > > Unfortunately, the ruleset is apparently being ignored.
> > >
> > >
> > >
> > > MailScanner.conf:
> > >
> > > ...
> > >
> > > Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules
> > >
> > > ...
> > >
> > >
> > >
> > > virus.scanning.rules:
> > >
> > > From:       somebody@somewhere.org        no
> > >
> > > From:       default                       yes
> > >
> > >
> > >
> > > Mail from "somebody@somewhere.org" will still be scanned for
viruses,
> > > however.  Following this attempt, I decided to see if the
following
> > simple
> > > ruleset would have any effect:
> > >
> > > FromOrTo:   default                       no
> > >
> > >
> > >
> > > This was also ignored, as all mail was still scanned.  The only
way
> > that I
> > > could manage any effect whatsoever was to set the following in
> > > MailScanner.conf:
> > >
> > > Virus Scanning = no
> > >
> > >
> > >
> > > This did exactly what it's supposed to do - though it's hardly the
> > > solution I'm looking for. :P
> > >
> > >
> > >
> > > The permissions on path and filename for the ruleset are fine; in
> > fact,
> > > I'm using another ruleset for a different directive already, in
the
> > same
> > > format (and it works properly).  Any ideas on why the new one
doesn't
> > > appear to have any effect would be greatly appreciated.  Thank
you!
> > >
> > >
> > >
> > > --
> > >
> > >   _
> > >  ?v?  Daniel Maher
> > > /(_)\ Administrateur Syst?me Unix
> > >  ^ ^  Unix System Administrator
> > >
> > >
> > >
> > > SMASH '5' FOR VICTORY!
> > >
> > >
> >
> >
> >
> >
> >
> >
**********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> >
**********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From mailscanner at aha4adsl.nl  Wed Jan  3 18:01:51 2007
From: mailscanner at aha4adsl.nl (mailscanner@aha4adsl.nl)
Date: Wed Jan  3 17:03:02 2007
Subject: FW: IP country block possible?
Message-ID: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>

Hello Developers,

Although MailScanner is doing a good job on our servers the number of false
passes are rather high.

We mainly have Dutch and Belgium contacts and therefore want to block
non-Dutch IP-ranges.

There are several databases, like IP2location, available to find out from
which country/network the email is coming from.

1) Is there a way to implement these functions in MailScanner and/or
SpamAssassin? We find the current blacklist possibilities rather limited
(the ip2location database has 60000 records like:
"62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
"62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
"62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")


2) an other option is to run your own blacklist server but in combination
with a mysql/php/perl database. Is there any documentation at that point?

3) can it be implemented in MailScanner directly?
With options like
Countries Allow = NL BE US
Countries Blocked = JP TW

We had scanned the lists.mailscanner.info but could not find any related
topics.

With kind regards,

Ron Groen 


From michele at blacknight.ie  Wed Jan  3 18:13:43 2007
From: michele at blacknight.ie (Michele Neylon :: Blacknight)
Date: Wed Jan  3 17:13:03 2007
Subject: IP country block possible?
In-Reply-To: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
Message-ID: <05a401c72f5a$856db4b0$e3f31151@blacknight.local>

mailscanner@aha4adsl.nl wrote:
> Hello Developers,
> 
> Although MailScanner is doing a good job on our servers the number of
> false passes are rather high. 
> 
> We mainly have Dutch and Belgium contacts and therefore want to block
> non-Dutch IP-ranges. 

That sounds mental. I can understand blocking or restricting Korea etc., but
what about the rest of us?

What about AOL? Gmail? Yahoo?

This list!!


You might also want to review what you are using at present.. If you
implemented greylisting, greet pause etc., you'd probably see a lot of crap
being stopped


> 
> There are several databases, like IP2location, available to find out
> from which country/network the email is coming from. 

Read this:

http://www.mneylon.com/blog/archives/2005/01/15/geo-specific-scoring/

You can block at the SMTP level completely if you wish.. It's not that hard
:)

> 
> 1) Is there a way to implement these functions in MailScanner and/or
> SpamAssassin? We find the current blacklist possibilities rather
> limited (the ip2location database has 60000 records like:
> "62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
> "62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
> "62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
> 
> 
> 2) an other option is to run your own blacklist server but in
> combination with a mysql/php/perl database. Is there any
> documentation at that point?  


Yes, but not here. There's info over on sourceforge and elsewhere if you go
poking

> 
> 3) can it be implemented in MailScanner directly?
> With options like
> Countries Allow = NL BE US
> Countries Blocked = JP TW

No.


> 
> We had scanned the lists.mailscanner.info but could not find any
> related topics. 
> 
> With kind regards,
> 
> Ron Groen



Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.ie/
http://blog.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

From strydom.dave at gmail.com  Wed Jan  3 18:16:49 2007
From: strydom.dave at gmail.com (Dave Strydom)
Date: Wed Jan  3 17:18:02 2007
Subject: IP country block possible?
In-Reply-To: <05a401c72f5a$856db4b0$e3f31151@blacknight.local>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
	<05a401c72f5a$856db4b0$e3f31151@blacknight.local>
Message-ID: <fc38b710701030916v7d42aa93u465d5f0ca7f3eb3b@mail.gmail.com>

Take a look at the IPTables GEOIP patch, this will work a lot more
effective than trying to implement it into MailScanner.

Dave

On 1/3/07, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
> mailscanner@aha4adsl.nl wrote:
> > Hello Developers,
> >
> > Although MailScanner is doing a good job on our servers the number of
> > false passes are rather high.
> >
> > We mainly have Dutch and Belgium contacts and therefore want to block
> > non-Dutch IP-ranges.
>
> That sounds mental. I can understand blocking or restricting Korea etc., but
> what about the rest of us?
>
> What about AOL? Gmail? Yahoo?
>
> This list!!
>
>
> You might also want to review what you are using at present.. If you
> implemented greylisting, greet pause etc., you'd probably see a lot of crap
> being stopped
>
>
> >
> > There are several databases, like IP2location, available to find out
> > from which country/network the email is coming from.
>
> Read this:
>
> http://www.mneylon.com/blog/archives/2005/01/15/geo-specific-scoring/
>
> You can block at the SMTP level completely if you wish.. It's not that hard
> :)
>
> >
> > 1) Is there a way to implement these functions in MailScanner and/or
> > SpamAssassin? We find the current blacklist possibilities rather
> > limited (the ip2location database has 60000 records like:
> > "62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
> > "62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
> > "62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
> >
> >
> > 2) an other option is to run your own blacklist server but in
> > combination with a mysql/php/perl database. Is there any
> > documentation at that point?
>
>
> Yes, but not here. There's info over on sourceforge and elsewhere if you go
> poking
>
> >
> > 3) can it be implemented in MailScanner directly?
> > With options like
> > Countries Allow = NL BE US
> > Countries Blocked = JP TW
>
> No.
>
>
> >
> > We had scanned the lists.mailscanner.info but could not find any
> > related topics.
> >
> > With kind regards,
> >
> > Ron Groen
>
>
>
> Mr Michele Neylon
> Blacknight Solutions
> Hosting & Colocation, Brand Protection
> http://www.blacknight.ie/
> http://blog.blacknight.ie/
> Tel. 1850 927 280
> Intl. +353 (0) 59  9183072
> UK: 0870 163 0607
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 59  9164239
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From ahodges at phenom-networks.com  Wed Jan  3 18:19:30 2007
From: ahodges at phenom-networks.com (Andrew Hodges)
Date: Wed Jan  3 17:20:45 2007
Subject: "Virus Scanning" ruleset being ignored?
In-Reply-To: <5a25805bc674464e9d3b501449a7e753@solidstatelogic.com>
Message-ID: <3C7811E23EFFC14C8B76E79FEA50EC83DC1F@hodges01.hodges.local>

I think I read somewhere that it will still physically scan the item, it just ignores the virus if it meets a scanning rule that states no...

Believe it is easier to scan all and change what you do with infections than look at scanning only cetain items.

Andy Hodges  

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of martinh@solidstatelogic.com
Sent: 03 January 2007 16:49
To: MailScanner discussion
Subject: RE: "Virus Scanning" ruleset being ignored?

Daniel

I'd run this in debug mode....looks like somethings going wrong somewhere....!


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- 
> bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> Sent: 03 January 2007 16:38
> To: MailScanner discussion
> Subject: RE: "Virus Scanning" ruleset being ignored?
>
> Thanks for the reply,
>
> I agree with your statement; however, that does not explain why files
are
> still scanned for viruses if the ruleset is:
> FromOrTo:   default                       no
>
> Interestingly enough, with that set, the I see this in the logs when
the
> email is processed by MailScanner:
> Jan  3 11:25:41 ad-postfix MailScanner[28089]: Virus and Content
Scanning:
> Starting
> Jan  3 11:25:44 ad-postfix MailScanner[28089]:
>
/var/spool/MailScanner/incoming/28089/./C62F81A65DB.211F7/eicar_com.zip:
> Eicar-Test-Signature FOUND
> Jan  3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: ClamAV 
> found 1 infections Jan  3 11:25:44 ad-postfix MailScanner[28089]: 
> Virus Scanning: Found 1 viruses Jan  3 11:25:44 ad-postfix 
> MailScanner[28089]: Filename Checks:
Allowing
> C62F81A65DB.211F7 eicar_com.zip
>
> However, in the headers for the email once it has been received, I see
> this:
> X-Ubisoft-MailScanner: Not scanned: please contact your Internet
E-Mail
> Service Provider for details
>
> So what's the deal?  Is it being scanned, or isn't it?  The output
from
> MailScanner appears to be suggesting both. :P
>
> --
>   _
>  ?v?  Daniel Maher
> /(_)\ Administrateur Syst?me Unix
>  ^ ^  Unix System Administrator
>
> SMASH '5' FOR VICTORY!
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth
> > Sent: January 3, 2007 10:42 AM
> > To: MailScanner discussion
> > Subject: RE: "Virus Scanning" ruleset being ignored?
> >
> > Daniel
> >
> > Depends on the actual envelope-from in the email not the 'From:'
line
> >
> > Check on the Post MailScanner email. There should be a
> > X-MailScanner-From: header line
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > > bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> > > Sent: 03 January 2007 15:35
> > > To: MailScanner discussion
> > > Subject: "Virus Scanning" ruleset being ignored?
> > >
> > > Hello all,
> > >
> > >
> > >
> > > I am attempting to set up a very simple ruleset for the "Virus
> > Scanning"
> > > directive.  In this ruleset, there is one From address for which
virus
> > > scanning is disabled, followed by a default of yes.  I then
pointed
> > the
> > > directive in MailScanner.conf to the path and filename of the
ruleset.
> > > Unfortunately, the ruleset is apparently being ignored.
> > >
> > >
> > >
> > > MailScanner.conf:
> > >
> > > ...
> > >
> > > Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules
> > >
> > > ...
> > >
> > >
> > >
> > > virus.scanning.rules:
> > >
> > > From:       somebody@somewhere.org        no
> > >
> > > From:       default                       yes
> > >
> > >
> > >
> > > Mail from "somebody@somewhere.org" will still be scanned for
viruses,
> > > however.  Following this attempt, I decided to see if the
following
> > simple
> > > ruleset would have any effect:
> > >
> > > FromOrTo:   default                       no
> > >
> > >
> > >
> > > This was also ignored, as all mail was still scanned.  The only
way
> > that I
> > > could manage any effect whatsoever was to set the following in
> > > MailScanner.conf:
> > >
> > > Virus Scanning = no
> > >
> > >
> > >
> > > This did exactly what it's supposed to do - though it's hardly the 
> > > solution I'm looking for. :P
> > >
> > >
> > >
> > > The permissions on path and filename for the ruleset are fine; in
> > fact,
> > > I'm using another ruleset for a different directive already, in
the
> > same
> > > format (and it works properly).  Any ideas on why the new one
doesn't
> > > appear to have any effect would be greatly appreciated.  Thank
you!
> > >
> > >
> > >
> > > --
> > >
> > >   _
> > >  ?v?  Daniel Maher
> > > /(_)\ Administrateur Syst?me Unix
> > >  ^ ^  Unix System Administrator
> > >
> > >
> > >
> > > SMASH '5' FOR VICTORY!
> > >
> > >
> >
> >
> >
> >
> >
> >
**********************************************************************
> >
> > This email and any files transmitted with it are confidential and 
> > intended solely for the use of the individual or entity to whom they 
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept for 
> > the presence of computer viruses and is believed to be clean.
> >
> >
**********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

From ahodges at phenom-networks.com  Wed Jan  3 18:49:43 2007
From: ahodges at phenom-networks.com (Andrew Hodges)
Date: Wed Jan  3 17:50:58 2007
Subject: "Virus Scanning" ruleset being ignored?
In-Reply-To: <3C7811E23EFFC14C8B76E79FEA50EC83DC1F@hodges01.hodges.local>
Message-ID: <3C7811E23EFFC14C8B76E79FEA50EC83DC20@hodges01.hodges.local>

Also please be aware that unless you split your mail messages in the incomming queue you could end up sending a virus to a user that should be scanned. 


E.g.

Your scan.rules file reads as follows

To: somebody@somewhere.com no
FromOrTo: default yes


If you also receive email for domain @here.com and someone sends a mail addressed to both someone@somewhere.com and someone@here.com then it will react on the first rule that matches. i.e. someone@somewhere.com no

Then someone@here.com receives the infected file...

Even if you added a rule for someone@here.com yes above the @somewhere.com rule then the email would be based on the here.com rule and get scanned.

I can provide a link to splitting messages to a max 1 recipient in sendmail, don't know whether it is any use to you...
I have this in place on my system and it does not give me a big performance hit, though I currently only scan ~3000 emails a day.


Andy Hodges

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrew Hodges
Sent: 03 January 2007 17:20
To: MailScanner discussion
Subject: RE: "Virus Scanning" ruleset being ignored?

I think I read somewhere that it will still physically scan the item, it just ignores the virus if it meets a scanning rule that states no...

Believe it is easier to scan all and change what you do with infections than look at scanning only cetain items.

Andy Hodges  

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of martinh@solidstatelogic.com
Sent: 03 January 2007 16:49
To: MailScanner discussion
Subject: RE: "Virus Scanning" ruleset being ignored?

Daniel

I'd run this in debug mode....looks like somethings going wrong somewhere....!


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- 
> bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> Sent: 03 January 2007 16:38
> To: MailScanner discussion
> Subject: RE: "Virus Scanning" ruleset being ignored?
>
> Thanks for the reply,
>
> I agree with your statement; however, that does not explain why files
are
> still scanned for viruses if the ruleset is:
> FromOrTo:   default                       no
>
> Interestingly enough, with that set, the I see this in the logs when
the
> email is processed by MailScanner:
> Jan  3 11:25:41 ad-postfix MailScanner[28089]: Virus and Content
Scanning:
> Starting
> Jan  3 11:25:44 ad-postfix MailScanner[28089]:
>
/var/spool/MailScanner/incoming/28089/./C62F81A65DB.211F7/eicar_com.zip:
> Eicar-Test-Signature FOUND
> Jan  3 11:25:44 ad-postfix MailScanner[28089]: Virus Scanning: ClamAV 
> found 1 infections Jan  3 11:25:44 ad-postfix MailScanner[28089]:
> Virus Scanning: Found 1 viruses Jan  3 11:25:44 ad-postfix
> MailScanner[28089]: Filename Checks:
Allowing
> C62F81A65DB.211F7 eicar_com.zip
>
> However, in the headers for the email once it has been received, I see
> this:
> X-Ubisoft-MailScanner: Not scanned: please contact your Internet
E-Mail
> Service Provider for details
>
> So what's the deal?  Is it being scanned, or isn't it?  The output
from
> MailScanner appears to be suggesting both. :P
>
> --
>   _
>  ?v?  Daniel Maher
> /(_)\ Administrateur Syst?me Unix
>  ^ ^  Unix System Administrator
>
> SMASH '5' FOR VICTORY!
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth
> > Sent: January 3, 2007 10:42 AM
> > To: MailScanner discussion
> > Subject: RE: "Virus Scanning" ruleset being ignored?
> >
> > Daniel
> >
> > Depends on the actual envelope-from in the email not the 'From:'
line
> >
> > Check on the Post MailScanner email. There should be a
> > X-MailScanner-From: header line
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > > bounces@lists.mailscanner.info] On Behalf Of Daniel Maher
> > > Sent: 03 January 2007 15:35
> > > To: MailScanner discussion
> > > Subject: "Virus Scanning" ruleset being ignored?
> > >
> > > Hello all,
> > >
> > >
> > >
> > > I am attempting to set up a very simple ruleset for the "Virus
> > Scanning"
> > > directive.  In this ruleset, there is one From address for which
virus
> > > scanning is disabled, followed by a default of yes.  I then
pointed
> > the
> > > directive in MailScanner.conf to the path and filename of the
ruleset.
> > > Unfortunately, the ruleset is apparently being ignored.
> > >
> > >
> > >
> > > MailScanner.conf:
> > >
> > > ...
> > >
> > > Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules
> > >
> > > ...
> > >
> > >
> > >
> > > virus.scanning.rules:
> > >
> > > From:       somebody@somewhere.org        no
> > >
> > > From:       default                       yes
> > >
> > >
> > >
> > > Mail from "somebody@somewhere.org" will still be scanned for
viruses,
> > > however.  Following this attempt, I decided to see if the
following
> > simple
> > > ruleset would have any effect:
> > >
> > > FromOrTo:   default                       no
> > >
> > >
> > >
> > > This was also ignored, as all mail was still scanned.  The only
way
> > that I
> > > could manage any effect whatsoever was to set the following in
> > > MailScanner.conf:
> > >
> > > Virus Scanning = no
> > >
> > >
> > >
> > > This did exactly what it's supposed to do - though it's hardly the 
> > > solution I'm looking for. :P
> > >
> > >
> > >
> > > The permissions on path and filename for the ruleset are fine; in
> > fact,
> > > I'm using another ruleset for a different directive already, in
the
> > same
> > > format (and it works properly).  Any ideas on why the new one
doesn't
> > > appear to have any effect would be greatly appreciated.  Thank
you!
> > >
> > >
> > >
> > > --
> > >
> > >   _
> > >  ?v?  Daniel Maher
> > > /(_)\ Administrateur Syst?me Unix
> > >  ^ ^  Unix System Administrator
> > >
> > >
> > >
> > > SMASH '5' FOR VICTORY!
> > >
> > >
> >
> >
> >
> >
> >
> >
**********************************************************************
> >
> > This email and any files transmitted with it are confidential and 
> > intended solely for the use of the individual or entity to whom they 
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept for 
> > the presence of computer viruses and is believed to be clean.
> >
> >
**********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

From jaearick at colby.edu  Wed Jan  3 18:54:06 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Wed Jan  3 17:55:26 2007
Subject: FW: IP country block possible?
In-Reply-To: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
Message-ID: <Pine.GSO.4.64.0701031246350.6781@feldspar>

Look at the IPBlock feature of MailScanner; see the list archives.
I use it to control (but not block) the amount of email per IP
number per region of the world.

If you simply want to block all non-Dutch IP numbers, why not do
it at the MTA level instead?  Or better yet, just unplug your
mail server -- blocking all non-Dutch numbers sounds a bit harsh.

Jeff Earickson
Colby College

On Wed, 3 Jan 2007, mailscanner@aha4adsl.nl wrote:

> Date: Wed, 3 Jan 2007 18:01:51 +0100
> From: mailscanner@aha4adsl.nl
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: mailscanner@lists.mailscanner.info
> Subject: FW: IP country block possible?
> 
> Hello Developers,
>
> Although MailScanner is doing a good job on our servers the number of false
> passes are rather high.
>
> We mainly have Dutch and Belgium contacts and therefore want to block
> non-Dutch IP-ranges.
>
> There are several databases, like IP2location, available to find out from
> which country/network the email is coming from.
>
> 1) Is there a way to implement these functions in MailScanner and/or
> SpamAssassin? We find the current blacklist possibilities rather limited
> (the ip2location database has 60000 records like:
> "62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
> "62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
> "62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
>
>
> 2) an other option is to run your own blacklist server but in combination
> with a mysql/php/perl database. Is there any documentation at that point?
>
> 3) can it be implemented in MailScanner directly?
> With options like
> Countries Allow = NL BE US
> Countries Blocked = JP TW
>
> We had scanned the lists.mailscanner.info but could not find any related
> topics.
>
> With kind regards,
>
> Ron Groen
>
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From ssilva at sgvwater.com  Wed Jan  3 19:03:47 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan  3 18:05:07 2007
Subject: FW: IP country block possible?
In-Reply-To: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
Message-ID: <engr62$2eq$1@sea.gmane.org>

mailscanner@aha4adsl.nl spake the following on 1/3/2007 9:01 AM:
> Hello Developers,
> 
> Although MailScanner is doing a good job on our servers the number of false
> passes are rather high.
> 
> We mainly have Dutch and Belgium contacts and therefore want to block
> non-Dutch IP-ranges.
> 
> There are several databases, like IP2location, available to find out from
> which country/network the email is coming from.
> 
> 1) Is there a way to implement these functions in MailScanner and/or
> SpamAssassin? We find the current blacklist possibilities rather limited
> (the ip2location database has 60000 records like:
> "62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
> "62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
> "62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
> 
> 
> 2) an other option is to run your own blacklist server but in combination
> with a mysql/php/perl database. Is there any documentation at that point?
> 
> 3) can it be implemented in MailScanner directly?
> With options like
> Countries Allow = NL BE US
> Countries Blocked = JP TW
> 
> We had scanned the lists.mailscanner.info but could not find any related
> topics.
> 
> With kind regards,
> 
> Ron Groen 
> 
> 
There is a plugin in spamassassin, (at least 3.1.7 has it) called relaycountry.
It can score based on where the mail came from.
http://wiki.apache.org/spamassassin/RelayCountryPlugin


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From res at ausics.net  Wed Jan  3 23:07:08 2007
From: res at ausics.net (Res)
Date: Wed Jan  3 22:08:26 2007
Subject: MailScanner trying to access all directories under /var/*
In-Reply-To: <OF46717EA8.57821050-ONC1257258.003EB5B8-C1257258.003F13AF@nexis.be>
References: <OF46717EA8.57821050-ONC1257258.003EB5B8-C1257258.003F13AF@nexis.be>
Message-ID: <Pine.LNX.4.64.0701040800030.23819@ebfjryy.nhfvpf.arg>



On Wed, 3 Jan 2007, kte@nexis.be wrote:


> yust use CentOS a RHEL clone where you can use yum to patch your OS

Nope, I am happier with slackware as a server OS, it is far more stable, 
reliable and supported for many years, and BECAUSE once again, its not
using RH butchered programs.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Wed Jan  3 23:11:44 2007
From: res at ausics.net (Res)
Date: Wed Jan  3 22:13:01 2007
Subject: Process old Mails
In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F242106@idefix.danielf.local>
References: <96EF3FB3C374A64187CCB0D0DA716F242106@idefix.danielf.local>
Message-ID: <Pine.LNX.4.64.0701040808530.23819@ebfjryy.nhfvpf.arg>

On Wed, 3 Jan 2007, Daniel Fuhrer wrote:

> Hi all
> I have Mailscanner running on a freebsd 5.3 box.
> This morning I had a lot of mails in the directory /var/spool/mqueue.in


This is the directory MailScanner uses to collect the mail to process 
from, your maillog should show why MailScanner was not doing it... 
hopefully, did you run  /path/to/MailScanner --lint

Were you mailbombed?  Using correct locktype? Somthing had to opf failed 
for it to do that, permissions did not change?


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From ssilva at sgvwater.com  Wed Jan  3 23:24:39 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan  3 22:26:15 2007
Subject: Process old Mails
In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F242106@idefix.danielf.local>
References: <96EF3FB3C374A64187CCB0D0DA716F242106@idefix.danielf.local>
Message-ID: <enhaf6$dkp$1@sea.gmane.org>

Daniel Fuhrer spake the following on 1/3/2007 4:15 AM:
> Hi all
> I have Mailscanner running on a freebsd 5.3 box.
> This morning I had a lot of mails in the directory /var/spool/mqueue.in
> So I moved this directory to a other name, recreatet the Directory and
> restarted Mailscanner. Now everything is running fine. My question is:
> how can i start process the old files in the old mqueue.in? I tried to
> copy just file by file to the new directory. But mailscanner doesent
> process this mail.
>  
> Thanks for your answer.
>  
> Cheers Daniel
> 
If using sendmail, those files have to be in pairs where they start with
either "qf" or "df" and the rest of the characters match. If they are all one
or the other, you can safely forget them, as they have either been processed,
or will be unusable.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From res at ausics.net  Wed Jan  3 23:28:59 2007
From: res at ausics.net (Res)
Date: Wed Jan  3 22:30:19 2007
Subject: FW: IP country block possible?
In-Reply-To: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
Message-ID: <Pine.LNX.4.64.0701040813010.23819@ebfjryy.nhfvpf.arg>

On Wed, 3 Jan 2007, mailscanner@aha4adsl.nl wrote:

> We mainly have Dutch and Belgium contacts and therefore want to block
> non-Dutch IP-ranges.

Thats crazy :)  but if you insist, (we know people on this list are often
only carrying out company directives and it is not the place of anyone on 
this lsit to try tell you not to do it) this is not a job for MailScanner, 
it is the responsability of your MTA.

I have an ACL on a data center router here which takes out 3 asian 
countries because of their assholish behaviours, and I can assure you that 
acl for those 3 countries (since TLD blocking is a waste of time as many 
admins are too lazy or clueless to configure DNS) is huge, these are not 
single IP's but entire netmasks...

~# grep -c "access-list 183 deny" /backs/routers/bne/brd1-Wed
862
~#

Ok, thats blocking, you want to allow, but its much the same principle,
Your sendmail/postfix/qmail ACL "OK" lists will be very large to allow 
only a couple of countries.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From daniel at danielf.ch  Wed Jan  3 23:33:44 2007
From: daniel at danielf.ch (Daniel Fuhrer)
Date: Wed Jan  3 22:35:00 2007
Subject: AW: Process old Mails
In-Reply-To: <enhaf6$dkp$1@sea.gmane.org>
Message-ID: <96EF3FB3C374A64187CCB0D0DA716F244696@idefix.danielf.local>

Thanks all for the quick answer.
I removed some mails where either the qf or the df file was missing. After that Mailscanner start processing them as usual.

Cheers daniel

-----Urspr?ngliche Nachricht-----
Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Scott Silva
Gesendet: Mittwoch, 3. Januar 2007 23:25
An: Mailscanner
Betreff: Re: Process old Mails

Daniel Fuhrer spake the following on 1/3/2007 4:15 AM:
> Hi all
> I have Mailscanner running on a freebsd 5.3 box.
> This morning I had a lot of mails in the directory /var/spool/mqueue.in
> So I moved this directory to a other name, recreatet the Directory and
> restarted Mailscanner. Now everything is running fine. My question is:
> how can i start process the old files in the old mqueue.in? I tried to
> copy just file by file to the new directory. But mailscanner doesent
> process this mail.
>  
> Thanks for your answer.
>  
> Cheers Daniel
> 
If using sendmail, those files have to be in pairs where they start with
either "qf" or "df" and the rest of the characters match. If they are all one
or the other, you can safely forget them, as they have either been processed,
or will be unusable.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From ssilva at sgvwater.com  Wed Jan  3 23:43:03 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan  3 22:44:32 2007
Subject: AW: Process old Mails
In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F244696@idefix.danielf.local>
References: <enhaf6$dkp$1@sea.gmane.org>
	<96EF3FB3C374A64187CCB0D0DA716F244696@idefix.danielf.local>
Message-ID: <enhbhn$hrq$1@sea.gmane.org>

Daniel Fuhrer spake the following on 1/3/2007 2:33 PM:
> Thanks all for the quick answer.
> I removed some mails where either the qf or the df file was missing. After that Mailscanner start processing them as usual.
> 
> Cheers daniel
> 
> -----Urspr?ngliche Nachricht-----
> Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Scott Silva
> Gesendet: Mittwoch, 3. Januar 2007 23:25
> An: Mailscanner
> Betreff: Re: Process old Mails
> 
> Daniel Fuhrer spake the following on 1/3/2007 4:15 AM:
>> Hi all
>> I have Mailscanner running on a freebsd 5.3 box.
>> This morning I had a lot of mails in the directory /var/spool/mqueue.in
>> So I moved this directory to a other name, recreatet the Directory and
>> restarted Mailscanner. Now everything is running fine. My question is:
>> how can i start process the old files in the old mqueue.in? I tried to
>> copy just file by file to the new directory. But mailscanner doesent
>> process this mail.
>>  
>> Thanks for your answer.
>>  
>> Cheers Daniel
>>
> If using sendmail, those files have to be in pairs where they start with
> either "qf" or "df" and the rest of the characters match. If they are all one
> or the other, you can safely forget them, as they have either been processed,
> or will be unusable.
> 
> 
If this happens often, it may be a symptom of a wrong setting in the locktype,
or other problem.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Wed Jan  3 23:59:00 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan  3 23:00:28 2007
Subject: FW: IP country block possible?
In-Reply-To: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
Message-ID: <enhcfk$ko1$1@sea.gmane.org>

mailscanner@aha4adsl.nl spake the following on 1/3/2007 9:01 AM:
> Hello Developers,
> 
> Although MailScanner is doing a good job on our servers the number of false
> passes are rather high.
> 
> We mainly have Dutch and Belgium contacts and therefore want to block
> non-Dutch IP-ranges.
> 
> There are several databases, like IP2location, available to find out from
> which country/network the email is coming from.
> 
> 1) Is there a way to implement these functions in MailScanner and/or
> SpamAssassin? We find the current blacklist possibilities rather limited
> (the ip2location database has 60000 records like:
> "62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
> "62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
> "62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
> 
> 
> 2) an other option is to run your own blacklist server but in combination
> with a mysql/php/perl database. Is there any documentation at that point?
> 
> 3) can it be implemented in MailScanner directly?
> With options like
> Countries Allow = NL BE US
> Countries Blocked = JP TW
> 
> We had scanned the lists.mailscanner.info but could not find any related
> topics.
> 
> With kind regards,
> 
> Ron Groen 
> 
> 
What if one of your more important Dutch clients is traveling abroad and needs
to e-mail you from some other country? Or even worse, your C.E.O. is in France
for a vacation, but wants to e-mail back an important document. Will he be happy?

There are other ways to increase your spam to ham ratios. I live in the United
States, where much spam originates, but I manage to kill the majority of it,
and usually have very few false negatives. Those are in the low scoring spam
range, and get their subjects adjusted to show that fact. I get very few
complaints about spam.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From vosburgh at dalsemi.com  Thu Jan  4 00:04:55 2007
From: vosburgh at dalsemi.com (David Vosburgh)
Date: Wed Jan  3 23:07:00 2007
Subject: OT: Freds Rules
Message-ID: <459C3697.8080406@dalsemi.com>

Anyone else seeing a problem with the rules FH_DATE_ISNT_2006 and 
FH_DATE_ISNT_200X (in 88_FVGT_headers.cf) now that the new year has 
started?  I've just modified mine to account for the new year.

Dave

From technician at cenpac.net.nr  Thu Jan  4 00:24:05 2007
From: technician at cenpac.net.nr (Jon Leeman)
Date: Wed Jan  3 23:24:49 2007
Subject: FW: IP country block possible?
In-Reply-To: <Pine.LNX.4.64.0701040813010.23819@ebfjryy.nhfvpf.arg>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
	<Pine.LNX.4.64.0701040813010.23819@ebfjryy.nhfvpf.arg>
Message-ID: <459C3B15.7090304@cenpac.net.nr>



Res wrote:
> On Wed, 3 Jan 2007, mailscanner@aha4adsl.nl wrote:
> 
>> We mainly have Dutch and Belgium contacts and therefore want to block
>> non-Dutch IP-ranges.
> 
> Thats crazy :)  but if you insist, (we know people on this list are often
> only carrying out company directives and it is not the place of anyone
> on this lsit to try tell you not to do it) this is not a job for
> MailScanner, it is the responsability of your MTA.
> 
> I have an ACL on a data center router here which takes out 3 asian
> countries because of their assholish behaviours, and I can assure you
> that acl for those 3 countries (since TLD blocking is a waste of time as
> many admins are too lazy or clueless to configure DNS) is huge, these
> are not single IP's but entire netmasks...
> 
> ~# grep -c "access-list 183 deny" /backs/routers/bne/brd1-Wed
> 862
> ~#
> 
> Ok, thats blocking, you want to allow, but its much the same principle,
> Your sendmail/postfix/qmail ACL "OK" lists will be very large to allow
> only a couple of countries.
> 
> 

I often use the Cisco ACL on our border router from
http://www.okean.com/ when the garbage from the countries mentioned
becomes a nuisance.

Rgds.,

Jon

From taz at taz-mania.com  Thu Jan  4 00:24:19 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Wed Jan  3 23:25:33 2007
Subject: Happy NW - Not
In-Reply-To: <engki8$3a7$1@sea.gmane.org>
Message-ID: <web-8969323@namesystems.net>

I haven't seen the stock Spam using the Happy NW (yet), just a Virus. 
If the Stock spammers are doing that too, then I should see them soon.


On Wed, 03 Jan 2007 08:10:49 -0800
  Scott Silva <ssilva@sgvwater.com> wrote:
>Dennis Willson spake the following on 1/2/2007 8:59 PM:
>> All the ones I got were caught by ClamAV and quarantined... I got 
>>about
>> 700 in a 24 hour period.
>> 
>Are you sure clam fired on these? It was a stock spam, not a virus or 
>a
>phishing attempt.
>-- 
>
>MailScanner is like deodorant...
>You hope everybody uses it, and
>you notice quickly if they don't!!!!
>
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): ka6lsw
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, 
Gas Blender

Owner: Kepnet Internet Services

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From ssilva at sgvwater.com  Thu Jan  4 00:28:21 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan  3 23:30:21 2007
Subject: OT: Freds Rules
In-Reply-To: <459C3697.8080406@dalsemi.com>
References: <459C3697.8080406@dalsemi.com>
Message-ID: <enhe6l$pfq$1@sea.gmane.org>

David Vosburgh spake the following on 1/3/2007 3:04 PM:
> Anyone else seeing a problem with the rules FH_DATE_ISNT_2006 and
> FH_DATE_ISNT_200X (in 88_FVGT_headers.cf) now that the new year has
> started?  I've just modified mine to account for the new year.
> 
> Dave
> 
What version are you using?
Some of Fred's rules were updated yesterday

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From vosburgh at dalsemi.com  Thu Jan  4 00:37:24 2007
From: vosburgh at dalsemi.com (David Vosburgh)
Date: Wed Jan  3 23:39:28 2007
Subject: OT: Freds Rules
In-Reply-To: <enhe6l$pfq$1@sea.gmane.org>
References: <459C3697.8080406@dalsemi.com> <enhe6l$pfq$1@sea.gmane.org>
Message-ID: <459C3E34.9020809@dalsemi.com>

Scott Silva wrote:
> David Vosburgh spake the following on 1/3/2007 3:04 PM:
> 
>>Anyone else seeing a problem with the rules FH_DATE_ISNT_2006 and
>>FH_DATE_ISNT_200X (in 88_FVGT_headers.cf) now that the new year has
>>started?  I've just modified mine to account for the new year.
>>
>>Dave
>>
> 
> What version are you using?
> Some of Fred's rules were updated yesterday
> 
1.04.07. I update all the RDJ's at 4am each morning, and it didn't 
change this morning. Thanks.



From ajos1 at onion.demon.co.uk  Wed Jan  3 23:45:10 2007
From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk)
Date: Wed Jan  3 23:46:29 2007
Subject: OT: Freds Rules
Message-ID: <sentwed03jan2007234510gmtbstajos1@sonicbadger.com>

-

I have  ... the following and I see not a single reference to fh_date

# Fred's Header rules
# Version:  1.04.08
# Created:  08/20/2003
# Modified: 01/02/2007
# Current Home: http://www.rulesemporium.com/rules/88_FVGT_headers.cf


-----Original Message-----
From: MailScanner discussion <mailscanner@lists.mailscanner.info
Subj: Re: OT: Freds Rules
Date: Wed, 03 Jan 2007 17:37:24 -0600

Scott Silva wrote:
> David Vosburgh spake the following on 1/3/2007 3:04 PM:
> 
>>Anyone else seeing a problem with the rules FH_DATE_ISNT_2006 and
>>FH_DATE_ISNT_200X (in 88_FVGT_headers.cf) now that the new year has
>>started?  I've just modified mine to account for the new year.
>>
>>Dave
>>
> 
> What version are you using?
> Some of Fred's rules were updated yesterday
> 
1.04.07. I update all the RDJ's at 4am each morning, and it didn't 
change this morning. Thanks.

==
=====================================================================
=
= "The council has asked residents with Christmas trees that are
=  unsuitable for use as maypoles to chop them up and put them in
=  recycling bins to be collected after the holiday."
=
=  Need help dealing with Parking Tickets, Bailiffs, Capita or NTL...
=  Call...    +44 8457 90 90 90    http://www.samaritans.org/
=
=====================================================================
From ssilva at sgvwater.com  Thu Jan  4 00:47:58 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan  3 23:49:29 2007
Subject: Happy NW - Not
In-Reply-To: <web-8969323@namesystems.net>
References: <engki8$3a7$1@sea.gmane.org> <web-8969323@namesystems.net>
Message-ID: <enhfbe$s5o$1@sea.gmane.org>

Dennis Willson spake the following on 1/3/2007 3:24 PM:
> I haven't seen the stock Spam using the Happy NW (yet), just a Virus. If
> the Stock spammers are doing that too, then I should see them soon.
> 
All I have seen are the stock spams for an adult daycare stock.
 The subject is Happy NW and a dictionary generated given name.
And all have been between 1.8k and 2.0k in size. I haven't 
seen any today, but something new will take its place.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ka at pacific.net  Thu Jan  4 02:06:05 2007
From: ka at pacific.net (Ken A)
Date: Thu Jan  4 01:04:12 2007
Subject: FW: IP country block possible?
In-Reply-To: <enhcfk$ko1$1@sea.gmane.org>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
	<enhcfk$ko1$1@sea.gmane.org>
Message-ID: <459C52FD.3020009@pacific.net>



Scott Silva wrote:
> mailscanner@aha4adsl.nl spake the following on 1/3/2007 9:01 AM:
>> Hello Developers,
>>
>> Although MailScanner is doing a good job on our servers the number of false
>> passes are rather high.
>>
>> We mainly have Dutch and Belgium contacts and therefore want to block
>> non-Dutch IP-ranges.
>>
>> There are several databases, like IP2location, available to find out from
>> which country/network the email is coming from.
>>
>> 1) Is there a way to implement these functions in MailScanner and/or
>> SpamAssassin? We find the current blacklist possibilities rather limited
>> (the ip2location database has 60000 records like:
>> "62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
>> "62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
>> "62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
>>

If it's the country of Qatar you just have to block one IP.
http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html

Ken A
Pacific.Net

>> 2) an other option is to run your own blacklist server but in combination
>> with a mysql/php/perl database. Is there any documentation at that point?
>>
>> 3) can it be implemented in MailScanner directly?
>> With options like
>> Countries Allow = NL BE US
>> Countries Blocked = JP TW
>>
>> We had scanned the lists.mailscanner.info but could not find any related
>> topics.
>>
>> With kind regards,
>>
>> Ron Groen 
>>
>>
> What if one of your more important Dutch clients is traveling abroad and needs
> to e-mail you from some other country? Or even worse, your C.E.O. is in France
> for a vacation, but wants to e-mail back an important document. Will he be happy?
> 
> There are other ways to increase your spam to ham ratios. I live in the United
> States, where much spam originates, but I manage to kill the majority of it,
> and usually have very few false negatives. Those are in the low scoring spam
> range, and get their subjects adjusted to show that fact. I get very few
> complaints about spam.
> 
> 
From res at ausics.net  Thu Jan  4 03:35:02 2007
From: res at ausics.net (Res)
Date: Thu Jan  4 02:36:23 2007
Subject: FW: IP country block possible?
In-Reply-To: <459C3B15.7090304@cenpac.net.nr>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
	<Pine.LNX.4.64.0701040813010.23819@ebfjryy.nhfvpf.arg>
	<459C3B15.7090304@cenpac.net.nr>
Message-ID: <Pine.LNX.4.64.0701041232240.24411@ebfjryy.nhfvpf.arg>

On Thu, 4 Jan 2007, Jon Leeman wrote:

>
> I often use the Cisco ACL on our border router from
> http://www.okean.com/ when the garbage from the countries mentioned
> becomes a nuisance.

Not a bad list, thanks :)

The count is about right, since I also take out .tw, who are as much a 
problem here as the other two.
But I'm certainly going to put aside a few minutes later today to compare 
to make sure I've not missed any in this guys list, which by his date is a 
lot more current then mine.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From csweeney at osubucks.org  Thu Jan  4 04:33:20 2007
From: csweeney at osubucks.org (Chris Sweeney)
Date: Thu Jan  4 03:34:51 2007
Subject: FW: IP country block possible?
In-Reply-To: <Pine.LNX.4.64.0701041232240.24411@ebfjryy.nhfvpf.arg>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>	<Pine.LNX.4.64.0701040813010.23819@ebfjryy.nhfvpf.arg>	<459C3B15.7090304@cenpac.net.nr>
	<Pine.LNX.4.64.0701041232240.24411@ebfjryy.nhfvpf.arg>
Message-ID: <459C7580.9060609@osubucks.org>

I'm glad this list was posted I am putting into use now and will see
what happens.  I don't like the idea of blocking anyone but the SPAM
from there and the number of robots posting on my forums is getting out
of hand.

Res wrote:
> On Thu, 4 Jan 2007, Jon Leeman wrote:
>
>>
>> I often use the Cisco ACL on our border router from
>> http://www.okean.com/ when the garbage from the countries mentioned
>> becomes a nuisance.
>
> Not a bad list, thanks :)
>
> The count is about right, since I also take out .tw, who are as much a
> problem here as the other two.
> But I'm certainly going to put aside a few minutes later today to
> compare to make sure I've not missed any in this guys list, which by
> his date is a lot more current then mine.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5188 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070103/a262737f/smime.bin
From P.G.M.Peters at utwente.nl  Thu Jan  4 12:10:33 2007
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Thu Jan  4 11:13:10 2007
Subject: FW: IP country block possible?
In-Reply-To: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
Message-ID: <459CE0A9.9060907@utwente.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mailscanner@aha4adsl.nl wrote on 3-1-2007 18:01:

> We mainly have Dutch and Belgium contacts and therefore want to block
> non-Dutch IP-ranges.

We use the country lists at countries.nerd.dk. But just the other way
around. We have a lot of external students and mail from some of their
home countries is reather aggresively tagged as spam. We use these lists
to put extra tags in the headers so they can whitelist e-mail with those
tages in their mailclient.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFnOCpelLo80lrIdIRApTHAJ97abKEXT8WpdXCJdEsAW5Dldg0OgCghccn
DZ7p8GpS0iphZme2E7qHoDA=
=yDnf
-----END PGP SIGNATURE-----

From dyioulos at firstbhph.com  Thu Jan  4 13:47:37 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Thu Jan  4 12:49:00 2007
Subject: OT: Freds Rules
In-Reply-To: <sentwed03jan2007234510gmtbstajos1@sonicbadger.com>
References: <sentwed03jan2007234510gmtbstajos1@sonicbadger.com>
Message-ID: <200701040747.37802.dyioulos@firstbhph.com>

On Wednesday 03 January 2007 6:45 pm, ajos1@onion.demon.co.uk wrote:
> -
>
> I have  ... the following and I see not a single reference to fh_date
>
> # Fred's Header rules
> # Version:  1.04.08
> # Created:  08/20/2003
> # Modified: 01/02/2007
> # Current Home: http://www.rulesemporium.com/rules/88_FVGT_headers.cf
>
>
> -----Original Message-----
> From: MailScanner discussion <mailscanner@lists.mailscanner.info
> Subj: Re: OT: Freds Rules
> Date: Wed, 03 Jan 2007 17:37:24 -0600
>
> Scott Silva wrote:
> > David Vosburgh spake the following on 1/3/2007 3:04 PM:
> >>Anyone else seeing a problem with the rules FH_DATE_ISNT_2006 and
> >>FH_DATE_ISNT_200X (in 88_FVGT_headers.cf) now that the new year has
> >>started?  I've just modified mine to account for the new year.
> >>
> >>Dave
> >
> > What version are you using?
> > Some of Fred's rules were updated yesterday
>
> 1.04.07. I update all the RDJ's at 4am each morning, and it didn't
> change this morning. Thanks.
>

Yesterday, having seen the problems caused by 88_FVGT_headers.cf, I edited the 
FH_DATE_ISNT_2006 and FH_DATE_ISNT_200X rules to change 2006 to 2007 --> end 
of problems.  However, I don't know what the implications of these changes 
are.  Would someone be kind enough to explain?

Thanks.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From nerijus at users.sourceforge.net  Thu Jan  4 14:49:19 2007
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Thu Jan  4 13:51:25 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk><200612022342.kB2NgCcf026083@bkserver.blacknight.ie><20061203011931.d29a40c0.michel@mitch-it.nl><45743355.2040006@sendit.nodak.edu><45744FDB.3030307@netmagicsolutions.com><20061204205254.8300B11285@mx-a.vdnet.lt><223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com><20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
Message-ID: <20070104135002.3386BFF10@mx-a.vdnet.lt>

On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com> wrote:

> > OK, here they are attached. message1 and queue1 are with milter-greylist,
> > message2 and queue2 - without.
>
> I typed a longish reply to this one yesterday, which gmail then
> promptly swallowed:-).
> Oh well.
> 
> The gist of it was "If I get time, I'll look at the code"... and
> "interresting that postcat demangles it correctly (so that the postcat
> of each queue file is ... well, as close to identical as possible)
> ...".
> 
> Don't have much spare time ATM though, so don't hold your breath:-).
> Who knows, Jules might find the time to look at it before the weekend
> (when I'll be likely having an hour to spend:-).

Any news on it (although I'm sure you didn't have spare time...)?

Regards,
Nerijus
From jpm at retail-sc.com  Thu Jan  4 15:26:22 2007
From: jpm at retail-sc.com (Jan-Piet Mens)
Date: Thu Jan  4 14:27:45 2007
Subject: Need header in message when whitelisted by custom function
Message-ID: <20070104142622.GA11352@m1.intdus.retail-sc.com>

Hello,

when whitelisting a message with

	Is Definitely Not Spam = &JPscan

I'd like a header added to the message. Anything would do, but something
to the tune of

	X-whitelisted: yes

would be ideal, and I'd ideally like to create that header from my
custom function.

Is there a way to do that with version 4.43.8 [willing to upgrade] ?

Thanks & regards,
	-JP
From housey at sme-ecom.co.uk  Thu Jan  4 15:49:02 2007
From: housey at sme-ecom.co.uk (Paul Houselander)
Date: Thu Jan  4 14:51:35 2007
Subject: Non Spam Actions and Outgoing Queue Dir
Message-ID: <FBEJJHFHACFJANBPICFIIEGBAMAB.housey@sme-ecom.co.uk>

Hi

I use the Non Spam Actions ruleset to archive some domains email to a POP
mailbox

e.g.

Non Spam Actions = %rules-dir%/non.spam.actions.rules

non.spam.actions.rules

To:	*@domain.com	deliver forward archive1@myarchive.com
FromTo:	default	deliver

This works fine, email comes in for domain.com its scanned and then relayed
onto its destination mail server, a copy is forwarded to the POP mailbox.

The reason I do this is so a customer can access his email (via the POP
mailbox) even if his email server is unavailable.

>From time to time, if I know a customers mailserver is going to be offline
for an extended period of time I use the Outgoing Queue Dir ruleset to place
there email in a separate outgoing queue and not attempt delivery until
there mail server is back up and running. This is to stop any bounces
occurring.

e.g.

Outgoing Queue Dir = %rules-dir%/outgoing.queue.dir.rules

outgoing.queue.dir.rules

To: *@domain.com	/var/spool/domain.com
FromTo:	default	/var/spool/mqueue

When I do this it also stops the forward in non.spam.actions.rules from
taking place.

Looking in the /var/spool/domain.com/ directory and just picking a qf file I
can see an entry

RP:<archive1@myarchive.com>

Is there a way to run a sendmail -q on the /var/spool/domain.com directory
but only attempt the deliver for the myarchive.com recipient?

I tried something like "sendmail -qR@myarchive.com -O
QueueDirectory=/var/spool/domain.com/" but if didnt seem to do anything - im
not sure if what im doing is possible.

Hope that makes sense?

Cheers

Paul



From Dstraka at caspercollege.edu  Thu Jan  4 16:39:38 2007
From: Dstraka at caspercollege.edu (Daniel Straka)
Date: Thu Jan  4 15:41:27 2007
Subject: Lock Type Question
Message-ID: <459CBD49.61A0.0000.0@caspercollege.edu>

Is it OK to have the "Lock Type =" configuration option uncommented and
blank?
I've been getting a lot of the following messages in the mail log and
was
wondering if this might be related.
Jan  4 08:32:47 mail sendmail-in[2531]: rejecting connections on daemon
MTA: 15 children, max 15

Thanks,

Dan Straka
Systems Coordinator
Casper College
307.268.2399


-- 
This message has been scanned for viruses
and dangerous content by MailScanner at
caspercollege.edu and is believed to be clean.

-------------- next part --------------
BEGIN:VCARD
VERSION:2.1
FN:Straka, Daniel
TEL:307.268.2399
EMAIL:Dstraka@caspercollege.edu
ORG:Casper College
TITLE:Systems Coordinator
URL:http://wind.caspercollege.edu/~dstraka/
END:VCARD

From naolson at gmail.com  Thu Jan  4 16:49:20 2007
From: naolson at gmail.com (Nathan Olson)
Date: Thu Jan  4 15:50:39 2007
Subject: Lock Type Question
In-Reply-To: <459CBD49.61A0.0000.0@caspercollege.edu>
References: <459CBD49.61A0.0000.0@caspercollege.edu>
Message-ID: <8f54b4330701040749w14f2b732w811f1447657b0639@mail.gmail.com>

Are you sure you don't have MaxDaemonChildren set to 15?

Nate
From martinh at solidstatelogic.com  Thu Jan  4 16:52:01 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan  4 15:53:26 2007
Subject: Lock Type Question
In-Reply-To: <459CBD49.61A0.0000.0@caspercollege.edu>
Message-ID: <ff47ce0a63d3bc408d5b7d3e031c0758@solidstatelogic.com>

Dan

What version of maiLScanner and what version of Sendmail please..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Daniel Straka
> Sent: 04 January 2007 15:40
> To: mailscanner@lists.mailscanner.info
> Subject: Lock Type Question
>
> Is it OK to have the "Lock Type =" configuration option uncommented
and
> blank?
> I've been getting a lot of the following messages in the mail log and
> was
> wondering if this might be related.
> Jan  4 08:32:47 mail sendmail-in[2531]: rejecting connections on
daemon
> MTA: 15 children, max 15
>
> Thanks,
>
> Dan Straka
> Systems Coordinator
> Casper College
> 307.268.2399
>
>
> --
> This message has been scanned for viruses
> and dangerous content by MailScanner at
> caspercollege.edu and is believed to be clean.





**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From martinh at solidstatelogic.com  Thu Jan  4 16:58:50 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan  4 16:00:18 2007
Subject: Lock Type Question
In-Reply-To: <459CBD49.61A0.0000.0@caspercollege.edu>
Message-ID: <717334a8fed21f42bb4b3de3512584d5@solidstatelogic.com>

Dan

Actually I think the previous message poster was nearer the mark.

I'd suggest you look at how busy the system must be before sendmail
stops accepting connections....

Eg in sendmail.cf

# load average at which we just queue messages
#O QueueLA=8

# load average at which we refuse connections
#O RefuseLA=12

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Daniel Straka
> Sent: 04 January 2007 15:40
> To: mailscanner@lists.mailscanner.info
> Subject: Lock Type Question
>
> Is it OK to have the "Lock Type =" configuration option uncommented
and
> blank?
> I've been getting a lot of the following messages in the mail log and
> was
> wondering if this might be related.
> Jan  4 08:32:47 mail sendmail-in[2531]: rejecting connections on
daemon
> MTA: 15 children, max 15
>
> Thanks,
>
> Dan Straka
> Systems Coordinator
> Casper College
> 307.268.2399
>
>
> --
> This message has been scanned for viruses
> and dangerous content by MailScanner at
> caspercollege.edu and is believed to be clean.





**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From gmatt at nerc.ac.uk  Thu Jan  4 17:00:19 2007
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Thu Jan  4 16:01:42 2007
Subject: Lock Type Question
In-Reply-To: <459CBD49.61A0.0000.0@caspercollege.edu>
References: <459CBD49.61A0.0000.0@caspercollege.edu>
Message-ID: <459D2493.9070200@nerc.ac.uk>

Daniel Straka wrote:
> Is it OK to have the "Lock Type =" configuration option uncommented and
> blank?
> I've been getting a lot of the following messages in the mail log and
> was
> wondering if this might be related.
> Jan  4 08:32:47 mail sendmail-in[2531]: rejecting connections on daemon
> MTA: 15 children, max 15
> 

this is nothing to do with the lock type (nothing to do with MailScanner 
at all). You sendmail MTA is refusing connections because it is 
configured for a maximum number of child process and that maximum has 
been reached. This is fairly obvious from the log.

GREG

> Thanks,
> 
> Dan Straka
> Systems Coordinator
> Casper College
> 307.268.2399
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> BEGIN:VCARD
> VERSION:2.1
> FN:Straka, Daniel
> TEL:307.268.2399
> EMAIL:Dstraka@caspercollege.edu
> ORG:Casper College
> TITLE:Systems Coordinator
> URL:http://wind.caspercollege.edu/~dstraka/
> END:VCARD
> 
> 


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From ssilva at sgvwater.com  Thu Jan  4 17:28:39 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan  4 16:30:07 2007
Subject: FW: IP country block possible?
In-Reply-To: <459C52FD.3020009@pacific.net>
References: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>	<enhcfk$ko1$1@sea.gmane.org>
	<459C52FD.3020009@pacific.net>
Message-ID: <enj9vn$40i$1@sea.gmane.org>

Ken A spake the following on 1/3/2007 5:06 PM:
> 
> 
> Scott Silva wrote:
>> mailscanner@aha4adsl.nl spake the following on 1/3/2007 9:01 AM:
>>> Hello Developers,
>>>
>>> Although MailScanner is doing a good job on our servers the number of
>>> false
>>> passes are rather high.
>>>
>>> We mainly have Dutch and Belgium contacts and therefore want to block
>>> non-Dutch IP-ranges.
>>>
>>> There are several databases, like IP2location, available to find out
>>> from
>>> which country/network the email is coming from.
>>>
>>> 1) Is there a way to implement these functions in MailScanner and/or
>>> SpamAssassin? We find the current blacklist possibilities rather limited
>>> (the ip2location database has 60000 records like:
>>> "62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
>>> "62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
>>> "62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
>>>
> 
> If it's the country of Qatar you just have to block one IP.
> http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html
> 
Oh yeah... I'm getting loads of spam from Qatar ;-)


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Thu Jan  4 17:57:53 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan  4 16:59:25 2007
Subject: OT: Freds Rules
In-Reply-To: <200701040747.37802.dyioulos@firstbhph.com>
References: <sentwed03jan2007234510gmtbstajos1@sonicbadger.com>
	<200701040747.37802.dyioulos@firstbhph.com>
Message-ID: <enjbmh$c2g$1@sea.gmane.org>

Dimitri Yioulos spake the following on 1/4/2007 4:47 AM:
> On Wednesday 03 January 2007 6:45 pm, ajos1@onion.demon.co.uk wrote:
>> -
>>
>> I have  ... the following and I see not a single reference to fh_date
>>
>> # Fred's Header rules
>> # Version:  1.04.08
>> # Created:  08/20/2003
>> # Modified: 01/02/2007
>> # Current Home: http://www.rulesemporium.com/rules/88_FVGT_headers.cf
>>
>>
>> -----Original Message-----
>> From: MailScanner discussion <mailscanner@lists.mailscanner.info
>> Subj: Re: OT: Freds Rules
>> Date: Wed, 03 Jan 2007 17:37:24 -0600
>>
>> Scott Silva wrote:
>>> David Vosburgh spake the following on 1/3/2007 3:04 PM:
>>>> Anyone else seeing a problem with the rules FH_DATE_ISNT_2006 and
>>>> FH_DATE_ISNT_200X (in 88_FVGT_headers.cf) now that the new year has
>>>> started?  I've just modified mine to account for the new year.
>>>>
>>>> Dave
>>> What version are you using?
>>> Some of Fred's rules were updated yesterday
>> 1.04.07. I update all the RDJ's at 4am each morning, and it didn't
>> change this morning. Thanks.
>>
> 
> Yesterday, having seen the problems caused by 88_FVGT_headers.cf, I edited the 
> FH_DATE_ISNT_2006 and FH_DATE_ISNT_200X rules to change 2006 to 2007 --> end 
> of problems.  However, I don't know what the implications of these changes 
> are.  Would someone be kind enough to explain?
> 
> Thanks.
> 
> Dimitri
> 
Since that isn't present in the current rules, I wouldn't worry about it. Just
download the current version and replace the old one.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Thu Jan  4 18:04:28 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan  4 17:06:03 2007
Subject: Lock Type Question
In-Reply-To: <459CBD49.61A0.0000.0@caspercollege.edu>
References: <459CBD49.61A0.0000.0@caspercollege.edu>
Message-ID: <enjc2s$c2g$2@sea.gmane.org>

Daniel Straka spake the following on 1/4/2007 7:39 AM:
> Is it OK to have the "Lock Type =" configuration option uncommented and
> blank?
> I've been getting a lot of the following messages in the mail log and
> was
> wondering if this might be related.
> Jan  4 08:32:47 mail sendmail-in[2531]: rejecting connections on daemon
> MTA: 15 children, max 15
> 
Even though your problem is not related to the locktype setting, I would still
set something there. Maybe it is working now, but the autodetect part of
mailscanner has been wrong before, and it could happen again.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From dyioulos at firstbhph.com  Thu Jan  4 18:06:32 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Thu Jan  4 17:07:51 2007
Subject: OT: Freds Rules
In-Reply-To: <enjbmh$c2g$1@sea.gmane.org>
References: <sentwed03jan2007234510gmtbstajos1@sonicbadger.com>
	<200701040747.37802.dyioulos@firstbhph.com>
	<enjbmh$c2g$1@sea.gmane.org>
Message-ID: <200701041206.32427.dyioulos@firstbhph.com>

On Thursday 04 January 2007 11:57 am, Scott Silva wrote:
> Dimitri Yioulos spake the following on 1/4/2007 4:47 AM:
> > On Wednesday 03 January 2007 6:45 pm, ajos1@onion.demon.co.uk wrote:
> >> -
> >>
> >> I have  ... the following and I see not a single reference to fh_date
> >>
> >> # Fred's Header rules
> >> # Version:  1.04.08
> >> # Created:  08/20/2003
> >> # Modified: 01/02/2007
> >> # Current Home: http://www.rulesemporium.com/rules/88_FVGT_headers.cf
> >>
> >>
> >> -----Original Message-----
> >> From: MailScanner discussion <mailscanner@lists.mailscanner.info
> >> Subj: Re: OT: Freds Rules
> >> Date: Wed, 03 Jan 2007 17:37:24 -0600
> >>
> >> Scott Silva wrote:
> >>> David Vosburgh spake the following on 1/3/2007 3:04 PM:
> >>>> Anyone else seeing a problem with the rules FH_DATE_ISNT_2006 and
> >>>> FH_DATE_ISNT_200X (in 88_FVGT_headers.cf) now that the new year has
> >>>> started?  I've just modified mine to account for the new year.
> >>>>
> >>>> Dave
> >>>
> >>> What version are you using?
> >>> Some of Fred's rules were updated yesterday
> >>
> >> 1.04.07. I update all the RDJ's at 4am each morning, and it didn't
> >> change this morning. Thanks.
> >
> > Yesterday, having seen the problems caused by 88_FVGT_headers.cf, I
> > edited the FH_DATE_ISNT_2006 and FH_DATE_ISNT_200X rules to change 2006
> > to 2007 --> end of problems.  However, I don't know what the implications
> > of these changes are.  Would someone be kind enough to explain?
> >
> > Thanks.
> >
> > Dimitri
>
> Since that isn't present in the current rules, I wouldn't worry about it.
> Just download the current version and replace the old one.
>
> --
>

Thanks, Scott, I'll do that.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jan  4 20:25:39 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan  4 19:32:00 2007
Subject: Lock Type Question
In-Reply-To: <enjc2s$c2g$2@sea.gmane.org>
References: <459CBD49.61A0.0000.0@caspercollege.edu>
	<enjc2s$c2g$2@sea.gmane.org>
Message-ID: <459D54B3.8070206@ecs.soton.ac.uk>



Scott Silva wrote:
> Daniel Straka spake the following on 1/4/2007 7:39 AM:
>   
>> Is it OK to have the "Lock Type =" configuration option uncommented and
>> blank?
>> I've been getting a lot of the following messages in the mail log and
>> was
>> wondering if this might be related.
>> Jan  4 08:32:47 mail sendmail-in[2531]: rejecting connections on daemon
>> MTA: 15 children, max 15
>>
>>     
> Even though your problem is not related to the locktype setting, I would still
> set something there. Maybe it is working now, but the autodetect part of
> mailscanner has been wrong before, and it could happen again.
>
>   
The comment immediately above the "Lock Type =" setting explains what it 
needs to be set to for what versions of what MTA under what versions of 
Linux. I have tried to make the comment fairly clear.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Thu Jan  4 20:45:33 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan  4 19:52:01 2007
Subject: New Year's Resolution and new beta release
Message-ID: <459D595D.8010101@ecs.soton.ac.uk>

Hi folks!

Yes, it's me, I've actually had time to catch up.

My New Year's Resolution is to try to spend more time doing MailScanner 
support. For the last 6 months I have only had time to check my 
mailscanner@ecs.soton.ac.uk address, not the mailing lists at all.

Several months recently have been really tough at work on a personal 
level, having to face up to the consequences of my poor health in ways I 
have not had to before, which was a really rough time. I have more or 
less come to terms with it now, and the facts have pretty much sunk in 
so I am feeling rather better now than any time over the past few months.

I don't guarantee I'm going to be able to check the list every day, nor 
read every posting, but I will try a lot harder to show my face around 
here sometimes. I have a big database programming job that is going to 
last for the whole of the next year, so my time is limited. But I am 
going to try to reshuffle a few things in an effort to make more time 
for you guys. I have never done much database programming before, I've 
always found a nice light-weight way around having to use a full scale 
SQL server. And I've never done any .Net or C# before either, so I've 
got a lot to learn.

Secondly, I have just released a new Beta version. This is 4.58.4.

I have fixed the bug where the {Fraud?} tag was not displayed, but the 
{Disarmed} tag instead. You should now get {Fraud?} wherever it finds a 
phishing trap, and you will also get {Disarmed} if you "Highlight 
Phishing Fraud" as well. I hope that is good enough for you.

I have also figured out how to get the configuration system to call a 
ruleset from within a Custom Function. So if you want to handle some 
situations with a Custom Function, but then have that use a ruleset some 
of the time, you can now do it. It is something I never dreamed up when 
I was writing it, so it is pulling a stunt I never thought I would need. 
I have produced a stripped-down example of how to do it, and the code is 
in the /usr/lib/MailScanner/MailScanner/CustomFunctions directory, along 
with the other few examples I provide you to start from.

I intend to release a new Stable version very soon, hopefully in the 
next week or so. Please do test the new {Fraud?} tag code and give the 
whole thing a good run on any test hosts you may have available.

Beta-testers ----> This means you guys please!

So it just leaves me to wish you all a very good New Year, and let's 
hope this year is personally rather less stressful than last year!

Best regards.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From robert.isaac at volvoclub.org.uk  Thu Jan  4 21:29:08 2007
From: robert.isaac at volvoclub.org.uk (Robert Isaac)
Date: Thu Jan  4 20:29:51 2007
Subject: Numerous pid's
Message-ID: <004401c7303e$fc6c9ab0$0200a8c0@250N>

I have MailScanner running on RHES 4. My cron job
/opt/MailScanner/bin/check_mailscanner reports: MailScanner running with pid
11433 11434 11442 11443 11444 11448 18894 18895 18898 18907 18938 18941.
Should there be this number or should I kill some off? 

Bob
Director/Web Admin
Volvo Owners Club

 


From MailScanner at ecs.soton.ac.uk  Thu Jan  4 21:38:13 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan  4 20:39:54 2007
Subject: Numerous pid's
In-Reply-To: <004401c7303e$fc6c9ab0$0200a8c0@250N>
References: <004401c7303e$fc6c9ab0$0200a8c0@250N>
Message-ID: <459D65B5.9080405@ecs.soton.ac.uk>

What is your "Max Children" set to? I would suspect it's 5. Do a
    ps ax | grep MailScanner
and you will see what all the processes are doing. Don't just kill 
processes on a whim, that's a real dangerous game to play. Having 
(2*maxchildren+1) processes is quite normal.

Robert Isaac wrote:
> I have MailScanner running on RHES 4. My cron job
> /opt/MailScanner/bin/check_mailscanner reports: MailScanner running with pid
> 11433 11434 11442 11443 11444 11448 18894 18895 18898 18907 18938 18941.
> Should there be this number or should I kill some off? 
>
> Bob
> Director/Web Admin
> Volvo Owners Club
>
>  
>
>
>   

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From carl.andrews at crackerbarrel.com  Thu Jan  4 21:52:48 2007
From: carl.andrews at crackerbarrel.com (Carl Andrews)
Date: Thu Jan  4 20:54:08 2007
Subject: Numerous pid's
In-Reply-To: <200701042030.l04KUfCN026693@smtpgw1.crackerbarrel.com>
References: <200701042030.l04KUfCN026693@smtpgw1.crackerbarrel.com>
Message-ID: <1167943968.24468.91.camel@candrews-lx>

It is listing your child processes also. 
On my system:
MailScanner running with pid 10423 23409 23432 23517 23760 23864 28181
28187

#grep Max\ Chil /etc/MailScanner/MailScanner.conf
Max Children = 5



On Thu, 2007-01-04 at 20:29 +0000, Robert Isaac wrote:
> I have MailScanner running on RHES 4. My cron job
> /opt/MailScanner/bin/check_mailscanner reports: MailScanner running with pid
> 11433 11434 11442 11443 11444 11448 18894 18895 18898 18907 18938 18941.
> Should there be this number or should I kill some off? 
> 
> Bob
> Director/Web Admin
> Volvo Owners Club
> 
>  
> 
> 
From ka at pacific.net  Thu Jan  4 22:04:02 2007
From: ka at pacific.net (Ken A)
Date: Thu Jan  4 21:02:11 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <459D595D.8010101@ecs.soton.ac.uk>
References: <459D595D.8010101@ecs.soton.ac.uk>
Message-ID: <459D6BC2.8080501@pacific.net>



Julian Field wrote:

> 
> I have also figured out how to get the configuration system to call a 
> ruleset from within a Custom Function. So if you want to handle some 
> situations with a Custom Function, but then have that use a ruleset some 
> of the time, you can now do it. It is something I never dreamed up when 
> I was writing it, so it is pulling a stunt I never thought I would need. 
> I have produced a stripped-down example of how to do it, and the code is 
> in the /usr/lib/MailScanner/MailScanner/CustomFunctions directory, along 
> with the other few examples I provide you to start from.
> 

So, regarding Custom Functions in general:

# Your function may be passed a "message" object...
# If you want to find out what there is in a "message" object,
# look at Message.pm as they are all listed there.

Message.pm lists things like $spamreport (set by IsSpam) as well as the 
things I'd expect to see available to a 'message object' (message 
headers, body, etc).

Does a 'message object' ever contain $spamreport?
If so, then for which configuration options in MailScanner.conf could I 
call a custom function that might have access to $spamreport?

Or am I missing the flow of things completely? :-(

Thanks,
Ken A.
Pacific.Net

> 
> Jules
> 

From robert.isaac at volvoclub.org.uk  Thu Jan  4 22:05:11 2007
From: robert.isaac at volvoclub.org.uk (Robert Isaac)
Date: Thu Jan  4 21:05:55 2007
Subject: Numerous pid's
In-Reply-To: <459D65B5.9080405@ecs.soton.ac.uk>
Message-ID: <005101c73044$06097160$0200a8c0@250N>

Yes Max Children is set to 5. grep gives this:
11433 ?        Ss     0:00 MailScanner: master waiting for children,
sleeping
11434 ?        S      0:13 MailScanner: waiting for messages
11442 ?        S      0:13 MailScanner: waiting for messages
11443 ?        S      0:13 MailScanner: waiting for messages
11444 ?        S      0:13 MailScanner: waiting for messages
11448 ?        S      0:13 MailScanner: waiting for messages
18894 ?        Ss     0:00 MailScanner: master waiting for children,
sleeping
18895 ?        S      0:06 MailScanner: waiting for messages
18898 ?        S      0:06 MailScanner: waiting for messages
18907 ?        S      0:06 MailScanner: waiting for messages
18938 ?        S      0:06 MailScanner: waiting for messages
18941 ?        S      0:06 MailScanner: waiting for messages
18629 pts/3    S+     0:00 grep MailScanner 

The server does not handle a lot of mail, only stuff on our domain routed
from the ISP. SA kills off about 10Mb of spam a day. I only have 6 users on
the system.

Bob

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info 
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
Of Julian Field
Sent: 04 January 2007 20:38
To: MailScanner discussion
Subject: Re: Numerous pid's

What is your "Max Children" set to? I would suspect it's 5. Do a
    ps ax | grep MailScanner
and you will see what all the processes are doing. Don't just 
kill processes on a whim, that's a real dangerous game to play. Having
(2*maxchildren+1) processes is quite normal.

Robert Isaac wrote:
> I have MailScanner running on RHES 4. My cron job 
> /opt/MailScanner/bin/check_mailscanner reports: MailScanner running 
> with pid
> 11433 11434 11442 11443 11444 11448 18894 18895 18898 18907 
18938 18941.
> Should there be this number or should I kill some off? 
>
> Bob
> Director/Web Admin
> Volvo Owners Club


From glenn.steen at gmail.com  Thu Jan  4 22:04:58 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan  4 21:06:16 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <20070104135003.4B4DBFF17@mx-a.vdnet.lt>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<200612022342.kB2NgCcf026083@bkserver.blacknight.ie>
	<20061203011931.d29a40c0.michel@mitch-it.nl>
	<45743355.2040006@sendit.nodak.edu>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>
Message-ID: <223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>

On 04/01/07, Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:
> On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com> wrote:
>
> > > OK, here they are attached. message1 and queue1 are with milter-greylist,
> > > message2 and queue2 - without.
> >
> > I typed a longish reply to this one yesterday, which gmail then
> > promptly swallowed:-).
> > Oh well.
> >
> > The gist of it was "If I get time, I'll look at the code"... and
> > "interresting that postcat demangles it correctly (so that the postcat
> > of each queue file is ... well, as close to identical as possible)
> > ...".
> >
> > Don't have much spare time ATM though, so don't hold your breath:-).
> > Who knows, Jules might find the time to look at it before the weekend
> > (when I'll be likely having an hour to spend:-).
>
> Any news on it (although I'm sure you didn't have spare time...)?
>
> Regards,
> Nerijus
>
You are quite correct that I've been sorely out of time. As you 've
probably gathered, that "free time" that weekend turned out to be less
than free. Perhaps things will let up at work sometime next week, but
I doubt it...

Bad health willing (turns out 20+ years of "moderately bad digestion"
is actually Crohns disease. As a friend put it: "You gotta be
kidding... You're neither female, nor in your late teens/early
twenties"... which is more the norm for that particular ailment:-)
I'll actually do some digging. Unless of course the Root reincarnate
(Jules) finds the time (which would probably be best).

Best regards
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Thu Jan  4 22:13:05 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan  4 21:14:43 2007
Subject: Numerous pid's
In-Reply-To: <005101c73044$06097160$0200a8c0@250N>
References: <005101c73044$06097160$0200a8c0@250N>
Message-ID: <459D6DE1.8000408@ecs.soton.ac.uk>

That all looks quite normal to me. Don't worry about it. Only start 
worrying when your queue is growing consistently, all the processes are 
reporting that they are doing something, and that your "uptime" load 
average is 15 or above.

Robert Isaac wrote:
> Yes Max Children is set to 5. grep gives this:
> 11433 ?        Ss     0:00 MailScanner: master waiting for children,
> sleeping
> 11434 ?        S      0:13 MailScanner: waiting for messages
> 11442 ?        S      0:13 MailScanner: waiting for messages
> 11443 ?        S      0:13 MailScanner: waiting for messages
> 11444 ?        S      0:13 MailScanner: waiting for messages
> 11448 ?        S      0:13 MailScanner: waiting for messages
> 18894 ?        Ss     0:00 MailScanner: master waiting for children,
> sleeping
> 18895 ?        S      0:06 MailScanner: waiting for messages
> 18898 ?        S      0:06 MailScanner: waiting for messages
> 18907 ?        S      0:06 MailScanner: waiting for messages
> 18938 ?        S      0:06 MailScanner: waiting for messages
> 18941 ?        S      0:06 MailScanner: waiting for messages
> 18629 pts/3    S+     0:00 grep MailScanner 
>
> The server does not handle a lot of mail, only stuff on our domain routed
> from the ISP. SA kills off about 10Mb of spam a day. I only have 6 users on
> the system.
>
> Bob
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Julian Field
> Sent: 04 January 2007 20:38
> To: MailScanner discussion
> Subject: Re: Numerous pid's
>
> What is your "Max Children" set to? I would suspect it's 5. Do a
>     ps ax | grep MailScanner
> and you will see what all the processes are doing. Don't just 
> kill processes on a whim, that's a real dangerous game to play. Having
> (2*maxchildren+1) processes is quite normal.
>
> Robert Isaac wrote:
>   
>> I have MailScanner running on RHES 4. My cron job 
>> /opt/MailScanner/bin/check_mailscanner reports: MailScanner running 
>> with pid
>> 11433 11434 11442 11443 11444 11448 18894 18895 18898 18907 
>>     
> 18938 18941.
>   
>> Should there be this number or should I kill some off? 
>>
>> Bob
>> Director/Web Admin
>> Volvo Owners Club
>>     
>
>
>   

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From glenn.steen at gmail.com  Thu Jan  4 22:15:17 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan  4 21:16:34 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <459D6BC2.8080501@pacific.net>
References: <459D595D.8010101@ecs.soton.ac.uk> <459D6BC2.8080501@pacific.net>
Message-ID: <223f97700701041315i7f58aaf6v739b412b549b0e13@mail.gmail.com>

On 04/01/07, Ken A <ka@pacific.net> wrote:
>
>
> Julian Field wrote:
>
> >
> > I have also figured out how to get the configuration system to call a
> > ruleset from within a Custom Function. So if you want to handle some
> > situations with a Custom Function, but then have that use a ruleset some
> > of the time, you can now do it. It is something I never dreamed up when
> > I was writing it, so it is pulling a stunt I never thought I would need.
> > I have produced a stripped-down example of how to do it, and the code is
> > in the /usr/lib/MailScanner/MailScanner/CustomFunctions directory, along
> > with the other few examples I provide you to start from.
> >
>
> So, regarding Custom Functions in general:
>
> # Your function may be passed a "message" object...
> # If you want to find out what there is in a "message" object,
> # look at Message.pm as they are all listed there.
>
> Message.pm lists things like $spamreport (set by IsSpam) as well as the
> things I'd expect to see available to a 'message object' (message
> headers, body, etc).
>
> Does a 'message object' ever contain $spamreport?
> If so, then for which configuration options in MailScanner.conf could I
> call a custom function that might have access to $spamreport?
>
> Or am I missing the flow of things completely? :-(
>
At least the Always Looked Up Last thing... That's where MailWatch gets it.
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Thu Jan  4 22:15:10 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan  4 21:17:03 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>	<200612022342.kB2NgCcf026083@bkserver.blacknight.ie>	<20061203011931.d29a40c0.michel@mitch-it.nl>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>
	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>
Message-ID: <459D6E5E.2030107@ecs.soton.ac.uk>

What do you need me to look at?

Glenn Steen wrote:
> On 04/01/07, Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:
>> On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com> 
>> wrote:
>>
>> > > OK, here they are attached. message1 and queue1 are with 
>> milter-greylist,
>> > > message2 and queue2 - without.
>> >
>> > I typed a longish reply to this one yesterday, which gmail then
>> > promptly swallowed:-).
>> > Oh well.
>> >
>> > The gist of it was "If I get time, I'll look at the code"... and
>> > "interresting that postcat demangles it correctly (so that the postcat
>> > of each queue file is ... well, as close to identical as possible)
>> > ...".
>> >
>> > Don't have much spare time ATM though, so don't hold your breath:-).
>> > Who knows, Jules might find the time to look at it before the weekend
>> > (when I'll be likely having an hour to spend:-).
>>
>> Any news on it (although I'm sure you didn't have spare time...)?
>>
>> Regards,
>> Nerijus
>>
> You are quite correct that I've been sorely out of time. As you 've
> probably gathered, that "free time" that weekend turned out to be less
> than free. Perhaps things will let up at work sometime next week, but
> I doubt it...
>
> Bad health willing (turns out 20+ years of "moderately bad digestion"
> is actually Crohns disease. As a friend put it: "You gotta be
> kidding... You're neither female, nor in your late teens/early
> twenties"... which is more the norm for that particular ailment:-)
> I'll actually do some digging. Unless of course the Root reincarnate
> (Jules) finds the time (which would probably be best).
>
> Best regards

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From glenn.steen at gmail.com  Thu Jan  4 22:30:49 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan  4 21:32:08 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <459D6E5E.2030107@ecs.soton.ac.uk>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<45743355.2040006@sendit.nodak.edu>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>
	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>
	<459D6E5E.2030107@ecs.soton.ac.uk>
Message-ID: <223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>

On 04/01/07, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> What do you need me to look at?
>
(snip)
Well, these queue files Nerijus posted in
http://thread.gmane.org/gmane.mail.virus.mailscanner/47084/focus=47128
... As you can see from the thread, postcat seems to grok them OK, but
not MS. So I was planning (in your absense) to try see why things
don't pan out... but never got the time. I sure would appreciate (not
to mention Nerijus:-) if you could take the time to look at them.

BTW, if you don't mind a personal question... What ails you? Hopefully
something livable/curable?!
Best regards
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ka at pacific.net  Thu Jan  4 22:34:16 2007
From: ka at pacific.net (Ken A)
Date: Thu Jan  4 21:32:27 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <223f97700701041315i7f58aaf6v739b412b549b0e13@mail.gmail.com>
References: <459D595D.8010101@ecs.soton.ac.uk> <459D6BC2.8080501@pacific.net>
	<223f97700701041315i7f58aaf6v739b412b549b0e13@mail.gmail.com>
Message-ID: <459D72D8.4060003@pacific.net>



Glenn Steen wrote:
> On 04/01/07, Ken A <ka@pacific.net> wrote:
>>
>>
>> Julian Field wrote:
>>
>> >
>> > I have also figured out how to get the configuration system to call a
>> > ruleset from within a Custom Function. So if you want to handle some
>> > situations with a Custom Function, but then have that use a ruleset 
>> some
>> > of the time, you can now do it. It is something I never dreamed up when
>> > I was writing it, so it is pulling a stunt I never thought I would 
>> need.
>> > I have produced a stripped-down example of how to do it, and the 
>> code is
>> > in the /usr/lib/MailScanner/MailScanner/CustomFunctions directory, 
>> along
>> > with the other few examples I provide you to start from.
>> >
>>
>> So, regarding Custom Functions in general:
>>
>> # Your function may be passed a "message" object...
>> # If you want to find out what there is in a "message" object,
>> # look at Message.pm as they are all listed there.
>>
>> Message.pm lists things like $spamreport (set by IsSpam) as well as the
>> things I'd expect to see available to a 'message object' (message
>> headers, body, etc).
>>
>> Does a 'message object' ever contain $spamreport?
>> If so, then for which configuration options in MailScanner.conf could I
>> call a custom function that might have access to $spamreport?
>>
>> Or am I missing the flow of things completely? :-(
>>
> At least the Always Looked Up Last thing... That's where MailWatch gets it.

Ah, that makes sense! :-)
I should probably just do some testing and see what happens. (kaboom).
Hope you get feeling better too!
Thanks!
Ken A.
Pacific.Net
From MailScanner at ecs.soton.ac.uk  Thu Jan  4 22:36:51 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan  4 21:38:50 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <459D6BC2.8080501@pacific.net>
References: <459D595D.8010101@ecs.soton.ac.uk> <459D6BC2.8080501@pacific.net>
Message-ID: <459D7373.9030505@ecs.soton.ac.uk>



Ken A wrote:
>
>
> Julian Field wrote:
>
>>
>> I have also figured out how to get the configuration system to call a 
>> ruleset from within a Custom Function. So if you want to handle some 
>> situations with a Custom Function, but then have that use a ruleset 
>> some of the time, you can now do it. It is something I never dreamed 
>> up when I was writing it, so it is pulling a stunt I never thought I 
>> would need. I have produced a stripped-down example of how to do it, 
>> and the code is in the 
>> /usr/lib/MailScanner/MailScanner/CustomFunctions directory, along 
>> with the other few examples I provide you to start from.
>>
>
> So, regarding Custom Functions in general:
>
> # Your function may be passed a "message" object...
> # If you want to find out what there is in a "message" object,
> # look at Message.pm as they are all listed there.
>
> Message.pm lists things like $spamreport (set by IsSpam) as well as 
> the things I'd expect to see available to a 'message object' (message 
> headers, body, etc).
>
> Does a 'message object' ever contain $spamreport?
> If so, then for which configuration options in MailScanner.conf could 
> I call a custom function that might have access to $spamreport?
Anything called after SpamChecks will have access to this. If you have a 
look in /usr/sbin/MailScanner for the WorkForHours function, in there 
you will find the message batch loop. Once the spam checks have been 
done, you'll see where the code goes next, and hence what will have the 
spamreport in it.
>
> Or am I missing the flow of things completely? :-(
>
> Thanks,
> Ken A.
> Pacific.Net
>
>>
>> Jules
>>
>

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Thu Jan  4 23:10:57 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan  4 22:13:30 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>
	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
Message-ID: <459D7B71.2030300@ecs.soton.ac.uk>



Glenn Steen wrote:
> BTW, if you don't mind a personal question... What ails you? Hopefully
> something livable/curable?!
A very long list. I have no portal vein (look it up) nor 2/3rds of my 
stomach. My digestive system is a Y shape (yours is an S shape if you 
think about it). The painful bit is an old operational scar, which 
forces a lot of blood through a bunch of very small veins, for which I 
live on pain-killers the same strength as morphine. It's "oxycodone" 
which you can look up. It's very strong, and highly addictive. It's said 
to be twice as hard to withdraw from as heroin. So that's great fun. Due 
to no portal vein and chronic liver disease from post-op complications, 
I have hepatic encephalopathy, which is basically when your blood 
poisons your brain, as a result of liver failure. And I have all sorts 
of blood problems too, protein C and K deficiences, vitamin K 
deficiency, which causes various other problems.

The upshot is that I live on 100 pills per week, I have to go into 
hospital every 3 weeks for a blood check-up, and I have no memory to 
speak of, I forget everything.

The only advantage is that I never feel hungry, due to the results of 
one of the (at least) dozen operations I've had.

You asked :-)

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From ssilva at sgvwater.com  Fri Jan  5 00:20:46 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan  4 23:22:26 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <459D7B71.2030300@ecs.soton.ac.uk>
References: <4571B547.1090804@ecs.soton.ac.uk>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
	<459D7B71.2030300@ecs.soton.ac.uk>
Message-ID: <enk24g$f02$1@sea.gmane.org>

Julian Field spake the following on 1/4/2007 2:10 PM:
> 
> 
> Glenn Steen wrote:
>> BTW, if you don't mind a personal question... What ails you? Hopefully
>> something livable/curable?!
> A very long list. I have no portal vein (look it up) nor 2/3rds of my
> stomach. My digestive system is a Y shape (yours is an S shape if you
> think about it). The painful bit is an old operational scar, which
> forces a lot of blood through a bunch of very small veins, for which I
> live on pain-killers the same strength as morphine. It's "oxycodone"
> which you can look up. It's very strong, and highly addictive. It's said
> to be twice as hard to withdraw from as heroin. So that's great fun. Due
> to no portal vein and chronic liver disease from post-op complications,
> I have hepatic encephalopathy, which is basically when your blood
> poisons your brain, as a result of liver failure. And I have all sorts
> of blood problems too, protein C and K deficiences, vitamin K
> deficiency, which causes various other problems.
> 
> The upshot is that I live on 100 pills per week, I have to go into
> hospital every 3 weeks for a blood check-up, and I have no memory to
> speak of, I forget everything.
> 
> The only advantage is that I never feel hungry, due to the results of
> one of the (at least) dozen operations I've had.
> 
> You asked :-)
> 
> Jules
> 
Jules,
I am so sorry for the pain and suffering you go through, and can't even begin
to imagine what it must be like. I do know about the oxycodone withdrawals, as
I was on OxyContin (a timed-released version) for a few months after a car
accident.
If they could only repair your portal vein, it might clear up many of the
symptoms. The limited blood flow to the liver will cause many of problems, but
I am sure you have been told that many times.
How you find the strength to work as you do is a testimony to your strength of
will, as most people would not want to get out of bed, much less do a full
time job.

You are in my prayers!


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Fri Jan  5 01:06:53 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan  5 00:08:12 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <enk24g$f02$1@sea.gmane.org>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>
	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>
	<459D6E5E.2030107@ecs.soton.ac.uk>
	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
	<459D7B71.2030300@ecs.soton.ac.uk> <enk24g$f02$1@sea.gmane.org>
Message-ID: <223f97700701041606v3a6a53ebh2b4edf837a0d65cc@mail.gmail.com>

On 05/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> Julian Field spake the following on 1/4/2007 2:10 PM:
> >
> >
> > Glenn Steen wrote:
> >> BTW, if you don't mind a personal question... What ails you? Hopefully
> >> something livable/curable?!
> > A very long list. I have no portal vein (look it up) nor 2/3rds of my
> > stomach. My digestive system is a Y shape (yours is an S shape if you
> > think about it). The painful bit is an old operational scar, which
> > forces a lot of blood through a bunch of very small veins, for which I
> > live on pain-killers the same strength as morphine. It's "oxycodone"
> > which you can look up. It's very strong, and highly addictive. It's said
> > to be twice as hard to withdraw from as heroin. So that's great fun. Due
> > to no portal vein and chronic liver disease from post-op complications,
> > I have hepatic encephalopathy, which is basically when your blood
> > poisons your brain, as a result of liver failure. And I have all sorts
> > of blood problems too, protein C and K deficiences, vitamin K
> > deficiency, which causes various other problems.
> >
> > The upshot is that I live on 100 pills per week, I have to go into
> > hospital every 3 weeks for a blood check-up, and I have no memory to
> > speak of, I forget everything.
> >
> > The only advantage is that I never feel hungry, due to the results of
> > one of the (at least) dozen operations I've had.
> >
> > You asked :-)

I did, didn't I... Compared to that, my problems are pretty
insignificant. How do you even get up to get the first pills of the
day? I'm in awe of your strength.
The memory goes sooner or later, but I imagine we all would like it
(yours and ours) to be later...:-)

> > Jules
> >
> Jules,
> I am so sorry for the pain and suffering you go through, and can't even begin
> to imagine what it must be like. I do know about the oxycodone withdrawals, as
> I was on OxyContin (a timed-released version) for a few months after a car
> accident.
> If they could only repair your portal vein, it might clear up many of the
> symptoms. The limited blood flow to the liver will cause many of problems, but
> I am sure you have been told that many times.
> How you find the strength to work as you do is a testimony to your strength of
> will, as most people would not want to get out of bed, much less do a full
> time job.
>
> You are in my prayers!
>
Thank you Scott for expressing my sentiments so very clearly, I
couldn't agree more.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ssilva at sgvwater.com  Fri Jan  5 01:23:54 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan  5 00:25:41 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701041606v3a6a53ebh2b4edf837a0d65cc@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>	<459D7B71.2030300@ecs.soton.ac.uk>
	<enk24g$f02$1@sea.gmane.org>
	<223f97700701041606v3a6a53ebh2b4edf837a0d65cc@mail.gmail.com>
Message-ID: <enk5qr$l28$1@sea.gmane.org>

Glenn Steen spake the following on 1/4/2007 4:06 PM:
> On 05/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>> Julian Field spake the following on 1/4/2007 2:10 PM:
>> >
>> >
>> > Glenn Steen wrote:
>> >> BTW, if you don't mind a personal question... What ails you? Hopefully
>> >> something livable/curable?!
>> > A very long list. I have no portal vein (look it up) nor 2/3rds of my
>> > stomach. My digestive system is a Y shape (yours is an S shape if you
>> > think about it). The painful bit is an old operational scar, which
>> > forces a lot of blood through a bunch of very small veins, for which I
>> > live on pain-killers the same strength as morphine. It's "oxycodone"
>> > which you can look up. It's very strong, and highly addictive. It's
>> said
>> > to be twice as hard to withdraw from as heroin. So that's great fun.
>> Due
>> > to no portal vein and chronic liver disease from post-op complications,
>> > I have hepatic encephalopathy, which is basically when your blood
>> > poisons your brain, as a result of liver failure. And I have all sorts
>> > of blood problems too, protein C and K deficiences, vitamin K
>> > deficiency, which causes various other problems.
>> >
>> > The upshot is that I live on 100 pills per week, I have to go into
>> > hospital every 3 weeks for a blood check-up, and I have no memory to
>> > speak of, I forget everything.
>> >
>> > The only advantage is that I never feel hungry, due to the results of
>> > one of the (at least) dozen operations I've had.
>> >
>> > You asked :-)
> 
> I did, didn't I... Compared to that, my problems are pretty
> insignificant. How do you even get up to get the first pills of the
> day? I'm in awe of your strength.
> The memory goes sooner or later, but I imagine we all would like it
> (yours and ours) to be later...:-)
> 
>> > Jules
>> >
>> Jules,
>> I am so sorry for the pain and suffering you go through, and can't
>> even begin
>> to imagine what it must be like. I do know about the oxycodone
>> withdrawals, as
>> I was on OxyContin (a timed-released version) for a few months after a
>> car
>> accident.
>> If they could only repair your portal vein, it might clear up many of the
>> symptoms. The limited blood flow to the liver will cause many of
>> problems, but
>> I am sure you have been told that many times.
>> How you find the strength to work as you do is a testimony to your
>> strength of
>> will, as most people would not want to get out of bed, much less do a
>> full
>> time job.
>>
>> You are in my prayers!
>>
> Thank you Scott for expressing my sentiments so very clearly, I
> couldn't agree more.
> 
Glenn,
You also have my sympathies. I hope that the doctors can at least treat your
Crohn's to a tolerable level now that they know what it is.
 At least I see that alcohol is still OK with most cases! ;-)


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From danderson_1965 at yahoo.com  Fri Jan  5 01:38:48 2007
From: danderson_1965 at yahoo.com (Dale Anderson)
Date: Fri Jan  5 00:40:06 2007
Subject: Help very slow smtpd server 
Message-ID: <20070105003848.89386.qmail@web53103.mail.yahoo.com>

Hi all we been getting hit with email attacks. So I
added a recipients list to our smtpd server and now it
is very slow. Anyone work with qmail-recipients? Any
suggestion The firewall I am using is showing 
SYN flood attack dropped every min. What else can I
try. System is a FreeBSD 5.0 with Qmail maidir pop3 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
From danderson_1965 at yahoo.com  Fri Jan  5 01:40:04 2007
From: danderson_1965 at yahoo.com (Dale Anderson)
Date: Fri Jan  5 00:41:23 2007
Subject: Help very slow smtpd server 
Message-ID: <20070105004004.77675.qmail@web53112.mail.yahoo.com>

Hi all we been getting hit with email attacks. So I
added a recipients list to our smtpd server and now it
is very slow. Anyone work with qmail-recipients? Any
suggestion The firewall I am using is showing 
SYN flood attack dropped every min. What else can I
try. System is a FreeBSD 5.0 with Qmail maidir pop3 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
From kevin at univexsystems.com  Fri Jan  5 06:29:16 2007
From: kevin at univexsystems.com (Kevin Bedford)
Date: Fri Jan  5 05:31:55 2007
Subject: maillog complaining about ownership of /var/spool/postfix
Message-ID: <459DE22C.2050606@univexsystems.com>

Greetings,

I appologise if this is a stupid question but I can't find any 
difference between this system and others I have that don't generate 
this message but I have not been able to find any other information on 
the problem which is as follows.

The system is a new install with CentOs 4.4, Postfix, MailScanner 
Spamassassin and MailWatch.  Postfix is running chroot.  Everything 
appears ok but the maillog keeps repeating the following message:

Jan  5 16:57:50 mail MailScanner[26136]: Enabling SpamAssassin 
auto-whitelist functionality...
Jan  5 16:57:57 mail MailScanner[26136]: /var/spool/postfix is not owned 
by user 89 !

User 89 by the way is postfix but according to other documentation I 
have found /var/spool/postfix should be owned by root which it is and is 
by default.  If I change this then postfix complains and dies.

Here is the ownership of everything in /var/spool/postfix

drwx------  2 postfix root     4096 Nov 23 04:02 active
drwx------  2 postfix root     4096 Aug 13 08:07 bounce
drwx------  2 postfix root     4096 Aug 13 08:07 corrupt
drwx------  2 postfix root     4096 Aug 13 08:07 defer
drwx------  2 postfix root     4096 Aug 13 08:07 deferred
drwxr-xr-x  2 root    root     4096 Jan  3 20:41 etc
drwx------  2 postfix root     4096 Aug 13 08:07 flush
drwx------  2 postfix root     4096 Jan  5 04:02 hold
drwx------  2 postfix root     4096 Jan  5 04:02 incoming
drwxr-xr-x  2 root    root     4096 Nov 29 10:45 lib
drwx-wx---  2 postfix postdrop 4096 Jan  5 04:02 maildrop
drwxr-xr-x  2 root    root     4096 Nov 21 00:05 pid
drwx------  2 postfix root     4096 Jan  5 17:14 private
drwx--x---  2 postfix postdrop 4096 Jan  5 17:14 public
drwx------  2 postfix root     4096 Aug 13 08:07 saved
drwx------  2 postfix root     4096 Aug 13 08:07 trace
drwxr-xr-x  3 root    root     4096 Nov 29 10:45 usr

Because the ownership message always appears directly after the one 
about Enabling SpamAssassin auto-whitelist functionality I am suspicious 
that is has something to do with this.

Does anyone have any ideas on the likely cause or is it something I 
should ignore?

Regards
Kevin
From glenn.steen at gmail.com  Fri Jan  5 09:20:45 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan  5 08:22:06 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <enk5qr$l28$1@sea.gmane.org>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>
	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>
	<459D6E5E.2030107@ecs.soton.ac.uk>
	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
	<459D7B71.2030300@ecs.soton.ac.uk> <enk24g$f02$1@sea.gmane.org>
	<223f97700701041606v3a6a53ebh2b4edf837a0d65cc@mail.gmail.com>
	<enk5qr$l28$1@sea.gmane.org>
Message-ID: <223f97700701050020r7cdebbcfldee480a532b3c6ff@mail.gmail.com>

On 05/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
(snip)
> Glenn,
> You also have my sympathies. I hope that the doctors can at least treat your
> Crohn's to a tolerable level now that they know what it is.
>  At least I see that alcohol is still OK with most cases! ;-)
>
Yeah, that's the good thing with finally getting a diagnose ...
Treatment, both medical and personal (people in the medical sphere of
things can be so very patronizing:-), has so far improved
drastically... And I'm still on the "light" stuff, so ... pretty
livable ATM.
I was expecting not only to have to give up booze but also my
(other?-) vices... Horror above horrors to do without coffee and
tobacco (snus, for those who are familiar with the concept:-). Turns
out that with medicine and all I can still pretty much eat/drink
whatever I want, look forward to a rather normal life (if one
considers it normal to have someone shove a small hose up your rear
end regularly, to do checkups:-), so ... I'm good now, or getting
there, more or less.
Appreciate the thought though.

Sorry people for getting this mindbogglingly far off topic.
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Fri Jan  5 09:41:49 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan  5 08:43:10 2007
Subject: maillog complaining about ownership of /var/spool/postfix
In-Reply-To: <459DE22C.2050606@univexsystems.com>
References: <459DE22C.2050606@univexsystems.com>
Message-ID: <223f97700701050041m1ce0dcaat73c87138ec371aef@mail.gmail.com>

On 05/01/07, Kevin Bedford <kevin@univexsystems.com> wrote:
> Greetings,
>
> I appologise if this is a stupid question but I can't find any
> difference between this system and others I have that don't generate
> this message but I have not been able to find any other information on
> the problem which is as follows.
>
> The system is a new install with CentOs 4.4, Postfix, MailScanner
> Spamassassin and MailWatch.  Postfix is running chroot.  Everything
> appears ok but the maillog keeps repeating the following message:
>
> Jan  5 16:57:50 mail MailScanner[26136]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jan  5 16:57:57 mail MailScanner[26136]: /var/spool/postfix is not owned
> by user 89 !
>
> User 89 by the way is postfix but according to other documentation I
> have found /var/spool/postfix should be owned by root which it is and is
> by default.  If I change this then postfix complains and dies.
>
> Here is the ownership of everything in /var/spool/postfix
>
> drwx------  2 postfix root     4096 Nov 23 04:02 active
> drwx------  2 postfix root     4096 Aug 13 08:07 bounce
> drwx------  2 postfix root     4096 Aug 13 08:07 corrupt
> drwx------  2 postfix root     4096 Aug 13 08:07 defer
> drwx------  2 postfix root     4096 Aug 13 08:07 deferred
> drwxr-xr-x  2 root    root     4096 Jan  3 20:41 etc
> drwx------  2 postfix root     4096 Aug 13 08:07 flush
> drwx------  2 postfix root     4096 Jan  5 04:02 hold
> drwx------  2 postfix root     4096 Jan  5 04:02 incoming
> drwxr-xr-x  2 root    root     4096 Nov 29 10:45 lib
> drwx-wx---  2 postfix postdrop 4096 Jan  5 04:02 maildrop
> drwxr-xr-x  2 root    root     4096 Nov 21 00:05 pid
> drwx------  2 postfix root     4096 Jan  5 17:14 private
> drwx--x---  2 postfix postdrop 4096 Jan  5 17:14 public
> drwx------  2 postfix root     4096 Aug 13 08:07 saved
> drwx------  2 postfix root     4096 Aug 13 08:07 trace
> drwxr-xr-x  3 root    root     4096 Nov 29 10:45 usr
>
> Because the ownership message always appears directly after the one
> about Enabling SpamAssassin auto-whitelist functionality I am suspicious
> that is has something to do with this.
>
> Does anyone have any ideas on the likely cause or is it something I
> should ignore?
>
> Regards
> Kevin

Hi Kevin,

It is complainig about /var/spool/postfix, not what's inside that
directory. This should be OK, normally to be owned by any user (I
suspect you'll find that it is root that owns it, and that postfix has
only read/execute perms on it), unless something (like SpamAssassin,
in this particular case) wants to create a file or directory there.
Don't change owner/permissions on that directory, since that might ...
defeat... the chroot thing.

So this is probably the same ol' thing as usual Either create a
/var/spool/postfix/.spamassassin directory owned/writable by postfix,
and/or set the "SpamAssassin User State Dir" in MailScanner.conf to
someplace writable ... and check/set the auto_whitelist things in SA
appropriately... If you want it, make sure you have the LoadPlugin in
a .pre file in /etc/mail/spamassassin, and something like

use_auto_whitelist 1
auto_whitelist_path        /var/spool/spamassassin/auto-whitelist
auto_whitelist_file_mode   0777

... in either /etc/mail/spamassassin/local.cf or
/etc/mail/mailscanner.cf ... or turn it off (if you don't want it) by
not loading the plugin in the .pre file(s).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Fri Jan  5 10:00:52 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan  5 09:02:13 2007
Subject: maillog complaining about ownership of /var/spool/postfix
In-Reply-To: <223f97700701050041m1ce0dcaat73c87138ec371aef@mail.gmail.com>
References: <459DE22C.2050606@univexsystems.com>
	<223f97700701050041m1ce0dcaat73c87138ec371aef@mail.gmail.com>
Message-ID: <223f97700701050100h65b85d22w9672175687fdab3c@mail.gmail.com>

On 05/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> ... in either /etc/mail/spamassassin/local.cf or
> /etc/mail/mailscanner.cf ...
should read /etc/mail/spamassassin/mailscanner.cf (which should be a
symbolic link to /etc/MailScanner/spam.assassin.prefs.conf).


-- 
-- Glenn (a.k.a. Le Grand Typo)
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From cristi at elvsoft.com  Fri Jan  5 10:04:31 2007
From: cristi at elvsoft.com (Tomoiaga Cristian)
Date: Fri Jan  5 09:05:55 2007
Subject: MailScanner <defunct> and 100% CPU from time to time
In-Reply-To: <459DE22C.2050606@univexsystems.com>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>

Hello,

I have a problem with MailScanner.

Distro: CentOS 4.4
CPU: Intel P4 HT
MailScanner 2.46

I used the ConfigServ package to install it and everything worked well until
I updated to 2.40. Everytime I started MailScanner, after a few seconds the
first MailScanner childrens get <defunct> and stay that way until a new
restart. And so on. I've checked maillog but everything looks OK, no errors.

Updateing to 2.46 did not solve the <defunct> problem. 
I do not really mind that problem because those processes do not use mem and
 CPU, but with 2.46 from time to time (from 30 to 30 minutes) I see
MailScanner use 100% of my CPU and stops after receiving a SIGTERM.
Does anyone know something about this ?


Thanks, Tomoiaga 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2619 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070105/a0ba22cb/smime.bin
From jpm at retail-sc.com  Fri Jan  5 10:42:01 2007
From: jpm at retail-sc.com (Jan-Piet Mens)
Date: Fri Jan  5 09:55:46 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <459D595D.8010101@ecs.soton.ac.uk>
References: <459D595D.8010101@ecs.soton.ac.uk>
Message-ID: <20070105094201.GA12252@m1.intdus.retail-sc.com>

On Thu Jan 04 2007 at 20:45:33 CET, Julian Field wrote:

> I have also figured out how to get the configuration system to call a 
> ruleset from within a Custom Function. So if you want to handle some 
> situations with a Custom Function, but then have that use a ruleset some 
> of the time, you can now do it.

Can a custom function also add a header to the current message, and if
so, could you give us a hint on what to call?

Thank you.
	-JP
From drew at technologytiger.net  Fri Jan  5 11:20:58 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Fri Jan  5 10:22:23 2007
Subject: And now even further OT: Greylisting (WAS: Re: MailScanner
	ANNOUNCE: 4.57 released)
In-Reply-To: <enk5qr$l28$1@sea.gmane.org>
References: <4571B547.1090804@ecs.soton.ac.uk>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>	<459D7B71.2030300@ecs.soton.ac.uk>
	<enk24g$f02$1@sea.gmane.org>
	<223f97700701041606v3a6a53ebh2b4edf837a0d65cc@mail.gmail.com>
	<enk5qr$l28$1@sea.gmane.org>
Message-ID: <9A51DEBD-F560-475C-BA11-6D0092CB4BC6@technologytiger.net>

On 5 Jan 2007, at 00:23, Scott Silva wrote:

> Glenn Steen spake the following on 1/4/2007 4:06 PM:
>> On 05/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>>> Julian Field spake the following on 1/4/2007 2:10 PM:
>>>>
>>>>
>>>> Glenn Steen wrote:
>>>>> BTW, if you don't mind a personal question... What ails you?  
>>>>> Hopefully
>>>>> something livable/curable?!
>>>> A very long list. I have no portal vein (look it up) nor 2/3rds  
>>>> of my
>>>> stomach. My digestive system is a Y shape (yours is an S shape  
>>>> if you
>>>> think about it). The painful bit is an old operational scar, which
>>>> forces a lot of blood through a bunch of very small veins, for  
>>>> which I
>>>> live on pain-killers the same strength as morphine. It's  
>>>> "oxycodone"
>>>> which you can look up. It's very strong, and highly addictive. It's
>>> said
>>>> to be twice as hard to withdraw from as heroin. So that's great  
>>>> fun.
>>> Due
>>>> to no portal vein and chronic liver disease from post-op  
>>>> complications,
>>>> I have hepatic encephalopathy, which is basically when your blood
>>>> poisons your brain, as a result of liver failure. And I have all  
>>>> sorts
>>>> of blood problems too, protein C and K deficiences, vitamin K
>>>> deficiency, which causes various other problems.
>>>>
>>>> The upshot is that I live on 100 pills per week, I have to go into
>>>> hospital every 3 weeks for a blood check-up, and I have no  
>>>> memory to
>>>> speak of, I forget everything.
>>>>
>>>> The only advantage is that I never feel hungry, due to the  
>>>> results of
>>>> one of the (at least) dozen operations I've had.
>>>>
>>>> You asked :-)
>>
>> I did, didn't I... Compared to that, my problems are pretty
>> insignificant. How do you even get up to get the first pills of the
>> day? I'm in awe of your strength.
>> The memory goes sooner or later, but I imagine we all would like it
>> (yours and ours) to be later...:-)
>>
>>>> Jules
>>>>
>>> Jules,
>>> I am so sorry for the pain and suffering you go through, and can't
>>> even begin
>>> to imagine what it must be like. I do know about the oxycodone
>>> withdrawals, as
>>> I was on OxyContin (a timed-released version) for a few months  
>>> after a
>>> car
>>> accident.
>>> If they could only repair your portal vein, it might clear up  
>>> many of the
>>> symptoms. The limited blood flow to the liver will cause many of
>>> problems, but
>>> I am sure you have been told that many times.
>>> How you find the strength to work as you do is a testimony to your
>>> strength of
>>> will, as most people would not want to get out of bed, much less  
>>> do a
>>> full
>>> time job.
>>>
>>> You are in my prayers!
>>>
>> Thank you Scott for expressing my sentiments so very clearly, I
>> couldn't agree more.
>>
> Glenn,
> You also have my sympathies. I hope that the doctors can at least  
> treat your
> Crohn's to a tolerable level now that they know what it is.
>  At least I see that alcohol is still OK with most cases! ;-)

I can't put it better to either Glenn or Jules than Scott has done,  
so I won't.

Just suffice to say my thoughts are with you both and I hope the  
knowledge of the community behind you both will keep the strength  
with you both.

Kind regards

Drew
From glenn.steen at gmail.com  Fri Jan  5 11:28:41 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan  5 10:30:02 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <20070105094201.GA12252@m1.intdus.retail-sc.com>
References: <459D595D.8010101@ecs.soton.ac.uk>
	<20070105094201.GA12252@m1.intdus.retail-sc.com>
Message-ID: <223f97700701050228x2bc16e72hded80c7f960e8c7d@mail.gmail.com>

On 05/01/07, Jan-Piet Mens <jpm@retail-sc.com> wrote:
> On Thu Jan 04 2007 at 20:45:33 CET, Julian Field wrote:
>
> > I have also figured out how to get the configuration system to call a
> > ruleset from within a Custom Function. So if you want to handle some
> > situations with a Custom Function, but then have that use a ruleset some
> > of the time, you can now do it.
>
> Can a custom function also add a header to the current message, and if
> so, could you give us a hint on what to call?
>
It should. Think "custom function on the * Spam Actions" where * is
one of Non, High or the empty string:-).
If that would be feasible for what you want to do... is another matter:-).
You could also look at/mimic how Jules code adds headers to the
message object (pushing them onto the extraspamheaders array, more or
less), which would free you to place this in any custom function
called after the message object has been created, but before it gets
written to file.
At least... that's my understanding so far:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From t.d.lee at durham.ac.uk  Fri Jan  5 11:39:26 2007
From: t.d.lee at durham.ac.uk (David Lee)
Date: Fri Jan  5 10:40:56 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <459D595D.8010101@ecs.soton.ac.uk>
References: <459D595D.8010101@ecs.soton.ac.uk>
Message-ID: <Pine.GSO.4.58.0701051023500.13074@arachne.dur.ac.uk>

On Thu, 4 Jan 2007, Julian Field wrote:

> [...]
> My New Year's Resolution is to try to spend more time doing MailScanner
> support. For the last 6 months I have only had time to check my
> mailscanner@ecs.soton.ac.uk address, not the mailing lists at all.
>
> [...]
> Secondly, I have just released a new Beta version. This is 4.58.4.
>
> [...]
> I intend to release a new Stable version very soon, hopefully in the
> next week or so. Please do test the new {Fraud?} tag code and give the
> whole thing a good run on any test hosts you may have available.
> [...]

Julian: Just before Christmas there was a thread about checking return
codes from system calls.  The consensus seemed to be that MS had the
balance about right: checking those that were likely to fail, but not
being too paranoid about those that were either extremely unlikely or had
not occured in anyone's real experience.  That's fine with me.

But (hah! there's always a "but" isn't there?)...

Could you check, please, the report from November:
   http://lists.mailscanner.info/pipermail/mailscanner/2006-November/067706.html

which is part of thread:
   http://lists.mailscanner.info/pipermail/mailscanner/2006-November/067415.html

This is (presumably) rare for others, but it has been, and still is, real
for us. That is, it falls into the "occurs in real experience" category.
(I'm surviving by using a suboptimal fudge around the problem.)


Brief summary: "MailScanner/SA.pm" does a fork()/exec() to SpamAssassin.
If, for some reason, that SA crashes then the parent (MS) process seems
not to detect this, and treats it as a good, 'ham' result.  (I give
possible suggestions in that November email.)

Hope you are able to look into this.  I would be happy to try to beta-test
your fix.  Thanks.

Best wishes.


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
From MailScanner at ecs.soton.ac.uk  Fri Jan  5 12:19:31 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jan  5 11:23:20 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <Pine.GSO.4.58.0701051023500.13074@arachne.dur.ac.uk>
References: <459D595D.8010101@ecs.soton.ac.uk>
	<Pine.GSO.4.58.0701051023500.13074@arachne.dur.ac.uk>
Message-ID: <459E3443.4020606@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



David Lee wrote:
> On Thu, 4 Jan 2007, Julian Field wrote:
>
>   
>> [...]
>> My New Year's Resolution is to try to spend more time doing MailScanner
>> support. For the last 6 months I have only had time to check my
>> mailscanner@ecs.soton.ac.uk address, not the mailing lists at all.
>>
>> [...]
>> Secondly, I have just released a new Beta version. This is 4.58.4.
>>
>> [...]
>> I intend to release a new Stable version very soon, hopefully in the
>> next week or so. Please do test the new {Fraud?} tag code and give the
>> whole thing a good run on any test hosts you may have available.
>> [...]
>>     
>
> Julian: Just before Christmas there was a thread about checking return
> codes from system calls.  The consensus seemed to be that MS had the
> balance about right: checking those that were likely to fail, but not
> being too paranoid about those that were either extremely unlikely or had
> not occured in anyone's real experience.  That's fine with me.
>
> But (hah! there's always a "but" isn't there?)...
>
> Could you check, please, the report from November:
>    http://lists.mailscanner.info/pipermail/mailscanner/2006-November/067706.html
>
> which is part of thread:
>    http://lists.mailscanner.info/pipermail/mailscanner/2006-November/067415.html
>
> This is (presumably) rare for others, but it has been, and still is, real
> for us. That is, it falls into the "occurs in real experience" category.
> (I'm surviving by using a suboptimal fudge around the problem.)
>
>
> Brief summary: "MailScanner/SA.pm" does a fork()/exec() to SpamAssassin.
> If, for some reason, that SA crashes then the parent (MS) process seems
> not to detect this, and treats it as a good, 'ham' result.  (I give
> possible suggestions in that November email.)
>   
And therefore it is failing 'safe'. Why wouldn't you want it to fail 
safe? Failure resulting in message delivery sounds a whole lot better 
than failure resulting in message disposal.

> Hope you are able to look into this.  I would be happy to try to beta-test
> your fix.  Thanks.
>
> Best wishes.
>
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFnjS/EfZZRxQVtlQRAukaAJ9uMmWeO6XQkuNtwe8k7zODPEr6jQCcCvqS
/Kl7uRgyQZumvo+9Hab19/4=
=iIXc
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Fri Jan  5 12:25:24 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jan  5 11:28:27 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <enk24g$f02$1@sea.gmane.org>
References: <4571B547.1090804@ecs.soton.ac.uk>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>	<459D7B71.2030300@ecs.soton.ac.uk>
	<enk24g$f02$1@sea.gmane.org>
Message-ID: <459E35A4.5050600@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Scott Silva wrote:
> Julian Field spake the following on 1/4/2007 2:10 PM:
>   
>> Glenn Steen wrote:
>>     
>>> BTW, if you don't mind a personal question... What ails you? Hopefully
>>> something livable/curable?!
>>>       
>> A very long list. I have no portal vein (look it up) nor 2/3rds of my
>> stomach. My digestive system is a Y shape (yours is an S shape if you
>> think about it). The painful bit is an old operational scar, which
>> forces a lot of blood through a bunch of very small veins, for which I
>> live on pain-killers the same strength as morphine. It's "oxycodone"
>> which you can look up. It's very strong, and highly addictive. It's said
>> to be twice as hard to withdraw from as heroin. So that's great fun. Due
>> to no portal vein and chronic liver disease from post-op complications,
>> I have hepatic encephalopathy, which is basically when your blood
>> poisons your brain, as a result of liver failure. And I have all sorts
>> of blood problems too, protein C and K deficiences, vitamin K
>> deficiency, which causes various other problems.
>>
>> The upshot is that I live on 100 pills per week, I have to go into
>> hospital every 3 weeks for a blood check-up, and I have no memory to
>> speak of, I forget everything.
>>
>> The only advantage is that I never feel hungry, due to the results of
>> one of the (at least) dozen operations I've had.
>>
>> You asked :-)
>>
>> Jules
>>
>>     
> Jules,
> I am so sorry for the pain and suffering you go through, and can't even begin
> to imagine what it must be like. I do know about the oxycodone withdrawals, as
> I was on OxyContin (a timed-released version) for a few months after a car
> accident.
>   

And I forgot to mention my current dose: 140mg per day.

> If they could only repair your portal vein, it might clear up many of the
> symptoms. The limited blood flow to the liver will cause many of problems, but
> I am sure you have been told that many times.
> How you find the strength to work as you do is a testimony to your strength of
> will, as most people would not want to get out of bed, much less do a full
> time job.
>
> You are in my prayers!
>   
Thank you!
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFnjXrEfZZRxQVtlQRAkX2AJwMajhc5SOzHDfg8l/cwb2GBLhBfACgsSqX
GCFs+QDlSCPhExY35rk/sy0=
=O1KW
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From kevin at univexsystems.com  Fri Jan  5 12:43:07 2007
From: kevin at univexsystems.com (Kevin Bedford)
Date: Fri Jan  5 11:45:30 2007
Subject: maillog complaining about ownership of /var/spool/postfix
In-Reply-To: <223f97700701050100h65b85d22w9672175687fdab3c@mail.gmail.com>
References: <459DE22C.2050606@univexsystems.com>	<223f97700701050041m1ce0dcaat73c87138ec371aef@mail.gmail.com>
	<223f97700701050100h65b85d22w9672175687fdab3c@mail.gmail.com>
Message-ID: <459E39CB.9050600@univexsystems.com>

Glenn Steen wrote:

> On 05/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> (snip)
>
>> ... in either /etc/mail/spamassassin/local.cf or
>> /etc/mail/mailscanner.cf ...
>
> should read /etc/mail/spamassassin/mailscanner.cf (which should be a
> symbolic link to /etc/MailScanner/spam.assassin.prefs.conf).
>
>
Many thanks for the direction I should be able to work it out

Regards
Kevin
From t.d.lee at durham.ac.uk  Fri Jan  5 13:00:56 2007
From: t.d.lee at durham.ac.uk (David Lee)
Date: Fri Jan  5 12:02:44 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <459E3443.4020606@ecs.soton.ac.uk>
References: <459D595D.8010101@ecs.soton.ac.uk>
	<Pine.GSO.4.58.0701051023500.13074@arachne.dur.ac.uk>
	<459E3443.4020606@ecs.soton.ac.uk>
Message-ID: <Pine.GSO.4.58.0701051151530.13074@arachne.dur.ac.uk>

On Fri, 5 Jan 2007, Julian Field wrote:

> David Lee wrote:
> > [...]
> > Could you check, please, the report from November:
> >    http://lists.mailscanner.info/pipermail/mailscanner/2006-November/067706.html
> >
> > which is part of thread:
> >    http://lists.mailscanner.info/pipermail/mailscanner/2006-November/067415.html
> >
> > This is (presumably) rare for others, but it has been, and still is, real
> > for us. That is, it falls into the "occurs in real experience" category.
> > (I'm surviving by using a suboptimal fudge around the problem.)
> >
> >
> > Brief summary: "MailScanner/SA.pm" does a fork()/exec() to SpamAssassin.
> > If, for some reason, that SA crashes then the parent (MS) process seems
> > not to detect this, and treats it as a good, 'ham' result.  (I give
> > possible suggestions in that November email.)
> >
> And therefore it is failing 'safe'. Why wouldn't you want it to fail
> safe? Failure resulting in message delivery sounds a whole lot better
> than failure resulting in message disposal.

That's envisioning it just as a two-state success/fail.  The summary from
the end of the 17/11/06 email was:

-----------------------------------------------
MS BUG: If MS's call to SA fails (e.g. crash/segfault), MS is unable to
distinguish this from a successful return.

RESOLUTION: The code immediately following the "eval {}" ought to check
the return (e.g "$PipeReturn") to detect SA/child failures.  Such failures
may reasonably be expected to be rare, but should nevertheless be handled,
perhaps by leaving the email where it is, and doing a high-priority (e.g.
"error") syslog message.

NOTE: Might the SA/child itself need an enclosing "eval {}"?
-----------------------------------------------

That is, at the least giving a syslog message, and if possible allowing
processing to be deferred (which, OK, would leave to a buildup in the
inbound queue).  Or, in that "state" model, a (hopefully!) rare third
state of "deferred" with an associated "ring syslog alarm bells".

Does that seem OK?

-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
From ms-list at alexb.ch  Fri Jan  5 15:17:07 2007
From: ms-list at alexb.ch (Alex Broens)
Date: Fri Jan  5 14:18:38 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <459D7B71.2030300@ecs.soton.ac.uk>
References: <4571B547.1090804@ecs.soton.ac.uk>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
	<459D7B71.2030300@ecs.soton.ac.uk>
Message-ID: <459E5DE3.8010908@alexb.ch>

On 1/4/2007 11:10 PM, Julian Field wrote:
> 
> 
> Glenn Steen wrote:
>> BTW, if you don't mind a personal question... What ails you? Hopefully
>> something livable/curable?!
> A very long list. I have no portal vein (look it up) nor 2/3rds of my 
> stomach. My digestive system is a Y shape (yours is an S shape if you 
> think about it). The painful bit is an old operational scar, which 
> forces a lot of blood through a bunch of very small veins, for which I 
> live on pain-killers the same strength as morphine. It's "oxycodone" 
> which you can look up. It's very strong, and highly addictive. It's said 
> to be twice as hard to withdraw from as heroin. So that's great fun. Due 
> to no portal vein and chronic liver disease from post-op complications, 
> I have hepatic encephalopathy, which is basically when your blood 
> poisons your brain, as a result of liver failure. And I have all sorts 
> of blood problems too, protein C and K deficiences, vitamin K 
> deficiency, which causes various other problems.
> 
> The upshot is that I live on 100 pills per week, I have to go into 
> hospital every 3 weeks for a blood check-up, and I have no memory to 
> speak of, I forget everything.
> 
> The only advantage is that I never feel hungry, due to the results of 
> one of the (at least) dozen operations I've had.
> 
> You asked :-)

I take my hat of for you, Julian!

Eternal thanks for any minute you put into MailScanner development.

Alex

From mailscanner at aha4adsl.nl  Fri Jan  5 18:08:05 2007
From: mailscanner at aha4adsl.nl (mailscanner@aha4adsl.nl)
Date: Fri Jan  5 17:09:26 2007
Subject: {Spam?} RE: IP country block possible?
In-Reply-To: <000001c72f58$e11f4960$1c00a8c0@pcaharjg2>
Message-ID: <003201c730ec$10c353c0$1c00a8c0@pcaharjg2>

Thank you for all your reactions. I studied them carefully.

Based on that I wanted to start blocking the first countries but I am
running into problems. 

I changed my local.cf with the following lines.


body 			LAMP	/\bLamp\b/i
score            LAMP  1 2 3 4

header __RCVD_IN_NERDS      eval:check_rbl('nerds','zz.countries.nerd.dk.')
describe __RCVD_IN_NERDS                Received from a spam country
tflags __RCVD_IN_NERDS                  0.01
tflags __RCVD_IN_NERDS                  net

header RCVD_IN_NERDS_AR             eval:check_rbl_sub('nerds','127.0.0.32')
describe RCVD_IN_NERDS_AR               Received from Argentina
tflags RCVD_IN_NERDS_AR                 net
score RCVD_IN_NERDS_AR                  2.5

header RCVD_IN_NERDS_BR   eval:check_rbl_sub('nerds','127.0.0.76')
describe RCVD_IN_NERDS_BR               Received from Brazil
tflags RCVD_IN_NERDS_BR                 net
score RCVD_IN_NERDS_BR                  3.5

header RCVD_IN_NERDS_CL   eval:check_rbl_sub('nerds','127.0.0.152')
describe RCVD_IN_NERDS_CL               Received from Chile
tflags RCVD_IN_NERDS_CL                 net
score RCVD_IN_NERDS_CL                  2.5

header RCVD_IN_NERDS_CN   eval:check_rbl_sub('nerds','127.0.0.156')
describe RCVD_IN_NERDS_CN               Received from China
tflags RCVD_IN_NERDS_CN                 net
score RCVD_IN_NERDS_CN                  3.5

header RCVD_IN_NERDS_HK   eval:check_rbl_sub('nerds','127.0.1.88')
describe RCVD_IN_NERDS_HK               Received from Hong Kong
tflags RCVD_IN_NERDS_HK                 net
score RCVD_IN_NERDS_HK                  2.0

header RCVD_IN_NERDS_IN   eval:check_rbl_sub('nerds','127.0.1.100')
describe RCVD_IN_NERDS_IN               Received from India
tflags RCVD_IN_NERDS_IN                 net
score RCVD_IN_NERDS_IN                  2.5

header RCVD_IN_NERDS_JP   eval:check_rbl_sub('nerds','127.0.1.136')
describe RCVD_IN_NERDS_JP               Received from Japan
tflags RCVD_IN_NERDS_JP                 net
score RCVD_IN_NERDS_JP                  2.0

header RCVD_IN_NERDS_KP   eval:check_rbl_sub('nerds','127.0.1.152')
describe RCVD_IN_NERDS_KP               Received from North Korea
tflags RCVD_IN_NERDS_KP                 net
score RCVD_IN_NERDS_KR                  3.5

header RCVD_IN_NERDS_KR   eval:check_rbl_sub('nerds','127.0.1.154')
describe RCVD_IN_NERDS_KR               Received from South Korea
tflags RCVD_IN_NERDS_KR                 net
score RCVD_IN_NERDS_KR                  3.5

header RCVD_IN_NERDS_MY   eval:check_rbl_sub('nerds','127.0.1.202')
describe RCVD_IN_NERDS_MY               Received from Malaysia
tflags RCVD_IN_NERDS_MY                 net
score RCVD_IN_NERDS_MY                  2.5

header RCVD_IN_NERDS_MX   eval:check_rbl_sub('nerds','127.0.1.228')
describe RCVD_IN_NERDS_MX               Received from Mexico
tflags RCVD_IN_NERDS_MX                 net
score RCVD_IN_NERDS_MX                  2.0

header RCVD_IN_NERDS_NG   eval:check_rbl_sub('nerds','127.0.2.54')
describe RCVD_IN_NERDS_NG               Received from Nigera
tflags RCVD_IN_NERDS_NG                 net
score RCVD_IN_NERDS_NG                  3.5

header RCVD_IN_NERDS_RU   eval:check_rbl_sub('nerds','127.0.2.131')
describe RCVD_IN_NERDS_RU               Received from Russia
tflags RCVD_IN_NERDS_RU                 net
score RCVD_IN_NERDS_RU                  2.5

header RCVD_IN_NERDS_SG   eval:check_rbl_sub('nerds','127.0.2.190')
describe RCVD_IN_NERDS_SG               Received from North Singapore
tflags RCVD_IN_NERDS_SG                 net
score RCVD_IN_NERDS_SG                  2.0

header RCVD_IN_NERDS_TW  eval:check_rbl_sub('nerds','127.0.0.158')
describe RCVD_IN_NERDS_TW               Received from South Taiwan
tflags RCVD_IN_NERDS_TW                 net
score RCVD_IN_NERDS_TW                  2.5

header RCVD_IN_NERDS_TH  eval:check_rbl_sub('nerds','127.0.2.252')
describe RCVD_IN_NERDS_TH               Received from Thailand
tflags RCVD_IN_NERDS_TH                 net
score RCVD_IN_NERDS_TH                  2.5

header RCVD_IN_NERDS_TR  eval:check_rbl_sub('nerds','127.0.3.24')
describe RCVD_IN_NERDS_TR               Received from Turkey
tflags RCVD_IN_NERDS_TR                 net
score RCVD_IN_NERDS_TR                  2.0

header RCVD_IN_NERDS_NL    eval:check_rbl_sub('nerds','127.0.2.16')
describe RCVD_IN_NERDS_NL               Received from NL
tflags RCVD_IN_NERDS_NL                 net
score RCVD_IN_NERDS_NL                  -2.0


body 		 FIETS	/\bFiets\b/i
score        FIETS 1 2 3 4

The LAMP and FIETS are working fine but the RCVD_IN_NERDS does not appear.
I have been testing with this for almost a day now but I am not making any
progress. 

How can I debug the result of nerds? 

I tested dig 184.182.126.80.zz.countries.nerd.dk which gave the result:
;; ANSWER SECTION:
184.182.126.80.zz.countries.nerd.dk. 2100 IN A  127.0.2.16
That looks fine to me.

Thank you again in advance

Ron Groen


-----Oorspronkelijk bericht-----
Van: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] Namens
mailscanner@aha4adsl.nl
Verzonden: woensdag 3 januari 2007 18:02
Aan: mailscanner@lists.mailscanner.info
Onderwerp: FW: IP country block possible?

Hello Developers,

Although MailScanner is doing a good job on our servers the number of false
passes are rather high.

We mainly have Dutch and Belgium contacts and therefore want to block
non-Dutch IP-ranges.

There are several databases, like IP2location, available to find out from
which country/network the email is coming from.

1) Is there a way to implement these functions in MailScanner and/or
SpamAssassin? We find the current blacklist possibilities rather limited
(the ip2location database has 60000 records like:
"62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
"62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
"62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")


2) an other option is to run your own blacklist server but in combination
with a mysql/php/perl database. Is there any documentation at that point?

3) can it be implemented in MailScanner directly?
With options like
Countries Allow = NL BE US
Countries Blocked = JP TW

We had scanned the lists.mailscanner.info but could not find any related
topics.

With kind regards,

Ron Groen 


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From sandrews at andrewscompanies.com  Fri Jan  5 19:00:34 2007
From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com)
Date: Fri Jan  5 18:01:59 2007
Subject: Rules Question
Message-ID: <1964AAFBC212F742958F9275BF63DBB0429CD1@winchester.andrewscompanies.com>

Is there a way in MS to change the file type/name rules to operate
differently for different domains?  I've got a domain that I want to
allow exe's on.

Thanks,

Steve
From naolson at gmail.com  Fri Jan  5 19:16:13 2007
From: naolson at gmail.com (Nathan Olson)
Date: Fri Jan  5 18:17:34 2007
Subject: Rules Question
In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0429CD1@winchester.andrewscompanies.com>
References: <1964AAFBC212F742958F9275BF63DBB0429CD1@winchester.andrewscompanies.com>
Message-ID: <8f54b4330701051016n2bfe8d30o9b25397aedd2b0bc@mail.gmail.com>

See 'Most Asked Question' on the wiki.

Nate
From mkettler at evi-inc.com  Fri Jan  5 19:37:41 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Fri Jan  5 18:39:30 2007
Subject: {Spam?} RE: IP country block possible?
In-Reply-To: <003201c730ec$10c353c0$1c00a8c0@pcaharjg2>
References: <003201c730ec$10c353c0$1c00a8c0@pcaharjg2>
Message-ID: <459E9AF5.4070502@evi-inc.com>

mailscanner@aha4adsl.nl wrote:
> Thank you for all your reactions. I studied them carefully.
> 
> Based on that I wanted to start blocking the first countries but I am
> running into problems. 
> 
> I changed my local.cf with the following lines.
> 
> 
> body 			LAMP	/\bLamp\b/i
> score            LAMP  1 2 3 4
> 
> header __RCVD_IN_NERDS      eval:check_rbl('nerds','zz.countries.nerd.dk.')
> describe __RCVD_IN_NERDS                Received from a spam country
> tflags __RCVD_IN_NERDS                  0.01
> tflags __RCVD_IN_NERDS                  net

<snip>

*STRONG* suggestion: Make use of SpamAssassin's RelayCountry plugin.

This will avoid wasting time doing network lookups and will use
IP::Country::Fast instead.

Once you have RelayCountries loaded you can use rules like this:
-------------------------------

#replaces old blackholes.us rules, works much better and faster too

#see http://psi.oasis-open.org/iso/3166/oasis-spec.html for codes
# informational, mostly for checking how much these hit
header RELAY_ES X-Relay-Countries=~/\bES\b/
describe RELAY_ES       Relayed through Spain
score RELAY_ES 0.01

header RELAY_UK X-Relay-Countries=~/\bGB\b/
describe RELAY_UK       Relayed through Brittan
score RELAY_UK 0.01

header RELAY_FR X-Relay-Countries=~/\bFR\b/
describe RELAY_FR       Relayed through France
score RELAY_FR 0.01

header RELAY_DE X-Relay-Countries=~/\bDE\b/
describe RELAY_DE       Relayed through Germany
score RELAY_DE 0.01

header RELAY_AT X-Relay-Countries=~/\bAT\b/
describe RELAY_AT       Relayed through Austria
score RELAY_AT 0.01

# these have VERY high spam volume and little legit mail
# however, don't go over 3.0 or so with these.

header RELAY_CN X-Relay-Countries=~/\bCN\b/
describe RELAY_CN       Relayed through china
score RELAY_CN 2.5

header RELAY_KR X-Relay-Countries=~/\bKR\b/
describe RELAY_KR       Relayed through Korea
score RELAY_KR 2.5

header RELAY_KP X-Relay-Countries=~/\bKP\b/
describe RELAY_KP       Relayed through North Korea
score RELAY_KP 2.5

#countries prone to abuse and low legit mail volume
# can't score high due to some legit mail
# however score bias of 0.1 to 1.5 is reasonable here
# depending on the country in question

header RELAY_AP X-Relay-Countries=~/\bAP\b/
describe RELAY_AP       Relayed through generic AP
score RELAY_AP  0.5

header RELAY_TW X-Relay-Countries=~/\bTW\b/
describe RELAY_TW       Relayed through Taiwan
score RELAY_TW 1.0

header RELAY_SK X-Relay-Countries=~/\bSK\b/
describe RELAY_SK       Relayed through Slovakia
score RELAY_TW 1.0

header RELAY_JP X-Relay-Countries=~/\bJP\b/
describe RELAY_JP       Relayed through Japan
score RELAY_JP 1.0

header RELAY_AR X-Relay-Countries=~/\bAR\b/
describe RELAY_AR       Relayed through Argentina
score RELAY_AR 1.0

header RELAY_BR X-Relay-Countries=~/\bBR\b/
describe RELAY_BR       Relayed through Brazil
score RELAY_BR 1.0

header RELAY_RU X-Relay-Countries=~/\bRU\b/
describe RELAY_RU       Relayed through Russia
score RELAY_RU 1.0

header RELAY_RO X-Relay-Countries=~/\bRO\b/
describe RELAY_RO       Relayed through Romania
score RELAY_RO 1.0

header RELAY_PS X-Relay-Countries=~/\bPS\b/
describe RELAY_PS       Relayed through occupied Palestine
score RELAY_PS 1.0

header RELAY_PL X-Relay-Countries=~/\bPL\b/
describe RELAY_PL       Relayed through Poland
score RELAY_PL 1.0

header RELAY_IL X-Relay-Countries=~/\bIL\b/
describe RELAY_IL       Relayed through Israel
score RELAY_IL 1.0

header RELAY_HU X-Relay-Countries=~/\bHU\b/
describe RELAY_HU       Relayed through Hungary
score RELAY_HU 1.0

header RELAY_NG X-Relay-Countries=~/\bNG\b/
describe RELAY_NG       Relayed through Nigeria
score RELAY_NG 1.0

header RELAY_PK X-Relay-Countries=~/\bPK\b/
describe RELAY_PK       Relayed through Pakistan
score RELAY_PK 1.0

header RELAY_GT X-Relay-Countries=~/\bGT\b/
describe RELAY_GT       Relayed through Guatemala
score RELAY_GT 1.0

header RELAY_PE X-Relay-Countries=~/\bPE\b/
describe RELAY_PE       Relayed through Peru
score RELAY_PE 1.0

header RELAY_PA X-Relay-Countries=~/\bPA\b/
describe RELAY_PA       Relayed through Panama
score RELAY_PA 1.0

header RELAY_ID X-Relay-Countries=~/\bID\b/
describe RELAY_ID       Relayed through Indonesia
score RELAY_ID 1.0

header RELAY_EG X-Relay-Countries=~/\bEG\b/
describe RELAY_EG       Relayed through Egypt
score RELAY_EG 1.0

header RELAY_CZ X-Relay-Countries=~/\bCZ\b/
describe RELAY_CZ       Relayed through Czech Republic
score RELAY_CZ 0.5

header RELAY_CO X-Relay-Countries=~/\bCO\b/
describe RELAY_CO       Relayed through Columbia
score RELAY_CO 1.0

header RELAY_TK X-Relay-Countries=~/\bTK\b/
describe RELAY_TK       Relayed through Turkey
score RELAY_TK 0.5

From sandrews at andrewscompanies.com  Fri Jan  5 19:38:54 2007
From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com)
Date: Fri Jan  5 18:40:17 2007
Subject: Rules Question
Message-ID: <1964AAFBC212F742958F9275BF63DBB0431C1E@winchester.andrewscompanies.com>

Yeah; been there.  Ruleset tutorial is a little, well, general.

I see that the information to allow that concerns filename.rules.conf
and filetype.fules.conf; however, I'm unsure how to modify those or
mailscanner.conf to have a specific outcome for just one domain where
the rest we have on the box continue with current behavior. 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Nathan
Olson
Sent: Friday, January 05, 2007 1:16 PM
To: MailScanner discussion
Subject: Re: Rules Question

See 'Most Asked Question' on the wiki.

Nate
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From ssilva at sgvwater.com  Fri Jan  5 20:44:16 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan  5 19:45:53 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701050020r7cdebbcfldee480a532b3c6ff@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>	<459D7B71.2030300@ecs.soton.ac.uk>
	<enk24g$f02$1@sea.gmane.org>	<223f97700701041606v3a6a53ebh2b4edf837a0d65cc@mail.gmail.com>	<enk5qr$l28$1@sea.gmane.org>
	<223f97700701050020r7cdebbcfldee480a532b3c6ff@mail.gmail.com>
Message-ID: <enm9qg$eii$1@sea.gmane.org>

Glenn Steen spake the following on 1/5/2007 12:20 AM:
> On 05/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> (snip)
>> Glenn,
>> You also have my sympathies. I hope that the doctors can at least
>> treat your
>> Crohn's to a tolerable level now that they know what it is.
>>  At least I see that alcohol is still OK with most cases! ;-)
>>
> Yeah, that's the good thing with finally getting a diagnose ...
> Treatment, both medical and personal (people in the medical sphere of
> things can be so very patronizing:-), has so far improved
> drastically... And I'm still on the "light" stuff, so ... pretty
> livable ATM.
> I was expecting not only to have to give up booze but also my
> (other?-) vices... Horror above horrors to do without coffee and
> tobacco (snus, for those who are familiar with the concept:-). Turns
> out that with medicine and all I can still pretty much eat/drink
> whatever I want, look forward to a rather normal life (if one
> considers it normal to have someone shove a small hose up your rear
> end regularly, to do checkups:-), so ... I'm good now, or getting
> there, more or less.
> Appreciate the thought though.
> 
> Sorry people for getting this mindbogglingly far off topic.
I think that occasionally going off topic like this makes it more like a
community then a bunch of strangers. Especially when it is about the creator
of the project or one of its more prolific contributors.
We wouldn't even be here if it wasn't for Julian, and Glenn seems to be
available on the list into the wee hours helping people.
But on to the pressing problems of e-mail and spam! ;-D


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Fri Jan  5 20:47:27 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan  5 19:51:27 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <459E35A4.5050600@ecs.soton.ac.uk>
References: <4571B547.1090804@ecs.soton.ac.uk>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>	<459D6E5E.2030107@ecs.soton.ac.uk>	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>	<459D7B71.2030300@ecs.soton.ac.uk>	<enk24g$f02$1@sea.gmane.org>
	<459E35A4.5050600@ecs.soton.ac.uk>
Message-ID: <enma0f$eii$2@sea.gmane.org>

Julian Field spake the following on 1/5/2007 3:25 AM:
> 
> 
> Scott Silva wrote:
>> Julian Field spake the following on 1/4/2007 2:10 PM:
> 
>>> Glenn Steen wrote:
>>>     
>>>> BTW, if you don't mind a personal question... What ails you? Hopefully
>>>> something livable/curable?!
>>>>       
>>> A very long list. I have no portal vein (look it up) nor 2/3rds of my
>>> stomach. My digestive system is a Y shape (yours is an S shape if you
>>> think about it). The painful bit is an old operational scar, which
>>> forces a lot of blood through a bunch of very small veins, for which I
>>> live on pain-killers the same strength as morphine. It's "oxycodone"
>>> which you can look up. It's very strong, and highly addictive. It's said
>>> to be twice as hard to withdraw from as heroin. So that's great fun. Due
>>> to no portal vein and chronic liver disease from post-op complications,
>>> I have hepatic encephalopathy, which is basically when your blood
>>> poisons your brain, as a result of liver failure. And I have all sorts
>>> of blood problems too, protein C and K deficiences, vitamin K
>>> deficiency, which causes various other problems.
>>>
>>> The upshot is that I live on 100 pills per week, I have to go into
>>> hospital every 3 weeks for a blood check-up, and I have no memory to
>>> speak of, I forget everything.
>>>
>>> The only advantage is that I never feel hungry, due to the results of
>>> one of the (at least) dozen operations I've had.
>>>
>>> You asked :-)
>>>
>>> Jules
>>>
>>>     
>> Jules,
>> I am so sorry for the pain and suffering you go through, and can't even begin
>> to imagine what it must be like. I do know about the oxycodone withdrawals, as
>> I was on OxyContin (a timed-released version) for a few months after a car
>> accident.
> 
> 
> And I forgot to mention my current dose: 140mg per day.
> 
I'm surprised you can even say the word "Mailscanner" with a doseage like
that. I don't know how you even get up to go to work, much less get anything done!
You are root!!!
Linus would be proud!

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From technician at cenpac.net.nr  Fri Jan  5 21:40:26 2007
From: technician at cenpac.net.nr (Jon Leeman)
Date: Fri Jan  5 20:42:00 2007
Subject: New Year's Resolution and new beta release [OT]
In-Reply-To: <459D595D.8010101@ecs.soton.ac.uk>
References: <459D595D.8010101@ecs.soton.ac.uk>
Message-ID: <459EB7BA.3080301@cenpac.net.nr>

Julian,

I make no apologies for top posting this time.

There's around 350 email users in this country.  The vast majority have
no conception of "how the thing works'.

There is no one here (that I know of) that have even heard of
MailScanner let alone your name.  Pity, because  you/it do/does the job.

On behalf of all here.......Thank You.

I sincerely hope that you are able to continue your generous efforts for
the [ forseeable ] future.

Regards,

Jon

{ Nauru local 0830 clear skies Temp. 28 Deg. C.  {with apologies to
Glenn :-) }





Julian Field wrote:
> Hi folks!
> 
> Yes, it's me, I've actually had time to catch up.
> 
> My New Year's Resolution is to try to spend more time doing MailScanner
> support. For the last 6 months I have only had time to check my
> mailscanner@ecs.soton.ac.uk address, not the mailing lists at all.
> 
> Several months recently have been really tough at work on a personal
> level, having to face up to the consequences of my poor health in ways I
> have not had to before, which was a really rough time. I have more or
> less come to terms with it now, and the facts have pretty much sunk in
> so I am feeling rather better now than any time over the past few months.
> 
> I don't guarantee I'm going to be able to check the list every day, nor
> read every posting, but I will try a lot harder to show my face around
> here sometimes. I have a big database programming job that is going to
> last for the whole of the next year, so my time is limited. But I am
> going to try to reshuffle a few things in an effort to make more time
> for you guys. I have never done much database programming before, I've
> always found a nice light-weight way around having to use a full scale
> SQL server. And I've never done any .Net or C# before either, so I've
> got a lot to learn.
> 
> Secondly, I have just released a new Beta version. This is 4.58.4.
> 
> I have fixed the bug where the {Fraud?} tag was not displayed, but the
> {Disarmed} tag instead. You should now get {Fraud?} wherever it finds a
> phishing trap, and you will also get {Disarmed} if you "Highlight
> Phishing Fraud" as well. I hope that is good enough for you.
> 
> I have also figured out how to get the configuration system to call a
> ruleset from within a Custom Function. So if you want to handle some
> situations with a Custom Function, but then have that use a ruleset some
> of the time, you can now do it. It is something I never dreamed up when
> I was writing it, so it is pulling a stunt I never thought I would need.
> I have produced a stripped-down example of how to do it, and the code is
> in the /usr/lib/MailScanner/MailScanner/CustomFunctions directory, along
> with the other few examples I provide you to start from.
> 
> I intend to release a new Stable version very soon, hopefully in the
> next week or so. Please do test the new {Fraud?} tag code and give the
> whole thing a good run on any test hosts you may have available.
> 
> Beta-testers ----> This means you guys please!
> 
> So it just leaves me to wish you all a very good New Year, and let's
> hope this year is personally rather less stressful than last year!
> 
> Best regards.
> 
> Jules
> 
From ssilva at sgvwater.com  Fri Jan  5 22:48:23 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan  5 21:50:11 2007
Subject: New Year's Resolution and new beta release [OT]
In-Reply-To: <459EB7BA.3080301@cenpac.net.nr>
References: <459D595D.8010101@ecs.soton.ac.uk> <459EB7BA.3080301@cenpac.net.nr>
Message-ID: <enmh38$hc8$1@sea.gmane.org>

Jon Leeman spake the following on 1/5/2007 12:40 PM:
> Julian,
> 
> I make no apologies for top posting this time.
> 
> There's around 350 email users in this country.  The vast majority have
> no conception of "how the thing works'.
With only 350 e-mail users, you could probably get a couple of people together
and punch any spammers coming from your country!
In this country (United States) there are MILLIONS of clueless e-mail lusers.
It makes for long days and many sleepless nights!
It makes me long for the days before e-mail, when modems were 110 baud and you
could type faster than you could read posts on a BBS.

> 
> There is no one here (that I know of) that have even heard of
> MailScanner let alone your name.  Pity, because  you/it do/does the job.
> 
> On behalf of all here.......Thank You.
> 
> I sincerely hope that you are able to continue your generous efforts for
> the [ forseeable ] future.
> 
> Regards,
> 
> Jon
> 


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Fri Jan  5 22:55:29 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan  5 21:56:52 2007
Subject: Rules Question
In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0431C1E@winchester.andrewscompanies.com>
References: <1964AAFBC212F742958F9275BF63DBB0431C1E@winchester.andrewscompanies.com>
Message-ID: <223f97700701051355y670fee6cxb698bfbbd050e28f@mail.gmail.com>

On 05/01/07, sandrews@andrewscompanies.com
<sandrews@andrewscompanies.com> wrote:
> Yeah; been there.  Ruleset tutorial is a little, well, general.
>
> I see that the information to allow that concerns filename.rules.conf
> and filetype.fules.conf; however, I'm unsure how to modify those or
> mailscanner.conf to have a specific outcome for just one domain where
> the rest we have on the box continue with current behavior.
>
Look at http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets
in general and specifically at
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading
(which should match exactly what you want to do).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From randyf at sibernet.com  Fri Jan  5 23:14:53 2007
From: randyf at sibernet.com (randyf@sibernet.com)
Date: Fri Jan  5 22:26:33 2007
Subject: Bug, or configuration option I missed?
Message-ID: <Pine.GSO.4.64.0701051405420.4474@husky>



Hi Folks-

   I had an interesting failure overnight that effectively was caused by a 
corrupted library for the virus scanner.  This caused the virus scanner to 
time out in the eyes of MailScanner (and dump a lot of corefiles), and 
MailScanner then proceeded to believe that this was a silent virus and 
toss it as any of the other silent viruses (MailScanner thought it was a 
denial of service attack).

   If there isn't a configuration option to deal with this scenario, what 
would be better than tossing messages, would have been to quarantine the 
messages.  But as in my case, I suspect that other checks in MailScanner 
would have caught a possible virus in that flurry, it would have been best 
to send the message through the remaining tests, and flag it somehow as 
not passing virus scanning.

   Is this a bug/feature-request, or did I miss a configuration option to 
handle virus scanner failures?

   Thanks!


RF
From sandrews at andrewscompanies.com  Fri Jan  5 23:46:07 2007
From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com)
Date: Fri Jan  5 22:47:32 2007
Subject: Rules Question
Message-ID: <1964AAFBC212F742958F9275BF63DBB0429CD6@winchester.andrewscompanies.com>

Thank you Glenn! 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn
Steen
Sent: Friday, January 05, 2007 4:55 PM
To: MailScanner discussion
Subject: Re: Rules Question

On 05/01/07, sandrews@andrewscompanies.com
<sandrews@andrewscompanies.com> wrote:
> Yeah; been there.  Ruleset tutorial is a little, well, general.
>
> I see that the information to allow that concerns filename.rules.conf 
> and filetype.fules.conf; however, I'm unsure how to modify those or 
> mailscanner.conf to have a specific outcome for just one domain where 
> the rest we have on the box continue with current behavior.
>
Look at
http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuratio
n:rulesets
in general and specifically at
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rul
esets:overloading
(which should match exactly what you want to do).

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From res at ausics.net  Sat Jan  6 01:01:43 2007
From: res at ausics.net (Res)
Date: Sat Jan  6 00:03:13 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701050020r7cdebbcfldee480a532b3c6ff@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>
	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>
	<459D6E5E.2030107@ecs.soton.ac.uk>
	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
	<459D7B71.2030300@ecs.soton.ac.uk> <enk24g$f02$1@sea.gmane.org>
	<223f97700701041606v3a6a53ebh2b4edf837a0d65cc@mail.gmail.com>
	<enk5qr$l28$1@sea.gmane.org>
	<223f97700701050020r7cdebbcfldee480a532b3c6ff@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701060958040.5714@ebfjryy.nhfvpf.arg>

Happy New Year Glenn,

On Fri, 5 Jan 2007, Glenn Steen wrote:

> I was expecting not only to have to give up booze but also my
> (other?-) vices... Horror above horrors to do without coffee and
> tobacco (snus, for those who are familiar with the concept:-). Turns
> out that with medicine and all I can still pretty much eat/drink
> whatever I want, look forward to a rather normal life (if one

I have a good friend with this condition, he doesnt really drink, but he 
still eats all the greasy spicey junk food, including pizzas and hot 
spicey oily chicken take aways and chips and, yeah, you want stop him from 
eating it either :)

You can tell his bad days though, cause he goes as white as a ghost.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Sat Jan  6 01:04:43 2007
From: res at ausics.net (Res)
Date: Sat Jan  6 00:06:11 2007
Subject: MailScanner <defunct> and 100% CPU from time to time
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
References: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
Message-ID: <Pine.LNX.4.64.0701061002260.5714@ebfjryy.nhfvpf.arg>

On Fri, 5 Jan 2007, Tomoiaga Cristian wrote:

> Hello,
>
> I have a problem with MailScanner.
>
> Distro: CentOS 4.4
> CPU: Intel P4 HT
> MailScanner 2.46

errrrr Current stable version is 4.57.6
Please obtain this from www.mailscanner.info you can get the RPM or 
tarball.

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Sat Jan  6 01:16:03 2007
From: res at ausics.net (Res)
Date: Sat Jan  6 00:17:34 2007
Subject: New Year's Resolution and new beta release
In-Reply-To: <Pine.GSO.4.58.0701051151530.13074@arachne.dur.ac.uk>
References: <459D595D.8010101@ecs.soton.ac.uk>
	<Pine.GSO.4.58.0701051023500.13074@arachne.dur.ac.uk>
	<459E3443.4020606@ecs.soton.ac.uk>
	<Pine.GSO.4.58.0701051151530.13074@arachne.dur.ac.uk>
Message-ID: <Pine.LNX.4.64.0701061008320.5714@ebfjryy.nhfvpf.arg>

On Fri, 5 Jan 2007, David Lee wrote:

> NOTE: Might the SA/child itself need an enclosing "eval {}"?
> -----------------------------------------------
>
> That is, at the least giving a syslog message, and if possible allowing
> processing to be deferred (which, OK, would leave to a buildup in the
> inbound queue).  Or, in that "state" model, a (hopefully!) rare third

You are kidding right?   Deffer processing?
Calculate this... 1700 msgs per minute, by say, every minute overnight
based on midnight to say 7 am, thats over 700,000 messages deferred,
once fixed, 1700 mp/m + backlog,  most customers like their mail within
the same millenium, I know many other MS users who process a damn sight 
more messages per minute then we do.

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From mailscanner at aha4adsl.nl  Sat Jan  6 11:52:57 2007
From: mailscanner at aha4adsl.nl (mailscanner@aha4adsl.nl)
Date: Sat Jan  6 10:54:20 2007
Subject: IP country block possible?
Message-ID: <000c01c73180$d38a0040$1c00a8c0@pcaharjg2>

Thank you Matt,

It Works :-)
You really helped me.

With kind regards,

Ron Groen

-----Oorspronkelijk bericht-----
Van: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] Namens Matt Kettler
Verzonden: vrijdag 5 januari 2007 19:38
Aan: MailScanner discussion
Onderwerp: Re: {Spam?} RE: IP country block possible?

mailscanner@aha4adsl.nl wrote:
> Thank you for all your reactions. I studied them carefully.
> 
> Based on that I wanted to start blocking the first countries but I am
> running into problems. 
> 
> I changed my local.cf with the following lines.
> 
> 
> body 			LAMP	/\bLamp\b/i
> score            LAMP  1 2 3 4
> 
> header __RCVD_IN_NERDS
eval:check_rbl('nerds','zz.countries.nerd.dk.')
> describe __RCVD_IN_NERDS                Received from a spam country
> tflags __RCVD_IN_NERDS                  0.01
> tflags __RCVD_IN_NERDS                  net

<snip>

*STRONG* suggestion: Make use of SpamAssassin's RelayCountry plugin.

This will avoid wasting time doing network lookups and will use
IP::Country::Fast instead.

Once you have RelayCountries loaded you can use rules like this:
-------------------------------

#replaces old blackholes.us rules, works much better and faster too

#see http://psi.oasis-open.org/iso/3166/oasis-spec.html for codes
# informational, mostly for checking how much these hit
header RELAY_ES X-Relay-Countries=~/\bES\b/
describe RELAY_ES       Relayed through Spain
score RELAY_ES 0.01

header RELAY_UK X-Relay-Countries=~/\bGB\b/
describe RELAY_UK       Relayed through Brittan
score RELAY_UK 0.01

header RELAY_FR X-Relay-Countries=~/\bFR\b/
describe RELAY_FR       Relayed through France
score RELAY_FR 0.01

header RELAY_DE X-Relay-Countries=~/\bDE\b/
describe RELAY_DE       Relayed through Germany
score RELAY_DE 0.01

header RELAY_AT X-Relay-Countries=~/\bAT\b/
describe RELAY_AT       Relayed through Austria
score RELAY_AT 0.01

# these have VERY high spam volume and little legit mail
# however, don't go over 3.0 or so with these.

header RELAY_CN X-Relay-Countries=~/\bCN\b/
describe RELAY_CN       Relayed through china
score RELAY_CN 2.5

header RELAY_KR X-Relay-Countries=~/\bKR\b/
describe RELAY_KR       Relayed through Korea
score RELAY_KR 2.5

header RELAY_KP X-Relay-Countries=~/\bKP\b/
describe RELAY_KP       Relayed through North Korea
score RELAY_KP 2.5

#countries prone to abuse and low legit mail volume
# can't score high due to some legit mail
# however score bias of 0.1 to 1.5 is reasonable here
# depending on the country in question

header RELAY_AP X-Relay-Countries=~/\bAP\b/
describe RELAY_AP       Relayed through generic AP
score RELAY_AP  0.5

header RELAY_TW X-Relay-Countries=~/\bTW\b/
describe RELAY_TW       Relayed through Taiwan
score RELAY_TW 1.0

header RELAY_SK X-Relay-Countries=~/\bSK\b/
describe RELAY_SK       Relayed through Slovakia
score RELAY_TW 1.0

header RELAY_JP X-Relay-Countries=~/\bJP\b/
describe RELAY_JP       Relayed through Japan
score RELAY_JP 1.0

header RELAY_AR X-Relay-Countries=~/\bAR\b/
describe RELAY_AR       Relayed through Argentina
score RELAY_AR 1.0

header RELAY_BR X-Relay-Countries=~/\bBR\b/
describe RELAY_BR       Relayed through Brazil
score RELAY_BR 1.0

header RELAY_RU X-Relay-Countries=~/\bRU\b/
describe RELAY_RU       Relayed through Russia
score RELAY_RU 1.0

header RELAY_RO X-Relay-Countries=~/\bRO\b/
describe RELAY_RO       Relayed through Romania
score RELAY_RO 1.0

header RELAY_PS X-Relay-Countries=~/\bPS\b/
describe RELAY_PS       Relayed through occupied Palestine
score RELAY_PS 1.0

header RELAY_PL X-Relay-Countries=~/\bPL\b/
describe RELAY_PL       Relayed through Poland
score RELAY_PL 1.0

header RELAY_IL X-Relay-Countries=~/\bIL\b/
describe RELAY_IL       Relayed through Israel
score RELAY_IL 1.0

header RELAY_HU X-Relay-Countries=~/\bHU\b/
describe RELAY_HU       Relayed through Hungary
score RELAY_HU 1.0

header RELAY_NG X-Relay-Countries=~/\bNG\b/
describe RELAY_NG       Relayed through Nigeria
score RELAY_NG 1.0

header RELAY_PK X-Relay-Countries=~/\bPK\b/
describe RELAY_PK       Relayed through Pakistan
score RELAY_PK 1.0

header RELAY_GT X-Relay-Countries=~/\bGT\b/
describe RELAY_GT       Relayed through Guatemala
score RELAY_GT 1.0

header RELAY_PE X-Relay-Countries=~/\bPE\b/
describe RELAY_PE       Relayed through Peru
score RELAY_PE 1.0

header RELAY_PA X-Relay-Countries=~/\bPA\b/
describe RELAY_PA       Relayed through Panama
score RELAY_PA 1.0

header RELAY_ID X-Relay-Countries=~/\bID\b/
describe RELAY_ID       Relayed through Indonesia
score RELAY_ID 1.0

header RELAY_EG X-Relay-Countries=~/\bEG\b/
describe RELAY_EG       Relayed through Egypt
score RELAY_EG 1.0

header RELAY_CZ X-Relay-Countries=~/\bCZ\b/
describe RELAY_CZ       Relayed through Czech Republic
score RELAY_CZ 0.5

header RELAY_CO X-Relay-Countries=~/\bCO\b/
describe RELAY_CO       Relayed through Columbia
score RELAY_CO 1.0

header RELAY_TK X-Relay-Countries=~/\bTK\b/
describe RELAY_TK       Relayed through Turkey
score RELAY_TK 0.5

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From MailScanner at ecs.soton.ac.uk  Sat Jan  6 21:09:45 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jan  6 20:14:03 2007
Subject: MailScanner <defunct> and 100% CPU from time to time
In-Reply-To: <Pine.LNX.4.64.0701061002260.5714@ebfjryy.nhfvpf.arg>
References: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
	<Pine.LNX.4.64.0701061002260.5714@ebfjryy.nhfvpf.arg>
Message-ID: <45A00209.9000606@ecs.soton.ac.uk>



Res wrote:
> On Fri, 5 Jan 2007, Tomoiaga Cristian wrote:
>
>> Hello,
>>
>> I have a problem with MailScanner.
>>
>> Distro: CentOS 4.4
>> CPU: Intel P4 HT
>> MailScanner 2.46
>
> errrrr Current stable version is 4.57.6
> Please obtain this from www.mailscanner.info you can get the RPM or 
> tarball.
>
Eek, 2.46 is at least 57-46 = 11 months old as an absolute minimum. 
Definitely upgrade and see if the behaviour changes. Then file a bug 
report direct to me if appropriate.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Sat Jan  6 21:08:28 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jan  6 20:14:03 2007
Subject: Bug, or configuration option I missed?
In-Reply-To: <Pine.GSO.4.64.0701051405420.4474@husky>
References: <Pine.GSO.4.64.0701051405420.4474@husky>
Message-ID: <45A001BC.2080101@ecs.soton.ac.uk>

That's a very interesting one. Can you give me a repeatable setup that 
will reliably cause this problem?
What scanner was it that ran into trouble?
This one is definitely worth further investigation.

Jules.

randyf@sibernet.com wrote:
>
>
> Hi Folks-
>
>   I had an interesting failure overnight that effectively was caused 
> by a corrupted library for the virus scanner.  This caused the virus 
> scanner to time out in the eyes of MailScanner (and dump a lot of 
> corefiles), and MailScanner then proceeded to believe that this was a 
> silent virus and toss it as any of the other silent viruses 
> (MailScanner thought it was a denial of service attack).
>
>   If there isn't a configuration option to deal with this scenario, 
> what would be better than tossing messages, would have been to 
> quarantine the messages.  But as in my case, I suspect that other 
> checks in MailScanner would have caught a possible virus in that 
> flurry, it would have been best to send the message through the 
> remaining tests, and flag it somehow as not passing virus scanning.
>
>   Is this a bug/feature-request, or did I miss a configuration option 
> to handle virus scanner failures?
>
>   Thanks!
>
>
> RF

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From waytotheweb at googlemail.com  Sat Jan  6 23:48:59 2007
From: waytotheweb at googlemail.com (Sarah Trayser)
Date: Sat Jan  6 22:50:26 2007
Subject: MailScanner <defunct> and 100% CPU from time to time
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
References: <459DE22C.2050606@univexsystems.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
Message-ID: <eb59f360701061448q3ea42a49l313707bfe17f4c0@mail.gmail.com>

On 05/01/07, Tomoiaga Cristian <cristi@elvsoft.com> wrote:
> Hello,
>
> I have a problem with MailScanner.
>
> Distro: CentOS 4.4
> CPU: Intel P4 HT
> MailScanner 2.46
>
> I used the ConfigServ package to install it and everything worked well until
> I updated to 2.40. Everytime I started MailScanner, after a few seconds the
> first MailScanner childrens get <defunct> and stay that way until a new
> restart. And so on. I've checked maillog but everything looks OK, no errors.
>
> Updateing to 2.46 did not solve the <defunct> problem.
> I do not really mind that problem because those processes do not use mem and
>  CPU, but with 2.46 from time to time (from 30 to 30 minutes) I see
> MailScanner use 100% of my CPU and stops after receiving a SIGTERM.
> Does anyone know something about this ?

I suspect you mean version 2.46 of the ConfigServer installation
script for cPanel servers, rather than the version of MailScanner
itself. The ConfigServer install script v2.46 installed MailScanner
v4.56.8.


-- 
Regards,
Sarah Trayser

Way to the Web Ltd
Server Management Services:
http://www.configserver.com
Web Hosting:
http://www.waytotheweb.com
From res at ausics.net  Sun Jan  7 00:21:59 2007
From: res at ausics.net (Res)
Date: Sat Jan  6 23:23:34 2007
Subject: MailScanner <defunct> and 100% CPU from time to time
In-Reply-To: <eb59f360701061448q3ea42a49l313707bfe17f4c0@mail.gmail.com>
References: <459DE22C.2050606@univexsystems.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
	<eb59f360701061448q3ea42a49l313707bfe17f4c0@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701070902560.22891@ebfjryy.nhfvpf.arg>

On Sat, 6 Jan 2007, Sarah Trayser wrote:

> On 05/01/07, Tomoiaga Cristian <cristi@elvsoft.com> wrote:
>> Hello,
>> 
>> I have a problem with MailScanner.
>> 
>> Distro: CentOS 4.4
>> CPU: Intel P4 HT
>> MailScanner 2.46
>> 
>> Updateing to 2.46 did not solve the <defunct> problem.


> I suspect you mean version 2.46 of the ConfigServer installation
> script for cPanel servers, rather than the version of MailScanner
> itself. The ConfigServer install script v2.46 installed MailScanner
> v4.56.8.

Sarah,
This might explain what the OP meant, since you use cpanel, does it do 
anything silly to MailScanner.conf that would ordinarily not be done?


Tomoiaga,
Please install the current RPM as suggested earlier, if it persists
you will have to supply us with some info, like virus scanner type, SA?, 
MTA type and version, the type of lockfile set in MailScanner.conf, 
run MailScanner --lint, run MailScanner in debug mode and see if it throws 
any errors, the logfiles are always a good starting point.

Also run this on command line and ensure it outputs at least 0.18

(perl -MSys::Syslog -le "print Sys::Syslog->VERSION";)

if it is less than 0.18, 0.17 I think is OK, but do not use 0.16, it 
had a severe bug that caused issues.

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From randyf at sibernet.com  Sun Jan  7 05:06:11 2007
From: randyf at sibernet.com (randyf@sibernet.com)
Date: Sun Jan  7 04:18:05 2007
Subject: Bug, or configuration option I missed?
In-Reply-To: <45A001BC.2080101@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701051405420.4474@husky>
	<45A001BC.2080101@ecs.soton.ac.uk>
Message-ID: <Pine.GSO.4.64.0701061919480.11260@husky>


On Sat, 6 Jan 2007, Julian Field wrote:

> That's a very interesting one. Can you give me a repeatable setup that will 
> reliably cause this problem?
> What scanner was it that ran into trouble?
> This one is definitely worth further investigation.
>
> Jules.

   The virus scanner is Sophos, and the libraries were on a failing disk, 
such that they could not be loaded for scanning.  I had also configured 
MailScanner to NOT use the SAVI module, so each attempt at virus scanning 
caused the sweep process to dump core.  I suspect it might be able to be 
reproduced by generating a corrupted library and return the configuration 
to use sophos and not sophossavi (and I might experiment a bit).

   The logfiles for a single message from lists.mailscanner.info during 
that time are as follows:

Jan  5 09:07:03 husky sendmail[23558]: [ID 801593 mail.info] l05H6rV4023558: from=<mailscanner-bounces@lists.mailscanner.info>, size=9365, class=-30, nrcpts=1,
msgid=<003201c730ec$10c353c0$1c00a8c0@pcaharjg2>, proto=ESMTP, daemon=MTA-v4, relay=safir.blacknight.ie [83.98.192.7]

Jan  5 09:09:11 localhost MailScanner[18860]: Message l05H6rV4023558 from 83.98.192.7 (mailscanner-bounces@lists.mailscanner.info) is whitelisted

Jan  5 09:14:29 localhost MailScanner[18860]: Commercial scanner sophos timed out!

Jan  5 09:14:29 localhost MailScanner[18860]: sophos: Failed to complete, timed out

Jan  5 09:14:29 localhost MailScanner[18860]: Virus Scanning: Denial Of Service attack is in message l05H6rV4023558

Jan  5 09:25:43 localhost MailScanner[18860]: Infected message l05H6rV4023558 came from 83.98.192.7

Jan  5 09:25:43 localhost MailScanner[18860]: Viruses marked as silent: Denial of Service attack in message!


   The primary failure was something in the system that has since been 
fixed (corrupted disk where the bad area just happened to be a Sophos 
library), but along the way, a lot of mail was lost (fortunately, a lot of 
spam, and list email that has archives, so there probably isn't anything 
too terribly important that is not obtainable).  It also made me change 
the configuration to quarantine all "viruses", since not much comes my way 
anymore.  So in theory, I won't loose email if I can generate a test 
condition.

   Note, that I also whitelist lists.mailscanner.info, and this message was 
still tossed (even though I didn't actually look at the source, I suspect 
that the "whitelist" is for spam and not viruses).

   If I come up with a test condition that doesn't require bad hardware, I 
will send it on.  BTW, the machine is an x86 opteron running Solaris 10-6/06 
(a.k.a. S10u2) and MailScanner-4.56.8 (a little behind, but not that 
much).

   Thanks, Jules!


RF

>
> randyf@sibernet.com wrote:
>> 
>> 
>> Hi Folks-
>>
>>   I had an interesting failure overnight that effectively was caused by a 
>> corrupted library for the virus scanner.  This caused the virus scanner to 
>> time out in the eyes of MailScanner (and dump a lot of corefiles), and 
>> MailScanner then proceeded to believe that this was a silent virus and toss 
>> it as any of the other silent viruses (MailScanner thought it was a denial 
>> of service attack).
>>
>>   If there isn't a configuration option to deal with this scenario, what 
>> would be better than tossing messages, would have been to quarantine the 
>> messages.  But as in my case, I suspect that other checks in MailScanner 
>> would have caught a possible virus in that flurry, it would have been best 
>> to send the message through the remaining tests, and flag it somehow as not 
>> passing virus scanning.
>>
>>   Is this a bug/feature-request, or did I miss a configuration option to 
>> handle virus scanner failures?
>>
>>   Thanks!
>> 
>> 
>> RF
>
> Jules
>
> -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From waytotheweb at googlemail.com  Sun Jan  7 10:56:33 2007
From: waytotheweb at googlemail.com (Sarah Trayser)
Date: Sun Jan  7 09:58:02 2007
Subject: MailScanner <defunct> and 100% CPU from time to time
In-Reply-To: <Pine.LNX.4.64.0701070902560.22891@ebfjryy.nhfvpf.arg>
References: <459DE22C.2050606@univexsystems.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
	<eb59f360701061448q3ea42a49l313707bfe17f4c0@mail.gmail.com>
	<Pine.LNX.4.64.0701070902560.22891@ebfjryy.nhfvpf.arg>
Message-ID: <eb59f360701070156v7bf6912dlcf81e6742c781073@mail.gmail.com>

> This might explain what the OP meant, since you use cpanel, does it do
> anything silly to MailScanner.conf that would ordinarily not be done?

No. The configserver install script pre-configures MailScanner for
exim, which is the standard MTA on cPanel servers.

-- 
Regards,
Sarah Trayser

Way to the Web Ltd
Server Management Services:
http://www.configserver.com
Web Hosting:
http://www.waytotheweb.com
From res at ausics.net  Sun Jan  7 13:43:28 2007
From: res at ausics.net (Res)
Date: Sun Jan  7 12:45:06 2007
Subject: MailScanner <defunct> and 100% CPU from time to time
In-Reply-To: <eb59f360701070156v7bf6912dlcf81e6742c781073@mail.gmail.com>
References: <459DE22C.2050606@univexsystems.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAMCmxliQUrhEgkcSbgu3PK0BAAAAAA==@elvsoft.com>
	<eb59f360701061448q3ea42a49l313707bfe17f4c0@mail.gmail.com>
	<Pine.LNX.4.64.0701070902560.22891@ebfjryy.nhfvpf.arg>
	<eb59f360701070156v7bf6912dlcf81e6742c781073@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701072242250.24552@ebfjryy.nhfvpf.arg>

On Sun, 7 Jan 2007, Sarah Trayser wrote:

>> This might explain what the OP meant, since you use cpanel, does it do
>> anything silly to MailScanner.conf that would ordinarily not be done?
>
> No. The configserver install script pre-configures MailScanner for
> exim, which is the standard MTA on cPanel servers.

OK, thanks, we'll wait for his reply on the other points.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From listacct at tulsaconnect.com  Sun Jan  7 23:12:55 2007
From: listacct at tulsaconnect.com (TCIS List Acct)
Date: Sun Jan  7 22:14:31 2007
Subject: Spamhaus PBL zone now live
Message-ID: <45A17067.4060008@tulsaconnect.com>

FYI,

The new RBL zone from Spamhaus called Policy Block List (PBL) is now live (in 
public beta) and included in the main zone "zen.spamhaus.org" (which combines 
the SBL, XBL, and PBL databases)

http://www.spamhaus.org/pbl/
http://www.spamhaus.org/zen/

-- 

-----------------------------------------
Mike Bacher / listacct@tulsaconnect.com
TCIS - TulsaConnect Internet Services
http://www.tulsaconnect.com
-----------------------------------------
From martin.lyberg at gmail.com  Mon Jan  8 17:10:45 2007
From: martin.lyberg at gmail.com (Martin)
Date: Mon Jan  8 16:12:54 2007
Subject: Custom config error
Message-ID: <entqe6$4mr$1@sea.gmane.org>

Hi,

I'm setting up a secondary MS, MailWatch, Postfix box for backup. 
Installed on Debian and when everything was installed and alla 
config-files were copied from old box i'm getting this in the log:

Jan  8 17:04:52 piratefish2 MailScanner[5651]: Config: calling custom 
init function SQLBlacklist
Jan  8 17:04:52 piratefish2 MailScanner[5651]: Starting up SQL Blacklist
Jan  8 17:04:52 piratefish2 MailScanner[5651]: Could not use Custom 
Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not 
be "eval"ed. Make sure the module is correct with perl -wc
Jan  8 17:04:52 piratefish2 MailScanner[5651]: Config: calling custom 
init function MailWatchLogging
Jan  8 17:04:52 piratefish2 MailScanner[5653]: Could not use Custom 
Function code MailScanner::CustomConfig::InitMailWatchLogging, it could 
not be "eval"ed. Make sure the module is correct with perl -wc
Jan  8 17:04:52 piratefish2 MailScanner[5653]: Config: calling custom 
init function SQLWhitelist
Jan  8 17:04:52 piratefish2 MailScanner[5653]: Starting up SQL Whitelist
Jan  8 17:04:52 piratefish2 MailScanner[5653]: Could not use Custom 
Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not 
be "eval"ed. Make sure the module is correct with perl -wc
Jan  8 17:04:52 piratefish2 MailScanner[5651]: Started SQL Logging child
Jan  8 17:04:52 piratefish2 MailScanner[5651]: Config: calling custom 
init function SQLWhitelist
Jan  8 17:04:52 piratefish2 MailScanner[5651]: Starting up SQL Whitelist
Jan  8 17:04:52 piratefish2 MailScanner[5651]: Could not use Custom 
Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not 
be "eval"ed. Make sure the module is correct with perl -wc

I've tried perl -wc on the files but it says syntax ok. Anyone knows 
whats wrong?

Thank you

/ Martin

From glenn.steen at gmail.com  Mon Jan  8 17:33:58 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan  8 16:35:34 2007
Subject: Custom config error
In-Reply-To: <entqe6$4mr$1@sea.gmane.org>
References: <entqe6$4mr$1@sea.gmane.org>
Message-ID: <223f97700701080833m6b50ec5dk998315b78c14d5df@mail.gmail.com>

On 08/01/07, Martin <martin.lyberg@gmail.com> wrote:
> Hi,
>
> I'm setting up a secondary MS, MailWatch, Postfix box for backup.
> Installed on Debian and when everything was installed and alla
> config-files were copied from old box i'm getting this in the log:
>
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Config: calling custom
> init function SQLBlacklist
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Starting up SQL Blacklist
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Could not use Custom
> Function code MailScanner::CustomConfig::InitSQLBlacklist, it could not
> be "eval"ed. Make sure the module is correct with perl -wc
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Config: calling custom
> init function MailWatchLogging
> Jan  8 17:04:52 piratefish2 MailScanner[5653]: Could not use Custom
> Function code MailScanner::CustomConfig::InitMailWatchLogging, it could
> not be "eval"ed. Make sure the module is correct with perl -wc
> Jan  8 17:04:52 piratefish2 MailScanner[5653]: Config: calling custom
> init function SQLWhitelist
> Jan  8 17:04:52 piratefish2 MailScanner[5653]: Starting up SQL Whitelist
> Jan  8 17:04:52 piratefish2 MailScanner[5653]: Could not use Custom
> Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not
> be "eval"ed. Make sure the module is correct with perl -wc
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Started SQL Logging child
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Config: calling custom
> init function SQLWhitelist
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Starting up SQL Whitelist
> Jan  8 17:04:52 piratefish2 MailScanner[5651]: Could not use Custom
> Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not
> be "eval"ed. Make sure the module is correct with perl -wc
>
> I've tried perl -wc on the files but it says syntax ok. Anyone knows
> whats wrong?
>
> Thank you
>
> / Martin
>
Hej Martin,

This is might be due to the postfix user (that you run MailScanner as)
not being able to read the MailWatch SQLBlackWhiteList.pm file, so
check that it can do that... Also, did you remember to set it up
(MySQL user/password etc)?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From rob at robhq.com  Mon Jan  8 19:18:36 2007
From: rob at robhq.com (rob)
Date: Mon Jan  8 18:20:29 2007
Subject: Avast and MailScanner
Message-ID: <20070108181723.M67295@robhq.com>

Any plans to add Avast anti-virus support in with MailScanner?  Looks like it is free
for home use, and not all that expensive for corp use compared to some other solutions.

Thanks in advance

Rob
From glenn.steen at gmail.com  Mon Jan  8 20:24:59 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan  8 19:26:34 2007
Subject: Avast and MailScanner
In-Reply-To: <20070108181723.M67295@robhq.com>
References: <20070108181723.M67295@robhq.com>
Message-ID: <223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>

On 08/01/07, rob <rob@robhq.com> wrote:
> Any plans to add Avast anti-virus support in with MailScanner?  Looks like it is free
> for home use, and not all that expensive for corp use compared to some other solutions.
>
> Thanks in advance
>
> Rob
I've been meaning to type up a wrapper for some time now, but so far
it is one of the least prioritised projects I have. Time being at the
premium, means it never gets done:-).

If you'd like to make a stab yourself, it's not that hard... look in
SweepViruses.pm and one of the simpler wrappers... The real
time-consumer is the testing bit (as always:).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From rob at robhq.com  Mon Jan  8 20:38:35 2007
From: rob at robhq.com (rob)
Date: Mon Jan  8 19:40:27 2007
Subject: Avast and MailScanner
In-Reply-To: <223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>
References: <20070108181723.M67295@robhq.com>
	<223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>
Message-ID: <20070108193754.M44087@robhq.com>

On Mon, 8 Jan 2007 20:24:59 +0100, Glenn Steen wrote
> On 08/01/07, rob <rob@robhq.com> wrote:
> > Any plans to add Avast anti-virus support in with MailScanner?  Looks like it is free
> > for home use, and not all that expensive for corp use compared to some other solutions.
> >
> > Thanks in advance
> >
> > Rob
> I've been meaning to type up a wrapper for some time now, but so far
> it is one of the least prioritised projects I have. Time being at the
> premium, means it never gets done:-).
> 
> If you'd like to make a stab yourself, it's not that hard... look in
> SweepViruses.pm and one of the simpler wrappers... The real
> time-consumer is the testing bit (as always:).
> 
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> -- 

I will take a stab at it.  Thanks for the info!

Rob

From MailScanner at ecs.soton.ac.uk  Mon Jan  8 22:25:01 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan  8 21:29:43 2007
Subject: Spamhaus PBL zone now live
In-Reply-To: <45A17067.4060008@tulsaconnect.com>
References: <45A17067.4060008@tulsaconnect.com>
Message-ID: <45A2B6AD.9050607@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have added the pbl and zen domains to the spam.lists.conf file in the 
main distribution.
Should I change the default supplied set of Spam Lists = setting to 
include either the pbl or zen domains?

TCIS List Acct wrote:
> FYI,
>
> The new RBL zone from Spamhaus called Policy Block List (PBL) is now 
> live (in public beta) and included in the main zone "zen.spamhaus.org" 
> (which combines the SBL, XBL, and PBL databases)
>
> http://www.spamhaus.org/pbl/
> http://www.spamhaus.org/zen/
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFForcmEfZZRxQVtlQRAog/AKDO8uYCSz3pS46D3sO3uTXBt3dmjgCfVX8O
PLl1omef5VFU/dOw1T46RgY=
=FRAN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Mon Jan  8 22:27:38 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan  8 21:32:14 2007
Subject: Avast and MailScanner
In-Reply-To: <20070108193754.M44087@robhq.com>
References: <20070108181723.M67295@robhq.com>	<223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>
	<20070108193754.M44087@robhq.com>
Message-ID: <45A2B74A.9080000@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



rob wrote:
> On Mon, 8 Jan 2007 20:24:59 +0100, Glenn Steen wrote
>   
>> On 08/01/07, rob <rob@robhq.com> wrote:
>>     
>>> Any plans to add Avast anti-virus support in with MailScanner?  Looks like it is free
>>> for home use, and not all that expensive for corp use compared to some other solutions.
>>>
>>> Thanks in advance
>>>
>>> Rob
>>>       
>> I've been meaning to type up a wrapper for some time now, but so far
>> it is one of the least prioritised projects I have. Time being at the
>> premium, means it never gets done:-).
>>
>> If you'd like to make a stab yourself, it's not that hard... look in
>> SweepViruses.pm and one of the simpler wrappers... The real
>> time-consumer is the testing bit (as always:).
>>
>> -- 
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> -- 
>>     
>
> I will take a stab at it.  Thanks for the info!
>   
Tell me where I can download it and I'll give you a hand.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFForfqEfZZRxQVtlQRAnLDAJ9WOiw0PyT4gfl3D2o+dv+XmtqVFQCgnBVA
H2h4fKuPqxulCPL6+FXFrRs=
=/2i+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From steve.freegard at fsl.com  Mon Jan  8 22:41:17 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Mon Jan  8 21:43:04 2007
Subject: Spamhaus PBL zone now live
In-Reply-To: <45A2B6AD.9050607@ecs.soton.ac.uk>
References: <45A17067.4060008@tulsaconnect.com>
	<45A2B6AD.9050607@ecs.soton.ac.uk>
Message-ID: <45A2BA7D.9060205@fsl.com>

Hi Julian,

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I have added the pbl and zen domains to the spam.lists.conf file in the 
> main distribution.
> Should I change the default supplied set of Spam Lists = setting to 
> include either the pbl or zen domains?

My personal opinion is that 'Spam Lists' should be defaulted to empty.

The Spamhaus mirrors are not really free to those who have a high mail 
volume.  If you make more than a certain number of queries to the 
mirrors, you will be contacted by them and asked to purchase a datafeed 
subscription.

I also think that any RBL choice should be made by the admin of the 
system, that way they know why when a messages is marked as '{Spam?}' 
but was scored by SpamAssassin beneath their 'Required SpamAssassin 
Score' threshold.

Cheers,
Steve.
From Denis.Beauchemin at USherbrooke.ca  Mon Jan  8 22:41:26 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Mon Jan  8 21:44:06 2007
Subject: Spamhaus PBL zone now live
In-Reply-To: <45A2B6AD.9050607@ecs.soton.ac.uk>
References: <45A17067.4060008@tulsaconnect.com>
	<45A2B6AD.9050607@ecs.soton.ac.uk>
Message-ID: <45A2BA86.9040902@USherbrooke.ca>

Julian Field a ?crit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have added the pbl and zen domains to the spam.lists.conf file in the 
> main distribution.
> Should I change the default supplied set of Spam Lists = setting to 
> include either the pbl or zen domains?
>
> TCIS List Acct wrote:
>   
>> FYI,
>>
>> The new RBL zone from Spamhaus called Policy Block List (PBL) is now 
>> live (in public beta) and included in the main zone "zen.spamhaus.org" 
>> (which combines the SBL, XBL, and PBL databases)
>>
>> http://www.spamhaus.org/pbl/
>> http://www.spamhaus.org/zen/
>>
>>     
>
> Jules
>
>   

Julian,

I wouldn't activate them by default because of the following:
> ZEN Usage
>
> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors 
> is free for low-traffic mail servers serving less than 100 users. Use 
> of the Spamhaus DNSBLs by commercial users, including corporate 
> networks, ISPs and ESPs, requires a subscription to Spamhaus's Data 
> Feed <http://www.spamhaus.org/datafeed/index.html> service.
Besides, zen includes pbl...

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070108/773a6742/smime.bin
From steve.freegard at fsl.com  Mon Jan  8 22:45:37 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Mon Jan  8 21:47:24 2007
Subject: Avast and MailScanner
In-Reply-To: <45A2B74A.9080000@ecs.soton.ac.uk>
References: <20070108181723.M67295@robhq.com>	<223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>	<20070108193754.M44087@robhq.com>
	<45A2B74A.9080000@ecs.soton.ac.uk>
Message-ID: <45A2BB81.4010701@fsl.com>

Hi Jules,

Julian Field wrote:
> Tell me where I can download it and I'll give you a hand.

See http://www.avast.com/eng/download-avast-for-linux-edition.html for 
the various formats (RPM, DEB or tar.gz).

Cheers,
Steve.
From rob at robhq.com  Mon Jan  8 22:46:36 2007
From: rob at robhq.com (Rob Freeman)
Date: Mon Jan  8 21:48:42 2007
Subject: Avast and MailScanner
In-Reply-To: <45A2B74A.9080000@ecs.soton.ac.uk>
References: <20070108181723.M67295@robhq.com>	<223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>	<20070108193754.M44087@robhq.com>
	<45A2B74A.9080000@ecs.soton.ac.uk>
Message-ID: <000001c7336e$78d03a80$6a70af80$@com>



-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: Monday, January 08, 2007 3:28 PM
To: MailScanner discussion
Subject: Re: Avast and MailScanner

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



rob wrote:
> On Mon, 8 Jan 2007 20:24:59 +0100, Glenn Steen wrote
>   
>> On 08/01/07, rob <rob@robhq.com> wrote:
>>     
>>> Any plans to add Avast anti-virus support in with MailScanner?  Looks
like it is free
>>> for home use, and not all that expensive for corp use compared to some
other solutions.
>>>
>>> Thanks in advance
>>>
>>> Rob
>>>       
>> I've been meaning to type up a wrapper for some time now, but so far
>> it is one of the least prioritised projects I have. Time being at the
>> premium, means it never gets done:-).
>>
>> If you'd like to make a stab yourself, it's not that hard... look in
>> SweepViruses.pm and one of the simpler wrappers... The real
>> time-consumer is the testing bit (as always:).
>>
>> -- 
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> -- 
>>     
>
> I will take a stab at it.  Thanks for the info!
>   
Tell me where I can download it and I'll give you a hand.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store


http://www.avast.com/eng/download-avast-for-linux-edition.html

Looks like it uses the same kind of setup as avg for the updates and the
scanning from my initial findings.  Then again, I could be wrong and that
would not be a first at all.

Rob



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.16.7/620 - Release Date: 1/8/2007
4:12 PM
 

From saa at orbit.net.pk  Tue Jan  9 04:31:27 2007
From: saa at orbit.net.pk (Shahid Ashraf)
Date: Tue Jan  9 03:33:21 2007
Subject: Junk E-Mails
Message-ID: <001c01c7339e$a5da6070$0201a8c0@shahidashraf>

Dear All,

I have installed Sendmail + Mailscanner + Spamassasin + ClamV in Sun Solaris , but from last few weeks I'm facing problem of junk mails. Lots of time I have blocked them but fail to prevent from these junk mails, can some one help me regarding this issue.

Regards

Shahid Ashraf 

-- 
This message has been scanned for viruses and dangerous content by Orbit Mail Server, and is believed to 
be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070109/a0c8add3/attachment.html
From azher at niit.edu.pk  Tue Jan  9 05:05:01 2007
From: azher at niit.edu.pk (Azher Amin)
Date: Tue Jan  9 04:06:48 2007
Subject: Junk E-Mails
In-Reply-To: <001c01c7339e$a5da6070$0201a8c0@shahidashraf>
References: <001c01c7339e$a5da6070$0201a8c0@shahidashraf>
Message-ID: <45A3146D.2070207@niit.edu.pk>

Try installing Botnet plugin. I am not getting less than one spam / day.

http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.7.tar

-Azher Amin


Shahid Ashraf wrote:

> Dear All,
>  
> I have installed Sendmail + Mailscanner + Spamassasin + ClamV in Sun 
> Solaris , but from last few weeks I'm facing problem of junk mails. 
> Lots of time I have blocked them but fail to prevent from these junk 
> mails, can some one help me regarding this issue.
>  
> Regards
>  
> Shahid Ashraf
>
> -- 
> This message has been scanned for viruses and
> dangerous content by *Orbit Mail Server* <http://www.orbit.net.pk/>*, 
> and is
> believed to be clean.
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. *



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From eersana at yahoo.com  Tue Jan  9 05:26:10 2007
From: eersana at yahoo.com (anas asree)
Date: Tue Jan  9 04:27:48 2007
Subject: Reject bounce email
Message-ID: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>

Hi all
I've installed Postfix+Mailscanner+Mailwatch on SuSe 10.0

My users have been receiving a lot of undelivered mail message from outside of our network. These emails have made our users complaint to us, although they did not send such email..

How can I reject such emails from bouncing back to our users mailbox ?



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070108/c72c21e6/attachment.html
From glenn.steen at gmail.com  Tue Jan  9 09:16:53 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan  9 08:18:31 2007
Subject: Avast and MailScanner
In-Reply-To: <000001c7336e$78d03a80$6a70af80$@com>
References: <20070108181723.M67295@robhq.com>
	<223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>
	<20070108193754.M44087@robhq.com> <45A2B74A.9080000@ecs.soton.ac.uk>
	<000001c7336e$78d03a80$6a70af80$@com>
Message-ID: <223f97700701090016m326d27c4p645775a7c3bdde44@mail.gmail.com>

On 08/01/07, Rob Freeman <rob@robhq.com> wrote:
>
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: Monday, January 08, 2007 3:28 PM
> To: MailScanner discussion
> Subject: Re: Avast and MailScanner
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> rob wrote:
> > On Mon, 8 Jan 2007 20:24:59 +0100, Glenn Steen wrote
> >
> >> On 08/01/07, rob <rob@robhq.com> wrote:
> >>
> >>> Any plans to add Avast anti-virus support in with MailScanner?  Looks
> like it is free
> >>> for home use, and not all that expensive for corp use compared to some
> other solutions.
> >>>
> >>> Thanks in advance
> >>>
> >>> Rob
> >>>
> >> I've been meaning to type up a wrapper for some time now, but so far
> >> it is one of the least prioritised projects I have. Time being at the
> >> premium, means it never gets done:-).
> >>
> >> If you'd like to make a stab yourself, it's not that hard... look in
> >> SweepViruses.pm and one of the simpler wrappers... The real
> >> time-consumer is the testing bit (as always:).
> >>
> >> --
> >> -- Glenn
> >> email: glenn < dot > steen < at > gmail < dot > com
> >> work: glenn < dot > steen < at > ap1 < dot > se
> >> --
> >>
> >
> > I will take a stab at it.  Thanks for the info!
> >
> Tell me where I can download it and I'll give you a hand.
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
>
> http://www.avast.com/eng/download-avast-for-linux-edition.html
>
> Looks like it uses the same kind of setup as avg for the updates and the
> scanning from my initial findings.  Then again, I could be wrong and that
> would not be a first at all.
>
> Rob
>
Looks like I'll need search for another project to keep at a back
burner:-). You all will probably finish before I get anything going
(especially now that Jules is back in business;).
I'll help with debug/test work though... Give a holler when you have
something to test.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From martinh at solidstatelogic.com  Tue Jan  9 10:05:58 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan  9 09:08:24 2007
Subject: Junk E-Mails
In-Reply-To: <001c01c7339e$a5da6070$0201a8c0@shahidashraf>
Message-ID: <1bd6ace7ce3b6f47a9ee016319165e8c@solidstatelogic.com>

Hi

What version of Spamassassin are you running?  3.1.7 with the latest
sa-update rules is helpful.

I presume you're running the URI-RBLs?

Also dcc/razor2/pyzor can help.

This and the SARE/Fred/Jennifer rules from www.rulesemporium.com.

SA, unfortunately isn't  a set and forget, you need to keep up to date
and keep tuning it..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Shahid Ashraf
> Sent: 09 January 2007 03:31
> To: mailscanner@lists.mailscanner.info
> Subject: Junk E-Mails
>
> Dear All,
>
> I have installed Sendmail + Mailscanner + Spamassasin + ClamV in Sun
> Solaris , but from last few weeks I'm facing problem of junk mails.
Lots
> of time I have blocked them but fail to prevent from these junk mails,
can
> some one help me regarding this issue.
>
>
> Regards
>
> Shahid Ashraf
>
>
> --
> This message has been scanned for viruses and
> dangerous content by Orbit Mail Server <http://www.orbit.net.pk/> ,
and is
> believed to be clean.




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From drew at technologytiger.net  Tue Jan  9 11:28:11 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Tue Jan  9 10:30:03 2007
Subject: Reject bounce email
In-Reply-To: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
Message-ID: <36230.194.70.180.170.1168338491.squirrel@www.technologytiger.net>

On Tue, January 9, 2007 04:26, anas asree wrote:
> Hi all
> I've installed Postfix+Mailscanner+Mailwatch on SuSe 10.0
>
> My users have been receiving a lot of undelivered mail message from
> outside of our network. These emails have made our users complaint to us,
> although they did not send such email..
>
> How can I reject such emails from bouncing back to our users mailbox ?

Are you rejecting unknown senders in Postfix? Usually these bounce spams/
Jo Job attacks are targeted at random names and you can reject the
majority by using recipient maps of some kind.

If you can post an example set of headers there might be some other things
that can be done.

Drew

From gerard at seibercom.net  Tue Jan  9 12:15:31 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Tue Jan  9 11:17:03 2007
Subject: Reject bounce email
In-Reply-To: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
Message-ID: <20070109061338.20A5.GERARD@seibercom.net>

On Monday January 08, 2007 at 11:26:10 (PM) anas asree wrote:

> Hi all
> I've installed Postfix+Mailscanner+Mailwatch on SuSe 10.0
> 
> My users have been receiving a lot of undelivered mail message from outside of our network. These emails have made our users complaint to us, although they did not send such email..
> 
> How can I reject such emails from bouncing back to our users mailbox ?

If you are using Postfix, please include the output of: postconf -n as
well as your Postfix version. The inclusion of your mail logs with the
pertinent information regarding this problem would also be greatly
appreciated.

-- 
Gerard
From res at ausics.net  Tue Jan  9 12:39:34 2007
From: res at ausics.net (Res)
Date: Tue Jan  9 11:41:20 2007
Subject: Reject bounce email
In-Reply-To: <20070109061338.20A5.GERARD@seibercom.net>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
	<20070109061338.20A5.GERARD@seibercom.net>
Message-ID: <Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>

On Tue, 9 Jan 2007, Gerard Seibert wrote:

> If you are using Postfix, please include the output of: postconf -n as

isn't this more suited to the postfix mailing list, I fail to see what it 
has to do with MailScanner.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From drew at technologytiger.net  Tue Jan  9 13:12:15 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Tue Jan  9 12:14:01 2007
Subject: Reject bounce email
In-Reply-To: <Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
	<20070109061338.20A5.GERARD@seibercom.net>
	<Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
Message-ID: <36703.194.70.180.170.1168344735.squirrel@www.technologytiger.net>

On Tue, January 9, 2007 11:39, Res wrote:
> On Tue, 9 Jan 2007, Gerard Seibert wrote:
>
>> If you are using Postfix, please include the output of: postconf -n as
>
> isn't this more suited to the postfix mailing list, I fail to see what it
> has to do with MailScanner.

You Sendmailite :-)

Postfix is an MTA that can be used with MailScanner (Even though the
author of the said MTA thinks not!) and therefore it is sort of related.
There are a few of us out here that do use Postfix and between Postfix and
MailScanner can probably reduce the problem.

Remember if you utter the MS word on the Postfix list you are likely to be
ex-communicated and be written out of Wietse's will ;-)

Drew

From rob at robhq.com  Tue Jan  9 13:27:54 2007
From: rob at robhq.com (rob)
Date: Tue Jan  9 12:29:59 2007
Subject: Sudden slowness to respond to mail
Message-ID: <20070109121604.M85527@robhq.com>

Not sure why but around 1:30pm yesterday, our Nagios server started complaining that it
could not connect via SMTP to either of our MailScanner servers.  I checked and we could
get mail back and forth from places like yahoo, gmail, etc.  Upon checking the logs, we
are getting a flood of this:

Jan  9 06:12:08 mail1 sendmail[22707]: l09CBX6l022707: arm180.bigfootinteractive.com
[206.132.3.180] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:12:31 mail1 sendmail[22709]: l09CBtI0022709:
airspan-218-44.33.radom.pilicka.pl [82.197.44.218] did not issue MAIL/EXPN/VRFY/ETRN
during connection to MTA
Jan  9 06:12:34 mail1 sendmail[22715]: l09CBxwC022715: e176093214.adsl.alicedsl.de
[85.176.93.214] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:12:53 mail1 sendmail[22727]: l09CCMuB022727: jean.fleetone.com [172.16.20.185]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:13:24 mail1 sendmail[22731]: l09CCnaI022731: avh179.neoplus.adsl.tpnet.pl
[83.27.41.179] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:13:38 mail1 sendmail[22735]: l09CD3H9022735: sv25pub.verizon.net
[206.46.252.161] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:13:57 mail1 sendmail[22742]: l09CDMxn022742: [59.39.93.106] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:14:10 mail1 sendmail[22744]: l09CDZG5022744: mailer204.ftl.sportsline.com
[64.30.226.39] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:14:32 mail1 sendmail[22749]: l09CDvZU022749: srv2.worldnox.net [204.10.36.240]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan  9 06:14:38 mail1 sendmail[22751]: l09CE3uC022751: sv25pub.verizon.net
[206.46.252.161] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA


I can see where sendmail is waiting though for a connect:

[root@maryann mqueue]# ps -ef | grep sendmail
root      5324     1  0 Jan08 ?        00:00:01 sendmail: accepting connections        
                                                                        
smmsp     5329     1  0 Jan08 ?        00:00:00 sendmail: Queue runner@00:15:00 for
/var/spool/clientmqueue
root      5335     1  0 Jan08 ?        00:00:00 sendmail: Queue runner@00:15:00 for
/var/spool/mqueue
root     21991  5324  0 05:38 ?        00:00:00 sendmail: server [211.203.47.134] cmd
read                                                                      
root     22872  5324  0 06:21 ?        00:00:00 sendmail: startup with
88-106-220-38.dynamic.dsl.as9105.com                                                     
root     22873  5324  0 06:21 ?        00:00:00 sendmail: startup with
dsl.dynamic859769199.ttnet.net.tr                                                        
root     22875  5324  0 06:21 ?        00:00:00 sendmail: startup with server.8disc.net
                                                                        
root     22879  1468  0 06:21 pts/0    00:00:00 grep sendmail

In doing a telnet to port 25 on each server, it is taking up to 35 seconds for sendmail
to respond on each box.  One server is CentOS 3.6 while the other is CentOS 4.4. 

sendmail-8.12.11-4.RHEL3.6
sendmail-8.13.1-3.RHEL4.5

What would cause the sudden slowness of the response?  I am not running a greet pause in
sendmail.

Thanks in advance

Rob
From martinh at solidstatelogic.com  Tue Jan  9 13:34:19 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan  9 12:36:07 2007
Subject: Sudden slowness to respond to mail
In-Reply-To: <20070109121604.M85527@robhq.com>
Message-ID: <db6c32a2ae4ce6408641e8b4d01d2c1a@solidstatelogic.com>

Load on the machine

Sendmail will delay then stop responding as the load increases - see the
sendmail.cf for current settings.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of rob
> Sent: 09 January 2007 12:28
> To: mailscanner@lists.mailscanner.info
> Subject: Sudden slowness to respond to mail
>
> Not sure why but around 1:30pm yesterday, our Nagios server started
> complaining that it
> could not connect via SMTP to either of our MailScanner servers.  I
> checked and we could
> get mail back and forth from places like yahoo, gmail, etc.  Upon
checking
> the logs, we
> are getting a flood of this:
>
> Jan  9 06:12:08 mail1 sendmail[22707]: l09CBX6l022707:
> arm180.bigfootinteractive.com
> [206.132.3.180] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA
> Jan  9 06:12:31 mail1 sendmail[22709]: l09CBtI0022709:
> airspan-218-44.33.radom.pilicka.pl [82.197.44.218] did not issue
> MAIL/EXPN/VRFY/ETRN
> during connection to MTA
> Jan  9 06:12:34 mail1 sendmail[22715]: l09CBxwC022715:
> e176093214.adsl.alicedsl.de
> [85.176.93.214] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA
> Jan  9 06:12:53 mail1 sendmail[22727]: l09CCMuB022727:
jean.fleetone.com
> [172.16.20.185]
> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> Jan  9 06:13:24 mail1 sendmail[22731]: l09CCnaI022731:
> avh179.neoplus.adsl.tpnet.pl
> [83.27.41.179] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA
> Jan  9 06:13:38 mail1 sendmail[22735]: l09CD3H9022735:
sv25pub.verizon.net
> [206.46.252.161] did not issue MAIL/EXPN/VRFY/ETRN during connection
to
> MTA
> Jan  9 06:13:57 mail1 sendmail[22742]: l09CDMxn022742: [59.39.93.106]
did
> not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Jan  9 06:14:10 mail1 sendmail[22744]: l09CDZG5022744:
> mailer204.ftl.sportsline.com
> [64.30.226.39] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA
> Jan  9 06:14:32 mail1 sendmail[22749]: l09CDvZU022749:
srv2.worldnox.net
> [204.10.36.240]
> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> Jan  9 06:14:38 mail1 sendmail[22751]: l09CE3uC022751:
sv25pub.verizon.net
> [206.46.252.161] did not issue MAIL/EXPN/VRFY/ETRN during connection
to
> MTA
>
>
> I can see where sendmail is waiting though for a connect:
>
> [root@maryann mqueue]# ps -ef | grep sendmail
> root      5324     1  0 Jan08 ?        00:00:01 sendmail: accepting
> connections
>
> smmsp     5329     1  0 Jan08 ?        00:00:00 sendmail: Queue
> runner@00:15:00 for
> /var/spool/clientmqueue
> root      5335     1  0 Jan08 ?        00:00:00 sendmail: Queue
> runner@00:15:00 for
> /var/spool/mqueue
> root     21991  5324  0 05:38 ?        00:00:00 sendmail: server
> [211.203.47.134] cmd
> read
> root     22872  5324  0 06:21 ?        00:00:00 sendmail: startup with
> 88-106-220-38.dynamic.dsl.as9105.com
> root     22873  5324  0 06:21 ?        00:00:00 sendmail: startup with
> dsl.dynamic859769199.ttnet.net.tr
> root     22875  5324  0 06:21 ?        00:00:00 sendmail: startup with
> server.8disc.net
>
> root     22879  1468  0 06:21 pts/0    00:00:00 grep sendmail
>
> In doing a telnet to port 25 on each server, it is taking up to 35
seconds
> for sendmail
> to respond on each box.  One server is CentOS 3.6 while the other is
> CentOS 4.4.
>
> sendmail-8.12.11-4.RHEL3.6
> sendmail-8.13.1-3.RHEL4.5
>
> What would cause the sudden slowness of the response?  I am not
running a
> greet pause in
> sendmail.
>
> Thanks in advance
>
> Rob
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From res at ausics.net  Tue Jan  9 13:45:54 2007
From: res at ausics.net (Res)
Date: Tue Jan  9 12:47:38 2007
Subject: Reject bounce email
In-Reply-To: <Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
	<20070109061338.20A5.GERARD@seibercom.net>
	<Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
Message-ID: <Pine.LNX.4.64.0701092234110.17939@ebfjryy.nhfvpf.arg>


On Tue, January 9, 2007 Drew Marshall wrote:

>You Sendmailite :-)

  :P

>Postfix is an MTA that can be used with MailScanner (Even though the
>author of the said MTA thinks not!) and therefore it is sort of related.

The signal to noise ratio has been bad in recent times, and most of it has 
nothing to do with MailScanner, this impedes those needing help with 
MailScanner, the fact someone gets back chatter with postmix <:P> has
nothing to do with MailScanner.


>Remember if you utter the MS word on the Postfix list you are likely to 
>be ex-communicated and be written out of Wietse's will ;-)

It is probably the only thing I actually agree with him on, the 
reason the Internet is full of 1M+ lists for different things is so those 
things can be discussed there, once discovered the issue is not related 
to MailScanner the issue then becomes OT and should be taken elsewhere to
keep the signal to nosie ratio at a low.

An MTA can be used with NetApp filers as their storage, should we give 
support for these as well?  Typcially, mail to an MTA passes through a 
router, should we support cisco, juniper and foundry issues as well? :)


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From glenn.steen at gmail.com  Tue Jan  9 13:52:16 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan  9 12:53:56 2007
Subject: Reject bounce email
In-Reply-To: <Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
	<20070109061338.20A5.GERARD@seibercom.net>
	<Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
Message-ID: <223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>

On 09/01/07, Res <res@ausics.net> wrote:
> On Tue, 9 Jan 2007, Gerard Seibert wrote:
>
> > If you are using Postfix, please include the output of: postconf -n as
>
> isn't this more suited to the postfix mailing list, I fail to see what it
> has to do with MailScanner.
>
Well.... In principle you are of course correct Res, but ... I fail to
see how this differs much from the general off-topicness we usually
manage to harbour when it comes to MTA setup/tweaking (and that goes
for PF, sendmail, milters, statistics etc etc etc).
Had pretty much the same reaction though (I certainly wouldn't want to
see the complete postconf -n, nor more than a small _relevant_ snippet
of the logs:-) when I read Gerard's mail... so maybe we're not that
far apart;-).

As I read this, we're looking at "rightly addressed"
spoof-backscatter, so one would have to look at it for more relevant
details... Some ideas could be gained by a simple google (I found
http://archives.neohapsis.com/archives/postfix/2006-06/0649.html
(which builds a bit on Drew's latter suggestion) searching for
"postfix limit backscatter"), as well as implementing the usual UCE PF
things (limiting commands, rejecting things pretending to be sent from
your "inside" etc etc).

I see very little of this kind of thing, with those measures in place:-)

If one is using 2.3 and is feeling adventurous, why not try out
milter-null... Haven't got a clue if it would work:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan  9 13:55:50 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan  9 12:57:29 2007
Subject: Reject bounce email
In-Reply-To: <223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
	<20070109061338.20A5.GERARD@seibercom.net>
	<Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
	<223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>
Message-ID: <223f97700701090455i1c3286a6ubf94df075563ae8b@mail.gmail.com>

On 09/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> (I certainly wouldn't want to
> see the complete postconf -n, nor more than a small _relevant_ snippet
> of the logs:-) when I read Gerard's mail...
Before Greard bashes me over the head with it, I do know that
"postconf -n" is usually rather brief, since it is the cousin of
"MailScanner --changed" ...:-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From rob at robhq.com  Tue Jan  9 14:38:29 2007
From: rob at robhq.com (rob)
Date: Tue Jan  9 13:40:24 2007
Subject: Sudden slowness to respond to mail
In-Reply-To: <db6c32a2ae4ce6408641e8b4d01d2c1a@solidstatelogic.com>
References: <20070109121604.M85527@robhq.com>
	<db6c32a2ae4ce6408641e8b4d01d2c1a@solidstatelogic.com>
Message-ID: <20070109132345.M45205@robhq.com>

Well it ended up being this in the sendmail.mc file:

dnl # FEATURE(`dnsbl', `relays.ordb.org', `"550 Mail from " $`'&{client_addr} " refused
- see http://relays.ordb.org/"')dnl

Once it was commented out, sendmail started responding in less then a second.  

On Tue, 09 Jan 2007 12:34:19 +0000, Martin.Hepworth wrote
> Load on the machine
> 
> Sendmail will delay then stop responding as the load increases - see the
> sendmail.cf for current settings.
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of rob
> > Sent: 09 January 2007 12:28
> > To: mailscanner@lists.mailscanner.info
> > Subject: Sudden slowness to respond to mail
> >
> > Not sure why but around 1:30pm yesterday, our Nagios server started
> > complaining that it
> > could not connect via SMTP to either of our MailScanner servers.  I
> > checked and we could
> > get mail back and forth from places like yahoo, gmail, etc.  Upon
> checking
> > the logs, we
> > are getting a flood of this:
> >
> > Jan  9 06:12:08 mail1 sendmail[22707]: l09CBX6l022707:
> > arm180.bigfootinteractive.com
> > [206.132.3.180] did not issue MAIL/EXPN/VRFY/ETRN during connection to
> MTA
> > Jan  9 06:12:31 mail1 sendmail[22709]: l09CBtI0022709:
> > airspan-218-44.33.radom.pilicka.pl [82.197.44.218] did not issue
> > MAIL/EXPN/VRFY/ETRN
> > during connection to MTA
> > Jan  9 06:12:34 mail1 sendmail[22715]: l09CBxwC022715:
> > e176093214.adsl.alicedsl.de
> > [85.176.93.214] did not issue MAIL/EXPN/VRFY/ETRN during connection to
> MTA
> > Jan  9 06:12:53 mail1 sendmail[22727]: l09CCMuB022727:
> jean.fleetone.com
> > [172.16.20.185]
> > did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> > Jan  9 06:13:24 mail1 sendmail[22731]: l09CCnaI022731:
> > avh179.neoplus.adsl.tpnet.pl
> > [83.27.41.179] did not issue MAIL/EXPN/VRFY/ETRN during connection to
> MTA
> > Jan  9 06:13:38 mail1 sendmail[22735]: l09CD3H9022735:
> sv25pub.verizon.net
> > [206.46.252.161] did not issue MAIL/EXPN/VRFY/ETRN during connection
> to
> > MTA
> > Jan  9 06:13:57 mail1 sendmail[22742]: l09CDMxn022742: [59.39.93.106]
> did
> > not issue
> > MAIL/EXPN/VRFY/ETRN during connection to MTA
> > Jan  9 06:14:10 mail1 sendmail[22744]: l09CDZG5022744:
> > mailer204.ftl.sportsline.com
> > [64.30.226.39] did not issue MAIL/EXPN/VRFY/ETRN during connection to
> MTA
> > Jan  9 06:14:32 mail1 sendmail[22749]: l09CDvZU022749:
> srv2.worldnox.net
> > [204.10.36.240]
> > did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> > Jan  9 06:14:38 mail1 sendmail[22751]: l09CE3uC022751:
> sv25pub.verizon.net
> > [206.46.252.161] did not issue MAIL/EXPN/VRFY/ETRN during connection
> to
> > MTA
> >
> >
> > I can see where sendmail is waiting though for a connect:
> >
> > [root@maryann mqueue]# ps -ef | grep sendmail
> > root      5324     1  0 Jan08 ?        00:00:01 sendmail: accepting
> > connections
> >
> > smmsp     5329     1  0 Jan08 ?        00:00:00 sendmail: Queue
> > runner@00:15:00 for
> > /var/spool/clientmqueue
> > root      5335     1  0 Jan08 ?        00:00:00 sendmail: Queue
> > runner@00:15:00 for
> > /var/spool/mqueue
> > root     21991  5324  0 05:38 ?        00:00:00 sendmail: server
> > [211.203.47.134] cmd
> > read
> > root     22872  5324  0 06:21 ?        00:00:00 sendmail: startup with
> > 88-106-220-38.dynamic.dsl.as9105.com
> > root     22873  5324  0 06:21 ?        00:00:00 sendmail: startup with
> > dsl.dynamic859769199.ttnet.net.tr
> > root     22875  5324  0 06:21 ?        00:00:00 sendmail: startup with
> > server.8disc.net
> >
> > root     22879  1468  0 06:21 pts/0    00:00:00 grep sendmail
> >
> > In doing a telnet to port 25 on each server, it is taking up to 35
> seconds
> > for sendmail
> > to respond on each box.  One server is CentOS 3.6 while the other is
> > CentOS 4.4.
> >
> > sendmail-8.12.11-4.RHEL3.6
> > sendmail-8.13.1-3.RHEL4.5
> >
> > What would cause the sudden slowness of the response?  I am not
> running a
> > greet pause in
> > sendmail.
> >
> > Thanks in advance
> >
> > Rob
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
> 
> **********************************************************************
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From mike at vesol.com  Tue Jan  9 14:55:18 2007
From: mike at vesol.com (Mike Kercher)
Date: Tue Jan  9 13:59:44 2007
Subject: Sudden slowness to respond to mail
In-Reply-To: <20070109132345.M45205@robhq.com>
Message-ID: <EAE39E9E242F774099806D1052118953370C01@samba2003.home.middlefinger.net>

mailscanner-bounces@lists.mailscanner.info <> scribbled on Tuesday,
January 09, 2007 7:38 AM:

> Well it ended up being this in the sendmail.mc file:
> 
> dnl # FEATURE(`dnsbl', `relays.ordb.org', `"550 Mail from "
> $`'&{client_addr} " refused
> - see http://relays.ordb.org/"')dnl
> 
> Once it was commented out, sendmail started responding in
> less then a second.
> 

http://www.theinquirer.net/default.aspx?article=36470

Mike


From alvaro at hostalia.com  Tue Jan  9 18:15:58 2007
From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=)
Date: Tue Jan  9 17:17:44 2007
Subject: sa-update and MailScanner
Message-ID: <45A3CDCE.2060109@hostalia.com>

Hello,

I've run sa-update on my MailScanner boxes and I see now the new PBL
rules in logs:

SpamAssassin (no almacenado, puntaje=13.184, requerido 6, BAYES_99 4.20,
HELO_DYNAMIC_SPLIT_IP 2.19, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_PBL 0.00,
RCVD_IN_SORBS_DUL 2.05, RELAYCOUNTRY_ES -0.20, URIBL_BLACK 3.00)

with 0.00 of score.

If I edit MailScanner.conf, I see:

# The rules created by the "sa-update" tool are searched for here.
# This directory contains the spamassassin/3.001001/updates_spamassassin_org
# directory structure beneath it.
# Only un-comment this setting once you have proved that the sa-update
# cron job has run successfully and has created a directory structure under
# the spamassassin directory within this one and has put some *.cf files in
# there. Otherwise it will ignore all your current rules!

# The default location may be /var/opt on Solaris systems.

SpamAssassin Local State Dir = # /var/lib

So if:

root@relay:/usr/local/share/spamassassin
# grep PBL *
root@relay:/usr/local/share/spamassassin
#

and

root@relay:/var/lib/spamassassin/3.001007/updates_spamassassin_org
# grep PBL *
20_dnsbl_tests.cf:# Spamhaus ZEN (was SBL, XBL, and PBL)
20_dnsbl_tests.cf:# PBL is the Policy Block List:
http://www.spamhaus.org/pbl/
20_dnsbl_tests.cf:header RCVD_IN_PBL
eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.1[01]')
20_dnsbl_tests.cf:describe RCVD_IN_PBL          Received via a relay in
Spamhaus PBL
20_dnsbl_tests.cf:tflags RCVD_IN_PBL            net
20_dnsbl_tests.cf:#reuse RCVD_IN_PBL
30_text_de.cf:lang de describe RCVD_IN_PBL Transportiert via Rechner in
PBL-Liste (http://www.spamhaus.org/pbl/)
30_text_nl.cf:lang nl describe RCVD_IN_PBL                     Ontvangen
via een relay die gevonden is in Spamhaus PBL
50_scores.cf:score RCVD_IN_PBL 0 0.001 0 0.001


Why are this rules applied?

Thanks!

Regards,
--
Alvaro Mar?n Illera
Hostalia Internet
www.hostalia.com

From nerijus at users.sourceforge.net  Tue Jan  9 01:53:44 2007
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Tue Jan  9 18:46:58 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
References: <4571B547.1090804@ecs.soton.ac.uk>
	<45743355.2040006@sendit.nodak.edu>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070104135003.4B4DBFF17@mx-a.vdnet.lt>
	<223f97700701041304g88f5cb1v4bb71f6f856a4b83@mail.gmail.com>
	<459D6E5E.2030107@ecs.soton.ac.uk>
	<223f97700701041330q15c1d5a5t7b511838b416362f@mail.gmail.com>
Message-ID: <loom.20070109T014705-477@post.gmane.org>

Glenn Steen <glenn.steen <at> gmail.com> writes:

> On 04/01/07, Julian Field <MailScanner <at> ecs.soton.ac.uk> wrote:
> > What do you need me to look at?
> >
> (snip)
> Well, these queue files Nerijus posted in
> http://thread.gmane.org/gmane.mail.virus.mailscanner/47084/focus=47128
> ... As you can see from the thread, postcat seems to grok them OK, but
> not MS. So I was planning (in your absense) to try see why things
> don't pan out... but never got the time. I sure would appreciate (not
> to mention Nerijus if you could take the time to look at them.

The problem is described here:


http://article.gmane.org/gmane.mail.virus.mailscanner/46998



And the queue files are attached here:


http://article.gmane.org/gmane.mail.virus.mailscanner/47128



BTW, is it just a simple (if I can call it so) problem with some
additions to queue files, or is it a more serious problem involving
interaction between postfix, its milter interface and MailScanner?

Thanks a lot!



Nerijus

From prandal at herefordshire.gov.uk  Tue Jan  9 21:58:56 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jan  9 21:00:47 2007
Subject: sa-update and MailScanner
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176820C@isabella.herefordshire.gov.uk>

I think that somewhere in the 3.1.x series Spamassassin changed (I think
it was back in 3.1.4 or 3.1.5) to automatically use the new sa-updated
rules if they were there.

Correct me if I'm wrong, someone.

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alvaro
Mar?n
Sent: Tuesday, January 09, 2007 5:16 PM
To: mailscanner@lists.mailscanner.info
Subject: sa-update and MailScanner

Hello,

I've run sa-update on my MailScanner boxes and I see now the new PBL
rules in logs:

SpamAssassin (no almacenado, puntaje=13.184, requerido 6, BAYES_99 4.20,
HELO_DYNAMIC_SPLIT_IP 2.19, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_PBL 0.00,
RCVD_IN_SORBS_DUL 2.05, RELAYCOUNTRY_ES -0.20, URIBL_BLACK 3.00)

with 0.00 of score.

If I edit MailScanner.conf, I see:

# The rules created by the "sa-update" tool are searched for here.
# This directory contains the
spamassassin/3.001001/updates_spamassassin_org
# directory structure beneath it.
# Only un-comment this setting once you have proved that the sa-update
# cron job has run successfully and has created a directory structure
under
# the spamassassin directory within this one and has put some *.cf files
in
# there. Otherwise it will ignore all your current rules!

# The default location may be /var/opt on Solaris systems.

SpamAssassin Local State Dir = # /var/lib

So if:

root@relay:/usr/local/share/spamassassin
# grep PBL *
root@relay:/usr/local/share/spamassassin
#

and

root@relay:/var/lib/spamassassin/3.001007/updates_spamassassin_org
# grep PBL *
20_dnsbl_tests.cf:# Spamhaus ZEN (was SBL, XBL, and PBL)
20_dnsbl_tests.cf:# PBL is the Policy Block List:
http://www.spamhaus.org/pbl/
20_dnsbl_tests.cf:header RCVD_IN_PBL
eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.1[01]')
20_dnsbl_tests.cf:describe RCVD_IN_PBL          Received via a relay in
Spamhaus PBL
20_dnsbl_tests.cf:tflags RCVD_IN_PBL            net
20_dnsbl_tests.cf:#reuse RCVD_IN_PBL
30_text_de.cf:lang de describe RCVD_IN_PBL Transportiert via Rechner in
PBL-Liste (http://www.spamhaus.org/pbl/)
30_text_nl.cf:lang nl describe RCVD_IN_PBL                     Ontvangen
via een relay die gevonden is in Spamhaus PBL
50_scores.cf:score RCVD_IN_PBL 0 0.001 0 0.001


Why are this rules applied?

Thanks!

Regards,
--
Alvaro Mar?n Illera
Hostalia Internet
www.hostalia.com

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From res at ausics.net  Tue Jan  9 23:18:00 2007
From: res at ausics.net (Res)
Date: Tue Jan  9 22:19:46 2007
Subject: Reject bounce email
In-Reply-To: <223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
	<20070109061338.20A5.GERARD@seibercom.net>
	<Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
	<223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701100806200.19943@ebfjryy.nhfvpf.arg>

On Tue, 9 Jan 2007, Glenn Steen wrote:

> On 09/01/07, Res <res@ausics.net> wrote:
>> On Tue, 9 Jan 2007, Gerard Seibert wrote:
>> 
>> > If you are using Postfix, please include the output of: postconf -n as
>> 
>> isn't this more suited to the postfix mailing list, I fail to see what it
>> has to do with MailScanner.
>> 
> Well.... In principle you are of course correct Res, but ... I fail to

The problem is, all the OT crap of this list, means those with real 
problems get ignored, the past few months have been hectic for Julian, if 
the list had only 5 posts a day that were only MailScanner related, its 
highly likely he would have had time to read it and help those with 
problems, I'm aware of some that had to wait till he returned.

Noise delays resolutions, I've seen so many knowledgeable people on many 
lists who can help people with problems cease to help because they miss
the posts because they do a high speed skim becaudse of trash that doesnt
belong there. For instance one of the Red Hat based lists that I was
a key contributor once, years later I'm still on the list, but all I do
these days is hit dddddddddddddddddddddddd -> to the end, the subject 
line display in pine tells me its all noise.

I am the first to admit I have participated in a good deal of the noise, 
but as spare my time is now coming to halt, theres little chance of that
continuing.

> see how this differs much from the general off-topicness we usually

it doesnt, its all noise

> manage to harbour when it comes to MTA setup/tweaking (and that goes

MTA tweaking with a configuration for MailScanner is of course signal. 
but back chatter and milters is high level noise, they are not caused nor 
introduced by MailScanner and will be there before and if you remove 
MailScanner.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From MailScanner at ecs.soton.ac.uk  Tue Jan  9 23:36:12 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan  9 22:42:24 2007
Subject: Spamhaus PBL zone now live
In-Reply-To: <45A2BA86.9040902@USherbrooke.ca>
References: <45A17067.4060008@tulsaconnect.com>	<45A2B6AD.9050607@ecs.soton.ac.uk>
	<45A2BA86.9040902@USherbrooke.ca>
Message-ID: <45A418DC.2010704@ecs.soton.ac.uk>

By default, it comes commented out, so the setting is empty.

Denis Beauchemin wrote:
> Julian Field a ?crit :
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have added the pbl and zen domains to the spam.lists.conf file in 
>> the main distribution.
>> Should I change the default supplied set of Spam Lists = setting to 
>> include either the pbl or zen domains?
>>
>> TCIS List Acct wrote:
>>  
>>> FYI,
>>>
>>> The new RBL zone from Spamhaus called Policy Block List (PBL) is now 
>>> live (in public beta) and included in the main zone 
>>> "zen.spamhaus.org" (which combines the SBL, XBL, and PBL databases)
>>>
>>> http://www.spamhaus.org/pbl/
>>> http://www.spamhaus.org/zen/
>>>
>>>     
>>
>> Jules
>>
>>   
>
> Julian,
>
> I wouldn't activate them by default because of the following:
>> ZEN Usage
>>
>> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL 
>> mirrors is free for low-traffic mail servers serving less than 100 
>> users. Use of the Spamhaus DNSBLs by commercial users, including 
>> corporate networks, ISPs and ESPs, requires a subscription to 
>> Spamhaus's Data Feed <http://www.spamhaus.org/datafeed/index.html> 
>> service.
> Besides, zen includes pbl...
>
> Denis
>

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From gerard at seibercom.net  Tue Jan  9 23:50:58 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Tue Jan  9 22:52:31 2007
Subject: Reject bounce email
In-Reply-To: <223f97700701090455i1c3286a6ubf94df075563ae8b@mail.gmail.com>
References: <223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>
	<223f97700701090455i1c3286a6ubf94df075563ae8b@mail.gmail.com>
Message-ID: <20070109174407.B22A.GERARD@seibercom.net>

On Tuesday January 09, 2007 at 07:55:50 (AM) Glenn Steen wrote:

> On 09/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> (snip)
> > (I certainly wouldn't want to
> > see the complete postconf -n, nor more than a small _relevant_ snippet
> > of the logs:-) when I read Gerard's mail...
> Before Greard bashes me over the head with it, I do know that
> "postconf -n" is usually rather brief, since it is the cousin of
> "MailScanner --changed" ...:-)

Fear not. I have given up bashing heads as my New Years resolution.

BTW, since I use Postfix, I simply thought that if the OP would (could)
supply further info I might be able to assist them. I certainly did not
mean to offend anyone. I only requested the 'postconf -n' output to see
if there were any obvious errors. The log extract would obviously be
limited to a small snippet of whatever his reported problem was suppose
to be.

I don't know about others; however, my crystal ball is out of service at
the present time. Without detailed info all I would be is guess. A feat
that serves little if any purpose, IMHO.

Ciao!

-- 
Gerard
From naolson at gmail.com  Tue Jan  9 23:53:47 2007
From: naolson at gmail.com (Nathan Olson)
Date: Tue Jan  9 22:55:29 2007
Subject: Reject bounce email
In-Reply-To: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
Message-ID: <8f54b4330701091453h20dc9d36n68b95ad7671b8ccc@mail.gmail.com>

milter-null

Nate
From deanm at ispone.com.au  Wed Jan 10 01:25:08 2007
From: deanm at ispone.com.au (Dean Manners)
Date: Wed Jan 10 00:27:51 2007
Subject: MailScanner / Postfix 2.3.3
Message-ID: <200701100026.l0A0Q20f004898@secondary.ispone.net.au>

Im running Postfix 2.3.3 with MailScanner 4.55.10.  Using the /^Received:/
HOLD config.  However looking at the MailScanner change log for 4.56:

09/10/2006 New in Version 4.56.8-1
3 Solved compatibility with Postfix 2.3.

Wondering if anyone can shed any light on this, is a different config used
with Postfix 2.3 / MailScanner 4.6+ - or is this just merely internal
MailScanner improvements for the queue file handling that has changed?  

 
Regards
__________________________________________ 
Dean Manners


From nerijus at users.sourceforge.net  Wed Jan 10 02:02:41 2007
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Wed Jan 10 01:04:30 2007
Subject: MailScanner / Postfix 2.3.3
References: <200701100026.l0A0Q20f004898@secondary.ispone.net.au>
Message-ID: <loom.20070110T020026-490@post.gmane.org>

Dean Manners <deanm <at> ispone.com.au> writes:

> Im running Postfix 2.3.3 with MailScanner 4.55.10.  Using the /^Received:/
> HOLD config.  However looking at the MailScanner change log for 4.56:
> 
> 09/10/2006 New in Version 4.56.8-1
> 3 Solved compatibility with Postfix 2.3.
> 
> Wondering if anyone can shed any light on this, is a different config used
> with Postfix 2.3 / MailScanner 4.6+ - or is this just merely internal
> MailScanner improvements for the queue file handling that has changed?  

Just (not) merely internal MailScanner improvements for the queue file handling
has changed. I'd suggest to upgrade.

Nerijus

From eersana at yahoo.com  Wed Jan 10 02:18:44 2007
From: eersana at yahoo.com (anas asree)
Date: Wed Jan 10 01:20:31 2007
Subject: Reject bounce email
Message-ID: <20070110011844.36102.qmail@web39804.mail.mud.yahoo.com>

Hi all

Thank you for the responses..but yesterday I used postfix access table format to block null sender..
and it seems that my mail server have not received undelivered mail message starting from yesterday..

----- Original Message ----
From: Drew Marshall <drew@technologytiger.net>
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Sent: Tuesday, January 9, 2007 6:28:11 PM
Subject: Re: Reject bounce email

On Tue, January 9, 2007 04:26, anas asree wrote:
> Hi all
> I've installed Postfix+Mailscanner+Mailwatch on SuSe 10.0
>
> My users have been receiving a lot of undelivered mail message from
> outside of our network. These emails have made our users complaint to us,
> although they did not send such email..
>
> How can I reject such emails from bouncing back to our users mailbox ?

Are you rejecting unknown senders in Postfix? Usually these bounce spams/
Jo Job attacks are targeted at random names and you can reject the
majority by using recipient maps of some kind.

If you can post an example set of headers there might be some other things
that can be done.

Drew

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070109/0311a920/attachment.html
From chandler at chapman.edu  Wed Jan 10 02:45:04 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Wed Jan 10 01:46:12 2007
Subject: sa-update and MailScanner
In-Reply-To: <45A3CDCE.2060109@hostalia.com>
References: <45A3CDCE.2060109@hostalia.com>
Message-ID: <45A44520.4060001@chapman.edu>

Alvaro Mar?n wrote:
> Hello,
>
> I've run sa-update on my MailScanner boxes and I see now the new PBL
> rules in logs:
>
>   
On a tangent, do you have to run sa-update with arguments, or merely 
type it at the command line by itself for it to update correctly?


-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: You did wha... oh _dear_.... 

From gregk at infosecsolutions.com.au  Mon Jan  8 23:59:49 2007
From: gregk at infosecsolutions.com.au (Greg Krzeszkowski)
Date: Wed Jan 10 05:17:42 2007
Subject: Ping (is there a list problem?)
Message-ID: <40c0956a69b3b97e1a49fd9b2da7df99@infosecsolutions.com.au>

haven't seen anything in > 24 hours...
--------------------------
Greg Krzeszkowski
Director, Infrastructure and Applications Development Practice
InfoSec Solutions
0411 154 261

From ka at pacific.net  Wed Jan 10 06:21:19 2007
From: ka at pacific.net (Ken A)
Date: Wed Jan 10 05:23:10 2007
Subject: sa-update and MailScanner
In-Reply-To: <45A44520.4060001@chapman.edu>
References: <45A3CDCE.2060109@hostalia.com> <45A44520.4060001@chapman.edu>
Message-ID: <45A477CF.8040407@pacific.net>

Jay Chandler wrote:
> Alvaro Mar?n wrote:
>> Hello,
>>
>> I've run sa-update on my MailScanner boxes and I see now the new PBL
>> rules in logs:
>>
>>   
> On a tangent, do you have to run sa-update with arguments, or merely 
> type it at the command line by itself for it to update correctly?
> 
> 


'sa-update -D' give you some debug info.. sometimes helpful info.

Ken A
Pacific.Net
From R.Sterenborg at netsourcing.nl  Wed Jan 10 09:02:35 2007
From: R.Sterenborg at netsourcing.nl (Rob Sterenborg)
Date: Wed Jan 10 08:05:11 2007
Subject: Somethnig not passed to FuzzyOcr?
Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488DEDA@WISENT.dcyb.net>

Hi,

I recently installed FuzzyOcr (3.5.0-rc1, now 3.5.1) and got it to work
using MailScanner-4.51 and SpamAssassin-3.1.7 and Postfix-2.3.

Since a day or two focr isn't seeing images anymore when parsed via
MailScanner and possibly also the recipient email address seems missing.
(SpamAssassin itself does score the email.) When I send an image-spam
email focr is reporting this in it's log (focr_verbose 3):

=================
...
2007-01-08 16:03:13 [8243] Starting FuzzyOcr...
2007-01-08 16:03:13 [8243] Processing Message with ID
"<1168268586.46292@spamassassin_spamd_init>"
(ignore@compiling.spamassassin.taint.org -> <no receipients>)
2007-01-08 16:03:13 [8243] Skipping OCR, no image files found...
=================

FuzzyOcr is working when I debug SA like this:

# su postfix -c "spamassassin -D < img_spam_message.txt"

=================
[[[ *** SNIP *** ]]]

2007-01-08 16:13:24 [8292] Starting FuzzyOcr...
2007-01-08 16:13:24 [8292] Processing Message with ID
"<1d4c5901c73306$046ad8c0

[[[ *** SNIP *** ]]]

2007-01-08 16:13:25 [8292] Message is spam, score = 6.000
2007-01-08 16:13:25 [8292] Adding Hash to table: "FuzzyOcr.Hash" with
score "6.000"

[[[ *** SNIP *** ]]]

2007-01-08 16:13:25 [8292] Remove DIR: /tmp/.spamassassin8292LkaP9ztmp
2007-01-08 16:13:25 [8292] FuzzyOcr ending successfully...
2007-01-08 16:13:25 [8292] Processed in 1.209402 sec.
=================

SA lint gives an empty result so the configuration should contain no
errors.

Now, I must have changed something in the configuration because it
worked before but I can't find what it was..
I would appreciate some hints on where to fix this.


Thanks!
Rob

From drew at technologytiger.net  Wed Jan 10 10:36:18 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Wed Jan 10 09:38:12 2007
Subject: Reject bounce email
In-Reply-To: <20070110011844.36102.qmail@web39804.mail.mud.yahoo.com>
References: <20070110011844.36102.qmail@web39804.mail.mud.yahoo.com>
Message-ID: <40106.194.70.180.170.1168421778.squirrel@www.technologytiger.net>

On Wed, January 10, 2007 01:18, anas asree wrote:
> Hi all
>
> Thank you for the responses..but yesterday I used postfix access table
> format to block null sender..
> and it seems that my mail server have not received undelivered mail
> message starting from yesterday..

I would suggest keeping an eye on this and remove the reject block as soon
as you can as it not only breaks RFC compliance but will also mean your
users won't get legitimate bounce notifications.

Drew

From martin.lyberg at gmail.com  Wed Jan 10 11:19:42 2007
From: martin.lyberg at gmail.com (Martin)
Date: Wed Jan 10 10:21:38 2007
Subject: Custom config error
In-Reply-To: <223f97700701080833m6b50ec5dk998315b78c14d5df@mail.gmail.com>
References: <entqe6$4mr$1@sea.gmane.org>
	<223f97700701080833m6b50ec5dk998315b78c14d5df@mail.gmail.com>
Message-ID: <eo2eju$8lf$1@sea.gmane.org>

Glenn Steen wrote:

> Hej Martin,
> 
> This is might be due to the postfix user (that you run MailScanner as)
> not being able to read the MailWatch SQLBlackWhiteList.pm file, so
> check that it can do that... Also, did you remember to set it up
> (MySQL user/password etc)?

Hi Gleen, didn't solve the problem, but i leave it as it is for now. 
Just experimenting with a new box.

Thank you.

/ Martin

From martin.lyberg at gmail.com  Wed Jan 10 11:24:08 2007
From: martin.lyberg at gmail.com (Martin)
Date: Wed Jan 10 10:26:53 2007
Subject: Installation guides
Message-ID: <eo2es8$a82$1@sea.gmane.org>

Are there any guides available for setting up a Mailscanner box with 
Postfix, Clamav, Spamassassin?

I've searched the site but couldn't find any guidance for changing 
Postfix's setting to work with MailScanner. Have i missed something on 
the site?

I already have a debian box with MS, Postfix etc. Now i'm trying to set 
this up on a box with Fedora Core 6 with the RPM-based setup made by Julian.

What guides are you guys following? :)

Thank you

From satya at fsl.com  Wed Jan 10 11:37:31 2007
From: satya at fsl.com (SatyaDev Sharma)
Date: Wed Jan 10 10:39:13 2007
Subject: Installation guides
In-Reply-To: <eo2es8$a82$1@sea.gmane.org>
References: <eo2es8$a82$1@sea.gmane.org>
Message-ID: <8d5fd62c0701100237q4d844636h4be8c4c4e6b6af94@mail.gmail.com>

Yes, you will get here....

http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:installation&s=postfix

http://www.mailscanner.info/install/postfix.shtml

~Satya !

On 1/10/07, Martin <martin.lyberg@gmail.com> wrote:
>
> Are there any guides available for setting up a Mailscanner box with
> Postfix, Clamav, Spamassassin?
>
> I've searched the site but couldn't find any guidance for changing
> Postfix's setting to work with MailScanner. Have i missed something on
> the site?
>
> I already have a debian box with MS, Postfix etc. Now i'm trying to set
> this up on a box with Fedora Core 6 with the RPM-based setup made by
> Julian.
>
> What guides are you guys following? :)
>
> Thank you
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070110/3141f52e/attachment-0001.html
From martinh at solidstatelogic.com  Wed Jan 10 11:38:10 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 10 10:40:21 2007
Subject: Installation guides
In-Reply-To: <eo2es8$a82$1@sea.gmane.org>
Message-ID: <c6470071c654454e99d523089d397df2@solidstatelogic.com>

Use the normal RPM install then..

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
:postfix:installation

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Martin
> Sent: 10 January 2007 10:24
> To: mailscanner@lists.mailscanner.info
> Subject: Installation guides
>
> Are there any guides available for setting up a Mailscanner box with
> Postfix, Clamav, Spamassassin?
>
> I've searched the site but couldn't find any guidance for changing
> Postfix's setting to work with MailScanner. Have i missed something on
> the site?
>
> I already have a debian box with MS, Postfix etc. Now i'm trying to
set
> this up on a box with Fedora Core 6 with the RPM-based setup made by
> Julian.
>
> What guides are you guys following? :)
>
> Thank you
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From glenn.steen at gmail.com  Wed Jan 10 12:31:37 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 10 11:33:19 2007
Subject: Reject bounce email
In-Reply-To: <Pine.LNX.4.64.0701100806200.19943@ebfjryy.nhfvpf.arg>
References: <20070109042610.2649.qmail@web39807.mail.mud.yahoo.com>
	<20070109061338.20A5.GERARD@seibercom.net>
	<Pine.LNX.4.64.0701092138440.17782@ebfjryy.nhfvpf.arg>
	<223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>
	<Pine.LNX.4.64.0701100806200.19943@ebfjryy.nhfvpf.arg>
Message-ID: <223f97700701100331v55331acehb4023fa6876e15d3@mail.gmail.com>

On 09/01/07, Res <res@ausics.net> wrote:
> On Tue, 9 Jan 2007, Glenn Steen wrote:
>
> > On 09/01/07, Res <res@ausics.net> wrote:
> >> On Tue, 9 Jan 2007, Gerard Seibert wrote:
> >>
> >> > If you are using Postfix, please include the output of: postconf -n as
> >>
> >> isn't this more suited to the postfix mailing list, I fail to see what it
> >> has to do with MailScanner.
> >>
> > Well.... In principle you are of course correct Res, but ... I fail to
>
> The problem is, all the OT crap of this list, means those with real
> problems get ignored, the past few months have been hectic for Julian, if
> the list had only 5 posts a day that were only MailScanner related, its
> highly likely he would have had time to read it and help those with
> problems, I'm aware of some that had to wait till he returned.
>
> Noise delays resolutions, I've seen so many knowledgeable people on many
> lists who can help people with problems cease to help because they miss
> the posts because they do a high speed skim becaudse of trash that doesnt
> belong there. For instance one of the Red Hat based lists that I was
> a key contributor once, years later I'm still on the list, but all I do
> these days is hit dddddddddddddddddddddddd -> to the end, the subject
> line display in pine tells me its all noise.
>
> I am the first to admit I have participated in a good deal of the noise,
> but as spare my time is now coming to halt, theres little chance of that
> continuing.
>
> > see how this differs much from the general off-topicness we usually
>
> it doesnt, its all noise
>
> > manage to harbour when it comes to MTA setup/tweaking (and that goes
>
> MTA tweaking with a configuration for MailScanner is of course signal.
> but back chatter and milters is high level noise, they are not caused nor
> introduced by MailScanner and will be there before and if you remove
> MailScanner.
>
As said, I don't think we're that far apart in this... And I'm pretty
certain we'll be "sinners" in this regard... on a more or less regular
basis:-).
'Nuff said, let's not be more OT:-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Wed Jan 10 12:41:52 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 10 11:43:35 2007
Subject: Reject bounce email
In-Reply-To: <20070109174407.B22A.GERARD@seibercom.net>
References: <223f97700701090452j475b1808y4754c578e946e68d@mail.gmail.com>
	<223f97700701090455i1c3286a6ubf94df075563ae8b@mail.gmail.com>
	<20070109174407.B22A.GERARD@seibercom.net>
Message-ID: <223f97700701100341n210da58byec24e5e1036ba3f2@mail.gmail.com>

On 09/01/07, Gerard Seibert <gerard@seibercom.net> wrote:
> On Tuesday January 09, 2007 at 07:55:50 (AM) Glenn Steen wrote:
>
> > On 09/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> > (snip)
> > > (I certainly wouldn't want to
> > > see the complete postconf -n, nor more than a small _relevant_ snippet
> > > of the logs:-) when I read Gerard's mail...
> > Before Greard bashes me over the head with it, I do know that
> > "postconf -n" is usually rather brief, since it is the cousin of
> > "MailScanner --changed" ...:-)
>
> Fear not. I have given up bashing heads as my New Years resolution.
:-) Good to know:-)

> BTW, since I use Postfix, I simply thought that if the OP would (could)
> supply further info I might be able to assist them. I certainly did not
> mean to offend anyone. I only requested the 'postconf -n' output to see
> if there were any obvious errors. The log extract would obviously be
> limited to a small snippet of whatever his reported problem was suppose
> to be.
Nothing hugely wrong with that, on the contrary:-). I think we
(over-)reacted to the phrasing more than anything.
Jules has historically been very forgiving when it comes to things
like this that are ... really OT... but could be construed as
productive/informative and leading to our MailScanner systems working
better as a whole... And I suppose he will continue to do so, unless
he gets a) worse, or b) even more inundated than he's been lately.

> I don't know about others; however, my crystal ball is out of service at
> the present time. Without detailed info all I would be is guess. A feat
> that serves little if any purpose, IMHO.

You got to get someone to service that ASAP, that or get some chicken
wings and a pint or two of goats blood... I hear fish entrails should
be usable too:-D.

Trying to shift this (yet again!) blatantly off-topic message more
on-topic... I'm with Drew here, rejecting everything like that could
get Anan onto some BLs pretty quick... Trying out milter-null (if at
all possible) or doing some semi-intelligent header_checks should be a
far safer route to go.
> Ciao!
>
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From martin.lyberg at gmail.com  Wed Jan 10 13:39:49 2007
From: martin.lyberg at gmail.com (Martin)
Date: Wed Jan 10 12:41:46 2007
Subject: Installation guides
In-Reply-To: <8d5fd62c0701100237q4d844636h4be8c4c4e6b6af94@mail.gmail.com>
References: <eo2es8$a82$1@sea.gmane.org>
	<8d5fd62c0701100237q4d844636h4be8c4c4e6b6af94@mail.gmail.com>
Message-ID: <eo2mql$4h9$1@sea.gmane.org>

SatyaDev Sharma wrote:

> Yes, you will get here....
> 
> http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:installation&s=postfix 
> <http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:installation&s=postfix>
> 
> http://www.mailscanner.info/install/postfix.shtml
> 
> ~Satya !


Oops. Missed to check the wiki. Thank you. :)

/ Martin

From dhawal at netmagicsolutions.com  Wed Jan 10 14:00:22 2007
From: dhawal at netmagicsolutions.com (Dhawal Doshy)
Date: Wed Jan 10 13:02:23 2007
Subject: Feature Request: Header based rules..
Message-ID: <45A4E366.8020503@netmagicsolutions.com>

Hello List,

Any thoughts on adding header based rules? say for example:

spam.check.rules:
header X-MyLocalApp no

OR

virus.scanning.rules:
header X-Cron no

OR
use.spamassassin.rules:
From: mydomain.tld and header X-Auth-MyServer no

If there is sufficient interest, maybe Julian might find the time and 
energy to take it up.

- dhawal
From ssilva at sgvwater.com  Wed Jan 10 17:18:28 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 10 16:20:21 2007
Subject: Ping (is there a list problem?)
In-Reply-To: <40c0956a69b3b97e1a49fd9b2da7df99@infosecsolutions.com.au>
References: <40c0956a69b3b97e1a49fd9b2da7df99@infosecsolutions.com.au>
Message-ID: <eo33kk$l44$1@sea.gmane.org>

Greg Krzeszkowski spake the following on 1/8/2007 2:59 PM:
> haven't seen anything in > 24 hours...
> --------------------------
> Greg Krzeszkowski
> Director, Infrastructure and Applications Development Practice
> InfoSec Solutions
> 0411 154 261
> 
PONG

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From robert.isaac at volvoclub.org.uk  Wed Jan 10 17:26:26 2007
From: robert.isaac at volvoclub.org.uk (Robert Isaac)
Date: Wed Jan 10 16:27:43 2007
Subject: sa-update and MailScanner
In-Reply-To: <45A44520.4060001@chapman.edu>
Message-ID: <007a01c734d4$18b7d380$0300a8c0@250N>

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info 
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
Of Jay Chandler
Sent: 10 January 2007 01:45
To: MailScanner discussion
Subject: Re: sa-update and MailScanner

Alvaro Mar?n wrote:
> Hello,
>
> I've run sa-update on my MailScanner boxes and I see now the new PBL 
> rules in logs:
>
>   
On a tangent, do you have to run sa-update with arguments, or 
merely type it at the command line by itself for it to update correctly?


sa-update -D for a verbose output. You don't need anything more.

Bob


From nerijus at users.sourceforge.net  Wed Jan 10 17:26:10 2007
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Wed Jan 10 16:31:49 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk><200612022342.kB2NgCcf026083@bkserver.blacknight.ie><20061203011931.d29a40c0.michel@mitch-it.nl><45743355.2040006@sendit.nodak.edu><45744FDB.3030307@netmagicsolutions.com><20061204205254.8300B11285@mx-a.vdnet.lt><223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com><20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
Message-ID: <20070110163002.1EE06FF06@mx-a.vdnet.lt>

On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com> wrote:

> I typed a longish reply to this one yesterday, which gmail then
> promptly swallowed:-).
> Oh well.
> 
> The gist of it was "If I get time, I'll look at the code"... and
> "interresting that postcat demangles it correctly (so that the postcat
> of each queue file is ... well, as close to identical as possible)
> ...".

Could you please tell me where to look in the code? As now I have a real
problem - if the last header is "Content-Transfer-Encoding: base64" it becomes
Content-Transfer-Encoding: base64
         190324
and so is interpreted as Content-Transfer-Encoding: base64190324, thus
rendering message unparseable...

Regards,
Nerijus
From martinh at solidstatelogic.com  Wed Jan 10 17:34:45 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 10 16:36:37 2007
Subject: sa-update and MailScanner
In-Reply-To: <007a01c734d4$18b7d380$0300a8c0@250N>
Message-ID: <92194893829a1f44b61fd347aa1ba468@solidstatelogic.com>

Robert

Once you've the default channel defined etc it will work with no
arguments.

From what I remember setting that channel and key in to the config was a
PITA, but it may be a lot better now (I think I first did it in 3.1.3 or
something when Sa-update first started to work properly)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Robert Isaac
> Sent: 10 January 2007 16:26
> To: MailScanner discussion
> Subject: RE: sa-update and MailScanner
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Jay Chandler
> Sent: 10 January 2007 01:45
> To: MailScanner discussion
> Subject: Re: sa-update and MailScanner
>
> Alvaro Mar?n wrote:
> > Hello,
> >
> > I've run sa-update on my MailScanner boxes and I see now the new PBL
> > rules in logs:
> >
> >
> On a tangent, do you have to run sa-update with arguments, or
> merely type it at the command line by itself for it to update
correctly?
>
>
> sa-update -D for a verbose output. You don't need anything more.
>
> Bob
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From gmatt at nerc.ac.uk  Wed Jan 10 17:45:21 2007
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Wed Jan 10 16:47:14 2007
Subject: bug not fixed?
Message-ID: <45A51821.8090109@nerc.ac.uk>

According to the changelog for 4.56.8:

"1 When 'Outgoing Queue Dir' was changed from the default, kicking 
sendmail into attempting delivery of a new processed message in the 
outgoing queue would just wait for the next regular run of the queue. 
Now fixed so that a delivery attempt is made immediately. This fix only 
affects users who have changed the "Outgoing Queue Dir" setting and who 
are also using sendmail as their MTA."

However, I have a ruleset for my outbound queues which splits mail up 
according to destination. It seems that only mail in (default queue) 
qDEFAULT is getting prompt delivery, everything else is not getting any 
attention for up to 40 minutes. The queue runner is set on a 15 minute 
cycle.

MailScanner v4.57.6 and I have this in MailScanner.conf:

Delivery Method = batch

So it looks like MailScanner is not properly asking sendmail for an 
immediate delivery attempt on all the queues but also, the queue runner 
seems to take longer than 15 mins to get around to delivering the queued 
messages.

anyone else seeing this?

GREG
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford


-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From nerijus at users.sourceforge.net  Wed Jan 10 19:27:40 2007
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Wed Jan 10 18:30:05 2007
Subject: Greylisting
Message-ID: <loom.20070110T192647-138@post.gmane.org>

On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com> wrote:

> I typed a longish reply to this one yesterday, which gmail then
> promptly swallowed:-).
> Oh well.
> 
> The gist of it was "If I get time, I'll look at the code"... and
> "interresting that postcat demangles it correctly (so that the postcat
> of each queue file is ... well, as close to identical as possible)
> ...".

Could you please tell me where to look in the code? As now I have a real

problem - if the last header is "Content-Transfer-Encoding: base64" it becomes

Content-Transfer-Encoding: base64

         190324

and so is interpreted as Content-Transfer-Encoding: base64190324, thus

rendering message unparseable...



Regards,

Nerijus

From raymond at prolocation.net  Wed Jan 10 20:54:08 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Wed Jan 10 19:55:50 2007
Subject: Feature Request: Header based rules..
In-Reply-To: <45A4E366.8020503@netmagicsolutions.com>
References: <45A4E366.8020503@netmagicsolutions.com>
Message-ID: <Pine.LNX.4.64.0701102052470.15557@control.prolocation.net>

Hi!

> Any thoughts on adding header based rules? say for example:
>
> spam.check.rules:
> header X-MyLocalApp no
>
> OR
>
> virus.scanning.rules:
> header X-Cron no
>
> OR
> use.spamassassin.rules:
> From: mydomain.tld and header X-Auth-MyServer no

Uh you mean like:

[root@xxx01 rules]# more spam.actions.rules
FromOrTo:  default deliver header "X-Spam-Flag: YES" forward spamtrap@somehost

Bye,
Raymond.
From MailScanner at ecs.soton.ac.uk  Wed Jan 10 21:10:19 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 10 20:16:31 2007
Subject: Feature Request: Header based rules..
In-Reply-To: <45A4E366.8020503@netmagicsolutions.com>
References: <45A4E366.8020503@netmagicsolutions.com>
Message-ID: <45A5482B.7040701@ecs.soton.ac.uk>

That will involve a whole load of work, so is very unlikely to happen.

Dhawal Doshy wrote:
> Hello List,
>
> Any thoughts on adding header based rules? say for example:
>
> spam.check.rules:
> header X-MyLocalApp no
>
> OR
>
> virus.scanning.rules:
> header X-Cron no
>
> OR
> use.spamassassin.rules:
> From: mydomain.tld and header X-Auth-MyServer no
>
> If there is sufficient interest, maybe Julian might find the time and 
> energy to take it up.
>
> - dhawal

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From KLekas at foxriver.com  Wed Jan 10 21:27:01 2007
From: KLekas at foxriver.com (Kosta Lekas)
Date: Wed Jan 10 20:28:46 2007
Subject: spam.whitelist.rules whitelist to:
Message-ID: <8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>

I have some users that do not want to be subject to any sort of spam
filtering what so ever. They would rather put up with the spam then risk
false positives. I am not one to argue with them so I add a "whitelist
to" rule for them in spam.whitelist.rules file. The problem is when spam
comes in addressed to multiple recipients including the "whitelist to"
address, the spam mail gets whitelisted and delivered to all recipients
resulting in complaints form the people who want spam filtering turned
on. Is there any way around this besides removing the "whitelist to"
entry?

 

I am running MailScanner version 4.45.4

Red Hat Enterprise Linux WS release 4

SpamAssassin version 3.1.1

Perl version 5.8.5

 

Any help would be appreciated,

Kosta

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070110/03c3a59e/attachment.html
From mrm at medicine.wisc.edu  Wed Jan 10 21:40:08 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Wed Jan 10 20:42:14 2007
Subject: spam.whitelist.rules whitelist to:
In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>
References: <8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>
Message-ID: <45A4FABF.7FBE.00FC.3@medicine.wisc.edu>

>>> On 1/10/2007 at 2:27 PM, in message
<8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>,
"Kosta Lekas" <KLekas@foxriver.com> wrote:
> I have some users that do not want to be subject to any sort of spam
> filtering what so ever. They would rather put up with the spam then
risk
> false positives. I am not one to argue with them so I add a
"whitelist
> to" rule for them in spam.whitelist.rules file. The problem is when
spam
> comes in addressed to multiple recipients including the "whitelist
to"
> address, the spam mail gets whitelisted and delivered to all
recipients
> resulting in complaints form the people who want spam filtering
turned
> on. Is there any way around this besides removing the "whitelist to"
> entry?


Instead of MS deleting spam, you could flag spam either via some sort
of subject modification, or header modification.   That way each client
can have a filter to do whatever they want with it.    The normal people
can have the spam deleted or put into a folder or whatever, and the
paranoid people can have the email show up with everything else.   
Those people also get the benefit of see'ing just how infrequently false
positives occur, and after a while will probably just start
automatically deleting those flagged emails anyways.   You could take
this one step further and utilize MailScanner high scoring spam actions
to do other things with high scoring spam which I've never seen a FP
occur on, although I've raised the threshold from the default.

Mike
From Denis.Beauchemin at USherbrooke.ca  Wed Jan 10 21:41:20 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Wed Jan 10 20:43:20 2007
Subject: spam.whitelist.rules whitelist to:
In-Reply-To: <8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>
References: <8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>
Message-ID: <45A54F70.2040802@USherbrooke.ca>

Kosta Lekas a ?crit :
>
> I have some users that do not want to be subject to any sort of spam 
> filtering what so ever. They would rather put up with the spam then 
> risk false positives. I am not one to argue with them so I add a 
> ?whitelist to? rule for them in spam.whitelist.rules file. The problem 
> is when spam comes in addressed to multiple recipients including the 
> ?whitelist to? address, the spam mail gets whitelisted and delivered 
> to all recipients resulting in complaints form the people who want 
> spam filtering turned on. Is there any way around this besides 
> removing the ?whitelist to? entry?
>
> I am running MailScanner version 4.45.4
>
> Red Hat Enterprise Linux WS release 4
>
> SpamAssassin version 3.1.1
>
> Perl version 5.8.5
>
> Any help would be appreciated,
>
> Kosta
>
Kosta,

You need to split those messages into individual ones. The following 
links will help you out with Postfix or Sendmail:
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient&s=split
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient&s=split

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070110/4b0123b1/smime.bin
From robert.isaac at volvoclub.org.uk  Wed Jan 10 22:22:26 2007
From: robert.isaac at volvoclub.org.uk (Robert Isaac)
Date: Wed Jan 10 21:23:37 2007
Subject: Installation
Message-ID: <000e01c734fd$6d243c50$0300a8c0@250N>

I used the tar installation package and guide to install MailScanner on
Redhat ES4 that uses sendmail 8.13.1. I read the MS web site guide to
configure sendmail that says:

    drwxr-x---  2 root  bin   62976 Oct 23 16:18 mqueue
    drwxr-x---  2 root  bin   41472 Oct 23 16:18 mqueue.in

Mine is:

    drwx------   2 root   mail   167936 Jan 10 21:03 mqueue
    drwxr-x---   2 root   bin      4096 Jul  5  2005 mqueue.in

Do I need to change this?

Next the guide states:

Currently, your copy of sendmail will be started by a script such as
/etc/init.d/mail or /etc/rc.d/init.d/sendmail. Somewhere in this script will
be the command to start sendmail itself. This should look like this: 

    sendmail -bd -q15m

You should change this to the following two lines: 
    sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly
-OQueueDirectory=/var/spool/mqueue.in
    sendmail -q15m

I cannot find 'sendmail -bd -q15m' in my sendmail file.

So, do these instructions apply to my setup?

Thanks.

___________________________________________________
Robert Isaac
Director/Web Admin
Volvo Owners Club

www.volvoclub.org.uk

Please include all previous text with reply
All messages are scanned with an antivirus scanner.
 


From ssilva at sgvwater.com  Wed Jan 10 23:01:51 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 10 22:03:52 2007
Subject: Installation
In-Reply-To: <000e01c734fd$6d243c50$0300a8c0@250N>
References: <000e01c734fd$6d243c50$0300a8c0@250N>
Message-ID: <eo3noe$8rk$1@sea.gmane.org>

Robert Isaac spake the following on 1/10/2007 1:22 PM:
> I used the tar installation package and guide to install MailScanner on
> Redhat ES4 that uses sendmail 8.13.1. I read the MS web site guide to
> configure sendmail that says:
> 
>     drwxr-x---  2 root  bin   62976 Oct 23 16:18 mqueue
>     drwxr-x---  2 root  bin   41472 Oct 23 16:18 mqueue.in
> 
> Mine is:
> 
>     drwx------   2 root   mail   167936 Jan 10 21:03 mqueue
>     drwxr-x---   2 root   bin      4096 Jul  5  2005 mqueue.in
> 
> Do I need to change this?
> 
> Next the guide states:
> 
> Currently, your copy of sendmail will be started by a script such as
> /etc/init.d/mail or /etc/rc.d/init.d/sendmail. Somewhere in this script will
> be the command to start sendmail itself. This should look like this: 
> 
>     sendmail -bd -q15m
> 
> You should change this to the following two lines: 
>     sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly
> -OQueueDirectory=/var/spool/mqueue.in
>     sendmail -q15m
> 
> I cannot find 'sendmail -bd -q15m' in my sendmail file.
> 
> So, do these instructions apply to my setup?
> 
> Thanks.
Is there a specific reason you want to use the tarball install?
The rpm based install will do so many more steps for you. It will leave you
with a almost ready to run install, ready for you to tweak and adjust. And you
will have the side benefit of the rest of your rpm system not breaking any of
your perl stuff.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From paul at welshfamily.com  Wed Jan 10 23:58:42 2007
From: paul at welshfamily.com (Paul Welsh)
Date: Wed Jan 10 23:00:59 2007
Subject: SpamAssassin timed out and was killed
In-Reply-To: <2BD3058086A2A44896622E7CB3720BC2AFBB70@DRIFTWOOD.corporate.paccoast.com>
Message-ID: <200701102300.l0AN0vH6010248@safir.blacknight.ie>

Hi Everyone

I've been getting this old chestnut all day today.  The time outs are pretty
regular; every 5 minutes, but a lot of spam is still getting tagged.

I've restarted named.

I've checked that I can dig without it taking a long time.

Is a reboot in order?  Here's a sample of the MailScanner output:


Jan 10 22:38:08 mail MailScanner[12885]: Message 1H4m54-0005Kd-9J from
195.62.194.7 (kucuk@musicalministry.com) to welshfamily.com is spam,
SpamAssassin (not cached, score=12.087, required 6, RCVD_IN_BL_SPAMCOP_NET
4.00, URIBL_BLACK 4.00, URIBL_JP_SURBL 4.09)
Jan 10 22:38:08 mail MailScanner[12885]: Spam Checks: Found 1 spam messages
Jan 10 22:38:08 mail MailScanner[12885]: Spam Actions: message
1H4m54-0005Kd-9J actions are delete
Jan 10 22:38:08 mail MailScanner[12885]: Virus and Content Scanning:
Starting
Jan 10 22:38:19 mail MailScanner[12885]: New Batch: Found 6 messages waiting
Jan 10 22:38:19 mail MailScanner[12885]: New Batch: Scanning 2 messages,
22446 bytes
Jan 10 22:38:19 mail MailScanner[12885]: Spam Checks: Starting
Jan 10 22:38:25 mail MailScanner[8161]: SpamAssassin timed out and was
killed, failure 0 of 10
Jan 10 22:38:27 mail MailScanner[6464]: Message 1H4m56-0005Kk-JA from
193.111.201.133 (reference_id_717731691ib@barclays.com) to welshfamily.com
is spam, SpamAssassin (not cached, score=30.303, required 6, autolearn=spam,
BAYES_99 5.00, FORGED_RCVD_HELO 2.00, FROM_HAS_ULINE_NUMS 0.29, HTML_30_40
0.37, HTML_FONT_LOW_CONTRAST 0.19, HTML_IMAGE_ONLY_12 1.87, HTML_MESSAGE
0.00, HTML_SHORT_LINK_IMG_2 1.58, INVALID_DATE 2.19, MIME_HTML_ONLY 0.00,
RCVD_IN_NJABL_DUL 3.00, RCVD_IN_SORBS_DUL 3.00, URIBL_BLACK 4.00,
URIBL_OB_SURBL 4.00, URIBL_PH_SURBL 2.80)

From mkettler at evi-inc.com  Thu Jan 11 00:11:20 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jan 10 23:13:33 2007
Subject: SpamAssassin timed out and was killed
In-Reply-To: <200701102300.l0AN0vH6010248@safir.blacknight.ie>
References: <200701102300.l0AN0vH6010248@safir.blacknight.ie>
Message-ID: <45A57298.3060005@evi-inc.com>

Paul Welsh wrote:
> Hi Everyone
> 
> I've been getting this old chestnut all day today.  The time outs are pretty
> regular; every 5 minutes, but a lot of spam is still getting tagged.
> 
> I've restarted named.
> 
> I've checked that I can dig without it taking a long time.

Do you use bayes? If so, this is a common problem. SA is busy doing bayes
cleanup chores (expiring old tokens), and MS thinks it's hung up.

either:
1) change your SA timeout to something on the order of 3 hours

2) or do both of the following:
-add bayes_auto_expire 0 to your /etc/mail/spamassassin/mailscanner.cf
-create a cron-job to run sa-learn --force-expire as a user that has your same
bayes database access.

Or both.

Personally, I do both.

I do 1) because I've *never* had a spamassassin instance get hung up, ever. But
I've had lots of situations where MS killed it errantly. So, to me the timeout
here has proven itself occasionally troublesome, but not yet proven itself
useful. That said, I do still keep it enabled so should one ever actually hang
up it will eventually be detected.

I do 2) so I can have control over when the bayes expire run happens. This is a
good thing to run in off-hours because it is kind of disk i/o intensive.

From michele at blacknight.ie  Thu Jan 11 00:16:15 2007
From: michele at blacknight.ie (Michele Neylon :: Blacknight)
Date: Wed Jan 10 23:18:03 2007
Subject: SpamAssassin timed out and was killed
In-Reply-To: <200701102300.l0AN0vH6010248@safir.blacknight.ie>
References: <200701102300.l0AN0vH6010248@safir.blacknight.ie>
Message-ID: <45A573BF.3090409@blacknight.ie>

Paul Welsh wrote:
> Hi Everyone
> 
> I've been getting this old chestnut all day today.  The time outs are pretty
> regular; every 5 minutes, but a lot of spam is still getting tagged.
> 
> I've restarted named.
> 
> I've checked that I can dig without it taking a long time.
> 
> Is a reboot in order?  Here's a sample of the MailScanner output:
> 

Check your timeout settings ....


-- 
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.ie/
http://blog.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Fax. +353 (0) 59  9164239
From pravin.rane at gmail.com  Thu Jan 11 07:19:15 2007
From: pravin.rane at gmail.com (Pravin Rane)
Date: Thu Jan 11 06:21:01 2007
Subject: Spamassassin Advance Settings
Message-ID: <13c021a90701102219i40a0ac62lb9278729d85fe84e@mail.gmail.com>

I bit confused with following parameters in MailScanner.conf

SpamAssassin Site Rules Dir=
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir =


My spamassassin is installed at /etc/mail/spamassassin/
RulesDuJour is installed at /etc/mail/spamassassin/RulesDuJour
sa update rules are located at /var/lib/spamassassin/3.001003    &
/var/lib/spamassassin/3.001007

What would be the values for above mailscanner parameters?
-- 
Regards

Pravin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070111/3e7f360f/attachment.html
From dhawal at netmagicsolutions.com  Thu Jan 11 08:15:15 2007
From: dhawal at netmagicsolutions.com (Dhawal Doshy)
Date: Thu Jan 11 07:17:19 2007
Subject: Feature Request: Header based rules..
In-Reply-To: <Pine.LNX.4.64.0701102052470.15557@control.prolocation.net>
References: <45A4E366.8020503@netmagicsolutions.com>
	<Pine.LNX.4.64.0701102052470.15557@control.prolocation.net>
Message-ID: <45A5E403.6030705@netmagicsolutions.com>

Raymond Dijkxhoorn wrote:
> Hi!
> 
>> Any thoughts on adding header based rules? say for example:
>>
>> spam.check.rules:
>> header X-MyLocalApp no
>>
>> OR
>>
>> virus.scanning.rules:
>> header X-Cron no
>>
>> OR
>> use.spamassassin.rules:
>> From: mydomain.tld and header X-Auth-MyServer no
> 
> Uh you mean like:
> 
> [root@xxx01 rules]# more spam.actions.rules
> FromOrTo:  default deliver header "X-Spam-Flag: YES" forward 
> spamtrap@somehost

no.. i meant evaluating headers for rules (not adding them)..
From res at ausics.net  Thu Jan 11 08:35:21 2007
From: res at ausics.net (Res)
Date: Thu Jan 11 07:37:19 2007
Subject: Scan Messages = no
Message-ID: <Pine.LNX.4.64.0701111726240.18520@ebfjryy.nhfvpf.arg>

Jules,
When you get a sec, not important, but can you confirm the code as below 
still does as per the comments?

I disabled this option to allow a new mailing list user to update a few 
things, and although there was no spam tests etc, anti virus continues to 
scan although it doesnt add in the header that it has, I had to 
explicitly set Virus Scanning = no  for it to stop scanning.


# If this is set to no, then email messages will NOT be processed or
# checked *at all*, and so any viruses or other problems will be ignored.
#
Scan Messages = no



-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From jonas at vrt.dk  Thu Jan 11 10:10:29 2007
From: jonas at vrt.dk (jonas@vrt.dk)
Date: Thu Jan 11 09:12:37 2007
Subject: Distributed setup with realtime failover/balancing
Message-ID: <001901c73560$627de9a0$7264a8c0@acer57dbddb911>

Hi all

 

I am currently running a MAilscanner/mailwatch system on a single server
which works perfect.

 

I however have the need to make my setup distributed, for me meaning the
following.

 

I need a 2 node distributed system. Where I have 2 smtp servers(exim), 2
mailscanners, 2 mailwatch interfaces and 1 distributed mysql database.

 

I plan on using ultramonkey (http://www.ultramonkey.org
<http://www.ultramonkey.org/>  ) to setup load balancing and failover. It
uses LVS and heartbeat to do that.

 

I have the mysql problem pretty well figured out. I?m gonna run a so called
master-master replication between the 2 servers. Meaning any change in the
tables will be instantly replicated to the other server, so should one go
down the chance of data loss is very slim.

 

Regarding the quarantine I also need some more or less complex solution,
since I don?t want to use local quarantine directories for each server. The
reason is that I do NOT want a local quarantine directory on each server. I
do not want that because then I do not have access to release mails
quarantined by the server that is down (Even if if setup some rsync script
it isn?t real-time so data loss is very likely) There for I plan on using a
system like drbd (http://www.drbd.org/ ) or another similar distributed file
system. That means you get a so called ?network raid mirror? where all disk
io is replicated across a network so if 1 server fails all data is still
accessible on the other machine. This would enable me to never loose the
ability to release quarantined mails.

 

What I am looking for is comments from fellow mailscanner/ mailwatch users
regarding this solution. Is it a dumb way to do it? Are there better ways to
archive the whole thing, or part of it?

 

I hope somebody has some input.

 

Med venlig hilsen / Best regards

 

Jonas Akrouh Larsen

 

TechBiz ApS

Laplandsgade 4, 2. sal

1067 K?benhavn K

 

Office: 7020 0979

Direct: 33369974

Fax:    7020 0978

Mobile: 51201096

Web:  <http://www.techbiz.dk/> www.techbiz.dk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070111/697e5ea1/attachment.html
From MailScanner at ecs.soton.ac.uk  Thu Jan 11 10:22:21 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 11 09:27:50 2007
Subject: spam.whitelist.rules whitelist to:
In-Reply-To: <45A4FABF.7FBE.00FC.3@medicine.wisc.edu>
References: <8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>
	<45A4FABF.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <45A601CD.7000909@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Michael Masse wrote:
>>>> On 1/10/2007 at 2:27 PM, in message
>>>>         
> <8D8A77DC1FA09546936E74FC3EEC627AD40B93@FREXGENEVA-01.frfr.foxriver.com>,
> "Kosta Lekas" <KLekas@foxriver.com> wrote:
>   
>> I have some users that do not want to be subject to any sort of spam
>> filtering what so ever. They would rather put up with the spam then
>>     
> risk
>   
>> false positives. I am not one to argue with them so I add a
>>     
> "whitelist
>   
>> to" rule for them in spam.whitelist.rules file. The problem is when
>>     
> spam
>   
>> comes in addressed to multiple recipients including the "whitelist
>>     
> to"
>   
>> address, the spam mail gets whitelisted and delivered to all
>>     
> recipients
>   
>> resulting in complaints form the people who want spam filtering
>>     
> turned
>   
>> on. Is there any way around this besides removing the "whitelist to"
>> entry?
>>     
>
>
> Instead of MS deleting spam, you could flag spam either via some sort
> of subject modification, or header modification.   That way each client
> can have a filter to do whatever they want with it.    The normal people
> can have the spam deleted or put into a folder or whatever, and the
> paranoid people can have the email show up with everything else.   
> Those people also get the benefit of see'ing just how infrequently false
> positives occur, and after a while will probably just start
> automatically deleting those flagged emails anyways.   You could take
> this one step further and utilize MailScanner high scoring spam actions
> to do other things with high scoring spam which I've never seen a FP
> occur on, although I've raised the threshold from the default.
>   
If you use the extra added headers supplied in the default 
MailScanner.conf file, then Thunderbird (at least) can be set to use 
these headers to automatically move these messages into your "Junk" 
folder. Just set Thunderbird to use the SpamAssassin headers, and it 
will work great with MailScanner.

> Mike
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFpgKKEfZZRxQVtlQRArCEAKD9ueIrWXGuQH5c+5n3VQ2/3Qv2oQCdHewM
XxaCl7zP6cGQk66EptG9160=
=IVAZ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From matt at coders.co.uk  Thu Jan 11 10:38:33 2007
From: matt at coders.co.uk (Matt Hampton)
Date: Thu Jan 11 09:40:37 2007
Subject: Distributed setup with realtime failover/balancing
In-Reply-To: <001901c73560$627de9a0$7264a8c0@acer57dbddb911>
References: <001901c73560$627de9a0$7264a8c0@acer57dbddb911>
Message-ID: <45A60599.3080708@coders.co.uk>

jonas@vrt.dk wrote:

> I plan on using ultramonkey (http://www.ultramonkey.org
> <http://www.ultramonkey.org/> ) to setup load balancing and failover. It
> uses LVS and heartbeat to do that.
> 

This is over kill!

For inbound email:

	mydomain.com IN MX 5 my.mail.server.mydomain.com


	my.mail.server.mydomain.com 2 IN A 1.2.3.4
	my.mail.server.mydomain.com 2 IN A 1.2.3.5

This works fine - causes the load balancing to be done a protocol level
and in the event of a failure will automatically failover to the other
box.  Worse case scenario is badly configured remote servers will wait
for "retry interval" minutes before delivering to the other server.



For outbound email - reading between the lines it looks like you don't
host the email on the same box as the mailscanner systems.  Depending on
you back end systems you should be able to do the same by setting a
smart host which resolves to both servers.

matt




From ram at netcore.co.in  Thu Jan 11 10:39:10 2007
From: ram at netcore.co.in (Ramprasad)
Date: Thu Jan 11 09:41:09 2007
Subject: blacklists domain hangs mailscanner
Message-ID: <1168508350.27040.79.camel@darkstar.netcore.co.in>

Hi

 I am using MS 4.50 on Centos
to implement blacklists I use in Mailscanner.conf 


Is Definitely Spam = %rules-dir%/spam.blacklist.rules


The file contains

---------------
From: 4-c.de and To: netcore.co.in yes
FromOrTo: default no
--------------------

If I restart Mailscanner , mailscanner processes go defunct. 
In debug mode 

I can see  Mailscanner dies with message like 
 MailScanner:       In Debugging mode, not forking...
 at /usr/lib/MailScanner/MailScanner/Config.pm line 1890


Strange thing , 4-c.de doesnt work. But 4-c.com works fine




Thanks
Ram







From hansklose at gmx.de  Thu Jan 11 10:40:12 2007
From: hansklose at gmx.de (Hans Klose)
Date: Thu Jan 11 09:41:58 2007
Subject: Mailscanner plugins
Message-ID: <20070111094012.140170@gmx.net>

Hi 

I'm new to mailscanner. Can i write a plugin that changes 
the configuration or behaviour from mailscanner?

I need a funktion that ask a LDAP server for a parameter
an add (or do not) a custom "Inline HTML Signature" in the 
language configured in the LDAP.

So I want to set the parameter 
"Inline Text Signature = %report-dir%/inline.sig.txt"
and 
"Sign Clean Messages = no/yes"

Is that possible?

Thanks Hans

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
From martinh at solidstatelogic.com  Thu Jan 11 10:44:21 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan 11 09:46:40 2007
Subject: blacklists domain hangs mailscanner
In-Reply-To: <1168508350.27040.79.camel@darkstar.netcore.co.in>
Message-ID: <bcef8f7613640b47bc0379be373ded70@solidstatelogic.com>

Ram

Can you test this on the latest beta?

If it's still problem let us know and I'll test here and nudge Jules as
well.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Ramprasad
> Sent: 11 January 2007 09:39
> To: MailScanner discussion
> Subject: blacklists domain hangs mailscanner
>
> Hi
>
>  I am using MS 4.50 on Centos
> to implement blacklists I use in Mailscanner.conf
>
>
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
>
>
> The file contains
>
> ---------------
> From: 4-c.de and To: netcore.co.in yes
> FromOrTo: default no
> --------------------
>
> If I restart Mailscanner , mailscanner processes go defunct.
> In debug mode
>
> I can see  Mailscanner dies with message like
>  MailScanner:       In Debugging mode, not forking...
>  at /usr/lib/MailScanner/MailScanner/Config.pm line 1890
>
>
> Strange thing , 4-c.de doesnt work. But 4-c.com works fine
>
>
>
>
> Thanks
> Ram
>
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From martinh at solidstatelogic.com  Thu Jan 11 10:47:44 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan 11 09:49:39 2007
Subject: Mailscanner plugins
In-Reply-To: <20070111094012.140170@gmx.net>
Message-ID: <3162e0c37df14f43bd724cdb7981cf1f@solidstatelogic.com>

Hans

This has just been added in the latest beta...perhaps you'd like to try
it, there's an example use of this included as well.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> Sent: 11 January 2007 09:40
> To: mailscanner@lists.mailscanner.info
> Subject: Mailscanner plugins
>
> Hi
>
> I'm new to mailscanner. Can i write a plugin that changes
> the configuration or behaviour from mailscanner?
>
> I need a funktion that ask a LDAP server for a parameter
> an add (or do not) a custom "Inline HTML Signature" in the
> language configured in the LDAP.
>
> So I want to set the parameter
> "Inline Text Signature = %report-dir%/inline.sig.txt"
> and
> "Sign Clean Messages = no/yes"
>
> Is that possible?
>
> Thanks Hans
>
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From jonas at vrt.dk  Thu Jan 11 11:00:45 2007
From: jonas at vrt.dk (jonas@vrt.dk)
Date: Thu Jan 11 10:02:54 2007
Subject: Distributed setup with realtime failover/balancing
In-Reply-To: <45A60599.3080708@coders.co.uk>
Message-ID: <005001c73567$6874fef0$7264a8c0@acer57dbddb911>

> This is over kill!
> 
> For inbound email:
> 
> 	mydomain.com IN MX 5 my.mail.server.mydomain.com
> 
> 
> 	my.mail.server.mydomain.com 2 IN A 1.2.3.4
> 	my.mail.server.mydomain.com 2 IN A 1.2.3.5
> 
> This works fine - causes the load balancing to be done a protocol level
> and in the event of a failure will automatically failover to the other
> box.  Worse case scenario is badly configured remote servers will wait
> for "retry interval" minutes before delivering to the other server.
> 
> 
Hmm well it might be overkill, but definitely not for the above reason. Your
describing the normal basic smtp loadbalancing/failover that mx records
provides, which is fine. The problem is in a mailscanner/mailwatch setup
there are more components than simply the smtp incbound traffic. After a
remote server have send a mail to either of the mx records, the mail is
stored temporary on one of the boxes, if that box goes down, that mail and
any mail quarantined on the box is unavailable to users. Which is not
acceptable.

Best regards
Jonas Larsen

From ms-list at alexb.ch  Thu Jan 11 11:01:17 2007
From: ms-list at alexb.ch (Alex Broens)
Date: Thu Jan 11 10:03:12 2007
Subject: Distributed setup with realtime failover/balancing
In-Reply-To: <001901c73560$627de9a0$7264a8c0@acer57dbddb911>
References: <001901c73560$627de9a0$7264a8c0@acer57dbddb911>
Message-ID: <45A60AED.70708@alexb.ch>

On 1/11/2007 10:10 AM, jonas@vrt.dk wrote:
> Hi all
> 
>  
> 
> I am currently running a MAilscanner/mailwatch system on a single server
> which works perfect.
> 
>  
> 
> I however have the need to make my setup distributed, for me meaning the
> following.
> 
>  
> 
> I need a 2 node distributed system. Where I have 2 smtp servers(exim), 2
> mailscanners, 2 mailwatch interfaces and 1 distributed mysql database.
> 
>  
> 
> I plan on using ultramonkey (http://www.ultramonkey.org
> <http://www.ultramonkey.org/>  ) to setup load balancing and failover. It
> uses LVS and heartbeat to do that.
> 
>  
> 
> I have the mysql problem pretty well figured out. I?m gonna run a so called
> master-master replication between the 2 servers. Meaning any change in the
> tables will be instantly replicated to the other server, so should one go
> down the chance of data loss is very slim.
> 
>  
> 
> Regarding the quarantine I also need some more or less complex solution,
> since I don?t want to use local quarantine directories for each server. The
> reason is that I do NOT want a local quarantine directory on each server. I
> do not want that because then I do not have access to release mails
> quarantined by the server that is down (Even if if setup some rsync script
> it isn?t real-time so data loss is very likely) There for I plan on using a
> system like drbd (http://www.drbd.org/ ) or another similar distributed file
> system. That means you get a so called ?network raid mirror? where all disk
> io is replicated across a network so if 1 server fails all data is still
> accessible on the other machine. This would enable me to never loose the
> ability to release quarantined mails.
> 
>  
> 
> What I am looking for is comments from fellow mailscanner/ mailwatch users
> regarding this solution. Is it a dumb way to do it? Are there better ways to
> archive the whole thing, or part of it?
> 
>  
> 
> I hope somebody has some input.
> 

Whatever, in a master/master mysql setup do not replicate mysql based 
bayes.  Conflicts show up real fast and it will stop all your replication.

Alex


From glenn.steen at gmail.com  Thu Jan 11 11:20:53 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 11 10:22:41 2007
Subject: Distributed setup with realtime failover/balancing
In-Reply-To: <45A60AED.70708@alexb.ch>
References: <001901c73560$627de9a0$7264a8c0@acer57dbddb911>
	<45A60AED.70708@alexb.ch>
Message-ID: <223f97700701110220l7a0100a6ye492bf98088d6702@mail.gmail.com>

On 11/01/07, Alex Broens <ms-list@alexb.ch> wrote:
> On 1/11/2007 10:10 AM, jonas@vrt.dk wrote:
> > Hi all
> >
> >
> >
> > I am currently running a MAilscanner/mailwatch system on a single server
> > which works perfect.
> >
> >
> >
> > I however have the need to make my setup distributed, for me meaning the
> > following.
> >
> >
> >
> > I need a 2 node distributed system. Where I have 2 smtp servers(exim), 2
> > mailscanners, 2 mailwatch interfaces and 1 distributed mysql database.
> >
> >
> >
> > I plan on using ultramonkey (http://www.ultramonkey.org
> > <http://www.ultramonkey.org/>  ) to setup load balancing and failover. It
> > uses LVS and heartbeat to do that.
> >
> >
> >
> > I have the mysql problem pretty well figured out. I'm gonna run a so called
> > master-master replication between the 2 servers. Meaning any change in the
> > tables will be instantly replicated to the other server, so should one go
> > down the chance of data loss is very slim.
> >
> >
> >
> > Regarding the quarantine I also need some more or less complex solution,
> > since I don't want to use local quarantine directories for each server. The
> > reason is that I do NOT want a local quarantine directory on each server. I
> > do not want that because then I do not have access to release mails
> > quarantined by the server that is down (Even if if setup some rsync script
> > it isn't real-time so data loss is very likely) There for I plan on using a
> > system like drbd (http://www.drbd.org/ ) or another similar distributed file
> > system. That means you get a so called "network raid mirror" where all disk
> > io is replicated across a network so if 1 server fails all data is still
> > accessible on the other machine. This would enable me to never loose the
> > ability to release quarantined mails.
> >
> >
> >
> > What I am looking for is comments from fellow mailscanner/ mailwatch users
> > regarding this solution. Is it a dumb way to do it? Are there better ways to
> > archive the whole thing, or part of it?
> >
> >
> >
> > I hope somebody has some input.
> >
>
> Whatever, in a master/master mysql setup do not replicate mysql based
> bayes.  Conflicts show up real fast and it will stop all your replication.
>
> Alex
>
Yes, I think Alex is on to the Right Way of it here... You will have
to think long and hard on how to keep things (configs, quarantine etc)
_separate_ in a distributed manner, and what not, for this to be
really usable.

Re: the quarantine, putting all eggs in one basket you run the risk of
id duplication between the systems, with unfortunate effects as a
given result, as well as contending (just a bit) with xml-rpc (since
the database record will reflect what machine FQDN handled the
message, that name/IP has to be there in the failed-over state).

Other than that... you should be fine:-). Seems like a lot of work though:-D
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From steve.freegard at fsl.com  Thu Jan 11 11:28:22 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Thu Jan 11 10:30:12 2007
Subject: blacklists domain hangs mailscanner
In-Reply-To: <1168508350.27040.79.camel@darkstar.netcore.co.in>
References: <1168508350.27040.79.camel@darkstar.netcore.co.in>
Message-ID: <45A61146.7000101@fsl.com>

Ramprasad wrote:
> Hi
> 
>  I am using MS 4.50 on Centos
> to implement blacklists I use in Mailscanner.conf 
> 
> 
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
> 
> 
> The file contains
> 
> ---------------
> From: 4-c.de and To: netcore.co.in yes
> FromOrTo: default no
> --------------------
> 
> If I restart Mailscanner , mailscanner processes go defunct. 
> In debug mode 
> 
> I can see  Mailscanner dies with message like 
>  MailScanner:       In Debugging mode, not forking...
>  at /usr/lib/MailScanner/MailScanner/Config.pm line 1890
> 
> 
> Strange thing , 4-c.de doesnt work. But 4-c.com works fine
> 

I've seen this too recently (on .be domains) and have been meaning to 
test on the latest beta.

The reason this happens is because 4-c.de is in range [a-f][A-F][0-9] 
and therefore the ruleset compiler treats the domain as an IPv6 address 
which then causes a regexp error in that block of code.

I'll try and test this later on the current Beta and will report back.

Cheers,
Steve.
From res at ausics.net  Thu Jan 11 11:44:36 2007
From: res at ausics.net (Res)
Date: Thu Jan 11 10:46:40 2007
Subject: blacklists domain hangs mailscanner
In-Reply-To: <45A61146.7000101@fsl.com>
References: <1168508350.27040.79.camel@darkstar.netcore.co.in>
	<45A61146.7000101@fsl.com>
Message-ID: <Pine.LNX.4.64.0701112042430.32574@ebfjryy.nhfvpf.arg>

On Thu, 11 Jan 2007, Steve Freegard wrote:

>> ---------------
>> From: 4-c.de and To: netcore.co.in yes
>> FromOrTo: default no
>> --------------------
>> 
>> Strange thing , 4-c.de doesnt work. But 4-c.com works fine

;; ANSWER SECTION:
4-c.de.                 3600    IN      SOA     4-c.de. root.4-c.de.4-c.de.
2003050707 21600 3600 3600000 86400

Maybe they need to get a competant person to configure their DNS as well


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From hansklose at gmx.de  Thu Jan 11 12:01:28 2007
From: hansklose at gmx.de (Hans Klose)
Date: Thu Jan 11 11:03:17 2007
Subject: Mailscanner plugins
In-Reply-To: <3162e0c37df14f43bd724cdb7981cf1f@solidstatelogic.com>
References: <3162e0c37df14f43bd724cdb7981cf1f@solidstatelogic.com>
Message-ID: <20070111110128.140170@gmx.net>

Is there a Roadmap when this will be released?

Thanks Elmar

-------- Original-Nachricht --------
Datum: Thu, 11 Jan 2007 09:47:44 +0000
Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Betreff: RE: Mailscanner plugins

> Hans
> 
> This has just been added in the latest beta...perhaps you'd like to try
> it, there's an example use of this included as well.
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > Sent: 11 January 2007 09:40
> > To: mailscanner@lists.mailscanner.info
> > Subject: Mailscanner plugins
> >
> > Hi
> >
> > I'm new to mailscanner. Can i write a plugin that changes
> > the configuration or behaviour from mailscanner?
> >
> > I need a funktion that ask a LDAP server for a parameter
> > an add (or do not) a custom "Inline HTML Signature" in the
> > language configured in the LDAP.
> >
> > So I want to set the parameter
> > "Inline Text Signature = %report-dir%/inline.sig.txt"
> > and
> > "Sign Clean Messages = no/yes"
> >
> > Is that possible?
> >
> > Thanks Hans
> >
> > --
> > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
> 
> **********************************************************************
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
From martinh at solidstatelogic.com  Thu Jan 11 12:06:58 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan 11 11:09:05 2007
Subject: Mailscanner plugins
In-Reply-To: <20070111110128.140170@gmx.net>
Message-ID: <6849dbe6a972254d916195adffbaceaa@solidstatelogic.com>

Hans

Prob end of the month, but may be end of Feb depending on the lead
developers schedule.

Try the beta, I'm running it and it's quite stable AFAIK.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> Sent: 11 January 2007 11:01
> To: MailScanner discussion
> Subject: Re: RE: Mailscanner plugins
>
> Is there a Roadmap when this will be released?
>
> Thanks Elmar
>
> -------- Original-Nachricht --------
> Datum: Thu, 11 Jan 2007 09:47:44 +0000
> Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
> An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Betreff: RE: Mailscanner plugins
>
> > Hans
> >
> > This has just been added in the latest beta...perhaps you'd like to
try
> > it, there's an example use of this included as well.
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > > Sent: 11 January 2007 09:40
> > > To: mailscanner@lists.mailscanner.info
> > > Subject: Mailscanner plugins
> > >
> > > Hi
> > >
> > > I'm new to mailscanner. Can i write a plugin that changes
> > > the configuration or behaviour from mailscanner?
> > >
> > > I need a funktion that ask a LDAP server for a parameter
> > > an add (or do not) a custom "Inline HTML Signature" in the
> > > language configured in the LDAP.
> > >
> > > So I want to set the parameter
> > > "Inline Text Signature = %report-dir%/inline.sig.txt"
> > > and
> > > "Sign Clean Messages = no/yes"
> > >
> > > Is that possible?
> > >
> > > Thanks Hans
> > >
> > > --
> > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > > --
> > > MailScanner mailing list
> > > mailscanner@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> >
> >
> >
> >
**********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> >
**********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From hansklose at gmx.de  Thu Jan 11 12:23:18 2007
From: hansklose at gmx.de (Hans Klose)
Date: Thu Jan 11 11:25:04 2007
Subject: Mailscanner plugins
In-Reply-To: <6849dbe6a972254d916195adffbaceaa@solidstatelogic.com>
References: <6849dbe6a972254d916195adffbaceaa@solidstatelogic.com>
Message-ID: <20070111112318.140180@gmx.net>

Is it possible to use only the DavidHooton.pm
in the stable version?

Thanks Elmar

-------- Original-Nachricht --------
Datum: Thu, 11 Jan 2007 11:06:58 +0000
Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Betreff: RE: RE: Mailscanner plugins

> Hans
> 
> Prob end of the month, but may be end of Feb depending on the lead
> developers schedule.
> 
> Try the beta, I'm running it and it's quite stable AFAIK.
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > Sent: 11 January 2007 11:01
> > To: MailScanner discussion
> > Subject: Re: RE: Mailscanner plugins
> >
> > Is there a Roadmap when this will be released?
> >
> > Thanks Elmar
> >
> > -------- Original-Nachricht --------
> > Datum: Thu, 11 Jan 2007 09:47:44 +0000
> > Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
> > An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > Betreff: RE: Mailscanner plugins
> >
> > > Hans
> > >
> > > This has just been added in the latest beta...perhaps you'd like to
> try
> > > it, there's an example use of this included as well.
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> > > > -----Original Message-----
> > > > From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-
> > > > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > > > Sent: 11 January 2007 09:40
> > > > To: mailscanner@lists.mailscanner.info
> > > > Subject: Mailscanner plugins
> > > >
> > > > Hi
> > > >
> > > > I'm new to mailscanner. Can i write a plugin that changes
> > > > the configuration or behaviour from mailscanner?
> > > >
> > > > I need a funktion that ask a LDAP server for a parameter
> > > > an add (or do not) a custom "Inline HTML Signature" in the
> > > > language configured in the LDAP.
> > > >
> > > > So I want to set the parameter
> > > > "Inline Text Signature = %report-dir%/inline.sig.txt"
> > > > and
> > > > "Sign Clean Messages = no/yes"
> > > >
> > > > Is that possible?
> > > >
> > > > Thanks Hans
> > > >
> > > > --
> > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > > > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > > > --
> > > > MailScanner mailing list
> > > > mailscanner@lists.mailscanner.info
> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > >
> > > > Before posting, read http://wiki.mailscanner.info/posting
> > > >
> > > > Support MailScanner development - buy the book off the website!
> > >
> > >
> > >
> > >
> > >
> **********************************************************************
> > >
> > > This email and any files transmitted with it are confidential and
> > > intended solely for the use of the individual or entity to whom they
> > > are addressed. If you have received this email in error please
> notify
> > > the system manager.
> > >
> > > This footnote confirms that this email message has been swept
> > > for the presence of computer viruses and is believed to be clean.
> > >
> > >
> **********************************************************************
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
> 
> **********************************************************************
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
From martinh at solidstatelogic.com  Thu Jan 11 12:42:26 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan 11 11:44:31 2007
Subject: Mailscanner plugins
In-Reply-To: <20070111112318.140180@gmx.net>
Message-ID: <0af3e1d6a971a7469a9375faaab4ac89@solidstatelogic.com>

Elmar

I wouldn't have thought so..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> Sent: 11 January 2007 11:23
> To: MailScanner discussion
> Subject: Re: RE: Mailscanner plugins
>
> Is it possible to use only the DavidHooton.pm
> in the stable version?
>
> Thanks Elmar
>
> -------- Original-Nachricht --------
> Datum: Thu, 11 Jan 2007 11:06:58 +0000
> Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
> An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Betreff: RE: RE: Mailscanner plugins
>
> > Hans
> >
> > Prob end of the month, but may be end of Feb depending on the lead
> > developers schedule.
> >
> > Try the beta, I'm running it and it's quite stable AFAIK.
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> > > -----Original Message-----
> > > From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> > > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > > Sent: 11 January 2007 11:01
> > > To: MailScanner discussion
> > > Subject: Re: RE: Mailscanner plugins
> > >
> > > Is there a Roadmap when this will be released?
> > >
> > > Thanks Elmar
> > >
> > > -------- Original-Nachricht --------
> > > Datum: Thu, 11 Jan 2007 09:47:44 +0000
> > > Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
> > > An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > > Betreff: RE: Mailscanner plugins
> > >
> > > > Hans
> > > >
> > > > This has just been added in the latest beta...perhaps you'd like
to
> > try
> > > > it, there's an example use of this included as well.
> > > >
> > > > --
> > > > Martin Hepworth
> > > > Snr Systems Administrator
> > > > Solid State Logic
> > > > Tel: +44 (0)1865 842300
> > > >
> > > > > -----Original Message-----
> > > > > From: mailscanner-bounces@lists.mailscanner.info
> > [mailto:mailscanner-
> > > > > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > > > > Sent: 11 January 2007 09:40
> > > > > To: mailscanner@lists.mailscanner.info
> > > > > Subject: Mailscanner plugins
> > > > >
> > > > > Hi
> > > > >
> > > > > I'm new to mailscanner. Can i write a plugin that changes
> > > > > the configuration or behaviour from mailscanner?
> > > > >
> > > > > I need a funktion that ask a LDAP server for a parameter
> > > > > an add (or do not) a custom "Inline HTML Signature" in the
> > > > > language configured in the LDAP.
> > > > >
> > > > > So I want to set the parameter
> > > > > "Inline Text Signature = %report-dir%/inline.sig.txt"
> > > > > and
> > > > > "Sign Clean Messages = no/yes"
> > > > >
> > > > > Is that possible?
> > > > >
> > > > > Thanks Hans
> > > > >
> > > > > --
> > > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu
sparen!
> > > > > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > > > > --
> > > > > MailScanner mailing list
> > > > > mailscanner@lists.mailscanner.info
> > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > > >
> > > > > Before posting, read http://wiki.mailscanner.info/posting
> > > > >
> > > > > Support MailScanner development - buy the book off the
website!
> > > >
> > > >
> > > >
> > > >
> > > >
> >
**********************************************************************
> > > >
> > > > This email and any files transmitted with it are confidential
and
> > > > intended solely for the use of the individual or entity to whom
they
> > > > are addressed. If you have received this email in error please
> > notify
> > > > the system manager.
> > > >
> > > > This footnote confirms that this email message has been swept
> > > > for the presence of computer viruses and is believed to be
clean.
> > > >
> > > >
> >
**********************************************************************
> > > >
> > > > --
> > > > MailScanner mailing list
> > > > mailscanner@lists.mailscanner.info
> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > >
> > > > Before posting, read http://wiki.mailscanner.info/posting
> > > >
> > > > Support MailScanner development - buy the book off the website!
> > >
> > > --
> > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > > --
> > > MailScanner mailing list
> > > mailscanner@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> >
> >
> >
> >
**********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> >
**********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From hansklose at gmx.de  Thu Jan 11 13:09:23 2007
From: hansklose at gmx.de (Hans Klose)
Date: Thu Jan 11 12:11:09 2007
Subject: Mailscanner plugins
In-Reply-To: <0af3e1d6a971a7469a9375faaab4ac89@solidstatelogic.com>
References: <0af3e1d6a971a7469a9375faaab4ac89@solidstatelogic.com>
Message-ID: <20070111120923.170040@gmx.net>

I had some problems with spam so i use a different account
for mailing lists and so on. Sorry!

-------- Original-Nachricht --------
Datum: Thu, 11 Jan 2007 11:42:26 +0000
Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Betreff: RE: RE: Mailscanner plugins

> Elmar
> 
> I wouldn't have thought so..
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > Sent: 11 January 2007 11:23
> > To: MailScanner discussion
> > Subject: Re: RE: Mailscanner plugins
> >
> > Is it possible to use only the DavidHooton.pm
> > in the stable version?
> >
> > Thanks Elmar
> >
> > -------- Original-Nachricht --------
> > Datum: Thu, 11 Jan 2007 11:06:58 +0000
> > Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
> > An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > Betreff: RE: RE: Mailscanner plugins
> >
> > > Hans
> > >
> > > Prob end of the month, but may be end of Feb depending on the lead
> > > developers schedule.
> > >
> > > Try the beta, I'm running it and it's quite stable AFAIK.
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> > > > -----Original Message-----
> > > > From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-
> > > > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > > > Sent: 11 January 2007 11:01
> > > > To: MailScanner discussion
> > > > Subject: Re: RE: Mailscanner plugins
> > > >
> > > > Is there a Roadmap when this will be released?
> > > >
> > > > Thanks Elmar
> > > >
> > > > -------- Original-Nachricht --------
> > > > Datum: Thu, 11 Jan 2007 09:47:44 +0000
> > > > Von: "Martin.Hepworth" <martinh@solidstatelogic.com>
> > > > An: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > > > Betreff: RE: Mailscanner plugins
> > > >
> > > > > Hans
> > > > >
> > > > > This has just been added in the latest beta...perhaps you'd like
> to
> > > try
> > > > > it, there's an example use of this included as well.
> > > > >
> > > > > --
> > > > > Martin Hepworth
> > > > > Snr Systems Administrator
> > > > > Solid State Logic
> > > > > Tel: +44 (0)1865 842300
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: mailscanner-bounces@lists.mailscanner.info
> > > [mailto:mailscanner-
> > > > > > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > > > > > Sent: 11 January 2007 09:40
> > > > > > To: mailscanner@lists.mailscanner.info
> > > > > > Subject: Mailscanner plugins
> > > > > >
> > > > > > Hi
> > > > > >
> > > > > > I'm new to mailscanner. Can i write a plugin that changes
> > > > > > the configuration or behaviour from mailscanner?
> > > > > >
> > > > > > I need a funktion that ask a LDAP server for a parameter
> > > > > > an add (or do not) a custom "Inline HTML Signature" in the
> > > > > > language configured in the LDAP.
> > > > > >
> > > > > > So I want to set the parameter
> > > > > > "Inline Text Signature = %report-dir%/inline.sig.txt"
> > > > > > and
> > > > > > "Sign Clean Messages = no/yes"
> > > > > >
> > > > > > Is that possible?
> > > > > >
> > > > > > Thanks Hans
> > > > > >
> > > > > > --
> > > > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu
> sparen!
> > > > > > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > > > > > --
> > > > > > MailScanner mailing list
> > > > > > mailscanner@lists.mailscanner.info
> > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > > > >
> > > > > > Before posting, read http://wiki.mailscanner.info/posting
> > > > > >
> > > > > > Support MailScanner development - buy the book off the
> website!
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> **********************************************************************
> > > > >
> > > > > This email and any files transmitted with it are confidential
> and
> > > > > intended solely for the use of the individual or entity to whom
> they
> > > > > are addressed. If you have received this email in error please
> > > notify
> > > > > the system manager.
> > > > >
> > > > > This footnote confirms that this email message has been swept
> > > > > for the presence of computer viruses and is believed to be
> clean.
> > > > >
> > > > >
> > >
> **********************************************************************
> > > > >
> > > > > --
> > > > > MailScanner mailing list
> > > > > mailscanner@lists.mailscanner.info
> > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > > >
> > > > > Before posting, read http://wiki.mailscanner.info/posting
> > > > >
> > > > > Support MailScanner development - buy the book off the website!
> > > >
> > > > --
> > > > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > > > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > > > --
> > > > MailScanner mailing list
> > > > mailscanner@lists.mailscanner.info
> > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > > >
> > > > Before posting, read http://wiki.mailscanner.info/posting
> > > >
> > > > Support MailScanner development - buy the book off the website!
> > >
> > >
> > >
> > >
> > >
> **********************************************************************
> > >
> > > This email and any files transmitted with it are confidential and
> > > intended solely for the use of the individual or entity to whom they
> > > are addressed. If you have received this email in error please
> notify
> > > the system manager.
> > >
> > > This footnote confirms that this email message has been swept
> > > for the presence of computer viruses and is believed to be clean.
> > >
> > >
> **********************************************************************
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> >
> > --
> > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> > Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> 
> 
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.	
> 
> **********************************************************************
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
From hansklose at gmx.de  Thu Jan 11 13:14:04 2007
From: hansklose at gmx.de (Hans Klose)
Date: Thu Jan 11 12:15:53 2007
Subject: will the MailScanner.conf called for each new mail?
Message-ID: <20070111121404.170040@gmx.net>

I saw that i can write my own funtions for mailscanner.
Will they be called new again for each mail MailScanner
process?

I want to write funtions depending on the sender 
address from the mail. 

Thanks
-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
From martinh at solidstatelogic.com  Thu Jan 11 14:34:26 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan 11 13:36:41 2007
Subject: will the MailScanner.conf called for each new mail?
In-Reply-To: <20070111121404.170040@gmx.net>
Message-ID: <7ae2a04e1f952a46a54658eca09e615c@solidstatelogic.com>

Unfortunately no..

If want to do this you'll have to split the email to per recipient.
There's instructions on the wiki how to do this for sendmail, exim and
postfix.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> Sent: 11 January 2007 12:14
> To: MailScanner discussion
> Subject: will the MailScanner.conf called for each new mail?
>
> I saw that i can write my own funtions for mailscanner.
> Will they be called new again for each mail MailScanner
> process?
>
> I want to write funtions depending on the sender
> address from the mail.
>
> Thanks
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

From glenn.steen at gmail.com  Thu Jan 11 15:19:41 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 11 14:21:30 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <20070110163002.1EE06FF06@mx-a.vdnet.lt>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<200612022342.kB2NgCcf026083@bkserver.blacknight.ie>
	<20061203011931.d29a40c0.michel@mitch-it.nl>
	<45743355.2040006@sendit.nodak.edu>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
Message-ID: <223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>

On 10/01/07, Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:
> On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com> wrote:
>
> > I typed a longish reply to this one yesterday, which gmail then
> > promptly swallowed:-).
> > Oh well.
> >
> > The gist of it was "If I get time, I'll look at the code"... and
> > "interresting that postcat demangles it correctly (so that the postcat
> > of each queue file is ... well, as close to identical as possible)
> > ...".
>
> Could you please tell me where to look in the code? As now I have a real
> problem - if the last header is "Content-Transfer-Encoding: base64" it becomes
> Content-Transfer-Encoding: base64
>          190324
> and so is interpreted as Content-Transfer-Encoding: base64190324, thus
> rendering message unparseable...
>
> Regards,
> Nerijus
I've chatted a bit with Jules off-list, to bring him up to speed...
Lets see what he can do for us, shall we?

You should start by familiarizing yourself with the Postfix.pm and
PFDiskStore.pm modules in /usr/lib/MailScanner/MailScanner/, if you
use the rom install at least (this directory is actually where all the
innards of MailScanner is at, so ... reading a bit here and there
should give you a few ideas of how it really is come together:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From dhawal at netmagicsolutions.com  Thu Jan 11 15:27:23 2007
From: dhawal at netmagicsolutions.com (Dhawal Doshy)
Date: Thu Jan 11 14:29:33 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>	<200612022342.kB2NgCcf026083@bkserver.blacknight.ie>	<20061203011931.d29a40c0.michel@mitch-it.nl>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
Message-ID: <45A6494B.9010503@netmagicsolutions.com>

Glenn Steen wrote:
> On 10/01/07, Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:
>> On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com> 
>> wrote:
>>
>> > I typed a longish reply to this one yesterday, which gmail then
>> > promptly swallowed:-).
>> > Oh well.
>> >
>> > The gist of it was "If I get time, I'll look at the code"... and
>> > "interresting that postcat demangles it correctly (so that the postcat
>> > of each queue file is ... well, as close to identical as possible)
>> > ...".
>>
>> Could you please tell me where to look in the code? As now I have a real
>> problem - if the last header is "Content-Transfer-Encoding: base64" it 
>> becomes
>> Content-Transfer-Encoding: base64
>>          190324
>> and so is interpreted as Content-Transfer-Encoding: base64190324, thus
>> rendering message unparseable...
>>
>> Regards,
>> Nerijus
> I've chatted a bit with Jules off-list, to bring him up to speed...
> Lets see what he can do for us, shall we?
> 
> You should start by familiarizing yourself with the Postfix.pm and
> PFDiskStore.pm modules in /usr/lib/MailScanner/MailScanner/, if you
> use the rom install at least (this directory is actually where all the
> innards of MailScanner is at, so ... reading a bit here and there
> should give you a few ideas of how it really is come together:-).

Just to give you guys a headstart, there are some newer records that MS 
needs to address.

Quoting Weitse >>

If Mailscanner can speak the Milter protocol, great. Header 
modifications are already supported in Postfix 2.3. Body modifications 
with some luck in Postfix 2.4.

Direct queue file modification no longer works with Mailscanner versions 
that don't recognize the new PTR records that Postfix needs for in-place 
editing.

End Quote <<

- dhawal
From glenn.steen at gmail.com  Thu Jan 11 16:10:32 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 11 15:12:24 2007
Subject: will the MailScanner.conf called for each new mail?
In-Reply-To: <7ae2a04e1f952a46a54658eca09e615c@solidstatelogic.com>
References: <20070111121404.170040@gmx.net>
	<7ae2a04e1f952a46a54658eca09e615c@solidstatelogic.com>
Message-ID: <223f97700701110710x7a92aa9lee0e52f164303baf@mail.gmail.com>

On 11/01/07, Martin.Hepworth <martinh@solidstatelogic.com> wrote:
> Unfortunately no..
>
> If want to do this you'll have to split the email to per recipient.
> There's instructions on the wiki how to do this for sendmail, exim and
> postfix.
>
Um, if he wants rules depending on sender _and_ recipient, then I'll
agree with that Martin:-)... If only by sender, why ..... there can
only be one MAIL FROM:<....> ...;-).

Hens/Elmar (this can become a but confusing:-), if you do a
CustomFunction it'll be provided with a few things... a message object
prominent amongst them, so this should fit what you need. Check out
the MyExample.pm in the CustomFunction directory... it is rather well
documented.

If it is only rules by sender alone, I fail to see why a normal
ruleset shouldn't be enough (on envelope sender and sending IP
address, of course).

> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Hans Klose
> > Sent: 11 January 2007 12:14
> > To: MailScanner discussion
> > Subject: will the MailScanner.conf called for each new mail?
> >
> > I saw that i can write my own funtions for mailscanner.
> > Will they be called new again for each mail MailScanner
> > process?
> >
> > I want to write funtions depending on the sender
> > address from the mail.
> >
> > Thanks


-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Richard.Frovarp at sendit.nodak.edu  Thu Jan 11 16:24:22 2007
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Thu Jan 11 15:26:11 2007
Subject: Distributed setup with realtime failover/balancing
In-Reply-To: <005001c73567$6874fef0$7264a8c0@acer57dbddb911>
References: <005001c73567$6874fef0$7264a8c0@acer57dbddb911>
Message-ID: <45A656A6.1030709@sendit.nodak.edu>

jonas@vrt.dk wrote:
>> This is over kill!
>>
>> For inbound email:
>>
>> 	mydomain.com IN MX 5 my.mail.server.mydomain.com
>>
>>
>> 	my.mail.server.mydomain.com 2 IN A 1.2.3.4
>> 	my.mail.server.mydomain.com 2 IN A 1.2.3.5
>>
>> This works fine - causes the load balancing to be done a protocol level
>> and in the event of a failure will automatically failover to the other
>> box.  Worse case scenario is badly configured remote servers will wait
>> for "retry interval" minutes before delivering to the other server.
>>
>>
>>     
> Hmm well it might be overkill, but definitely not for the above reason. Your
> describing the normal basic smtp loadbalancing/failover that mx records
> provides, which is fine. The problem is in a mailscanner/mailwatch setup
> there are more components than simply the smtp incbound traffic. After a
> remote server have send a mail to either of the mx records, the mail is
> stored temporary on one of the boxes, if that box goes down, that mail and
> any mail quarantined on the box is unavailable to users. Which is not
> acceptable.
>
> Best regards
> Jonas Larsen
>
>   
I take it you are going to be running two Ultra Monkey servers as well then?
From matt at coders.co.uk  Thu Jan 11 16:39:37 2007
From: matt at coders.co.uk (Matt Hampton)
Date: Thu Jan 11 15:41:50 2007
Subject: Distributed setup with realtime failover/balancing
In-Reply-To: <45A656A6.1030709@sendit.nodak.edu>
References: <005001c73567$6874fef0$7264a8c0@acer57dbddb911>
	<45A656A6.1030709@sendit.nodak.edu>
Message-ID: <45A65A39.8090802@coders.co.uk>


>> Hmm well it might be overkill, but definitely not for the above
>> reason. Your
>> describing the normal basic smtp loadbalancing/failover that mx records
>> provides, which is fine. The problem is in a mailscanner/mailwatch setup
>> there are more components than simply the smtp incbound traffic. After a
>> remote server have send a mail to either of the mx records, the mail is
>> stored temporary on one of the boxes, if that box goes down, that mail
>> and
>> any mail quarantined on the box is unavailable to users. Which is not
>> acceptable.

How is an LVS solution going to solve that?  However you implement it
the connection will be load balanced across the MailScanner boxes and
they will spool to disk.  Once the connection is closed the LVS is no
longer involved.

If this is a requirement then you will have to move to something that
analyses the email as it is being spooled to disk (e.g. a milter). Also
how are you going to track whether a message has been delivered or not?

Although users expect email to be instant and reliable it isn't - no
where in the protocol is there an end to end delivery guarantee. If that
was the case people would be paying significantly more for email than
they already do and the prevalence of SPAM in it;s current form would be
negligible (but hey someone would come up with a new way of sending porn
or viagra emaisl)

> I take it you are going to be running two Ultra Monkey servers as well
> then?

And have BGP peering with two ISP's and no single points of failure
between the the ISP and the front end of the Ultra Monkeys and and again
 between the MailScanners and the users Inbox. ;-)


matt
From ka at pacific.net  Thu Jan 11 17:38:36 2007
From: ka at pacific.net (Ken A)
Date: Thu Jan 11 16:37:13 2007
Subject: Feature Request: Header based rules..
In-Reply-To: <45A5E403.6030705@netmagicsolutions.com>
References: <45A4E366.8020503@netmagicsolutions.com>	<Pine.LNX.4.64.0701102052470.15557@control.prolocation.net>
	<45A5E403.6030705@netmagicsolutions.com>
Message-ID: <45A6680C.7060908@pacific.net>



Dhawal Doshy wrote:
> Raymond Dijkxhoorn wrote:
>> Hi!
>>
>>> Any thoughts on adding header based rules? say for example:
>>>
>>> spam.check.rules:
>>> header X-MyLocalApp no
>>>
>>> OR
>>>
>>> virus.scanning.rules:
>>> header X-Cron no
>>>
>>> OR
>>> use.spamassassin.rules:
>>> From: mydomain.tld and header X-Auth-MyServer no
>>
>> Uh you mean like:
>>
>> [root@xxx01 rules]# more spam.actions.rules
>> FromOrTo:  default deliver header "X-Spam-Flag: YES" forward 
>> spamtrap@somehost
> 
> no.. i meant evaluating headers for rules (not adding them)..

The headers are available as @{$message->{headers}} in the Message 
Object, so you can use a Custom Function to get the result of a header 
check and a yes/no result for a rule.

Ken A
Pacific.Net
From brent at mirabito.com  Thu Jan 11 18:20:28 2007
From: brent at mirabito.com (Brent Strignano)
Date: Thu Jan 11 17:23:07 2007
Subject: More sendmail debug ouput from MailScanner init.d  script
Message-ID: <952375CB4C10CA45A08B1FADCE8AD231041E6B09@gchmail.mirabito.com>

Hello,

I'm trying to edit the MailScanner init script to make sendmail log
debug info for outgoing mail only maillog. I've found this line in the
StartOutSendmail() section or the init script:

$SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) \
                  -OPidFile=$OUTPID

And tried to change it to: 

$SENDMAIL -v $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) \
                  -OPidFile=$OUTPID \
                -OLogLevel=5

But the log remains the same:

I've also tried $SENDMAIL -v -d 2-17.5 $([ -n "$QUEUETIME" ] && echo
-q$QUEUETIME) \
                  -OPidFile=$OUTPID

Which will print some debug info to the console, but not the SMTP
transaction in the log.

I need try and determine some of my users cant send to a particular
domain. In the log:

Jan  11 10:25:27 mailscan sendmail[26414]: l09FOsYh026289:
to=<xxxxxxx@yyyyyyyy.com>, delay=00:00:33, xdelay=00:00:06,
mailer=esmtp, pri=137329, relay=zzzzz.yyyyyyyyy.com. [xx.yy.220.178],
dsn=5.0.0, stat=Service unavailable

Other users, including test messages sent from root on the mailscanner
server show:

Jan 11 11:03:09 mailscan sendmail[29032]: l0BG2XHF028958:
to=<xxxxxxx@yyyyyyyy.com>, ctladdr=<root@mailscan.zzzzzzzz.com> (0/0),
delay=00:00:36, xdelay=00:00:04, mailer=esmtp, pri=120332,
relay=zzzzz.yyyyyyyyy.com. [xx.yy.220.178], dsn=2.0.0, stat=Sent
(l0BG0s4x006941 Message accepted for delivery)

Or

Jan  8 11:01:28 mailscan sendmail[10082]: l08G0Uo8009878:
to=<xxxxxxx@yyyyyyyy.com>, delay=00:00:58, xdelay=00:00:03,
mailer=esmtp, pri=130984, relay=zzzzz.yyyyyyyyy.com. [xx.yy.220.178],
dsn=2.0.0, stat=Sent (l08FxU0b020718 Message accepted for delivery)

And I'm trying to get enough information to prove it isn't us :)

Not sure what else to try, I think running MailScanner -d just debugs
the MailScanner and Spamassassin process right?

Thanks all

Brent

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Thu Jan 11 19:00:58 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 11 18:03:12 2007
Subject: More sendmail debug ouput from MailScanner init.d  script
In-Reply-To: <952375CB4C10CA45A08B1FADCE8AD231041E6B09@gchmail.mirabito.com>
References: <952375CB4C10CA45A08B1FADCE8AD231041E6B09@gchmail.mirabito.com>
Message-ID: <eo5u0p$b40$1@sea.gmane.org>

Brent Strignano spake the following on 1/11/2007 9:20 AM:
> Hello,
> 
> I'm trying to edit the MailScanner init script to make sendmail log
> debug info for outgoing mail only maillog. I've found this line in the
> StartOutSendmail() section or the init script:
> 
> $SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) \
>                   -OPidFile=$OUTPID
> 
> And tried to change it to: 
> 
> $SENDMAIL -v $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) \
>                   -OPidFile=$OUTPID \
>                 -OLogLevel=5
> 
> But the log remains the same:
> 
> I've also tried $SENDMAIL -v -d 2-17.5 $([ -n "$QUEUETIME" ] && echo
> -q$QUEUETIME) \
>                   -OPidFile=$OUTPID
> 
> Which will print some debug info to the console, but not the SMTP
> transaction in the log.
> 
> I need try and determine some of my users cant send to a particular
> domain. In the log:
> 
> Jan  11 10:25:27 mailscan sendmail[26414]: l09FOsYh026289:
> to=<xxxxxxx@yyyyyyyy.com>, delay=00:00:33, xdelay=00:00:06,
> mailer=esmtp, pri=137329, relay=zzzzz.yyyyyyyyy.com. [xx.yy.220.178],
> dsn=5.0.0, stat=Service unavailable
> 
> Other users, including test messages sent from root on the mailscanner
> server show:
> 
> Jan 11 11:03:09 mailscan sendmail[29032]: l0BG2XHF028958:
> to=<xxxxxxx@yyyyyyyy.com>, ctladdr=<root@mailscan.zzzzzzzz.com> (0/0),
> delay=00:00:36, xdelay=00:00:04, mailer=esmtp, pri=120332,
> relay=zzzzz.yyyyyyyyy.com. [xx.yy.220.178], dsn=2.0.0, stat=Sent
> (l0BG0s4x006941 Message accepted for delivery)
> 
> Or
> 
> Jan  8 11:01:28 mailscan sendmail[10082]: l08G0Uo8009878:
> to=<xxxxxxx@yyyyyyyy.com>, delay=00:00:58, xdelay=00:00:03,
> mailer=esmtp, pri=130984, relay=zzzzz.yyyyyyyyy.com. [xx.yy.220.178],
> dsn=2.0.0, stat=Sent (l08FxU0b020718 Message accepted for delivery)
> 
> And I'm trying to get enough information to prove it isn't us :)
> 
> Not sure what else to try, I think running MailScanner -d just debugs
> the MailScanner and Spamassassin process right?
> 
> Thanks all
> 
> Brent
> 
I found this;
http://www.devshed.com/c/a/Administration/Getting-Started-with-Sendmail/12/
It looks like you need a log level greater than 9 to get more info.
It was written for sendmail 8.12, but I don't think it changed that much.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From mkettler at evi-inc.com  Thu Jan 11 19:47:52 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Thu Jan 11 18:49:54 2007
Subject: Spamassassin Advance Settings
In-Reply-To: <13c021a90701102219i40a0ac62lb9278729d85fe84e@mail.gmail.com>
References: <13c021a90701102219i40a0ac62lb9278729d85fe84e@mail.gmail.com>
Message-ID: <45A68658.1070605@evi-inc.com>

Pravin Rane wrote:
> I bit confused with following parameters in MailScanner.conf
> 
> SpamAssassin Site Rules Dir=
> SpamAssassin Local Rules Dir =
> SpamAssassin Local State Dir =
> 
> 
> My spamassassin is installed at /etc/mail/spamassassin/
> RulesDuJour is installed at /etc/mail/spamassassin/RulesDuJour
> sa update rules are located at /var/lib/spamassassin/3.001003    &  
> /var/lib/spamassassin/3.001007
> 
> What would be the values for above mailscanner parameters?

If you have to ask, don't fill them out at all.

Realistically, there's no good reason to use those parameters unless you're
trying to have multiple different SA configurations with entirely different
rulesets.




From n3dlinux at gmail.com  Fri Jan 12 02:21:39 2007
From: n3dlinux at gmail.com (den gon)
Date: Fri Jan 12 01:23:30 2007
Subject: Best way to use clamav (MTA or MailScanner)
Message-ID: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>

Hi To all,

I would like to ask what is the best way to use the clamav. Is it on MTA
level using
clamav-milter and disabling it to MailScanner as a redundancy or Is it on
the MailScanner
disabling the clamav-milter on MTA and enabling it on MailScanner.conf
"Virus Scanning =  yes"
as "Virus Scanners = clamavmodule"


Regards,

n3d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070112/a3bbc7d9/attachment.html
From deanm at ispone.com.au  Fri Jan 12 07:00:51 2007
From: deanm at ispone.com.au (Dean Manners)
Date: Fri Jan 12 06:03:46 2007
Subject: Filename Actions
Message-ID: <200701120601.l0C61k7I001144@secondary.ispone.net.au>

Hey guys,
                Is there a known method of being able to deliver, not
quarantine, messages with bad file names/types eg; Spam Actions = deliver
header "blah:" ?  It would be really handy to deliver these with header
modification, where we would sort to a Filtered/ Maildir folder by the local
delivery agent downstream.
 
 
Regards
__________________________________________ 
Dean Manners
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070112/1e6cd2d9/attachment.html
From ka at pacific.net  Fri Jan 12 07:25:48 2007
From: ka at pacific.net (Ken A)
Date: Fri Jan 12 06:27:43 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
Message-ID: <45A729EC.9040308@pacific.net>

den gon wrote:
> Hi To all,
> 
> I would like to ask what is the best way to use the clamav. Is it on MTA
> level using
> clamav-milter and disabling it to MailScanner as a redundancy or Is it on
> the MailScanner
> disabling the clamav-milter on MTA and enabling it on MailScanner.conf
> "Virus Scanning =  yes"
> as "Virus Scanners = clamavmodule"

MailScanner runs it as a perl module. The milter version runs it in your 
MTA with 'real time' overhead. They both work well, but which is 'right' 
depends on if you are installing it on a server that has a fairly 
predictable load, or if it's on a server that might need to do some 
queueing of incoming mail (at the edge of the network) like a normal 
MailScanner box might, so that it can even out the load and still accept 
mail when it's under an all too common dictionary attack.

We run both. I have noticed that sometimes MailScanner and clamavmodule 
on a gateway MX will 'miss' a virus that clamav-milter will catch later 
on the mail hub. Not sure what causes this. It's rare though, but worth 
mentioning, I suppose.

Ken A
Pacific.Net


> 
> 
> Regards,
> 
> n3d
> 

From dhawal at netmagicsolutions.com  Fri Jan 12 09:14:54 2007
From: dhawal at netmagicsolutions.com (Dhawal Doshy)
Date: Fri Jan 12 08:17:03 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
Message-ID: <45A7437E.1020005@netmagicsolutions.com>

den gon wrote:
> Hi To all,
> 
> I would like to ask what is the best way to use the clamav. Is it on MTA 
> level using
> clamav-milter and disabling it to MailScanner as a redundancy or Is it 
> on the MailScanner
> disabling the clamav-milter on MTA and enabling it on MailScanner.conf  
> "Virus Scanning =  yes"
> as "Virus Scanners = clamavmodule"

Ideally:

First create a policy for your organization for a list of extensions 
that you would never accept (and would like to reject). Use your MTA to 
reject them rightaway. Examples .scr, .cpl

Second, if your MTA supports it, reject patterns that are known to 
contain viruses (body_checks OR mime_header_checks in postfix for example)

Next, run something like a clamav-milter and reject as many viruses as 
possible without causing false positives and/or delay in incoming mail. 
You wouldn't want the sending MTA to timeout due to clamav-milter taking 
a lot of time.

Finally run clamavmodule OR clamscan at the mailscanner level to get rid 
of any archives that couldn't be unpacked at the clamav-milter level 
(say rar, lha, arj etc..)

- dhawal
From dhawal at netmagicsolutions.com  Fri Jan 12 09:22:26 2007
From: dhawal at netmagicsolutions.com (Dhawal Doshy)
Date: Fri Jan 12 08:24:23 2007
Subject: Feature Request: Header based rules..
In-Reply-To: <45A6680C.7060908@pacific.net>
References: <45A4E366.8020503@netmagicsolutions.com>	<Pine.LNX.4.64.0701102052470.15557@control.prolocation.net>	<45A5E403.6030705@netmagicsolutions.com>
	<45A6680C.7060908@pacific.net>
Message-ID: <45A74542.3040607@netmagicsolutions.com>

Ken A wrote:
> 
> 
> Dhawal Doshy wrote:
>> Raymond Dijkxhoorn wrote:
>>> Hi!
>>>
>>>> Any thoughts on adding header based rules? say for example:
>>>>
>>>> spam.check.rules:
>>>> header X-MyLocalApp no
>>>>
>>>> OR
>>>>
>>>> virus.scanning.rules:
>>>> header X-Cron no
>>>>
>>>> OR
>>>> use.spamassassin.rules:
>>>> From: mydomain.tld and header X-Auth-MyServer no
>>>
>>> Uh you mean like:
>>>
>>> [root@xxx01 rules]# more spam.actions.rules
>>> FromOrTo:  default deliver header "X-Spam-Flag: YES" forward 
>>> spamtrap@somehost
>>
>> no.. i meant evaluating headers for rules (not adding them)..
> 
> The headers are available as @{$message->{headers}} in the Message 
> Object, so you can use a Custom Function to get the result of a header 
> check and a yes/no result for a rule.

Thanks Ken, writing a custom function would be greek for me.. though the 
list archives did return some simple examples.

The original idea was to scan outgoing authenticated mails for viruses 
and policy violations but skip spam checking (based on the presence of a 
X-Auth-Header)..

We've been doing this using separate servers so far, but for a new low 
volume customer, i can't justify investing in 2 servers and will have to 
do with one server for both incoming / outgoing.

- dhawal
From Sylvain.Phaneuf at imsu.ox.ac.uk  Fri Jan 12 10:00:35 2007
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Fri Jan 12 09:02:30 2007
Subject: slightly OT - mailwatch + mailscanner-mrtg
Message-ID: <45A74E33.FEA8.00EB.0@imsu.ox.ac.uk>

Hi,

I have posted something similar on the mailwatch forum, but nobody
bothered to reply... poor little me, I am being ignored...

Can somebody explained something to me or point me in the right
direction please?

I have installed Mailwatch last week and I am kicking myself for not
doing it a long time ago. It is a very impressive monitoring tool.  

One thing that I cannot understand is the reporting of the number of
messages processed. For example MailScanner-MRTG tells me that we
received 51,805 messages on one of our gateways yesterday (a modified
vispan script gives me 51,746). If I create a report to find the number
of messages processed in Mailwatch, I get "Message count = 21,470". 

But if I look at the spam statistics, I get figures that are much
closer: 
mailwatch =  4,055
mailscanner-mrtg = 4,050
modified-vispan = 4,543

Call me crazy if you want, but I don't want to give up running
mailscanner-mrtg and vispan as they are each very useful. And obviously
I will keep running mailwatch!!! I am just trying to understand the
discrepancies or limitations of these products. 

Versions:
MailScanner 4.55.10
Mailwatch 1.03
Vispan 1.4
MailsScanner-MRTG 2.12.2 
Sendmail 8.13.6

Is it likely that my system is not setup properly, or is there some
other explanation?

Thank in advance for your comments,

Sylvain

-- 

============================================
Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323
Information Management Services Unit - Medical Sciences Division 
Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk 
Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322
Oxford, OX3 9DU,   UK
============================================ 
From MailScanner at ecs.soton.ac.uk  Thu Jan 11 23:02:49 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jan 12 09:14:15 2007
Subject: will the MailScanner.conf called for each new mail?
In-Reply-To: <20070111121404.170040@gmx.net>
References: <20070111121404.170040@gmx.net>
Message-ID: <45A6B409.40605@ecs.soton.ac.uk>



Hans Klose wrote:
> I saw that i can write my own funtions for mailscanner.
> Will they be called new again for each mail MailScanner
> process?
>   
Yes.
> I want to write funtions depending on the sender 
> address from the mail. 
>   
That's exactly the sort of thing that Custom Functions are there for. 
See CustomConfig.pm or the CustomFunctions directory in 
/usr/lib/MailScanner/MailScanner.

> Thanks
>   

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Thu Jan 11 22:56:57 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jan 12 09:14:16 2007
Subject: Mailscanner plugins
In-Reply-To: <20070111094012.140170@gmx.net>
References: <20070111094012.140170@gmx.net>
Message-ID: <45A6B2A9.5070805@ecs.soton.ac.uk>

This has been in place for years. Basically you can write a piece of 
code that produces the value of a configuration setting dependent on the 
message it is operating on. Check out the CustomConfig.pm file and the 
CustomFunctions directory.

Don't believe anyone who says this is new, it ain't :-)

Hans Klose wrote:
> Hi 
>
> I'm new to mailscanner. Can i write a plugin that changes 
> the configuration or behaviour from mailscanner?
>
> I need a funktion that ask a LDAP server for a parameter
> an add (or do not) a custom "Inline HTML Signature" in the 
> language configured in the LDAP.
>
> So I want to set the parameter 
> "Inline Text Signature = %report-dir%/inline.sig.txt"
> and 
> "Sign Clean Messages = no/yes"
>
> Is that possible?
>
> Thanks Hans
>
>   

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From jonas at vrt.dk  Fri Jan 12 10:25:18 2007
From: jonas at vrt.dk (Jonas A. Larsen)
Date: Fri Jan 12 09:27:32 2007
Subject: Distributed setup with realtime failover/balancing
In-Reply-To: <45A656A6.1030709@sendit.nodak.edu>
Message-ID: <002d01c7362b$a0240fc0$7264a8c0@acer57dbddb911>

> > Hmm well it might be overkill, but definitely not for the above reason.
> Your
> > describing the normal basic smtp loadbalancing/failover that mx records
> > provides, which is fine. The problem is in a mailscanner/mailwatch setup
> > there are more components than simply the smtp incbound traffic. After a
> > remote server have send a mail to either of the mx records, the mail is
> > stored temporary on one of the boxes, if that box goes down, that mail
> and
> > any mail quarantined on the box is unavailable to users. Which is not
> > acceptable.
> >
> > Best regards
> > Jonas Larsen
> >
> >
> I take it you are going to be running two Ultra Monkey servers as well
> then?
> --
Yes, that was the plan.


From jonas at vrt.dk  Fri Jan 12 11:52:42 2007
From: jonas at vrt.dk (jonas@vrt.dk)
Date: Fri Jan 12 10:54:58 2007
Subject: *** MULIG SPAM*** Re: Distributed setup with realtime
	failover/balancing
In-Reply-To: <45A65A39.8090802@coders.co.uk>
Message-ID: <005901c73637$d4cfd540$7264a8c0@acer57dbddb911>

Hello

> >> Hmm well it might be overkill, but definitely not for the above
> >> reason. Your
> >> describing the normal basic smtp loadbalancing/failover that mx records
> >> provides, which is fine. The problem is in a mailscanner/mailwatch
> setup
> >> there are more components than simply the smtp incbound traffic. After
> a
> >> remote server have send a mail to either of the mx records, the mail is
> >> stored temporary on one of the boxes, if that box goes down, that mail
> >> and
> >> any mail quarantined on the box is unavailable to users. Which is not
> >> acceptable.
> 
> How is an LVS solution going to solve that?  However you implement it
> the connection will be load balanced across the MailScanner boxes and
> they will spool to disk.  Once the connection is closed the LVS is no
> longer involved.
> 
> If this is a requirement then you will have to move to something that
> analyses the email as it is being spooled to disk (e.g. a milter). Also
> how are you going to track whether a message has been delivered or not?
> 
I am sorry, I have not been very clear. The main reason for me to desire a
distributed setup, is to have the quarantine directory always be available.
That's where DRBD comes in. ultramonkey/lvs/heartbeat is just to spread out
the load on apache and mysql. And also to facilitate failover.

Mails that are in actual transit (meaning in the in or outgoing queues) are
more acceptable to loose, than users not being able to release mails from
the quarantine. At least they are for me.

I hope that explains it a little bit better.

Best regards

Jonas Larsen

From martin.lyberg at gmail.com  Fri Jan 12 15:01:07 2007
From: martin.lyberg at gmail.com (Martin)
Date: Fri Jan 12 14:08:04 2007
Subject: Installation
In-Reply-To: <eo3noe$8rk$1@sea.gmane.org>
References: <000e01c734fd$6d243c50$0300a8c0@250N> <eo3noe$8rk$1@sea.gmane.org>
Message-ID: <eo84av$b3u$1@sea.gmane.org>

Scott Silva wrote:

> Is there a specific reason you want to use the tarball install?
> The rpm based install will do so many more steps for you. It will leave you
> with a almost ready to run install, ready for you to tweak and adjust. And you
> will have the side benefit of the rest of your rpm system not breaking any of
> your perl stuff.

Scott,

Where did you find an RPM for MailScanner?

From glenn.steen at gmail.com  Fri Jan 12 15:18:08 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 12 14:20:01 2007
Subject: Installation
In-Reply-To: <eo84av$b3u$1@sea.gmane.org>
References: <000e01c734fd$6d243c50$0300a8c0@250N> <eo3noe$8rk$1@sea.gmane.org>
	<eo84av$b3u$1@sea.gmane.org>
Message-ID: <223f97700701120618j5b763857x9190a4c3375767d8@mail.gmail.com>

On 12/01/07, Martin <martin.lyberg@gmail.com> wrote:
> Scott Silva wrote:
>
> > Is there a specific reason you want to use the tarball install?
> > The rpm based install will do so many more steps for you. It will leave you
> > with a almost ready to run install, ready for you to tweak and adjust. And you
> > will have the side benefit of the rest of your rpm system not breaking any of
> > your perl stuff.
>
> Scott,
>
> Where did you find an RPM for MailScanner?
>
How about http://www.mailscanner.info -> Downloads? Sure, the RPM
install is a tarball (that will (through the install.sh script) build
and install the relevant RPMs for you...), but it really does include
an RPM for mailscanner itself ... to...;-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From martin.lyberg at gmail.com  Fri Jan 12 15:35:04 2007
From: martin.lyberg at gmail.com (Martin)
Date: Fri Jan 12 14:37:13 2007
Subject: Installation
In-Reply-To: <223f97700701120618j5b763857x9190a4c3375767d8@mail.gmail.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N>
	<eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org>
	<223f97700701120618j5b763857x9190a4c3375767d8@mail.gmail.com>
Message-ID: <eo86ak$k72$1@sea.gmane.org>

Glenn Steen wrote:

> How about http://www.mailscanner.info -> Downloads? Sure, the RPM
> install is a tarball (that will (through the install.sh script) build
> and install the relevant RPMs for you...), but it really does include
> an RPM for mailscanner itself ... to...;-).

Ouch.... I thought it was built from source. Guess i have to read up 
more on the web before asking :)

Thanks Gleen (once again)

From prandal at herefordshire.gov.uk  Fri Jan 12 15:15:21 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Fri Jan 12 14:42:10 2007
Subject: Spamassassin Advance Settings
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58120DB127@isabella.herefordshire.gov.uk>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Matt Kettler
> Sent: 11 January 2007 18:48
> To: MailScanner discussion
> Subject: Re: Spamassassin Advance Settings
> 
> Pravin Rane wrote:
> > I bit confused with following parameters in MailScanner.conf
> > 
> > SpamAssassin Site Rules Dir=
> > SpamAssassin Local Rules Dir =
> > SpamAssassin Local State Dir =
> > 
> > 
> > My spamassassin is installed at /etc/mail/spamassassin/
> > RulesDuJour is installed at /etc/mail/spamassassin/RulesDuJour
> > sa update rules are located at /var/lib/spamassassin/3.001003    &  
> > /var/lib/spamassassin/3.001007
> > 
> > What would be the values for above mailscanner parameters?
> 
> If you have to ask, don't fill them out at all.
> 
> Realistically, there's no good reason to use those parameters 
> unless you're
> trying to have multiple different SA configurations with 
> entirely different
> rulesets.

That's my understanding too.

I use

  SpamAssassin Local State Dir = /var/lib/spamassassin

There's been prior discussion on the list about this.

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From Richard.Frovarp at sendit.nodak.edu  Fri Jan 12 15:53:19 2007
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Fri Jan 12 14:55:12 2007
Subject: slightly OT - mailwatch + mailscanner-mrtg
In-Reply-To: <45A74E33.FEA8.00EB.0@imsu.ox.ac.uk>
References: <45A74E33.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <45A7A0DF.4030102@sendit.nodak.edu>

Sylvain Phaneuf wrote:
> Hi,
>
> I have posted something similar on the mailwatch forum, but nobody
> bothered to reply... poor little me, I am being ignored...
>
> Can somebody explained something to me or point me in the right
> direction please?
>
> I have installed Mailwatch last week and I am kicking myself for not
> doing it a long time ago. It is a very impressive monitoring tool.  
>
> One thing that I cannot understand is the reporting of the number of
> messages processed. For example MailScanner-MRTG tells me that we
> received 51,805 messages on one of our gateways yesterday (a modified
> vispan script gives me 51,746). If I create a report to find the number
> of messages processed in Mailwatch, I get "Message count = 21,470". 
>
> But if I look at the spam statistics, I get figures that are much
> closer: 
> mailwatch =  4,055
> mailscanner-mrtg = 4,050
> modified-vispan = 4,543
>
> Call me crazy if you want, but I don't want to give up running
> mailscanner-mrtg and vispan as they are each very useful. And obviously
> I will keep running mailwatch!!! I am just trying to understand the
> discrepancies or limitations of these products. 
>
> Versions:
> MailScanner 4.55.10
> Mailwatch 1.03
> Vispan 1.4
> MailsScanner-MRTG 2.12.2 
> Sendmail 8.13.6
>
> Is it likely that my system is not setup properly, or is there some
> other explanation?
>
> Thank in advance for your comments,
>
> Sylvain
>
>   
Is it a difference in messages versus recipients? MailWatch only counts 
messages. I know MailScanner-MRTG will give you messages and recipients. 
For the spam statistics, MailWatch can't count anything rejected by the 
MTA, where MailScanner-MRTG does.
From Sylvain.Phaneuf at imsu.ox.ac.uk  Fri Jan 12 16:10:20 2007
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Fri Jan 12 15:12:23 2007
Subject: slightly OT - mailwatch + mailscanner-mrtg
In-Reply-To: <45A7A0DF.4030102@sendit.nodak.edu>
References: <45A74E33.FEA8.00EB.0@imsu.ox.ac.uk>
	<45A7A0DF.4030102@sendit.nodak.edu>
Message-ID: <45A7A4E1.FEA8.00EB.0@imsu.ox.ac.uk>

>>> On 12/01/2007 at 14:53, Richard Frovarp
<Richard.Frovarp@sendit.nodak.edu>
wrote:

>                                                             
MailScanner-MRTG tells me that we
> received 51,805 messages on one of our gateways yesterday (a
modified
> vispan script gives me 51,746). If I create a report to find the
number
> of messages processed in Mailwatch, I get "Message count = 21,470". 

> Is it a difference in messages versus recipients? MailWatch only
counts 
> messages. I know MailScanner-MRTG will give you messages and
recipients. 
> For the spam statistics, MailWatch can't count anything rejected by
the 
> MTA, where MailScanner-MRTG does.


Sorry, I should have made that clear. The number of recipients was
61,544 according to Mailscanner-MRTG. 


Sylvain

From glenn.steen at gmail.com  Fri Jan 12 16:49:22 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 12 15:51:15 2007
Subject: slightly OT - mailwatch + mailscanner-mrtg
In-Reply-To: <45A7A4E1.FEA8.00EB.0@imsu.ox.ac.uk>
References: <45A74E33.FEA8.00EB.0@imsu.ox.ac.uk>
	<45A7A0DF.4030102@sendit.nodak.edu>
	<45A7A4E1.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <223f97700701120749m6f503260qebd9ea2d32b23a36@mail.gmail.com>

On 12/01/07, Sylvain Phaneuf <Sylvain.Phaneuf@imsu.ox.ac.uk> wrote:
> >>> On 12/01/2007 at 14:53, Richard Frovarp
> <Richard.Frovarp@sendit.nodak.edu>
> wrote:
>
> >
> MailScanner-MRTG tells me that we
> > received 51,805 messages on one of our gateways yesterday (a
> modified
> > vispan script gives me 51,746). If I create a report to find the
> number
> > of messages processed in Mailwatch, I get "Message count = 21,470".
>
> > Is it a difference in messages versus recipients? MailWatch only
> counts
> > messages. I know MailScanner-MRTG will give you messages and
> recipients.
> > For the spam statistics, MailWatch can't count anything rejected by
> the
> > MTA, where MailScanner-MRTG does.
>
>
> Sorry, I should have made that clear. The number of recipients was
> 61,544 according to Mailscanner-MRTG.
>
>
> Sylvain
>
I think Richard is on the right track there, the difference including
rejected by MTA would fit... Or... If you use Postfix, some
"semi-na?ve" statistics analysers might get thoroughly confised by the
HOLD feature, counting every message twice... Oh, I see you use
Sendmail, so that's not it then:-).

I guess you'll just have to do two things: manually check that the log
matches up with mailscanner-mrtg, as well as with MailWatch, for a
not-to excessively huge period of time.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Peter.Bates at lshtm.ac.uk  Fri Jan 12 16:49:04 2007
From: Peter.Bates at lshtm.ac.uk (Peter Bates)
Date: Fri Jan 12 15:53:55 2007
Subject: ClamAV and 'Oversized Zip' problem
Message-ID: <45A7ADF0.9729.0076.0@lshtm.ac.uk>


Hello all...

As far as I can see, this start happening about noon today.

Also apologies for it not being strictly a MailScanner problem.

Some zipfiles (possibly all, I haven't tested personally)
are being caught by the ClamAV-module as follows:

Quarantine: /var/spool/MailScanner/quarantine/20070112/9E4E7140314.1B7BB
    Report: ClamAV Module: STATA_files_2007-01-06.zip was infected: Oversized.Zip

# clamscan -V
ClamAV 0.88.7/2437/Thu Jan 11 23:59:09 2007
# clamscan -v STATA_files_2007-01-06.zip
Scanning STATA_files_2007-01-06.zip
STATA_files_2007-01-06.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 192337
Engine version: 0.88.7
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 20.59 MB
Time: 36.957 sec (0 m 36 s)

Yes, I know it's slow, it's a busy box with various sanesecurity and MSRBL additional definitions loaded.

However, it's clear ClamAV Module is identifying Zip files today as 'Oversized.Zip'
but the command line is okay.

This is MailScanner 4.56.8, with postfix as the MTA. Mail::ClamAV is 0.17.

Are there some settings for the ClamAV module or defaults it is picking up that might be causing this?

Any suggestions gratefully received before I start trying to talk to ClamAV developers.


-- 

--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 

From raymond at prolocation.net  Fri Jan 12 17:02:30 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Fri Jan 12 16:04:19 2007
Subject: ClamAV and 'Oversized Zip' problem
In-Reply-To: <45A7ADF0.9729.0076.0@lshtm.ac.uk>
References: <45A7ADF0.9729.0076.0@lshtm.ac.uk>
Message-ID: <Pine.LNX.4.64.0701121701580.15477@control.prolocation.net>

Hi!

> Some zipfiles (possibly all, I haven't tested personally)
> are being caught by the ClamAV-module as follows:
>
> Quarantine: /var/spool/MailScanner/quarantine/20070112/9E4E7140314.1B7BB
>    Report: ClamAV Module: STATA_files_2007-01-06.zip was infected: Oversized.Zip

When did you upgrade clam? Same time ??

Do a forced install of the clamav libs... the perl ones. Should fix it.

Bye,
Raymond.
From roger at rudnick.com.br  Fri Jan 12 17:05:19 2007
From: roger at rudnick.com.br (Roger Jochem)
Date: Fri Jan 12 16:07:47 2007
Subject: ClamAV and 'Oversized Zip' problem
References: <45A7ADF0.9729.0076.0@lshtm.ac.uk>
Message-ID: <03b301c73663$7516d000$0600a8c0@roger>

You have to recompile clamav module to solve that...

It happened when I upgraded clamav to 0.88.7 too...



----- Original Message ----- 
From: "Peter Bates" <Peter.Bates@lshtm.ac.uk>
To: <mailscanner@lists.mailscanner.info>
Sent: Friday, January 12, 2007 1:49 PM
Subject: ClamAV and 'Oversized Zip' problem


>
> Hello all...
>
> As far as I can see, this start happening about noon today.
>
> Also apologies for it not being strictly a MailScanner problem.
>
> Some zipfiles (possibly all, I haven't tested personally)
> are being caught by the ClamAV-module as follows:
>
> Quarantine: /var/spool/MailScanner/quarantine/20070112/9E4E7140314.1B7BB
>    Report: ClamAV Module: STATA_files_2007-01-06.zip was infected: 
> Oversized.Zip
>
> # clamscan -V
> ClamAV 0.88.7/2437/Thu Jan 11 23:59:09 2007
> # clamscan -v STATA_files_2007-01-06.zip
> Scanning STATA_files_2007-01-06.zip
> STATA_files_2007-01-06.zip: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 192337
> Engine version: 0.88.7
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 20.59 MB
> Time: 36.957 sec (0 m 36 s)
>
> Yes, I know it's slow, it's a busy box with various sanesecurity and MSRBL 
> additional definitions loaded.
>
> However, it's clear ClamAV Module is identifying Zip files today as 
> 'Oversized.Zip'
> but the command line is okay.
>
> This is MailScanner 4.56.8, with postfix as the MTA. Mail::ClamAV is 0.17.
>
> Are there some settings for the ClamAV module or defaults it is picking up 
> that might be causing this?
>
> Any suggestions gratefully received before I start trying to talk to 
> ClamAV developers.
>
>
> -- 
>
> --------------------------------------------------------------------------------------------------->
> Peter Bates, Systems Support Officer, IT Services.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website! 

From rcooper at dwford.com  Fri Jan 12 17:11:59 2007
From: rcooper at dwford.com (Rick Cooper)
Date: Fri Jan 12 16:14:00 2007
Subject: ClamAV and 'Oversized Zip' problem
In-Reply-To: <45A7ADF0.9729.0076.0@lshtm.ac.uk>
Message-ID: <006401c73664$63794570$0301a8c0@SAHOMELT>

 

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Peter Bates
> Sent: Friday, January 12, 2007 10:49 AM
> To: mailscanner@lists.mailscanner.info
> Subject: ClamAV and 'Oversized Zip' problem
> 
> 
> Hello all...
> 
> As far as I can see, this start happening about noon today.
> 
> Also apologies for it not being strictly a MailScanner problem.
> 
> Some zipfiles (possibly all, I haven't tested personally)
> are being caught by the ClamAV-module as follows:
> 
> Quarantine: 
> /var/spool/MailScanner/quarantine/20070112/9E4E7140314.1B7BB
>     Report: ClamAV Module: STATA_files_2007-01-06.zip was 
> infected: Oversized.Zip
> 
> # clamscan -V
> ClamAV 0.88.7/2437/Thu Jan 11 23:59:09 2007
> # clamscan -v STATA_files_2007-01-06.zip
> Scanning STATA_files_2007-01-06.zip
> STATA_files_2007-01-06.zip: OK
[..]

There were some lib changes with the 0.88.7 release and you need to do a
forced rebuild of the Mail::ClamAV package.
	cpan -if Mail::ClamAV
Should do it.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From Peter.Bates at lshtm.ac.uk  Fri Jan 12 18:03:19 2007
From: Peter.Bates at lshtm.ac.uk (Peter Bates)
Date: Fri Jan 12 17:06:41 2007
Subject: ClamAV and 'Oversized Zip' problem
In-Reply-To: <Pine.LNX.4.64.0701121701580.15477@control.prolocation.net>
References: <45A7ADF0.9729.0076.0@lshtm.ac.uk>
	<Pine.LNX.4.64.0701121701580.15477@control.prolocation.net>
Message-ID: <45A7BF57.9729.0076.0@lshtm.ac.uk>


Hello again all...
-- 

--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 

>>> On 12/01/07 at 16:02, Raymond Dijkxhoorn <raymond@prolocation.net> wrote:
> When did you upgrade clam? Same time ??
> 
> Do a forced install of the clamav libs... the perl ones. Should fix it.

Thanks to all the people who replied on this one, problem now fixed.

I guess I should add the rebuild of the Perl modules (by whichever method)
to my Clamav upgrading routine to avoid getting caught by this next time!

Thanks again.



From alex at nkpanama.com  Fri Jan 12 21:44:44 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Fri Jan 12 21:57:13 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <45A7437E.1020005@netmagicsolutions.com>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
	<45A7437E.1020005@netmagicsolutions.com>
Message-ID: <45A7F33C.7050006@nkpanama.com>

Dhawal Doshy wrote:
> Next, run something like a clamav-milter and reject as many viruses as 
> possible without causing false positives and/or delay in incoming mail. 
> You wouldn't want the sending MTA to timeout due to clamav-milter taking 
> a lot of time.
> 
> Finally run clamavmodule OR clamscan at the mailscanner level to get rid 
> of any archives that couldn't be unpacked at the clamav-milter level 
> (say rar, lha, arj etc..)

This is one of the reasons I use clamav-milter *and* clamavmodule. One 
will sometimes pick up what the other one misses for whatever reason.


Regards,

Alex Neuman
N&K Technology Consultants
http://nkpanama.com/
From alex at nkpanama.com  Fri Jan 12 21:43:52 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Fri Jan 12 21:57:14 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <45A729EC.9040308@pacific.net>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
	<45A729EC.9040308@pacific.net>
Message-ID: <45A7F308.3040102@nkpanama.com>

Ken A wrote:
> We run both. I have noticed that sometimes MailScanner and clamavmodule 
> on a gateway MX will 'miss' a virus that clamav-milter will catch later 
> on the mail hub. Not sure what causes this. It's rare though, but worth 
> mentioning, I suppose.

I've run both as well ever since the "what goes first, virus or spam 
scannning" debate a few years back. Since I wanted to scan a low-traffic 
  server's mail for viruses first - since most of the time the unwanted 
traffic was, in fact, viruses - and then spam, I installed the 
clamav-milter to do this. Saved a lot of time and cpu.

Since spam is more prevalent nowadays (at least in my experience), the 
point is no longer valid - but I still run clamav-milter in front of 
MailScanner anyways.

Regards,

Alex Neuman
N&K Technology Consultants
http://nkpanama.com/
From ssilva at sgvwater.com  Fri Jan 12 23:17:25 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan 12 22:19:32 2007
Subject: Installation
In-Reply-To: <223f97700701120618j5b763857x9190a4c3375767d8@mail.gmail.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N>
	<eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org>
	<223f97700701120618j5b763857x9190a4c3375767d8@mail.gmail.com>
Message-ID: <eo91dj$uir$1@sea.gmane.org>

Glenn Steen spake the following on 1/12/2007 6:18 AM:
> On 12/01/07, Martin <martin.lyberg@gmail.com> wrote:
>> Scott Silva wrote:
>>
>> > Is there a specific reason you want to use the tarball install?
>> > The rpm based install will do so many more steps for you. It will
>> leave you
>> > with a almost ready to run install, ready for you to tweak and
>> adjust. And you
>> > will have the side benefit of the rest of your rpm system not
>> breaking any of
>> > your perl stuff.
>>
>> Scott,
>>
>> Where did you find an RPM for MailScanner?
>>
> How about http://www.mailscanner.info -> Downloads? Sure, the RPM
> install is a tarball (that will (through the install.sh script) build
> and install the relevant RPMs for you...), but it really does include
> an RPM for mailscanner itself ... to...;-).
> 
> Cheers
Thanks for catching that, Glenn. I'm in one of our remote offices and was
behind on the list. Too bad this office is remote, because it is actually 40
miles closer to home than our main office.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From res at ausics.net  Sat Jan 13 02:57:07 2007
From: res at ausics.net (Res)
Date: Sat Jan 13 01:59:10 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <45A7F33C.7050006@nkpanama.com>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
	<45A7437E.1020005@netmagicsolutions.com>
	<45A7F33C.7050006@nkpanama.com>
Message-ID: <Pine.LNX.4.64.0701131146200.9883@ebfjryy.nhfvpf.arg>

On Fri, 12 Jan 2007, Alex Neuman van der Hans wrote:

> Dhawal Doshy wrote:
>> Next, run something like a clamav-milter and reject as many viruses as 
>> possible without causing false positives and/or delay in incoming mail. You 
>> wouldn't want the sending MTA to timeout due to clamav-milter taking a lot 
>> of time.
>> 
>> Finally run clamavmodule OR clamscan at the mailscanner level to get rid of 
>> any archives that couldn't be unpacked at the clamav-milter level (say rar, 
>> lha, arj etc..)
>
> This is one of the reasons I use clamav-milter *and* clamavmodule. One will 
> sometimes pick up what the other one misses for whatever reason.
>

Hmmm, milters job is to  do somthing with the smtp connection, i'll hold 
you open whilst i go off and scan this 11 mb file, oh and it seems 
hundreds of you want to do this at the same time, all 
conenctions full so sorry go away. This is the reason we got rid of 
qmailscanner a couple years ago, all too often mails not accepted cause 
connections are full, load goes through the roof.


conclusion:
If you constantly process 5 concurrent emails, milter would be 
acceptable, if you have 300+ constant concurrent connections reaching 600 
in peak periods, MailScanner is far superior (unless modern day scanning
milters are a lot beter then when i tried it, but i seriously doubt it)


--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From alex at nkpanama.com  Sat Jan 13 05:43:58 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Sat Jan 13 04:46:39 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <Pine.LNX.4.64.0701131146200.9883@ebfjryy.nhfvpf.arg>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>	<45A7437E.1020005@netmagicsolutions.com>	<45A7F33C.7050006@nkpanama.com>
	<Pine.LNX.4.64.0701131146200.9883@ebfjryy.nhfvpf.arg>
Message-ID: <45A8638E.7040901@nkpanama.com>

Res wrote:
> conclusion:
> If you constantly process 5 concurrent emails, milter would be 
> acceptable, if you have 300+ constant concurrent connections reaching 
> 600 in peak periods, MailScanner is far superior (unless modern day 
> scanning
> milters are a lot beter then when i tried it, but i seriously doubt it)

... which is the norm on around 80% of the servers I set up, so I don't 
think much about it. The 11Mb file problem you talk about is also offset 
by setting hard limits (usually between 5 and 10 mb) in sendmail.mc for 
message sizes. Users are hit over the head repeatedly with a clue by 
four (read "encouraged") to use other means to send larger files, 
depending on their needs.

Alex Neuman
N&K Technology Consultants
http://nkpanama.com/
From res at ausics.net  Sat Jan 13 07:35:43 2007
From: res at ausics.net (Res)
Date: Sat Jan 13 06:37:48 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <45A8638E.7040901@nkpanama.com>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
	<45A7437E.1020005@netmagicsolutions.com>
	<45A7F33C.7050006@nkpanama.com>
	<Pine.LNX.4.64.0701131146200.9883@ebfjryy.nhfvpf.arg>
	<45A8638E.7040901@nkpanama.com>
Message-ID: <Pine.LNX.4.64.0701131615270.29718@ebfjryy.nhfvpf.arg>

On Fri, 12 Jan 2007, Alex Neuman van der Hans wrote:

> Res wrote:
>> conclusion:
>> If you constantly process 5 concurrent emails, milter would be acceptable, 
>> if you have 300+ constant concurrent connections reaching 600 in peak 
>> periods, MailScanner is far superior (unless modern day scanning

> ... which is the norm on around 80% of the servers I set up, so I don't think 
> much about it. The 11Mb file problem you talk about is also offset by setting

> Users are hit over the head repeatedly with a clue by four (read 
> "encouraged") to use other means to send larger files, depending on their 
> needs.
>

It comes down to what your use is, if you are a private company it wouldn't
really matter above 5 if you dont deal in large documents, but, if you 
are a service providor, it pays to keep the customers happy and offer 10-20.

I'm no longer involved in an organisation that provides dialup, when I was, 
we used 5, then along came this little thing called broadband matched only 
by the requests for higher mail limits, with DSL a lawyer can shoot off a
15 MB file and its in the recipients inbox within minutes, not having to 
wait nearly 40 minutes to upload it, then the recipient taking 40 minutes 
(and cursing you) downloading it.

10 is more the norm in this country now days, some, including us, use 20 
as some government clients send large documents, I've spoken to a few 
in IRC from the U.S and none of them use under 20.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From cristi at elvsoft.com  Sat Jan 13 08:56:04 2007
From: cristi at elvsoft.com (Tomoiaga Cristian)
Date: Sat Jan 13 07:58:06 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <eo84av$b3u$1@sea.gmane.org>
References: <000e01c734fd$6d243c50$0300a8c0@250N> <eo3noe$8rk$1@sea.gmane.org>
	<eo84av$b3u$1@sea.gmane.org>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com>

Hello,

Some specs:
Intel P4 HT @ 2Ghz
2 GB Ram
CentOS 4.4

I have installed the latest MailScanner package from ConfigServ.
MailScabber almost works fine. The problem is that from time to time I see a
MailScanner process using 100% of CPU. Seems the process is checking with
SpamAssassin when this is happening.

Strace shows something like this:
pread64(18, "\0\0\0\0\1\0\0\0j\10\0\0\0\0\0\0\0\0\0\0\20\1\230\t\0\2"...,
4096, 8822784) = 4096
pread64(18, "\0\0\0\0\1\0\0\0k\10\0\0\0\0\0\0\0\0\0\0*\1\354\10\0\2"...,
4096, 8826880) = 4096
pread64(18, "\0\0\0\0\1\0\0\0l\10\0\0\0\0\0\0\0\0\0\0<\1\200\10\0\2"...,
4096, 8830976) = 4096
pread64(18, "\0\0\0\0\1\0\0\0m\10\0\0\0\0\0\0\0\0\0\0.\1\334\10\0\2"...,
4096, 8835072) = 4096
pread64(18, "\0\0\0\0\1\0\0\0n\10\0\0\0\0\0\0\0\0\0\0J\1$\10\0\2\372"...,
4096, 8839168) = 4096
pread64(18, "\0\0\0\0\1\0\0\0o\10\0\0\0\0\0\0\0\0\0\0004\1\250\10\0"...,
4096, 8843264) = 4096
pread64(18, "\0\0\0\0\1\0\0\0p\10\0\0\0\0\0\0\0\0\0\0L\1 \10\0\2\372"...,
4096, 8847360) = 4096

everything strace shows looks like that and it stops when the process
receives a SIGTERM

Does anyone know something about this ?
Thanks,
  

Regards,
Tomoiaga Cristian 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2619 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070113/5918c7e2/smime.bin
From jason.broome at freecom.net  Sat Jan 13 12:01:48 2007
From: jason.broome at freecom.net (Jason Broome)
Date: Sat Jan 13 11:03:47 2007
Subject: MailScanner Digest, Vol 13, Issue 19 [Scanned by Freecom.net]
Message-ID: <908941368@mail.freecom.net>

*****This is a automated response - Please do not reply - as no response will be given*****

Thank you for your e-mail. 

I am currently on annual leave until Monday 22nd January 2007.


If you have a support issue please resend the e-mail to support@freecom.net otherwise your e-mail will be dealt with upon my return.

Kind Regards,

Jason Broome
Operations
Freecom.net
08708 800100
From res at ausics.net  Sat Jan 13 13:06:58 2007
From: res at ausics.net (Res)
Date: Sat Jan 13 12:09:00 2007
Subject: MailScanner Digest, Vol 13, Issue 19 [Scanned by Freecom.net]
In-Reply-To: <908941368@mail.freecom.net>
References: <908941368@mail.freecom.net>
Message-ID: <Pine.LNX.4.64.0701132203200.3111@ebfjryy.nhfvpf.arg>

AAAAAAAARRRRRRRRRRRGGGGGGGGGGG

This list needs to follow jupiter medias policy

send OoO to list get unsubscribed


On Sat, 13 Jan 2007, Jason Broome wrote:

> *****This is a automated response - Please do not reply - as no response will be given*****

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From alex at nkpanama.com  Sat Jan 13 19:37:07 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Sat Jan 13 18:39:38 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N>
	<eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com>
Message-ID: <45A926D3.5000808@nkpanama.com>

Tomoiaga Cristian wrote:
> I have installed the latest MailScanner package from ConfigServ.
> MailScabber almost works fine. The problem is that from time to time I see a
> MailScanner process using 100% of CPU. Seems the process is checking with
> SpamAssassin when this is happening.

Are you using custom spamassassin rules?
From MailScanner at ecs.soton.ac.uk  Sat Jan 13 19:05:29 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jan 13 19:37:26 2007
Subject: blacklists domain hangs mailscanner
In-Reply-To: <1168508350.27040.79.camel@darkstar.netcore.co.in>
References: <1168508350.27040.79.camel@darkstar.netcore.co.in>
Message-ID: <45A91F69.303@ecs.soton.ac.uk>

This is the auto-detecting of IPv4 versus IPv6 addresses going wrong.
It is seeing 4-c.de and thinks it is an IPv6 address range, as all the 
letters are within a-f. If you change it to
    *@4-c.de
then it should be a lot happier.

This is only the 2nd time I have ever seen this happen. Domain names 
only containing 0-9 and a-f (or A-F) are very rare, and the workaround 
is very simple, so I don't want to change the code.

Ramprasad wrote:
> Hi
>
>  I am using MS 4.50 on Centos
> to implement blacklists I use in Mailscanner.conf 
>
>
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
>
>
> The file contains
>
> ---------------
> From: 4-c.de and To: netcore.co.in yes
> FromOrTo: default no
> --------------------
>
> If I restart Mailscanner , mailscanner processes go defunct. 
> In debug mode 
>
> I can see  Mailscanner dies with message like 
>  MailScanner:       In Debugging mode, not forking...
>  at /usr/lib/MailScanner/MailScanner/Config.pm line 1890
>
>
> Strange thing , 4-c.de doesnt work. But 4-c.com works fine
>
>
>
>
> Thanks
> Ram
>
>
>
>
>
>
>
>   

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Sat Jan 13 19:58:42 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jan 13 19:37:31 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <45A7437E.1020005@netmagicsolutions.com>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>
	<45A7437E.1020005@netmagicsolutions.com>
Message-ID: <45A92BE2.9000606@ecs.soton.ac.uk>



Dhawal Doshy wrote:
> den gon wrote:
>> Hi To all,
>>
>> I would like to ask what is the best way to use the clamav. Is it on 
>> MTA level using
>> clamav-milter and disabling it to MailScanner as a redundancy or Is 
>> it on the MailScanner
>> disabling the clamav-milter on MTA and enabling it on 
>> MailScanner.conf  "Virus Scanning =  yes"
>> as "Virus Scanners = clamavmodule"
>
> Ideally:
>
> First create a policy for your organization for a list of extensions 
> that you would never accept (and would like to reject). Use your MTA 
> to reject them rightaway. Examples .scr, .cpl
>
> Second, if your MTA supports it, reject patterns that are known to 
> contain viruses (body_checks OR mime_header_checks in postfix for 
> example)
>
> Next, run something like a clamav-milter and reject as many viruses as 
> possible without causing false positives and/or delay in incoming 
> mail. You wouldn't want the sending MTA to timeout due to 
> clamav-milter taking a lot of time.
>
> Finally run clamavmodule OR clamscan at the mailscanner level to get 
> rid of any archives that couldn't be unpacked at the clamav-milter 
> level (say rar, lha, arj etc..)
>
> - dhawal
One of the advantages of doing this at the MailScanner level is the 
control over the message(s) sent out as a result of an infected message 
received. You will probably want to just bin all viruses quietly, 
whereas if you run it at the MTA level it will probably bounce it back 
to the poor innocent soul whose address was faked as the "sender" 
address of the message.

Also, you might want to notify the recipient of the message, at which 
point instead of receiving an unintelligible sendmail error report, they 
get a nice friendly report which you write to explain to them what has 
happened.

This applies to most of the things that MailScanner can do which can 
also be done at the MTA level, the quality and content of the reporting. 
Mere mortals don't understand MTA error messages at all, remember that 
your users will call their support staff whenever they get a report they 
don't understand. Understandable reports ==> less support calls.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Sat Jan 13 20:06:44 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jan 13 19:37:55 2007
Subject: *** MULIG SPAM*** Re: Distributed setup with
	realtime	failover/balancing
In-Reply-To: <005901c73637$d4cfd540$7264a8c0@acer57dbddb911>
References: <005901c73637$d4cfd540$7264a8c0@acer57dbddb911>
Message-ID: <45A92DC4.4090409@ecs.soton.ac.uk>

jonas@vrt.dk wrote:
> Hello
>
>   
>>>> Hmm well it might be overkill, but definitely not for the above
>>>> reason. Your
>>>> describing the normal basic smtp loadbalancing/failover that mx records
>>>> provides, which is fine. The problem is in a mailscanner/mailwatch
>>>>         
>> setup
>>     
>>>> there are more components than simply the smtp incbound traffic. After
>>>>         
>> a
>>     
>>>> remote server have send a mail to either of the mx records, the mail is
>>>> stored temporary on one of the boxes, if that box goes down, that mail
>>>> and
>>>> any mail quarantined on the box is unavailable to users. Which is not
>>>> acceptable.
>>>>         
>> How is an LVS solution going to solve that?  However you implement it
>> the connection will be load balanced across the MailScanner boxes and
>> they will spool to disk.  Once the connection is closed the LVS is no
>> longer involved.
>>
>> If this is a requirement then you will have to move to something that
>> analyses the email as it is being spooled to disk (e.g. a milter). Also
>> how are you going to track whether a message has been delivered or not?
>>
>>     
> I am sorry, I have not been very clear. The main reason for me to desire a
> distributed setup, is to have the quarantine directory always be available.
> That's where DRBD comes in. ultramonkey/lvs/heartbeat is just to spread out
> the load on apache and mysql. And also to facilitate failover.
>
> Mails that are in actual transit (meaning in the in or outgoing queues) are
> more acceptable to loose, than users not being able to release mails from
> the quarantine. At least they are for me.
>
> I hope that explains it a little bit better.
>
> Best regards
>
> Jonas Larsen
>
>   
Do remember that multiple MX records with the same priority number will 
provide you with load-balancing between multiple MX hosts for free. You 
need to have a third system running MailWatch (I think) but the mail 
load balancing doesn't require any special hardware or software at all.

Do it the cheap way :-)

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From alex at nkpanama.com  Sat Jan 13 22:45:27 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Sat Jan 13 21:48:12 2007
Subject: Best way to use clamav (MTA or MailScanner)
In-Reply-To: <45A92BE2.9000606@ecs.soton.ac.uk>
References: <b6f16c860701111721heba3902w418f2b2daacc924b@mail.gmail.com>	<45A7437E.1020005@netmagicsolutions.com>
	<45A92BE2.9000606@ecs.soton.ac.uk>
Message-ID: <45A952F7.9080906@nkpanama.com>

Julian Field wrote:
> One of the advantages of doing this at the MailScanner level is the 
> control over the message(s) sent out as a result of an infected message 
> received. You will probably want to just bin all viruses quietly, 
> whereas if you run it at the MTA level it will probably bounce it back 
> to the poor innocent soul whose address was faked as the "sender" 
> address of the message.

If you run it at the MTA level it drops the connection *before* 
accepting the message. Any bounces would come from misconfigured 
M-Sexchange servers that send out bogus NDR's.

> 
> Also, you might want to notify the recipient of the message, at which 
> point instead of receiving an unintelligible sendmail error report, they 
> get a nice friendly report which you write to explain to them what has 
> happened.

I don't think it would be practical to let them know "someone you know 
but whose address we can't know because viruses fake the sender address 
sent you a message with a virus and nothing else on it" - which is IMHO 
99% of the cases.
> 
> This applies to most of the things that MailScanner can do which can 
> also be done at the MTA level, the quality and content of the reporting. 
> Mere mortals don't understand MTA error messages at all, remember that 
> your users will call their support staff whenever they get a report they 
> don't understand. Understandable reports ==> less support calls.
> 

It's been my experience that most users *will not* read the reports, 
regardless of how clearly written they are. The carrot-vs-stick approach 
  usually works like this:

1. They call and say "my e-mail don't work"
2. You ask them to read the error message
3. They say they can't (won't) remember (write down) the message.
4. You tell them to call you back with the error message in order to 
resolve the issue. If they give you trouble you tell them you will 
definitely not take their call if they refuse to allow you to help them 
by telling you what the error messages (if any) are.

BTW, we *are* talking about virus scanning/bouncing, not "bad 
attachment" bouncing. *That* can be quite useful in a controlled 
environment.


> Jules
> 
From butler at globeserver.com  Sun Jan 14 02:12:58 2007
From: butler at globeserver.com (Philip Butler)
Date: Sun Jan 14 01:15:04 2007
Subject: Disabling razor....
Message-ID: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>

Hi all,

I was playing around to try to disable Razor and noticed that it  
wouldn't disable.  As it turns out, I didn't find the line:

	SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf

in my mailscanner.conf file.  When I looked at the stock 4.57.6  
MailScanner.conf file, it wasn't there either.  It was in the  
mailscanner.conf.with.mcp file, but I haven't started using MCP yet.   
Anyway, I have put the line in.

Should it be in this file ??  Or is it handled/defaulted some other  
way ??  What is the default path to the spam assassin conf file ??   
After doing all of this, I see that Razor is still active.  I have  
the line "use_razor2	0" in my spam.assassin.prefs.conf.

I know this may be / probably is a spamassassin only issue - please  
forgive me if this post shouldn't be made here.

I was wanting to turn on/off various aspects of mailscanner to see if  
I could get a feel as to what works best, etc.

Thanks,

Phil

From cristi at elvsoft.com  Sun Jan 14 09:53:36 2007
From: cristi at elvsoft.com (Tomoiaga Cristian)
Date: Sun Jan 14 08:55:48 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <45A926D3.5000808@nkpanama.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N><eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com>
	<45A926D3.5000808@nkpanama.com>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com>

Hy,
Yes, I use botnet rules, and a rule I made to match 
the symbol, target a.s.o. spam.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman
van der Hans
Sent: Saturday, January 13, 2007 8:37 PM
To: MailScanner discussion
Subject: Re: 100% CPU utilisation from time to time

Tomoiaga Cristian wrote:
> I have installed the latest MailScanner package from ConfigServ.
> MailScabber almost works fine. The problem is that from time to time I see
a
> MailScanner process using 100% of CPU. Seems the process is checking with
> SpamAssassin when this is happening.

Are you using custom spamassassin rules?
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2619 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070114/a0c37403/smime.bin
From glenn.steen at gmail.com  Sun Jan 14 15:11:19 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sun Jan 14 14:13:22 2007
Subject: Disabling razor....
In-Reply-To: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>
References: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>
Message-ID: <223f97700701140611r722e247ua01d34236376b162@mail.gmail.com>

On 14/01/07, Philip Butler <butler@globeserver.com> wrote:
> Hi all,
>
> I was playing around to try to disable Razor and noticed that it
> wouldn't disable.  As it turns out, I didn't find the line:
>
>         SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
>
> in my mailscanner.conf file.  When I looked at the stock 4.57.6
> MailScanner.conf file, it wasn't there either.  It was in the
> mailscanner.conf.with.mcp file, but I haven't started using MCP yet.
> Anyway, I have put the line in.
>
> Should it be in this file ??  Or is it handled/defaulted some other
> way ??  What is the default path to the spam assassin conf file ??
> After doing all of this, I see that Razor is still active.  I have
> the line "use_razor2    0" in my spam.assassin.prefs.conf.
>
> I know this may be / probably is a spamassassin only issue - please
> forgive me if this post shouldn't be made here.
>
> I was wanting to turn on/off various aspects of mailscanner to see if
> I could get a feel as to what works best, etc.
>
> Thanks,
>
> Phil


Since a while back MailScanner (and Jules Clam+SA package) relies on
there being a symbolic link /etc/mail/spamassassin/mailscanner.cf
pointing to your spam.assassin.prefs.conf file. This is so that all
calls to spamassassin will have the same config, as well as being sure
that we don't try to set non-user preferenses in a user preference
file (which we did before).
This means that the settings in spam.assassin.prefs.conf get the same
"treatment" as local.cf settings, and that they (by m eing after l;)
override local.cf.

The way to diable a plugin in modern SA is to not load it:-). So look
through your /etc/mail/spamassassin/*.pre files and comment out the
appropriate LoadPlugin lines. Also make sure to comment out (one could
make this a conditional, of course, which would probably be better in
the long run:) any settings for razor in the mailscanner.cf, or else
it'll generate additional errors.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From jason.broome at freecom.net  Mon Jan 15 13:58:46 2007
From: jason.broome at freecom.net (Jason Broome)
Date: Mon Jan 15 13:00:58 2007
Subject: MailScanner Digest, Vol 13, Issue 19 [Scanned by Freecom.net]
In-Reply-To: <Pine.LNX.4.64.0701132203200.3111@ebfjryy.nhfvpf.arg>
References: <908941368@mail.freecom.net>
	<Pine.LNX.4.64.0701132203200.3111@ebfjryy.nhfvpf.arg>
Message-ID: <009201c738a4$e4b57e00$2c01a8c0@freecom.local>

Calm down I'm only away for a week :p 

-----Original Message-----
From: Res [mailto:res@ausics.net] 
Sent: 13 January 2007 12:07
To: MailScanner discussion
Subject: Re: MailScanner Digest, Vol 13, Issue 19 [Scanned by Freecom.net]

AAAAAAAARRRRRRRRRRRGGGGGGGGGGG

This list needs to follow jupiter medias policy

send OoO to list get unsubscribed


On Sat, 13 Jan 2007, Jason Broome wrote:

> *****This is a automated response - Please do not reply - as no 
> response will be given*****

--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters





From glenn.steen at gmail.com  Mon Jan 15 14:06:48 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 15 13:08:54 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <45A6494B.9010503@netmagicsolutions.com>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<45743355.2040006@sendit.nodak.edu>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
Message-ID: <223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>

On 11/01/07, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> Glenn Steen wrote:
> > On 10/01/07, Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:
> >> On Wed, 6 Dec 2006 09:14:15 +0100 Glenn Steen <glenn.steen@gmail.com>
> >> wrote:
> >>
> >> > I typed a longish reply to this one yesterday, which gmail then
> >> > promptly swallowed:-).
> >> > Oh well.
> >> >
> >> > The gist of it was "If I get time, I'll look at the code"... and
> >> > "interresting that postcat demangles it correctly (so that the postcat
> >> > of each queue file is ... well, as close to identical as possible)
> >> > ...".
> >>
> >> Could you please tell me where to look in the code? As now I have a real
> >> problem - if the last header is "Content-Transfer-Encoding: base64" it
> >> becomes
> >> Content-Transfer-Encoding: base64
> >>          190324
> >> and so is interpreted as Content-Transfer-Encoding: base64190324, thus
> >> rendering message unparseable...
> >>
> >> Regards,
> >> Nerijus
> > I've chatted a bit with Jules off-list, to bring him up to speed...
> > Lets see what he can do for us, shall we?
> >
> > You should start by familiarizing yourself with the Postfix.pm and
> > PFDiskStore.pm modules in /usr/lib/MailScanner/MailScanner/, if you
> > use the rom install at least (this directory is actually where all the
> > innards of MailScanner is at, so ... reading a bit here and there
> > should give you a few ideas of how it really is come together:-).
>
> Just to give you guys a headstart, there are some newer records that MS
> needs to address.
>
> Quoting Weitse >>
>
> If Mailscanner can speak the Milter protocol, great. Header
> modifications are already supported in Postfix 2.3. Body modifications
> with some luck in Postfix 2.4.
>
> Direct queue file modification no longer works with Mailscanner versions
> that don't recognize the new PTR records that Postfix needs for in-place
> editing.
>
> End Quote <<
>
> - dhawal

Well, after reading some code I at least know what is going on, and
why it doesn't work:-).

Wietse seems to have wanted a way to ... noninvasively... insert
additional data into the Postfix queue file without having to rewrite
the whole thing (as we more or less do in MailScanner), so that
milters could just "tag on" new recipients and headers.

To that effect he made it so that there might be two (or more? I'm not
really clear on this yet, but iut seems there will only be one p
record for additional recipients, but perhaps one per added header)
records of type "p" (for pointer) that has a "value part" of 0 by
default, meaning no "extra info" is to be inserted at that point. If
there is a non-zero value, this is an absolute offset to fseek to for
the actual inserted part, followed by another p record with an
absolute offset to jump back up into the file to the original "jumpoff
point" (after the original p record). The added records are tagged on
after the end record (and a null character denoting end of file?). As
one can guess, much of Wietses patches regarding milter support seem
to focus on detecting and handling missbehaving subsystems that create
p record message loops (wrong "jump-back offsets" leading to endless
loops ("here we GOTO again!":-)).

Currently this only seem to affect milters, and only milters that
would add recipients and/or message headers. Perhaps this will also be
used to ... modify... the body later on, when that type of milter
action is to be supported as well.

This p record thing doesn't sit that well wil how MailScanner
currently (I've been looking at 4.57.6, but will take a look at 4.58.4
too... I don't suppose there are any changes worth mentioning
though:-) decipher a postfix queue file since we both copy any
"unknown" records as is (p records are ... unknown .... to us:), add
in our own headers/recipients/whatnot as needed (making the absolute
offsets plain wrong), as well as (in all likelihood) not copying the
data "after the end record" to the right place (if at all).
Ergo Nerijus problem.

Now, I see at least three somewhat different solutions:
1) Simply enhance the ReadQf function so that it understands and
handles p records (meaning we will copy over the actual data added by
milters, not the p records themselves).
2) recalculate the offsets and make sure the precords ar correct, as
well as the "after end" data being where it is supposed to be.
3) Rewrite MailScanner to use the same p record method of adding
recipients and headers, which of course implies, in a way, that we
would reimplement the Postfix.pm file from scratch... more or less.

I'm hugely in favour of doing number 1), since this will be
a) simplest to implement
b) least amount of code touched
c) probably safest... We'll have to look at doing pretty much the same
sanity checks that Wietse does, but that shouldn't be a huge problem.
d) in keeping with the MailScanner philosophy:-). When we start
decomposing the PF queue files, they stop being queue files. When we
reassemble the queue file, it is a completely new queue file, with a
ne ID ... Why should we preserve a "bandaid like" thing that we don't
need;-).

If I get a little teensy bit of time, I'll make a stab at some code
for handling p records as suggested in #1.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From gordon at itnt.co.za  Mon Jan 15 14:32:09 2007
From: gordon at itnt.co.za (Gordon Colyn)
Date: Mon Jan 15 13:34:35 2007
Subject: Sendmail hijacking Mailscanner
Message-ID: <041a01c738a9$91e57130$0a02a8c0@Gordon>

ITNT Banner CampaignHi all,

I have a problem where somehow sendmail gets started on my Linux server 
running MailScanner and therefore spam mail gets through as it by-passes the 
mailscanner process.  I have crawled through all the logs and have no idea 
what starts the sendmail process and it is also completely random...very 
frustrating.  Does anyone know of a script or a way that I can test to see 
if sendmail is running then stop the process automatically?

I am running Mandriva 2006, with sendmail 8.13.4.

thanks

Gordon Colyn
InTheNet Technologies
www.itnt.co.za
MSN: gordoncolyn@hotmail.com
SKYPE: gordoncolyn
086 123 ITNT (4868)
086 682 5204 (Fax)
+27 (0)83 296 7534
Confidentiality: This e-mail including any attachments is intended for the 
above named addressee(s) only and contains confidential information. If you 
have received this email in error you must take no action based on its 
contents, nor must you reproduce or show the e-mail or any attachments or 
any part thereof or communicate the contents to anyone; please reply to the 
sender of this e-mail informing them of the error.
Viruses: We recommend that in keeping with good computing practice the 
recipient should ensure that e-mails received are virus free before opening. 

From res at ausics.net  Mon Jan 15 14:43:33 2007
From: res at ausics.net (Res)
Date: Mon Jan 15 13:45:42 2007
Subject: MailScanner Digest, Vol 13, Issue 19 [Scanned by Freecom.net]
In-Reply-To: <009201c738a4$e4b57e00$2c01a8c0@freecom.local>
References: <908941368@mail.freecom.net>
	<Pine.LNX.4.64.0701132203200.3111@ebfjryy.nhfvpf.arg>
	<009201c738a4$e4b57e00$2c01a8c0@freecom.local>
Message-ID: <Pine.LNX.4.64.0701152342490.16044@ebfjryy.nhfvpf.arg>


Jase, these god damned things should never go to mailing lists, kick your 
mail server :P


On Mon, 15 Jan 2007, Jason Broome wrote:


> Calm down I'm only away for a week :p
>
> -----Original Message-----
> From: Res [mailto:res@ausics.net]
> Sent: 13 January 2007 12:07
> To: MailScanner discussion
> Subject: Re: MailScanner Digest, Vol 13, Issue 19 [Scanned by Freecom.net]
>
> AAAAAAAARRRRRRRRRRRGGGGGGGGGGG
>
> This list needs to follow jupiter medias policy
>
> send OoO to list get unsubscribed
>
>
> On Sat, 13 Jan 2007, Jason Broome wrote:
>
>> *****This is a automated response - Please do not reply - as no
>> response will be given*****
>
> --
> Cheers
> Res
>
> "So, you think you can tell Heaven from Hell?" - Roger Waters
>
>
>
>
>
>

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From mkettler at evi-inc.com  Mon Jan 15 14:49:43 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Mon Jan 15 13:52:00 2007
Subject: Sendmail hijacking Mailscanner
In-Reply-To: <041a01c738a9$91e57130$0a02a8c0@Gordon>
References: <041a01c738a9$91e57130$0a02a8c0@Gordon>
Message-ID: <45AB8677.6080901@evi-inc.com>

Gordon Colyn wrote:
> ITNT Banner CampaignHi all,
> 
> I have a problem where somehow sendmail gets started on my Linux server 
> running MailScanner and therefore spam mail gets through as it by-passes the 
> mailscanner process.  I have crawled through all the logs and have no idea 
> what starts the sendmail process and it is also completely random...very 
> frustrating.  Does anyone know of a script or a way that I can test to see 
> if sendmail is running then stop the process automatically?
> 
> I am running Mandriva 2006, with sendmail 8.13.4.

Well, actually, you NEED sendmail running with MailScanner.. Assuming you're
using it as your MTA for MailScanner. In fact, you need two Sendmails running.
However, the ones that should be running should be a queue-only and queue-runner.

Realistically, you could write a script to find and kill sendmail, but you'd
also have to make it not kill the ones that MS needs, which might be a bit tricky.

That said, have you made sure the normal "sendmail" startup script is disabled
in your runlevel? Mandriva might have a tool that runs around and checks the
status of all your daemons and restarts them.

ls /etc/rc3.d/ |grep sendmail
ls /etc/rc5.d/ |grep sendmail

Both should return files starting with K instead of S.


From Peter.Bates at lshtm.ac.uk  Mon Jan 15 16:19:17 2007
From: Peter.Bates at lshtm.ac.uk (Peter Bates)
Date: Mon Jan 15 15:22:05 2007
Subject: Reporting Phishing sites
Message-ID: <45AB9B7A.9729.0076.0@lshtm.ac.uk>


Hello all...

This isn't solely a technical question
but I thought I'd ask it on multiple lists to see what people think.

I'm running MailScanner, with Postfix as the MTA
and a couple of AV scanners and SpamAssassin.

I've been happy with the results from the Sanesecurity
additional definitions for ClamAV in detecting phishing and 'scam' sites,
above and beyond the MS phishing filter.

The emails end up quarantined as Postfix queue files,
so I do at least have the option of sending them on their way.

However, what I'd like to do is send on these phishing emails
to somewhere that might actually do something about the sites in question.

There are sites like 'www.millersmiles.co.uk' or 'www.antiphishing.org' 
which I could potentially forward the messages to.

I'd just be interested to know

- does anyone report phishing sites this way (in the 'war against spam' it seems an easier target)

- how would they direct the Postfix queue files to the reporting destination

Thanks.


-- 

--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 

From glenn.steen at gmail.com  Mon Jan 15 16:32:35 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 15 15:34:42 2007
Subject: Sendmail hijacking Mailscanner
In-Reply-To: <45AB8677.6080901@evi-inc.com>
References: <041a01c738a9$91e57130$0a02a8c0@Gordon>
	<45AB8677.6080901@evi-inc.com>
Message-ID: <223f97700701150732tf0ca3ffva41135f2c6adea29@mail.gmail.com>

On 15/01/07, Matt Kettler <mkettler@evi-inc.com> wrote:
> Gordon Colyn wrote:
> > ITNT Banner CampaignHi all,
> >
> > I have a problem where somehow sendmail gets started on my Linux server
> > running MailScanner and therefore spam mail gets through as it by-passes the
> > mailscanner process.  I have crawled through all the logs and have no idea
> > what starts the sendmail process and it is also completely random...very
> > frustrating.  Does anyone know of a script or a way that I can test to see
> > if sendmail is running then stop the process automatically?
> >
> > I am running Mandriva 2006, with sendmail 8.13.4.
>
> Well, actually, you NEED sendmail running with MailScanner.. Assuming you're
> using it as your MTA for MailScanner. In fact, you need two Sendmails running.
> However, the ones that should be running should be a queue-only and queue-runner.
>
> Realistically, you could write a script to find and kill sendmail, but you'd
> also have to make it not kill the ones that MS needs, which might be a bit tricky.
>
> That said, have you made sure the normal "sendmail" startup script is disabled
> in your runlevel? Mandriva might have a tool that runs around and checks the
> status of all your daemons and restarts them.
>
> ls /etc/rc3.d/ |grep sendmail
> ls /etc/rc5.d/ |grep sendmail
>
> Both should return files starting with K instead of S.
>
>
Basically the same/similar toolset that any RH-like system would have...
chkconfig --list sendmail
chkconfig sendmail off
service sendmail stop
... etc.

The only "service" that should be starting sendmail should be
MailScanner ('tis so on my Mdv -06 boxes).
I suppose they could've done something incredibly stupid in the msec
package ("security level checker/rectifyer"... As with any such, a
real PITA:-), but I doubt it. Would only be a factor if Gordon is
running at an "elevated" security level.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From andy at tireswing.net  Mon Jan 15 17:08:00 2007
From: andy at tireswing.net (Andy Norris)
Date: Mon Jan 15 16:10:51 2007
Subject: Sendmail hijacking Mailscanner
In-Reply-To: <223f97700701150732tf0ca3ffva41135f2c6adea29@mail.gmail.com
 >
References: <041a01c738a9$91e57130$0a02a8c0@Gordon>
	<45AB8677.6080901@evi-inc.com>
	<223f97700701150732tf0ca3ffva41135f2c6adea29@mail.gmail.com>
Message-ID: <200701151608.l0FG89rS030278@tireweb.arsalon.net>


We have the same problem. Only we're running Ensim. We've 
back-burnered this for too long, and we need to find out what's 
starting all these rogue instances of sendmail, so I will be watching 
this thread.


At 09:32 AM 2007-01-15, you wrote:
>On 15/01/07, Matt Kettler <mkettler@evi-inc.com> wrote:
>>Gordon Colyn wrote:
>> > ITNT Banner CampaignHi all,
>> >
>> > I have a problem where somehow sendmail gets started on my Linux server
>> > running MailScanner and therefore spam mail gets through as it 
>> by-passes the
>> > mailscanner process.  I have crawled through all the logs and have no idea
>> > what starts the sendmail process and it is also completely random...very
>> > frustrating.  Does anyone know of a script or a way that I can test to see
>> > if sendmail is running then stop the process automatically?
>> >
>> > I am running Mandriva 2006, with sendmail 8.13.4.
>>
>>Well, actually, you NEED sendmail running with MailScanner.. Assuming you're
>>using it as your MTA for MailScanner. In fact, you need two 
>>Sendmails running.
>>However, the ones that should be running should be a queue-only and 
>>queue-runner.
>>
>>Realistically, you could write a script to find and kill sendmail, but you'd
>>also have to make it not kill the ones that MS needs, which might 
>>be a bit tricky.
>>
>>That said, have you made sure the normal "sendmail" startup script 
>>is disabled
>>in your runlevel? Mandriva might have a tool that runs around and checks the
>>status of all your daemons and restarts them.
>>
>>ls /etc/rc3.d/ |grep sendmail
>>ls /etc/rc5.d/ |grep sendmail
>>
>>Both should return files starting with K instead of S.
>>
>Basically the same/similar toolset that any RH-like system would have...
>chkconfig --list sendmail
>chkconfig sendmail off
>service sendmail stop
>... etc.
>
>The only "service" that should be starting sendmail should be
>MailScanner ('tis so on my Mdv -06 boxes).
>I suppose they could've done something incredibly stupid in the msec
>package ("security level checker/rectifyer"... As with any such, a
>real PITA:-), but I doubt it. Would only be a factor if Gordon is
>running at an "elevated" security level.
>
>Cheers
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>--
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!

From glenn.steen at gmail.com  Mon Jan 15 17:44:13 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 15 16:46:20 2007
Subject: Sendmail hijacking Mailscanner
In-Reply-To: <200701151608.l0FG89rS030278@tireweb.arsalon.net>
References: <041a01c738a9$91e57130$0a02a8c0@Gordon>
	<45AB8677.6080901@evi-inc.com>
	<223f97700701150732tf0ca3ffva41135f2c6adea29@mail.gmail.com>
	<200701151608.l0FG89rS030278@tireweb.arsalon.net>
Message-ID: <223f97700701150844t7a71ccdj7a5102a148dc907d@mail.gmail.com>

On 15/01/07, Andy Norris <andy@tireswing.net> wrote:
>
> We have the same problem. Only we're running Ensim. We've
> back-burnered this for too long, and we need to find out what's
> starting all these rogue instances of sendmail, so I will be watching
> this thread.
>
(snip)
Ok, it's "faint recollection time" then:-).
I recall looking very briefly at this a while back. Problem with
control panels like ensim is that they want a certain "feel" to the
startup scripts, and (IIRC) wants to start up sendmail in a
"controlized" startup script, and MailScanner in another (or was it
the same? Not the stock one though, from Jules packages, IIRC that
is:-).
So ... things just might be "set to go wrong":-):-). If there isn't a
sizable pause for sendmail to close all children, what happens then?
If the "every 4 hours check_MailScanner" script runs and don't find
the lockfile it expects, what happens then?
If you replace the script as supplied by ensim (for sendmail) with the
MailScanner stock one... Does that do all that ensim wants it to?

I really don't know, I'm just asking the questions you should be
looking for answers to... From my very faint recollections of previous
threads and a very cursory look at some of the panels out there (Yeah,
I suffer from plain ol' RALM (L for Lossy;-)).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From michele at blacknight.ie  Mon Jan 15 18:03:12 2007
From: michele at blacknight.ie (Michele Neylon :: Blacknight)
Date: Mon Jan 15 17:03:29 2007
Subject: Reporting Phishing sites
In-Reply-To: <45AB9B7A.9729.0076.0@lshtm.ac.uk>
Message-ID: <072801c738c7$0a764940$e3f31151@blacknight.local>

I report any phishing emails I get to the phished ie. Paypal, AIB, etc., IF
they provide an accessible way for me to do so




Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.ie/
http://blog.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

From glenn.steen at gmail.com  Mon Jan 15 18:27:56 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 15 17:30:05 2007
Subject: Reporting Phishing sites
In-Reply-To: <45AB9B7A.9729.0076.0@lshtm.ac.uk>
References: <45AB9B7A.9729.0076.0@lshtm.ac.uk>
Message-ID: <223f97700701150927i11d330fcs517ab945fbd528c6@mail.gmail.com>

On 15/01/07, Peter Bates <Peter.Bates@lshtm.ac.uk> wrote:
>
> Hello all...
>
> This isn't solely a technical question
> but I thought I'd ask it on multiple lists to see what people think.
>
> I'm running MailScanner, with Postfix as the MTA
> and a couple of AV scanners and SpamAssassin.
>
> I've been happy with the results from the Sanesecurity
> additional definitions for ClamAV in detecting phishing and 'scam' sites,
> above and beyond the MS phishing filter.
>
> The emails end up quarantined as Postfix queue files,
> so I do at least have the option of sending them on their way.

Why should you report them if the Sanesecurity people are on it
already? Might be me not seeing something obvious here:-).

> However, what I'd like to do is send on these phishing emails
> to somewhere that might actually do something about the sites in question.
>
> There are sites like 'www.millersmiles.co.uk' or 'www.antiphishing.org'
> which I could potentially forward the messages to.
>
> I'd just be interested to know
>
> - does anyone report phishing sites this way (in the 'war against spam' it seems an easier target)

Rarely, and only such that I "detect" by manual means (meaning it got
past the usual anti-phish checks, or got detected by
MailScanner/reported by a user). Most phishes don't fall into this
category though:-).

> - how would they direct the Postfix queue files to the reporting destination
Short answer: Probably not at all, or (if you send it over to them as
an attachment) with a lot of swearing:-).
You could of course extract the message (and envelope info) via postcat.

Why don't you avoid the whole queue file issue and store them as
RFC822 message files instead? If you happen to combine that with
MailWatch, you don't lose the envelope information... And can still
release it from quarantine in a very simple manner.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ahodges at phenom-networks.com  Mon Jan 15 18:53:00 2007
From: ahodges at phenom-networks.com (Andrew Hodges)
Date: Mon Jan 15 17:55:04 2007
Subject: Sendmail hijacking Mailscanner
In-Reply-To: <223f97700701150844t7a71ccdj7a5102a148dc907d@mail.gmail.com>
References: <041a01c738a9$91e57130$0a02a8c0@Gordon><45AB8677.6080901@evi-inc.com><223f97700701150732tf0ca3ffva41135f2c6adea29@mail.gmail.com><200701151608.l0FG89rS030278@tireweb.arsalon.net>
	<223f97700701150844t7a71ccdj7a5102a148dc907d@mail.gmail.com>
Message-ID: <3C7811E23EFFC14C8B76E79FEA50EC83DC3F@hodges01.hodges.local>

 

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Glenn Steen
> Sent: 15 January 2007 16:44
> To: MailScanner discussion
> Subject: Re: Sendmail hijacking Mailscanner
> 
> On 15/01/07, Andy Norris <andy@tireswing.net> wrote:
> >
> > We have the same problem. Only we're running Ensim. We've 
> > back-burnered this for too long, and we need to find out what's 
> > starting all these rogue instances of sendmail, so I will 
> be watching 
> > this thread.
> >
> (snip)
> Ok, it's "faint recollection time" then:-).
> I recall looking very briefly at this a while back. Problem 
> with control panels like ensim is that they want a certain 
> "feel" to the startup scripts, and (IIRC) wants to start up 
> sendmail in a "controlized" startup script, and MailScanner 
> in another (or was it the same? Not the stock one though, 
> from Jules packages, IIRC that is:-).
> So ... things just might be "set to go wrong":-):-). If there 
> isn't a sizable pause for sendmail to close all children, 
> what happens then?
> If the "every 4 hours check_MailScanner" script runs and 
> don't find the lockfile it expects, what happens then?
> If you replace the script as supplied by ensim (for sendmail) 
> with the MailScanner stock one... Does that do all that ensim 
> wants it to?
> 
> I really don't know, I'm just asking the questions you should 
> be looking for answers to... From my very faint recollections 
> of previous threads and a very cursory look at some of the 
> panels out there (Yeah, I suffer from plain ol' RALM (L for Lossy;-)).
> 

Hi,

I had a very similar problem to this under BlueQuartz.

Found that the easiest solution was as follows....

cd /etc/rc.d/init.d
mv sendmail sendmail.old
chmod a-x sendmail.old
ln -s MailScanner sendmail

Might not be the best solution, but in my case it keeps the system
happy.

Hope it helps
Andy Hodges





> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
> --
> This message has been scanned for viruses and dangerous 
> content by MailScanner, and is believed to be clean.
> 
> 
From victor at pixelmagicfx.com  Mon Jan 15 19:30:33 2007
From: victor at pixelmagicfx.com (Victor DiMichina)
Date: Mon Jan 15 18:32:48 2007
Subject: IP range getting blocked
Message-ID: <45ABC849.9020906@pixelmagicfx.com>


I have a question on certain providers blocking an entire range of IP 
addresses.    We're a small company,  and have our own mail server 
locked down pretty well.   However,  from ONE local ISP,   our mail is 
getting rejected because we fall under a Class B subnet that they choose 
to block.  

We are on 69.17.96.163,   and don't show up in any blacklists that I 
have seen.     However,  this local free provider is blocking 
69.17.96.###.   Is it just me,  or is that a very "90's"  approach to 
spam control?      With the RBLs as they are today,  as well as tools 
like Mailscanner,  Spam Assassin,  DCC,  etc,  doesn't it seem a bit 
harsh to block entire IP ranges?   Wouldn't the end customer be the only 
one to suffer as he/she is not getting legitimate e-mail?

Thanks
Vic


From chris at clh.org.uk  Mon Jan 15 19:30:59 2007
From: chris at clh.org.uk (Chris Hardy)
Date: Mon Jan 15 18:33:22 2007
Subject: Sendmail hijacking Mailscanner
In-Reply-To: <041a01c738a9$91e57130$0a02a8c0@Gordon>
References: <041a01c738a9$91e57130$0a02a8c0@Gordon>
Message-ID: <45ABC863.9030707@clh.org.uk>

Gordon Colyn wrote:
> ITNT Banner CampaignHi all,
>
> I have a problem where somehow sendmail gets started on my Linux server 
> running MailScanner and therefore spam mail gets through as it by-passes the 
> mailscanner process.  I have crawled through all the logs and have no idea 
> what starts the sendmail process and it is also completely random...very 
> frustrating.  Does anyone know of a script or a way that I can test to see 
> if sendmail is running then stop the process automatically?
>
> I am running Mandriva 2006, with sendmail 8.13.4.
>
> thanks
>
> Gordon Colyn
>   
Hi Gordon,

I had the same problem - and it came down to a logrotate issue - one of 
them wanted to stop and start sendmail within it..
I removed the sendmail line from the script, and hey-presto, no more 
sendmail taking over :)

If i remember the file, i'll let you know, but check the files in the 
/etc/logrotate.d directory - one of them has it in there

HTH

chris

-- 
This message has been scanned for viruses and
dangerous content by www.clh.org.uk, and is
believed to be clean.

From victor at pixelmagicfx.com  Mon Jan 15 19:42:45 2007
From: victor at pixelmagicfx.com (Victor DiMichina)
Date: Mon Jan 15 18:45:02 2007
Subject: IP range getting blocked
In-Reply-To: <45ABC849.9020906@pixelmagicfx.com>
References: <45ABC849.9020906@pixelmagicfx.com>
Message-ID: <45ABCB25.6080006@pixelmagicfx.com>


Victor DiMichina wrote:

>
>    However,  from ONE local ISP,   our mail is getting rejected 
> because we fall under a Class B subnet that they choose to block. 

Sorry,  I meant class "C" subnet.   It's Monday...  :(

From mkettler at evi-inc.com  Mon Jan 15 20:08:00 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Mon Jan 15 19:12:23 2007
Subject: IP range getting blocked
In-Reply-To: <45ABC849.9020906@pixelmagicfx.com>
References: <45ABC849.9020906@pixelmagicfx.com>
Message-ID: <45ABD110.8060704@evi-inc.com>

Victor DiMichina wrote:
> 
> I have a question on certain providers blocking an entire range of IP
> addresses.    We're a small company,  and have our own mail server
> locked down pretty well.   However,  from ONE local ISP,   our mail is
> getting rejected because we fall under a Class B subnet that they choose
> to block. 
> We are on 69.17.96.163,   and don't show up in any blacklists that I
> have seen.     However,  this local free provider is blocking
> 69.17.96.###.   Is it just me,  or is that a very "90's"  approach to
> spam control?      With the RBLs as they are today,  as well as tools
> like Mailscanner,  Spam Assassin,  DCC,  etc,  doesn't it seem a bit
> harsh to block entire IP ranges?   Wouldn't the end customer be the only
> one to suffer as he/she is not getting legitimate e-mail?

Odds are they're blocking you for having a PTR record containing ".dsl."

#host 69.17.96.163
163.96.17.69.in-addr.arpa domain name pointer dsl017-096-163.lax1.dsl.speakeasy.net.

If this really is a static-ip'ed mailserver, talk to speakeasy about getting
your PTR records set to match your DNS name of hoshi.pixelmagicfx.com.
From glenn.steen at gmail.com  Mon Jan 15 20:43:09 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 15 19:45:16 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
	<223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>
Message-ID: <223f97700701151143v5f320486v2f711cc2aa03984@mail.gmail.com>

It really is monday today, isn't it:-)...

On 15/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> Well, after reading some code I at least know what is going on, and
> why it doesn't work:-).
>
> Wietse seems to have wanted a way to ... noninvasively... insert
> additional data into the Postfix queue file without having to rewrite
> the whole thing (as we more or less do in MailScanner), so that
> milters could just "tag on" new recipients and headers.
>
> To that effect he made it so that there might be two (or more? I'm not
> really clear on this yet, but iut seems there will only be one p
> record for additional recipients, but perhaps one per added header)
> records of type "p" (for pointer) that has a "value part" of 0 by
> default, meaning no "extra info" is to be inserted at that point. If
> there is a non-zero value, this is an absolute offset to fseek to for
> the actual inserted part, followed by another p record with an
> absolute offset to jump back up into the file to the original "jumpoff
> point" (after the original p record). The added records are tagged on
> after the end record (and a null character denoting end of file?). As
> one can guess, much of Wietses patches regarding milter support seem
> to focus on detecting and handling missbehaving subsystems that create
> p record message loops (wrong "jump-back offsets" leading to endless
> loops ("here we GOTO again!":-)).

This description is slightly wrong. Looking again, one can see that
the p records ("jumpoff points", or branches, if you like:-) can be
located at three different places in the queue file:
1) just after the first set of O and R records (before the M record),
2) just after the headers in the M record, but before the body (before
the empty N record)
3) at the same place we place our modifications... after the body,
before X and E (Not at work, might remember this wrong...might be just
before the E, but I think it's the same place where we add things.
This hit me when idly thinking about work on the train home... That
is, almost nodding off on the train home:-)

The rest should be correct though.
>
> Currently this only seem to affect milters, and only milters that
> would add recipients and/or message headers. Perhaps this will also be
> used to ... modify... the body later on, when that type of milter
> action is to be supported as well.
>
> This p record thing doesn't sit that well wil how MailScanner
> currently (I've been looking at 4.57.6, but will take a look at 4.58.4
> too... I don't suppose there are any changes worth mentioning
> though:-) decipher a postfix queue file since we both copy any
> "unknown" records as is (p records are ... unknown .... to us:), add
> in our own headers/recipients/whatnot as needed (making the absolute
> offsets plain wrong), as well as (in all likelihood) not copying the
> data "after the end record" to the right place (if at all).
> Ergo Nerijus problem.
>
> Now, I see at least three somewhat different solutions:
> 1) Simply enhance the ReadQf function so that it understands and
> handles p records (meaning we will copy over the actual data added by
> milters, not the p records themselves).
> 2) recalculate the offsets and make sure the precords ar correct, as
> well as the "after end" data being where it is supposed to be.
> 3) Rewrite MailScanner to use the same p record method of adding
> recipients and headers, which of course implies, in a way, that we
> would reimplement the Postfix.pm file from scratch... more or less.
>
> I'm hugely in favour of doing number 1), since this will be
> a) simplest to implement
> b) least amount of code touched
> c) probably safest... We'll have to look at doing pretty much the same
> sanity checks that Wietse does, but that shouldn't be a huge problem.
> d) in keeping with the MailScanner philosophy:-). When we start
> decomposing the PF queue files, they stop being queue files. When we
> reassemble the queue file, it is a completely new queue file, with a
> ne ID ... Why should we preserve a "bandaid like" thing that we don't
> need;-).
>
> If I get a little teensy bit of time, I'll make a stab at some code
> for handling p records as suggested in #1.
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>


-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From bryan.guest at bmts.com  Mon Jan 15 20:51:54 2007
From: bryan.guest at bmts.com (Bryan Guest)
Date: Mon Jan 15 19:54:13 2007
Subject: How can I reject based on X-Mailer:
Message-ID: <01c401c738de$9baf7190$0b01010a@DGPTBH91>

Hi:

We could use some assistance...

My company is getting mailbombed by some spammers.  By some bizarre comedy 
of situations Postini does not seem to be able to filter out this spam. 
(Reduced staff due to Martin Luther King day?)

We use MailScanner locally to do local virus scanning but not spamassassin.

Is there a way I could get MailScanner to filter based on the X-Mailer: 
header?

The only common link I see in this spam is the contents of this header. 
Everything else (Sender IP's, To: and From: ) is forged.  The body is text 
(random words) which changes with each message and the actuallspam is a 
graphic attached to the message.  The filename of the graphic changes 
randomly.

So to reiterate, is there anyway anyone knows to filter based on X-Mailer:?

If so please reply or email me at bryan_guest@hotmail.com

Thanks
Bryan 

From cgi at bytesinteractive.com  Mon Jan 15 21:40:17 2007
From: cgi at bytesinteractive.com (David Jourard)
Date: Mon Jan 15 20:42:28 2007
Subject: How to discard emails with info in X-Mailer and X-FID
In-Reply-To: <456DAADD.5020000@netmagicsolutions.com>
References: <033f01c713a8$9301ca30$3701a8c0@lapxp>	<20061129064650.794D.GERARD@seibercom.net>	<456D78F8.6020302@blacknight.ie>	<456D7DA0.1070900@ucsc.edu>	<456DA763.10308@pixelhammer.com>
	<456DAADD.5020000@netmagicsolutions.com>
Message-ID: <45ABE6B1.6060004@bytesinteractive.com>

Hi,

Today a new spam variant appeared and was getting thru my commercial 
spam service.

They  indicated that if I could block the variant till they fix it it 
would be good.

They gave the values for the  X-Mailer and X-FID.

Is it possible to discard the emails with these parameters via MailScanner.

Thanks
David J.
From denis at croombs.org  Mon Jan 15 21:56:56 2007
From: denis at croombs.org (Denis Croombs)
Date: Mon Jan 15 20:59:33 2007
Subject: Clamav Anti-virus speed (using clammodule)
Message-ID: <200701152057.l0FKvDb3010123@mail.deniscroombs.org>

I have just noticed this in my maillog file:-

Jan 15 17:11:50 isis MailScanner[22768]: Filename Checks: Allowing
l0FHBXAF023446 msg-22768-2.txt
Jan 15 17:11:50 isis MailScanner[22768]: Virus Scanning completed at 176
bytes per second 
Jan 15 17:11:50 isis MailScanner[22768]: Uninfected: Delivered 1 messages 
Jan 15 17:11:50 isis MailScanner[22768]: Virus Processing completed at 73445
bytes per second 
Jan 15 17:11:50 isis MailScanner[22768]: Batch completed at 175 bytes per
second (2128 / 12) 
Jan 15 17:11:50 isis MailScanner[22768]: Batch (1 message) processed in
12.13 seconds

In my MailScanner.conf I have:-

Virus Scanners = clamavmodule bitdefender

I believe this means that clamavmodule is doing the check @ 176 bytes per
second and bitdefender is doing the same checks @ 73445 bytes per second.

Has anyone else seen this type of speed difference ?

I am using the very latest of:-

Clamav
Spamassassin
Sendmail
Dcc
Razor
Pyzor

On a Centos 4.x server (Intel PIV 1.7Ghz CPU 256mb ram), I am about to test
it on a more powerful server with more ram to see if that is the issue !

Regards

Denis

From mkettler at evi-inc.com  Mon Jan 15 22:14:08 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Mon Jan 15 21:16:36 2007
Subject: Clamav Anti-virus speed (using clammodule)
In-Reply-To: <200701152057.l0FKvDb3010123@mail.deniscroombs.org>
References: <200701152057.l0FKvDb3010123@mail.deniscroombs.org>
Message-ID: <45ABEEA0.2060900@evi-inc.com>

Denis Croombs wrote:
> I have just noticed this in my maillog file:-
> 
> Jan 15 17:11:50 isis MailScanner[22768]: Filename Checks: Allowing
> l0FHBXAF023446 msg-22768-2.txt
> Jan 15 17:11:50 isis MailScanner[22768]: Virus Scanning completed at 176
> bytes per second 
> Jan 15 17:11:50 isis MailScanner[22768]: Uninfected: Delivered 1 messages 
> Jan 15 17:11:50 isis MailScanner[22768]: Virus Processing completed at 73445
> bytes per second 
> Jan 15 17:11:50 isis MailScanner[22768]: Batch completed at 175 bytes per
> second (2128 / 12) 
> Jan 15 17:11:50 isis MailScanner[22768]: Batch (1 message) processed in
> 12.13 seconds
> 
> In my MailScanner.conf I have:-
> 
> Virus Scanners = clamavmodule bitdefender
> 
> I believe this means that clamavmodule is doing the check @ 176 bytes per
> second and bitdefender is doing the same checks @ 73445 bytes per second.

No, that's not what those messages mean.

Note the first message is "virus scanning" the second is "virus processing"

The first message pertains to the time to scan with BOTH clamavmodule AND
bitdefender.

The "Virus Processing" refers to all the post-processing. Report generation,
quarantining, sending warnings to postmaster, disarming html, etc etc etc.
Neither clamav nor bitdefender are involved here.

Take a look at the main bin/MailScanner script for all the items between:
    $batch->StartTiming('virus_processing', 'Virus Processing');
and
    $batch->StopTiming('virus_processing', 'Virus Processing');
From res at ausics.net  Mon Jan 15 22:26:17 2007
From: res at ausics.net (Res)
Date: Mon Jan 15 21:28:32 2007
Subject: IP range getting blocked
In-Reply-To: <45ABC849.9020906@pixelmagicfx.com>
References: <45ABC849.9020906@pixelmagicfx.com>
Message-ID: <Pine.LNX.4.64.0701160715590.17613@ebfjryy.nhfvpf.arg>

On Mon, 15 Jan 2007, Victor DiMichina wrote:

> seen.     However,  this local free provider is blocking 69.17.96.###.   Is 
> it just me,  or is that a very "90's"  approach to spam control?      With 
> the RBLs as they are today,  as well as tools like Mailscanner,  Spam

It's just you, it's all too easy for someone being malicious to use 
multuple ip's, very common and has been for years to take out the /24, 
sometimes with problematic (ignorant ISPs) to block there entire range(s).

Blocking /24 or an entire ISP is much easier than having many staff waste 
countless hours dealing with support calls from irrate customers who have 
been spammed or whatever and abuse section being ignored by said ISP, ie: 
comcast, the biggest offenders, far far far worse then AOL ever was.


> Assassin,  DCC,  etc,  doesn't it seem a bit harsh to block entire IP ranges? 
> Wouldn't the end customer be the only one to suffer as he/she is not getting 
> legitimate e-mail?

What about the thousands and thousands of other users being spammed?

To satisfy 1 we dissatisfy 1000,  hmmm... I don't think so :)
Much rather 999 customers happy and 1 not happy per every thousand 
customers.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From prandal at herefordshire.gov.uk  Mon Jan 15 22:28:22 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 15 21:30:35 2007
Subject: How to discard emails with info in X-Mailer and X-FID
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176820D@isabella.herefordshire.gov.uk>

Yes, 

Just create header rules in spamassassin to score them.

Today we've processed 2569 emails with X-FID: headers, all but 6 of
which were tagged as spam without any new rules required.

The new spams are intriguing - they have three images, the first a .jpg
of a pen knib, the second a stock pump/dump scam gif, and the third a
"free emoticons for your email" gif.  The equivalent of attempted Bayes
Poisoning for OCR scanners?

I am sorely tempted to add "free emoticons" to my FuzzyOCR wordlist.

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of David
Jourard
Sent: Monday, January 15, 2007 8:40 PM
To: MailScanner discussion
Subject: How to discard emails with info in X-Mailer and X-FID

Hi,

Today a new spam variant appeared and was getting thru my commercial 
spam service.

They  indicated that if I could block the variant till they fix it it 
would be good.

They gave the values for the  X-Mailer and X-FID.

Is it possible to discard the emails with these parameters via
MailScanner.

Thanks
David J.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From res at ausics.net  Mon Jan 15 22:35:02 2007
From: res at ausics.net (Res)
Date: Mon Jan 15 21:37:14 2007
Subject: Sendmail hijacking Mailscanner
In-Reply-To: <45AB8677.6080901@evi-inc.com>
References: <041a01c738a9$91e57130$0a02a8c0@Gordon>
	<45AB8677.6080901@evi-inc.com>
Message-ID: <Pine.LNX.4.64.0701160727470.17613@ebfjryy.nhfvpf.arg>

On Mon, 15 Jan 2007, Matt Kettler wrote:

> In fact, you need two Sendmails running.

2 Normally, but 3 with MailScanner, the listener, and queue managers


  1755 ?        Ss     7:43 sendmail: accepting connections

  1757 ?        Ss     7:41 sendmail: Queue runner@00:15:00 for 
/var/spool/clientmqueue
  1760 ?        Ss     7:41 sendmail: Queue runner@00:15:00 for 
/var/spool/mqueue


--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From r.berber at computer.org  Tue Jan 16 00:55:10 2007
From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=)
Date: Mon Jan 15 23:57:41 2007
Subject: How to discard emails with info in X-Mailer and X-FID
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580176820D@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820D@isabella.herefordshire.gov.uk>
Message-ID: <eoh493$mgn$1@sea.gmane.org>

Randal, Phil wrote:

>>David Jourard wrote:
>> Today a new spam variant appeared and was getting thru my commercial 
>> spam service.
>> 
>> They  indicated that if I could block the variant till they fix it it 
>> would be good.
>> 
>> They gave the values for the  X-Mailer and X-FID.
>> 
>> Is it possible to discard the emails with these parameters via
>> MailScanner.

> Yes, 
> 
> Just create header rules in spamassassin to score them.
> 
> Today we've processed 2569 emails with X-FID: headers, all but 6 of
> which were tagged as spam without any new rules required.
> 
> The new spams are intriguing - they have three images, the first a .jpg
> of a pen knib, the second a stock pump/dump scam gif, and the third a
> "free emoticons for your email" gif.  The equivalent of attempted Bayes
> Poisoning for OCR scanners?

Uh?  What's there to poison with FuzzyOcr?

> I am sorely tempted to add "free emoticons" to my FuzzyOCR wordlist.

Not needed, FuzzyOcr scans all images and will detect the spam in the 2nd, it
may even stop with the second image if the score is high enough (this may be a
new feature not yet released, but soon).
-- 
Ren? Berber

From nerijus at users.sourceforge.net  Tue Jan 16 01:43:57 2007
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Tue Jan 16 00:46:33 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
References: <4571B547.1090804@ecs.soton.ac.uk>
	<45743355.2040006@sendit.nodak.edu>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
	<223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>
Message-ID: <loom.20070116T010319-991@post.gmane.org>

Glenn Steen <glenn.steen <at> gmail.com> writes:

> Currently this only seem to affect milters, and only milters that
> would add recipients and/or message headers.

First, thank you very much for looking at this problem!
I commented out all lines with smfi_addheader() and changed xxfi_flags field
from SMFIF_ADDHDRS to 0 in milter-greylist, which means it does not modify
headers or body. But I still get "              0" after the end of body and " 
            0" too after the last header (instead of "           1389" earlier).
Does it mean Postfix changes queue files when milters are enabled even when
milter does not announce the capability of changing the message?

> Now, I see at least three somewhat different solutions:
> 1) Simply enhance the ReadQf function so that it understands and
> handles p records (meaning we will copy over the actual data added by
> milters, not the p records themselves).
> 2) recalculate the offsets and make sure the precords ar correct, as
> well as the "after end" data being where it is supposed to be.
> 3) Rewrite MailScanner to use the same p record method of adding
> recipients and headers, which of course implies, in a way, that we
> would reimplement the Postfix.pm file from scratch... more or less.

It would be quite nice, meaning MS is changing queue files in official way(?),
but it would also mean MS will not support postfix versions below 2.3, when
milter support was added.

> I'm hugely in favour of doing number 1), since this will be
> a) simplest to implement
> b) least amount of code touched
> c) probably safest... We'll have to look at doing pretty much the same
> sanity checks that Wietse does, but that shouldn't be a huge problem.

Yes, it's probably the best approach.

> If I get a little teensy bit of time, I'll make a stab at some code
> for handling p records as suggested in #1.

Thanks!

BTW, I've got an idea about how to temporary overcome the problem with
corrupting headers. Is Postfix able to add some headers to the message? If yes,
I would configure it to add some header, then pass message to a milter, milter
adds "              0" after this header corrupting it, but it means all the
other important headers are left intact (like Content-Transfer-Encoding:
base64). So is this possible?

Regards,
Nerijus

From ugob at camo-route.com  Tue Jan 16 01:46:27 2007
From: ugob at camo-route.com (Ugo Bellavance)
Date: Tue Jan 16 00:48:44 2007
Subject: Disabling razor....
In-Reply-To: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>
References: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>
Message-ID: <eoh792$b3$1@sea.gmane.org>

Philip Butler wrote:
> Hi all,
> 
> I was playing around to try to disable Razor and noticed that it 
> wouldn't disable.  As it turns out, I didn't find the line:
> 
>     SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
> 
> in my mailscanner.conf file.  When I looked at the stock 4.57.6 
> MailScanner.conf file, it wasn't there either.  It was in the 
> mailscanner.conf.with.mcp file, but I haven't started using MCP yet.  
> Anyway, I have put the line in.
> 
> Should it be in this file ??  Or is it handled/defaulted some other way 
> ??  What is the default path to the spam assassin conf file ??  After 
> doing all of this, I see that Razor is still active.  I have the line 
> "use_razor2    0" in my spam.assassin.prefs.conf.
> 
> I know this may be / probably is a spamassassin only issue - please 
> forgive me if this post shouldn't be made here.
> 
> I was wanting to turn on/off various aspects of mailscanner to see if I 
> could get a feel as to what works best, etc.

You can look in the .pre files in /etc/mail/spamassassin for "Razor". 
You should be able to disable it there.

Ugo

From rich at mail.wvnet.edu  Tue Jan 16 03:11:11 2007
From: rich at mail.wvnet.edu (Richard Lynch)
Date: Tue Jan 16 02:13:25 2007
Subject: Disabling razor....
In-Reply-To: <eoh792$b3$1@sea.gmane.org>
References: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>
	<eoh792$b3$1@sea.gmane.org>
Message-ID: <45AC343F.3060704@mail.wvnet.edu>

Ugo Bellavance wrote:
> Philip Butler wrote:
>> Hi all,
>>
>> I was playing around to try to disable Razor and noticed that it 
>> wouldn't disable.  As it turns out, I didn't find the line:
>>
>>     SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
>>
>> in my mailscanner.conf file.  When I looked at the stock 4.57.6 
>> MailScanner.conf file, it wasn't there either.  It was in the 
>> mailscanner.conf.with.mcp file, but I haven't started using MCP yet.  
>> Anyway, I have put the line in.
>>
>> Should it be in this file ??  Or is it handled/defaulted some other 
>> way ??  What is the default path to the spam assassin conf file ??  
>> After doing all of this, I see that Razor is still active.  I have 
>> the line "use_razor2    0" in my spam.assassin.prefs.conf.
>>
>> I know this may be / probably is a spamassassin only issue - please 
>> forgive me if this post shouldn't be made here.
>>
>> I was wanting to turn on/off various aspects of mailscanner to see if 
>> I could get a feel as to what works best, etc.
>
> You can look in the .pre files in /etc/mail/spamassassin for "Razor". 
> You should be able to disable it there.
>
> Ugo
>
I just put a ...

use_razor2 0

... in /etc/MailScanner/spam.assassin.prefs.conf.


~rich

-- 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: rich.vcf
Type: text/x-vcard
Size: 299 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070115/27d9e16e/rich-0001.vcf
From nerijus at users.sourceforge.net  Tue Jan 16 03:41:35 2007
From: nerijus at users.sourceforge.net (Nerijus Baliunas)
Date: Tue Jan 16 02:44:21 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
References: <4571B547.1090804@ecs.soton.ac.uk>	<200612022342.kB2NgCcf026083@bkserver.blacknight.ie>	<20061203011931.d29a40c0.michel@mitch-it.nl>	<45743355.2040006@sendit.nodak.edu>	<45744FDB.3030307@netmagicsolutions.com>	<20061204205254.8300B11285@mx-a.vdnet.lt>	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>	<20061204233255.DB881FF40@mx-a.vdnet.lt>	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
Message-ID: <loom.20070116T033905-722@post.gmane.org>

Dhawal Doshy <dhawal <at> netmagicsolutions.com> writes:

> Just to give you guys a headstart, there are some newer records that MS 
> needs to address.
> 
> Quoting Weitse >>
> 
> If Mailscanner can speak the Milter protocol, great. Header 
> modifications are already supported in Postfix 2.3. Body modifications 
> with some luck in Postfix 2.4.

It seems they will be definitely supported in 2.4. Quoting an hour old Wietse's
message:

I just added "body replace" support to the Postfix Milter client.

The code needs cleaning up and further testing, but was much simpler

to implement than inserting/replacing/removing message headers in

random places.



	Wietse



20070114



	Feature: body replacement support for Milter applications.

	Files: milter/milter8.c, cleanup/cleanup_milter.c,

	cleanup/cleanup_body_region.c.

From n3dlinux at gmail.com  Tue Jan 16 03:44:49 2007
From: n3dlinux at gmail.com (den gon)
Date: Tue Jan 16 02:46:57 2007
Subject: Modified /dev/null by MailScanner?
Message-ID: <b6f16c860701151844q1a21c61eie429e88f3794fea3@mail.gmail.com>

Hi again to all,

I noticed that when I login on my system using non-root account, its says
"-bash: /dev/null: Permission denied". I checked it permission and it owned
by
root and smmsp. Is it the MailScanner/sendmail process changed it?

"-rw-------    1 root     smmsp       23448 Jan 16 10:35 /dev/null"

admin@server's password:
Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
[admin@server admin]$ su -
Password:
[root@server root]#

Regards,

ned
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/f9020bca/attachment.html
From chandler at chapman.edu  Tue Jan 16 08:38:44 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Tue Jan 16 07:40:54 2007
Subject: Disabling razor....
In-Reply-To: <eoh792$b3$1@sea.gmane.org>
References: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>
	<eoh792$b3$1@sea.gmane.org>
Message-ID: <45AC8104.4050208@chapman.edu>

Ugo Bellavance wrote:
> Philip Butler wrote:
>> Hi all,
>>
>> I was playing around to try to disable Razor and noticed that it 
>> wouldn't disable.  As it turns out, I didn't find the line:
>>
>>     SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
>>
>> in my mailscanner.conf file.  When I looked at the stock 4.57.6 
>> MailScanner.conf file, it wasn't there either.  It was in the 
>> mailscanner.conf.with.mcp file, but I haven't started using MCP yet.  
>> Anyway, I have put the line in.
>>
>> Should it be in this file ??  Or is it handled/defaulted some other 
>> way ??  What is the default path to the spam assassin conf file ??  
>> After doing all of this, I see that Razor is still active.  I have 
>> the line "use_razor2    0" in my spam.assassin.prefs.conf.
>>
>> I know this may be / probably is a spamassassin only issue - please 
>> forgive me if this post shouldn't be made here.
>>
>> I was wanting to turn on/off various aspects of mailscanner to see if 
>> I could get a feel as to what works best, etc.
>
> You can look in the .pre files in /etc/mail/spamassassin for "Razor". 
> You should be able to disable it there.
>
> Ugo
>
There's also a mailscanner.cf file in /usr/local/etc/mail/spamassassin/ 
that had it for my installation.

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Atilla the Hub 

From gordon at itnt.co.za  Tue Jan 16 09:19:41 2007
From: gordon at itnt.co.za (Gordon Colyn)
Date: Tue Jan 16 08:22:16 2007
Subject: Sendmail hijacking Mailscanner
References: <041a01c738a9$91e57130$0a02a8c0@Gordon>
	<45ABC863.9030707@clh.org.uk>
Message-ID: <019601c73947$18469a90$0a02a8c0@Gordon>

Aaaaaah, well spotted Chris!

I did a search and found that there is a logrotate for statistics which has 
a sendmail reload command.

I have commented this out so hopefully this should stop now.  I have no idea 
how it gets invoked but lets see what happens.

Thanks

Gordon

----- Original Message ----- 
From: "Chris Hardy" <chris@clh.org.uk>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, January 15, 2007 8:30 PM
Subject: Re: Sendmail hijacking Mailscanner


Gordon Colyn wrote:
> ITNT Banner CampaignHi all,
>
> I have a problem where somehow sendmail gets started on my Linux server
> running MailScanner and therefore spam mail gets through as it by-passes 
> the
> mailscanner process.  I have crawled through all the logs and have no idea
> what starts the sendmail process and it is also completely random...very
> frustrating.  Does anyone know of a script or a way that I can test to see
> if sendmail is running then stop the process automatically?
>
> I am running Mandriva 2006, with sendmail 8.13.4.
>
> thanks
>
> Gordon Colyn
>
Hi Gordon,

I had the same problem - and it came down to a logrotate issue - one of
them wanted to stop and start sendmail within it..
I removed the sendmail line from the script, and hey-presto, no more
sendmail taking over :)

If i remember the file, i'll let you know, but check the files in the
/etc/logrotate.d directory - one of them has it in there

HTH

chris

-- 
This message has been scanned for viruses and
dangerous content by www.clh.org.uk, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

From glenn.steen at gmail.com  Tue Jan 16 09:47:04 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 08:49:14 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <loom.20070116T010319-991@post.gmane.org>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
	<223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>
	<loom.20070116T010319-991@post.gmane.org>
Message-ID: <223f97700701160047l335edf8fsbe2f5f99269d0be3@mail.gmail.com>

On 16/01/07, Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:
> Glenn Steen <glenn.steen <at> gmail.com> writes:
>
> > Currently this only seem to affect milters, and only milters that
> > would add recipients and/or message headers.
>
> First, thank you very much for looking at this problem!
> I commented out all lines with smfi_addheader() and changed xxfi_flags field
> from SMFIF_ADDHDRS to 0 in milter-greylist, which means it does not modify
> headers or body. But I still get "              0" after the end of body and "
>             0" too after the last header (instead of "           1389" earlier).
> Does it mean Postfix changes queue files when milters are enabled even when
> milter does not announce the capability of changing the message?

Yes! Thank you Nerijus for corroborating this in RL:-).
What the code implied (abnd what code implies usually _is_ how it
works, but... there is a frail human intellect that is to interprete
code so....:-) is that when milter is used postfix prepares the queue
files for inline editing by adding three p records that essentially
say "jump to position 0" which is interpreted as "ignore me". So
unless we fix MailScanner, milters are offlimits with postfix.
We can't have that, and I will be making a stab at ...
"de-p-recordizing" the queue file we produce. Workload willing,
perhaps we'll see something today. Unfortunately Jules will be unable
to help much, due to health and workload... But anything I produce
will be going through him (and you  all:) for code review... I'm not
the programmer I used to be, so it'll be needed:-):-).

According to a private conversation with Jules, this will likely not
make it into the next stable release though (we need test whatever we
can cobble together thoroughly).

> > Now, I see at least three somewhat different solutions:
> > 1) Simply enhance the ReadQf function so that it understands and
> > handles p records (meaning we will copy over the actual data added by
> > milters, not the p records themselves).
> > 2) recalculate the offsets and make sure the precords ar correct, as
> > well as the "after end" data being where it is supposed to be.
> > 3) Rewrite MailScanner to use the same p record method of adding
> > recipients and headers, which of course implies, in a way, that we
> > would reimplement the Postfix.pm file from scratch... more or less.
>
> It would be quite nice, meaning MS is changing queue files in official way(?),
> but it would also mean MS will not support postfix versions below 2.3, when
> milter support was added.
Well not really "official", no:-). The postfix devels don't want us
touching the queue files at all.
We're going to aim at #1 for now. It will ensure compatibility with
all current stable versions. And hopefully we'll be abl?e to handle
body edits in a sane manner when it arrives (2.4, it seems).

> > I'm hugely in favour of doing number 1), since this will be
> > a) simplest to implement
> > b) least amount of code touched
> > c) probably safest... We'll have to look at doing pretty much the same
> > sanity checks that Wietse does, but that shouldn't be a huge problem.
>
> Yes, it's probably the best approach.
>
> > If I get a little teensy bit of time, I'll make a stab at some code
> > for handling p records as suggested in #1.
>
> Thanks!
>
> BTW, I've got an idea about how to temporary overcome the problem with
> corrupting headers. Is Postfix able to add some headers to the message? If yes,
> I would configure it to add some header, then pass message to a milter, milter
> adds "              0" after this header corrupting it, but it means all the
> other important headers are left intact (like Content-Transfer-Encoding:
> base64). So is this possible?

Not sure. Might be worth a try:).
But I need concentrate on the #1 solution, for now:P
> Regards,
> Nerijus
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 16 09:50:14 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 08:52:24 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <loom.20070116T033905-722@post.gmane.org>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<45744FDB.3030307@netmagicsolutions.com>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
	<loom.20070116T033905-722@post.gmane.org>
Message-ID: <223f97700701160050s39258c2aoc95db23c2f7554e7@mail.gmail.com>

On 16/01/07, Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:
> Dhawal Doshy <dhawal <at> netmagicsolutions.com> writes:
>
> > Just to give you guys a headstart, there are some newer records that MS
> > needs to address.
> >
> > Quoting Weitse >>
> >
> > If Mailscanner can speak the Milter protocol, great. Header
> > modifications are already supported in Postfix 2.3. Body modifications
> > with some luck in Postfix 2.4.
>
> It seems they will be definitely supported in 2.4. Quoting an hour old Wietse's
> message:
>
> I just added "body replace" support to the Postfix Milter client.
>
> The code needs cleaning up and further testing, but was much simpler
>
> to implement than inserting/replacing/removing message headers in
>
> random places.
>
>
>
>         Wietse
>
>
>
> 20070114
>
>
>
>         Feature: body replacement support for Milter applications.
>
>         Files: milter/milter8.c, cleanup/cleanup_milter.c,
>
>         cleanup/cleanup_body_region.c.
>
Ah, thanks. Will take a look at that too. Would be nice to be ...
proactive... about this one:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 16 09:53:33 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 08:55:49 2007
Subject: Modified /dev/null by MailScanner?
In-Reply-To: <b6f16c860701151844q1a21c61eie429e88f3794fea3@mail.gmail.com>
References: <b6f16c860701151844q1a21c61eie429e88f3794fea3@mail.gmail.com>
Message-ID: <223f97700701160053q67fbf129q5dde1fa6a1921972@mail.gmail.com>

On 16/01/07, den gon <n3dlinux@gmail.com> wrote:
> Hi again to all,
>
> I noticed that when I login on my system using non-root account, its says
> "-bash: /dev/null: Permission denied". I checked it permission and it owned
> by
> root and smmsp. Is it the MailScanner/sendmail process changed it?
>
> "-rw-------    1 root     smmsp       23448 Jan 16 10:35 /dev/null"
>
> admin@server's password:
> Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
> -bash: /dev/null: Permission denied
> -bash: /dev/null: Permission denied
> -bash: /dev/null: Permission denied
> -bash: /dev/null: Permission denied
> -bash: /dev/null: Permission denied
> -bash: /dev/null: Permission denied
> [admin@server admin]$ su -
> Password:
> [root@server root]#
>
> Regards,
>
> ned
>
Theoretically, depending on your MailScanner.conf, why... Yes, it
actually might be.
The only one that can check that is you (by reading your configurations;-).
grep for /dev/null in both your MailScanner.conf and your
/etc/mail/spamassassin directories... and see if anything ... pops
out:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Jeramy.Eling at britax-pmg.com  Tue Jan 16 09:55:51 2007
From: Jeramy.Eling at britax-pmg.com (Jeramy Eling)
Date: Tue Jan 16 08:58:05 2007
Subject: Increased Volumes Of Spam
Message-ID: <5CD3BFF77DFFD411BCD100D0B720F94503C4E4B7@probe.britaxpmg.com>

Hi All,

We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see more and more
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the bottom of the
messages. I'm just curious to see how other people are dealing with this
sort of spam and stopping it from getting through to their desktops.
Currently we receive about 2800 emails a day into our company and about
50% of that gets stopped as spam but still a lot gets through to our
users.

Any thoughts/ideas/comments would be much appreciated.

Many thanks

Jez

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/3a4a3397/attachment.html
From uxbod at splatnix.net  Tue Jan 16 10:03:09 2007
From: uxbod at splatnix.net (uxbod)
Date: Tue Jan 16 09:04:14 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <5CD3BFF77DFFD411BCD100D0B720F94503C4E4B7@probe.britaxpmg.com>
References: <5CD3BFF77DFFD411BCD100D0B720F94503C4E4B7@probe.britaxpmg.com>
Message-ID: <cfcc611b53e5362c94a2973b26ba4b48@62.49.223.244>

What checks are you running ? We receive ~150k messages per day and block ~98% of the SPAM.

On Tue, 16 Jan 2007 08:55:51 -0000, "Jeramy Eling" <Jeramy.Eling@britax-pmg.com> wrote:
> Hi All,
> 
> We've been running Mail Scanner here for a few years now and it's
> brilliant, however more recently we are starting to see more and more
> spam getting to our desktop users. The spam seems to be made up of
> random subjects and have a random string of words at the bottom of the
> messages. I'm just curious to see how other people are dealing with this
> sort of spam and stopping it from getting through to their desktops.
> Currently we receive about 2800 emails a day into our company and about
> 50% of that gets stopped as spam but still a lot gets through to our
> users.
> 
> Any thoughts/ideas/comments would be much appreciated.
> 
> Many thanks
> 
> Jez
> 
> 
>
-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8
// Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8


-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Tue Jan 16 10:09:50 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 09:12:05 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <5CD3BFF77DFFD411BCD100D0B720F94503C4E4B7@probe.britaxpmg.com>
References: <5CD3BFF77DFFD411BCD100D0B720F94503C4E4B7@probe.britaxpmg.com>
Message-ID: <223f97700701160109s5adb1621p7b4b45303528a593@mail.gmail.com>

On 16/01/07, Jeramy Eling <Jeramy.Eling@britax-pmg.com> wrote:
>
>
>
> Hi All,
>
> We've been running Mail Scanner here for a few years now and it's brilliant,
> however more recently we are starting to see more and more spam getting to
> our desktop users. The spam seems to be made up of random subjects and have
> a random string of words at the bottom of the messages. I'm just curious to
> see how other people are dealing with this sort of spam and stopping it from
> getting through to their desktops. Currently we receive about 2800 emails a
> day into our company and about 50% of that gets stopped as spam but still a
> lot gets through to our users.
>
> Any thoughts/ideas/comments would be much appreciated.
>
> Many thanks
>
> Jez
Have you kept current with MailScanner and SpamAssassin versions?
sa-update?
Do you employ the digest checks (Razor, Pyzor and/or DCC)?
Bayes?
Have you implemented ImageInfo (form www.rulesemporium.com (or any
other SARE rules, for that matter...)?
FuzzyOcr?
Do you reject unknown recipients at the MTA level?
...

These are all more or less standard recommendations, especially for
relatively low-volume sites like yours (and mine:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Jeramy.Eling at britax-pmg.com  Tue Jan 16 10:10:20 2007
From: Jeramy.Eling at britax-pmg.com (Jeramy Eling)
Date: Tue Jan 16 09:12:34 2007
Subject: Increased Volumes Of Spam
Message-ID: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F2@probe.britaxpmg.com>

We run the following checks :-

Bayes
SpamAssassin
MCP
ORDB-RBL
SBL+XBL


-----Original Message-----
From: uxbod [mailto:uxbod@splatnix.net] 
Sent: 16 January 2007 09:03
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam
Importance: Low


What checks are you running ? We receive ~150k messages per day and
block ~98% of the SPAM.

On Tue, 16 Jan 2007 08:55:51 -0000, "Jeramy Eling"
<Jeramy.Eling@britax-pmg.com> wrote:
> Hi All,
> 
> We've been running Mail Scanner here for a few years now and it's 
> brilliant, however more recently we are starting to see more and more 
> spam getting to our desktop users. The spam seems to be made up of 
> random subjects and have a random string of words at the bottom of the

> messages. I'm just curious to see how other people are dealing with 
> this sort of spam and stopping it from getting through to their 
> desktops. Currently we receive about 2800 emails a day into our 
> company and about 50% of that gets stopped as spam but still a lot 
> gets through to our users.
> 
> Any thoughts/ideas/comments would be much appreciated.
> 
> Many thanks
> 
> Jez
> 
> 
>
-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 //
Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8


-- 
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From Jeramy.Eling at britax-pmg.com  Tue Jan 16 10:26:10 2007
From: Jeramy.Eling at britax-pmg.com (Jeramy Eling)
Date: Tue Jan 16 09:28:25 2007
Subject: Increased Volumes Of Spam
Message-ID: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F3@probe.britaxpmg.com>

My Mail Scanner and Spam Assassin are both kept up to date with any new
releases as for the checks at this moment in time we don't do Pyzor or
DCC but I will look into them as I have heard of them. I've not heard of
ImageInfo so I need to look into that one and FuzzyOCR. As for rejecting
unknown recipients I do this at SendMail level as MailScanner is just a
gateway for my Exchange 2K Server.

Thanks for input.

Jez

-----Original Message-----
From: Glenn Steen [mailto:glenn.steen@gmail.com] 
Sent: 16 January 2007 09:10
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam


On 16/01/07, Jeramy Eling <Jeramy.Eling@britax-pmg.com> wrote:
>
>
>
> Hi All,
>
> We've been running Mail Scanner here for a few years now and it's 
> brilliant, however more recently we are starting to see more and more 
> spam getting to our desktop users. The spam seems to be made up of 
> random subjects and have a random string of words at the bottom of the

> messages. I'm just curious to see how other people are dealing with 
> this sort of spam and stopping it from getting through to their 
> desktops. Currently we receive about 2800 emails a day into our 
> company and about 50% of that gets stopped as spam but still a lot 
> gets through to our users.
>
> Any thoughts/ideas/comments would be much appreciated.
>
> Many thanks
>
> Jez
Have you kept current with MailScanner and SpamAssassin versions?
sa-update? Do you employ the digest checks (Razor, Pyzor and/or DCC)?
Bayes? Have you implemented ImageInfo (form www.rulesemporium.com (or
any other SARE rules, for that matter...)? FuzzyOcr? Do you reject
unknown recipients at the MTA level? ...

These are all more or less standard recommendations, especially for
relatively low-volume sites like yours (and mine:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From uxbod at splatnix.net  Tue Jan 16 10:32:49 2007
From: uxbod at splatnix.net (uxbod)
Date: Tue Jan 16 09:33:47 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F3@probe.britaxpmg.com>
References: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F3@probe.britaxpmg.com>
Message-ID: <a7b6e484fe20e32a38640fdb33357896@62.49.223.244>

Well worth setting up FuzzyOCR http://fuzzyocr.own-hero.net/ we block a huge amount of Image SPAM using this.

On Tue, 16 Jan 2007 09:26:10 -0000, "Jeramy Eling" <Jeramy.Eling@britax-pmg.com> wrote:
> My Mail Scanner and Spam Assassin are both kept up to date with any new
> releases as for the checks at this moment in time we don't do Pyzor or
> DCC but I will look into them as I have heard of them. I've not heard of
> ImageInfo so I need to look into that one and FuzzyOCR. As for rejecting
> unknown recipients I do this at SendMail level as MailScanner is just a
> gateway for my Exchange 2K Server.
> 
> Thanks for input.
> 
> Jez
> 
> -----Original Message-----
> From: Glenn Steen [mailto:glenn.steen@gmail.com] 
> Sent: 16 January 2007 09:10
> To: MailScanner discussion
> Subject: Re: Increased Volumes Of Spam
> 
> 
> On 16/01/07, Jeramy Eling <Jeramy.Eling@britax-pmg.com> wrote:
>>
>>
>>
>> Hi All,
>>
>> We've been running Mail Scanner here for a few years now and it's 
>> brilliant, however more recently we are starting to see more and more 
>> spam getting to our desktop users. The spam seems to be made up of 
>> random subjects and have a random string of words at the bottom of the
> 
>> messages. I'm just curious to see how other people are dealing with 
>> this sort of spam and stopping it from getting through to their 
>> desktops. Currently we receive about 2800 emails a day into our 
>> company and about 50% of that gets stopped as spam but still a lot 
>> gets through to our users.
>>
>> Any thoughts/ideas/comments would be much appreciated.
>>
>> Many thanks
>>
>> Jez
> Have you kept current with MailScanner and SpamAssassin versions?
> sa-update? Do you employ the digest checks (Razor, Pyzor and/or DCC)?
> Bayes? Have you implemented ImageInfo (form www.rulesemporium.com (or
> any other SARE rules, for that matter...)? FuzzyOcr? Do you reject
> unknown recipients at the MTA level? ...
> 
> These are all more or less standard recommendations, especially for
> relatively low-volume sites like yours (and mine:-).
> 
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
>
-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8
// Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8


-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From cristi at elvsoft.com  Tue Jan 16 11:03:39 2007
From: cristi at elvsoft.com (Tomoiaga Cristian)
Date: Tue Jan 16 10:05:52 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N><eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com><45A926D3.5000808@nkpanama.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>


Can anyone help me please ?

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tomoiaga
Cristian
Sent: Sunday, January 14, 2007 10:54 AM
To: 'MailScanner discussion'
Subject: RE: 100% CPU utilisation from time to time

Hy,
Yes, I use botnet rules, and a rule I made to match 
the symbol, target a.s.o. spam.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman
van der Hans
Sent: Saturday, January 13, 2007 8:37 PM
To: MailScanner discussion
Subject: Re: 100% CPU utilisation from time to time

Tomoiaga Cristian wrote:
> I have installed the latest MailScanner package from ConfigServ.
> MailScabber almost works fine. The problem is that from time to time I see
a
> MailScanner process using 100% of CPU. Seems the process is checking with
> SpamAssassin when this is happening.

Are you using custom spamassassin rules?
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2619 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/02eab43b/smime.bin
From Jeramy.Eling at britax-pmg.com  Tue Jan 16 11:05:45 2007
From: Jeramy.Eling at britax-pmg.com (Jeramy Eling)
Date: Tue Jan 16 10:08:00 2007
Subject: Increased Volumes Of Spam
Message-ID: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F5@probe.britaxpmg.com>

I'm in the process of installing the Pyzor software, however whenever I
run the Lint test in SA it tells me 'local tests only, disabling Pyzor',
could anyone offer any guideance as to how to ensure the software is
working correctly. I've followed the steps on the Wiki for MailScanner
etc.

Many Thanks


-----Original Message-----
From: Glenn Steen [mailto:glenn.steen@gmail.com] 
Sent: 16 January 2007 09:10
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam


On 16/01/07, Jeramy Eling <Jeramy.Eling@britax-pmg.com> wrote:
>
>
>
> Hi All,
>
> We've been running Mail Scanner here for a few years now and it's 
> brilliant, however more recently we are starting to see more and more 
> spam getting to our desktop users. The spam seems to be made up of 
> random subjects and have a random string of words at the bottom of the

> messages. I'm just curious to see how other people are dealing with 
> this sort of spam and stopping it from getting through to their 
> desktops. Currently we receive about 2800 emails a day into our 
> company and about 50% of that gets stopped as spam but still a lot 
> gets through to our users.
>
> Any thoughts/ideas/comments would be much appreciated.
>
> Many thanks
>
> Jez
Have you kept current with MailScanner and SpamAssassin versions?
sa-update? Do you employ the digest checks (Razor, Pyzor and/or DCC)?
Bayes? Have you implemented ImageInfo (form www.rulesemporium.com (or
any other SARE rules, for that matter...)? FuzzyOcr? Do you reject
unknown recipients at the MTA level? ...

These are all more or less standard recommendations, especially for
relatively low-volume sites like yours (and mine:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From n3dlinux at gmail.com  Tue Jan 16 12:03:03 2007
From: n3dlinux at gmail.com (den gon)
Date: Tue Jan 16 11:05:16 2007
Subject: Modified /dev/null by MailScanner?
In-Reply-To: <223f97700701160053q67fbf129q5dde1fa6a1921972@mail.gmail.com>
References: <b6f16c860701151844q1a21c61eie429e88f3794fea3@mail.gmail.com>
	<223f97700701160053q67fbf129q5dde1fa6a1921972@mail.gmail.com>
Message-ID: <b6f16c860701160303m63a07cbej6f1a33d140c4f5b2@mail.gmail.com>

Thanks for the reply Glenn. I don't have any /dev/null on my MailScanner and
spamassassin directories. But I have a /dev/null on my /etc/mail/aliases to
forward all the pseudo accounts. I have two mail system using old
mailscanner (MailScanner-4.39.6-1) and new mail server with
MailScanner-4.55.10-3. Both them have the same config at /etc/mail/aliases,
but the old mail server does'nt have error " -bash: /dev/null: Permission
denied". And in time to time I'm trying to change permission of it. What do
you think?

On 1/16/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>
> On 16/01/07, den gon <n3dlinux@gmail.com> wrote:
> > Hi again to all,
> >
> > I noticed that when I login on my system using non-root account, its
> says
> > "-bash: /dev/null: Permission denied". I checked it permission and it
> owned
> > by
> > root and smmsp. Is it the MailScanner/sendmail process changed it?
> >
> > "-rw-------    1 root     smmsp       23448 Jan 16 10:35 /dev/null"
> >
> > admin@server's password:
> > Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
> > -bash: /dev/null: Permission denied
> > -bash: /dev/null: Permission denied
> > -bash: /dev/null: Permission denied
> > -bash: /dev/null: Permission denied
> > -bash: /dev/null: Permission denied
> > -bash: /dev/null: Permission denied
> > [admin@server admin]$ su -
> > Password:
> > [root@server root]#
> >
> > Regards,
> >
> > ned
> >
> Theoretically, depending on your MailScanner.conf, why... Yes, it
> actually might be.
> The only one that can check that is you (by reading your
> configurations;-).
> grep for /dev/null in both your MailScanner.conf and your
> /etc/mail/spamassassin directories... and see if anything ... pops
> out:-).
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/cf9e44ea/attachment.html
From n3dlinux at gmail.com  Tue Jan 16 12:04:22 2007
From: n3dlinux at gmail.com (den gon)
Date: Tue Jan 16 11:06:39 2007
Subject: Modified /dev/null by MailScanner?
In-Reply-To: <b6f16c860701160303m63a07cbej6f1a33d140c4f5b2@mail.gmail.com>
References: <b6f16c860701151844q1a21c61eie429e88f3794fea3@mail.gmail.com>
	<223f97700701160053q67fbf129q5dde1fa6a1921972@mail.gmail.com>
	<b6f16c860701160303m63a07cbej6f1a33d140c4f5b2@mail.gmail.com>
Message-ID: <b6f16c860701160304v36083ed1ke0bbb98b97eb95d9@mail.gmail.com>

On 1/16/07, den gon <n3dlinux@gmail.com> wrote:
>
> Thanks for the reply Glenn. I don't have any /dev/null on my MailScanner
> and spamassassin directories. But I have a /dev/null on my /etc/mail/aliases
> to forward all the pseudo accounts. I have two mail system using old
> mailscanner ( MailScanner-4.39.6-1) and new mail server with
> MailScanner-4.55.10-3. Both them have the same config at
> /etc/mail/aliases, but the old mail server does'nt have error " -bash:
> /dev/null: Permission denied". And in time to time I'm trying to change
> permission of /dev/null of my new mail, but it keeps on changing. What do
> you think?
>
> On 1/16/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> >
> > On 16/01/07, den gon <n3dlinux@gmail.com> wrote:
> > > Hi again to all,
> > >
> > > I noticed that when I login on my system using non-root account, its
> > says
> > > "-bash: /dev/null: Permission denied". I checked it permission and it
> > owned
> > > by
> > > root and smmsp. Is it the MailScanner/sendmail process changed it?
> > >
> > > "-rw-------    1 root     smmsp       23448 Jan 16 10:35 /dev/null"
> > >
> > > admin@server's password:
> > > Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
> > > -bash: /dev/null: Permission denied
> > > -bash: /dev/null: Permission denied
> > > -bash: /dev/null: Permission denied
> > > -bash: /dev/null: Permission denied
> > > -bash: /dev/null: Permission denied
> > > -bash: /dev/null: Permission denied
> > > [admin@server admin]$ su -
> > > Password:
> > > [root@server root]#
> > >
> > > Regards,
> > >
> > > ned
> > >
> > Theoretically, depending on your MailScanner.conf, why... Yes, it
> > actually might be.
> > The only one that can check that is you (by reading your
> > configurations;-).
> > grep for /dev/null in both your MailScanner.conf and your
> > /etc/mail/spamassassin directories... and see if anything ... pops
> > out:-).
> >
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/91ec2c9d/attachment.html
From glenn.steen at gmail.com  Tue Jan 16 12:28:08 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 11:30:21 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F5@probe.britaxpmg.com>
References: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F5@probe.britaxpmg.com>
Message-ID: <223f97700701160328yad5689co4f64ad79d222c116@mail.gmail.com>

On 16/01/07, Jeramy Eling <Jeramy.Eling@britax-pmg.com> wrote:
> I'm in the process of installing the Pyzor software, however whenever I
> run the Lint test in SA it tells me 'local tests only, disabling Pyzor',
> could anyone offer any guideance as to how to ensure the software is
> working correctly. I've followed the steps on the Wiki for MailScanner
> etc.
>
> Many Thanks
>
SA 3.1.7 doesn't do network tests in the --lint any more. Test it with
spamassassin -t -D < /path/to/test/message
instead.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 16 12:32:05 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 11:34:15 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <223f97700701160328yad5689co4f64ad79d222c116@mail.gmail.com>
References: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F5@probe.britaxpmg.com>
	<223f97700701160328yad5689co4f64ad79d222c116@mail.gmail.com>
Message-ID: <223f97700701160332i32d8d63ar3fbc3d8e94ed1975@mail.gmail.com>

On 16/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 16/01/07, Jeramy Eling <Jeramy.Eling@britax-pmg.com> wrote:
> > I'm in the process of installing the Pyzor software, however whenever I
> > run the Lint test in SA it tells me 'local tests only, disabling Pyzor',
> > could anyone offer any guideance as to how to ensure the software is
> > working correctly. I've followed the steps on the Wiki for MailScanner
> > etc.
> >
> > Many Thanks
> >
> SA 3.1.7 doesn't do network tests in the --lint any more. Test it with
> spamassassin -t -D < /path/to/test/message
> instead.
>
Another thing, if you do a "pyzor discover" you will get the official
server... that one seems to be less than working these day (always
gives me a timeout error). manually edit your servers file and put
82.94.255.100:24441
there instead. Works rather better that way.
Test it with a "pyzor ping".

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 16 12:36:55 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 11:39:08 2007
Subject: Modified /dev/null by MailScanner?
In-Reply-To: <b6f16c860701160303m63a07cbej6f1a33d140c4f5b2@mail.gmail.com>
References: <b6f16c860701151844q1a21c61eie429e88f3794fea3@mail.gmail.com>
	<223f97700701160053q67fbf129q5dde1fa6a1921972@mail.gmail.com>
	<b6f16c860701160303m63a07cbej6f1a33d140c4f5b2@mail.gmail.com>
Message-ID: <223f97700701160336y2466c063w7d8c0aab6c89762a@mail.gmail.com>

On 16/01/07, den gon <n3dlinux@gmail.com> wrote:
> Thanks for the reply Glenn. I don't have any /dev/null on my MailScanner and
> spamassassin directories. But I have a /dev/null on my /etc/mail/aliases to
> forward all the pseudo accounts. I have two mail system using old
> mailscanner ( MailScanner-4.39.6-1) and new mail server with
> MailScanner-4.55.10-3. Both them have the same config at /etc/mail/aliases,
> but the old mail server does'nt have error " -bash: /dev/null: Permission
> denied". And in time to time I'm trying to change permission of it. What do
> you think?
>
>
Just chown it (back to) root.root and chmod it to 0666 and you should
be fine. If it happens again, well... then you should perhaps be
looking at what tampers with it:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From prandal at herefordshire.gov.uk  Tue Jan 16 14:15:17 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jan 16 13:28:08 2007
Subject: Increased Volumes Of Spam
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58120DB734@isabella.herefordshire.gov.uk>

Which MTA are you using?

If it's Sendmail 8.13, consider using the GreetPause feature.  You'll
need to tune this because there are many broken MTAs out there.

cbl.abuseat.org or zen.spamhaus.org are both good enough to reject mail
at the MTA level, search the archives for the details of how to override
the rbls for specific senders / recipients in sendmail's "access" file.

And try milter-greylist as well.  I use a bunch of less reliable RBLs to
greylist by.

Use the rules from www.rulesemporium.com (and the rules_du_jour script).

I find "Fred's Headers" rule useful too.

Adding ImageInfo from http://rulesemporium.com/plugins/ helps too.

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Jeramy Eling
> Sent: 16 January 2007 09:10
> To: MailScanner discussion
> Subject: RE: Increased Volumes Of Spam
> 
> We run the following checks :-
> 
> Bayes
> SpamAssassin
> MCP
> ORDB-RBL
> SBL+XBL
> 
> 
> -----Original Message-----
> From: uxbod [mailto:uxbod@splatnix.net] 
> Sent: 16 January 2007 09:03
> To: MailScanner discussion
> Subject: Re: Increased Volumes Of Spam
> Importance: Low
> 
> 
> What checks are you running ? We receive ~150k messages per day and
> block ~98% of the SPAM.
> 
> On Tue, 16 Jan 2007 08:55:51 -0000, "Jeramy Eling"
> <Jeramy.Eling@britax-pmg.com> wrote:
> > Hi All,
> > 
> > We've been running Mail Scanner here for a few years now and it's 
> > brilliant, however more recently we are starting to see 
> more and more 
> > spam getting to our desktop users. The spam seems to be made up of 
> > random subjects and have a random string of words at the 
> bottom of the
> 
> > messages. I'm just curious to see how other people are dealing with 
> > this sort of spam and stopping it from getting through to their 
> > desktops. Currently we receive about 2800 emails a day into our 
> > company and about 50% of that gets stopped as spam but still a lot 
> > gets through to our users.
> > 
> > Any thoughts/ideas/comments would be much appreciated.
> > 
> > Many thanks
> > 
> > Jez
> > 
> > 
> >
> -- 
> --[ UxBoD ]--
> // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 //
> Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8
> 
> 
> -- 
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
From edwardbruce at sbcglobal.net  Tue Jan 16 15:51:32 2007
From: edwardbruce at sbcglobal.net (Ed Bruce)
Date: Tue Jan 16 14:53:46 2007
Subject: [Bulk] Re: Increased Volumes Of Spam
In-Reply-To: <223f97700701160332i32d8d63ar3fbc3d8e94ed1975@mail.gmail.com>
References: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F5@probe.britaxpmg.com>	<223f97700701160328yad5689co4f64ad79d222c116@mail.gmail.com>
	<223f97700701160332i32d8d63ar3fbc3d8e94ed1975@mail.gmail.com>
Message-ID: <45ACE674.5000401@sbcglobal.net>

Glenn Steen wrote:
> On 16/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>> On 16/01/07, Jeramy Eling <Jeramy.Eling@britax-pmg.com> wrote:
>> > I'm in the process of installing the Pyzor software, however
>> whenever I
>> > run the Lint test in SA it tells me 'local tests only, disabling
>> Pyzor',
>> > could anyone offer any guideance as to how to ensure the software is
>> > working correctly. I've followed the steps on the Wiki for MailScanner
>> > etc.
>> >
>> > Many Thanks
>> >
>> SA 3.1.7 doesn't do network tests in the --lint any more. Test it with
>> spamassassin -t -D < /path/to/test/message
>> instead.
>>
> Another thing, if you do a "pyzor discover" you will get the official
> server... that one seems to be less than working these day (always
> gives me a timeout error). manually edit your servers file and put
> 82.94.255.100:24441
> there instead. Works rather better that way.
> Test it with a "pyzor ping".
>
> Cheers

I gave up trying to get pyzor working and just use DCC and razor2.
From glenn.steen at gmail.com  Tue Jan 16 15:53:44 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 16 14:55:57 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701151143v5f320486v2f711cc2aa03984@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<20061204205254.8300B11285@mx-a.vdnet.lt>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
	<223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>
	<223f97700701151143v5f320486v2f711cc2aa03984@mail.gmail.com>
Message-ID: <223f97700701160653l37ef8cdap7d22129d7de941e0@mail.gmail.com>

Tuesdays aren't any better, it seems ... look below.

On 15/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> It really is monday today, isn't it:-)...
>
> On 15/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> (snip)
> > Well, after reading some code I at least know what is going on, and
> > why it doesn't work:-).
> >
> > Wietse seems to have wanted a way to ... noninvasively... insert
> > additional data into the Postfix queue file without having to rewrite
> > the whole thing (as we more or less do in MailScanner), so that
> > milters could just "tag on" new recipients and headers.
> >
> > To that effect he made it so that there might be two (or more? I'm not
> > really clear on this yet, but iut seems there will only be one p
> > record for additional recipients, but perhaps one per added header)
> > records of type "p" (for pointer) that has a "value part" of 0 by
> > default, meaning no "extra info" is to be inserted at that point. If
> > there is a non-zero value, this is an absolute offset to fseek to for
> > the actual inserted part, followed by another p record with an
> > absolute offset to jump back up into the file to the original "jumpoff
> > point" (after the original p record). The added records are tagged on
> > after the end record (and a null character denoting end of file?). As
> > one can guess, much of Wietses patches regarding milter support seem
> > to focus on detecting and handling missbehaving subsystems that create
> > p record message loops (wrong "jump-back offsets" leading to endless
> > loops ("here we GOTO again!":-)).
>
> This description is slightly wrong. Looking again, one can see that
> the p records ("jumpoff points", or branches, if you like:-) can be
> located at three different places in the queue file:
> 1) just after the first set of O and R records (before the M record),
> 2) just after the headers in the M record, but before the body (before
> the empty N record)
> 3) at the same place we place our modifications... after the body,
> before X and E (Not at work, might remember this wrong...might be just
> before the E, but I think it's the same place where we add things.
> This hit me when idly thinking about work on the train home... That
> is, almost nodding off on the train home:-)

Damn, I'm stupid. No way around it, the thing was glaring me in the
eyes. Oh well.
I've now completed the first rough edit of Postfix.pm to handle the
first two (as I thought, three) p record removal thingies (first is
recipients, second is headers ...). Seems to work niocely with my
tests.
But then the third one (which in my tests always is a 0 p record and
should just be removed) plain stuck, hanging around after MS is done.
Bummer.
Then it it me: The third one isn?t for recipients or post message
attribute editing... It's for body edits (well, additions:-). So I'll
have to find some time to do something about PFDiskStore.pm as well.
Oh well.
I should be able to make some assumptions about that, probably making
some fairly simple changes. Worst case I'll have to meddle a bit with
the Body class.
We'll see where we land:-).
I've attached a diff for Postfix.pm, it is very rough (little error
handling... Where I detect an error, I think I should just set
$ErrorFound, move to a sane file position and let it flow down to the
resulting (error) return, right Jules?) and the last chunk (that is
pertaining to the post message record handling) is probably not needed
at all (since I was looking at it a bit wrong).

PFDiskStore.pm to come (for the body bit:-)...

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Postfix.pm.prec.patch
Type: text/x-patch
Size: 5639 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/06b472f7/Postfix.pm.prec.bin
From Denis.Beauchemin at USherbrooke.ca  Tue Jan 16 18:07:20 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Tue Jan 16 17:09:51 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F2@probe.britaxpmg.com>
References: <5CD3BFF77DFFD411BCD100D0B720F94501AF30F2@probe.britaxpmg.com>
Message-ID: <45AD0648.5030507@USherbrooke.ca>

Jeramy Eling a ?crit :
> We run the following checks :-
>
> Bayes
> SpamAssassin
> MCP
> ORDB-RBL
> SBL+XBL
>   

Jeramy,

ORDB-RBL is dead.  You should remove it from your MS/SA setup.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/afbbbc2b/smime.bin
From waytotheweb at googlemail.com  Tue Jan 16 18:29:36 2007
From: waytotheweb at googlemail.com (Sarah Trayser)
Date: Tue Jan 16 17:31:50 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N> <eo3noe$8rk$1@sea.gmane.org>
	<eo84av$b3u$1@sea.gmane.org>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com>
	<45A926D3.5000808@nkpanama.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>
Message-ID: <eb59f360701160929q426591fdwed5f04e0f7b6bbb6@mail.gmail.com>

On 16/01/07, Tomoiaga Cristian <cristi@elvsoft.com> wrote:
>
> Can anyone help me please ?
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tomoiaga
> Cristian
> Sent: Sunday, January 14, 2007 10:54 AM
> To: 'MailScanner discussion'
> Subject: RE: 100% CPU utilisation from time to time
>
> Hy,
> Yes, I use botnet rules, and a rule I made to match
> the symbol, target a.s.o. spam.
>

Have you tried running MailScanner in debug mode, i.e.

MailScanner --debug --debug-sa

Does a spamassassin lint test show anything?

-- 
Regards,
Sarah Trayser

Way to the Web Ltd
Server Management Services:
http://www.configserver.com
Web Hosting:
http://www.waytotheweb.com
From Richard.Frovarp at sendit.nodak.edu  Tue Jan 16 18:39:26 2007
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Tue Jan 16 17:41:39 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58120DB734@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B58120DB734@isabella.herefordshire.gov.uk>
Message-ID: <45AD0DCE.3020108@sendit.nodak.edu>

Randal, Phil wrote:
> Which MTA are you using?
>
> If it's Sendmail 8.13, consider using the GreetPause feature.  You'll
> need to tune this because there are many broken MTAs out there.
>
> cbl.abuseat.org or zen.spamhaus.org are both good enough to reject mail
> at the MTA level, search the archives for the details of how to override
> the rbls for specific senders / recipients in sendmail's "access" file.
>
> And try milter-greylist as well.  I use a bunch of less reliable RBLs to
> greylist by.
>
> Use the rules from www.rulesemporium.com (and the rules_du_jour script).
>
> I find "Fred's Headers" rule useful too.
>   

These can now be pulled using sa-update. I am pretty sure I saw 
something a while ago that state in effect that rule_du_jour is going 
away in favor of sa-update. Instructions in the SA wiki on how to use 
SARE rules with sa-update.
From ssilva at sgvwater.com  Tue Jan 16 18:39:58 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 16 17:42:29 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N><eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com><45A926D3.5000808@nkpanama.com>	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>
Message-ID: <eoj2le$6vh$1@sea.gmane.org>

Tomoiaga Cristian spake the following on 1/16/2007 2:03 AM:
> Can anyone help me please ?
> 
Are you using bayes in spamassassin?
Do you do regular expires?
How are you doing them?
Do you have any left over expire files in the bayes directory?


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Tue Jan 16 18:41:34 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 16 17:47:16 2007
Subject: Disabling razor....
In-Reply-To: <45AC8104.4050208@chapman.edu>
References: <9A316265-9987-478E-A3A3-8B031F3AF106@globeserver.com>	<eoh792$b3$1@sea.gmane.org>
	<45AC8104.4050208@chapman.edu>
Message-ID: <eoj2oe$6vh$2@sea.gmane.org>

Jay Chandler spake the following on 1/15/2007 11:38 PM:
> Ugo Bellavance wrote:
>> Philip Butler wrote:
>>> Hi all,
>>>
>>> I was playing around to try to disable Razor and noticed that it
>>> wouldn't disable.  As it turns out, I didn't find the line:
>>>
>>>     SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
>>>
>>> in my mailscanner.conf file.  When I looked at the stock 4.57.6
>>> MailScanner.conf file, it wasn't there either.  It was in the
>>> mailscanner.conf.with.mcp file, but I haven't started using MCP yet. 
>>> Anyway, I have put the line in.
>>>
>>> Should it be in this file ??  Or is it handled/defaulted some other
>>> way ??  What is the default path to the spam assassin conf file ?? 
>>> After doing all of this, I see that Razor is still active.  I have
>>> the line "use_razor2    0" in my spam.assassin.prefs.conf.
>>>
>>> I know this may be / probably is a spamassassin only issue - please
>>> forgive me if this post shouldn't be made here.
>>>
>>> I was wanting to turn on/off various aspects of mailscanner to see if
>>> I could get a feel as to what works best, etc.
>>
>> You can look in the .pre files in /etc/mail/spamassassin for "Razor".
>> You should be able to disable it there.
>>
>> Ugo
>>
> There's also a mailscanner.cf file in /usr/local/etc/mail/spamassassin/
> that had it for my installation.
> 
The mailscanner.cf file "should" only be a symlink to the
spam.assassin.prefs.conf file.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From prandal at herefordshire.gov.uk  Tue Jan 16 19:06:44 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jan 16 18:16:18 2007
Subject: Increased Volumes Of Spam
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58120DB87C@isabella.herefordshire.gov.uk>

> These can now be pulled using sa-update. I am pretty sure I saw 
> something a while ago that state in effect that rule_du_jour is going 
> away in favor of sa-update. Instructions in the SA wiki on how to use 
> SARE rules with sa-update.

I sincerely hope not, unless there's a separate channel for each rule,
which would make it more cumbersome than rules_du_jour anyway.

The advantage of rules_du_jour is that you can choose the mix of Rules
Emporium rules that suit you, you're not forced to take a bundle.

Cheers,

phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From ssilva at sgvwater.com  Tue Jan 16 19:24:11 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 16 18:27:03 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58120DB734@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B58120DB734@isabella.herefordshire.gov.uk>
Message-ID: <eoj58c$hrn$1@sea.gmane.org>

Randal, Phil spake the following on 1/16/2007 5:15 AM:
> Which MTA are you using?
> 
> If it's Sendmail 8.13, consider using the GreetPause feature.  You'll
> need to tune this because there are many broken MTAs out there.
> 
> cbl.abuseat.org or zen.spamhaus.org are both good enough to reject mail
> at the MTA level, search the archives for the details of how to override
> the rbls for specific senders / recipients in sendmail's "access" file.
> 
cbl.abuseat.org is part of zen.spamhaus.org, via the included lookup against
the xbl list, so using both just increases your dns lookups without any extra
benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
alone. Five seconds is a good starting point, but probably not over 30 seconds.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From Richard.Frovarp at sendit.nodak.edu  Tue Jan 16 20:19:16 2007
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Tue Jan 16 19:21:30 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58120DB87C@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B58120DB87C@isabella.herefordshire.gov.uk>
Message-ID: <45AD2534.6050409@sendit.nodak.edu>

Randal, Phil wrote:
>> These can now be pulled using sa-update. I am pretty sure I saw 
>> something a while ago that state in effect that rule_du_jour is going 
>> away in favor of sa-update. Instructions in the SA wiki on how to use 
>> SARE rules with sa-update.
>>     
>
> I sincerely hope not, unless there's a separate channel for each rule,
> which would make it more cumbersome than rules_du_jour anyway.
>
> The advantage of rules_du_jour is that you can choose the mix of Rules
> Emporium rules that suit you, you're not forced to take a bundle.
>
> Cheers,
>
> phil
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>   
There are separate channels. It isn't all that cumbersome, because all 
you really do is edit one file once and you are done.

Wiki address for sa-update with SARE rules: 
http://wiki.apache.org/spamassassin/SareChannels

This took a bit of searching, but here is the response from the RDJ author:

http://article.gmane.org/gmane.mail.spam.spamassassin.general/89089

For those too lazy to read, it isn't going away, but there are no plans 
for further enhancement and he suggests using sa-update.
From cristi at elvsoft.com  Tue Jan 16 21:36:23 2007
From: cristi at elvsoft.com (Tomoiaga Cristian)
Date: Tue Jan 16 20:38:37 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <eoj2le$6vh$1@sea.gmane.org>
References: <000e01c734fd$6d243c50$0300a8c0@250N><eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com><45A926D3.5000808@nkpanama.com>	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>
	<eoj2le$6vh$1@sea.gmane.org>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAM1D6YoEreBNtuMPHXiBMBABAAAAAA==@elvsoft.com>

Thanks for the answer.

I use Bayes.
I am not very shure about expires and where to look for them.
In debug mode I see something like this:

[574] dbg: bayes: tie-ing to DB file R/O
/var/spool/mqueue/.spamassassin/bayes_toks
[574] dbg: bayes: tie-ing to DB file R/O
/var/spool/mqueue/.spamassassin/bayes_seen
[574] dbg: bayes: found bayes db version 3
[574] dbg: bayes: opportunistic call attempt skipped, found fresh running
expire magic token
[574] dbg: bayes: corpus size: nspam = 35070, nham = 69019
[574] dbg: bayes: score = 0
[574] dbg: bayes: opportunistic call attempt skipped, found fresh running
expire magic token
bayes: cannot write to /var/spool/mqueue/.spamassassin/bayes_journal, bayes
db update ignored: Permission denied
[574] dbg: bayes: untie-ing
[574] dbg: bayes: untie-ing db_toks
[574] dbg: bayes: untie-ing db_seen


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva
Sent: Tuesday, January 16, 2007 7:40 PM
To: mailscanner@lists.mailscanner.info
Subject: Re: 100% CPU utilisation from time to time

Tomoiaga Cristian spake the following on 1/16/2007 2:03 AM:
> Can anyone help me please ?
> 
Are you using bayes in spamassassin?
Do you do regular expires?
How are you doing them?
Do you have any left over expire files in the bayes directory?


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2619 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/53603413/smime.bin
From prandal at herefordshire.gov.uk  Tue Jan 16 23:38:39 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jan 16 22:41:04 2007
Subject: Increased Volumes Of Spam
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>

Scott Silva wrote:
> cbl.abuseat.org is part of zen.spamhaus.org, via the included
> lookup against the xbl list, so using both just increases your
> dns lookups without any extra benefit.
> Greetpause does help a lot, as I probably drop 10 to 20% of
> the spam with it alone. Five seconds is a good starting point,
> but probably not over 30 seconds.

The only problem with zen.spamhaus.org is this statement, found on
http://www.spamhaus.org/zen/index.lasso :

"ZEN Usage

Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From mkettler at evi-inc.com  Tue Jan 16 23:59:33 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Tue Jan 16 23:01:56 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>
Message-ID: <45AD58D5.7000806@evi-inc.com>

Randal, Phil wrote:
> Scott Silva wrote:
>> cbl.abuseat.org is part of zen.spamhaus.org, via the included
>> lookup against the xbl list, so using both just increases your
>> dns lookups without any extra benefit.
>> Greetpause does help a lot, as I probably drop 10 to 20% of
>> the spam with it alone. Five seconds is a good starting point,
>> but probably not over 30 seconds.
> 
> The only problem with zen.spamhaus.org is this statement, found on
> http://www.spamhaus.org/zen/index.lasso :
> 
> "ZEN Usage
> 
> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
> is free for low-traffic mail servers serving less than 100 users. Use of
> the Spamhaus DNSBLs by commercial users, including corporate networks,
> ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
> 


Interesting.. a similar, but less specific, statement cropped up on the SBL
pages too:

http://www.spamhaus.org/sbl/howtouse.html

 Use of the SBL is free for individuals operating small mail servers as long as
your email traffic is low. Commercial users, corporate networks and ISPs need to
purchase a yearly subscription to use the service: see DataFeed.

Whereas XBL says it's free but high traffic sites should use a datafeed:

http://www.spamhaus.org/xbl/index.lasso

Use of the XBL is free for users with normal mail servers (but networks with
high email traffic should see DataFeed).
From ssilva at sgvwater.com  Wed Jan 17 00:08:04 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 16 23:10:34 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAM1D6YoEreBNtuMPHXiBMBABAAAAAA==@elvsoft.com>
References: <000e01c734fd$6d243c50$0300a8c0@250N><eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com><45A926D3.5000808@nkpanama.com>	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>	<eoj2le$6vh$1@sea.gmane.org>
	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAM1D6YoEreBNtuMPHXiBMBABAAAAAA==@elvsoft.com>
Message-ID: <eojlsl$r80$1@sea.gmane.org>

Tomoiaga Cristian spake the following on 1/16/2007 12:36 PM:
> Thanks for the answer.
> 
> I use Bayes.
> I am not very shure about expires and where to look for them.
> In debug mode I see something like this:
> 
> [574] dbg: bayes: tie-ing to DB file R/O
> /var/spool/mqueue/.spamassassin/bayes_toks
> [574] dbg: bayes: tie-ing to DB file R/O
> /var/spool/mqueue/.spamassassin/bayes_seen
> [574] dbg: bayes: found bayes db version 3
> [574] dbg: bayes: opportunistic call attempt skipped, found fresh running
> expire magic token
> [574] dbg: bayes: corpus size: nspam = 35070, nham = 69019
> [574] dbg: bayes: score = 0
> [574] dbg: bayes: opportunistic call attempt skipped, found fresh running
> expire magic token
> bayes: cannot write to /var/spool/mqueue/.spamassassin/bayes_journal, bayes
> db update ignored: Permission denied
> [574] dbg: bayes: untie-ing
> [574] dbg: bayes: untie-ing db_toks
> [574] dbg: bayes: untie-ing db_seen
It looks like you are having a problem with your bayes expiry runs. They are
timing out spamassassin. You can either have mailscanner do the expires, or
you can run a cron job with sa-learn --force-expire.

# If you are using the Bayesian statistics engine on a busy server,
# you may well need to force a Bayesian database rebuild and expiry
# at regular intervals. This is measures in seconds.
# 1 day = 86400 seconds.
# To disable this feature set this to 0.
# Note: If you enable this feature, set "bayes_auto_expire 0" in
#       spam.assasssin.prefs.conf which you will find in the same
#       directory as this file.
Rebuild Bayes Every = 86400
You can cut this in half to run twice a day.
And make sure you have set Wait During Bayes Rebuild = yes
TO clear things now, you can stop mailscanner, and run sa-learn --force-expire
as the user that your mta runs as.


Here are some things to read;
http://lists.mailscanner.info/pipermail/mailscanner/2005-March/047227.html
http://lists.mailscanner.info/pipermail/mailscanner/2005-March/047236.html



-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From cristi at elvsoft.com  Wed Jan 17 00:23:27 2007
From: cristi at elvsoft.com (Tomoiaga Cristian)
Date: Tue Jan 16 23:25:43 2007
Subject: 100% CPU utilisation from time to time
In-Reply-To: <eojlsl$r80$1@sea.gmane.org>
References: <000e01c734fd$6d243c50$0300a8c0@250N><eo3noe$8rk$1@sea.gmane.org>	<eo84av$b3u$1@sea.gmane.org><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAPJaIULW4K1JgTSg1elnyh0BAAAAAA==@elvsoft.com><45A926D3.5000808@nkpanama.com>	<!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAABlocpqG5+lDiDMBjO4U2Y4BAAAAAA==@elvsoft.com><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAADC7LvZ9yutCiJgDpW3cAT4BAAAAAA==@elvsoft.com>	<eoj2le$6vh$1@sea.gmane.org><!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAM1D6YoEreBNtuMPHXiBMBABAAAAAA==@elvsoft.com>
	<eojlsl$r80$1@sea.gmane.org>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAG/a/TABdgVDg+rXKiLmALXCgAAAEAAAAGs0hK32FKhAsBkp3La/3eoBAAAAAA==@elvsoft.com>

Thanks all for helping.

You were right, bayes was the problem, and it's solved now.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva
Sent: Wednesday, January 17, 2007 1:08 AM
To: mailscanner@lists.mailscanner.info
Subject: Re: 100% CPU utilisation from time to time

Tomoiaga Cristian spake the following on 1/16/2007 12:36 PM:
> Thanks for the answer.
> 
> I use Bayes.
> I am not very shure about expires and where to look for them.
> In debug mode I see something like this:
> 
> [574] dbg: bayes: tie-ing to DB file R/O
> /var/spool/mqueue/.spamassassin/bayes_toks
> [574] dbg: bayes: tie-ing to DB file R/O
> /var/spool/mqueue/.spamassassin/bayes_seen
> [574] dbg: bayes: found bayes db version 3
> [574] dbg: bayes: opportunistic call attempt skipped, found fresh running
> expire magic token
> [574] dbg: bayes: corpus size: nspam = 35070, nham = 69019
> [574] dbg: bayes: score = 0
> [574] dbg: bayes: opportunistic call attempt skipped, found fresh running
> expire magic token
> bayes: cannot write to /var/spool/mqueue/.spamassassin/bayes_journal,
bayes
> db update ignored: Permission denied
> [574] dbg: bayes: untie-ing
> [574] dbg: bayes: untie-ing db_toks
> [574] dbg: bayes: untie-ing db_seen
It looks like you are having a problem with your bayes expiry runs. They are
timing out spamassassin. You can either have mailscanner do the expires, or
you can run a cron job with sa-learn --force-expire.

# If you are using the Bayesian statistics engine on a busy server,
# you may well need to force a Bayesian database rebuild and expiry
# at regular intervals. This is measures in seconds.
# 1 day = 86400 seconds.
# To disable this feature set this to 0.
# Note: If you enable this feature, set "bayes_auto_expire 0" in
#       spam.assasssin.prefs.conf which you will find in the same
#       directory as this file.
Rebuild Bayes Every = 86400
You can cut this in half to run twice a day.
And make sure you have set Wait During Bayes Rebuild = yes
TO clear things now, you can stop mailscanner, and run sa-learn
--force-expire
as the user that your mta runs as.


Here are some things to read;
http://lists.mailscanner.info/pipermail/mailscanner/2005-March/047227.html
http://lists.mailscanner.info/pipermail/mailscanner/2005-March/047236.html



-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2619 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/bf17edfc/smime-0001.bin
From deanm at ispone.com.au  Wed Jan 17 01:10:43 2007
From: deanm at ispone.com.au (Dean Manners)
Date: Wed Jan 17 00:13:56 2007
Subject: Filename Actions, deliver not quarantine
Message-ID: <200701170011.l0H0Bcqc017596@relay01.ispone.net.au>


Hey guys,
                Is there any known method of being able to deliver, not
quarantine, messages with bad file names/types eg; Spam Actions = deliver
header "blah:" ?  It would be handy to deliver file type/name violating
messages with header modification, so we could then sort to a Filtered/
Maildir folder by the local delivery agent downstream, instead of
quarantining.



Regards
__________________________________________
Dean Manners

From paul at blacknight.ie  Wed Jan 17 01:48:37 2007
From: paul at blacknight.ie (Paul Kelly :: Blacknight)
Date: Wed Jan 17 00:48:10 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <45AD58D5.7000806@evi-inc.com>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>
	<45AD58D5.7000806@evi-inc.com>
Message-ID: <45AD7265.4090301@blacknight.ie>

Matt Kettler wrote:
> Interesting.. a similar, but less specific, statement cropped up on the SBL
> pages too:
>
> http://www.spamhaus.org/sbl/howtouse.html
>
>  Use of the SBL is free for individuals operating small mail servers as long as
> your email traffic is low. Commercial users, corporate networks and ISPs need to
> purchase a yearly subscription to use the service: see DataFeed.
>
> Whereas XBL says it's free but high traffic sites should use a datafeed:
>
> http://www.spamhaus.org/xbl/index.lasso
>
> Use of the XBL is free for users with normal mail servers (but networks with
> high email traffic should see DataFeed).
>   

Hmmm. We happen to host public mirrors for spamhaus. It's the cause of 
around 210k queries a minute to our rbl dns mirror box :-), sbl-xbl 
being the biggest trafficker in the spamhaus family so far.

I can understand them putting limits in writing. I've not heard of them 
cutting anyone off. But if one mirror provider was complaining about a 
lot of traffic from ASxxxxx they can easily cite the above statement and 
cut them off. I presume there is a lot of effort put in on their part, 
with the mirror system and distributed dns services, colo/hosting of 
boxes, staff costs etc. As such having larger users pay is probably 
required to keep the service going. The various bl's they have are very 
usefull and spending a few quid on them isn't a bad idea IMO, though 
peoples mileage may vary though.
From james at gray.net.au  Wed Jan 17 06:58:24 2007
From: james at gray.net.au (James Gray)
Date: Wed Jan 17 06:00:49 2007
Subject: Avast and MailScanner
In-Reply-To: <45A2BB81.4010701@fsl.com>
References: <20070108181723.M67295@robhq.com>	<223f97700701081124i75fbd62ar96185606211e4d29@mail.gmail.com>	<20070108193754.M44087@robhq.com>
	<45A2B74A.9080000@ecs.soton.ac.uk> <45A2BB81.4010701@fsl.com>
Message-ID: <A71B3FA6-06A7-46DB-A66C-C2F2735E7161@gray.net.au>


On 09/01/2007, at 8:45 AM, Steve Freegard wrote:

> Hi Jules,
>
> Julian Field wrote:
>> Tell me where I can download it and I'll give you a hand.
>
> See http://www.avast.com/eng/download-avast-for-linux-edition.html  
> for the various formats (RPM, DEB or tar.gz).

Bah - typical...free versions for Linux/Windows but nadda for Mac : 
(  Oh well, ClamAV is doing a good job of it for me at the moment.   
I'd just like to back it up with another (free) Mac-native virus  
scanner.  You'd think if they have a Linux version, it couldn't be  
too difficult to load up the source on Mac and create a universal  
binary too.  *sigh*.

Cheers,

James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2417 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/0aba1458/smime.bin
From glenn.steen at gmail.com  Wed Jan 17 11:30:58 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 17 10:33:15 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701160653l37ef8cdap7d22129d7de941e0@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<223f97700612041451n39e66dedx28699a0d1e59a3eb@mail.gmail.com>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
	<223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>
	<223f97700701151143v5f320486v2f711cc2aa03984@mail.gmail.com>
	<223f97700701160653l37ef8cdap7d22129d7de941e0@mail.gmail.com>
Message-ID: <223f97700701170230m2fcb6f61hecfe848178ae272d@mail.gmail.com>

Sorry for the top post all, I'll try to be brief.

The below (and the patch) was just a tad (:-) na?ve on my part. After
reading up on the 2.3.6 and latest 2.4 snapshot code of postfix, I now
know (thanks in great part to a very informative and longish comment
by Wietse in cleanup_milter.c) that some of the assumptions were...
less than correct. For one thing, we need preserve w records (deleted
data) in the body as well as in the header segment. For another, there
might be p records in any position that has been edited (/replaced) or
inserted, and the dummy records are there so that the segmenty end
markers (M, X and E records) won't be moved. ... And multiple "same
record type" edits will lead to multiple forward p records to the one
backward p record. Sigh.
I still think we should do something like this first draft, just
enhance it a bit to take the above into account:-).

Oh well, more to come in a few days:-)

Cheers
-- Glenn

On 16/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> Tuesdays aren't any better, it seems ... look below.
>
> On 15/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> > It really is monday today, isn't it:-)...
> >
> > On 15/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> > (snip)
> > > Well, after reading some code I at least know what is going on, and
> > > why it doesn't work:-).
> > >
> > > Wietse seems to have wanted a way to ... noninvasively... insert
> > > additional data into the Postfix queue file without having to rewrite
> > > the whole thing (as we more or less do in MailScanner), so that
> > > milters could just "tag on" new recipients and headers.
> > >
> > > To that effect he made it so that there might be two (or more? I'm not
> > > really clear on this yet, but iut seems there will only be one p
> > > record for additional recipients, but perhaps one per added header)
> > > records of type "p" (for pointer) that has a "value part" of 0 by
> > > default, meaning no "extra info" is to be inserted at that point. If
> > > there is a non-zero value, this is an absolute offset to fseek to for
> > > the actual inserted part, followed by another p record with an
> > > absolute offset to jump back up into the file to the original "jumpoff
> > > point" (after the original p record). The added records are tagged on
> > > after the end record (and a null character denoting end of file?). As
> > > one can guess, much of Wietses patches regarding milter support seem
> > > to focus on detecting and handling missbehaving subsystems that create
> > > p record message loops (wrong "jump-back offsets" leading to endless
> > > loops ("here we GOTO again!":-)).
> >
> > This description is slightly wrong. Looking again, one can see that
> > the p records ("jumpoff points", or branches, if you like:-) can be
> > located at three different places in the queue file:
> > 1) just after the first set of O and R records (before the M record),
> > 2) just after the headers in the M record, but before the body (before
> > the empty N record)
> > 3) at the same place we place our modifications... after the body,
> > before X and E (Not at work, might remember this wrong...might be just
> > before the E, but I think it's the same place where we add things.
> > This hit me when idly thinking about work on the train home... That
> > is, almost nodding off on the train home:-)
>
> Damn, I'm stupid. No way around it, the thing was glaring me in the
> eyes. Oh well.
> I've now completed the first rough edit of Postfix.pm to handle the
> first two (as I thought, three) p record removal thingies (first is
> recipients, second is headers ...). Seems to work niocely with my
> tests.
> But then the third one (which in my tests always is a 0 p record and
> should just be removed) plain stuck, hanging around after MS is done.
> Bummer.
> Then it it me: The third one isn?t for recipients or post message
> attribute editing... It's for body edits (well, additions:-). So I'll
> have to find some time to do something about PFDiskStore.pm as well.
> Oh well.
> I should be able to make some assumptions about that, probably making
> some fairly simple changes. Worst case I'll have to meddle a bit with
> the Body class.
> We'll see where we land:-).
> I've attached a diff for Postfix.pm, it is very rough (little error
> handling... Where I detect an error, I think I should just set
> $ErrorFound, move to a sane file position and let it flow down to the
> resulting (error) return, right Jules?) and the last chunk (that is
> pertaining to the post message record handling) is probably not needed
> at all (since I was looking at it a bit wrong).
>
> PFDiskStore.pm to come (for the body bit:-)...
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>
>
>


-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From viktor at stadsomroepdenhaag.nl  Wed Jan 17 14:26:06 2007
From: viktor at stadsomroepdenhaag.nl (Viktor Alders)
Date: Wed Jan 17 13:28:22 2007
Subject: Message contains invalid header
Message-ID: <45AE23EE.4020702@stadsomroepdenhaag.nl>

Hello,

I have setting up a new postfix server and a  cyrus imap server a with 
Mailscanner and spamassasin. All messages comes in the hold queue of 
postfix and will be scanned by mailscanner. Now the problem is that i 
cannot receive e-mail on this new server and i get the following message 
back:

This is the mail system at host mail

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

(expanded from
 ): data format error. Command output:
    : Message contains invalid header

What do i wrong. Has someone any suggestions. Many thanks.

Regards,
Viktor




From martinh at solidstatelogic.com  Wed Jan 17 14:51:21 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 17 13:54:12 2007
Subject: Message contains invalid header
In-Reply-To: <45AE23EE.4020702@stadsomroepdenhaag.nl>
Message-ID: <7398dac6c4a2a544a6b8f41edb8a6254@solidstatelogic.com>

Viktor
Common issue here is invalid characters in the %org-name% setting in
MailScanner.conf. MailScanner uses this to try and make the headers a
little unique...

Eg
In MailScanner.conf

%org-name% = Acme

Inserts MailScanner headers of

X-Acme-MailScanner:

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Viktor Alders
> Sent: 17 January 2007 13:26
> To: mailscanner@lists.mailscanner.info
> Subject: Message contains invalid header
>
> Hello,
>
> I have setting up a new postfix server and a  cyrus imap server a with
> Mailscanner and spamassasin. All messages comes in the hold queue of
> postfix and will be scanned by mailscanner. Now the problem is that i
> cannot receive e-mail on this new server and i get the following
message
> back:
>
> This is the mail system at host mail
>
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
>
> For further assistance, please send mail to postmaster.
>
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
>
>                    The mail system
>
> (expanded from
>  ): data format error. Command output:
>     : Message contains invalid header
>
> What do i wrong. Has someone any suggestions. Many thanks.
>
> Regards,
> Viktor
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From Denis.Beauchemin at USherbrooke.ca  Wed Jan 17 15:00:08 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Wed Jan 17 14:02:42 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>
Message-ID: <45AE2BE8.8060608@USherbrooke.ca>

Randal, Phil a ?crit :
> Scott Silva wrote:
>   
>> cbl.abuseat.org is part of zen.spamhaus.org, via the included
>> lookup against the xbl list, so using both just increases your
>> dns lookups without any extra benefit.
>> Greetpause does help a lot, as I probably drop 10 to 20% of
>> the spam with it alone. Five seconds is a good starting point,
>> but probably not over 30 seconds.
>>     
>
> The only problem with zen.spamhaus.org is this statement, found on
> http://www.spamhaus.org/zen/index.lasso :
>
> "ZEN Usage
>
> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
> is free for low-traffic mail servers serving less than 100 users. Use of
> the Spamhaus DNSBLs by commercial users, including corporate networks,
> ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
>
>   

Since I've seen this statement I tried to cut down on their RBL.  After 
some reshuffling I get the following usage (today's stats so far):
    cbl.abuseat.org :  31957 (34.29%)
      list.dsbl.org :   1040 ( 1.12%)
safe.dnsbl.sorbs.net :  57967 (62.20%)
   zen.spamhaus.org :   2238 ( 2.40%)

On Jan 1 I used only spamhaus and sorbs (in that order) and I had the 
following stats:
    safe.dnsbl.sorbs.net :  63222 (29.63%)
        zen.spamhaus.org : 150167 (70.37%)

I check the RBLs in this order in my sendmail.mc:
FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} 
" found in safe.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} " 
found in cbl.abuseat.org"')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found 
in list.dsbl.org"')dnl
FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} " 
found in zen.spamhaus.org"')dnl

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/73a572f2/smime.bin
From amoore at dekalbmemorial.com  Wed Jan 17 15:09:12 2007
From: amoore at dekalbmemorial.com (Aaron K. Moore)
Date: Wed Jan 17 14:11:29 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <EXCH12qAPO0WsOyvEai000333e3@mail.dekalbmemorial.com>
References: <EXCH12qAPO0WsOyvEai000333e3@mail.dekalbmemorial.com>
Message-ID: <60D398EB2DB948409CA1F50D8AF1225701DE1288@exch1.dekalbmemorial.local>

Randal, Phil wrote:
>> These can now be pulled using sa-update. I am pretty sure I saw
>> something a while ago that state in effect that rule_du_jour is going
>> away in favor of sa-update. Instructions in the SA wiki on how to use
>> SARE rules with sa-update.
> 
> I sincerely hope not, unless there's a separate channel for each rule,
> which would make it more cumbersome than rules_du_jour anyway.
> 

There is a link to a how to document on using sa-update with the SARE
rules at the following url:  http://www.rulesemporium.com/rules.htm

Each ruleset is it's own channel.

-- 
Aaron Kent Moore
Information Technology Services
DeKalb Memorial Hospital, Inc.
Auburn, IN
Phone:  260.920.2808
E-mail:  amoore@dekalbmemorial.com
From daniel.maher at ubisoft.com  Wed Jan 17 15:14:57 2007
From: daniel.maher at ubisoft.com (Daniel Maher)
Date: Wed Jan 17 14:17:15 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <60D398EB2DB948409CA1F50D8AF1225701DE1288@exch1.dekalbmemorial.local>
Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2041CB87C@UBIMAIL1.ubisoft.org>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Aaron K. Moore
> Sent: January 17, 2007 9:09 AM
> To: MailScanner discussion
> Subject: RE: Increased Volumes Of Spam
> 
> Randal, Phil wrote:
> >> These can now be pulled using sa-update. I am pretty sure I saw
> >> something a while ago that state in effect that rule_du_jour is going
> >> away in favor of sa-update. Instructions in the SA wiki on how to use
> >> SARE rules with sa-update.
> >
> > I sincerely hope not, unless there's a separate channel for each rule,
> > which would make it more cumbersome than rules_du_jour anyway.
> >
> 
> There is a link to a how to document on using sa-update with the SARE
> rules at the following url:  http://www.rulesemporium.com/rules.htm
> 
> Each ruleset is it's own channel.
> 

Just to add my voice to the chorus, I recently implemented SARE updates via sa-update, as per D. O'Shea's excellent service and instructions:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

It works flawlessly.


--
  _
 ?v?  Daniel Maher
/(_)\ Administrateur Syst?me Unix
 ^ ^  Unix System Administrator
 
SMASH '5' FOR VICTORY!
From jonbjorn at mbl.is  Wed Jan 17 16:55:23 2007
From: jonbjorn at mbl.is (Jon Bjorn Njalsson)
Date: Wed Jan 17 15:59:17 2007
Subject: help fighting spam
Message-ID: <1169049323.9054.43.camel@viper.mbl.is>

Greetings

I have been recieving tons of spam with random subject like "how's your
ramrod", "+ 5 inches or money back" etc, all of them containing URL to
random sites, but all sites resolve to the same ipaddress 216.40.47.17.

I have written over 30 rules based on the domain name but I was
wondering isn?t it possible to have SA do a lookup of the domain name,
get the ipaddress, then lookup the ipaddress and check if that ipaddress
is listed in some rbl and score acordingly ?

regards
Jon

From viktor at stadsomroepdenhaag.nl  Wed Jan 17 16:59:59 2007
From: viktor at stadsomroepdenhaag.nl (Viktor Alders)
Date: Wed Jan 17 16:02:14 2007
Subject: Message contains invalid header
In-Reply-To: <7398dac6c4a2a544a6b8f41edb8a6254@solidstatelogic.com>
References: <7398dac6c4a2a544a6b8f41edb8a6254@solidstatelogic.com>
Message-ID: <45AE47FF.4070808@stadsomroepdenhaag.nl>

Martin,

Thanks. There where spaces in the %org-name%

Viktor

> Viktor
> Common issue here is invalid characters in the %org-name% setting in
> MailScanner.conf. MailScanner uses this to try and make the headers a
> little unique...
>
> Eg
> In MailScanner.conf
>
> %org-name% = Acme
>
> Inserts MailScanner headers of
>
> X-Acme-MailScanner:
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Viktor Alders
>> Sent: 17 January 2007 13:26
>> To: mailscanner@lists.mailscanner.info
>> Subject: Message contains invalid header
>>
>> Hello,
>>
>> I have setting up a new postfix server and a  cyrus imap server a with
>> Mailscanner and spamassasin. All messages comes in the hold queue of
>> postfix and will be scanned by mailscanner. Now the problem is that i
>> cannot receive e-mail on this new server and i get the following
>>     
> message
>   
>> back:
>>
>> This is the mail system at host mail
>>
>> I'm sorry to have to inform you that your message could not
>> be delivered to one or more recipients. It's attached below.
>>
>> For further assistance, please send mail to postmaster.
>>
>> If you do so, please include this problem report. You can
>> delete your own text from the attached returned message.
>>
>>                    The mail system
>>
>> (expanded from
>>  ): data format error. Command output:
>>     : Message contains invalid header
>>
>> What do i wrong. Has someone any suggestions. Many thanks.
>>
>> Regards,
>> Viktor
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
>
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
>
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
>
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   


-- 
__________________________________________

Stadsomroep Den Haag

Calandstraat 1

2521 AD  Den Haag

tel            (070) 317 49 49

fax          (070) 317 49 39

email        info@stadsomroepdenhaag.nl

website   http://www.stadsomroepdenhaag.nl

 


De informatie verzonden in of met dit e-mail bericht is vertrouwelijk en uitsluitend bedoeld  voor de geadresseerde(n). Het is niet toegestaan dit bericht, geheel of gedeeltelijk, zonder  toestemming van Stadsomroep Den Haag te gebruiken of te verspreiden. In geen geval is  Stadsomroep Den Haag aansprakelijk voor enige schade, van welke aard dan ook, door of als  gevolg van handelingen en/of beslissingen die (mede) gebaseerd zijn op de in of met dit  e-mail bericht verstuurde informatie.

 

 

From martinh at solidstatelogic.com  Wed Jan 17 17:10:40 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 17 16:13:04 2007
Subject: help fighting spam
In-Reply-To: <1169049323.9054.43.camel@viper.mbl.is>
Message-ID: <19c25689f39e524dba62b52ceba238a0@solidstatelogic.com>

Jon

I'd check you URI-RBLS are working (as I think I suggested on the
sa-users list ;-)

Also dcc/pyzor/razor and the SARE/fred rules from www.rulesemporium.com
are useful (can't remember if I already mentioned this..)


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson
> Sent: 17 January 2007 15:55
> To: MailScanner discussion
> Subject: help fighting spam
>
> Greetings
>
> I have been recieving tons of spam with random subject like "how's
your
> ramrod", "+ 5 inches or money back" etc, all of them containing URL to
> random sites, but all sites resolve to the same ipaddress
216.40.47.17.
>
> I have written over 30 rules based on the domain name but I was
> wondering isn?t it possible to have SA do a lookup of the domain name,
> get the ipaddress, then lookup the ipaddress and check if that
ipaddress
> is listed in some rbl and score acordingly ?
>
> regards
> Jon
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From cobalt-users1 at fishnet.co.uk  Wed Jan 17 17:21:00 2007
From: cobalt-users1 at fishnet.co.uk (Ian)
Date: Wed Jan 17 16:23:39 2007
Subject: help fighting spam
In-Reply-To: <19c25689f39e524dba62b52ceba238a0@solidstatelogic.com>
References: <1169049323.9054.43.camel@viper.mbl.is>,
	<19c25689f39e524dba62b52ceba238a0@solidstatelogic.com>
Message-ID: <45AE4CEC.12974.1294EE3@cobalt-users1.fishnet.co.uk>

On 17 Jan 2007 at 16:10, Martin.Hepworth wrote:

> Jon
> 
> I'd check you URI-RBLS are working (as I think I suggested on the
> sa-users list ;-)
> 
> Also dcc/pyzor/razor and the SARE/fred rules from www.rulesemporium.com
> are useful (can't remember if I already mentioned this..)

Hi,

I can second this as all the emails you sent to the spamassassin list with 
that particular web address (I won't repeat it) were picked up by these 
rules:

3.00 URIBL_BLACK   
4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL 
blocklist 

Luckily they fell just under my high scoring spam score because of 
BAYES_00 or I wouldn't have seen them :)

Regards

Ian
-- 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/627d8d96/attachment.html
From vasiliy at linuxspecial.com  Wed Jan 17 17:35:16 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 16:37:36 2007
Subject: NO! Dont go! ms2cgp problem
In-Reply-To: <458941F9.2090600@ucsc.edu>
References: <458941F9.2090600@ucsc.edu>
Message-ID: <45AE5044.1080209@linuxspecial.com>

John,
    First of all, THANK YOU SO MUCH for helping us out!  I have been 
using your cgp2ms and ms2cgp scripts for years flawlessly. 

    Now that you decide to leave us, I get a problem with ms2cgp on a 
new install...

    It seems the MS is not giving the correct $job value to the ms2cgp 
script.... syslog:

--
    Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: job = 
-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: qf = 
/etc/MailScanner/shared/queues/ms1/out/qf-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 

Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: df = 
/etc/MailScanner/shared/queues/ms1/out/df-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 

Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: msg = 
/etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp 

Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Job 
-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out writing to 
/etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp 

Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Open input 
/etc/MailScanner/shared/queues/ms1/out/qf-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 
failed, dying
--

    Now, if I call ms2cgp from commandline via this script:
   
#!/usr/bin/perl -w

opendir(DIR, ".");
@files = grep(/qf/,readdir(DIR));
closedir(DIR);

foreach $file (@files) {
        substr($file, 0, 1) = "";
        substr($file, 0, 1) = "";
        system ("/usr/local/etc/ms2cgp $file");
}

    The batch processes just fine, syslog:

--
Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: job = 19659
Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: qf = 
/etc/MailScanner/shared/queues/ms1/out/qf19659
Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: df = 
/etc/MailScanner/shared/queues/ms1/out/df19659
Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: msg = 
/etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: Job 19659 writing to 
/etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
--

    So it seems to me, MS is not passing the correct $job value... 
furthermore, why is it making it -OQueueDirectory!?!?!?

    What do you guys think?

    THANK YOU VERY MUCH!!!  My cgp2ms and ms2cgp scripts are attached.

Vasiliy Boulytchev
vasiliy@linuxspecial.com



John Rudd wrote:
>
>
> Just wanted to thank everyone at this list, starting with Julian, but 
> also several of the subscribers who given a lot of information and 
> input over the years I've been here.  At some points, this was an 
> incredibly valuable and informative mailing list for me.
>
> And, what has changed is not the list.  The list, and the vast 
> majority of its subscribers, are still great.  What changed were my 
> anti-spam/anti-virus needs.  I'm moving to solutions that operate 
> entirely during the SMTP session.  As a result, I decommissioned my 
> last mailscanner system 2 weeks ago.
>
> After a short waiting period to be sure I wasn't going to need to roll 
> back, or have any other mailscanner related questions, I'm going to be 
> unsubscribing from the list later today.
>
> I wish all of you the best, and thank you for a great set of software, 
> a great source of information resources, and a great source of 
> conversation over the last 4 or 5 years.
-------------- next part --------------
#!/usr/bin/perl

#   cgp2ms - part of a MailScanner to CommuniGate Pro gateway
#   Copyright (C) 2003  The Regents of the University of California
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software 
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#   The Author, John Rudd, can be by email at
#      jrudd@ucsc.edu
#
# cgp2ms -f file   Actually process the given file
#  or
# cgp2ms -c   Just check the queue sizes and print result 
#
# This program is used by CommuniGate Pro as an "execute" filter.  It takes
# in arguments that define where the CommuniGate Pro (CGP) queue file lives
# and uses the queue file to create a sendmail formated queue file (qf) and
# data file (df) pair.  These two files are then inserted into the
# MailScanner (MS) incoming queue directory.  When MS is done, it will use a
# program which is a companion to this one, ms2cgp, # to give the message
# back to CGP.
#
# Modified 10/2004 by Vasiliy Boulytchev and Randy Lindsey
#   Added load balancing and sped up processing for larger volume
# 12/19/2004 Randy Lindsey
#   Rather than read queuedirs for qf* files across remote shares,
#   this version reads a set of files created on each system containing the queue count
#   
# To take a host offline, just comment out its line in hostlist
%hostlist = (
#	IA => '/var/CommuniGate/MailScanner/Incoming',
#	TX2 => '/usr/local/mailscanner.tx2',
#	AZ => '/usr/local/mailscanner.az',
#	TMP => '/usr/local/mailscanner.tmp',
#	CA => '/usr/local/mailscanner.ak/mailscanner.in',
	MS1 => '/var/CommuniGate/MS.Status/queues/ms1/in',
#	MS2 => '/usr/local/mailscanner.ak/mailscanner.ms2.in',
#	MS3 => '/usr/local/mailscanner.ak/mailscanner.ms3.in',
#	MS4 => '/usr/local/mailscanner.ak/mailscanner.ms4.in',
#	MS5 => '/usr/local/mailscanner.ak/mailscanner.ms5.in',
#	MS6 => '/usr/local/mailscanner.ak/mailscanner.ms6.in',
#	MS7 => '/usr/local/mailscanner.ak/mailscanner.ms7.in',
#	MS8 => '/usr/local/mailscanner.ak/mailscanner.ms8.in',
#	MS9 => '/usr/local/mailscanner.ak/mailscanner.ms9.in',
);

# hostspeed - larger numbers are faster
%hostspeed = (
#	IA => 1,
#	TX2 => 4,
#	AZ => 0.6,
#	CA => 9,
#	TMP => 100,
	MS1 => 2,
	MS2 => 2,
	MS3 => 2,
	MS4 => 15,
	MS5 => 15,
	MS6 => 30,
	MS7 => 30,
	MS8 => 30,
	MS9 => 30,
);

sub check_one { #$queuedirname
	open DH, "</var/CommuniGate/MS.Status/queues/count/$_[0]" or return 999999;
	read(DH, $MsgsInQueue, 10);
	close DH;
	chomp $MsgsInQueue;
	return $MsgsInQueue;
}

sub check_queues {

	$totfiles = 0;
	$totpoints = 0;
	foreach my $hostid (keys %hostlist) {
		$hostfiles{$hostid} = check_one(lc($hostid));
		$totfiles += $hostfiles{$hostid};
		# Assign points based on relative system speed
		#   We scale it up by 737 to reduce rounding errors with small numbers
		if ($hostspeed{$hostid}) {
			$hostpoints{$hostid} = ($hostfiles{$hostid} * 737) / $hostspeed{$hostid};
		}
		else {
			$hostpoints{$hostid} = $hostfiles{$hostid};
		}
	}

	@hostsort = sort { $hostpoints{$a} <=> $hostpoints{$b} } keys %hostpoints;
	printf ("MailScanner to %s - Tot:%2u ",
		$hostsort[0], $totfiles);  # displays in CommuniGate logs
	foreach my $hostid (keys %hostlist) {
		printf ("%s:%2u/%2u ", $hostid, $hostfiles{$hostid}, $hostpoints{$hostid});
	}
	print ("\n");
	return $hostlist{$hostsort[0]};
}

sub copy_stdin {
	# Extra headers added by prior rules
	my $hdrline;
	while (defined($hdrline = <STDIN>)) {
		print QF "H$hdrline";
		print " $hdrline ";	# display in logs
	}
}

my ($i, $file, $from, $rcpt, @tempv, @rcpt, @argv, $inbody, $inhdr, $inmeta);

$checkonly = 0;
for ($i = 0; $i <= $#ARGV; $i++) {  # parse in the arguments
   if (defined($ARGV[$i])) {
      if ($ARGV[$i] eq "-f") {      # the location of the cgp queue file
         $i++;
         $file = $ARGV[$i];
         }
      elsif ($ARGV[$i] eq "-c") {   # just check queue sizes and print result
	 $checkonly = 1;
         }
      else {                        # left over from debugging, these
         push (@argv, $ARGV[$i]);   # aren't actually used
         }
      }
   }
if (! $file) {
	$checkonly = 1;		# default if no parameters passed
}

$qdir = check_queues();		# load balance between servers
if ($checkonly) {
	exit(0);
}

open (JOB, "<$file");
open (QF, ">$qdir/msqf$$");    # minimize file moving by writing to final dir but
open (DF, ">$qdir/msdf$$");    #  under a different name to prevent Mailscanner taking it

print QF "V4\n";              # I don't think MS actually uses these
print QF "T" . time . "\n";   # qf lines, but it helps the qf file
print QF "K0\n";              # be a little more authentic
print QF "N0\n";              #
print QF "P150900\n";         #
  
$inmeta = 1;  # when reading the job file, are we still in the meta data?
$inhdr = 0;   # when reading the job file, are we in the rfc822 headers?
$inbody = 0;  # when reading the job file, are we in the rfc822 body/data?
$rec = 0;     # have we read the most recent Received header yet?
              # the most recent (first listed) Received header will
              # tell us the information we'll use in the qf file's $_
              # which is "which host relayed this message to us"

while (defined ($line = <JOB>)) {
   chomp $line;
   if ($line eq "") {  # blank lines demark meta, headers, and body sections
      if ($inmeta) {
         $inmeta = 0; $inhdr = 1;
         }
      elsif ($inhdr) {
         $inhdr = 0; $inbody = 1;
	 copy_stdin;
         if ( !($rec) ) {    # no received header = from localhost
            $rec = 1;
            print QF "\$_localhost [127.0.0.1]\n";    # print relay host
            print QF "S$from\n";      # print sender
            foreach $to (@rcpt) {     # print the recipient list 
               print QF "RPFD:$to\n";
               }
            }
         }
      }
   elsif ($inmeta) {
      if ($line =~ /^P/) {
         @tempv = split(/ /, $line);
         $from = $tempv[7];
         }
      elsif ($line =~ /^R/) {
         @tempv = split(/ /, $line);
         $rcpt = $tempv[7];
         push (@rcpt, $rcpt);
         }
      }
   elsif ($inhdr) {
      if ( (!($rec)) && ($line =~ /^Received:/) ) { # get relay host
         $rec = 1;
         if ($line =~ /^Received: from (.*) \((.* )?(\[.*\]).*/) {
            if (defined $2) {
               $h = $2;
               $h =~ s/\s*$//;
               }
            else {
               $h = $1;
               }
            $a = $3;
            print QF "\$_$h $a\n";    # print relay host
            }
         else {
            $line =~ /^Received: from (\[.*\]).*/;
            $a = $1;
            print QF "\$_$a\n";    # print relay host
            }
         print QF "S$from\n";      # print sender
         foreach $to (@rcpt) {     # print the recipient list 
            print QF "RPFD:$to\n";
            }
         print QF "H$line\n";  # then print the Received header
         }
      elsif ($line  !~ /^\s/) {    # get a header
         print QF "H$line\n";
         }
      else {                       # get the rest of a multi-line header
         print QF "$line\n";
         }
      }
   if ($inbody) {
      print DF "$line\n";
      }
   }

print QF ".\n"; # bat book 23.9.19, qf file should end in a "^\.$" line.

close (DF);
close (QF);
close(JOB);

# Rename the df file first, as Mailscanner looks for the qf and might interfere
#   Note that this used to mv the files from /tmp to qdir, but a fraction of the time
#   this failed due to race conditions with Mailscanner
rename ("$qdir/msdf$$", "$qdir/df$$");
rename ("$qdir/msqf$$", "$qdir/qf$$");

exit(0);
-------------- next part --------------
#!/usr/bin/perl

#   ms2cgp - part of a MailScanner to CommuniGate Pro gateway
#   Copyright (C) 2003  The Regents of the University of California
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#   The Author, John Rudd, can be by email at
#      jrudd@ucsc.edu
#
#
# ms2cgp -qI(id) ...
#
# This program acts as Mailscanner's outgoing "Sendmail2" program, taking
# an argument for each message Mailscanner (MS) has finished processing,
# and using that argument to find the pair of sendmail mqueue files that
# make up the message.  This program then re-combines them into an rfc822
# file and submits them back to Communigate Pro (CGP) via its Submitted directory
#
# Modified 11/4/04 by Randy Lindsey to skip "sendmail" program and just
#   write directly to Submitted in RFC822 format.

my $ServerPrefix = "MS1";	# make this unique per server
my $QDIR = "/etc/MailScanner/shared/queues/ms1/out";             # where MS sticks outgoing msgs.
my $SubDir = "/etc/MailScanner/mail.cluster/submx00";	# CG's Submitted directory
# my $Archive = "/extra/archivems2cgp/ia";

my ($job, $from, $rcpt, $df, $qf, $msg, $line);

use Sys::Syslog;
openlog('ms2cgp', 'pid', 'user');

foreach $job (@ARGV) { 
   $job =~ s/^-qI//;
   $qf = $QDIR . "/qf" . $job;     # the sendmail formatted queue file
   $df = $QDIR . "/df" . $job;     # the sendmail formatted data file
   $msg = $SubDir . "/" . $ServerPrefix . ".ms2cgp.$job.$$.tmp";    # the tempfile we'll give to CGP
   $rcpt = "";

   # syslog('info', "Job $job copying to archive $Archive");
   # system("/bin/cp -f $qf $Archive/qf$job");
   # system("/bin/cp -f $df $Archive/df$job");

   	syslog ('info', "job = $job");
		closelog();
   	syslog ('info', "qf = $qf");
		closelog();
	syslog ('info', "df = $df");
		closelog();
	syslog ('info', "msg = $msg");
		closelog();


	


   syslog('info', "Job $job writing to $msg");
   if (! open (QF, "<$qf")) {
      syslog('info', "Open input $qf failed, dying");
      closelog();
      die "Open input $qf failed!";
   }
   if (-e $msg) {
      syslog('info', "Output file exists $msg so failed, dying");
      closelog();
      die "Output file exists $msg";
   }
   if (! open (MSG, ">$msg")) {
      syslog('info', "Open output $msg failed, dying");
      closelog();
      die "Open output $msg failed!";
   }

   while (defined ($line = <QF>) ) {
      chomp $line;

      last if ($line =~ /^\./);  # Bat book 23.9.19

      if ($line =~ /^R/) {     # This is needed for Bcc per CGate Pipe specs (see help file)
         $line =~ s/^R[A-Z]*:/Envelope-To: /;  # change sendmail RPFD to Envelope-To
         print MSG "$line\n";
         }
      elsif ($line =~ /^H/) {     # get the headers and put them in the msg
         $line =~ s/^H//;
         print MSG "$line\n";
         }
      elsif ($line =~ /^\s/) {    # these should only be on line-wrapped
         print MSG "$line\n";     # headers, so put them in the msg
         }
      # there's no "else" because we don't care about the other lines
      }
   
   print MSG "\n"; # put in a blank line to make sure there's one between the
                   # headers and the data

   close (QF);
   close (MSG);

   # append the sendmail data file to the cgp message
   if (system ("/bin/cat $df >> $msg") == 0) {
      if (rename ($msg, "$msg.sub")) {
	 system ("/bin/rm $df $qf");
      } else {
	 syslog('info', "rename $msg $msg.sub failed");
      }
   } else {
      syslog('info', "cat $df to $msg failed");
   }
}
closelog();
exit(0);

From vasiliy at linuxspecial.com  Wed Jan 17 17:39:10 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 16:46:40 2007
Subject: Mailscanner Incoming Queue message format, CommunigatePro
In-Reply-To: <4588FD17.1030004@solidstatelogic.com>
References: <4588517D.9090301@linuxspecial.com>
	<4588FD17.1030004@solidstatelogic.com>
Message-ID: <45AE512E.4000608@linuxspecial.com>

Well,
    The Idea is simple.  If you have a CGP cluster, each one with 
independent queues.  We also have several MailScanner machines.  I dont 
want to step on any toes with queues, so trying to spread them apart.  
That is all :)

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Martin Hepworth wrote:
>
> Vasiliy Boulytchev wrote:
>> Gents,
>>    I need to interface several CommunigatePro servers into MS.  Right 
>> now, cfp2ms is responsible for splitting up the files into qf$$ and 
>> df$$ files,  can i replace
>>
>>
>> open (QF, ">$qdir/msqf$$");
>>
>> with
>>
>> open (QF, ">$qdir/msqf_1_$$");
>>
>> ?
>>
>> THANK YOU!
>>
> Vasily
>
> hmm just putting in CGP here - but keeping my MS environment on the 
> email gateway..;-)
>
> Perhaps you can explain more what you are doing, how and why???
>
From jonbjorn at mbl.is  Wed Jan 17 17:56:46 2007
From: jonbjorn at mbl.is (Jon Bjorn Njalsson)
Date: Wed Jan 17 17:00:24 2007
Subject: help fighting spam
In-Reply-To: <45AE4CEC.12974.1294EE3@cobalt-users1.fishnet.co.uk>
References: <1169049323.9054.43.camel@viper.mbl.is>
	, <19c25689f39e524dba62b52ceba238a0@solidstatelogic.com>
	<45AE4CEC.12974.1294EE3@cobalt-users1.fishnet.co.uk>
Message-ID: <1169053006.9125.11.camel@viper.mbl.is>

am i misunderstanding you guys or what ?

ok i am using SA with MS and have been running razor + SARE rules for a
long time. 
I think by uri-rbls are working because "most" of the time this spam is
stopped because "the website" has been reported to uribl.com
I have reported about 30 websites for the last 3 days to uribl.com
but some male enlargement spam is still getting through.

I have checked my dns querylogs and can verify the dns server looks up
those "sites" and if they are listed email gets quarentined, BUT how can
i get SA to check if the ipaddress for that particular site is listed or
not ? I really don?t care if the "site" is listed in uribl because the
site is only listed in dns for a day or 2 but the ipaddress remains the
same.

:) regards
jon

 On mi?, 2007-01-17 at 16:21 +0000, Ian wrote:
> On 17 Jan 2007 at 16:10, Martin.Hepworth wrote:
> 
> 
> > Jon
> > 
> > I'd check you URI-RBLS are working (as I think I suggested on the
> > sa-users list ;-)
> > 
> > Also dcc/pyzor/razor and the SARE/fred rules from
> www.rulesemporium.com
> > are useful (can't remember if I already mentioned this..)
> 
> 
> Hi,
> 
> 
> I can second this as all the emails you sent to the spamassassin list
> with that particular web address (I won't repeat it) were picked up by
> these rules:
> 
> 
> 3.00 URIBL_BLACK   
> 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 
> 
> 
> Luckily they fell just under my high scoring spam score because of
> BAYES_00 or I wouldn't have seen them :)
> 
> 
> Regards
> 
> 
> Ian
> -- 
> 
> 
> 
> 
> 
> 
>  

From vasiliy at linuxspecial.com  Wed Jan 17 18:00:15 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 17:02:35 2007
Subject: NO! Dont go! ms2cgp problem
In-Reply-To: <45AE52D7.4020504@ucsc.edu>
References: <458941F9.2090600@ucsc.edu> <45AE5044.1080209@linuxspecial.com>
	<45AE52D7.4020504@ucsc.edu>
Message-ID: <45AE561F.8040303@linuxspecial.com>

Thank you very much for looking into.  I think the problem is somewhere 
in MS itself, since I am able to call your scripts manually, and get the 
proper results.

THANKS!

Vasiliy Boulytchev
vasiliy@linuxspecial.com



John Rudd wrote:
>
>
> I haven't looked at those scripts in years...
>
> If I get a chance, I'll look at it, but I'm a little busy at the 
> moment (some on-going file server issues, and a web server that's down).
>
>
> John
>
>
>
> Vasiliy Boulytchev wrote:
>> John,
>>    First of all, THANK YOU SO MUCH for helping us out!  I have been 
>> using your cgp2ms and ms2cgp scripts for years flawlessly.
>>    Now that you decide to leave us, I get a problem with ms2cgp on a 
>> new install...
>>
>>    It seems the MS is not giving the correct $job value to the ms2cgp 
>> script.... syslog:
>>
>> -- 
>>    Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: job = 
>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: qf = 
>> /etc/MailScanner/shared/queues/ms1/out/qf-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 
>>
>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: df = 
>> /etc/MailScanner/shared/queues/ms1/out/df-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 
>>
>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: msg = 
>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp 
>>
>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Job 
>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out writing to 
>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp 
>>
>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Open input 
>> /etc/MailScanner/shared/queues/ms1/out/qf-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 
>> failed, dying
>> -- 
>>
>>    Now, if I call ms2cgp from commandline via this script:
>>   #!/usr/bin/perl -w
>>
>> opendir(DIR, ".");
>> @files = grep(/qf/,readdir(DIR));
>> closedir(DIR);
>>
>> foreach $file (@files) {
>>        substr($file, 0, 1) = "";
>>        substr($file, 0, 1) = "";
>>        system ("/usr/local/etc/ms2cgp $file");
>> }
>>
>>    The batch processes just fine, syslog:
>>
>> -- 
>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: job = 19659
>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: qf = 
>> /etc/MailScanner/shared/queues/ms1/out/qf19659
>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: df = 
>> /etc/MailScanner/shared/queues/ms1/out/df19659
>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: msg = 
>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: Job 19659 writing to 
>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
>> -- 
>>
>>    So it seems to me, MS is not passing the correct $job value... 
>> furthermore, why is it making it -OQueueDirectory!?!?!?
>>
>>    What do you guys think?
>>
>>    THANK YOU VERY MUCH!!!  My cgp2ms and ms2cgp scripts are attached.
>>
>> Vasiliy Boulytchev
>> vasiliy@linuxspecial.com
>>
>>
>>
>> John Rudd wrote:
>>>
>>>
>>> Just wanted to thank everyone at this list, starting with Julian, 
>>> but also several of the subscribers who given a lot of information 
>>> and input over the years I've been here.  At some points, this was 
>>> an incredibly valuable and informative mailing list for me.
>>>
>>> And, what has changed is not the list.  The list, and the vast 
>>> majority of its subscribers, are still great.  What changed were my 
>>> anti-spam/anti-virus needs.  I'm moving to solutions that operate 
>>> entirely during the SMTP session.  As a result, I decommissioned my 
>>> last mailscanner system 2 weeks ago.
>>>
>>> After a short waiting period to be sure I wasn't going to need to 
>>> roll back, or have any other mailscanner related questions, I'm 
>>> going to be unsubscribing from the list later today.
>>>
>>> I wish all of you the best, and thank you for a great set of 
>>> software, a great source of information resources, and a great 
>>> source of conversation over the last 4 or 5 years.
>>
>> ------------------------------------------------------------------------
>>
>> #!/usr/bin/perl
>>
>> #   cgp2ms - part of a MailScanner to CommuniGate Pro gateway
>> #   Copyright (C) 2003  The Regents of the University of California
>> #
>> #   This program is free software; you can redistribute it and/or modify
>> #   it under the terms of the GNU General Public License as published by
>> #   the Free Software Foundation; either version 2 of the License, or
>> #   (at your option) any later version.
>> #
>> #   This program is distributed in the hope that it will be useful,
>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> #   GNU General Public License for more details.
>> #
>> #   You should have received a copy of the GNU General Public License
>> #   along with this program; if not, write to the Free Software #   
>> Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  
>> USA
>> #
>> #   The Author, John Rudd, can be by email at
>> #      jrudd@ucsc.edu
>> #
>> # cgp2ms -f file   Actually process the given file
>> #  or
>> # cgp2ms -c   Just check the queue sizes and print result #
>> # This program is used by CommuniGate Pro as an "execute" filter.  It 
>> takes
>> # in arguments that define where the CommuniGate Pro (CGP) queue file 
>> lives
>> # and uses the queue file to create a sendmail formated queue file 
>> (qf) and
>> # data file (df) pair.  These two files are then inserted into the
>> # MailScanner (MS) incoming queue directory.  When MS is done, it 
>> will use a
>> # program which is a companion to this one, ms2cgp, # to give the 
>> message
>> # back to CGP.
>> #
>> # Modified 10/2004 by Vasiliy Boulytchev and Randy Lindsey
>> #   Added load balancing and sped up processing for larger volume
>> # 12/19/2004 Randy Lindsey
>> #   Rather than read queuedirs for qf* files across remote shares,
>> #   this version reads a set of files created on each system 
>> containing the queue count
>> #   # To take a host offline, just comment out its line in hostlist
>> %hostlist = (
>> #    IA => '/var/CommuniGate/MailScanner/Incoming',
>> #    TX2 => '/usr/local/mailscanner.tx2',
>> #    AZ => '/usr/local/mailscanner.az',
>> #    TMP => '/usr/local/mailscanner.tmp',
>> #    CA => '/usr/local/mailscanner.ak/mailscanner.in',
>>     MS1 => '/var/CommuniGate/MS.Status/queues/ms1/in',
>> #    MS2 => '/usr/local/mailscanner.ak/mailscanner.ms2.in',
>> #    MS3 => '/usr/local/mailscanner.ak/mailscanner.ms3.in',
>> #    MS4 => '/usr/local/mailscanner.ak/mailscanner.ms4.in',
>> #    MS5 => '/usr/local/mailscanner.ak/mailscanner.ms5.in',
>> #    MS6 => '/usr/local/mailscanner.ak/mailscanner.ms6.in',
>> #    MS7 => '/usr/local/mailscanner.ak/mailscanner.ms7.in',
>> #    MS8 => '/usr/local/mailscanner.ak/mailscanner.ms8.in',
>> #    MS9 => '/usr/local/mailscanner.ak/mailscanner.ms9.in',
>> );
>>
>> # hostspeed - larger numbers are faster
>> %hostspeed = (
>> #    IA => 1,
>> #    TX2 => 4,
>> #    AZ => 0.6,
>> #    CA => 9,
>> #    TMP => 100,
>>     MS1 => 2,
>>     MS2 => 2,
>>     MS3 => 2,
>>     MS4 => 15,
>>     MS5 => 15,
>>     MS6 => 30,
>>     MS7 => 30,
>>     MS8 => 30,
>>     MS9 => 30,
>> );
>>
>> sub check_one { #$queuedirname
>>     open DH, "</var/CommuniGate/MS.Status/queues/count/$_[0]" or 
>> return 999999;
>>     read(DH, $MsgsInQueue, 10);
>>     close DH;
>>     chomp $MsgsInQueue;
>>     return $MsgsInQueue;
>> }
>>
>> sub check_queues {
>>
>>     $totfiles = 0;
>>     $totpoints = 0;
>>     foreach my $hostid (keys %hostlist) {
>>         $hostfiles{$hostid} = check_one(lc($hostid));
>>         $totfiles += $hostfiles{$hostid};
>>         # Assign points based on relative system speed
>>         #   We scale it up by 737 to reduce rounding errors with 
>> small numbers
>>         if ($hostspeed{$hostid}) {
>>             $hostpoints{$hostid} = ($hostfiles{$hostid} * 737) / 
>> $hostspeed{$hostid};
>>         }
>>         else {
>>             $hostpoints{$hostid} = $hostfiles{$hostid};
>>         }
>>     }
>>
>>     @hostsort = sort { $hostpoints{$a} <=> $hostpoints{$b} } keys 
>> %hostpoints;
>>     printf ("MailScanner to %s - Tot:%2u ",
>>         $hostsort[0], $totfiles);  # displays in CommuniGate logs
>>     foreach my $hostid (keys %hostlist) {
>>         printf ("%s:%2u/%2u ", $hostid, $hostfiles{$hostid}, 
>> $hostpoints{$hostid});
>>     }
>>     print ("\n");
>>     return $hostlist{$hostsort[0]};
>> }
>>
>> sub copy_stdin {
>>     # Extra headers added by prior rules
>>     my $hdrline;
>>     while (defined($hdrline = <STDIN>)) {
>>         print QF "H$hdrline";
>>         print " $hdrline ";    # display in logs
>>     }
>> }
>>
>> my ($i, $file, $from, $rcpt, @tempv, @rcpt, @argv, $inbody, $inhdr, 
>> $inmeta);
>>
>> $checkonly = 0;
>> for ($i = 0; $i <= $#ARGV; $i++) {  # parse in the arguments
>>    if (defined($ARGV[$i])) {
>>       if ($ARGV[$i] eq "-f") {      # the location of the cgp queue file
>>          $i++;
>>          $file = $ARGV[$i];
>>          }
>>       elsif ($ARGV[$i] eq "-c") {   # just check queue sizes and 
>> print result
>>      $checkonly = 1;
>>          }
>>       else {                        # left over from debugging, these
>>          push (@argv, $ARGV[$i]);   # aren't actually used
>>          }
>>       }
>>    }
>> if (! $file) {
>>     $checkonly = 1;        # default if no parameters passed
>> }
>>
>> $qdir = check_queues();        # load balance between servers
>> if ($checkonly) {
>>     exit(0);
>> }
>>
>> open (JOB, "<$file");
>> open (QF, ">$qdir/msqf$$");    # minimize file moving by writing to 
>> final dir but
>> open (DF, ">$qdir/msdf$$");    #  under a different name to prevent 
>> Mailscanner taking it
>>
>> print QF "V4\n";              # I don't think MS actually uses these
>> print QF "T" . time . "\n";   # qf lines, but it helps the qf file
>> print QF "K0\n";              # be a little more authentic
>> print QF "N0\n";              #
>> print QF "P150900\n";         #
>>   $inmeta = 1;  # when reading the job file, are we still in the meta 
>> data?
>> $inhdr = 0;   # when reading the job file, are we in the rfc822 headers?
>> $inbody = 0;  # when reading the job file, are we in the rfc822 
>> body/data?
>> $rec = 0;     # have we read the most recent Received header yet?
>>               # the most recent (first listed) Received header will
>>               # tell us the information we'll use in the qf file's $_
>>               # which is "which host relayed this message to us"
>>
>> while (defined ($line = <JOB>)) {
>>    chomp $line;
>>    if ($line eq "") {  # blank lines demark meta, headers, and body 
>> sections
>>       if ($inmeta) {
>>          $inmeta = 0; $inhdr = 1;
>>          }
>>       elsif ($inhdr) {
>>          $inhdr = 0; $inbody = 1;
>>      copy_stdin;
>>          if ( !($rec) ) {    # no received header = from localhost
>>             $rec = 1;
>>             print QF "\$_localhost [127.0.0.1]\n";    # print relay host
>>             print QF "S$from\n";      # print sender
>>             foreach $to (@rcpt) {     # print the recipient list 
>>                print QF "RPFD:$to\n";
>>                }
>>             }
>>          }
>>       }
>>    elsif ($inmeta) {
>>       if ($line =~ /^P/) {
>>          @tempv = split(/ /, $line);
>>          $from = $tempv[7];
>>          }
>>       elsif ($line =~ /^R/) {
>>          @tempv = split(/ /, $line);
>>          $rcpt = $tempv[7];
>>          push (@rcpt, $rcpt);
>>          }
>>       }
>>    elsif ($inhdr) {
>>       if ( (!($rec)) && ($line =~ /^Received:/) ) { # get relay host
>>          $rec = 1;
>>          if ($line =~ /^Received: from (.*) \((.* )?(\[.*\]).*/) {
>>             if (defined $2) {
>>                $h = $2;
>>                $h =~ s/\s*$//;
>>                }
>>             else {
>>                $h = $1;
>>                }
>>             $a = $3;
>>             print QF "\$_$h $a\n";    # print relay host
>>             }
>>          else {
>>             $line =~ /^Received: from (\[.*\]).*/;
>>             $a = $1;
>>             print QF "\$_$a\n";    # print relay host
>>             }
>>          print QF "S$from\n";      # print sender
>>          foreach $to (@rcpt) {     # print the recipient list 
>>             print QF "RPFD:$to\n";
>>             }
>>          print QF "H$line\n";  # then print the Received header
>>          }
>>       elsif ($line  !~ /^\s/) {    # get a header
>>          print QF "H$line\n";
>>          }
>>       else {                       # get the rest of a multi-line header
>>          print QF "$line\n";
>>          }
>>       }
>>    if ($inbody) {
>>       print DF "$line\n";
>>       }
>>    }
>>
>> print QF ".\n"; # bat book 23.9.19, qf file should end in a "^\.$" line.
>>
>> close (DF);
>> close (QF);
>> close(JOB);
>>
>> # Rename the df file first, as Mailscanner looks for the qf and might 
>> interfere
>> #   Note that this used to mv the files from /tmp to qdir, but a 
>> fraction of the time
>> #   this failed due to race conditions with Mailscanner
>> rename ("$qdir/msdf$$", "$qdir/df$$");
>> rename ("$qdir/msqf$$", "$qdir/qf$$");
>>
>> exit(0);
>>
>>
>> ------------------------------------------------------------------------
>>
>> #!/usr/bin/perl
>>
>> #   ms2cgp - part of a MailScanner to CommuniGate Pro gateway
>> #   Copyright (C) 2003  The Regents of the University of California
>> #
>> #   This program is free software; you can redistribute it and/or modify
>> #   it under the terms of the GNU General Public License as published by
>> #   the Free Software Foundation; either version 2 of the License, or
>> #   (at your option) any later version.
>> #
>> #   This program is distributed in the hope that it will be useful,
>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> #   GNU General Public License for more details.
>> #
>> #   You should have received a copy of the GNU General Public License
>> #   along with this program; if not, write to the Free Software
>> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  
>> 02111-1307  USA
>> #
>> #   The Author, John Rudd, can be by email at
>> #      jrudd@ucsc.edu
>> #
>> #
>> # ms2cgp -qI(id) ...
>> #
>> # This program acts as Mailscanner's outgoing "Sendmail2" program, 
>> taking
>> # an argument for each message Mailscanner (MS) has finished processing,
>> # and using that argument to find the pair of sendmail mqueue files that
>> # make up the message.  This program then re-combines them into an 
>> rfc822
>> # file and submits them back to Communigate Pro (CGP) via its 
>> Submitted directory
>> #
>> # Modified 11/4/04 by Randy Lindsey to skip "sendmail" program and just
>> #   write directly to Submitted in RFC822 format.
>>
>> my $ServerPrefix = "MS1";    # make this unique per server
>> my $QDIR = "/etc/MailScanner/shared/queues/ms1/out";             # 
>> where MS sticks outgoing msgs.
>> my $SubDir = "/etc/MailScanner/mail.cluster/submx00";    # CG's 
>> Submitted directory
>> # my $Archive = "/extra/archivems2cgp/ia";
>>
>> my ($job, $from, $rcpt, $df, $qf, $msg, $line);
>>
>> use Sys::Syslog;
>> openlog('ms2cgp', 'pid', 'user');
>>
>> foreach $job (@ARGV) {    $job =~ s/^-qI//;
>>    $qf = $QDIR . "/qf" . $job;     # the sendmail formatted queue file
>>    $df = $QDIR . "/df" . $job;     # the sendmail formatted data file
>>    $msg = $SubDir . "/" . $ServerPrefix . ".ms2cgp.$job.$$.tmp";    # 
>> the tempfile we'll give to CGP
>>    $rcpt = "";
>>
>>    # syslog('info', "Job $job copying to archive $Archive");
>>    # system("/bin/cp -f $qf $Archive/qf$job");
>>    # system("/bin/cp -f $df $Archive/df$job");
>>
>>        syslog ('info', "job = $job");
>>         closelog();
>>        syslog ('info', "qf = $qf");
>>         closelog();
>>     syslog ('info', "df = $df");
>>         closelog();
>>     syslog ('info', "msg = $msg");
>>         closelog();
>>
>>
>>     
>>
>>
>>    syslog('info', "Job $job writing to $msg");
>>    if (! open (QF, "<$qf")) {
>>       syslog('info', "Open input $qf failed, dying");
>>       closelog();
>>       die "Open input $qf failed!";
>>    }
>>    if (-e $msg) {
>>       syslog('info', "Output file exists $msg so failed, dying");
>>       closelog();
>>       die "Output file exists $msg";
>>    }
>>    if (! open (MSG, ">$msg")) {
>>       syslog('info', "Open output $msg failed, dying");
>>       closelog();
>>       die "Open output $msg failed!";
>>    }
>>
>>    while (defined ($line = <QF>) ) {
>>       chomp $line;
>>
>>       last if ($line =~ /^\./);  # Bat book 23.9.19
>>
>>       if ($line =~ /^R/) {     # This is needed for Bcc per CGate 
>> Pipe specs (see help file)
>>          $line =~ s/^R[A-Z]*:/Envelope-To: /;  # change sendmail RPFD 
>> to Envelope-To
>>          print MSG "$line\n";
>>          }
>>       elsif ($line =~ /^H/) {     # get the headers and put them in 
>> the msg
>>          $line =~ s/^H//;
>>          print MSG "$line\n";
>>          }
>>       elsif ($line =~ /^\s/) {    # these should only be on line-wrapped
>>          print MSG "$line\n";     # headers, so put them in the msg
>>          }
>>       # there's no "else" because we don't care about the other lines
>>       }
>>       print MSG "\n"; # put in a blank line to make sure there's one 
>> between the
>>                    # headers and the data
>>
>>    close (QF);
>>    close (MSG);
>>
>>    # append the sendmail data file to the cgp message
>>    if (system ("/bin/cat $df >> $msg") == 0) {
>>       if (rename ($msg, "$msg.sub")) {
>>      system ("/bin/rm $df $qf");
>>       } else {
>>      syslog('info', "rename $msg $msg.sub failed");
>>       }
>>    } else {
>>       syslog('info', "cat $df to $msg failed");
>>    }
>> }
>> closelog();
>> exit(0);
>>
From vasiliy at linuxspecial.com  Wed Jan 17 18:10:46 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 17:19:15 2007
Subject: NO! Dont go! ms2cgp problem
In-Reply-To: <45AE5044.1080209@linuxspecial.com>
References: <458941F9.2090600@ucsc.edu> <45AE5044.1080209@linuxspecial.com>
Message-ID: <45AE5896.6010709@linuxspecial.com>

OK, a bit more information...

cd /usr
grep -R QueueDirectory *

lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q30m 
-OQueueDirectory=/var/spool/mqueue.spam
lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q60m 
-OQueueDirectory=/var/spool/mqueue.highspam
lib/MailScanner/MailScanner/Sendmail.pm:      $args = " 
-OQueueDirectory=$outqdir " if $outqdir;

src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-4.57.6/lib/MailScanner/CustomConfig.pm:#    
sendmail -q30m -OQueueDirectory=/var/spool/mqueue.spam
src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-4.57.6/lib/MailScanner/CustomConfig.pm:#    
sendmail -q60m -OQueueDirectory=/var/spool/mqueue.highspam
src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-4.57.6/lib/MailScanner/Sendmail.pm:      
$args = " -OQueueDirectory=$outqdir " if $outqdir;
src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-4.57.6/INSTALL.OpenBSD:      
sendmail_flags="-bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly 
-OQueueDirectory=/var/spool/mqueue.in"

Any suggestions? :)

Again, I really dont need sendmail, I dont know why its everywhere.  
probably my misunderstanding....

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Vasiliy Boulytchev wrote:
> John,
>    First of all, THANK YOU SO MUCH for helping us out!  I have been 
> using your cgp2ms and ms2cgp scripts for years flawlessly.
>    Now that you decide to leave us, I get a problem with ms2cgp on a 
> new install...
>
>    It seems the MS is not giving the correct $job value to the ms2cgp 
> script.... syslog:
>
> -- 
>    Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: job = 
> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: qf = 
> /etc/MailScanner/shared/queues/ms1/out/qf-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 
>
> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: df = 
> /etc/MailScanner/shared/queues/ms1/out/df-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 
>
> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: msg = 
> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp 
>
> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Job 
> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out writing to 
> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp 
>
> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Open input 
> /etc/MailScanner/shared/queues/ms1/out/qf-OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out 
> failed, dying
> -- 
>
>    Now, if I call ms2cgp from commandline via this script:
>   #!/usr/bin/perl -w
>
> opendir(DIR, ".");
> @files = grep(/qf/,readdir(DIR));
> closedir(DIR);
>
> foreach $file (@files) {
>        substr($file, 0, 1) = "";
>        substr($file, 0, 1) = "";
>        system ("/usr/local/etc/ms2cgp $file");
> }
>
>    The batch processes just fine, syslog:
>
> -- 
> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: job = 19659
> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: qf = 
> /etc/MailScanner/shared/queues/ms1/out/qf19659
> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: df = 
> /etc/MailScanner/shared/queues/ms1/out/df19659
> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: msg = 
> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: Job 19659 writing to 
> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
> -- 
>
>    So it seems to me, MS is not passing the correct $job value... 
> furthermore, why is it making it -OQueueDirectory!?!?!?
>
>    What do you guys think?
>
>    THANK YOU VERY MUCH!!!  My cgp2ms and ms2cgp scripts are attached.
>
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
>
>
>
> John Rudd wrote:
>>
>>
>> Just wanted to thank everyone at this list, starting with Julian, but 
>> also several of the subscribers who given a lot of information and 
>> input over the years I've been here.  At some points, this was an 
>> incredibly valuable and informative mailing list for me.
>>
>> And, what has changed is not the list.  The list, and the vast 
>> majority of its subscribers, are still great.  What changed were my 
>> anti-spam/anti-virus needs.  I'm moving to solutions that operate 
>> entirely during the SMTP session.  As a result, I decommissioned my 
>> last mailscanner system 2 weeks ago.
>>
>> After a short waiting period to be sure I wasn't going to need to 
>> roll back, or have any other mailscanner related questions, I'm going 
>> to be unsubscribing from the list later today.
>>
>> I wish all of you the best, and thank you for a great set of 
>> software, a great source of information resources, and a great source 
>> of conversation over the last 4 or 5 years.
> ------------------------------------------------------------------------
>
> #!/usr/bin/perl
>
> #   cgp2ms - part of a MailScanner to CommuniGate Pro gateway
> #   Copyright (C) 2003  The Regents of the University of California
> #
> #   This program is free software; you can redistribute it and/or modify
> #   it under the terms of the GNU General Public License as published by
> #   the Free Software Foundation; either version 2 of the License, or
> #   (at your option) any later version.
> #
> #   This program is distributed in the hope that it will be useful,
> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> #   GNU General Public License for more details.
> #
> #   You should have received a copy of the GNU General Public License
> #   along with this program; if not, write to the Free Software 
> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
> #
> #   The Author, John Rudd, can be by email at
> #      jrudd@ucsc.edu
> #
> # cgp2ms -f file   Actually process the given file
> #  or
> # cgp2ms -c   Just check the queue sizes and print result 
> #
> # This program is used by CommuniGate Pro as an "execute" filter.  It takes
> # in arguments that define where the CommuniGate Pro (CGP) queue file lives
> # and uses the queue file to create a sendmail formated queue file (qf) and
> # data file (df) pair.  These two files are then inserted into the
> # MailScanner (MS) incoming queue directory.  When MS is done, it will use a
> # program which is a companion to this one, ms2cgp, # to give the message
> # back to CGP.
> #
> # Modified 10/2004 by Vasiliy Boulytchev and Randy Lindsey
> #   Added load balancing and sped up processing for larger volume
> # 12/19/2004 Randy Lindsey
> #   Rather than read queuedirs for qf* files across remote shares,
> #   this version reads a set of files created on each system containing the queue count
> #   
> # To take a host offline, just comment out its line in hostlist
> %hostlist = (
> #	IA => '/var/CommuniGate/MailScanner/Incoming',
> #	TX2 => '/usr/local/mailscanner.tx2',
> #	AZ => '/usr/local/mailscanner.az',
> #	TMP => '/usr/local/mailscanner.tmp',
> #	CA => '/usr/local/mailscanner.ak/mailscanner.in',
> 	MS1 => '/var/CommuniGate/MS.Status/queues/ms1/in',
> #	MS2 => '/usr/local/mailscanner.ak/mailscanner.ms2.in',
> #	MS3 => '/usr/local/mailscanner.ak/mailscanner.ms3.in',
> #	MS4 => '/usr/local/mailscanner.ak/mailscanner.ms4.in',
> #	MS5 => '/usr/local/mailscanner.ak/mailscanner.ms5.in',
> #	MS6 => '/usr/local/mailscanner.ak/mailscanner.ms6.in',
> #	MS7 => '/usr/local/mailscanner.ak/mailscanner.ms7.in',
> #	MS8 => '/usr/local/mailscanner.ak/mailscanner.ms8.in',
> #	MS9 => '/usr/local/mailscanner.ak/mailscanner.ms9.in',
> );
>
> # hostspeed - larger numbers are faster
> %hostspeed = (
> #	IA => 1,
> #	TX2 => 4,
> #	AZ => 0.6,
> #	CA => 9,
> #	TMP => 100,
> 	MS1 => 2,
> 	MS2 => 2,
> 	MS3 => 2,
> 	MS4 => 15,
> 	MS5 => 15,
> 	MS6 => 30,
> 	MS7 => 30,
> 	MS8 => 30,
> 	MS9 => 30,
> );
>
> sub check_one { #$queuedirname
> 	open DH, "</var/CommuniGate/MS.Status/queues/count/$_[0]" or return 999999;
> 	read(DH, $MsgsInQueue, 10);
> 	close DH;
> 	chomp $MsgsInQueue;
> 	return $MsgsInQueue;
> }
>
> sub check_queues {
>
> 	$totfiles = 0;
> 	$totpoints = 0;
> 	foreach my $hostid (keys %hostlist) {
> 		$hostfiles{$hostid} = check_one(lc($hostid));
> 		$totfiles += $hostfiles{$hostid};
> 		# Assign points based on relative system speed
> 		#   We scale it up by 737 to reduce rounding errors with small numbers
> 		if ($hostspeed{$hostid}) {
> 			$hostpoints{$hostid} = ($hostfiles{$hostid} * 737) / $hostspeed{$hostid};
> 		}
> 		else {
> 			$hostpoints{$hostid} = $hostfiles{$hostid};
> 		}
> 	}
>
> 	@hostsort = sort { $hostpoints{$a} <=> $hostpoints{$b} } keys %hostpoints;
> 	printf ("MailScanner to %s - Tot:%2u ",
> 		$hostsort[0], $totfiles);  # displays in CommuniGate logs
> 	foreach my $hostid (keys %hostlist) {
> 		printf ("%s:%2u/%2u ", $hostid, $hostfiles{$hostid}, $hostpoints{$hostid});
> 	}
> 	print ("\n");
> 	return $hostlist{$hostsort[0]};
> }
>
> sub copy_stdin {
> 	# Extra headers added by prior rules
> 	my $hdrline;
> 	while (defined($hdrline = <STDIN>)) {
> 		print QF "H$hdrline";
> 		print " $hdrline ";	# display in logs
> 	}
> }
>
> my ($i, $file, $from, $rcpt, @tempv, @rcpt, @argv, $inbody, $inhdr, $inmeta);
>
> $checkonly = 0;
> for ($i = 0; $i <= $#ARGV; $i++) {  # parse in the arguments
>    if (defined($ARGV[$i])) {
>       if ($ARGV[$i] eq "-f") {      # the location of the cgp queue file
>          $i++;
>          $file = $ARGV[$i];
>          }
>       elsif ($ARGV[$i] eq "-c") {   # just check queue sizes and print result
> 	 $checkonly = 1;
>          }
>       else {                        # left over from debugging, these
>          push (@argv, $ARGV[$i]);   # aren't actually used
>          }
>       }
>    }
> if (! $file) {
> 	$checkonly = 1;		# default if no parameters passed
> }
>
> $qdir = check_queues();		# load balance between servers
> if ($checkonly) {
> 	exit(0);
> }
>
> open (JOB, "<$file");
> open (QF, ">$qdir/msqf$$");    # minimize file moving by writing to final dir but
> open (DF, ">$qdir/msdf$$");    #  under a different name to prevent Mailscanner taking it
>
> print QF "V4\n";              # I don't think MS actually uses these
> print QF "T" . time . "\n";   # qf lines, but it helps the qf file
> print QF "K0\n";              # be a little more authentic
> print QF "N0\n";              #
> print QF "P150900\n";         #
>   
> $inmeta = 1;  # when reading the job file, are we still in the meta data?
> $inhdr = 0;   # when reading the job file, are we in the rfc822 headers?
> $inbody = 0;  # when reading the job file, are we in the rfc822 body/data?
> $rec = 0;     # have we read the most recent Received header yet?
>               # the most recent (first listed) Received header will
>               # tell us the information we'll use in the qf file's $_
>               # which is "which host relayed this message to us"
>
> while (defined ($line = <JOB>)) {
>    chomp $line;
>    if ($line eq "") {  # blank lines demark meta, headers, and body sections
>       if ($inmeta) {
>          $inmeta = 0; $inhdr = 1;
>          }
>       elsif ($inhdr) {
>          $inhdr = 0; $inbody = 1;
> 	 copy_stdin;
>          if ( !($rec) ) {    # no received header = from localhost
>             $rec = 1;
>             print QF "\$_localhost [127.0.0.1]\n";    # print relay host
>             print QF "S$from\n";      # print sender
>             foreach $to (@rcpt) {     # print the recipient list 
>                print QF "RPFD:$to\n";
>                }
>             }
>          }
>       }
>    elsif ($inmeta) {
>       if ($line =~ /^P/) {
>          @tempv = split(/ /, $line);
>          $from = $tempv[7];
>          }
>       elsif ($line =~ /^R/) {
>          @tempv = split(/ /, $line);
>          $rcpt = $tempv[7];
>          push (@rcpt, $rcpt);
>          }
>       }
>    elsif ($inhdr) {
>       if ( (!($rec)) && ($line =~ /^Received:/) ) { # get relay host
>          $rec = 1;
>          if ($line =~ /^Received: from (.*) \((.* )?(\[.*\]).*/) {
>             if (defined $2) {
>                $h = $2;
>                $h =~ s/\s*$//;
>                }
>             else {
>                $h = $1;
>                }
>             $a = $3;
>             print QF "\$_$h $a\n";    # print relay host
>             }
>          else {
>             $line =~ /^Received: from (\[.*\]).*/;
>             $a = $1;
>             print QF "\$_$a\n";    # print relay host
>             }
>          print QF "S$from\n";      # print sender
>          foreach $to (@rcpt) {     # print the recipient list 
>             print QF "RPFD:$to\n";
>             }
>          print QF "H$line\n";  # then print the Received header
>          }
>       elsif ($line  !~ /^\s/) {    # get a header
>          print QF "H$line\n";
>          }
>       else {                       # get the rest of a multi-line header
>          print QF "$line\n";
>          }
>       }
>    if ($inbody) {
>       print DF "$line\n";
>       }
>    }
>
> print QF ".\n"; # bat book 23.9.19, qf file should end in a "^\.$" line.
>
> close (DF);
> close (QF);
> close(JOB);
>
> # Rename the df file first, as Mailscanner looks for the qf and might interfere
> #   Note that this used to mv the files from /tmp to qdir, but a fraction of the time
> #   this failed due to race conditions with Mailscanner
> rename ("$qdir/msdf$$", "$qdir/df$$");
> rename ("$qdir/msqf$$", "$qdir/qf$$");
>
> exit(0);
>   
> ------------------------------------------------------------------------
>
> #!/usr/bin/perl
>
> #   ms2cgp - part of a MailScanner to CommuniGate Pro gateway
> #   Copyright (C) 2003  The Regents of the University of California
> #
> #   This program is free software; you can redistribute it and/or modify
> #   it under the terms of the GNU General Public License as published by
> #   the Free Software Foundation; either version 2 of the License, or
> #   (at your option) any later version.
> #
> #   This program is distributed in the hope that it will be useful,
> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> #   GNU General Public License for more details.
> #
> #   You should have received a copy of the GNU General Public License
> #   along with this program; if not, write to the Free Software
> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
> #
> #   The Author, John Rudd, can be by email at
> #      jrudd@ucsc.edu
> #
> #
> # ms2cgp -qI(id) ...
> #
> # This program acts as Mailscanner's outgoing "Sendmail2" program, taking
> # an argument for each message Mailscanner (MS) has finished processing,
> # and using that argument to find the pair of sendmail mqueue files that
> # make up the message.  This program then re-combines them into an rfc822
> # file and submits them back to Communigate Pro (CGP) via its Submitted directory
> #
> # Modified 11/4/04 by Randy Lindsey to skip "sendmail" program and just
> #   write directly to Submitted in RFC822 format.
>
> my $ServerPrefix = "MS1";	# make this unique per server
> my $QDIR = "/etc/MailScanner/shared/queues/ms1/out";             # where MS sticks outgoing msgs.
> my $SubDir = "/etc/MailScanner/mail.cluster/submx00";	# CG's Submitted directory
> # my $Archive = "/extra/archivems2cgp/ia";
>
> my ($job, $from, $rcpt, $df, $qf, $msg, $line);
>
> use Sys::Syslog;
> openlog('ms2cgp', 'pid', 'user');
>
> foreach $job (@ARGV) { 
>    $job =~ s/^-qI//;
>    $qf = $QDIR . "/qf" . $job;     # the sendmail formatted queue file
>    $df = $QDIR . "/df" . $job;     # the sendmail formatted data file
>    $msg = $SubDir . "/" . $ServerPrefix . ".ms2cgp.$job.$$.tmp";    # the tempfile we'll give to CGP
>    $rcpt = "";
>
>    # syslog('info', "Job $job copying to archive $Archive");
>    # system("/bin/cp -f $qf $Archive/qf$job");
>    # system("/bin/cp -f $df $Archive/df$job");
>
>    	syslog ('info', "job = $job");
> 		closelog();
>    	syslog ('info', "qf = $qf");
> 		closelog();
> 	syslog ('info', "df = $df");
> 		closelog();
> 	syslog ('info', "msg = $msg");
> 		closelog();
>
>
> 	
>
>
>    syslog('info', "Job $job writing to $msg");
>    if (! open (QF, "<$qf")) {
>       syslog('info', "Open input $qf failed, dying");
>       closelog();
>       die "Open input $qf failed!";
>    }
>    if (-e $msg) {
>       syslog('info', "Output file exists $msg so failed, dying");
>       closelog();
>       die "Output file exists $msg";
>    }
>    if (! open (MSG, ">$msg")) {
>       syslog('info', "Open output $msg failed, dying");
>       closelog();
>       die "Open output $msg failed!";
>    }
>
>    while (defined ($line = <QF>) ) {
>       chomp $line;
>
>       last if ($line =~ /^\./);  # Bat book 23.9.19
>
>       if ($line =~ /^R/) {     # This is needed for Bcc per CGate Pipe specs (see help file)
>          $line =~ s/^R[A-Z]*:/Envelope-To: /;  # change sendmail RPFD to Envelope-To
>          print MSG "$line\n";
>          }
>       elsif ($line =~ /^H/) {     # get the headers and put them in the msg
>          $line =~ s/^H//;
>          print MSG "$line\n";
>          }
>       elsif ($line =~ /^\s/) {    # these should only be on line-wrapped
>          print MSG "$line\n";     # headers, so put them in the msg
>          }
>       # there's no "else" because we don't care about the other lines
>       }
>    
>    print MSG "\n"; # put in a blank line to make sure there's one between the
>                    # headers and the data
>
>    close (QF);
>    close (MSG);
>
>    # append the sendmail data file to the cgp message
>    if (system ("/bin/cat $df >> $msg") == 0) {
>       if (rename ($msg, "$msg.sub")) {
> 	 system ("/bin/rm $df $qf");
>       } else {
> 	 syslog('info', "rename $msg $msg.sub failed");
>       }
>    } else {
>       syslog('info', "cat $df to $msg failed");
>    }
> }
> closelog();
> exit(0);
>
>   
From martinh at solidstatelogic.com  Wed Jan 17 18:22:06 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 17 17:24:35 2007
Subject: NO! Dont go! ms2cgp problem
In-Reply-To: <45AE5896.6010709@linuxspecial.com>
Message-ID: <202265bb0d6146489e8a4395653e3ef6@solidstatelogic.com>

Vasiliy

Nothing to do with the recent change in MS's lock type is it??

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Vasiliy Boulytchev
> Sent: 17 January 2007 17:11
> To: MailScanner discussion
> Cc: jrudd@ucsc.edu
> Subject: Re: NO! Dont go! ms2cgp problem
>
> OK, a bit more information...
>
> cd /usr
> grep -R QueueDirectory *
>
> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q30m
> -OQueueDirectory=/var/spool/mqueue.spam
> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q60m
> -OQueueDirectory=/var/spool/mqueue.highspam
> lib/MailScanner/MailScanner/Sendmail.pm:      $args = "
> -OQueueDirectory=$outqdir " if $outqdir;
>
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> 4.57.6/lib/MailScanner/CustomConfig.pm:#
> sendmail -q30m -OQueueDirectory=/var/spool/mqueue.spam
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> 4.57.6/lib/MailScanner/CustomConfig.pm:#
> sendmail -q60m -OQueueDirectory=/var/spool/mqueue.highspam
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> 4.57.6/lib/MailScanner/Sendmail.pm:
> $args = " -OQueueDirectory=$outqdir " if $outqdir;
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> 4.57.6/INSTALL.OpenBSD:
> sendmail_flags="-bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly
> -OQueueDirectory=/var/spool/mqueue.in"
>
> Any suggestions? :)
>
> Again, I really dont need sendmail, I dont know why its everywhere.
> probably my misunderstanding....
>
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
>
>
>
> Vasiliy Boulytchev wrote:
> > John,
> >    First of all, THANK YOU SO MUCH for helping us out!  I have been
> > using your cgp2ms and ms2cgp scripts for years flawlessly.
> >    Now that you decide to leave us, I get a problem with ms2cgp on a
> > new install...
> >
> >    It seems the MS is not giving the correct $job value to the
ms2cgp
> > script.... syslog:
> >
> > --
> >    Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: job =
> > -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> > Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: qf =
> > /etc/MailScanner/shared/queues/ms1/out/qf-
> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> >
> > Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: df =
> > /etc/MailScanner/shared/queues/ms1/out/df-
> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> >
> > Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: msg =
> > /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
> >
> > Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Job
> > -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out writing to
> > /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
> >
> > Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Open input
> > /etc/MailScanner/shared/queues/ms1/out/qf-
> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> > failed, dying
> > --
> >
> >    Now, if I call ms2cgp from commandline via this script:
> >   #!/usr/bin/perl -w
> >
> > opendir(DIR, ".");
> > @files = grep(/qf/,readdir(DIR));
> > closedir(DIR);
> >
> > foreach $file (@files) {
> >        substr($file, 0, 1) = "";
> >        substr($file, 0, 1) = "";
> >        system ("/usr/local/etc/ms2cgp $file");
> > }
> >
> >    The batch processes just fine, syslog:
> >
> > --
> > Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: job = 19659
> > Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: qf =
> > /etc/MailScanner/shared/queues/ms1/out/qf19659
> > Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: df =
> > /etc/MailScanner/shared/queues/ms1/out/df19659
> > Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: msg =
> > /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
> > Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: Job 19659 writing to
> > /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
> > --
> >
> >    So it seems to me, MS is not passing the correct $job value...
> > furthermore, why is it making it -OQueueDirectory!?!?!?
> >
> >    What do you guys think?
> >
> >    THANK YOU VERY MUCH!!!  My cgp2ms and ms2cgp scripts are
attached.
> >
> > Vasiliy Boulytchev
> > vasiliy@linuxspecial.com
> >
> >
> >
> > John Rudd wrote:
> >>
> >>
> >> Just wanted to thank everyone at this list, starting with Julian,
but
> >> also several of the subscribers who given a lot of information and
> >> input over the years I've been here.  At some points, this was an
> >> incredibly valuable and informative mailing list for me.
> >>
> >> And, what has changed is not the list.  The list, and the vast
> >> majority of its subscribers, are still great.  What changed were my
> >> anti-spam/anti-virus needs.  I'm moving to solutions that operate
> >> entirely during the SMTP session.  As a result, I decommissioned my
> >> last mailscanner system 2 weeks ago.
> >>
> >> After a short waiting period to be sure I wasn't going to need to
> >> roll back, or have any other mailscanner related questions, I'm
going
> >> to be unsubscribing from the list later today.
> >>
> >> I wish all of you the best, and thank you for a great set of
> >> software, a great source of information resources, and a great
source
> >> of conversation over the last 4 or 5 years.
> >
------------------------------------------------------------------------
> >
> > #!/usr/bin/perl
> >
> > #   cgp2ms - part of a MailScanner to CommuniGate Pro gateway
> > #   Copyright (C) 2003  The Regents of the University of California
> > #
> > #   This program is free software; you can redistribute it and/or
modify
> > #   it under the terms of the GNU General Public License as
published by
> > #   the Free Software Foundation; either version 2 of the License,
or
> > #   (at your option) any later version.
> > #
> > #   This program is distributed in the hope that it will be useful,
> > #   but WITHOUT ANY WARRANTY; without even the implied warranty of
> > #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > #   GNU General Public License for more details.
> > #
> > #   You should have received a copy of the GNU General Public
License
> > #   along with this program; if not, write to the Free Software
> > #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307
> USA
> > #
> > #   The Author, John Rudd, can be by email at
> > #      jrudd@ucsc.edu
> > #
> > # cgp2ms -f file   Actually process the given file
> > #  or
> > # cgp2ms -c   Just check the queue sizes and print result
> > #
> > # This program is used by CommuniGate Pro as an "execute" filter.
It
> takes
> > # in arguments that define where the CommuniGate Pro (CGP) queue
file
> lives
> > # and uses the queue file to create a sendmail formated queue file
(qf)
> and
> > # data file (df) pair.  These two files are then inserted into the
> > # MailScanner (MS) incoming queue directory.  When MS is done, it
will
> use a
> > # program which is a companion to this one, ms2cgp, # to give the
> message
> > # back to CGP.
> > #
> > # Modified 10/2004 by Vasiliy Boulytchev and Randy Lindsey
> > #   Added load balancing and sped up processing for larger volume
> > # 12/19/2004 Randy Lindsey
> > #   Rather than read queuedirs for qf* files across remote shares,
> > #   this version reads a set of files created on each system
containing
> the queue count
> > #
> > # To take a host offline, just comment out its line in hostlist
> > %hostlist = (
> > #	IA => '/var/CommuniGate/MailScanner/Incoming',
> > #	TX2 => '/usr/local/mailscanner.tx2',
> > #	AZ => '/usr/local/mailscanner.az',
> > #	TMP => '/usr/local/mailscanner.tmp',
> > #	CA => '/usr/local/mailscanner.ak/mailscanner.in',
> > 	MS1 => '/var/CommuniGate/MS.Status/queues/ms1/in',
> > #	MS2 => '/usr/local/mailscanner.ak/mailscanner.ms2.in',
> > #	MS3 => '/usr/local/mailscanner.ak/mailscanner.ms3.in',
> > #	MS4 => '/usr/local/mailscanner.ak/mailscanner.ms4.in',
> > #	MS5 => '/usr/local/mailscanner.ak/mailscanner.ms5.in',
> > #	MS6 => '/usr/local/mailscanner.ak/mailscanner.ms6.in',
> > #	MS7 => '/usr/local/mailscanner.ak/mailscanner.ms7.in',
> > #	MS8 => '/usr/local/mailscanner.ak/mailscanner.ms8.in',
> > #	MS9 => '/usr/local/mailscanner.ak/mailscanner.ms9.in',
> > );
> >
> > # hostspeed - larger numbers are faster
> > %hostspeed = (
> > #	IA => 1,
> > #	TX2 => 4,
> > #	AZ => 0.6,
> > #	CA => 9,
> > #	TMP => 100,
> > 	MS1 => 2,
> > 	MS2 => 2,
> > 	MS3 => 2,
> > 	MS4 => 15,
> > 	MS5 => 15,
> > 	MS6 => 30,
> > 	MS7 => 30,
> > 	MS8 => 30,
> > 	MS9 => 30,
> > );
> >
> > sub check_one { #$queuedirname
> > 	open DH, "</var/CommuniGate/MS.Status/queues/count/$_[0]" or
return
> 999999;
> > 	read(DH, $MsgsInQueue, 10);
> > 	close DH;
> > 	chomp $MsgsInQueue;
> > 	return $MsgsInQueue;
> > }
> >
> > sub check_queues {
> >
> > 	$totfiles = 0;
> > 	$totpoints = 0;
> > 	foreach my $hostid (keys %hostlist) {
> > 		$hostfiles{$hostid} = check_one(lc($hostid));
> > 		$totfiles += $hostfiles{$hostid};
> > 		# Assign points based on relative system speed
> > 		#   We scale it up by 737 to reduce rounding errors with
small
> numbers
> > 		if ($hostspeed{$hostid}) {
> > 			$hostpoints{$hostid} = ($hostfiles{$hostid} *
737) /
> $hostspeed{$hostid};
> > 		}
> > 		else {
> > 			$hostpoints{$hostid} = $hostfiles{$hostid};
> > 		}
> > 	}
> >
> > 	@hostsort = sort { $hostpoints{$a} <=> $hostpoints{$b} } keys
> %hostpoints;
> > 	printf ("MailScanner to %s - Tot:%2u ",
> > 		$hostsort[0], $totfiles);  # displays in CommuniGate
logs
> > 	foreach my $hostid (keys %hostlist) {
> > 		printf ("%s:%2u/%2u ", $hostid, $hostfiles{$hostid},
> $hostpoints{$hostid});
> > 	}
> > 	print ("\n");
> > 	return $hostlist{$hostsort[0]};
> > }
> >
> > sub copy_stdin {
> > 	# Extra headers added by prior rules
> > 	my $hdrline;
> > 	while (defined($hdrline = <STDIN>)) {
> > 		print QF "H$hdrline";
> > 		print " $hdrline ";	# display in logs
> > 	}
> > }
> >
> > my ($i, $file, $from, $rcpt, @tempv, @rcpt, @argv, $inbody, $inhdr,
> $inmeta);
> >
> > $checkonly = 0;
> > for ($i = 0; $i <= $#ARGV; $i++) {  # parse in the arguments
> >    if (defined($ARGV[$i])) {
> >       if ($ARGV[$i] eq "-f") {      # the location of the cgp queue
file
> >          $i++;
> >          $file = $ARGV[$i];
> >          }
> >       elsif ($ARGV[$i] eq "-c") {   # just check queue sizes and
print
> result
> > 	 $checkonly = 1;
> >          }
> >       else {                        # left over from debugging,
these
> >          push (@argv, $ARGV[$i]);   # aren't actually used
> >          }
> >       }
> >    }
> > if (! $file) {
> > 	$checkonly = 1;		# default if no parameters passed
> > }
> >
> > $qdir = check_queues();		# load balance between servers
> > if ($checkonly) {
> > 	exit(0);
> > }
> >
> > open (JOB, "<$file");
> > open (QF, ">$qdir/msqf$$");    # minimize file moving by writing to
> final dir but
> > open (DF, ">$qdir/msdf$$");    #  under a different name to prevent
> Mailscanner taking it
> >
> > print QF "V4\n";              # I don't think MS actually uses these
> > print QF "T" . time . "\n";   # qf lines, but it helps the qf file
> > print QF "K0\n";              # be a little more authentic
> > print QF "N0\n";              #
> > print QF "P150900\n";         #
> >
> > $inmeta = 1;  # when reading the job file, are we still in the meta
> data?
> > $inhdr = 0;   # when reading the job file, are we in the rfc822
headers?
> > $inbody = 0;  # when reading the job file, are we in the rfc822
> body/data?
> > $rec = 0;     # have we read the most recent Received header yet?
> >               # the most recent (first listed) Received header will
> >               # tell us the information we'll use in the qf file's
$_
> >               # which is "which host relayed this message to us"
> >
> > while (defined ($line = <JOB>)) {
> >    chomp $line;
> >    if ($line eq "") {  # blank lines demark meta, headers, and body
> sections
> >       if ($inmeta) {
> >          $inmeta = 0; $inhdr = 1;
> >          }
> >       elsif ($inhdr) {
> >          $inhdr = 0; $inbody = 1;
> > 	 copy_stdin;
> >          if ( !($rec) ) {    # no received header = from localhost
> >             $rec = 1;
> >             print QF "\$_localhost [127.0.0.1]\n";    # print relay
host
> >             print QF "S$from\n";      # print sender
> >             foreach $to (@rcpt) {     # print the recipient list
> >                print QF "RPFD:$to\n";
> >                }
> >             }
> >          }
> >       }
> >    elsif ($inmeta) {
> >       if ($line =~ /^P/) {
> >          @tempv = split(/ /, $line);
> >          $from = $tempv[7];
> >          }
> >       elsif ($line =~ /^R/) {
> >          @tempv = split(/ /, $line);
> >          $rcpt = $tempv[7];
> >          push (@rcpt, $rcpt);
> >          }
> >       }
> >    elsif ($inhdr) {
> >       if ( (!($rec)) && ($line =~ /^Received:/) ) { # get relay host
> >          $rec = 1;
> >          if ($line =~ /^Received: from (.*) \((.* )?(\[.*\]).*/) {
> >             if (defined $2) {
> >                $h = $2;
> >                $h =~ s/\s*$//;
> >                }
> >             else {
> >                $h = $1;
> >                }
> >             $a = $3;
> >             print QF "\$_$h $a\n";    # print relay host
> >             }
> >          else {
> >             $line =~ /^Received: from (\[.*\]).*/;
> >             $a = $1;
> >             print QF "\$_$a\n";    # print relay host
> >             }
> >          print QF "S$from\n";      # print sender
> >          foreach $to (@rcpt) {     # print the recipient list
> >             print QF "RPFD:$to\n";
> >             }
> >          print QF "H$line\n";  # then print the Received header
> >          }
> >       elsif ($line  !~ /^\s/) {    # get a header
> >          print QF "H$line\n";
> >          }
> >       else {                       # get the rest of a multi-line
header
> >          print QF "$line\n";
> >          }
> >       }
> >    if ($inbody) {
> >       print DF "$line\n";
> >       }
> >    }
> >
> > print QF ".\n"; # bat book 23.9.19, qf file should end in a "^\.$"
line.
> >
> > close (DF);
> > close (QF);
> > close(JOB);
> >
> > # Rename the df file first, as Mailscanner looks for the qf and
might
> interfere
> > #   Note that this used to mv the files from /tmp to qdir, but a
> fraction of the time
> > #   this failed due to race conditions with Mailscanner
> > rename ("$qdir/msdf$$", "$qdir/df$$");
> > rename ("$qdir/msqf$$", "$qdir/qf$$");
> >
> > exit(0);
> >
> >
------------------------------------------------------------------------
> >
> > #!/usr/bin/perl
> >
> > #   ms2cgp - part of a MailScanner to CommuniGate Pro gateway
> > #   Copyright (C) 2003  The Regents of the University of California
> > #
> > #   This program is free software; you can redistribute it and/or
modify
> > #   it under the terms of the GNU General Public License as
published by
> > #   the Free Software Foundation; either version 2 of the License,
or
> > #   (at your option) any later version.
> > #
> > #   This program is distributed in the hope that it will be useful,
> > #   but WITHOUT ANY WARRANTY; without even the implied warranty of
> > #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > #   GNU General Public License for more details.
> > #
> > #   You should have received a copy of the GNU General Public
License
> > #   along with this program; if not, write to the Free Software
> > #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307
> USA
> > #
> > #   The Author, John Rudd, can be by email at
> > #      jrudd@ucsc.edu
> > #
> > #
> > # ms2cgp -qI(id) ...
> > #
> > # This program acts as Mailscanner's outgoing "Sendmail2" program,
> taking
> > # an argument for each message Mailscanner (MS) has finished
processing,
> > # and using that argument to find the pair of sendmail mqueue files
that
> > # make up the message.  This program then re-combines them into an
> rfc822
> > # file and submits them back to Communigate Pro (CGP) via its
Submitted
> directory
> > #
> > # Modified 11/4/04 by Randy Lindsey to skip "sendmail" program and
just
> > #   write directly to Submitted in RFC822 format.
> >
> > my $ServerPrefix = "MS1";	# make this unique per server
> > my $QDIR = "/etc/MailScanner/shared/queues/ms1/out";             #
where
> MS sticks outgoing msgs.
> > my $SubDir = "/etc/MailScanner/mail.cluster/submx00";	# CG's
> Submitted directory
> > # my $Archive = "/extra/archivems2cgp/ia";
> >
> > my ($job, $from, $rcpt, $df, $qf, $msg, $line);
> >
> > use Sys::Syslog;
> > openlog('ms2cgp', 'pid', 'user');
> >
> > foreach $job (@ARGV) {
> >    $job =~ s/^-qI//;
> >    $qf = $QDIR . "/qf" . $job;     # the sendmail formatted queue
file
> >    $df = $QDIR . "/df" . $job;     # the sendmail formatted data
file
> >    $msg = $SubDir . "/" . $ServerPrefix . ".ms2cgp.$job.$$.tmp";
#
> the tempfile we'll give to CGP
> >    $rcpt = "";
> >
> >    # syslog('info', "Job $job copying to archive $Archive");
> >    # system("/bin/cp -f $qf $Archive/qf$job");
> >    # system("/bin/cp -f $df $Archive/df$job");
> >
> >    	syslog ('info', "job = $job");
> > 		closelog();
> >    	syslog ('info', "qf = $qf");
> > 		closelog();
> > 	syslog ('info', "df = $df");
> > 		closelog();
> > 	syslog ('info', "msg = $msg");
> > 		closelog();
> >
> >
> >
> >
> >
> >    syslog('info', "Job $job writing to $msg");
> >    if (! open (QF, "<$qf")) {
> >       syslog('info', "Open input $qf failed, dying");
> >       closelog();
> >       die "Open input $qf failed!";
> >    }
> >    if (-e $msg) {
> >       syslog('info', "Output file exists $msg so failed, dying");
> >       closelog();
> >       die "Output file exists $msg";
> >    }
> >    if (! open (MSG, ">$msg")) {
> >       syslog('info', "Open output $msg failed, dying");
> >       closelog();
> >       die "Open output $msg failed!";
> >    }
> >
> >    while (defined ($line = <QF>) ) {
> >       chomp $line;
> >
> >       last if ($line =~ /^\./);  # Bat book 23.9.19
> >
> >       if ($line =~ /^R/) {     # This is needed for Bcc per CGate
Pipe
> specs (see help file)
> >          $line =~ s/^R[A-Z]*:/Envelope-To: /;  # change sendmail
RPFD to
> Envelope-To
> >          print MSG "$line\n";
> >          }
> >       elsif ($line =~ /^H/) {     # get the headers and put them in
the
> msg
> >          $line =~ s/^H//;
> >          print MSG "$line\n";
> >          }
> >       elsif ($line =~ /^\s/) {    # these should only be on
line-wrapped
> >          print MSG "$line\n";     # headers, so put them in the msg
> >          }
> >       # there's no "else" because we don't care about the other
lines
> >       }
> >
> >    print MSG "\n"; # put in a blank line to make sure there's one
> between the
> >                    # headers and the data
> >
> >    close (QF);
> >    close (MSG);
> >
> >    # append the sendmail data file to the cgp message
> >    if (system ("/bin/cat $df >> $msg") == 0) {
> >       if (rename ($msg, "$msg.sub")) {
> > 	 system ("/bin/rm $df $qf");
> >       } else {
> > 	 syslog('info', "rename $msg $msg.sub failed");
> >       }
> >    } else {
> >       syslog('info', "cat $df to $msg failed");
> >    }
> > }
> > closelog();
> > exit(0);
> >
> >
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From vasiliy at linuxspecial.com  Wed Jan 17 18:33:31 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 17:39:16 2007
Subject: ----SPAM---- 05.29  RE: NO! Dont go! ms2cgp problem
In-Reply-To: <202265bb0d6146489e8a4395653e3ef6@solidstatelogic.com>
References: <202265bb0d6146489e8a4395653e3ef6@solidstatelogic.com>
Message-ID: <45AE5DEB.5050905@linuxspecial.com>

Dont know :)

My Queues are on NFS...  I have not changed the locktype from 
default...  All the messages just pile up in the MS Outgoing queue 
directory.  So I can run the fix.pl to process all the messages instead 
of using ms2cgp, but that becomes problematic.

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Martin.Hepworth wrote:
> Vasiliy
>
> Nothing to do with the recent change in MS's lock type is it??
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Vasiliy Boulytchev
>> Sent: 17 January 2007 17:11
>> To: MailScanner discussion
>> Cc: jrudd@ucsc.edu
>> Subject: Re: NO! Dont go! ms2cgp problem
>>
>> OK, a bit more information...
>>
>> cd /usr
>> grep -R QueueDirectory *
>>
>> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q30m
>> -OQueueDirectory=/var/spool/mqueue.spam
>> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q60m
>> -OQueueDirectory=/var/spool/mqueue.highspam
>> lib/MailScanner/MailScanner/Sendmail.pm:      $args = "
>> -OQueueDirectory=$outqdir " if $outqdir;
>>
>> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>> 4.57.6/lib/MailScanner/CustomConfig.pm:#
>> sendmail -q30m -OQueueDirectory=/var/spool/mqueue.spam
>> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>> 4.57.6/lib/MailScanner/CustomConfig.pm:#
>> sendmail -q60m -OQueueDirectory=/var/spool/mqueue.highspam
>> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>> 4.57.6/lib/MailScanner/Sendmail.pm:
>> $args = " -OQueueDirectory=$outqdir " if $outqdir;
>> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>> 4.57.6/INSTALL.OpenBSD:
>> sendmail_flags="-bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly
>> -OQueueDirectory=/var/spool/mqueue.in"
>>
>> Any suggestions? :)
>>
>> Again, I really dont need sendmail, I dont know why its everywhere.
>> probably my misunderstanding....
>>
>> Vasiliy Boulytchev
>> vasiliy@linuxspecial.com
>>
>>
>>
>> Vasiliy Boulytchev wrote:
>>     
>>> John,
>>>    First of all, THANK YOU SO MUCH for helping us out!  I have been
>>> using your cgp2ms and ms2cgp scripts for years flawlessly.
>>>    Now that you decide to leave us, I get a problem with ms2cgp on a
>>> new install...
>>>
>>>    It seems the MS is not giving the correct $job value to the
>>>       
> ms2cgp
>   
>>> script.... syslog:
>>>
>>> --
>>>    Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: job =
>>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: qf =
>>> /etc/MailScanner/shared/queues/ms1/out/qf-
>>>       
>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>     
>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: df =
>>> /etc/MailScanner/shared/queues/ms1/out/df-
>>>       
>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>     
>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: msg =
>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
>>>       
>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
>>     
>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Job
>>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out writing to
>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
>>>       
>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
>>     
>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Open input
>>> /etc/MailScanner/shared/queues/ms1/out/qf-
>>>       
>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>     
>>> failed, dying
>>> --
>>>
>>>    Now, if I call ms2cgp from commandline via this script:
>>>   #!/usr/bin/perl -w
>>>
>>> opendir(DIR, ".");
>>> @files = grep(/qf/,readdir(DIR));
>>> closedir(DIR);
>>>
>>> foreach $file (@files) {
>>>        substr($file, 0, 1) = "";
>>>        substr($file, 0, 1) = "";
>>>        system ("/usr/local/etc/ms2cgp $file");
>>> }
>>>
>>>    The batch processes just fine, syslog:
>>>
>>> --
>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: job = 19659
>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: qf =
>>> /etc/MailScanner/shared/queues/ms1/out/qf19659
>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: df =
>>> /etc/MailScanner/shared/queues/ms1/out/df19659
>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: msg =
>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: Job 19659 writing to
>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
>>> --
>>>
>>>    So it seems to me, MS is not passing the correct $job value...
>>> furthermore, why is it making it -OQueueDirectory!?!?!?
>>>
>>>    What do you guys think?
>>>
>>>    THANK YOU VERY MUCH!!!  My cgp2ms and ms2cgp scripts are
>>>       
> attached.
>   
>>> Vasiliy Boulytchev
>>> vasiliy@linuxspecial.com
>>>
>>>
>>>
>>> John Rudd wrote:
>>>       
>>>> Just wanted to thank everyone at this list, starting with Julian,
>>>>         
> but
>   
>>>> also several of the subscribers who given a lot of information and
>>>> input over the years I've been here.  At some points, this was an
>>>> incredibly valuable and informative mailing list for me.
>>>>
>>>> And, what has changed is not the list.  The list, and the vast
>>>> majority of its subscribers, are still great.  What changed were my
>>>> anti-spam/anti-virus needs.  I'm moving to solutions that operate
>>>> entirely during the SMTP session.  As a result, I decommissioned my
>>>> last mailscanner system 2 weeks ago.
>>>>
>>>> After a short waiting period to be sure I wasn't going to need to
>>>> roll back, or have any other mailscanner related questions, I'm
>>>>         
> going
>   
>>>> to be unsubscribing from the list later today.
>>>>
>>>> I wish all of you the best, and thank you for a great set of
>>>> software, a great source of information resources, and a great
>>>>         
> source
>   
>>>> of conversation over the last 4 or 5 years.
>>>>         
> ------------------------------------------------------------------------
>   
>>> #!/usr/bin/perl
>>>
>>> #   cgp2ms - part of a MailScanner to CommuniGate Pro gateway
>>> #   Copyright (C) 2003  The Regents of the University of California
>>> #
>>> #   This program is free software; you can redistribute it and/or
>>>       
> modify
>   
>>> #   it under the terms of the GNU General Public License as
>>>       
> published by
>   
>>> #   the Free Software Foundation; either version 2 of the License,
>>>       
> or
>   
>>> #   (at your option) any later version.
>>> #
>>> #   This program is distributed in the hope that it will be useful,
>>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
>>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>> #   GNU General Public License for more details.
>>> #
>>> #   You should have received a copy of the GNU General Public
>>>       
> License
>   
>>> #   along with this program; if not, write to the Free Software
>>> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
>>>       
> 02111-1307
>   
>> USA
>>     
>>> #
>>> #   The Author, John Rudd, can be by email at
>>> #      jrudd@ucsc.edu
>>> #
>>> # cgp2ms -f file   Actually process the given file
>>> #  or
>>> # cgp2ms -c   Just check the queue sizes and print result
>>> #
>>> # This program is used by CommuniGate Pro as an "execute" filter.
>>>       
> It
>   
>> takes
>>     
>>> # in arguments that define where the CommuniGate Pro (CGP) queue
>>>       
> file
>   
>> lives
>>     
>>> # and uses the queue file to create a sendmail formated queue file
>>>       
> (qf)
>   
>> and
>>     
>>> # data file (df) pair.  These two files are then inserted into the
>>> # MailScanner (MS) incoming queue directory.  When MS is done, it
>>>       
> will
>   
>> use a
>>     
>>> # program which is a companion to this one, ms2cgp, # to give the
>>>       
>> message
>>     
>>> # back to CGP.
>>> #
>>> # Modified 10/2004 by Vasiliy Boulytchev and Randy Lindsey
>>> #   Added load balancing and sped up processing for larger volume
>>> # 12/19/2004 Randy Lindsey
>>> #   Rather than read queuedirs for qf* files across remote shares,
>>> #   this version reads a set of files created on each system
>>>       
> containing
>   
>> the queue count
>>     
>>> #
>>> # To take a host offline, just comment out its line in hostlist
>>> %hostlist = (
>>> #	IA => '/var/CommuniGate/MailScanner/Incoming',
>>> #	TX2 => '/usr/local/mailscanner.tx2',
>>> #	AZ => '/usr/local/mailscanner.az',
>>> #	TMP => '/usr/local/mailscanner.tmp',
>>> #	CA => '/usr/local/mailscanner.ak/mailscanner.in',
>>> 	MS1 => '/var/CommuniGate/MS.Status/queues/ms1/in',
>>> #	MS2 => '/usr/local/mailscanner.ak/mailscanner.ms2.in',
>>> #	MS3 => '/usr/local/mailscanner.ak/mailscanner.ms3.in',
>>> #	MS4 => '/usr/local/mailscanner.ak/mailscanner.ms4.in',
>>> #	MS5 => '/usr/local/mailscanner.ak/mailscanner.ms5.in',
>>> #	MS6 => '/usr/local/mailscanner.ak/mailscanner.ms6.in',
>>> #	MS7 => '/usr/local/mailscanner.ak/mailscanner.ms7.in',
>>> #	MS8 => '/usr/local/mailscanner.ak/mailscanner.ms8.in',
>>> #	MS9 => '/usr/local/mailscanner.ak/mailscanner.ms9.in',
>>> );
>>>
>>> # hostspeed - larger numbers are faster
>>> %hostspeed = (
>>> #	IA => 1,
>>> #	TX2 => 4,
>>> #	AZ => 0.6,
>>> #	CA => 9,
>>> #	TMP => 100,
>>> 	MS1 => 2,
>>> 	MS2 => 2,
>>> 	MS3 => 2,
>>> 	MS4 => 15,
>>> 	MS5 => 15,
>>> 	MS6 => 30,
>>> 	MS7 => 30,
>>> 	MS8 => 30,
>>> 	MS9 => 30,
>>> );
>>>
>>> sub check_one { #$queuedirname
>>> 	open DH, "</var/CommuniGate/MS.Status/queues/count/$_[0]" or
>>>       
> return
>   
>> 999999;
>>     
>>> 	read(DH, $MsgsInQueue, 10);
>>> 	close DH;
>>> 	chomp $MsgsInQueue;
>>> 	return $MsgsInQueue;
>>> }
>>>
>>> sub check_queues {
>>>
>>> 	$totfiles = 0;
>>> 	$totpoints = 0;
>>> 	foreach my $hostid (keys %hostlist) {
>>> 		$hostfiles{$hostid} = check_one(lc($hostid));
>>> 		$totfiles += $hostfiles{$hostid};
>>> 		# Assign points based on relative system speed
>>> 		#   We scale it up by 737 to reduce rounding errors with
>>>       
> small
>   
>> numbers
>>     
>>> 		if ($hostspeed{$hostid}) {
>>> 			$hostpoints{$hostid} = ($hostfiles{$hostid} *
>>>       
> 737) /
>   
>> $hostspeed{$hostid};
>>     
>>> 		}
>>> 		else {
>>> 			$hostpoints{$hostid} = $hostfiles{$hostid};
>>> 		}
>>> 	}
>>>
>>> 	@hostsort = sort { $hostpoints{$a} <=> $hostpoints{$b} } keys
>>>       
>> %hostpoints;
>>     
>>> 	printf ("MailScanner to %s - Tot:%2u ",
>>> 		$hostsort[0], $totfiles);  # displays in CommuniGate
>>>       
> logs
>   
>>> 	foreach my $hostid (keys %hostlist) {
>>> 		printf ("%s:%2u/%2u ", $hostid, $hostfiles{$hostid},
>>>       
>> $hostpoints{$hostid});
>>     
>>> 	}
>>> 	print ("\n");
>>> 	return $hostlist{$hostsort[0]};
>>> }
>>>
>>> sub copy_stdin {
>>> 	# Extra headers added by prior rules
>>> 	my $hdrline;
>>> 	while (defined($hdrline = <STDIN>)) {
>>> 		print QF "H$hdrline";
>>> 		print " $hdrline ";	# display in logs
>>> 	}
>>> }
>>>
>>> my ($i, $file, $from, $rcpt, @tempv, @rcpt, @argv, $inbody, $inhdr,
>>>       
>> $inmeta);
>>     
>>> $checkonly = 0;
>>> for ($i = 0; $i <= $#ARGV; $i++) {  # parse in the arguments
>>>    if (defined($ARGV[$i])) {
>>>       if ($ARGV[$i] eq "-f") {      # the location of the cgp queue
>>>       
> file
>   
>>>          $i++;
>>>          $file = $ARGV[$i];
>>>          }
>>>       elsif ($ARGV[$i] eq "-c") {   # just check queue sizes and
>>>       
> print
>   
>> result
>>     
>>> 	 $checkonly = 1;
>>>          }
>>>       else {                        # left over from debugging,
>>>       
> these
>   
>>>          push (@argv, $ARGV[$i]);   # aren't actually used
>>>          }
>>>       }
>>>    }
>>> if (! $file) {
>>> 	$checkonly = 1;		# default if no parameters passed
>>> }
>>>
>>> $qdir = check_queues();		# load balance between servers
>>> if ($checkonly) {
>>> 	exit(0);
>>> }
>>>
>>> open (JOB, "<$file");
>>> open (QF, ">$qdir/msqf$$");    # minimize file moving by writing to
>>>       
>> final dir but
>>     
>>> open (DF, ">$qdir/msdf$$");    #  under a different name to prevent
>>>       
>> Mailscanner taking it
>>     
>>> print QF "V4\n";              # I don't think MS actually uses these
>>> print QF "T" . time . "\n";   # qf lines, but it helps the qf file
>>> print QF "K0\n";              # be a little more authentic
>>> print QF "N0\n";              #
>>> print QF "P150900\n";         #
>>>
>>> $inmeta = 1;  # when reading the job file, are we still in the meta
>>>       
>> data?
>>     
>>> $inhdr = 0;   # when reading the job file, are we in the rfc822
>>>       
> headers?
>   
>>> $inbody = 0;  # when reading the job file, are we in the rfc822
>>>       
>> body/data?
>>     
>>> $rec = 0;     # have we read the most recent Received header yet?
>>>               # the most recent (first listed) Received header will
>>>               # tell us the information we'll use in the qf file's
>>>       
> $_
>   
>>>               # which is "which host relayed this message to us"
>>>
>>> while (defined ($line = <JOB>)) {
>>>    chomp $line;
>>>    if ($line eq "") {  # blank lines demark meta, headers, and body
>>>       
>> sections
>>     
>>>       if ($inmeta) {
>>>          $inmeta = 0; $inhdr = 1;
>>>          }
>>>       elsif ($inhdr) {
>>>          $inhdr = 0; $inbody = 1;
>>> 	 copy_stdin;
>>>          if ( !($rec) ) {    # no received header = from localhost
>>>             $rec = 1;
>>>             print QF "\$_localhost [127.0.0.1]\n";    # print relay
>>>       
> host
>   
>>>             print QF "S$from\n";      # print sender
>>>             foreach $to (@rcpt) {     # print the recipient list
>>>                print QF "RPFD:$to\n";
>>>                }
>>>             }
>>>          }
>>>       }
>>>    elsif ($inmeta) {
>>>       if ($line =~ /^P/) {
>>>          @tempv = split(/ /, $line);
>>>          $from = $tempv[7];
>>>          }
>>>       elsif ($line =~ /^R/) {
>>>          @tempv = split(/ /, $line);
>>>          $rcpt = $tempv[7];
>>>          push (@rcpt, $rcpt);
>>>          }
>>>       }
>>>    elsif ($inhdr) {
>>>       if ( (!($rec)) && ($line =~ /^Received:/) ) { # get relay host
>>>          $rec = 1;
>>>          if ($line =~ /^Received: from (.*) \((.* )?(\[.*\]).*/) {
>>>             if (defined $2) {
>>>                $h = $2;
>>>                $h =~ s/\s*$//;
>>>                }
>>>             else {
>>>                $h = $1;
>>>                }
>>>             $a = $3;
>>>             print QF "\$_$h $a\n";    # print relay host
>>>             }
>>>          else {
>>>             $line =~ /^Received: from (\[.*\]).*/;
>>>             $a = $1;
>>>             print QF "\$_$a\n";    # print relay host
>>>             }
>>>          print QF "S$from\n";      # print sender
>>>          foreach $to (@rcpt) {     # print the recipient list
>>>             print QF "RPFD:$to\n";
>>>             }
>>>          print QF "H$line\n";  # then print the Received header
>>>          }
>>>       elsif ($line  !~ /^\s/) {    # get a header
>>>          print QF "H$line\n";
>>>          }
>>>       else {                       # get the rest of a multi-line
>>>       
> header
>   
>>>          print QF "$line\n";
>>>          }
>>>       }
>>>    if ($inbody) {
>>>       print DF "$line\n";
>>>       }
>>>    }
>>>
>>> print QF ".\n"; # bat book 23.9.19, qf file should end in a "^\.$"
>>>       
> line.
>   
>>> close (DF);
>>> close (QF);
>>> close(JOB);
>>>
>>> # Rename the df file first, as Mailscanner looks for the qf and
>>>       
> might
>   
>> interfere
>>     
>>> #   Note that this used to mv the files from /tmp to qdir, but a
>>>       
>> fraction of the time
>>     
>>> #   this failed due to race conditions with Mailscanner
>>> rename ("$qdir/msdf$$", "$qdir/df$$");
>>> rename ("$qdir/msqf$$", "$qdir/qf$$");
>>>
>>> exit(0);
>>>
>>>
>>>       
> ------------------------------------------------------------------------
>   
>>> #!/usr/bin/perl
>>>
>>> #   ms2cgp - part of a MailScanner to CommuniGate Pro gateway
>>> #   Copyright (C) 2003  The Regents of the University of California
>>> #
>>> #   This program is free software; you can redistribute it and/or
>>>       
> modify
>   
>>> #   it under the terms of the GNU General Public License as
>>>       
> published by
>   
>>> #   the Free Software Foundation; either version 2 of the License,
>>>       
> or
>   
>>> #   (at your option) any later version.
>>> #
>>> #   This program is distributed in the hope that it will be useful,
>>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
>>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>> #   GNU General Public License for more details.
>>> #
>>> #   You should have received a copy of the GNU General Public
>>>       
> License
>   
>>> #   along with this program; if not, write to the Free Software
>>> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
>>>       
> 02111-1307
>   
>> USA
>>     
>>> #
>>> #   The Author, John Rudd, can be by email at
>>> #      jrudd@ucsc.edu
>>> #
>>> #
>>> # ms2cgp -qI(id) ...
>>> #
>>> # This program acts as Mailscanner's outgoing "Sendmail2" program,
>>>       
>> taking
>>     
>>> # an argument for each message Mailscanner (MS) has finished
>>>       
> processing,
>   
>>> # and using that argument to find the pair of sendmail mqueue files
>>>       
> that
>   
>>> # make up the message.  This program then re-combines them into an
>>>       
>> rfc822
>>     
>>> # file and submits them back to Communigate Pro (CGP) via its
>>>       
> Submitted
>   
>> directory
>>     
>>> #
>>> # Modified 11/4/04 by Randy Lindsey to skip "sendmail" program and
>>>       
> just
>   
>>> #   write directly to Submitted in RFC822 format.
>>>
>>> my $ServerPrefix = "MS1";	# make this unique per server
>>> my $QDIR = "/etc/MailScanner/shared/queues/ms1/out";             #
>>>       
> where
>   
>> MS sticks outgoing msgs.
>>     
>>> my $SubDir = "/etc/MailScanner/mail.cluster/submx00";	# CG's
>>>       
>> Submitted directory
>>     
>>> # my $Archive = "/extra/archivems2cgp/ia";
>>>
>>> my ($job, $from, $rcpt, $df, $qf, $msg, $line);
>>>
>>> use Sys::Syslog;
>>> openlog('ms2cgp', 'pid', 'user');
>>>
>>> foreach $job (@ARGV) {
>>>    $job =~ s/^-qI//;
>>>    $qf = $QDIR . "/qf" . $job;     # the sendmail formatted queue
>>>       
> file
>   
>>>    $df = $QDIR . "/df" . $job;     # the sendmail formatted data
>>>       
> file
>   
>>>    $msg = $SubDir . "/" . $ServerPrefix . ".ms2cgp.$job.$$.tmp";
>>>       
> #
>   
>> the tempfile we'll give to CGP
>>     
>>>    $rcpt = "";
>>>
>>>    # syslog('info', "Job $job copying to archive $Archive");
>>>    # system("/bin/cp -f $qf $Archive/qf$job");
>>>    # system("/bin/cp -f $df $Archive/df$job");
>>>
>>>    	syslog ('info', "job = $job");
>>> 		closelog();
>>>    	syslog ('info', "qf = $qf");
>>> 		closelog();
>>> 	syslog ('info', "df = $df");
>>> 		closelog();
>>> 	syslog ('info', "msg = $msg");
>>> 		closelog();
>>>
>>>
>>>
>>>
>>>
>>>    syslog('info', "Job $job writing to $msg");
>>>    if (! open (QF, "<$qf")) {
>>>       syslog('info', "Open input $qf failed, dying");
>>>       closelog();
>>>       die "Open input $qf failed!";
>>>    }
>>>    if (-e $msg) {
>>>       syslog('info', "Output file exists $msg so failed, dying");
>>>       closelog();
>>>       die "Output file exists $msg";
>>>    }
>>>    if (! open (MSG, ">$msg")) {
>>>       syslog('info', "Open output $msg failed, dying");
>>>       closelog();
>>>       die "Open output $msg failed!";
>>>    }
>>>
>>>    while (defined ($line = <QF>) ) {
>>>       chomp $line;
>>>
>>>       last if ($line =~ /^\./);  # Bat book 23.9.19
>>>
>>>       if ($line =~ /^R/) {     # This is needed for Bcc per CGate
>>>       
> Pipe
>   
>> specs (see help file)
>>     
>>>          $line =~ s/^R[A-Z]*:/Envelope-To: /;  # change sendmail
>>>       
> RPFD to
>   
>> Envelope-To
>>     
>>>          print MSG "$line\n";
>>>          }
>>>       elsif ($line =~ /^H/) {     # get the headers and put them in
>>>       
> the
>   
>> msg
>>     
>>>          $line =~ s/^H//;
>>>          print MSG "$line\n";
>>>          }
>>>       elsif ($line =~ /^\s/) {    # these should only be on
>>>       
> line-wrapped
>   
>>>          print MSG "$line\n";     # headers, so put them in the msg
>>>          }
>>>       # there's no "else" because we don't care about the other
>>>       
> lines
>   
>>>       }
>>>
>>>    print MSG "\n"; # put in a blank line to make sure there's one
>>>       
>> between the
>>     
>>>                    # headers and the data
>>>
>>>    close (QF);
>>>    close (MSG);
>>>
>>>    # append the sendmail data file to the cgp message
>>>    if (system ("/bin/cat $df >> $msg") == 0) {
>>>       if (rename ($msg, "$msg.sub")) {
>>> 	 system ("/bin/rm $df $qf");
>>>       } else {
>>> 	 syslog('info', "rename $msg $msg.sub failed");
>>>       }
>>>    } else {
>>>       syslog('info', "cat $df to $msg failed");
>>>    }
>>> }
>>> closelog();
>>> exit(0);
>>>
>>>
>>>       
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
>
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
>
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
>
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   
From martinh at solidstatelogic.com  Wed Jan 17 18:51:54 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 17 17:54:18 2007
Subject: ----SPAM---- 05.29  RE: NO! Dont go! ms2cgp problem
In-Reply-To: <45AE5DEB.5050905@linuxspecial.com>
Message-ID: <95462ca6589c1d4b9b90ab6ded8b36f1@solidstatelogic.com>

Vasiliy

I just mention is 'cos the default lock type on sendmail MTA types
changed a couple of versions ago from flock to posix.....as most people
are now running sendmail 8.13 which uses posix rather than previous
versions of sendmail which use flock.

Might be worth a quick test to see what happens if you make it flock
rather than the new default of posix.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Vasiliy Boulytchev
> Sent: 17 January 2007 17:34
> To: MailScanner discussion
> Subject: Re: ----SPAM---- 05.29 RE: NO! Dont go! ms2cgp problem
>
> Dont know :)
>
> My Queues are on NFS...  I have not changed the locktype from
> default...  All the messages just pile up in the MS Outgoing queue
> directory.  So I can run the fix.pl to process all the messages
instead
> of using ms2cgp, but that becomes problematic.
>
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
>
>
>
> Martin.Hepworth wrote:
> > Vasiliy
> >
> > Nothing to do with the recent change in MS's lock type is it??
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-
> >> bounces@lists.mailscanner.info] On Behalf Of Vasiliy Boulytchev
> >> Sent: 17 January 2007 17:11
> >> To: MailScanner discussion
> >> Cc: jrudd@ucsc.edu
> >> Subject: Re: NO! Dont go! ms2cgp problem
> >>
> >> OK, a bit more information...
> >>
> >> cd /usr
> >> grep -R QueueDirectory *
> >>
> >> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q30m
> >> -OQueueDirectory=/var/spool/mqueue.spam
> >> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q60m
> >> -OQueueDirectory=/var/spool/mqueue.highspam
> >> lib/MailScanner/MailScanner/Sendmail.pm:      $args = "
> >> -OQueueDirectory=$outqdir " if $outqdir;
> >>
> >>
src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> >> 4.57.6/lib/MailScanner/CustomConfig.pm:#
> >> sendmail -q30m -OQueueDirectory=/var/spool/mqueue.spam
> >>
src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> >> 4.57.6/lib/MailScanner/CustomConfig.pm:#
> >> sendmail -q60m -OQueueDirectory=/var/spool/mqueue.highspam
> >>
src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> >> 4.57.6/lib/MailScanner/Sendmail.pm:
> >> $args = " -OQueueDirectory=$outqdir " if $outqdir;
> >>
src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
> >> 4.57.6/INSTALL.OpenBSD:
> >> sendmail_flags="-bd -OPrivacyOptions=noetrn
-ODeliveryMode=queueonly
> >> -OQueueDirectory=/var/spool/mqueue.in"
> >>
> >> Any suggestions? :)
> >>
> >> Again, I really dont need sendmail, I dont know why its everywhere.
> >> probably my misunderstanding....
> >>
> >> Vasiliy Boulytchev
> >> vasiliy@linuxspecial.com
> >>
> >>
> >>
> >> Vasiliy Boulytchev wrote:
> >>
> >>> John,
> >>>    First of all, THANK YOU SO MUCH for helping us out!  I have
been
> >>> using your cgp2ms and ms2cgp scripts for years flawlessly.
> >>>    Now that you decide to leave us, I get a problem with ms2cgp on
a
> >>> new install...
> >>>
> >>>    It seems the MS is not giving the correct $job value to the
> >>>
> > ms2cgp
> >
> >>> script.... syslog:
> >>>
> >>> --
> >>>    Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: job =
> >>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> >>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: qf =
> >>> /etc/MailScanner/shared/queues/ms1/out/qf-
> >>>
> >> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> >>
> >>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: df =
> >>> /etc/MailScanner/shared/queues/ms1/out/df-
> >>>
> >> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> >>
> >>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: msg =
> >>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
> >>>
> >> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
> >>
> >>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Job
> >>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out writing to
> >>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
> >>>
> >> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
> >>
> >>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Open input
> >>> /etc/MailScanner/shared/queues/ms1/out/qf-
> >>>
> >> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
> >>
> >>> failed, dying
> >>> --
> >>>
> >>>    Now, if I call ms2cgp from commandline via this script:
> >>>   #!/usr/bin/perl -w
> >>>
> >>> opendir(DIR, ".");
> >>> @files = grep(/qf/,readdir(DIR));
> >>> closedir(DIR);
> >>>
> >>> foreach $file (@files) {
> >>>        substr($file, 0, 1) = "";
> >>>        substr($file, 0, 1) = "";
> >>>        system ("/usr/local/etc/ms2cgp $file");
> >>> }
> >>>
> >>>    The batch processes just fine, syslog:
> >>>
> >>> --
> >>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: job = 19659
> >>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: qf =
> >>> /etc/MailScanner/shared/queues/ms1/out/qf19659
> >>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: df =
> >>> /etc/MailScanner/shared/queues/ms1/out/df19659
> >>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: msg =
> >>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
> >>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: Job 19659 writing to
> >>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
> >>> --
> >>>
> >>>    So it seems to me, MS is not passing the correct $job value...
> >>> furthermore, why is it making it -OQueueDirectory!?!?!?
> >>>
> >>>    What do you guys think?
> >>>
> >>>    THANK YOU VERY MUCH!!!  My cgp2ms and ms2cgp scripts are
> >>>
> > attached.
> >
> >>> Vasiliy Boulytchev
> >>> vasiliy@linuxspecial.com
> >>>
> >>>
> >>>
> >>> John Rudd wrote:
> >>>
> >>>> Just wanted to thank everyone at this list, starting with Julian,
> >>>>
> > but
> >
> >>>> also several of the subscribers who given a lot of information
and
> >>>> input over the years I've been here.  At some points, this was an
> >>>> incredibly valuable and informative mailing list for me.
> >>>>
> >>>> And, what has changed is not the list.  The list, and the vast
> >>>> majority of its subscribers, are still great.  What changed were
my
> >>>> anti-spam/anti-virus needs.  I'm moving to solutions that operate
> >>>> entirely during the SMTP session.  As a result, I decommissioned
my
> >>>> last mailscanner system 2 weeks ago.
> >>>>
> >>>> After a short waiting period to be sure I wasn't going to need to
> >>>> roll back, or have any other mailscanner related questions, I'm
> >>>>
> > going
> >
> >>>> to be unsubscribing from the list later today.
> >>>>
> >>>> I wish all of you the best, and thank you for a great set of
> >>>> software, a great source of information resources, and a great
> >>>>
> > source
> >
> >>>> of conversation over the last 4 or 5 years.
> >>>>
> >
------------------------------------------------------------------------
> >
> >>> #!/usr/bin/perl
> >>>
> >>> #   cgp2ms - part of a MailScanner to CommuniGate Pro gateway
> >>> #   Copyright (C) 2003  The Regents of the University of
California
> >>> #
> >>> #   This program is free software; you can redistribute it and/or
> >>>
> > modify
> >
> >>> #   it under the terms of the GNU General Public License as
> >>>
> > published by
> >
> >>> #   the Free Software Foundation; either version 2 of the License,
> >>>
> > or
> >
> >>> #   (at your option) any later version.
> >>> #
> >>> #   This program is distributed in the hope that it will be
useful,
> >>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
> >>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> >>> #   GNU General Public License for more details.
> >>> #
> >>> #   You should have received a copy of the GNU General Public
> >>>
> > License
> >
> >>> #   along with this program; if not, write to the Free Software
> >>> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
> >>>
> > 02111-1307
> >
> >> USA
> >>
> >>> #
> >>> #   The Author, John Rudd, can be by email at
> >>> #      jrudd@ucsc.edu
> >>> #
> >>> # cgp2ms -f file   Actually process the given file
> >>> #  or
> >>> # cgp2ms -c   Just check the queue sizes and print result
> >>> #
> >>> # This program is used by CommuniGate Pro as an "execute" filter.
> >>>
> > It
> >
> >> takes
> >>
> >>> # in arguments that define where the CommuniGate Pro (CGP) queue
> >>>
> > file
> >
> >> lives
> >>
> >>> # and uses the queue file to create a sendmail formated queue file
> >>>
> > (qf)
> >
> >> and
> >>
> >>> # data file (df) pair.  These two files are then inserted into the
> >>> # MailScanner (MS) incoming queue directory.  When MS is done, it
> >>>
> > will
> >
> >> use a
> >>
> >>> # program which is a companion to this one, ms2cgp, # to give the
> >>>
> >> message
> >>
> >>> # back to CGP.
> >>> #
> >>> # Modified 10/2004 by Vasiliy Boulytchev and Randy Lindsey
> >>> #   Added load balancing and sped up processing for larger volume
> >>> # 12/19/2004 Randy Lindsey
> >>> #   Rather than read queuedirs for qf* files across remote shares,
> >>> #   this version reads a set of files created on each system
> >>>
> > containing
> >
> >> the queue count
> >>
> >>> #
> >>> # To take a host offline, just comment out its line in hostlist
> >>> %hostlist = (
> >>> #	IA => '/var/CommuniGate/MailScanner/Incoming',
> >>> #	TX2 => '/usr/local/mailscanner.tx2',
> >>> #	AZ => '/usr/local/mailscanner.az',
> >>> #	TMP => '/usr/local/mailscanner.tmp',
> >>> #	CA => '/usr/local/mailscanner.ak/mailscanner.in',
> >>> 	MS1 => '/var/CommuniGate/MS.Status/queues/ms1/in',
> >>> #	MS2 => '/usr/local/mailscanner.ak/mailscanner.ms2.in',
> >>> #	MS3 => '/usr/local/mailscanner.ak/mailscanner.ms3.in',
> >>> #	MS4 => '/usr/local/mailscanner.ak/mailscanner.ms4.in',
> >>> #	MS5 => '/usr/local/mailscanner.ak/mailscanner.ms5.in',
> >>> #	MS6 => '/usr/local/mailscanner.ak/mailscanner.ms6.in',
> >>> #	MS7 => '/usr/local/mailscanner.ak/mailscanner.ms7.in',
> >>> #	MS8 => '/usr/local/mailscanner.ak/mailscanner.ms8.in',
> >>> #	MS9 => '/usr/local/mailscanner.ak/mailscanner.ms9.in',
> >>> );
> >>>
> >>> # hostspeed - larger numbers are faster
> >>> %hostspeed = (
> >>> #	IA => 1,
> >>> #	TX2 => 4,
> >>> #	AZ => 0.6,
> >>> #	CA => 9,
> >>> #	TMP => 100,
> >>> 	MS1 => 2,
> >>> 	MS2 => 2,
> >>> 	MS3 => 2,
> >>> 	MS4 => 15,
> >>> 	MS5 => 15,
> >>> 	MS6 => 30,
> >>> 	MS7 => 30,
> >>> 	MS8 => 30,
> >>> 	MS9 => 30,
> >>> );
> >>>
> >>> sub check_one { #$queuedirname
> >>> 	open DH, "</var/CommuniGate/MS.Status/queues/count/$_[0]" or
> >>>
> > return
> >
> >> 999999;
> >>
> >>> 	read(DH, $MsgsInQueue, 10);
> >>> 	close DH;
> >>> 	chomp $MsgsInQueue;
> >>> 	return $MsgsInQueue;
> >>> }
> >>>
> >>> sub check_queues {
> >>>
> >>> 	$totfiles = 0;
> >>> 	$totpoints = 0;
> >>> 	foreach my $hostid (keys %hostlist) {
> >>> 		$hostfiles{$hostid} = check_one(lc($hostid));
> >>> 		$totfiles += $hostfiles{$hostid};
> >>> 		# Assign points based on relative system speed
> >>> 		#   We scale it up by 737 to reduce rounding errors with
> >>>
> > small
> >
> >> numbers
> >>
> >>> 		if ($hostspeed{$hostid}) {
> >>> 			$hostpoints{$hostid} = ($hostfiles{$hostid} *
> >>>
> > 737) /
> >
> >> $hostspeed{$hostid};
> >>
> >>> 		}
> >>> 		else {
> >>> 			$hostpoints{$hostid} = $hostfiles{$hostid};
> >>> 		}
> >>> 	}
> >>>
> >>> 	@hostsort = sort { $hostpoints{$a} <=> $hostpoints{$b} } keys
> >>>
> >> %hostpoints;
> >>
> >>> 	printf ("MailScanner to %s - Tot:%2u ",
> >>> 		$hostsort[0], $totfiles);  # displays in CommuniGate
> >>>
> > logs
> >
> >>> 	foreach my $hostid (keys %hostlist) {
> >>> 		printf ("%s:%2u/%2u ", $hostid, $hostfiles{$hostid},
> >>>
> >> $hostpoints{$hostid});
> >>
> >>> 	}
> >>> 	print ("\n");
> >>> 	return $hostlist{$hostsort[0]};
> >>> }
> >>>
> >>> sub copy_stdin {
> >>> 	# Extra headers added by prior rules
> >>> 	my $hdrline;
> >>> 	while (defined($hdrline = <STDIN>)) {
> >>> 		print QF "H$hdrline";
> >>> 		print " $hdrline ";	# display in logs
> >>> 	}
> >>> }
> >>>
> >>> my ($i, $file, $from, $rcpt, @tempv, @rcpt, @argv, $inbody,
$inhdr,
> >>>
> >> $inmeta);
> >>
> >>> $checkonly = 0;
> >>> for ($i = 0; $i <= $#ARGV; $i++) {  # parse in the arguments
> >>>    if (defined($ARGV[$i])) {
> >>>       if ($ARGV[$i] eq "-f") {      # the location of the cgp
queue
> >>>
> > file
> >
> >>>          $i++;
> >>>          $file = $ARGV[$i];
> >>>          }
> >>>       elsif ($ARGV[$i] eq "-c") {   # just check queue sizes and
> >>>
> > print
> >
> >> result
> >>
> >>> 	 $checkonly = 1;
> >>>          }
> >>>       else {                        # left over from debugging,
> >>>
> > these
> >
> >>>          push (@argv, $ARGV[$i]);   # aren't actually used
> >>>          }
> >>>       }
> >>>    }
> >>> if (! $file) {
> >>> 	$checkonly = 1;		# default if no parameters passed
> >>> }
> >>>
> >>> $qdir = check_queues();		# load balance between servers
> >>> if ($checkonly) {
> >>> 	exit(0);
> >>> }
> >>>
> >>> open (JOB, "<$file");
> >>> open (QF, ">$qdir/msqf$$");    # minimize file moving by writing
to
> >>>
> >> final dir but
> >>
> >>> open (DF, ">$qdir/msdf$$");    #  under a different name to
prevent
> >>>
> >> Mailscanner taking it
> >>
> >>> print QF "V4\n";              # I don't think MS actually uses
these
> >>> print QF "T" . time . "\n";   # qf lines, but it helps the qf file
> >>> print QF "K0\n";              # be a little more authentic
> >>> print QF "N0\n";              #
> >>> print QF "P150900\n";         #
> >>>
> >>> $inmeta = 1;  # when reading the job file, are we still in the
meta
> >>>
> >> data?
> >>
> >>> $inhdr = 0;   # when reading the job file, are we in the rfc822
> >>>
> > headers?
> >
> >>> $inbody = 0;  # when reading the job file, are we in the rfc822
> >>>
> >> body/data?
> >>
> >>> $rec = 0;     # have we read the most recent Received header yet?
> >>>               # the most recent (first listed) Received header
will
> >>>               # tell us the information we'll use in the qf file's
> >>>
> > $_
> >
> >>>               # which is "which host relayed this message to us"
> >>>
> >>> while (defined ($line = <JOB>)) {
> >>>    chomp $line;
> >>>    if ($line eq "") {  # blank lines demark meta, headers, and
body
> >>>
> >> sections
> >>
> >>>       if ($inmeta) {
> >>>          $inmeta = 0; $inhdr = 1;
> >>>          }
> >>>       elsif ($inhdr) {
> >>>          $inhdr = 0; $inbody = 1;
> >>> 	 copy_stdin;
> >>>          if ( !($rec) ) {    # no received header = from localhost
> >>>             $rec = 1;
> >>>             print QF "\$_localhost [127.0.0.1]\n";    # print
relay
> >>>
> > host
> >
> >>>             print QF "S$from\n";      # print sender
> >>>             foreach $to (@rcpt) {     # print the recipient list
> >>>                print QF "RPFD:$to\n";
> >>>                }
> >>>             }
> >>>          }
> >>>       }
> >>>    elsif ($inmeta) {
> >>>       if ($line =~ /^P/) {
> >>>          @tempv = split(/ /, $line);
> >>>          $from = $tempv[7];
> >>>          }
> >>>       elsif ($line =~ /^R/) {
> >>>          @tempv = split(/ /, $line);
> >>>          $rcpt = $tempv[7];
> >>>          push (@rcpt, $rcpt);
> >>>          }
> >>>       }
> >>>    elsif ($inhdr) {
> >>>       if ( (!($rec)) && ($line =~ /^Received:/) ) { # get relay
host
> >>>          $rec = 1;
> >>>          if ($line =~ /^Received: from (.*) \((.* )?(\[.*\]).*/) {
> >>>             if (defined $2) {
> >>>                $h = $2;
> >>>                $h =~ s/\s*$//;
> >>>                }
> >>>             else {
> >>>                $h = $1;
> >>>                }
> >>>             $a = $3;
> >>>             print QF "\$_$h $a\n";    # print relay host
> >>>             }
> >>>          else {
> >>>             $line =~ /^Received: from (\[.*\]).*/;
> >>>             $a = $1;
> >>>             print QF "\$_$a\n";    # print relay host
> >>>             }
> >>>          print QF "S$from\n";      # print sender
> >>>          foreach $to (@rcpt) {     # print the recipient list
> >>>             print QF "RPFD:$to\n";
> >>>             }
> >>>          print QF "H$line\n";  # then print the Received header
> >>>          }
> >>>       elsif ($line  !~ /^\s/) {    # get a header
> >>>          print QF "H$line\n";
> >>>          }
> >>>       else {                       # get the rest of a multi-line
> >>>
> > header
> >
> >>>          print QF "$line\n";
> >>>          }
> >>>       }
> >>>    if ($inbody) {
> >>>       print DF "$line\n";
> >>>       }
> >>>    }
> >>>
> >>> print QF ".\n"; # bat book 23.9.19, qf file should end in a "^\.$"
> >>>
> > line.
> >
> >>> close (DF);
> >>> close (QF);
> >>> close(JOB);
> >>>
> >>> # Rename the df file first, as Mailscanner looks for the qf and
> >>>
> > might
> >
> >> interfere
> >>
> >>> #   Note that this used to mv the files from /tmp to qdir, but a
> >>>
> >> fraction of the time
> >>
> >>> #   this failed due to race conditions with Mailscanner
> >>> rename ("$qdir/msdf$$", "$qdir/df$$");
> >>> rename ("$qdir/msqf$$", "$qdir/qf$$");
> >>>
> >>> exit(0);
> >>>
> >>>
> >>>
> >
------------------------------------------------------------------------
> >
> >>> #!/usr/bin/perl
> >>>
> >>> #   ms2cgp - part of a MailScanner to CommuniGate Pro gateway
> >>> #   Copyright (C) 2003  The Regents of the University of
California
> >>> #
> >>> #   This program is free software; you can redistribute it and/or
> >>>
> > modify
> >
> >>> #   it under the terms of the GNU General Public License as
> >>>
> > published by
> >
> >>> #   the Free Software Foundation; either version 2 of the License,
> >>>
> > or
> >
> >>> #   (at your option) any later version.
> >>> #
> >>> #   This program is distributed in the hope that it will be
useful,
> >>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
> >>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> >>> #   GNU General Public License for more details.
> >>> #
> >>> #   You should have received a copy of the GNU General Public
> >>>
> > License
> >
> >>> #   along with this program; if not, write to the Free Software
> >>> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
> >>>
> > 02111-1307
> >
> >> USA
> >>
> >>> #
> >>> #   The Author, John Rudd, can be by email at
> >>> #      jrudd@ucsc.edu
> >>> #
> >>> #
> >>> # ms2cgp -qI(id) ...
> >>> #
> >>> # This program acts as Mailscanner's outgoing "Sendmail2" program,
> >>>
> >> taking
> >>
> >>> # an argument for each message Mailscanner (MS) has finished
> >>>
> > processing,
> >
> >>> # and using that argument to find the pair of sendmail mqueue
files
> >>>
> > that
> >
> >>> # make up the message.  This program then re-combines them into an
> >>>
> >> rfc822
> >>
> >>> # file and submits them back to Communigate Pro (CGP) via its
> >>>
> > Submitted
> >
> >> directory
> >>
> >>> #
> >>> # Modified 11/4/04 by Randy Lindsey to skip "sendmail" program and
> >>>
> > just
> >
> >>> #   write directly to Submitted in RFC822 format.
> >>>
> >>> my $ServerPrefix = "MS1";	# make this unique per server
> >>> my $QDIR = "/etc/MailScanner/shared/queues/ms1/out";             #
> >>>
> > where
> >
> >> MS sticks outgoing msgs.
> >>
> >>> my $SubDir = "/etc/MailScanner/mail.cluster/submx00";	# CG's
> >>>
> >> Submitted directory
> >>
> >>> # my $Archive = "/extra/archivems2cgp/ia";
> >>>
> >>> my ($job, $from, $rcpt, $df, $qf, $msg, $line);
> >>>
> >>> use Sys::Syslog;
> >>> openlog('ms2cgp', 'pid', 'user');
> >>>
> >>> foreach $job (@ARGV) {
> >>>    $job =~ s/^-qI//;
> >>>    $qf = $QDIR . "/qf" . $job;     # the sendmail formatted queue
> >>>
> > file
> >
> >>>    $df = $QDIR . "/df" . $job;     # the sendmail formatted data
> >>>
> > file
> >
> >>>    $msg = $SubDir . "/" . $ServerPrefix . ".ms2cgp.$job.$$.tmp";
> >>>
> > #
> >
> >> the tempfile we'll give to CGP
> >>
> >>>    $rcpt = "";
> >>>
> >>>    # syslog('info', "Job $job copying to archive $Archive");
> >>>    # system("/bin/cp -f $qf $Archive/qf$job");
> >>>    # system("/bin/cp -f $df $Archive/df$job");
> >>>
> >>>    	syslog ('info', "job = $job");
> >>> 		closelog();
> >>>    	syslog ('info', "qf = $qf");
> >>> 		closelog();
> >>> 	syslog ('info', "df = $df");
> >>> 		closelog();
> >>> 	syslog ('info', "msg = $msg");
> >>> 		closelog();
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>    syslog('info', "Job $job writing to $msg");
> >>>    if (! open (QF, "<$qf")) {
> >>>       syslog('info', "Open input $qf failed, dying");
> >>>       closelog();
> >>>       die "Open input $qf failed!";
> >>>    }
> >>>    if (-e $msg) {
> >>>       syslog('info', "Output file exists $msg so failed, dying");
> >>>       closelog();
> >>>       die "Output file exists $msg";
> >>>    }
> >>>    if (! open (MSG, ">$msg")) {
> >>>       syslog('info', "Open output $msg failed, dying");
> >>>       closelog();
> >>>       die "Open output $msg failed!";
> >>>    }
> >>>
> >>>    while (defined ($line = <QF>) ) {
> >>>       chomp $line;
> >>>
> >>>       last if ($line =~ /^\./);  # Bat book 23.9.19
> >>>
> >>>       if ($line =~ /^R/) {     # This is needed for Bcc per CGate
> >>>
> > Pipe
> >
> >> specs (see help file)
> >>
> >>>          $line =~ s/^R[A-Z]*:/Envelope-To: /;  # change sendmail
> >>>
> > RPFD to
> >
> >> Envelope-To
> >>
> >>>          print MSG "$line\n";
> >>>          }
> >>>       elsif ($line =~ /^H/) {     # get the headers and put them
in
> >>>
> > the
> >
> >> msg
> >>
> >>>          $line =~ s/^H//;
> >>>          print MSG "$line\n";
> >>>          }
> >>>       elsif ($line =~ /^\s/) {    # these should only be on
> >>>
> > line-wrapped
> >
> >>>          print MSG "$line\n";     # headers, so put them in the
msg
> >>>          }
> >>>       # there's no "else" because we don't care about the other
> >>>
> > lines
> >
> >>>       }
> >>>
> >>>    print MSG "\n"; # put in a blank line to make sure there's one
> >>>
> >> between the
> >>
> >>>                    # headers and the data
> >>>
> >>>    close (QF);
> >>>    close (MSG);
> >>>
> >>>    # append the sendmail data file to the cgp message
> >>>    if (system ("/bin/cat $df >> $msg") == 0) {
> >>>       if (rename ($msg, "$msg.sub")) {
> >>> 	 system ("/bin/rm $df $qf");
> >>>       } else {
> >>> 	 syslog('info', "rename $msg $msg.sub failed");
> >>>       }
> >>>    } else {
> >>>       syslog('info', "cat $df to $msg failed");
> >>>    }
> >>> }
> >>> closelog();
> >>> exit(0);
> >>>
> >>>
> >>>
> >> --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >
> >
> >
> >
> >
**********************************************************************
> > Confidentiality : This e-mail and any attachments are intended for
the
> > addressee only and may be confidential. If they come to you in error
> > you must take no action based on them, nor must you copy or show
them
> > to anyone. Please advise the sender by replying to this e-mail
> > immediately and then delete the original from your computer.
> >
> > Opinion : Any opinions expressed in this e-mail are entirely those
of
> > the author and unless specifically stated to the contrary, are not
> > necessarily those of the author's employer.
> >
> > Security Warning : Internet e-mail is not necessarily a secure
> > communications medium and can be subject to data corruption. We
advise
> > that you consider this fact when e-mailing us.
> >
> > Viruses : We have taken steps to ensure that this e-mail and any
> > attachments are free from known viruses but in keeping with good
> > computing practice, you should ensure that they are virus free.
> >
> > Red Lion 49 Ltd T/A Solid State Logic
> > Registered as a limited company in England and Wales
> > (Company No:5362730)
> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> > United Kingdom
> >
**********************************************************************
> >
> >
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From vasiliy at linuxspecial.com  Wed Jan 17 19:03:54 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 18:06:22 2007
Subject: ----SPAM---- 05.29  RE: ----SPAM---- 05.29  RE: NO! Dont go!
 ms2cgp problem
In-Reply-To: <95462ca6589c1d4b9b90ab6ded8b36f1@solidstatelogic.com>
References: <95462ca6589c1d4b9b90ab6ded8b36f1@solidstatelogic.com>
Message-ID: <45AE650A.8070200@linuxspecial.com>

I will take a look at the at flock vs posix...

BUT

I have fixed this for the short run...

Attn Julian :)  Please let me know if this is an awful thing to do

In /usr/lib/MailScanner/MailScanner/Sendmail.pm:  I just added another 
line to overwrite $args to just the $ids without the other stuff, and 
things are working great...

 if ($ids) {
      my $outqdir = MailScanner::Config::Value('outqueuedir');
      $args = " -OQueueDirectory=$outqdir " if $outqdir;
      $args .= $ids;
      $args .= ' &' if MailScanner::Config::Value('deliverinbackground');
      #print STDERR "About to do \"" . 
MailScanner::Config::Value('sendmail2') . $args . "\"\n";
        #Vasiliy
        $args = $ids;

      system(MailScanner::Config::Value('sendmail2') . $args);
    }
  }


So, what changed, and where did I goof :)

THANKS GUYS! :)

PS   Is this OK to keep on the production system :)

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Martin.Hepworth wrote:
> Vasiliy
>
> I just mention is 'cos the default lock type on sendmail MTA types
> changed a couple of versions ago from flock to posix.....as most people
> are now running sendmail 8.13 which uses posix rather than previous
> versions of sendmail which use flock.
>
> Might be worth a quick test to see what happens if you make it flock
> rather than the new default of posix.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Vasiliy Boulytchev
>> Sent: 17 January 2007 17:34
>> To: MailScanner discussion
>> Subject: Re: ----SPAM---- 05.29 RE: NO! Dont go! ms2cgp problem
>>
>> Dont know :)
>>
>> My Queues are on NFS...  I have not changed the locktype from
>> default...  All the messages just pile up in the MS Outgoing queue
>> directory.  So I can run the fix.pl to process all the messages
>>     
> instead
>   
>> of using ms2cgp, but that becomes problematic.
>>
>> Vasiliy Boulytchev
>> vasiliy@linuxspecial.com
>>
>>
>>
>> Martin.Hepworth wrote:
>>     
>>> Vasiliy
>>>
>>> Nothing to do with the recent change in MS's lock type is it??
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>>       
>>>> -----Original Message-----
>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>>         
> [mailto:mailscanner-
>   
>>>> bounces@lists.mailscanner.info] On Behalf Of Vasiliy Boulytchev
>>>> Sent: 17 January 2007 17:11
>>>> To: MailScanner discussion
>>>> Cc: jrudd@ucsc.edu
>>>> Subject: Re: NO! Dont go! ms2cgp problem
>>>>
>>>> OK, a bit more information...
>>>>
>>>> cd /usr
>>>> grep -R QueueDirectory *
>>>>
>>>> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q30m
>>>> -OQueueDirectory=/var/spool/mqueue.spam
>>>> lib/MailScanner/MailScanner/CustomConfig.pm:#    sendmail -q60m
>>>> -OQueueDirectory=/var/spool/mqueue.highspam
>>>> lib/MailScanner/MailScanner/Sendmail.pm:      $args = "
>>>> -OQueueDirectory=$outqdir " if $outqdir;
>>>>
>>>>
>>>>         
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>   
>>>> 4.57.6/lib/MailScanner/CustomConfig.pm:#
>>>> sendmail -q30m -OQueueDirectory=/var/spool/mqueue.spam
>>>>
>>>>         
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>   
>>>> 4.57.6/lib/MailScanner/CustomConfig.pm:#
>>>> sendmail -q60m -OQueueDirectory=/var/spool/mqueue.highspam
>>>>
>>>>         
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>   
>>>> 4.57.6/lib/MailScanner/Sendmail.pm:
>>>> $args = " -OQueueDirectory=$outqdir " if $outqdir;
>>>>
>>>>         
> src/mailscanner/src/MailScanner-install-4.57.6/perl-tar/MailScanner-
>   
>>>> 4.57.6/INSTALL.OpenBSD:
>>>> sendmail_flags="-bd -OPrivacyOptions=noetrn
>>>>         
> -ODeliveryMode=queueonly
>   
>>>> -OQueueDirectory=/var/spool/mqueue.in"
>>>>
>>>> Any suggestions? :)
>>>>
>>>> Again, I really dont need sendmail, I dont know why its everywhere.
>>>> probably my misunderstanding....
>>>>
>>>> Vasiliy Boulytchev
>>>> vasiliy@linuxspecial.com
>>>>
>>>>
>>>>
>>>> Vasiliy Boulytchev wrote:
>>>>
>>>>         
>>>>> John,
>>>>>    First of all, THANK YOU SO MUCH for helping us out!  I have
>>>>>           
> been
>   
>>>>> using your cgp2ms and ms2cgp scripts for years flawlessly.
>>>>>    Now that you decide to leave us, I get a problem with ms2cgp on
>>>>>           
> a
>   
>>>>> new install...
>>>>>
>>>>>    It seems the MS is not giving the correct $job value to the
>>>>>
>>>>>           
>>> ms2cgp
>>>
>>>       
>>>>> script.... syslog:
>>>>>
>>>>> --
>>>>>    Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: job =
>>>>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: qf =
>>>>> /etc/MailScanner/shared/queues/ms1/out/qf-
>>>>>
>>>>>           
>>>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>>>
>>>>         
>>>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: df =
>>>>> /etc/MailScanner/shared/queues/ms1/out/df-
>>>>>
>>>>>           
>>>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>>>
>>>>         
>>>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: msg =
>>>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
>>>>>
>>>>>           
>>>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
>>>>
>>>>         
>>>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Job
>>>>> -OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out writing to
>>>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.-
>>>>>
>>>>>           
>>>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out.19781.tmp
>>>>
>>>>         
>>>>> Jan 17 11:02:20 mailscanner1 ms2cgp[19781]: Open input
>>>>> /etc/MailScanner/shared/queues/ms1/out/qf-
>>>>>
>>>>>           
>>>> OQueueDirectory=/etc/MailScanner/shared/queues/ms1/out
>>>>
>>>>         
>>>>> failed, dying
>>>>> --
>>>>>
>>>>>    Now, if I call ms2cgp from commandline via this script:
>>>>>   #!/usr/bin/perl -w
>>>>>
>>>>> opendir(DIR, ".");
>>>>> @files = grep(/qf/,readdir(DIR));
>>>>> closedir(DIR);
>>>>>
>>>>> foreach $file (@files) {
>>>>>        substr($file, 0, 1) = "";
>>>>>        substr($file, 0, 1) = "";
>>>>>        system ("/usr/local/etc/ms2cgp $file");
>>>>> }
>>>>>
>>>>>    The batch processes just fine, syslog:
>>>>>
>>>>> --
>>>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: job = 19659
>>>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: qf =
>>>>> /etc/MailScanner/shared/queues/ms1/out/qf19659
>>>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: df =
>>>>> /etc/MailScanner/shared/queues/ms1/out/df19659
>>>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: msg =
>>>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
>>>>> Jan 17 11:07:53 mailscanner1 ms2cgp[19859]: Job 19659 writing to
>>>>> /etc/MailScanner/mail.cluster/submx00/MS1.ms2cgp.19659.19859.tmp
>>>>> --
>>>>>
>>>>>    So it seems to me, MS is not passing the correct $job value...
>>>>> furthermore, why is it making it -OQueueDirectory!?!?!?
>>>>>
>>>>>    What do you guys think?
>>>>>
>>>>>    THANK YOU VERY MUCH!!!  My cgp2ms and ms2cgp scripts are
>>>>>
>>>>>           
>>> attached.
>>>
>>>       
>>>>> Vasiliy Boulytchev
>>>>> vasiliy@linuxspecial.com
>>>>>
>>>>>
>>>>>
>>>>> John Rudd wrote:
>>>>>
>>>>>           
>>>>>> Just wanted to thank everyone at this list, starting with Julian,
>>>>>>
>>>>>>             
>>> but
>>>
>>>       
>>>>>> also several of the subscribers who given a lot of information
>>>>>>             
> and
>   
>>>>>> input over the years I've been here.  At some points, this was an
>>>>>> incredibly valuable and informative mailing list for me.
>>>>>>
>>>>>> And, what has changed is not the list.  The list, and the vast
>>>>>> majority of its subscribers, are still great.  What changed were
>>>>>>             
> my
>   
>>>>>> anti-spam/anti-virus needs.  I'm moving to solutions that operate
>>>>>> entirely during the SMTP session.  As a result, I decommissioned
>>>>>>             
> my
>   
>>>>>> last mailscanner system 2 weeks ago.
>>>>>>
>>>>>> After a short waiting period to be sure I wasn't going to need to
>>>>>> roll back, or have any other mailscanner related questions, I'm
>>>>>>
>>>>>>             
>>> going
>>>
>>>       
>>>>>> to be unsubscribing from the list later today.
>>>>>>
>>>>>> I wish all of you the best, and thank you for a great set of
>>>>>> software, a great source of information resources, and a great
>>>>>>
>>>>>>             
>>> source
>>>
>>>       
>>>>>> of conversation over the last 4 or 5 years.
>>>>>>
>>>>>>             
> ------------------------------------------------------------------------
>   
>>>>> #!/usr/bin/perl
>>>>>
>>>>> #   cgp2ms - part of a MailScanner to CommuniGate Pro gateway
>>>>> #   Copyright (C) 2003  The Regents of the University of
>>>>>           
> California
>   
>>>>> #
>>>>> #   This program is free software; you can redistribute it and/or
>>>>>
>>>>>           
>>> modify
>>>
>>>       
>>>>> #   it under the terms of the GNU General Public License as
>>>>>
>>>>>           
>>> published by
>>>
>>>       
>>>>> #   the Free Software Foundation; either version 2 of the License,
>>>>>
>>>>>           
>>> or
>>>
>>>       
>>>>> #   (at your option) any later version.
>>>>> #
>>>>> #   This program is distributed in the hope that it will be
>>>>>           
> useful,
>   
>>>>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>>>> #   GNU General Public License for more details.
>>>>> #
>>>>> #   You should have received a copy of the GNU General Public
>>>>>
>>>>>           
>>> License
>>>
>>>       
>>>>> #   along with this program; if not, write to the Free Software
>>>>> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
>>>>>
>>>>>           
>>> 02111-1307
>>>
>>>       
>>>> USA
>>>>
>>>>         
>>>>> #
>>>>> #   The Author, John Rudd, can be by email at
>>>>> #      jrudd@ucsc.edu
>>>>> #
>>>>> # cgp2ms -f file   Actually process the given file
>>>>> #  or
>>>>> # cgp2ms -c   Just check the queue sizes and print result
>>>>> #
>>>>> # This program is used by CommuniGate Pro as an "execute" filter.
>>>>>
>>>>>           
>>> It
>>>
>>>       
>>>> takes
>>>>
>>>>         
>>>>> # in arguments that define where the CommuniGate Pro (CGP) queue
>>>>>
>>>>>           
>>> file
>>>
>>>       
>>>> lives
>>>>
>>>>         
>>>>> # and uses the queue file to create a sendmail formated queue file
>>>>>
>>>>>           
>>> (qf)
>>>
>>>       
>>>> and
>>>>
>>>>         
>>>>> # data file (df) pair.  These two files are then inserted into the
>>>>> # MailScanner (MS) incoming queue directory.  When MS is done, it
>>>>>
>>>>>           
>>> will
>>>
>>>       
>>>> use a
>>>>
>>>>         
>>>>> # program which is a companion to this one, ms2cgp, # to give the
>>>>>
>>>>>           
>>>> message
>>>>
>>>>         
>>>>> # back to CGP.
>>>>> #
>>>>> # Modified 10/2004 by Vasiliy Boulytchev and Randy Lindsey
>>>>> #   Added load balancing and sped up processing for larger volume
>>>>> # 12/19/2004 Randy Lindsey
>>>>> #   Rather than read queuedirs for qf* files across remote shares,
>>>>> #   this version reads a set of files created on each system
>>>>>
>>>>>           
>>> containing
>>>
>>>       
>>>> the queue count
>>>>
>>>>         
>>>>> #
>>>>> # To take a host offline, just comment out its line in hostlist
>>>>> %hostlist = (
>>>>> #	IA => '/var/CommuniGate/MailScanner/Incoming',
>>>>> #	TX2 => '/usr/local/mailscanner.tx2',
>>>>> #	AZ => '/usr/local/mailscanner.az',
>>>>> #	TMP => '/usr/local/mailscanner.tmp',
>>>>> #	CA => '/usr/local/mailscanner.ak/mailscanner.in',
>>>>> 	MS1 => '/var/CommuniGate/MS.Status/queues/ms1/in',
>>>>> #	MS2 => '/usr/local/mailscanner.ak/mailscanner.ms2.in',
>>>>> #	MS3 => '/usr/local/mailscanner.ak/mailscanner.ms3.in',
>>>>> #	MS4 => '/usr/local/mailscanner.ak/mailscanner.ms4.in',
>>>>> #	MS5 => '/usr/local/mailscanner.ak/mailscanner.ms5.in',
>>>>> #	MS6 => '/usr/local/mailscanner.ak/mailscanner.ms6.in',
>>>>> #	MS7 => '/usr/local/mailscanner.ak/mailscanner.ms7.in',
>>>>> #	MS8 => '/usr/local/mailscanner.ak/mailscanner.ms8.in',
>>>>> #	MS9 => '/usr/local/mailscanner.ak/mailscanner.ms9.in',
>>>>> );
>>>>>
>>>>> # hostspeed - larger numbers are faster
>>>>> %hostspeed = (
>>>>> #	IA => 1,
>>>>> #	TX2 => 4,
>>>>> #	AZ => 0.6,
>>>>> #	CA => 9,
>>>>> #	TMP => 100,
>>>>> 	MS1 => 2,
>>>>> 	MS2 => 2,
>>>>> 	MS3 => 2,
>>>>> 	MS4 => 15,
>>>>> 	MS5 => 15,
>>>>> 	MS6 => 30,
>>>>> 	MS7 => 30,
>>>>> 	MS8 => 30,
>>>>> 	MS9 => 30,
>>>>> );
>>>>>
>>>>> sub check_one { #$queuedirname
>>>>> 	open DH, "</var/CommuniGate/MS.Status/queues/count/$_[0]" or
>>>>>
>>>>>           
>>> return
>>>
>>>       
>>>> 999999;
>>>>
>>>>         
>>>>> 	read(DH, $MsgsInQueue, 10);
>>>>> 	close DH;
>>>>> 	chomp $MsgsInQueue;
>>>>> 	return $MsgsInQueue;
>>>>> }
>>>>>
>>>>> sub check_queues {
>>>>>
>>>>> 	$totfiles = 0;
>>>>> 	$totpoints = 0;
>>>>> 	foreach my $hostid (keys %hostlist) {
>>>>> 		$hostfiles{$hostid} = check_one(lc($hostid));
>>>>> 		$totfiles += $hostfiles{$hostid};
>>>>> 		# Assign points based on relative system speed
>>>>> 		#   We scale it up by 737 to reduce rounding errors with
>>>>>
>>>>>           
>>> small
>>>
>>>       
>>>> numbers
>>>>
>>>>         
>>>>> 		if ($hostspeed{$hostid}) {
>>>>> 			$hostpoints{$hostid} = ($hostfiles{$hostid} *
>>>>>
>>>>>           
>>> 737) /
>>>
>>>       
>>>> $hostspeed{$hostid};
>>>>
>>>>         
>>>>> 		}
>>>>> 		else {
>>>>> 			$hostpoints{$hostid} = $hostfiles{$hostid};
>>>>> 		}
>>>>> 	}
>>>>>
>>>>> 	@hostsort = sort { $hostpoints{$a} <=> $hostpoints{$b} } keys
>>>>>
>>>>>           
>>>> %hostpoints;
>>>>
>>>>         
>>>>> 	printf ("MailScanner to %s - Tot:%2u ",
>>>>> 		$hostsort[0], $totfiles);  # displays in CommuniGate
>>>>>
>>>>>           
>>> logs
>>>
>>>       
>>>>> 	foreach my $hostid (keys %hostlist) {
>>>>> 		printf ("%s:%2u/%2u ", $hostid, $hostfiles{$hostid},
>>>>>
>>>>>           
>>>> $hostpoints{$hostid});
>>>>
>>>>         
>>>>> 	}
>>>>> 	print ("\n");
>>>>> 	return $hostlist{$hostsort[0]};
>>>>> }
>>>>>
>>>>> sub copy_stdin {
>>>>> 	# Extra headers added by prior rules
>>>>> 	my $hdrline;
>>>>> 	while (defined($hdrline = <STDIN>)) {
>>>>> 		print QF "H$hdrline";
>>>>> 		print " $hdrline ";	# display in logs
>>>>> 	}
>>>>> }
>>>>>
>>>>> my ($i, $file, $from, $rcpt, @tempv, @rcpt, @argv, $inbody,
>>>>>           
> $inhdr,
>   
>>>> $inmeta);
>>>>
>>>>         
>>>>> $checkonly = 0;
>>>>> for ($i = 0; $i <= $#ARGV; $i++) {  # parse in the arguments
>>>>>    if (defined($ARGV[$i])) {
>>>>>       if ($ARGV[$i] eq "-f") {      # the location of the cgp
>>>>>           
> queue
>   
>>> file
>>>
>>>       
>>>>>          $i++;
>>>>>          $file = $ARGV[$i];
>>>>>          }
>>>>>       elsif ($ARGV[$i] eq "-c") {   # just check queue sizes and
>>>>>
>>>>>           
>>> print
>>>
>>>       
>>>> result
>>>>
>>>>         
>>>>> 	 $checkonly = 1;
>>>>>          }
>>>>>       else {                        # left over from debugging,
>>>>>
>>>>>           
>>> these
>>>
>>>       
>>>>>          push (@argv, $ARGV[$i]);   # aren't actually used
>>>>>          }
>>>>>       }
>>>>>    }
>>>>> if (! $file) {
>>>>> 	$checkonly = 1;		# default if no parameters passed
>>>>> }
>>>>>
>>>>> $qdir = check_queues();		# load balance between servers
>>>>> if ($checkonly) {
>>>>> 	exit(0);
>>>>> }
>>>>>
>>>>> open (JOB, "<$file");
>>>>> open (QF, ">$qdir/msqf$$");    # minimize file moving by writing
>>>>>           
> to
>   
>>>> final dir but
>>>>
>>>>         
>>>>> open (DF, ">$qdir/msdf$$");    #  under a different name to
>>>>>           
> prevent
>   
>>>> Mailscanner taking it
>>>>
>>>>         
>>>>> print QF "V4\n";              # I don't think MS actually uses
>>>>>           
> these
>   
>>>>> print QF "T" . time . "\n";   # qf lines, but it helps the qf file
>>>>> print QF "K0\n";              # be a little more authentic
>>>>> print QF "N0\n";              #
>>>>> print QF "P150900\n";         #
>>>>>
>>>>> $inmeta = 1;  # when reading the job file, are we still in the
>>>>>           
> meta
>   
>>>> data?
>>>>
>>>>         
>>>>> $inhdr = 0;   # when reading the job file, are we in the rfc822
>>>>>
>>>>>           
>>> headers?
>>>
>>>       
>>>>> $inbody = 0;  # when reading the job file, are we in the rfc822
>>>>>
>>>>>           
>>>> body/data?
>>>>
>>>>         
>>>>> $rec = 0;     # have we read the most recent Received header yet?
>>>>>               # the most recent (first listed) Received header
>>>>>           
> will
>   
>>>>>               # tell us the information we'll use in the qf file's
>>>>>
>>>>>           
>>> $_
>>>
>>>       
>>>>>               # which is "which host relayed this message to us"
>>>>>
>>>>> while (defined ($line = <JOB>)) {
>>>>>    chomp $line;
>>>>>    if ($line eq "") {  # blank lines demark meta, headers, and
>>>>>           
> body
>   
>>>> sections
>>>>
>>>>         
>>>>>       if ($inmeta) {
>>>>>          $inmeta = 0; $inhdr = 1;
>>>>>          }
>>>>>       elsif ($inhdr) {
>>>>>          $inhdr = 0; $inbody = 1;
>>>>> 	 copy_stdin;
>>>>>          if ( !($rec) ) {    # no received header = from localhost
>>>>>             $rec = 1;
>>>>>             print QF "\$_localhost [127.0.0.1]\n";    # print
>>>>>           
> relay
>   
>>> host
>>>
>>>       
>>>>>             print QF "S$from\n";      # print sender
>>>>>             foreach $to (@rcpt) {     # print the recipient list
>>>>>                print QF "RPFD:$to\n";
>>>>>                }
>>>>>             }
>>>>>          }
>>>>>       }
>>>>>    elsif ($inmeta) {
>>>>>       if ($line =~ /^P/) {
>>>>>          @tempv = split(/ /, $line);
>>>>>          $from = $tempv[7];
>>>>>          }
>>>>>       elsif ($line =~ /^R/) {
>>>>>          @tempv = split(/ /, $line);
>>>>>          $rcpt = $tempv[7];
>>>>>          push (@rcpt, $rcpt);
>>>>>          }
>>>>>       }
>>>>>    elsif ($inhdr) {
>>>>>       if ( (!($rec)) && ($line =~ /^Received:/) ) { # get relay
>>>>>           
> host
>   
>>>>>          $rec = 1;
>>>>>          if ($line =~ /^Received: from (.*) \((.* )?(\[.*\]).*/) {
>>>>>             if (defined $2) {
>>>>>                $h = $2;
>>>>>                $h =~ s/\s*$//;
>>>>>                }
>>>>>             else {
>>>>>                $h = $1;
>>>>>                }
>>>>>             $a = $3;
>>>>>             print QF "\$_$h $a\n";    # print relay host
>>>>>             }
>>>>>          else {
>>>>>             $line =~ /^Received: from (\[.*\]).*/;
>>>>>             $a = $1;
>>>>>             print QF "\$_$a\n";    # print relay host
>>>>>             }
>>>>>          print QF "S$from\n";      # print sender
>>>>>          foreach $to (@rcpt) {     # print the recipient list
>>>>>             print QF "RPFD:$to\n";
>>>>>             }
>>>>>          print QF "H$line\n";  # then print the Received header
>>>>>          }
>>>>>       elsif ($line  !~ /^\s/) {    # get a header
>>>>>          print QF "H$line\n";
>>>>>          }
>>>>>       else {                       # get the rest of a multi-line
>>>>>
>>>>>           
>>> header
>>>
>>>       
>>>>>          print QF "$line\n";
>>>>>          }
>>>>>       }
>>>>>    if ($inbody) {
>>>>>       print DF "$line\n";
>>>>>       }
>>>>>    }
>>>>>
>>>>> print QF ".\n"; # bat book 23.9.19, qf file should end in a "^\.$"
>>>>>
>>>>>           
>>> line.
>>>
>>>       
>>>>> close (DF);
>>>>> close (QF);
>>>>> close(JOB);
>>>>>
>>>>> # Rename the df file first, as Mailscanner looks for the qf and
>>>>>
>>>>>           
>>> might
>>>
>>>       
>>>> interfere
>>>>
>>>>         
>>>>> #   Note that this used to mv the files from /tmp to qdir, but a
>>>>>
>>>>>           
>>>> fraction of the time
>>>>
>>>>         
>>>>> #   this failed due to race conditions with Mailscanner
>>>>> rename ("$qdir/msdf$$", "$qdir/df$$");
>>>>> rename ("$qdir/msqf$$", "$qdir/qf$$");
>>>>>
>>>>> exit(0);
>>>>>
>>>>>
>>>>>
>>>>>           
> ------------------------------------------------------------------------
>   
>>>>> #!/usr/bin/perl
>>>>>
>>>>> #   ms2cgp - part of a MailScanner to CommuniGate Pro gateway
>>>>> #   Copyright (C) 2003  The Regents of the University of
>>>>>           
> California
>   
>>>>> #
>>>>> #   This program is free software; you can redistribute it and/or
>>>>>
>>>>>           
>>> modify
>>>
>>>       
>>>>> #   it under the terms of the GNU General Public License as
>>>>>
>>>>>           
>>> published by
>>>
>>>       
>>>>> #   the Free Software Foundation; either version 2 of the License,
>>>>>
>>>>>           
>>> or
>>>
>>>       
>>>>> #   (at your option) any later version.
>>>>> #
>>>>> #   This program is distributed in the hope that it will be
>>>>>           
> useful,
>   
>>>>> #   but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>>>> #   GNU General Public License for more details.
>>>>> #
>>>>> #   You should have received a copy of the GNU General Public
>>>>>
>>>>>           
>>> License
>>>
>>>       
>>>>> #   along with this program; if not, write to the Free Software
>>>>> #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
>>>>>
>>>>>           
>>> 02111-1307
>>>
>>>       
>>>> USA
>>>>
>>>>         
>>>>> #
>>>>> #   The Author, John Rudd, can be by email at
>>>>> #      jrudd@ucsc.edu
>>>>> #
>>>>> #
>>>>> # ms2cgp -qI(id) ...
>>>>> #
>>>>> # This program acts as Mailscanner's outgoing "Sendmail2" program,
>>>>>
>>>>>           
>>>> taking
>>>>
>>>>         
>>>>> # an argument for each message Mailscanner (MS) has finished
>>>>>
>>>>>           
>>> processing,
>>>
>>>       
>>>>> # and using that argument to find the pair of sendmail mqueue
>>>>>           
> files
>   
>>> that
>>>
>>>       
>>>>> # make up the message.  This program then re-combines them into an
>>>>>
>>>>>           
>>>> rfc822
>>>>
>>>>         
>>>>> # file and submits them back to Communigate Pro (CGP) via its
>>>>>
>>>>>           
>>> Submitted
>>>
>>>       
>>>> directory
>>>>
>>>>         
>>>>> #
>>>>> # Modified 11/4/04 by Randy Lindsey to skip "sendmail" program and
>>>>>
>>>>>           
>>> just
>>>
>>>       
>>>>> #   write directly to Submitted in RFC822 format.
>>>>>
>>>>> my $ServerPrefix = "MS1";	# make this unique per server
>>>>> my $QDIR = "/etc/MailScanner/shared/queues/ms1/out";             #
>>>>>
>>>>>           
>>> where
>>>
>>>       
>>>> MS sticks outgoing msgs.
>>>>
>>>>         
>>>>> my $SubDir = "/etc/MailScanner/mail.cluster/submx00";	# CG's
>>>>>
>>>>>           
>>>> Submitted directory
>>>>
>>>>         
>>>>> # my $Archive = "/extra/archivems2cgp/ia";
>>>>>
>>>>> my ($job, $from, $rcpt, $df, $qf, $msg, $line);
>>>>>
>>>>> use Sys::Syslog;
>>>>> openlog('ms2cgp', 'pid', 'user');
>>>>>
>>>>> foreach $job (@ARGV) {
>>>>>    $job =~ s/^-qI//;
>>>>>    $qf = $QDIR . "/qf" . $job;     # the sendmail formatted queue
>>>>>
>>>>>           
>>> file
>>>
>>>       
>>>>>    $df = $QDIR . "/df" . $job;     # the sendmail formatted data
>>>>>
>>>>>           
>>> file
>>>
>>>       
>>>>>    $msg = $SubDir . "/" . $ServerPrefix . ".ms2cgp.$job.$$.tmp";
>>>>>
>>>>>           
>>> #
>>>
>>>       
>>>> the tempfile we'll give to CGP
>>>>
>>>>         
>>>>>    $rcpt = "";
>>>>>
>>>>>    # syslog('info', "Job $job copying to archive $Archive");
>>>>>    # system("/bin/cp -f $qf $Archive/qf$job");
>>>>>    # system("/bin/cp -f $df $Archive/df$job");
>>>>>
>>>>>    	syslog ('info', "job = $job");
>>>>> 		closelog();
>>>>>    	syslog ('info', "qf = $qf");
>>>>> 		closelog();
>>>>> 	syslog ('info', "df = $df");
>>>>> 		closelog();
>>>>> 	syslog ('info', "msg = $msg");
>>>>> 		closelog();
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>    syslog('info', "Job $job writing to $msg");
>>>>>    if (! open (QF, "<$qf")) {
>>>>>       syslog('info', "Open input $qf failed, dying");
>>>>>       closelog();
>>>>>       die "Open input $qf failed!";
>>>>>    }
>>>>>    if (-e $msg) {
>>>>>       syslog('info', "Output file exists $msg so failed, dying");
>>>>>       closelog();
>>>>>       die "Output file exists $msg";
>>>>>    }
>>>>>    if (! open (MSG, ">$msg")) {
>>>>>       syslog('info', "Open output $msg failed, dying");
>>>>>       closelog();
>>>>>       die "Open output $msg failed!";
>>>>>    }
>>>>>
>>>>>    while (defined ($line = <QF>) ) {
>>>>>       chomp $line;
>>>>>
>>>>>       last if ($line =~ /^\./);  # Bat book 23.9.19
>>>>>
>>>>>       if ($line =~ /^R/) {     # This is needed for Bcc per CGate
>>>>>
>>>>>           
>>> Pipe
>>>
>>>       
>>>> specs (see help file)
>>>>
>>>>         
>>>>>          $line =~ s/^R[A-Z]*:/Envelope-To: /;  # change sendmail
>>>>>
>>>>>           
>>> RPFD to
>>>
>>>       
>>>> Envelope-To
>>>>
>>>>         
>>>>>          print MSG "$line\n";
>>>>>          }
>>>>>       elsif ($line =~ /^H/) {     # get the headers and put them
>>>>>           
> in
>   
>>> the
>>>
>>>       
>>>> msg
>>>>
>>>>         
>>>>>          $line =~ s/^H//;
>>>>>          print MSG "$line\n";
>>>>>          }
>>>>>       elsif ($line =~ /^\s/) {    # these should only be on
>>>>>
>>>>>           
>>> line-wrapped
>>>
>>>       
>>>>>          print MSG "$line\n";     # headers, so put them in the
>>>>>           
> msg
>   
>>>>>          }
>>>>>       # there's no "else" because we don't care about the other
>>>>>
>>>>>           
>>> lines
>>>
>>>       
>>>>>       }
>>>>>
>>>>>    print MSG "\n"; # put in a blank line to make sure there's one
>>>>>
>>>>>           
>>>> between the
>>>>
>>>>         
>>>>>                    # headers and the data
>>>>>
>>>>>    close (QF);
>>>>>    close (MSG);
>>>>>
>>>>>    # append the sendmail data file to the cgp message
>>>>>    if (system ("/bin/cat $df >> $msg") == 0) {
>>>>>       if (rename ($msg, "$msg.sub")) {
>>>>> 	 system ("/bin/rm $df $qf");
>>>>>       } else {
>>>>> 	 syslog('info', "rename $msg $msg.sub failed");
>>>>>       }
>>>>>    } else {
>>>>>       syslog('info', "cat $df to $msg failed");
>>>>>    }
>>>>> }
>>>>> closelog();
>>>>> exit(0);
>>>>>
>>>>>
>>>>>
>>>>>           
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>         
>>>
>>>
>>>
>>>       
> **********************************************************************
>   
>>> Confidentiality : This e-mail and any attachments are intended for
>>>       
> the
>   
>>> addressee only and may be confidential. If they come to you in error
>>> you must take no action based on them, nor must you copy or show
>>>       
> them
>   
>>> to anyone. Please advise the sender by replying to this e-mail
>>> immediately and then delete the original from your computer.
>>>
>>> Opinion : Any opinions expressed in this e-mail are entirely those
>>>       
> of
>   
>>> the author and unless specifically stated to the contrary, are not
>>> necessarily those of the author's employer.
>>>
>>> Security Warning : Internet e-mail is not necessarily a secure
>>> communications medium and can be subject to data corruption. We
>>>       
> advise
>   
>>> that you consider this fact when e-mailing us.
>>>
>>> Viruses : We have taken steps to ensure that this e-mail and any
>>> attachments are free from known viruses but in keeping with good
>>> computing practice, you should ensure that they are virus free.
>>>
>>> Red Lion 49 Ltd T/A Solid State Logic
>>> Registered as a limited company in England and Wales
>>> (Company No:5362730)
>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>>> United Kingdom
>>>
>>>       
> **********************************************************************
>   
>>>       
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
>
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
>
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
>
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   
From ssilva at sgvwater.com  Wed Jan 17 19:49:40 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 17 18:52:21 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <45AE2BE8.8060608@USherbrooke.ca>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>
	<45AE2BE8.8060608@USherbrooke.ca>
Message-ID: <eolr44$sl9$1@sea.gmane.org>

Denis Beauchemin spake the following on 1/17/2007 6:00 AM:
> Randal, Phil a ?crit :
>> Scott Silva wrote:
>>  
>>> cbl.abuseat.org is part of zen.spamhaus.org, via the included
>>> lookup against the xbl list, so using both just increases your
>>> dns lookups without any extra benefit.
>>> Greetpause does help a lot, as I probably drop 10 to 20% of
>>> the spam with it alone. Five seconds is a good starting point,
>>> but probably not over 30 seconds.
>>>     
>>
>> The only problem with zen.spamhaus.org is this statement, found on
>> http://www.spamhaus.org/zen/index.lasso :
>>
>> "ZEN Usage
>>
>> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
>> is free for low-traffic mail servers serving less than 100 users. Use of
>> the Spamhaus DNSBLs by commercial users, including corporate networks,
>> ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
>>
>>   
> 
> Since I've seen this statement I tried to cut down on their RBL.  After
> some reshuffling I get the following usage (today's stats so far):
>    cbl.abuseat.org :  31957 (34.29%)
>      list.dsbl.org :   1040 ( 1.12%)
> safe.dnsbl.sorbs.net :  57967 (62.20%)
>   zen.spamhaus.org :   2238 ( 2.40%)
> 
> On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
> following stats:
>    safe.dnsbl.sorbs.net :  63222 (29.63%)
>        zen.spamhaus.org : 150167 (70.37%)
> 
> I check the RBLs in this order in my sendmail.mc:
> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
> " found in safe.dnsbl.sorbs.net"')dnl
> FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
> found in cbl.abuseat.org"')dnl
> FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
> in list.dsbl.org"')dnl
> FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
> found in zen.spamhaus.org"')dnl
> 
> Denis
> 
Since there will be some duplication in any list, the order that you call them
will have an effect on their hits. If you put cbl after zen, you will show no
hits on cbl. You could try and move list.dsbl.org after zen and see how it
fares also. Zen is a very good list IMHO.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Wed Jan 17 19:55:33 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 17 18:58:05 2007
Subject: help fighting spam
In-Reply-To: <1169053006.9125.11.camel@viper.mbl.is>
References: <1169049323.9054.43.camel@viper.mbl.is>	,
	<19c25689f39e524dba62b52ceba238a0@solidstatelogic.com>	<45AE4CEC.12974.1294EE3@cobalt-users1.fishnet.co.uk>
	<1169053006.9125.11.camel@viper.mbl.is>
Message-ID: <eolrf5$sl9$2@sea.gmane.org>

Jon Bjorn Njalsson spake the following on 1/17/2007 8:56 AM:
> am i misunderstanding you guys or what ?
> 
> ok i am using SA with MS and have been running razor + SARE rules for a
> long time. 
> I think by uri-rbls are working because "most" of the time this spam is
> stopped because "the website" has been reported to uribl.com
> I have reported about 30 websites for the last 3 days to uribl.com
> but some male enlargement spam is still getting through.
> 
> I have checked my dns querylogs and can verify the dns server looks up
> those "sites" and if they are listed email gets quarentined, BUT how can
> i get SA to check if the ipaddress for that particular site is listed or
> not ? I really don?t care if the "site" is listed in uribl because the
> site is only listed in dns for a day or 2 but the ipaddress remains the
> same.
> 
Why not just block that ip address from sending you mail?


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From Richard.Frovarp at sendit.nodak.edu  Wed Jan 17 20:08:03 2007
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Wed Jan 17 19:10:20 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <eolr44$sl9$1@sea.gmane.org>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>	<45AE2BE8.8060608@USherbrooke.ca>
	<eolr44$sl9$1@sea.gmane.org>
Message-ID: <45AE7413.8020305@sendit.nodak.edu>

Scott Silva wrote:
> Denis Beauchemin spake the following on 1/17/2007 6:00 AM:
>   
>> Randal, Phil a ?crit :
>>     
>>> Scott Silva wrote:
>>>  
>>>       
>>>> cbl.abuseat.org is part of zen.spamhaus.org, via the included
>>>> lookup against the xbl list, so using both just increases your
>>>> dns lookups without any extra benefit.
>>>> Greetpause does help a lot, as I probably drop 10 to 20% of
>>>> the spam with it alone. Five seconds is a good starting point,
>>>> but probably not over 30 seconds.
>>>>     
>>>>         
>>> The only problem with zen.spamhaus.org is this statement, found on
>>> http://www.spamhaus.org/zen/index.lasso :
>>>
>>> "ZEN Usage
>>>
>>> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
>>> is free for low-traffic mail servers serving less than 100 users. Use of
>>> the Spamhaus DNSBLs by commercial users, including corporate networks,
>>> ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
>>>
>>>   
>>>       
>> Since I've seen this statement I tried to cut down on their RBL.  After
>> some reshuffling I get the following usage (today's stats so far):
>>    cbl.abuseat.org :  31957 (34.29%)
>>      list.dsbl.org :   1040 ( 1.12%)
>> safe.dnsbl.sorbs.net :  57967 (62.20%)
>>   zen.spamhaus.org :   2238 ( 2.40%)
>>
>> On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
>> following stats:
>>    safe.dnsbl.sorbs.net :  63222 (29.63%)
>>        zen.spamhaus.org : 150167 (70.37%)
>>
>> I check the RBLs in this order in my sendmail.mc:
>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
>> " found in safe.dnsbl.sorbs.net"')dnl
>> FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
>> found in cbl.abuseat.org"')dnl
>> FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
>> in list.dsbl.org"')dnl
>> FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
>> found in zen.spamhaus.org"')dnl
>>
>> Denis
>>
>>     
> Since there will be some duplication in any list, the order that you call them
> will have an effect on their hits. If you put cbl after zen, you will show no
> hits on cbl. You could try and move list.dsbl.org after zen and see how it
> fares also. Zen is a very good list IMHO.
>
>   

I'm not a fan of safe.dnsbl.sorbs.net. Their new.spam.dnsbl.sorbs.net 
zone is in that one. The description is: List of hosts that have been 
noted as sending spam/UCE/UBE to the admins of SORBS within the last 48 
hours. A week ago it was catching email from many google/gmail servers.

Zen is very good. Too bad they upped their subscription costs by 10 
times for educational entities.
From Denis.Beauchemin at USherbrooke.ca  Wed Jan 17 20:14:01 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Wed Jan 17 19:16:38 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <eolr44$sl9$1@sea.gmane.org>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>	<45AE2BE8.8060608@USherbrooke.ca>
	<eolr44$sl9$1@sea.gmane.org>
Message-ID: <45AE7579.70003@USherbrooke.ca>

Scott Silva a ?crit :
> Denis Beauchemin spake the following on 1/17/2007 6:00 AM:
>   
>> Randal, Phil a ?crit :
>>     
>>> Scott Silva wrote:
>>>  
>>>       
>>>> cbl.abuseat.org is part of zen.spamhaus.org, via the included
>>>> lookup against the xbl list, so using both just increases your
>>>> dns lookups without any extra benefit.
>>>> Greetpause does help a lot, as I probably drop 10 to 20% of
>>>> the spam with it alone. Five seconds is a good starting point,
>>>> but probably not over 30 seconds.
>>>>     
>>>>         
>>> The only problem with zen.spamhaus.org is this statement, found on
>>> http://www.spamhaus.org/zen/index.lasso :
>>>
>>> "ZEN Usage
>>>
>>> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
>>> is free for low-traffic mail servers serving less than 100 users. Use of
>>> the Spamhaus DNSBLs by commercial users, including corporate networks,
>>> ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
>>>
>>>   
>>>       
>> Since I've seen this statement I tried to cut down on their RBL.  After
>> some reshuffling I get the following usage (today's stats so far):
>>    cbl.abuseat.org :  31957 (34.29%)
>>      list.dsbl.org :   1040 ( 1.12%)
>> safe.dnsbl.sorbs.net :  57967 (62.20%)
>>   zen.spamhaus.org :   2238 ( 2.40%)
>>
>> On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
>> following stats:
>>    safe.dnsbl.sorbs.net :  63222 (29.63%)
>>        zen.spamhaus.org : 150167 (70.37%)
>>
>> I check the RBLs in this order in my sendmail.mc:
>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
>> " found in safe.dnsbl.sorbs.net"')dnl
>> FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
>> found in cbl.abuseat.org"')dnl
>> FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
>> in list.dsbl.org"')dnl
>> FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
>> found in zen.spamhaus.org"')dnl
>>
>> Denis
>>
>>     
> Since there will be some duplication in any list, the order that you call them
> will have an effect on their hits. If you put cbl after zen, you will show no
> hits on cbl. You could try and move list.dsbl.org after zen and see how it
> fares also. Zen is a very good list IMHO.
>
>   
I know about the duplication.  I try to check the most complete list 
first and then the others to minimize the number of DNS lookups.

I agree that Zen is a good list but at 4800$US/year (for 10,000 users), 
it's a bit expensive for our University...  Calling CBL before Zen I can 
see that Zen does not provide much more than CBL.  It reduces my Zen DNS 
lookups to "low-traffic" so I should be fine.  And CBL is free...

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/74d4044b/smime.bin
From TGFurnish at herffjones.com  Wed Jan 17 20:38:26 2007
From: TGFurnish at herffjones.com (Furnish, Trever G)
Date: Wed Jan 17 19:40:49 2007
Subject: Modified /dev/null by MailScanner?
Message-ID: <57573D714A832C43B9D80EAFBDA48D0302BAC71E@inex3.herffjones.hj-int>

Whoa!  You have a bigger problem than you think -- your ls output shows
that /dev/null has been replaced by a normal file.  The null device is
supposed to be a character special device file that discards anything
written to it.
 
The exact major and minor number (and potentially the requirements to
create it) are specific to your platform (Linux, Solaris, HPUX) and
possibly your kernel version.  If you're using Linux, you probably have
a manual page for "null", so see "man null".
 
On my Redhat Enterprise systems, /dev/null is always like so:
# ls -l /dev/null
crw-rw-rw-    1 root     root       1,   3 Jun 24  2004 /dev/null

Notice the 'c' in the first column -- that means it's a character
special file.
 
Notice the "1, 3" after the group ownership -- those are the major and
minor numbers.
 
If you're running a linux system, you probably need to do the following:
rm -f /dev/null
mknod -m 666 /dev/null c 1 3
chown root:root /dev/null
 
Lots of things write to /dev/null.  Having that be a special file WILL
break things and will probably cause the / filesystem to fill
eventually.  Once /dev/null becomes completely unwriteable (as would
happen if the filesystem fills), the machine will probably not boot up
cleanly.
 
Back to WHY this occurred, I would not for something that *changes*
/dev/null, but rather for something that *removes* /dev/null by mistake.
Once it's been removed, whatever attempts to write to that file next
will create a file and the ownership will be set depending on the
writing process' uid/gid/umask.
 
This is actually a common thing.  I used an ftp library once that asked
for a log file, and at some point I decided to discard the logs by
setting the log file to "/dev/null".  Unfortunately for me, the library
actually unlinked the log file (/dev/null) instead of just opening it
and seeking to the beginning of the file.  A few weeks after I made the
change, / was filled and lots of things started to fail.
 
Hope that helps,
Trever
 


________________________________

	From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of den gon
	Sent: Monday, January 15, 2007 9:45 PM
	To: mailscanner@lists.mailscanner.info
	Subject: Modified /dev/null by MailScanner?
	
	
	Hi again to all,
	
	I noticed that when I login on my system using non-root account,
its says
	"-bash: /dev/null: Permission denied". I checked it permission
and it owned by 
	root and smmsp. Is it the MailScanner/sendmail process changed
it? 
	
	"-rw-------    1 root     smmsp       23448 Jan 16 10:35
/dev/null"
	
	admin@server's password:
	Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
	-bash: /dev/null: Permission denied
	-bash: /dev/null: Permission denied 
	-bash: /dev/null: Permission denied
	-bash: /dev/null: Permission denied
	-bash: /dev/null: Permission denied
	-bash: /dev/null: Permission denied
	[admin@server admin]$ su -
	Password:
	[root@server root]#          
	
	Regards,
	
	ned
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/f7444ea1/attachment.html
From Richard.Frovarp at sendit.nodak.edu  Wed Jan 17 20:48:35 2007
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Wed Jan 17 19:50:52 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <45AE7579.70003@USherbrooke.ca>
References: <86144ED6CE5B004DA23E1EAC0B569B580176820E@isabella.herefordshire.gov.uk>	<45AE2BE8.8060608@USherbrooke.ca>	<eolr44$sl9$1@sea.gmane.org>
	<45AE7579.70003@USherbrooke.ca>
Message-ID: <45AE7D93.2060509@sendit.nodak.edu>

Denis Beauchemin wrote:
> Scott Silva a ?crit :
>> Denis Beauchemin spake the following on 1/17/2007 6:00 AM:
>>  
>>> Randal, Phil a ?crit :
>>>    
>>>> Scott Silva wrote:
>>>>  
>>>>      
>>>>> cbl.abuseat.org is part of zen.spamhaus.org, via the included
>>>>> lookup against the xbl list, so using both just increases your
>>>>> dns lookups without any extra benefit.
>>>>> Greetpause does help a lot, as I probably drop 10 to 20% of
>>>>> the spam with it alone. Five seconds is a good starting point,
>>>>> but probably not over 30 seconds.
>>>>>             
>>>> The only problem with zen.spamhaus.org is this statement, found on
>>>> http://www.spamhaus.org/zen/index.lasso :
>>>>
>>>> "ZEN Usage
>>>>
>>>> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
>>>> is free for low-traffic mail servers serving less than 100 users. 
>>>> Use of
>>>> the Spamhaus DNSBLs by commercial users, including corporate networks,
>>>> ISPs and ESPs, requires a subscription to Spamhaus's Data Feed 
>>>> service."
>>>>
>>>>         
>>> Since I've seen this statement I tried to cut down on their RBL.  After
>>> some reshuffling I get the following usage (today's stats so far):
>>>    cbl.abuseat.org :  31957 (34.29%)
>>>      list.dsbl.org :   1040 ( 1.12%)
>>> safe.dnsbl.sorbs.net :  57967 (62.20%)
>>>   zen.spamhaus.org :   2238 ( 2.40%)
>>>
>>> On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
>>> following stats:
>>>    safe.dnsbl.sorbs.net :  63222 (29.63%)
>>>        zen.spamhaus.org : 150167 (70.37%)
>>>
>>> I check the RBLs in this order in my sendmail.mc:
>>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
>>> " found in safe.dnsbl.sorbs.net"')dnl
>>> FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
>>> found in cbl.abuseat.org"')dnl
>>> FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " 
>>> found
>>> in list.dsbl.org"')dnl
>>> FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
>>> found in zen.spamhaus.org"')dnl
>>>
>>> Denis
>>>
>>>     
>> Since there will be some duplication in any list, the order that you 
>> call them
>> will have an effect on their hits. If you put cbl after zen, you will 
>> show no
>> hits on cbl. You could try and move list.dsbl.org after zen and see 
>> how it
>> fares also. Zen is a very good list IMHO.
>>
>>   
> I know about the duplication.  I try to check the most complete list 
> first and then the others to minimize the number of DNS lookups.
>
> I agree that Zen is a good list but at 4800$US/year (for 10,000 
> users), it's a bit expensive for our University...  Calling CBL before 
> Zen I can see that Zen does not provide much more than CBL.  It 
> reduces my Zen DNS lookups to "low-traffic" so I should be fine.  And 
> CBL is free...
>
> Denis
>
Sorbs is probably grabbing a lot of  what the PBL in Zen lists, which 
was populated using njabl's list. Yeah, that price went up from 
$640/year. Kind of a steep price hike.

From glenn.steen at gmail.com  Wed Jan 17 21:03:19 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 17 20:05:40 2007
Subject: Modified /dev/null by MailScanner?
In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0302BAC71E@inex3.herffjones.hj-int>
References: <57573D714A832C43B9D80EAFBDA48D0302BAC71E@inex3.herffjones.hj-int>
Message-ID: <223f97700701171203y6d8c2b4by4570c16937723632@mail.gmail.com>

On 17/01/07, Furnish, Trever G <TGFurnish@herffjones.com> wrote:
>
>
> Whoa!  You have a bigger problem than you think -- your ls output shows that
> /dev/null has been replaced by a normal file.  The null device is supposed
> to be a character special device file that discards anything written to it.
>
Good catch Trever... One can wonder how I missed that, especially
considering I actually looked at my own (how often does one do that?!
Not many times a decade:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From TGFurnish at herffjones.com  Wed Jan 17 21:09:00 2007
From: TGFurnish at herffjones.com (Furnish, Trever G)
Date: Wed Jan 17 20:11:22 2007
Subject: Modified /dev/null by MailScanner?
Message-ID: <57573D714A832C43B9D80EAFBDA48D0302BAC71F@inex3.herffjones.hj-int>

Oops.  I wrote:
> Lots of things write to /dev/null.  Having that be a special file WILL
break things  

I meant to say, "Having that be a NORMAL file..."

And to summarize my overly long original reply:

Your /dev/null has been removed by something, and then something else
created it as a normal file by writing to /dev/null.  Having /dev/null
be a normal file will cause you big problems -- you need to remove your
current /dev/null and recreate it to match whatever your system had
before.

If you're on a linux system, you probably should do:
	rm -f /dev/null
	mknod -m 666 /dev/null c 1 3
	chown root:root /dev/null

--
Trever


________________________________

	From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Furnish, Trever G
	Sent: Wednesday, January 17, 2007 2:38 PM
	To: MailScanner discussion
	Subject: RE: Modified /dev/null by MailScanner?
	Importance: High
	
	
	Whoa!  You have a bigger problem than you think -- your ls
output shows that /dev/null has been replaced by a normal file.  The
null device is supposed to be a character special device file that
discards anything written to it.
	 
	The exact major and minor number (and potentially the
requirements to create it) are specific to your platform (Linux,
Solaris, HPUX) and possibly your kernel version.  If you're using Linux,
you probably have a manual page for "null", so see "man null".
	 
	On my Redhat Enterprise systems, /dev/null is always like so:
	# ls -l /dev/null
	crw-rw-rw-    1 root     root       1,   3 Jun 24  2004
/dev/null
	
	Notice the 'c' in the first column -- that means it's a
character special file.
	 
	Notice the "1, 3" after the group ownership -- those are the
major and minor numbers.
	 
	If you're running a linux system, you probably need to do the
following:
	rm -f /dev/null
	mknod -m 666 /dev/null c 1 3
	chown root:root /dev/null
	 
	Lots of things write to /dev/null.  Having that be a special
file WILL break things and will probably cause the / filesystem to fill
eventually.  Once /dev/null becomes completely unwriteable (as would
happen if the filesystem fills), the machine will probably not boot up
cleanly.
	 
	Back to WHY this occurred, I would not for something that
*changes* /dev/null, but rather for something that *removes* /dev/null
by mistake.  Once it's been removed, whatever attempts to write to that
file next will create a file and the ownership will be set depending on
the writing process' uid/gid/umask.
	 
	This is actually a common thing.  I used an ftp library once
that asked for a log file, and at some point I decided to discard the
logs by setting the log file to "/dev/null".  Unfortunately for me, the
library actually unlinked the log file (/dev/null) instead of just
opening it and seeking to the beginning of the file.  A few weeks after
I made the change, / was filled and lots of things started to fail.
	 
	Hope that helps,
	Trever
	 
	
	

________________________________

		From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of den gon
		Sent: Monday, January 15, 2007 9:45 PM
		To: mailscanner@lists.mailscanner.info
		Subject: Modified /dev/null by MailScanner?
		
		
		Hi again to all,
		
		I noticed that when I login on my system using non-root
account, its says
		"-bash: /dev/null: Permission denied". I checked it
permission and it owned by 
		root and smmsp. Is it the MailScanner/sendmail process
changed it? 
		
		"-rw-------    1 root     smmsp       23448 Jan 16 10:35
/dev/null"
		
		admin@server's password:
		Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied 
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied
		[admin@server admin]$ su -
		Password:
		[root@server root]#          
		
		Regards,
		
		ned
		

From nospam at philipnet.com  Wed Jan 17 21:39:42 2007
From: nospam at philipnet.com (Philip Ludlam)
Date: Wed Jan 17 20:42:20 2007
Subject: ignoring out-of-order original recipient, Postfix and Linux
Message-ID: <45AE898E.3070308@philipnet.com>

Hey All,

I want to flag up that I found my email going pear shaped with Postfix 
Qmgr reporting "ignoring out-of-order original recipient <username>" and 
then dumping the email.
This happened to every single email to me from 08:00 through to 23:00 
(ish) yesterday. At 23:00 I discovered what was going on and started 
troubleshooting it.

After finding no configuration change in MailScanner or Postfix that 
made a difference I went back through recent system upgrades; even 
downgrading to Postfix 2.2.5 didn't work.

It took me a while and googling brought up a few Postfix mailing list 
messages and comments that the Postfix guys don't like MailScanner or 
any other app messing around with their queue files ;-) .

But I did remember the discussion a few months back about how 
MailScanner handles locking files.

So, thinking that this was a file locking issue, I went looking for PERL 
upgrades and found a recent kernel upgrade from 2.4.32 to 2.4.33.4.

Booting back to 2.4.32 solved the problem and emails are now coming down 
fine.


So is anyone running Linux 2.4.33 and Postfix without this problem?


Phil L.






-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From campbell at cnpapers.com  Wed Jan 17 22:30:26 2007
From: campbell at cnpapers.com (Steve Campbell)
Date: Wed Jan 17 21:32:58 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
Message-ID: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>

I seem to be adding more and more entries into my whitelist tables due to 
that stupid AOL trailer that triggers the 'gappy text' and 'free access' 
rules.

Are there any suggestions or examples for dealing with this? I don't use the 
rules emporium stuff, just certain rules sets I add individually. Would 
there be any rule sets for this? Any with Meta rules that is catching this? 
Example of a Metarule that would void the two rules if from AOL (risky I 
guess).

Thanks for any help/suggestions/examples/criticism anyone would like to 
offer.


Steve Campbell
campbell@cnpapers.com
Charleston Newspapers 


From vasiliy at linuxspecial.com  Wed Jan 17 22:28:14 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 21:38:52 2007
Subject: mailwatch problem
Message-ID: <45AE94EE.8000102@linuxspecial.com>

Gents,
    Just setup my MS boxies to use Mailwatch...
    I can see the tables being updated on the MySQL server...
    However, when I visit the final http://blabla/mailscanner/ for the 
expected mailwatch graphs, I get


%H:%i:%s') AS datetime, from_address, to_address, subject, size as size, 
isspam, ishighspam, spamwhitelisted, spamblacklisted, virusinfected, 
nameinfected, otherinfected, sascore, report, ismcp, issamcp, ishighmcp, 
mcpsascore, '' AS status FROM maillog WHERE 
".$GLOBALS['global_filter']." ORDER BY date DESC, time DESC LIMIT 
".MAX_RESULTS; db_colorised_table($sql,"Last ".MAX_RESULTS." Messages 
(Refreshing every $refresh seconds)"); html_end(); ?>

    nothing in the apache logs :(

    Any suggestions?

THANKS

-- 
Vasiliy Boulytchev
vasiliy@linuxspecial.com

From mkettler at evi-inc.com  Wed Jan 17 22:38:32 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jan 17 21:41:02 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
In-Reply-To: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>
Message-ID: <45AE9758.90400@evi-inc.com>

Steve Campbell wrote:
> I seem to be adding more and more entries into my whitelist tables due
> to that stupid AOL trailer that triggers the 'gappy text' and 'free
> access' rules.
> 
> Are there any suggestions or examples for dealing with this? I don't use
> the rules emporium stuff, just certain rules sets I add individually.
> Would there be any rule sets for this? Any with Meta rules that is
> catching this? Example of a Metarule that would void the two rules if
> from AOL (risky I guess).
> 
> Thanks for any help/suggestions/examples/criticism anyone would like to
> offer.

Do you have SPF support enabled? If so, the aol.com domain supports SPF so you
could just use a SPF based whitelist for aol.

whitelist_from_spf aol.com

It's a bit crude, but at least it's quite safe from forgeries. (ie: it will only
match mail sent from IP's that AOL claims it owns.)
From campbell at cnpapers.com  Wed Jan 17 22:52:01 2007
From: campbell at cnpapers.com (Steve Campbell)
Date: Wed Jan 17 21:54:55 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>
	<45AE9758.90400@evi-inc.com>
Message-ID: <000e01c73a81$b7f530c0$0705000a@ddf5dw71>


----- Original Message ----- 
From: "Matt Kettler" <mkettler@evi-inc.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Wednesday, January 17, 2007 4:38 PM
Subject: Re: AOL accounts trigger some weird rules. Suggestions please?


> Steve Campbell wrote:
>> I seem to be adding more and more entries into my whitelist tables due
>> to that stupid AOL trailer that triggers the 'gappy text' and 'free
>> access' rules.
>>
>> Are there any suggestions or examples for dealing with this? I don't use
>> the rules emporium stuff, just certain rules sets I add individually.
>> Would there be any rule sets for this? Any with Meta rules that is
>> catching this? Example of a Metarule that would void the two rules if
>> from AOL (risky I guess).
>>
>> Thanks for any help/suggestions/examples/criticism anyone would like to
>> offer.
>
> Do you have SPF support enabled? If so, the aol.com domain supports SPF so 
> you
> could just use a SPF based whitelist for aol.
>
> whitelist_from_spf aol.com
>
> It's a bit crude, but at least it's quite safe from forgeries. (ie: it 
> will only
> match mail sent from IP's that AOL claims it owns.)

I do get hits that trigger the SPF rules, if I am reading you properly, and 
I am guessing this goes in my spam.assassin.prefs file. But won't this 
whitelist everything from AOL? Is that what you mean by crude? I would still 
like to have other rules apply.

Thanks for the idea. I'll look into this further.

Steve

> -- 


From taz at taz-mania.com  Wed Jan 17 23:07:22 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Wed Jan 17 22:09:40 2007
Subject: mailwatch problem
In-Reply-To: <45AE94EE.8000102@linuxspecial.com>
Message-ID: <web-8992678@namesystems.net>

This should probably be sent to the MailWatch list...

Is your PHP running correctly?


On Wed, 17 Jan 2007 16:28:14 -0500
  Vasiliy Boulytchev <vasiliy@linuxspecial.com> wrote:
>Gents,
>    Just setup my MS boxies to use Mailwatch...
>    I can see the tables being updated on the MySQL server...
>    However, when I visit the final http://blabla/mailscanner/ for 
>the 
>expected mailwatch graphs, I get
>
>
>%H:%i:%s') AS datetime, from_address, to_address, subject, size as 
>size, isspam, ishighspam, spamwhitelisted, spamblacklisted, 
>virusinfected, nameinfected, otherinfected, sascore, report, ismcp, 
>issamcp, ishighmcp, mcpsascore, '' AS status FROM maillog WHERE 
>".$GLOBALS['global_filter']." ORDER BY date DESC, time DESC LIMIT 
>".MAX_RESULTS; db_colorised_table($sql,"Last ".MAX_RESULTS." Messages 
>(Refreshing every $refresh seconds)"); html_end(); ?>
>
>    nothing in the apache logs :(
>
>    Any suggestions?
>
>THANKS
>
>-- 
>Vasiliy Boulytchev
>vasiliy@linuxspecial.com
>
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, 
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From mkettler at evi-inc.com  Wed Jan 17 23:11:24 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jan 17 22:13:59 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
In-Reply-To: <000e01c73a81$b7f530c0$0705000a@ddf5dw71>
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>	<45AE9758.90400@evi-inc.com>
	<000e01c73a81$b7f530c0$0705000a@ddf5dw71>
Message-ID: <45AE9F0C.2090605@evi-inc.com>

Steve Campbell wrote:

>> whitelist_from_spf aol.com
>>
>> It's a bit crude, but at least it's quite safe from forgeries. (ie: it
>> will only
>> match mail sent from IP's that AOL claims it owns.)
> 
> I do get hits that trigger the SPF rules, if I am reading you properly,
> and I am guessing this goes in my spam.assassin.prefs file. But won't
> this whitelist everything from AOL? Is that what you mean by crude?

Yes, that's what I meant by crude.

> I would still like to have other rules apply.

Well, other rules do still apply.. SA's whitelisting doesn't really exempt an
email from checks, it just adds a heavy score bias. (-100 points for the normal
version, -15 for the def_whitelist_* variants)

> 
> Thanks for the idea. I'll look into this further.
> 
> Steve
> 
>> -- 
> 
> 

From vasiliy at linuxspecial.com  Wed Jan 17 23:12:33 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 17 22:14:52 2007
Subject: mailwatch problem
In-Reply-To: <45AE94EE.8000102@linuxspecial.com>
References: <45AE94EE.8000102@linuxspecial.com>
Message-ID: <45AE9F51.4070606@linuxspecial.com>

Update:

The index.php, which is a links to status.php, didnt have <?php, just 
had <?....  after adding the php :).... i am getting this...  whats 
wrong with the code?

*Parse error*: syntax error, unexpected $end in 
*/home/www/mailwatch/mailscanner/functions.php* on line *2498

*

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Vasiliy Boulytchev wrote:
>
> Gents,
>    Just setup my MS boxies to use Mailwatch...
>    I can see the tables being updated on the MySQL server...
>    However, when I visit the final http://blabla/mailscanner/ for the 
> expected mailwatch graphs, I get
>
>
> %H:%i:%s') AS datetime, from_address, to_address, subject, size as 
> size, isspam, ishighspam, spamwhitelisted, spamblacklisted, 
> virusinfected, nameinfected, otherinfected, sascore, report, ismcp, 
> issamcp, ishighmcp, mcpsascore, '' AS status FROM maillog WHERE 
> ".$GLOBALS['global_filter']." ORDER BY date DESC, time DESC LIMIT 
> ".MAX_RESULTS; db_colorised_table($sql,"Last ".MAX_RESULTS." Messages 
> (Refreshing every $refresh seconds)"); html_end(); ?>
>
>    nothing in the apache logs :(
>
>    Any suggestions?
>
> THANKS
>
From ssilva at sgvwater.com  Thu Jan 18 01:07:39 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 18 00:10:12 2007
Subject: mailwatch problem
In-Reply-To: <45AE9F51.4070606@linuxspecial.com>
References: <45AE94EE.8000102@linuxspecial.com>
	<45AE9F51.4070606@linuxspecial.com>
Message-ID: <eomdoa$vdo$1@sea.gmane.org>

Vasiliy Boulytchev spake the following on 1/17/2007 2:12 PM:
> Update:
> 
> The index.php, which is a links to status.php, didnt have <?php, just
> had <?....  after adding the php :).... i am getting this...  whats
> wrong with the code?
> 
> *Parse error*: syntax error, unexpected $end in
> */home/www/mailwatch/mailscanner/functions.php* on line *2498
> 
> *
> 
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
> 
> 
> 
> Vasiliy Boulytchev wrote:
>>
>> Gents,
>>    Just setup my MS boxies to use Mailwatch...
>>    I can see the tables being updated on the MySQL server...
>>    However, when I visit the final http://blabla/mailscanner/ for the
>> expected mailwatch graphs, I get
>>
>>
>> %H:%i:%s') AS datetime, from_address, to_address, subject, size as
>> size, isspam, ishighspam, spamwhitelisted, spamblacklisted,
>> virusinfected, nameinfected, otherinfected, sascore, report, ismcp,
>> issamcp, ishighmcp, mcpsascore, '' AS status FROM maillog WHERE
>> ".$GLOBALS['global_filter']." ORDER BY date DESC, time DESC LIMIT
>> ".MAX_RESULTS; db_colorised_table($sql,"Last ".MAX_RESULTS." Messages
>> (Refreshing every $refresh seconds)"); html_end(); ?>
>>
>>    nothing in the apache logs :(
>>
>>    Any suggestions?
>>
>> THANKS
>>
Please don't cross post every help request you have. Post mailwatch questions
on mailwatch list and mailscanner questions here. They are two separate
packages from two separate authors. The fact that they work together is
irrelevant.
Otherwise some of the busier people might start to ignore you. >:-]

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From mike at vesol.com  Thu Jan 18 04:30:16 2007
From: mike at vesol.com (Mike Kercher)
Date: Thu Jan 18 03:35:24 2007
Subject: mailwatch problem
In-Reply-To: <45AE9F51.4070606@linuxspecial.com>
Message-ID: <EAE39E9E242F774099806D1052118953370C5C@samba2003.home.middlefinger.net>

 

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Vasiliy Boulytchev
> Sent: Wednesday, January 17, 2007 4:13 PM
> To: MailScanner discussion
> Subject: Re: mailwatch problem
> 
> Update:
> 
> The index.php, which is a links to status.php, didnt have 
> <?php, just had <?....  after adding the php :).... i am 
> getting this...  whats wrong with the code?
> 
> *Parse error*: syntax error, unexpected $end in
> */home/www/mailwatch/mailscanner/functions.php* on line *2498
> 
> *
> 
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
> 
> 
> 
> Vasiliy Boulytchev wrote:
> >
> > Gents,
> >    Just setup my MS boxies to use Mailwatch...
> >    I can see the tables being updated on the MySQL server...
> >    However, when I visit the final 
> http://blabla/mailscanner/ for the 
> > expected mailwatch graphs, I get
> >
> >
> > %H:%i:%s') AS datetime, from_address, to_address, subject, size as 
> > size, isspam, ishighspam, spamwhitelisted, spamblacklisted, 
> > virusinfected, nameinfected, otherinfected, sascore, report, ismcp, 
> > issamcp, ishighmcp, mcpsascore, '' AS status FROM maillog WHERE 
> > ".$GLOBALS['global_filter']." ORDER BY date DESC, time DESC LIMIT 
> > ".MAX_RESULTS; db_colorised_table($sql,"Last 
> ".MAX_RESULTS." Messages 
> > (Refreshing every $refresh seconds)"); html_end(); ?>
> >
> >    nothing in the apache logs :(
> >
> >    Any suggestions?
> >
> > THANKS
> >
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 


You don't have short tags enabled in your php.ini

Mike
From Sylvain.Phaneuf at imsu.ox.ac.uk  Thu Jan 18 12:00:06 2007
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Thu Jan 18 11:02:37 2007
Subject: mailwatch problem
In-Reply-To: <EAE39E9E242F774099806D1052118953370C5C@samba2003.home.middlefinger.net>
References: <45AE9F51.4070606@linuxspecial.com>
	<EAE39E9E242F774099806D1052118953370C5C@samba2003.home.middlefinger.net>
Message-ID: <45AF5336.FEA8.00EB.0@imsu.ox.ac.uk>

>>> On 18/01/2007 at 03:30, "Mike Kercher" <mike@vesol.com> wrote:

... 
> You don't have short tags enabled in your php.ini
> 

The install documentation clearly says:
 
PHP should have the following set in php.ini (possibly others too....)
     short_open_tag = On

(
http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:install
)

Is that not advisable anymore? 

As for posting MailWatch questions here, I must admit I had to do it as
well. The MailWatch forum is a bit unresponsive...  MailScanner guys are
the best...

Regards,

Sylvain  
From glenn.steen at gmail.com  Thu Jan 18 12:33:40 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 18 11:36:01 2007
Subject: mailwatch problem
In-Reply-To: <45AF5336.FEA8.00EB.0@imsu.ox.ac.uk>
References: <45AE9F51.4070606@linuxspecial.com>
	<EAE39E9E242F774099806D1052118953370C5C@samba2003.home.middlefinger.net>
	<45AF5336.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <223f97700701180333x2abbc35bn7ff92d7a541706a@mail.gmail.com>

On 18/01/07, Sylvain Phaneuf <Sylvain.Phaneuf@imsu.ox.ac.uk> wrote:
> >>> On 18/01/2007 at 03:30, "Mike Kercher" <mike@vesol.com> wrote:
>
> ...
> > You don't have short tags enabled in your php.ini
> >
>
> The install documentation clearly says:
>
> PHP should have the following set in php.ini (possibly others too....)
>      short_open_tag = On
>
> (
> http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:install
> )
>
> Is that not advisable anymore?
Nothings changed there. Vasiliy likely just need check his php setup over:).

> As for posting MailWatch questions here, I must admit I had to do it as
> well. The MailWatch forum is a bit unresponsive...  MailScanner guys are
> the best...
Well... This is a bit funny, since it is mainly the same people... And
from time to time the MW list is very active (even more so than this
list). Sure, the traffic over there is (a lot) more ... "bursty" in
nature...:)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Sylvain.Phaneuf at imsu.ox.ac.uk  Thu Jan 18 12:45:34 2007
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Thu Jan 18 11:48:07 2007
Subject: mailwatch problem
In-Reply-To: <223f97700701180333x2abbc35bn7ff92d7a541706a@mail.gmail.com>
References: <45AE9F51.4070606@linuxspecial.com>
	<EAE39E9E242F774099806D1052118953370C5C@samba2003.home.middlefinger.net>
	<45AF5336.FEA8.00EB.0@imsu.ox.ac.uk>
	<223f97700701180333x2abbc35bn7ff92d7a541706a@mail.gmail.com>
Message-ID: <45AF5DDE.FEA8.00EB.0@imsu.ox.ac.uk>



>>> On 18/01/2007 at 11:33, "Glenn Steen" <glenn.steen@gmail.com>
wrote:
>> As for posting MailWatch questions here, I must admit I had to do it
as
>> well. The MailWatch forum is a bit unresponsive...  MailScanner guys
are
>> the best...

> Well... This is a bit funny, since it is mainly the same people...
And
> from time to time the MW list is very active (even more so than this
> list). Sure, the traffic over there is (a lot) more ... "bursty" in
> nature...:)

Sorry, I meant the MailWatch forum. I didn't realise the mailing list
was not mirrored to the forum...

Sylvain

From glenn.steen at gmail.com  Thu Jan 18 12:46:56 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 18 11:49:17 2007
Subject: Greylisting (WAS: Re: MailScanner ANNOUNCE: 4.57 released)
In-Reply-To: <223f97700701170230m2fcb6f61hecfe848178ae272d@mail.gmail.com>
References: <4571B547.1090804@ecs.soton.ac.uk>
	<20061204233255.DB881FF40@mx-a.vdnet.lt>
	<223f97700612060014o6a8b46b1k87e48195c1d93afc@mail.gmail.com>
	<20070110163002.1EE06FF06@mx-a.vdnet.lt>
	<223f97700701110619v275f274fo23f2491099f1b38@mail.gmail.com>
	<45A6494B.9010503@netmagicsolutions.com>
	<223f97700701150506x438d4848wcb3fb03690b46078@mail.gmail.com>
	<223f97700701151143v5f320486v2f711cc2aa03984@mail.gmail.com>
	<223f97700701160653l37ef8cdap7d22129d7de941e0@mail.gmail.com>
	<223f97700701170230m2fcb6f61hecfe848178ae272d@mail.gmail.com>
Message-ID: <223f97700701180346m7d28eaq24e15d9b9f46b718@mail.gmail.com>

On 17/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> Sorry for the top post all, I'll try to be brief.
>
> The below (and the patch) was just a tad (:-) na?ve on my part. After
> reading up on the 2.3.6 and latest 2.4 snapshot code of postfix, I now
> know (thanks in great part to a very informative and longish comment
> by Wietse in cleanup_milter.c) that some of the assumptions were...
> less than correct. For one thing, we need preserve w records (deleted
> data) in the body as well as in the header segment. For another, there
> might be p records in any position that has been edited (/replaced) or
> inserted, and the dummy records are there so that the segmenty end
> markers (M, X and E records) won't be moved. ... And multiple "same
> record type" edits will lead to multiple forward p records to the one
> backward p record. Sigh.
> I still think we should do something like this first draft, just
> enhance it a bit to take the above into account:-).
>
> Oh well, more to come in a few days:-)
>
> Cheers
> -- Glenn
>
I've just sent off a couple of patches to Nerijus that should handle
the p records themselves nicely. If someone else would like to try
them out for a while, please let me know.

What remains is to corroborate that the things Jules does to determine
that the whole file is written is ... enough. More on this later.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From campbell at cnpapers.com  Thu Jan 18 15:29:38 2007
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 18 14:33:14 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>	<45AE9758.90400@evi-inc.com><000e01c73a81$b7f530c0$0705000a@ddf5dw71>
	<45AE9F0C.2090605@evi-inc.com>
Message-ID: <004901c73b0d$1571ed70$0705000a@ddf5dw71>


----- Original Message ----- 
From: "Matt Kettler" <mkettler@evi-inc.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Wednesday, January 17, 2007 5:11 PM
Subject: Re: AOL accounts trigger some weird rules. Suggestions please?


> Steve Campbell wrote:
>
>>> whitelist_from_spf aol.com
>>>
>
> Well, other rules do still apply.. SA's whitelisting doesn't really exempt 
> an
> email from checks, it just adds a heavy score bias. (-100 points for the 
> normal
> version, -15 for the def_whitelist_* variants)
>
>>
>> Thanks for the idea. I'll look into this further.

Well, I looked into this further, and tried the line mentioned above, but 
really don't see much difference in the email's scoring. I did find a few 
Postfix fixes and suggestions, but I run Sendmail. Other than that, it 
appears it should be working. Maybe it is.

What should I see that indicates this is working? To keep it simple for an 
explanation, I see the SPF_PASS triggered on a real AOL email, with a score 
of -0.00, but should I see the -15 or -100 score anywhere? Can the scoring 
for this be modified to a different score like other rules' score? I have 
very low SPAM and HIGH SPAM thresholds. These have worked very well here for 
quite some time but a -15 would really throw this out of whack.

Thanks for the help. I'll keep googling and hope I see something on this.

Steve
>>
>> Steve


From glenn.steen at gmail.com  Thu Jan 18 16:35:33 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 18 15:37:53 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
In-Reply-To: <004901c73b0d$1571ed70$0705000a@ddf5dw71>
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>
	<45AE9758.90400@evi-inc.com> <000e01c73a81$b7f530c0$0705000a@ddf5dw71>
	<45AE9F0C.2090605@evi-inc.com>
	<004901c73b0d$1571ed70$0705000a@ddf5dw71>
Message-ID: <223f97700701180735w30f4aa4dj146d4df284397774@mail.gmail.com>

On 18/01/07, Steve Campbell <campbell@cnpapers.com> wrote:
>
> ----- Original Message -----
> From: "Matt Kettler" <mkettler@evi-inc.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, January 17, 2007 5:11 PM
> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>
>
> > Steve Campbell wrote:
> >
> >>> whitelist_from_spf aol.com
> >>>
> >
> > Well, other rules do still apply.. SA's whitelisting doesn't really exempt
> > an
> > email from checks, it just adds a heavy score bias. (-100 points for the
> > normal
> > version, -15 for the def_whitelist_* variants)
> >
> >>
> >> Thanks for the idea. I'll look into this further.
>
> Well, I looked into this further, and tried the line mentioned above, but
> really don't see much difference in the email's scoring. I did find a few
> Postfix fixes and suggestions, but I run Sendmail. Other than that, it
> appears it should be working. Maybe it is.
>
> What should I see that indicates this is working? To keep it simple for an
> explanation, I see the SPF_PASS triggered on a real AOL email, with a score
> of -0.00, but should I see the -15 or -100 score anywhere? Can the scoring
> for this be modified to a different score like other rules' score? I have
> very low SPAM and HIGH SPAM thresholds. These have worked very well here for
> quite some time but a -15 would really throw this out of whack.
>
> Thanks for the help. I'll keep googling and hope I see something on this.
>
> Steve
> >>
> >> Steve
You should be seeing things like USER_IN_DEF_SPF_WL triggering on
those whitelisted messages, and that would add -7.5 (at least on my
system... From the sa-updated 50_score.cf file)... which is (IMO) a
better value for the def_* whitelists. I only use these whitelists
where I have little or no other means... The only SPF one I use is for
one subdomain from Lehman brothers, and so far that works very well
... the line in /etc/spamassassin/local.cf I use is
def_whitelist_from_spf *@research.lehman.com
and could possibly be less forgiving... but this works, so...:-).
If you cannot use the SPF thingie, for some reason (like the domain in
question not having relevant/working SPF records published) there's
always def_whitelist_from_rcvd ...

You did remember to restart MailScanner (I'm not sure a reload will do
for this) after adding the whitelist?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From vasiliy at linuxspecial.com  Thu Jan 18 16:31:39 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 18 15:41:12 2007
Subject: mailwatch problem
In-Reply-To: <eomdoa$vdo$1@sea.gmane.org>
References: <45AE94EE.8000102@linuxspecial.com>	<45AE9F51.4070606@linuxspecial.com>
	<eomdoa$vdo$1@sea.gmane.org>
Message-ID: <45AF92DB.6020708@linuxspecial.com>

Gents,
    Sorry, the problem was completely on my end, and it is solved.  My 
php setup was garbled.  It was a distracting day, and I did not approach 
this the right way.

THANKS!

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Scott Silva wrote:
> Vasiliy Boulytchev spake the following on 1/17/2007 2:12 PM:
>   
>> Update:
>>
>> The index.php, which is a links to status.php, didnt have <?php, just
>> had <?....  after adding the php :).... i am getting this...  whats
>> wrong with the code?
>>
>> *Parse error*: syntax error, unexpected $end in
>> */home/www/mailwatch/mailscanner/functions.php* on line *2498
>>
>> *
>>
>> Vasiliy Boulytchev
>> vasiliy@linuxspecial.com
>>
>>
>>
>> Vasiliy Boulytchev wrote:
>>     
>>> Gents,
>>>    Just setup my MS boxies to use Mailwatch...
>>>    I can see the tables being updated on the MySQL server...
>>>    However, when I visit the final http://blabla/mailscanner/ for the
>>> expected mailwatch graphs, I get
>>>
>>>
>>> %H:%i:%s') AS datetime, from_address, to_address, subject, size as
>>> size, isspam, ishighspam, spamwhitelisted, spamblacklisted,
>>> virusinfected, nameinfected, otherinfected, sascore, report, ismcp,
>>> issamcp, ishighmcp, mcpsascore, '' AS status FROM maillog WHERE
>>> ".$GLOBALS['global_filter']." ORDER BY date DESC, time DESC LIMIT
>>> ".MAX_RESULTS; db_colorised_table($sql,"Last ".MAX_RESULTS." Messages
>>> (Refreshing every $refresh seconds)"); html_end(); ?>
>>>
>>>    nothing in the apache logs :(
>>>
>>>    Any suggestions?
>>>
>>> THANKS
>>>
>>>       
> Please don't cross post every help request you have. Post mailwatch questions
> on mailwatch list and mailscanner questions here. They are two separate
> packages from two separate authors. The fact that they work together is
> irrelevant.
> Otherwise some of the busier people might start to ignore you. >:-]
>
>   
From glenn.steen at gmail.com  Thu Jan 18 16:44:38 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 18 15:47:04 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
In-Reply-To: <223f97700701180735w30f4aa4dj146d4df284397774@mail.gmail.com>
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71>
	<45AE9758.90400@evi-inc.com> <000e01c73a81$b7f530c0$0705000a@ddf5dw71>
	<45AE9F0C.2090605@evi-inc.com>
	<004901c73b0d$1571ed70$0705000a@ddf5dw71>
	<223f97700701180735w30f4aa4dj146d4df284397774@mail.gmail.com>
Message-ID: <223f97700701180744y530fc783t8b09d1a874fe6219@mail.gmail.com>

On 18/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> ... the line in /etc/spamassassin/local.cf I use is
/etc/mail/spamassassin/local.cf, of course. Could've put it in
mailscanner.cf too,
but ... these aren't really about MailScanner, rather more about our
local settings,
so local.cf it is:).

-- 
-- Glenn (a.k.a. Le Grand Typo)
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From campbell at cnpapers.com  Thu Jan 18 17:53:09 2007
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 18 16:59:32 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71><45AE9758.90400@evi-inc.com>
	<000e01c73a81$b7f530c0$0705000a@ddf5dw71><45AE9F0C.2090605@evi-inc.com><004901c73b0d$1571ed70$0705000a@ddf5dw71>
	<223f97700701180735w30f4aa4dj146d4df284397774@mail.gmail.com>
Message-ID: <01a201c73b21$22560210$0705000a@ddf5dw71>


----- Original Message ----- 
From: "Glenn Steen" <glenn.steen@gmail.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Thursday, January 18, 2007 10:35 AM
Subject: Re: AOL accounts trigger some weird rules. Suggestions please?


> On 18/01/07, Steve Campbell <campbell@cnpapers.com> wrote:
>>
>> ----- Original Message -----
>> From: "Matt Kettler" <mkettler@evi-inc.com>
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Sent: Wednesday, January 17, 2007 5:11 PM
>> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>>
>>
>> > Steve Campbell wrote:
>> >
>> >>> whitelist_from_spf aol.com
>> >>>
>> >
>> > Well, other rules do still apply.. SA's whitelisting doesn't really 
>> > exempt
>> > an
>> > email from checks, it just adds a heavy score bias. (-100 points for 
>> > the
>> > normal
>> > version, -15 for the def_whitelist_* variants)
>> >
>> >>
>> >> Thanks for the idea. I'll look into this further.
>>
>> Well, I looked into this further, and tried the line mentioned above, but
>> really don't see much difference in the email's scoring. I did find a few
>> Postfix fixes and suggestions, but I run Sendmail. Other than that, it
>> appears it should be working. Maybe it is.
>>
>> What should I see that indicates this is working? To keep it simple for 
>> an
>> explanation, I see the SPF_PASS triggered on a real AOL email, with a 
>> score
>> of -0.00, but should I see the -15 or -100 score anywhere? Can the 
>> scoring
>> for this be modified to a different score like other rules' score? I have
>> very low SPAM and HIGH SPAM thresholds. These have worked very well here 
>> for
>> quite some time but a -15 would really throw this out of whack.
>>
>> Thanks for the help. I'll keep googling and hope I see something on this.
>>
>> Steve
>> >>
>> >> Steve
> You should be seeing things like USER_IN_DEF_SPF_WL triggering on
> those whitelisted messages, and that would add -7.5 (at least on my
> system... From the sa-updated 50_score.cf file)... which is (IMO) a
> better value for the def_* whitelists. I only use these whitelists
> where I have little or no other means... The only SPF one I use is for
> one subdomain from Lehman brothers, and so far that works very well
> ... the line in /etc/spamassassin/local.cf I use is
> def_whitelist_from_spf *@research.lehman.com
> and could possibly be less forgiving... but this works, so...:-).
> If you cannot use the SPF thingie, for some reason (like the domain in
> question not having relevant/working SPF records published) there's
> always def_whitelist_from_rcvd ...

Glenn,

Thanks, your info put me on the proper research track. I also switched from 
the whitelist_from_spf that Matt suggested to the def_whitelist_from _spf. 
I'm not sure if this fixed it or using the "*@" in front of the parm fixed 
it, but I am not seeing the entries in MailWatch.

I didn't realize there were SA rules that this triggered, so I rescored the 
two that I see,  ENV_AND_HDR_SPF_MATCH and USER_IN_DEF_SPF_WL them down 
to -2 as opposed to -7.5. This should offset the Gappy text and free access 
rules.

Again,

Thanks Matt and Glenn

Steve

>You did remember to restart MailScanner (I'm not sure a reload will do
> for this) after adding the whitelist?
>
> Cheers
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> -- 


From campbell at cnpapers.com  Thu Jan 18 19:19:18 2007
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 18 18:25:41 2007
Subject: AOL accounts trigger some weird rules. Suggestions please?
References: <002501c73a7e$b57e44b0$0705000a@ddf5dw71><45AE9758.90400@evi-inc.com><000e01c73a81$b7f530c0$0705000a@ddf5dw71><45AE9F0C.2090605@evi-inc.com><004901c73b0d$1571ed70$0705000a@ddf5dw71><223f97700701180735w30f4aa4dj146d4df284397774@mail.gmail.com>
	<01a201c73b21$22560210$0705000a@ddf5dw71>
Message-ID: <01c801c73b2d$2bf879e0$0705000a@ddf5dw71>


----- Original Message ----- 
From: "Steve Campbell" <campbell@cnpapers.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Thursday, January 18, 2007 11:53 AM
Subject: Re: AOL accounts trigger some weird rules. Suggestions please?


>
> ----- Original Message ----- 
> From: "Glenn Steen" <glenn.steen@gmail.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Thursday, January 18, 2007 10:35 AM
> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>
>
>> On 18/01/07, Steve Campbell <campbell@cnpapers.com> wrote:
>>>
>>> ----- Original Message -----
>>> From: "Matt Kettler" <mkettler@evi-inc.com>
>>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>> Sent: Wednesday, January 17, 2007 5:11 PM
>>> Subject: Re: AOL accounts trigger some weird rules. Suggestions please?
>>>
>>>
>>> > Steve Campbell wrote:
>>> >
>>> >>> whitelist_from_spf aol.com
>>> >>>
>>> >
>>> > Well, other rules do still apply.. SA's whitelisting doesn't really 
>>> > exempt
>>> > an
>>> > email from checks, it just adds a heavy score bias. (-100 points for 
>>> > the
>>> > normal
>>> > version, -15 for the def_whitelist_* variants)
>>> >
>>> >>
>>> >> Thanks for the idea. I'll look into this further.
>>>
>>> Well, I looked into this further, and tried the line mentioned above, 
>>> but
>>> really don't see much difference in the email's scoring. I did find a 
>>> few
>>> Postfix fixes and suggestions, but I run Sendmail. Other than that, it
>>> appears it should be working. Maybe it is.
>>>
>>> What should I see that indicates this is working? To keep it simple for 
>>> an
>>> explanation, I see the SPF_PASS triggered on a real AOL email, with a 
>>> score
>>> of -0.00, but should I see the -15 or -100 score anywhere? Can the 
>>> scoring
>>> for this be modified to a different score like other rules' score? I 
>>> have
>>> very low SPAM and HIGH SPAM thresholds. These have worked very well here 
>>> for
>>> quite some time but a -15 would really throw this out of whack.
>>>
>>> Thanks for the help. I'll keep googling and hope I see something on 
>>> this.
>>>
>>> Steve
>>> >>
>>> >> Steve
>> You should be seeing things like USER_IN_DEF_SPF_WL triggering on
>> those whitelisted messages, and that would add -7.5 (at least on my
>> system... From the sa-updated 50_score.cf file)... which is (IMO) a
>> better value for the def_* whitelists. I only use these whitelists
>> where I have little or no other means... The only SPF one I use is for
>> one subdomain from Lehman brothers, and so far that works very well
>> ... the line in /etc/spamassassin/local.cf I use is
>> def_whitelist_from_spf *@research.lehman.com
>> and could possibly be less forgiving... but this works, so...:-).
>> If you cannot use the SPF thingie, for some reason (like the domain in
>> question not having relevant/working SPF records published) there's
>> always def_whitelist_from_rcvd ...
>
> Glenn,
>
> Thanks, your info put me on the proper research track. I also switched 
> from the whitelist_from_spf that Matt suggested to the def_whitelist_from 
> _spf. I'm not sure if this fixed it or using the "*@" in front of the parm 
> fixed it, but I am not seeing the entries in MailWatch.

That should be :
,but I am now seeing the entries in MailWatch.

Steve
>
> I didn't realize there were SA rules that this triggered, so I rescored 
> the two that I see,  ENV_AND_HDR_SPF_MATCH and USER_IN_DEF_SPF_WL them 
> down to -2 as opposed to -7.5. This should offset the Gappy text and free 
> access rules.
>
> Again,
>
> Thanks Matt and Glenn
>
> Steve
>
>>You did remember to restart MailScanner (I'm not sure a reload will do
>> for this) after adding the whitelist?
>>


From ssilva at sgvwater.com  Thu Jan 18 19:39:35 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 18 18:42:21 2007
Subject: mailwatch problem
In-Reply-To: <45AF5DDE.FEA8.00EB.0@imsu.ox.ac.uk>
References: <45AE9F51.4070606@linuxspecial.com>	<EAE39E9E242F774099806D1052118953370C5C@samba2003.home.middlefinger.net>	<45AF5336.FEA8.00EB.0@imsu.ox.ac.uk>	<223f97700701180333x2abbc35bn7ff92d7a541706a@mail.gmail.com>
	<45AF5DDE.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <eooet6$ehr$2@sea.gmane.org>

Sylvain Phaneuf spake the following on 1/18/2007 3:45 AM:
> 
>>>> On 18/01/2007 at 11:33, "Glenn Steen" <glenn.steen@gmail.com>
> wrote:
>>> As for posting MailWatch questions here, I must admit I had to do it
> as
>>> well. The MailWatch forum is a bit unresponsive...  MailScanner guys
> are
>>> the best...
> 
>> Well... This is a bit funny, since it is mainly the same people...
> And
>> from time to time the MW list is very active (even more so than this
>> list). Sure, the traffic over there is (a lot) more ... "bursty" in
>> nature...:)
> 
> Sorry, I meant the MailWatch forum. I didn't realise the mailing list
> was not mirrored to the forum...
> 
> Sylvain
> 
There has been some talk in the past of getting more of the experts in here to
help on the forum, but the list is much easier to work in while you are doing
your "regular" job. I wish the forum would just point people to the list.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From vasiliy at linuxspecial.com  Thu Jan 18 19:46:51 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 18 18:49:14 2007
Subject: MS additional header line
Message-ID: <45AFC09B.40306@linuxspecial.com>

Gents,
   
    It would provide very useful in my tracking efforts in MailWatch, if 
MS would add the message ID to the header of each message...

    How can I turn that on?

THANKS!

-- 
Vasiliy Boulytchev
vasiliy@linuxspecial.com

From ugob at camo-route.com  Thu Jan 18 19:55:48 2007
From: ugob at camo-route.com (Ugo Bellavance)
Date: Thu Jan 18 18:58:26 2007
Subject: MS additional header line
In-Reply-To: <45AFC09B.40306@linuxspecial.com>
References: <45AFC09B.40306@linuxspecial.com>
Message-ID: <eoofrj$ktg$1@sea.gmane.org>

Vasiliy Boulytchev wrote:
> Gents,
>      It would provide very useful in my tracking efforts in MailWatch, 
> if MS would add the message ID to the header of each message...
> 
>    How can I turn that on?
> 
> THANKS!
> 

Your MTA does this... look carefully in the headers.

Ugo

From crichardson at cantella.com  Thu Jan 18 20:02:48 2007
From: crichardson at cantella.com (Chris Richardson)
Date: Thu Jan 18 19:06:07 2007
Subject: AVG7 Patch to fix scanning along with adding Trojan Detection
Message-ID: <45AFC458.6080002@cantella.com>

Ok so basicaly mailscanner was hardcoded with the -ext=* which causes 
the wrapper to fail and not actualy scan. also if a trojan was detected 
by AVG mail scanner did not reconize the output so it would allow it go 
as if it was clean..

This was build against

MailScanner 4.56.8

apply the patch to SweepViruses.pm



The information transmitted is intended only for the person or entity 
to which it is addressed and may contain confidential and/or 
privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information
by persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete this
material from any computer.

In accordance with industry regulations, all messages are retained and are subject to monitoring. 

This message has been scanned for viruses and dangerous content and is believed to be clean. 

Securities offered through Cantella & Co., Inc., Member NASD/SIPC. 
Home Office: 2 Oliver Street, 11th Floor, Boston, MA 02109
Telephone: (617)521-8630

-------------- next part --------------
A non-text attachment was scrubbed...
Name: AVG7_Patch.patch
Type: text/x-patch
Size: 663 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070118/edc3f462/AVG7_Patch.bin
From vasiliy at linuxspecial.com  Thu Jan 18 20:11:00 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 18 19:16:51 2007
Subject: MS additional header line
In-Reply-To: <eoofrj$ktg$1@sea.gmane.org>
References: <45AFC09B.40306@linuxspecial.com> <eoofrj$ktg$1@sea.gmane.org>
Message-ID: <45AFC644.9030003@linuxspecial.com>

Ugo,
    Absolutely agreed,  in the header, I get <react-746422568@bla.com>  
in Message:ID...
    But MS assigns a 5 digit number for IDs, which I would love to 
search for in MailWatch...
    Am I missing something?

Regards,

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Ugo Bellavance wrote:
>
> Vasiliy Boulytchev wrote:
>> Gents,
>>      It would provide very useful in my tracking efforts in 
>> MailWatch, if MS would add the message ID to the header of each 
>> message...
>>
>>    How can I turn that on?
>>
>> THANKS!
>>
>
> Your MTA does this... look carefully in the headers.
>
> Ugo
>
From ssilva at sgvwater.com  Thu Jan 18 20:15:28 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 18 19:17:58 2007
Subject: MS additional header line
In-Reply-To: <45AFC09B.40306@linuxspecial.com>
References: <45AFC09B.40306@linuxspecial.com>
Message-ID: <eooh0f$q2f$1@sea.gmane.org>

Vasiliy Boulytchev spake the following on 1/18/2007 10:46 AM:
> Gents,
>      It would provide very useful in my tracking efforts in MailWatch,
> if MS would add the message ID to the header of each message...
> 
>    How can I turn that on?
> 
> THANKS!
> 
I have it in the Received header. Something like;

Received: from sender@somewhere.com (real address) by myserver.mydomain.com
(mailer ids) with SMTP id blablabla  for me@mydomain.com; Date Time
timezone_adj_from GMT

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From vasiliy at linuxspecial.com  Thu Jan 18 20:31:51 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 18 19:34:32 2007
Subject: MS additional header line
In-Reply-To: <eooh0f$q2f$1@sea.gmane.org>
References: <45AFC09B.40306@linuxspecial.com> <eooh0f$q2f$1@sea.gmane.org>
Message-ID: <45AFCB27.1030009@linuxspecial.com>

Absolutely agree with you again,
    But the SMTP id, is not the same ID as the one that MailScanner is 
using for MailWatch, so when I search for that ID, I get nothing....  MS 
as you know is using different ID structure.

Regards,

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Scott Silva wrote:
> Vasiliy Boulytchev spake the following on 1/18/2007 10:46 AM:
>   
>> Gents,
>>      It would provide very useful in my tracking efforts in MailWatch,
>> if MS would add the message ID to the header of each message...
>>
>>    How can I turn that on?
>>
>> THANKS!
>>
>>     
> I have it in the Received header. Something like;
>
> Received: from sender@somewhere.com (real address) by myserver.mydomain.com
> (mailer ids) with SMTP id blablabla  for me@mydomain.com; Date Time
> timezone_adj_from GMT
>
>   
From vasiliy at linuxspecial.com  Thu Jan 18 20:34:04 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 18 19:36:28 2007
Subject: MS additional header line
In-Reply-To: <eooh0f$q2f$1@sea.gmane.org>
References: <45AFC09B.40306@linuxspecial.com> <eooh0f$q2f$1@sea.gmane.org>
Message-ID: <45AFCBAC.6000904@linuxspecial.com>

Here are the full headers for that message :)


Return-Path: <autoreply@mailsvc.com>
Received: by mx00.cbici.net (CommuniGate Pro PIPE 5.1.3)
  with PIPE id 4537081; Thu, 18 Jan 2007 13:22:52 -0500
Received: from smtpout.mx.citinternet.com ([67.128.25.254] verified)
  by mx00.cbici.net (CommuniGate Pro SMTP 5.1.3)
  with ESMTP id 4537072 for vasiliy@cbici.net; Thu, 18 Jan 2007 13:22:41 -0500
Received-SPF: pass
 receiver=mx00.cbici.net; client-ip=67.128.25.254; envelope-from=MAILER-DAEMON@mailsvc.com
X-Reverse-Check: no relay available
Received: from mailsvc.com (mail.mailsvc.com [63.247.192.101])
	by smtpout.mx.citinternet.com (Postfix) with ESMTP id 8D55F178FF
	for <vasiliy@cbici.net>; Thu, 18 Jan 2007 11:17:06 -0700 (MST)
From: "Automatic Reply mailbox for testing" <autoreply@mailsvc.com>
Date: Thu, 18 Jan 2007 11:16:58 -0700
Message-ID: <react-746422568@mailsvc.com>
X-Autogenerated: Reply
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
To: Vasiliy Boulytchev <vasiliy@cbici.net>
Subject: Re: test
In-Reply-To: <9F02EB2B-07F9-4EF6-916C-B482414E0C63@cbici.net>
X-CBI-MailScanner-Information: Please contact CBI-Connect at 212-777-0700 for more information.
X-CBI-MailScanner1: Found to be clean
X-CBI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0,
	required 5, autolearn=not spam)
X-CBI-MailScanner-From: mailer-daemon@mailsvc.com
X-Spam-Status: No



--------

The 
ESMTP id 4537072
is not what MailWatch and MS use for message ids.


Vasiliy



Scott Silva wrote:
> Vasiliy Boulytchev spake the following on 1/18/2007 10:46 AM:
>   
>> Gents,
>>      It would provide very useful in my tracking efforts in MailWatch,
>> if MS would add the message ID to the header of each message...
>>
>>    How can I turn that on?
>>
>> THANKS!
>>
>>     
> I have it in the Received header. Something like;
>
> Received: from sender@somewhere.com (real address) by myserver.mydomain.com
> (mailer ids) with SMTP id blablabla  for me@mydomain.com; Date Time
> timezone_adj_from GMT
>
>   
From steve.freegard at fsl.com  Thu Jan 18 20:54:57 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Thu Jan 18 19:57:21 2007
Subject: MS additional header line
In-Reply-To: <45AFCBAC.6000904@linuxspecial.com>
References: <45AFC09B.40306@linuxspecial.com> <eooh0f$q2f$1@sea.gmane.org>
	<45AFCBAC.6000904@linuxspecial.com>
Message-ID: <45AFD091.4010304@fsl.com>

Vasiliy,

Vasiliy Boulytchev wrote:
> Here are the full headers for that message :)
> 
> 
> Return-Path: <autoreply@mailsvc.com>
> Received: by mx00.cbici.net (CommuniGate Pro PIPE 5.1.3)
>  with PIPE id 4537081; Thu, 18 Jan 2007 13:22:52 -0500
> Received: from smtpout.mx.citinternet.com ([67.128.25.254] verified)
>  by mx00.cbici.net (CommuniGate Pro SMTP 5.1.3)
>  with ESMTP id 4537072 for vasiliy@cbici.net; Thu, 18 Jan 2007 13:22:41 
> -0500
> --------
> 
> The ESMTP id 4537072
> is not what MailWatch and MS use for message ids.

I've no idea how the message IDs are generated using the CommunigatePro 
interface and I believe you're the first person to try MailWatch with CGP.

Have a look at the message detail page and it will show the Message ID 
there.

Kind regards,
Steve.
From vasiliy at linuxspecial.com  Thu Jan 18 21:12:45 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 18 20:15:10 2007
Subject: MS additional header line
In-Reply-To: <45AFD091.4010304@fsl.com>
References: <45AFC09B.40306@linuxspecial.com>
	<eooh0f$q2f$1@sea.gmane.org>	<45AFCBAC.6000904@linuxspecial.com>
	<45AFD091.4010304@fsl.com>
Message-ID: <45AFD4BD.1020702@linuxspecial.com>

Well,
    I really dont know what the MTA has to do with the MS Message id , 
which is assigned by MailScanner, and passed on to the MySQL tables in 
Mailwatch... which in turn is tracked by Mailwatch php web interface...

    Any ideas?

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Steve Freegard wrote:
>
> Vasiliy,
>
> Vasiliy Boulytchev wrote:
>> Here are the full headers for that message :)
>>
>>
>> Return-Path: <autoreply@mailsvc.com>
>> Received: by mx00.cbici.net (CommuniGate Pro PIPE 5.1.3)
>>  with PIPE id 4537081; Thu, 18 Jan 2007 13:22:52 -0500
>> Received: from smtpout.mx.citinternet.com ([67.128.25.254] verified)
>>  by mx00.cbici.net (CommuniGate Pro SMTP 5.1.3)
>>  with ESMTP id 4537072 for vasiliy@cbici.net; Thu, 18 Jan 2007 
>> 13:22:41 -0500
>> --------
>>
>> The ESMTP id 4537072
>> is not what MailWatch and MS use for message ids.
>
> I've no idea how the message IDs are generated using the 
> CommunigatePro interface and I believe you're the first person to try 
> MailWatch with CGP.
>
> Have a look at the message detail page and it will show the Message ID 
> there.
>
> Kind regards,
> Steve.
From Kevin_Miller at ci.juneau.ak.us  Thu Jan 18 21:29:22 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu Jan 18 20:31:42 2007
Subject: MS additional header line
In-Reply-To: <45AFD4BD.1020702@linuxspecial.com>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BAFD@city-exch-w3e.cbj.local>

Vasiliy Boulytchev wrote:
> Well,
>     I really dont know what the MTA has to do with the MS Message id ,
> which is assigned by MailScanner, and passed on to the MySQL tables in
> Mailwatch... which in turn is tracked by Mailwatch php web
> interface... 
> 
>     Any ideas?

ON my system, the ID in the details page in MailWatch matches the ESMPT id in the receive headers.  MailScanner/MailWatch don't generate that ID.  I think we're all not sure what ID it is you're looking at.  At least I'm not sure.

This is from the details page in MW:

ID:			0IKOXGc013082
Message Headers:	Return-Path: <?g>
Received: from mail4061.rm02.net (mail4061.rm02.net [129.41.77.61])
     by mx2.ci.juneau.ak.us (8.13.4/8.13.4/SuSE Linux 0.7) with ESMTP id l0IKOXGc013082



...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From Denis.Beauchemin at USherbrooke.ca  Thu Jan 18 21:28:48 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Thu Jan 18 20:32:02 2007
Subject: MS additional header line
In-Reply-To: <45AFD4BD.1020702@linuxspecial.com>
References: <45AFC09B.40306@linuxspecial.com>	<eooh0f$q2f$1@sea.gmane.org>	<45AFCBAC.6000904@linuxspecial.com>	<45AFD091.4010304@fsl.com>
	<45AFD4BD.1020702@linuxspecial.com>
Message-ID: <45AFD880.6090905@USherbrooke.ca>

Vasiliy Boulytchev a ?crit :
> Well,
>    I really dont know what the MTA has to do with the MS Message id , 
> which is assigned by MailScanner, and passed on to the MySQL tables in 
> Mailwatch... which in turn is tracked by Mailwatch php web interface...

Vasily,

I don't think there is anything like a "MS Message ID".  MS doesn't need 
any message ID to do its job.  You're probably confusing this with MW's 
message ID.  I run MS without MW and see no MS message ID in my logs.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070118/6c85681e/smime.bin
From ssilva at sgvwater.com  Thu Jan 18 21:31:15 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 18 20:34:04 2007
Subject: MS additional header line
In-Reply-To: <45AFD4BD.1020702@linuxspecial.com>
References: <45AFC09B.40306@linuxspecial.com>	<eooh0f$q2f$1@sea.gmane.org>	<45AFCBAC.6000904@linuxspecial.com>	<45AFD091.4010304@fsl.com>
	<45AFD4BD.1020702@linuxspecial.com>
Message-ID: <eoolel$bg7$1@sea.gmane.org>

Vasiliy Boulytchev spake the following on 1/18/2007 12:12 PM:
> Well,
>    I really dont know what the MTA has to do with the MS Message id ,
> which is assigned by MailScanner, and passed on to the MySQL tables in
> Mailwatch... which in turn is tracked by Mailwatch php web interface...
> 
AFAIR the msg id is generated by the MTA when the message is received. With
sendmail, mailscanner just uses it, and with postfix I believe mailscanner
adds some randomness to it because postfix can reuse an id. Whoever wrote the
patches to mailscanner and mailwatch to work with Communigate missed this, or
implemented it differently. You might be able to write a custom function to
add a header with the id in it.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From Kevin_Miller at ci.juneau.ak.us  Thu Jan 18 21:37:40 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu Jan 18 20:39:58 2007
Subject: MS additional header line
In-Reply-To: <45AFCBAC.6000904@linuxspecial.com>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BAFE@city-exch-w3e.cbj.local>

Vasiliy Boulytchev wrote:
> Received: by mx00.cbici.net (CommuniGate Pro PIPE 5.1.3)
>   with PIPE id 4537081; Thu, 18 Jan 2007 13:22:52 -0500
> Received: from smtpout.mx.citinternet.com ([67.128.25.254] verified)
>   by mx00.cbici.net (CommuniGate Pro SMTP 5.1.3)
>   with ESMTP id 4537072 for vasiliy@cbici.net; Thu, 18 Jan 2007
> ...snip
> The
> ESMTP id 4537072
> is not what MailWatch and MS use for message ids.

Nope, because that ID is from a previous MTA process.  I think the ID
you're looking for is the PIPE id - in this case 4537081.

Remember that MailScanner does a two step with the MTA.  First the MTA
receives the mail from somewhere, then hands it off to MailScanner for
analysis, then hands it back to an MTA for delivery.  The 4537072 id is
the first MTA interaction where it is received.  The PIPE id 4537081 is
presumably the ID that Communigate Pro is giving it after MailScanner
has done it's thing.  On my system at least, the ID used by MW is the
last id assigned by the MTA.  

But I've never played with CGP so maybe it does it differently?

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From stork at openenterprise.ca  Thu Jan 18 21:40:28 2007
From: stork at openenterprise.ca (Johnny Stork)
Date: Thu Jan 18 20:43:05 2007
Subject: New Problems With Failed Plugins?
Message-ID: <H00000670019ffad.1169152827.penguin.johnnystork.ca@MHS>

I just upgraded to MS 4.58.4, Clamav .88.7 and SA 3.1.7 running on a RHES 4 box. 
After getting everything backup and running the upgrade_mailscanner script, 
I checked out things in Mailwatch and ran the SA lint test. I noticed these lines 
below? I am sure these plugins were all working before? Did I miss, (or bust) 
something?

Thanks


[29826] dbg: dcc: local tests only, disabling DCC

[29826] dbg: pyzor: local tests only, disabling Pyzor

[29826] dbg: reporter: local tests only, disabling SpamCop

[29826] dbg: razor2: local tests only, skipping Razor


__________________________
Johnny Stork
Open Enterprise Solutions

"Empowering Business With Open Source Software"

http://www.openenterprise.ca (Technology & Business)

Other Sites:

http://www.dreamscapemedia.ca (Photography and Media)
http://www.mountainlinux.ca (Linux Users Group)
http://www.mountainliving.ca (Mountain Living Magazine)
http://www.squamishblog.ca (Squamish Blog)
http://www.johnnystork.ca (Personal Home Page)


From mkettler at evi-inc.com  Thu Jan 18 21:51:20 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Thu Jan 18 20:53:52 2007
Subject: New Problems With Failed Plugins?
In-Reply-To: <H00000670019ffad.1169152827.penguin.johnnystork.ca@MHS>
References: <H00000670019ffad.1169152827.penguin.johnnystork.ca@MHS>
Message-ID: <45AFDDC8.7060207@evi-inc.com>

In recent versions of SA --lint implies -L.

The reason is that the point of lint is to check rulefile syntax, enabling
network tests only slows this down.

If you want to check your network plugins, feed a message into spamassassin -D.

Johnny Stork wrote:
> I just upgraded to MS 4.58.4, Clamav .88.7 and SA 3.1.7 running on a RHES 4 box. 
> After getting everything backup and running the upgrade_mailscanner script, 
> I checked out things in Mailwatch and ran the SA lint test. I noticed these lines 
> below? I am sure these plugins were all working before? Did I miss, (or bust) 
> something?
> 
> Thanks
> 
> 
> [29826] dbg: dcc: local tests only, disabling DCC
> 
> [29826] dbg: pyzor: local tests only, disabling Pyzor
> 
> [29826] dbg: reporter: local tests only, disabling SpamCop
> 
> [29826] dbg: razor2: local tests only, skipping Razor
> 
> 
> __________________________
> Johnny Stork
> Open Enterprise Solutions
> 
> "Empowering Business With Open Source Software"
> 
> http://www.openenterprise.ca (Technology & Business)
> 
> Other Sites:
> 
> http://www.dreamscapemedia.ca (Photography and Media)
> http://www.mountainlinux.ca (Linux Users Group)
> http://www.mountainliving.ca (Mountain Living Magazine)
> http://www.squamishblog.ca (Squamish Blog)
> http://www.johnnystork.ca (Personal Home Page)
> 
> 

From glenn.steen at gmail.com  Fri Jan 19 00:43:23 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 18 23:45:45 2007
Subject: MS additional header line
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC863BAFE@city-exch-w3e.cbj.local>
References: <45AFCBAC.6000904@linuxspecial.com>
	<D1587DCF6294524BAFA2C9944312FCC863BAFE@city-exch-w3e.cbj.local>
Message-ID: <223f97700701181543x41326273ma2a1216022bde8f9@mail.gmail.com>

On 18/01/07, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Vasiliy Boulytchev wrote:
> > Received: by mx00.cbici.net (CommuniGate Pro PIPE 5.1.3)
> >   with PIPE id 4537081; Thu, 18 Jan 2007 13:22:52 -0500
> > Received: from smtpout.mx.citinternet.com ([67.128.25.254] verified)
> >   by mx00.cbici.net (CommuniGate Pro SMTP 5.1.3)
> >   with ESMTP id 4537072 for vasiliy@cbici.net; Thu, 18 Jan 2007
> > ...snip
> > The
> > ESMTP id 4537072
> > is not what MailWatch and MS use for message ids.
>
> Nope, because that ID is from a previous MTA process.  I think the ID
> you're looking for is the PIPE id - in this case 4537081.
>
> Remember that MailScanner does a two step with the MTA.  First the MTA
> receives the mail from somewhere, then hands it off to MailScanner for
> analysis, then hands it back to an MTA for delivery.  The 4537072 id is
> the first MTA interaction where it is received.  The PIPE id 4537081 is
> presumably the ID that Communigate Pro is giving it after MailScanner
> has done it's thing.  On my system at least, the ID used by MW is the
> last id assigned by the MTA.
>
> But I've never played with CGP so maybe it does it differently?
>
Not really replying to you specifically Kevin, but to all in this
thread.... The devil is indeed in the details here, methinks:-)
IIRC how Vasiliy has his setup done there is a "frontside" postfix MTA
(on one box?) that receive and MailScanner/MailWatch etc, then use
some script made by dear ol' John Rudd to transport the mails over to
CGP.
So what Vasiliy sees in MailWatch is the postfix queue file ID (as
usual) with the nice little extra entropy tagged on. In this case, the
ID is 8D55F178FF, so that message would have an id in MW of
8D55F178FF.XXXXX ... and here is where all the confusion stems
from:-).
Those extra bits are nowhere in sight in the headers, so you are
correct about that Vasiliy. But should they be? I don't really know if
I need them... I can always either look for the real message ID (in
MailWatch), look for the queue file id (also in MW), grep the mail log
(for the queue file ID) etc etc. So sure, you don't have it to easily
cut'n'paste, but it is far from gone;-).

I suppose if one really wanted to, there could be a way to add that in
an X-Temporary-ID or somesuch, but... the ID is only meaningful for
tracking in the log and in MailWatch... It really is rather temporary
in nature (we construct and deliver a completely new queue file with a
completely new ID after scanning....).

So basically, my advice boils down to:
- Use the mail log
- Use the reporting functions in MailWatch (if this is to find a
quarantined entity, the report mail contains the ID ratehr prominently
too, but the report page will always work:-)
- If all else fails... Use the source Luke;-D

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From taz at taz-mania.com  Fri Jan 19 00:52:42 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Thu Jan 18 23:55:05 2007
Subject: MS additional header line
In-Reply-To: <eoolel$bg7$1@sea.gmane.org>
Message-ID: <web-8994605@namesystems.net>

MailWatch.pm gets that 'id' from MailScanner. It's not generated by 
MailWatch, just recorded (I looked at the MailWatch.pm code. I'm not 
sure where MailScanner gets it. I assume the MTA, but I'm not sure. I 
see the id he's referreing to... in the MailWatch database. This is 
the same ID that is used to release quarantined Spam and Virus. So 
MailScanner can relate that ID to a message.

I believe he wants to be able to look at an emails headers and then go 
to the 'jump to message' and enter the ID and go to the details and do 
what ever he needs.


On Thu, 18 Jan 2007 12:31:15 -0800
  Scott Silva <ssilva@sgvwater.com> wrote:
>Vasiliy Boulytchev spake the following on 1/18/2007 12:12 PM:
>> Well,
>>    I really dont know what the MTA has to do with the MS Message id 
>>,
>> which is assigned by MailScanner, and passed on to the MySQL tables 
>>in
>> Mailwatch... which in turn is tracked by Mailwatch php web 
>>interface...
>> 
>AFAIR the msg id is generated by the MTA when the message is 
>received. With
>sendmail, mailscanner just uses it, and with postfix I believe 
>mailscanner
>adds some randomness to it because postfix can reuse an id. Whoever 
>wrote the
>patches to mailscanner and mailwatch to work with Communigate missed 
>this, or
>implemented it differently. You might be able to write a custom 
>function to
>add a header with the id in it.
>
>-- 
>
>MailScanner is like deodorant...
>You hope everybody uses it, and
>you notice quickly if they don't!!!!
>
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, 
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From glenn.steen at gmail.com  Fri Jan 19 01:05:46 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 19 00:08:09 2007
Subject: MS additional header line
In-Reply-To: <web-8994605@namesystems.net>
References: <eoolel$bg7$1@sea.gmane.org> <web-8994605@namesystems.net>
Message-ID: <223f97700701181605u7351bdf4qff7e2d84c261d9f6@mail.gmail.com>

On 19/01/07, Dennis Willson <taz@taz-mania.com> wrote:
> MailWatch.pm gets that 'id' from MailScanner. It's not generated by
> MailWatch, just recorded (I looked at the MailWatch.pm code. I'm not
> sure where MailScanner gets it. I assume the MTA, but I'm not sure. I
> see the id he's referreing to... in the MailWatch database. This is
> the same ID that is used to release quarantined Spam and Virus. So
> MailScanner can relate that ID to a message.
>
> I believe he wants to be able to look at an emails headers and then go
> to the 'jump to message' and enter the ID and go to the details and do
> what ever he needs.
>
Quite correct Dennis, and it is the "queue file ID" that all MTAs seem
to have an incarnation of that it refers to (MailScanner get this when
it reads in a message into the batch and constructs the (perl) message
object). But this is a Postfix-ism biting him... Jules adds (at my
request) some five random hex digits after a dot at the end of the
"original" ID, to prevent queue file ID reuse (which is pretty common
in Postfix) to create duplicate records in MailWatch (and possibly any
other database logging apps).
So the information he needs to do that nice cut'n'paste is only
partially there in the headers. See my other post for "workarounds".
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From taz at taz-mania.com  Fri Jan 19 01:12:42 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Fri Jan 19 00:15:03 2007
Subject: MS additional header line
In-Reply-To: <web-8994605@namesystems.net>
Message-ID: <web-8994650@namesystems.net>


OK, on my system that is the ESMTP id. So it's available to me in the 
headers so I can do exactly what he wants.

I use CGP as the 'end user' mail server. However, all my 
MailScanner/MailWatch etc... runs on Sendmail in front of CGP.

On Thu, 18 Jan 2007 15:52:42 -0800
  "Dennis Willson" <taz@taz-mania.com> wrote:
>MailWatch.pm gets that 'id' from MailScanner. It's not generated by 
>MailWatch, just recorded (I looked at the MailWatch.pm code. I'm not 
>sure where MailScanner gets it. I assume the MTA, but I'm not sure. I 
>see the id he's referreing to... in the MailWatch database. This is 
>the same ID that is used to release quarantined Spam and Virus. So 
>MailScanner can relate that ID to a message.
>
>I believe he wants to be able to look at an emails headers and then 
>go to the 'jump to message' and enter the ID and go to the details 
>and do what ever he needs.
>
>
>On Thu, 18 Jan 2007 12:31:15 -0800
>  Scott Silva <ssilva@sgvwater.com> wrote:
>>Vasiliy Boulytchev spake the following on 1/18/2007 12:12 PM:
>>>Well,
>>>   I really dont know what the MTA has to do with the MS Message id 
>>>,
>>>which is assigned by MailScanner, and passed on to the MySQL tables 
>>>in
>>>Mailwatch... which in turn is tracked by Mailwatch php web 
>>>interface...
>>>
>>AFAIR the msg id is generated by the MTA when the message is 
>>received. With
>>sendmail, mailscanner just uses it, and with postfix I believe 
>>mailscanner
>>adds some randomness to it because postfix can reuse an id. Whoever 
>>wrote the
>>patches to mailscanner and mailwatch to work with Communigate missed 
>>this, or
>>implemented it differently. You might be able to write a custom 
>>function to
>>add a header with the id in it.
>>
>>-- 
>>
>>MailScanner is like deodorant...
>>You hope everybody uses it, and
>>you notice quickly if they don't!!!!
>>
>>-- 
>>MailScanner mailing list
>>mailscanner@lists.mailscanner.info
>>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>Before posting, read http://wiki.mailscanner.info/posting
>>
>>Support MailScanner development - buy the book off the website! 
>
>
>--------------------------------------------------
>Dennis Willson
>
>taz@taz-mania.com
>http://www.taz-mania.com
>
>Ham (Extra Class): KA6LSW
>GMRS : WQGF680
>Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, 
>Gas Blender
>
>Life should not be a journey to the grave with the intention of 
>arriving safely in a nice looking and well preserved body, but rather 
>to skid in broadside, thoroughly used up, totally worn out, and 
>loudly proclaiming, "WOW! WHAT A RIDE!"
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, 
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From taz at taz-mania.com  Fri Jan 19 01:58:35 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Fri Jan 19 01:00:59 2007
Subject: MS additional header line
In-Reply-To: <223f97700701181605u7351bdf4qff7e2d84c261d9f6@mail.gmail.com>
Message-ID: <web-8994705@namesystems.net>

OK, makes sense...

Would that full 'id' be available to a custom module that could add a 
header? If so he could write his own.


On Fri, 19 Jan 2007 01:05:46 +0100
  "Glenn Steen" <glenn.steen@gmail.com> wrote:
>On 19/01/07, Dennis Willson <taz@taz-mania.com> wrote:
>>MailWatch.pm gets that 'id' from MailScanner. It's not generated by
>>MailWatch, just recorded (I looked at the MailWatch.pm code. I'm not
>>sure where MailScanner gets it. I assume the MTA, but I'm not sure. I
>>see the id he's referreing to... in the MailWatch database. This is
>>the same ID that is used to release quarantined Spam and Virus. So
>>MailScanner can relate that ID to a message.
>>
>>I believe he wants to be able to look at an emails headers and then 
>>go
>>to the 'jump to message' and enter the ID and go to the details and 
>>do
>>what ever he needs.
>>
>Quite correct Dennis, and it is the "queue file ID" that all MTAs 
>seem
>to have an incarnation of that it refers to (MailScanner get this 
>when
>it reads in a message into the batch and constructs the (perl) 
>message
>object). But this is a Postfix-ism biting him... Jules adds (at my
>request) some five random hex digits after a dot at the end of the
>"original" ID, to prevent queue file ID reuse (which is pretty common
>in Postfix) to create duplicate records in MailWatch (and possibly 
>any
>other database logging apps).
>So the information he needs to do that nice cut'n'paste is only
>partially there in the headers. See my other post for "workarounds".
>-- 
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, 
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From glenn.steen at gmail.com  Fri Jan 19 02:44:42 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 19 01:47:06 2007
Subject: MS additional header line
In-Reply-To: <web-8994705@namesystems.net>
References: <223f97700701181605u7351bdf4qff7e2d84c261d9f6@mail.gmail.com>
	<web-8994705@namesystems.net>
Message-ID: <223f97700701181744n68b10e33nc69d1f710cc945b4@mail.gmail.com>

On 19/01/07, Dennis Willson <taz@taz-mania.com> wrote:
> OK, makes sense...
>
> Would that full 'id' be available to a custom module that could add a
> header? If so he could write his own.
>
Think so yes (at home, no code near, so ... could be wrong:-), it
should be in the message object as the "id" attribute... This is where
MailWatch gets it from.
A CustomFunction is pretty much what I mean by "Use the source Luke":-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From febrianto at sioenasia.com  Fri Jan 19 04:18:20 2007
From: febrianto at sioenasia.com (Budi Febrianto)
Date: Fri Jan 19 03:15:48 2007
Subject: OOT: Rules_du_jour problem
Message-ID: <OFC3232AAA.8CF81539-ON47257268.00119B54-47257268.0011C1D1@sioenasia.com>


Dear Gurus,
Is there a problem with 99_sare_fraud_post25x.cf? Whenever I run the
rules_du_jour it says that it found a newer version, but later it will
rolling back because of lint problem. Should I disabled
99_sare_fraud_post25x.cf from rules_du_jour?

***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:  mv -f /etc/mail/spamassassin/99_sare_fraud_post25x.cf
/etc
/mail/spamassassin/RulesDuJour/99_sare_fraud_post25x.cf.2; mv -f
/etc/mail/spama
ssassin/RulesDuJour/99_sare_fraud_post25x.cf.20070119-0938
/etc/mail/spamassassi
n/99_sare_fraud_post25x.cf;

Lint output: [25999] warn: config: failed to parse line, skipping:
<HTML><HEAD>
[25999] warn: config: failed to parse line, skipping: <TITLE>ERROR: The
requeste
d URL could not be retrieved</TITLE>
[25999] warn: config: failed to parse line, skipping: </HEAD><BODY>
[25999] warn: config: failed to parse line, skipping: <H2>The requested URL
coul
d not be retrieved</H2>
[25999] warn: config: failed to parse line, skipping: <HR>
[25999] warn: config: failed to parse line, skipping: <P>
[25999] warn: config: failed to parse line, skipping: While trying to
retrieve t
he URL:
[25999] warn: config: failed to parse line, skipping: <A
HREF="http://www.rulese
mporium.com/rules/99_sare_fraud_post25x.cf">http://www.rulesemporium.com/rules/9
9_sare_fraud_post25x.cf</A>
[25999] warn: config: failed to parse line, skipping: <P>
[25999] warn: config: failed to parse line, skipping: The following error
was en
countered:
[25999] warn: config: failed to parse line, skipping: <BLOCKQUOTE>
[25999] warn: config: failed to parse line, skipping: Unable to determine
IP add
ress from host name for
[25999] warn: config: failed to parse line, skipping:
<I>www.rulesemporium.com</
I>
[25999] warn: config: failed to parse line, skipping: </BLOCKQUOTE>
[25999] warn: config: failed to parse line, skipping: <P>
[25999] warn: config: failed to parse line, skipping: The dnsserver
returned:
[25999] warn: config: failed to parse line, skipping: <BLOCKQUOTE>
[25999] warn: config: failed to parse line, skipping: Server Failure: The
name s
erver was unable to process this query.
[25999] warn: config: failed to parse line, skipping: </BLOCKQUOTE>
[25999] warn: config: failed to parse line, skipping: <P>
[25999] warn: config: failed to parse line, skipping: This means that:
[25999] warn: config: failed to parse line, skipping: <PRE>
[25999] warn: config: failed to parse line, skipping: The cache was not
able to
resolve the hostname presented in the URL.
[25999] warn: config: failed to parse line, skipping: Check if the address
is co
rrect.
[25999] warn: config: failed to parse line, skipping: </PRE>
[25999] warn: config: failed to parse line, skipping: <P>Your cache
administrato
r is <A HREF="mailto:root">root</A>.
[25999] warn: config: failed to parse line, skipping: <br clear="all">
[25999] warn: config: failed to parse line, skipping: <hr noshade size=1>
[25999] warn: config: failed to parse line, skipping: Generated Sat, 16 Dec
2006
 22:07:48 GMT by linux01.sioenasia.com (Squid/2.4.STABLE7)
[25999] warn: config: failed to parse line, skipping: </BODY></HTML>
[25999] warn: lint: 30 issues detected, please rerun with debug enabled for
more
 information

From febrianto at sioenasia.com  Fri Jan 19 04:36:23 2007
From: febrianto at sioenasia.com (Budi Febrianto)
Date: Fri Jan 19 03:33:49 2007
Subject: OOT: Rules_du_jour problem
In-Reply-To: <OFC3232AAA.8CF81539-ON47257268.00119B54-47257268.0011C1D1@sioenasia.com>
Message-ID: <OFE9988DA0.90677792-ON47257268.00138D6C-47257268.001368B7@sioenasia.com>

Please disregard my question.
Already solved. delete both files in /etc/mail/Spamassassin and
/etc/mail/spamassassin/RulesDuJour solved the problem.
My brain already take a vacation.

mailscanner-bounces@lists.mailscanner.info wrote on 01-19-2007 10:18:20 AM:

>
> Dear Gurus,
> Is there a problem with 99_sare_fraud_post25x.cf? Whenever I run the
> rules_du_jour it says that it found a newer version, but later it will
> rolling back because of lint problem. Should I disabled
> 99_sare_fraud_post25x.cf from rules_du_jour?

From arturs at netvision.net.il  Fri Jan 19 09:50:36 2007
From: arturs at netvision.net.il (Arthur Sherman)
Date: Fri Jan 19 08:53:43 2007
Subject: New Problems With Failed Plugins?
In-Reply-To: <H00000670019ffad.1169152827.penguin.johnnystork.ca@MHS>
Message-ID: <062801c73ba6$e34924e0$3701a8c0@lapxp>

> I just upgraded to MS 4.58.4, Clamav .88.7 and SA 3.1.7 
> running on a RHES 4 box. 
> After getting everything backup and running the 
> upgrade_mailscanner script, 
> I checked out things in Mailwatch and ran the SA lint test. I 
> noticed these lines 
> below? I am sure these plugins were all working before? Did I 
> miss, (or bust) 
> something?
> 
> Thanks
> 
> 
> [29826] dbg: dcc: local tests only, disabling DCC
> 
> [29826] dbg: pyzor: local tests only, disabling Pyzor
> 
> [29826] dbg: reporter: local tests only, disabling SpamCop
> 
> [29826] dbg: razor2: local tests only, skipping Razor
> 


These are test checks, they run with network tests disabled.


Best,

--
Arthur Sherman

+972-52-4878851
CPTeam  

From martinh at solidstatelogic.com  Fri Jan 19 09:58:42 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri Jan 19 09:01:34 2007
Subject: MS additional header line
In-Reply-To: <45AFD091.4010304@fsl.com>
Message-ID: <282a6bf5342c264f8a3270542f4205cd@solidstatelogic.com>

Steve

I use it - been live for 3 weeks now, and a lot of people use the two..

BUT not on the same server..John Rudd has some scripts that used to work
to fool CGP into making sendmail style queue files and MS to make CGP
style queue files. But these don't seem to work on modern
combinations...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Steve Freegard
> Sent: 18 January 2007 19:55
> To: MailScanner discussion
> Subject: Re: MS additional header line
>
> Vasiliy,
>
> Vasiliy Boulytchev wrote:
> > Here are the full headers for that message :)
> >
> >
> > Return-Path: <autoreply@mailsvc.com>
> > Received: by mx00.cbici.net (CommuniGate Pro PIPE 5.1.3)
> >  with PIPE id 4537081; Thu, 18 Jan 2007 13:22:52 -0500
> > Received: from smtpout.mx.citinternet.com ([67.128.25.254] verified)
> >  by mx00.cbici.net (CommuniGate Pro SMTP 5.1.3)
> >  with ESMTP id 4537072 for vasiliy@cbici.net; Thu, 18 Jan 2007
13:22:41
> > -0500
> > --------
> >
> > The ESMTP id 4537072
> > is not what MailWatch and MS use for message ids.
>
> I've no idea how the message IDs are generated using the
CommunigatePro
> interface and I believe you're the first person to try MailWatch with
CGP.
>
> Have a look at the message detail page and it will show the Message ID
> there.
>
> Kind regards,
> Steve.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From DrewB at united-systems.com  Fri Jan 19 14:58:56 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Fri Jan 19 14:04:19 2007
Subject: (no subject)
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F07F87@uss2k01.united-systems.local>

I'm not sure if this is a MailScanner problem or a SpamAssassin problem,
but someone here will at least be able to help me narrow it down.  I am
running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix 2.3.6
and I'm running SpamAssassin 3.1.7.  

 

The problem I seem to be having is that a lot of spam is getting
through.  I'm monitoring it with MailWatch and there are a lot of
messages that are obviously spam that are getting fairly low scores
because they simply aren't hitting any rules (or at least not very many
rules).  However, when I run spamassassin -D -p /path/to/my/config
</path/to/archived/mail, it will almost always come back hitting tons of
rules and scoring very high.  Running spamassassin -D -lint shows that I
have a few unresolved dependencies in some of the SARE rules that I've
downloaded, but I would think that if that were causing problems, it
would cause problems with running it on the command line as well.  I've
checked my syslog and there are only two instances of SpamAssassin
timing out and being killed over the past four days.  Beyond that, I'm
not even sure where to look.  Does anyone have any suggestions for what
may be wrong, or at least how to troubleshoot this problem?

 

Drew Burchett

United Systems & Software

Ph:    (270)527-3293

Fax:  (270)527-3132

 


--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070119/f7fc7b11/attachment.html
From DrewB at united-systems.com  Fri Jan 19 15:18:23 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Fri Jan 19 14:22:31 2007
Subject: Spam slipping through
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>

I'm not sure if this is a MailScanner problem or a SpamAssassin problem,
but someone here will at least be able to help me narrow it down.  I am
running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix 2.3.6
and I'm running SpamAssassin 3.1.7.  

 

The problem I seem to be having is that a lot of spam is getting
through.  I'm monitoring it with MailWatch and there are a lot of
messages that are obviously spam that are getting fairly low scores
because they simply aren't hitting any rules (or at least not very many
rules).  However, when I run spamassassin -D -p /path/to/my/config
</path/to/archived/mail, it will almost always come back hitting tons of
rules and scoring very high.  Running spamassassin -D -lint shows that I
have a few unresolved dependencies in some of the SARE rules that I've
downloaded, but I would think that if that were causing problems, it
would cause problems with running it on the command line as well.  I've
checked my syslog and there are only two instances of SpamAssassin
timing out and being killed over the past four days.  Beyond that, I'm
not even sure where to look.  Does anyone have any suggestions for what
may be wrong, or at least how to troubleshoot this problem?

 

 

 

Drew Burchett

United Systems & Software

Ph:    (270)527-3293

Fax:  (270)527-3132

 


--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070119/e63ef323/attachment.html
From raymond at prolocation.net  Fri Jan 19 15:24:22 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Fri Jan 19 14:26:44 2007
Subject: Spam slipping through
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
References: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
Message-ID: <Pine.LNX.4.64.0701191523480.15122@control.prolocation.net>

Hi!

> I'm not sure if this is a MailScanner problem or a SpamAssassin problem,
> but someone here will at least be able to help me narrow it down.  I am
> running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix 2.3.6
> and I'm running SpamAssassin 3.1.7.

So you need more rules. Or make own rules. Spammers are getting smarter, 
so also you need to do more ;)

Bye,
Raymond.
From DrewB at united-systems.com  Fri Jan 19 15:29:14 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Fri Jan 19 14:34:53 2007
Subject: Spam slipping through
In-Reply-To: <Pine.LNX.4.64.0701191523480.15122@control.prolocation.net>
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F07F93@uss2k01.united-systems.local>

>So you need more rules.

Thank you, but that doesn't seem to be the problem.  When I run the same
mail through spamassassin on the command line, it hits more rules than
when it's running through MailScanner.  Both are using the same config.

Drew Burchett
United Systems & Software
Ph:    (270)527-3293
Fax:  (270)527-3132

 

--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

From dhawal at netmagicsolutions.com  Fri Jan 19 15:32:12 2007
From: dhawal at netmagicsolutions.com (Dhawal Doshy)
Date: Fri Jan 19 14:34:55 2007
Subject: Spam slipping through
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
References: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
Message-ID: <45B0D66C.9020900@netmagicsolutions.com>

Drew Burchett wrote:
> I?m not sure if this is a MailScanner problem or a SpamAssassin problem, 
> but someone here will at least be able to help me narrow it down.  I am 
> running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix 2.3.6 
> and I?m running SpamAssassin 3.1.7. 
> 
> The problem I seem to be having is that a lot of spam is getting 
> through.  I?m monitoring it with MailWatch and there are a lot of 
> messages that are obviously spam that are getting fairly low scores 
> because they simply aren?t hitting any rules (or at least not very many 
> rules).  However, when I run spamassassin ?D ?p /path/to/my/config 
> </path/to/archived/mail, it will almost always come back hitting tons of 
> rules and scoring very high.  Running spamassassin ?D ?lint shows that I 
> have a few unresolved dependencies in some of the SARE rules that I?ve 
> downloaded, but I would think that if that were causing problems, it 
> would cause problems with running it on the command line as well.  I?ve 
> checked my syslog and there are only two instances of SpamAssassin 
> timing out and being killed over the past four days.  Beyond that, I?m 
> not even sure where to look.  Does anyone have any suggestions for what 
> may be wrong, or at least how to troubleshoot this problem?

Run lint as the the MailScanner "Run As User" (postfix in your case):
su - postfix -s /bin/bash -c 'spamassassin -D -x --lint'

And compare it with the --lint you run regularly as.. some missing stuff 
if any might become obvious.

- dhawal
From Richard.Frovarp at sendit.nodak.edu  Fri Jan 19 15:47:05 2007
From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Fri Jan 19 14:49:31 2007
Subject: Spam slipping through
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
References: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
Message-ID: <45B0D9E9.1020403@sendit.nodak.edu>

Drew Burchett wrote:
>
> I?m not sure if this is a MailScanner problem or a SpamAssassin 
> problem, but someone here will at least be able to help me narrow it 
> down. I am running MailScanner 4.57.6 on Suse Linux 10.1. My MTA is 
> Postfix 2.3.6 and I?m running SpamAssassin 3.1.7.
>
> The problem I seem to be having is that a lot of spam is getting 
> through. I?m monitoring it with MailWatch and there are a lot of 
> messages that are obviously spam that are getting fairly low scores 
> because they simply aren?t hitting any rules (or at least not very 
> many rules). However, when I run spamassassin ?D ?p /path/to/my/config 
> </path/to/archived/mail, it will almost always come back hitting tons 
> of rules and scoring very high. Running spamassassin ?D ?lint shows 
> that I have a few unresolved dependencies in some of the SARE rules 
> that I?ve downloaded, but I would think that if that were causing 
> problems, it would cause problems with running it on the command line 
> as well. I?ve checked my syslog and there are only two instances of 
> SpamAssassin timing out and being killed over the past four days. 
> Beyond that, I?m not even sure where to look. Does anyone have any 
> suggestions for what may be wrong, or at least how to troubleshoot 
> this problem?
>
> Drew Burchett
>
> United Systems & Software
>
> Ph: (270)527-3293
>
> Fax: (270)527-3132
>
Is this -p /path/to/my/config being read by MailScanner? And of course 
any URIBL, DNSBL, or checksum (DCC, Razor, Pyzor) hits can be a matter 
of timing.
From martinh at solidstatelogic.com  Fri Jan 19 15:52:18 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri Jan 19 14:54:53 2007
Subject: Spam slipping through
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
Message-ID: <e1a3bf9d7a59ad45a93c3618911e7a15@solidstatelogic.com>

Drew

Besides make sure the configs etc are the same, we ran into a problem on
a RH machine yesterday where the perl modules etc weren't readable by
the postfix user..

All your 'configs' should be in the /etc/mail/spamassassin (or
whereevery the init.pre/local.cf etc are) which keeps things nice and
simple.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Drew Burchett
> Sent: 19 January 2007 14:18
> To: mailscanner@lists.mailscanner.info
> Subject: Spam slipping through
>
> I'm not sure if this is a MailScanner problem or a SpamAssassin
problem,
> but someone here will at least be able to help me narrow it down.  I
am
> running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix
2.3.6
> and I'm running SpamAssassin 3.1.7.
>
>
>
> The problem I seem to be having is that a lot of spam is getting
through.
> I'm monitoring it with MailWatch and there are a lot of messages that
are
> obviously spam that are getting fairly low scores because they simply
> aren't hitting any rules (or at least not very many rules).  However,
when
> I run spamassassin -D -p /path/to/my/config </path/to/archived/mail,
it
> will almost always come back hitting tons of rules and scoring very
high.
> Running spamassassin -D -lint shows that I have a few unresolved
> dependencies in some of the SARE rules that I've downloaded, but I
would
> think that if that were causing problems, it would cause problems with
> running it on the command line as well.  I've checked my syslog and
there
> are only two instances of SpamAssassin timing out and being killed
over
> the past four days.  Beyond that, I'm not even sure where to look.
Does
> anyone have any suggestions for what may be wrong, or at least how to
> troubleshoot this problem?
>
>
>
>
>
>
>
> Drew Burchett
>
> United Systems & Software
>
> Ph:    (270)527-3293
>
> Fax:  (270)527-3132
>
>
>
>
> --
>
> CONFIDENTIALITY NOTICE: This e-mail message, including any
attachments, is
> for the sole use of the intended recipient(s) and may contain
confidential
> and privileged information. Any unauthorized review, use, disclosure
or
> distribution is prohibited. If you are not the intended recipient,
please
> contact the sender by reply e-mail and destroy all copies of the
original
> message.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner <http://www.mailscanner.info/> , and
is
> believed to be clean.




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From lnhaig at gmail.com  Fri Jan 19 16:48:30 2007
From: lnhaig at gmail.com (Lance Haig)
Date: Fri Jan 19 15:51:00 2007
Subject: Problems with sendmail
Message-ID: <45B0E84E.90306@gmail.com>

Hi Guys,

I had to do a DR build of an ms server.

The new server is built with the following

Latest packages from MS site and addons

built on SUSE 10.1

When I run mailscanner  --lint I get no errors

The problem I have is that I cannot connect to the server on port 25.

I have checked firewalls and I can ssh onto it from outside the network.

I am sure I have missed something.

I have created the access files for the relay domains

Can anyone give me a heads up/

Thanks

Lance
From raymond at prolocation.net  Fri Jan 19 16:54:49 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Fri Jan 19 15:57:12 2007
Subject: Spam slipping through
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F07F93@uss2k01.united-systems.local>
References: <1E75E79B854C814784D0E8C5BA55AF76F07F93@uss2k01.united-systems.local>
Message-ID: <Pine.LNX.4.64.0701191654160.4982@control.prolocation.net>

Hi!

> Thank you, but that doesn't seem to be the problem.  When I run the same 
> mail through spamassassin on the command line, it hits more rules than 
> when it's running through MailScanner.  Both are using the same config.

And thats not due to the fact its added LATER on URIBL for examle? So you 
hit more rules when you recheck in time?

Bye,
Raymond.
From Dstraka at caspercollege.edu  Fri Jan 19 16:59:39 2007
From: Dstraka at caspercollege.edu (Daniel Straka)
Date: Fri Jan 19 16:02:24 2007
Subject: Problems with sendmail
In-Reply-To: <45B0E84E.90306@gmail.com>
References: <45B0E84E.90306@gmail.com>
Message-ID: <45B0887B.61A0.0000.0@caspercollege.edu>

Have you?

Edit /etc/sysconfig/mail
to allow remote mail communication
SMTPD_LISTEN_REMOTE="no"
TO
SMTPD_LISTEN_REMOTE="yes"
reboot


Dan Straka
Systems Coordinator
Casper College
307.268.2399


>>> Lance Haig <lnhaig@gmail.com> 1/19/2007 8:48 AM >>>
Hi Guys,

I had to do a DR build of an ms server.

The new server is built with the following

Latest packages from MS site and addons

built on SUSE 10.1

When I run mailscanner  --lint I get no errors

The problem I have is that I cannot connect to the server on port 25.

I have checked firewalls and I can ssh onto it from outside the
network.

I am sure I have missed something.

I have created the access files for the relay domains

Can anyone give me a heads up/

Thanks

Lance
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses 
and dangerous content by MailScanner at 
caspercollege.edu and is believed to be clean.


-- 
This message has been scanned for viruses
and dangerous content by MailScanner at
caspercollege.edu and is believed to be clean.

-------------- next part --------------
BEGIN:VCARD
VERSION:2.1
FN:Straka, Daniel
TEL:307.268.2399
EMAIL:Dstraka@caspercollege.edu
ORG:Casper College
TITLE:Systems Coordinator
URL:http://wind.caspercollege.edu/~dstraka/
END:VCARD

From lnhaig at gmail.com  Fri Jan 19 17:03:34 2007
From: lnhaig at gmail.com (Lance Haig)
Date: Fri Jan 19 16:06:05 2007
Subject: Problems with sendmail
In-Reply-To: <45B0887B.61A0.0000.0@caspercollege.edu>
References: <45B0E84E.90306@gmail.com> <45B0887B.61A0.0000.0@caspercollege.edu>
Message-ID: <45B0EBD6.8040503@gmail.com>

Daniel,

You are the man......

Something simple to fix a big problem

Ta mate

Lance

Daniel Straka wrote:
> Have you?
>
> Edit /etc/sysconfig/mail
> to allow remote mail communication
> SMTPD_LISTEN_REMOTE="no"
> TO
> SMTPD_LISTEN_REMOTE="yes"
> reboot
>
>
> Dan Straka
> Systems Coordinator
> Casper College
> 307.268.2399
>
>
>   
>>>> Lance Haig <lnhaig@gmail.com> 1/19/2007 8:48 AM >>>
>>>>         
> Hi Guys,
>
> I had to do a DR build of an ms server.
>
> The new server is built with the following
>
> Latest packages from MS site and addons
>
> built on SUSE 10.1
>
> When I run mailscanner  --lint I get no errors
>
> The problem I have is that I cannot connect to the server on port 25.
>
> I have checked firewalls and I can ssh onto it from outside the
> network.
>
> I am sure I have missed something.
>
> I have created the access files for the relay domains
>
> Can anyone give me a heads up/
>
> Thanks
>
> Lance
>   
> ------------------------------------------------------------------------
>
> BEGIN:VCARD
> VERSION:2.1
> FN:Straka, Daniel
> TEL:307.268.2399
> EMAIL:Dstraka@caspercollege.edu
> ORG:Casper College
> TITLE:Systems Coordinator
> URL:http://wind.caspercollege.edu/~dstraka/
> END:VCARD
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070119/0e0e6321/attachment.html
From DrewB at united-systems.com  Fri Jan 19 17:05:55 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Fri Jan 19 16:11:13 2007
Subject: Spam slipping through
In-Reply-To: <45B0D66C.9020900@netmagicsolutions.com>
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F07FBB@uss2k01.united-systems.local>


>Run lint as the the MailScanner "Run As User" (postfix in your case):
>su - postfix -s /bin/bash -c 'spamassassin -D -x --lint'

>And compare it with the --lint you run regularly as.. some missing
stuff 
>if any might become obvious.

Wow, I feel like an idiot now.  I should have thought about spamassassin
running as a different user than how I was logged on to the box.  There
were a couple of errors when I ran lint as postfix.  I got those fixed
and it seems to be scoring quite a bit differently now.

Thank you all for your help.

- dhawal
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

From prandal at herefordshire.gov.uk  Fri Jan 19 17:22:46 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Fri Jan 19 16:25:48 2007
Subject: Spam slipping through
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B581237B856@isabella.herefordshire.gov.uk>

You're possibly not picking up the sa-updated rules when running
SpamAssassin from within MailScanner.  Running spamassassin from the
command line will use them.

At some point SpamAssassin was fixed so that the local state dir
included /spamassassin, e.g. /var/lib/spamassassin, and not /var/lib.

See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4952#c11 .

Try amending your MailScanner.conf to read like my config below (which
has been tested and verified to use the updated rules):

# The rules created by the "sa-update" tool are searched for here.
# This directory contains the 3.001007/updates_spamassassin_org
# directory structure beneath it.
# Only un-comment this setting once you have proved that the sa-update
# cron job has run successfully and has created a directory structure
under
# the spamassassin directory within this one and has put some *.cf files
in
# there. Otherwise it will ignore all your current rules!
# The default location may be /var/opt on Solaris systems.

SpamAssassin Local State Dir = /var/lib/spamassassin

Jules, can you fix the default MailScanner.conf to match reality,
please?

I've posted on the list about this on November 22nd and 23rd last year -
I spent a productive hour one evening testing various "SpamAssassin
Local State Dir" settings on a production server

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Raymond Dijkxhoorn
> Sent: 19 January 2007 15:55
> To: MailScanner discussion
> Subject: RE: Spam slipping through
> 
> Hi!
> 
> > Thank you, but that doesn't seem to be the problem.  When I 
> run the same 
> > mail through spamassassin on the command line, it hits more 
> rules than 
> > when it's running through MailScanner.  Both are using the 
> same config.
> 
> And thats not due to the fact its added LATER on URIBL for 
> examle? So you 
> hit more rules when you recheck in time?
> 
> Bye,
> Raymond.
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
From mrm at medicine.wisc.edu  Fri Jan 19 17:43:26 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Fri Jan 19 16:46:25 2007
Subject: Spam slipping through
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581237B856@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B581237B856@isabella.herefordshire.gov.uk>
Message-ID: <45B0A147.7FBE.00FC.3@medicine.wisc.edu>

>>> On 1/19/2007 at 10:22 AM, in message
<86144ED6CE5B004DA23E1EAC0B569B581237B856@isabella.herefordshire.gov.uk>,
"Randal, Phil" <prandal@herefordshire.gov.uk> wrote:
> You're possibly not picking up the sa-updated rules when running
> SpamAssassin from within MailScanner.  Running spamassassin from the
> command line will use them.
> 
> At some point SpamAssassin was fixed so that the local state dir
> included /spamassassin, e.g. /var/lib/spamassassin, and not
/var/lib.
> 
> See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4952#c11 .
> 
> Try amending your MailScanner.conf to read like my config below
(which
> has been tested and verified to use the updated rules):
> 
> # The rules created by the "sa-update" tool are searched for here.
> # This directory contains the 3.001007/updates_spamassassin_org
> # directory structure beneath it.
> # Only un-comment this setting once you have proved that the
sa-update
> # cron job has run successfully and has created a directory
structure
> under
> # the spamassassin directory within this one and has put some *.cf
files
> in
> # there. Otherwise it will ignore all your current rules!
> # The default location may be /var/opt on Solaris systems.
> 
> SpamAssassin Local State Dir = /var/lib/spamassassin
> 
> Jules, can you fix the default MailScanner.conf to match reality,
> please?
> 

Using Jules latest easy install package, my SpamAssassin local state
dir is still in /var/lib/

Mike

From prandal at herefordshire.gov.uk  Fri Jan 19 17:57:09 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Fri Jan 19 16:59:44 2007
Subject: Spam slipping through
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B581237B87C@isabella.herefordshire.gov.uk>

> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Michael Masse
> Sent: 19 January 2007 16:43
> To: MailScanner discussion
> Subject: RE: Spam slipping through
> 
> >>> On 1/19/2007 at 10:22 AM, in message
> <86144ED6CE5B004DA23E1EAC0B569B581237B856@isabella.herefordshi
> re.gov.uk>,
> "Randal, Phil" <prandal@herefordshire.gov.uk> wrote:
> > You're possibly not picking up the sa-updated rules when running
> > SpamAssassin from within MailScanner.  Running spamassassin from the
> > command line will use them.
> > 
> > At some point SpamAssassin was fixed so that the local state dir
> > included /spamassassin, e.g. /var/lib/spamassassin, and not
> /var/lib.
> > 
> > See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4952#c11 .
> > 
> > Try amending your MailScanner.conf to read like my config below
> (which
> > has been tested and verified to use the updated rules):
> > 
> > # The rules created by the "sa-update" tool are searched for here.
> > # This directory contains the 3.001007/updates_spamassassin_org
> > # directory structure beneath it.
> > # Only un-comment this setting once you have proved that the
> sa-update
> > # cron job has run successfully and has created a directory
> structure
> > under
> > # the spamassassin directory within this one and has put some *.cf
> files
> > in
> > # there. Otherwise it will ignore all your current rules!
> > # The default location may be /var/opt on Solaris systems.
> > 
> > SpamAssassin Local State Dir = /var/lib/spamassassin
> > 
> > Jules, can you fix the default MailScanner.conf to match reality,
> > please?
> > 
> 
> Using Jules latest easy install package, my SpamAssassin local state
> dir is still in /var/lib/
> 
> Mike

Mike,

What do you mean by that?  I'm confused.  Are you agreeing or
disagreeing with what I wrote?

Is that what it says in your MailScanner.conf?  Or you have some other
way of divining what the local state dir is?

My comments are based on standard installs of MailScanner and Jules'
Install-Clam-SA-3.1.7.

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From shuttlebox at gmail.com  Fri Jan 19 18:21:37 2007
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri Jan 19 17:24:05 2007
Subject: MailScanner vs Borderware
Message-ID: <625385e30701190921l7b601667rac0450181d30ede@mail.gmail.com>

A colleague of mine who's responsible for quite a large MS
installation processing mail for a number of our largest clients is
considering switching to Borderware instead. I have built his
installation and take care of all the more complex work but he's fed
up with tinkering with rulesets (typically white/blacklists) for end
users.

I know that many of you will recommend him to use MailWatch for
simplicity but he wants to move configuration to the end users
themselves and apparently BW offers that.

1. Does anyone here know pros and cons of BW appliances besides what
you can find out by visiting their web site? I have read their
material from there.
2. Is there (web) frontends aimed at the end users available for MS?
Is DefenderMX the answer?

I want more MS, not less so I want to provide what he thinks MS lacks
in comparison to the commercial alternatives (who tend to focus on
nice GUI:s).

-- 
/peter
From martinh at solidstatelogic.com  Fri Jan 19 18:29:51 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri Jan 19 17:32:25 2007
Subject: MailScanner vs Borderware
In-Reply-To: <625385e30701190921l7b601667rac0450181d30ede@mail.gmail.com>
Message-ID: <6e2898e58370c94082322ccad1330a38@solidstatelogic.com>



I'd suggest DefenderMX if you want a commercial product, the Borderware
product is getting really bad chat on the lists over the last few
months. The spam detection rate has apparently gone down really badly
over the last year or so..

MW will do black/white on a per user basis, but obviously you hve to
split the email to individual recipients first.....

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of shuttlebox
> Sent: 19 January 2007 17:22
> To: MailScanner discussion
> Subject: MailScanner vs Borderware
>
> A colleague of mine who's responsible for quite a large MS
> installation processing mail for a number of our largest clients is
> considering switching to Borderware instead. I have built his
> installation and take care of all the more complex work but he's fed
> up with tinkering with rulesets (typically white/blacklists) for end
> users.
>
> I know that many of you will recommend him to use MailWatch for
> simplicity but he wants to move configuration to the end users
> themselves and apparently BW offers that.
>
> 1. Does anyone here know pros and cons of BW appliances besides what
> you can find out by visiting their web site? I have read their
> material from there.
> 2. Is there (web) frontends aimed at the end users available for MS?
> Is DefenderMX the answer?
>
> I want more MS, not less so I want to provide what he thinks MS lacks
> in comparison to the commercial alternatives (who tend to focus on
> nice GUI:s).
>
> --
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From mrm at medicine.wisc.edu  Fri Jan 19 18:35:03 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Fri Jan 19 17:37:51 2007
Subject: Spam slipping through
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581237B87C@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B581237B87C@isabella.herefordshire.gov.uk>
Message-ID: <45B0AD5F.7FBE.00FC.3@medicine.wisc.edu>

>> "Randal, Phil" <prandal@herefordshire.gov.uk> wrote:
>> > You're possibly not picking up the sa-updated rules when running
>> > SpamAssassin from within MailScanner.  Running spamassassin from
the
>> > command line will use them.
>> > 
>> > At some point SpamAssassin was fixed so that the local state dir
>> > included /spamassassin, e.g. /var/lib/spamassassin, and not
>> /var/lib.
>> > 
>> > See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4952#c11
.
>> > 
>> > Try amending your MailScanner.conf to read like my config below
>> (which
>> > has been tested and verified to use the updated rules):
>> > 
>> > # The rules created by the "sa-update" tool are searched for
here.
>> > # This directory contains the 3.001007/updates_spamassassin_org
>> > # directory structure beneath it.
>> > # Only un-comment this setting once you have proved that the
>> sa-update
>> > # cron job has run successfully and has created a directory
>> structure
>> > under
>> > # the spamassassin directory within this one and has put some
*.cf
>> files
>> > in
>> > # there. Otherwise it will ignore all your current rules!
>> > # The default location may be /var/opt on Solaris systems.
>> > 
>> > SpamAssassin Local State Dir = /var/lib/spamassassin
>> > 
>> > Jules, can you fix the default MailScanner.conf to match reality,
>> > please?
>> > 
>> 
>> Using Jules latest easy install package, my SpamAssassin local
state
>> dir is still in /var/lib/
>> 
>> Mike
> 
> Mike,
> 
> What do you mean by that?  I'm confused.  Are you agreeing or
> disagreeing with what I wrote?
> 
> Is that what it says in your MailScanner.conf?  Or you have some
other
> way of divining what the local state dir is?
> 
> My comments are based on standard installs of MailScanner and Jules'
> Install-Clam-SA-3.1.7.
> 
> Cheers,
> 
> Phil
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK


Sorry, I think this is a relative directory issue.     In the snippet
of the MailScanner.conf you posted, you have the following line:
# This directory contains the 3.001007/updates_spamassassin_org
and so you would have to specify /var/lib/spamassassin.

In my MailScanner.conf that same line shows:
# This directory contains the
spamassassin/3.001001/updates_spamassassin_org
so it appears as though my MailScanner automatically tacks on the
spamassassin folder, and therefore I only need to specify  /var/lib.    
After looking at this more, I'm concerned that it's showing 3.001001
instead of 3.001007.   My actual spamassassin sa-update folder is:
/var/lib/spamassassin/3.001.007.    Is there a way to check that MS is
absolutely using the sa-updated files?

Mike

From chandler at chapman.edu  Fri Jan 19 18:38:11 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Fri Jan 19 17:40:42 2007
Subject: Not tagging messages?
Message-ID: <45B10203.7090209@chapman.edu>

Greetings.

Updated MailScanner yesterday to the latest version contained within the 
FreeBSD ports tree.

The following are the headers of a message I just received:

Return-Path: <carroll@chronoexpres.com>
X-Original-To: proxy@chapman.edu
Delivered-To: proxy@chapman.edu
Received: from chronoexpres.com (cpc1-lutn2-0-0-cust332.lutn.cable.ntl.com [81.107.125.77])
	by bangor.chapman.edu (Postfix) with SMTP id B6CC011BD7
	for <proxy@chapman.edu>; Fri, 19 Jan 2007 09:27:54 -0800 (PST)
Message-ID: <001a01c73bef$2f37b130$001a2bdc@home>
From: Karina <Carroll@chronoexpres.com>
To: proxy@chapman.edu
Subject: C1ALI$ for your need-*-*-*
Date: Fri, 19 Jan 2007 17:28:07 +0000
MIME-Version: 1.0
Content-Type: multipart/related;
        boundary="----=_NextPart_000_0017_01C73BEF.2F37B130"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Chapman-MailScanner-Information: Please contact the ISP for more information
X-Chapman-MailScanner: Found to be clean
X-Chapman-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
	score=30.323, required 6, HTML_IMAGE_ONLY_16 0.63, HTML_MESSAGE 0.00,
	HTML_SHORT_LINK_IMG_2 0.95, MIME_HTML_MOSTLY 0.70,
	MPART_ALT_DIFF 0.14, RAZOR2_CF_RANGE_51_100 0.50,
	RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
	RAZOR2_CHECK 0.50, RCVD_IN_SORBS_DUL 1.99, SARE_GIF_ATTACH 0.75,
	SARE_GIF_STOX 1.66, URIBL_AB_SURBL 3.31, URIBL_BLACK 4.00,
	URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL 1.09,
	URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
X-Chapman-MailScanner-SpamScore: ssssssssssssssssssssssssssssss
X-Chapman-MailScanner-From: carroll@chronoexpres.com
X-Spam-Status: Yes


Obviously, this message is spam, so why wasn't the subject modified (we 
don't delete high-scoring spam here-- don't get me started on that 
one)?  This has been working correctly until yesterday.

Relevant fields in MailScanner.conf:

Spam Modify Subject = yes
Spam Subject Text = *****SPAM*****
High Scoring Spam Modify Subject = yes
High Scoring Spam Subject Text = *****SPAM*****

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: PEBKAC (Problem Exists Between Keyboard And Chair) 

From dave.list at pixelhammer.com  Fri Jan 19 18:38:52 2007
From: dave.list at pixelhammer.com (DAve)
Date: Fri Jan 19 17:41:29 2007
Subject: MailScanner vs Borderware
In-Reply-To: <625385e30701190921l7b601667rac0450181d30ede@mail.gmail.com>
References: <625385e30701190921l7b601667rac0450181d30ede@mail.gmail.com>
Message-ID: <45B1022C.3000203@pixelhammer.com>

shuttlebox wrote:
> A colleague of mine who's responsible for quite a large MS
> installation processing mail for a number of our largest clients is
> considering switching to Borderware instead. I have built his
> installation and take care of all the more complex work but he's fed
> up with tinkering with rulesets (typically white/blacklists) for end
> users.
> 
> I know that many of you will recommend him to use MailWatch for
> simplicity but he wants to move configuration to the end users
> themselves and apparently BW offers that.
> 
> 1. Does anyone here know pros and cons of BW appliances besides what
> you can find out by visiting their web site? I have read their
> material from there.
> 2. Is there (web) frontends aimed at the end users available for MS?
> Is DefenderMX the answer?
> 
> I want more MS, not less so I want to provide what he thinks MS lacks
> in comparison to the commercial alternatives (who tend to focus on
> nice GUI:s).
> 

We have just about rewritten MailWatch to suit our specific needs. The 
version we push up to our clients next month is pretty much a total 
rewrite other than the MS Custom Functions and XML-RPC that MailWatch 
ships with.

If you or someone you know has a respectable amount of PHP skill, 
MailWatch can be customized quite a bit. It is certainly worth looking 
into. If not, I understand Defender is quite nice.

DAve


-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
From dave.list at pixelhammer.com  Fri Jan 19 18:40:38 2007
From: dave.list at pixelhammer.com (DAve)
Date: Fri Jan 19 17:43:15 2007
Subject: MailScanner vs Borderware
In-Reply-To: <6e2898e58370c94082322ccad1330a38@solidstatelogic.com>
References: <6e2898e58370c94082322ccad1330a38@solidstatelogic.com>
Message-ID: <45B10296.2000506@pixelhammer.com>

Martin.Hepworth wrote:
> 
> I'd suggest DefenderMX if you want a commercial product, the Borderware
> product is getting really bad chat on the lists over the last few
> months. The spam detection rate has apparently gone down really badly
> over the last year or so..
> 
> MW will do black/white on a per user basis, but obviously you hve to
> split the email to individual recipients first.....
> 

Agreed, splitting the recipients out was key to getting fine grained 
control for us.

DAve

> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of shuttlebox
>> Sent: 19 January 2007 17:22
>> To: MailScanner discussion
>> Subject: MailScanner vs Borderware
>>
>> A colleague of mine who's responsible for quite a large MS
>> installation processing mail for a number of our largest clients is
>> considering switching to Borderware instead. I have built his
>> installation and take care of all the more complex work but he's fed
>> up with tinkering with rulesets (typically white/blacklists) for end
>> users.
>>
>> I know that many of you will recommend him to use MailWatch for
>> simplicity but he wants to move configuration to the end users
>> themselves and apparently BW offers that.
>>
>> 1. Does anyone here know pros and cons of BW appliances besides what
>> you can find out by visiting their web site? I have read their
>> material from there.
>> 2. Is there (web) frontends aimed at the end users available for MS?
>> Is DefenderMX the answer?
>>
>> I want more MS, not less so I want to provide what he thinks MS lacks
>> in comparison to the commercial alternatives (who tend to focus on
>> nice GUI:s).
>>
>> --
>> /peter


-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
From martinh at solidstatelogic.com  Fri Jan 19 18:45:56 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri Jan 19 17:48:34 2007
Subject: Not tagging messages?
In-Reply-To: <45B10203.7090209@chapman.edu>
Message-ID: <1729564c2f9ecc4ca354d81d35c17ea0@solidstatelogic.com>

Jay

X-Spam-Status: Yes

That header shouldn't be there.....looks like something else is calling
spamassassin too...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Jay Chandler
> Sent: 19 January 2007 17:38
> To: MailScanner discussion
> Subject: Not tagging messages?
>
> Greetings.
>
> Updated MailScanner yesterday to the latest version contained within
the
> FreeBSD ports tree.
>
> The following are the headers of a message I just received:
>
> Return-Path: <carroll@chronoexpres.com>
> X-Original-To: proxy@chapman.edu
> Delivered-To: proxy@chapman.edu
> Received: from chronoexpres.com
(cpc1-lutn2-0-0-cust332.lutn.cable.ntl.com
> [81.107.125.77])
> 	by bangor.chapman.edu (Postfix) with SMTP id B6CC011BD7
> 	for <proxy@chapman.edu>; Fri, 19 Jan 2007 09:27:54 -0800 (PST)
> Message-ID: <001a01c73bef$2f37b130$001a2bdc@home>
> From: Karina <Carroll@chronoexpres.com>
> To: proxy@chapman.edu
> Subject: C1ALI$ for your need-*-*-*
> Date: Fri, 19 Jan 2007 17:28:07 +0000
> MIME-Version: 1.0
> Content-Type: multipart/related;
>         boundary="----=_NextPart_000_0017_01C73BEF.2F37B130"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.2180
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> X-Chapman-MailScanner-Information: Please contact the ISP for more
> information
> X-Chapman-MailScanner: Found to be clean
> X-Chapman-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> 	score=30.323, required 6, HTML_IMAGE_ONLY_16 0.63, HTML_MESSAGE
> 0.00,
> 	HTML_SHORT_LINK_IMG_2 0.95, MIME_HTML_MOSTLY 0.70,
> 	MPART_ALT_DIFF 0.14, RAZOR2_CF_RANGE_51_100 0.50,
> 	RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50,
> 	RAZOR2_CHECK 0.50, RCVD_IN_SORBS_DUL 1.99, SARE_GIF_ATTACH 0.75,
> 	SARE_GIF_STOX 1.66, URIBL_AB_SURBL 3.31, URIBL_BLACK 4.00,
> 	URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL 1.09,
> 	URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
> X-Chapman-MailScanner-SpamScore: ssssssssssssssssssssssssssssss
> X-Chapman-MailScanner-From: carroll@chronoexpres.com
> X-Spam-Status: Yes
>
>
> Obviously, this message is spam, so why wasn't the subject modified
(we
> don't delete high-scoring spam here-- don't get me started on that
> one)?  This has been working correctly until yesterday.
>
> Relevant fields in MailScanner.conf:
>
> Spam Modify Subject = yes
> Spam Subject Text = *****SPAM*****
> High Scoring Spam Modify Subject = yes
> High Scoring Spam Subject Text = *****SPAM*****
>
> --
> Jay Chandler
> Network Administrator, Chapman University
> 714.628.7249 / chandler@chapman.edu
> Today's Excuse: PEBKAC (Problem Exists Between Keyboard And Chair)
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From chandler at chapman.edu  Fri Jan 19 18:55:35 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Fri Jan 19 17:58:03 2007
Subject: Not tagging messages?
In-Reply-To: <1729564c2f9ecc4ca354d81d35c17ea0@solidstatelogic.com>
References: <1729564c2f9ecc4ca354d81d35c17ea0@solidstatelogic.com>
Message-ID: <45B10617.2000603@chapman.edu>

Martin.Hepworth wrote:
> Jay
>
> X-Spam-Status: Yes
>
> That header shouldn't be there.....looks like something else is calling
> spamassassin too...
Mailscanner is doing it.

 From MailScanner.conf:

# The default value I have set here enables Thunderbird 1.5 to automatically
# handle spam when set to trust the "SpamAssassin" headers.
#
# This can also be the filename of a ruleset, in which case the filename
# must end in ".rule" or ".rules".
#Spam Actions = store forward anonymous@ecs.soton.ac.uk
Spam Actions = deliver header "X-Spam-Status: Yes"

Not sure if that was a custom mod, or the way Julian set it originally...

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: PEBKAC (Problem Exists Between Keyboard And Chair) 

From taz at taz-mania.com  Fri Jan 19 18:58:47 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Fri Jan 19 18:01:13 2007
Subject: Problems with sendmail
In-Reply-To: <45B0E84E.90306@gmail.com>
Message-ID: <web-8995830@namesystems.net>

You did change the default config for sendmail to all access via the 
network didn't you? The default is to only allow access from 127.0.0.1

You have change that in the sendmail.mc file.


On Fri, 19 Jan 2007 15:48:30 +0000
  Lance Haig <lnhaig@gmail.com> wrote:
>Hi Guys,
>
>I had to do a DR build of an ms server.
>
>The new server is built with the following
>
>Latest packages from MS site and addons
>
>built on SUSE 10.1
>
>When I run mailscanner  --lint I get no errors
>
>The problem I have is that I cannot connect to the server on port 25.
>
>I have checked firewalls and I can ssh onto it from outside the 
>network.
>
>I am sure I have missed something.
>
>I have created the access files for the relay domains
>
>Can anyone give me a heads up/
>
>Thanks
>
>Lance
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, 
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From chandler at chapman.edu  Fri Jan 19 19:04:14 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Fri Jan 19 18:06:42 2007
Subject: Not tagging messages?
In-Reply-To: <45B10203.7090209@chapman.edu>
References: <45B10203.7090209@chapman.edu>
Message-ID: <45B1081E.2000201@chapman.edu>

Late-breaking followup:

Apparently it's not just one server, it's both of our primary MX boxes-- 
so something changed.

Log entry for the previous spam:

bangor# cat /var/log/maillog |grep B6CC011BD7
Jan 19 09:27:54 bangor postfix/smtpd[74051]: B6CC011BD7: 
client=cpc1-lutn2-0-0-cust332.lutn.cable.ntl.com[81.107.125.77]
Jan 19 09:27:56 bangor postfix/cleanup[70981]: B6CC011BD7: hold: header 
Received: from chronoexpres.com 
(cpc1-lutn2-0-0-cust332.lutn.cable.ntl.com [81.107.125.77])??by 
bangor.chapman.edu (Postfix) with SMTP id B6CC011BD7??for 
<proxy@chapman.edu>; Fri, 19 Jan 2007 09:27:54 from 
cpc1-lutn2-0-0-cust332.lutn.cable.ntl.com[81.107.125.77]; 
from=<Carroll@chronoexpres.com> to=<proxy@chapman.edu> proto=SMTP 
helo=<chronoexpres.com>
Jan 19 09:27:56 bangor postfix/cleanup[70981]: B6CC011BD7: 
message-id=<001a01c73bef$2f37b130$001a2bdc@home>
Jan 19 09:28:03 bangor MailScanner[20377]: Message B6CC011BD7.8F1E5 from 
81.107.125.77 (carroll@chronoexpres.com) to chapman.edu is spam, 
SpamAssassin (not cached, score=30.323, required 6, HTML_IMAGE_ONLY_16 
0.63, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_2 0.95, MIME_HTML_MOSTLY 
0.70, MPART_ALT_DIFF 0.14, RAZOR2_CF_RANGE_51_100 0.50, 
RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, 
RAZOR2_CHECK 0.50, RCVD_IN_SORBS_DUL 1.99, SARE_GIF_ATTACH 0.75, 
SARE_GIF_STOX 1.66, URIBL_AB_SURBL 3.31, URIBL_BLACK 4.00, 
URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL 1.09, URIBL_SC_SURBL 
3.60, URIBL_WS_SURBL 1.53)
Jan 19 09:28:03 bangor MailScanner[20377]: Spam Actions: message 
B6CC011BD7.8F1E5 actions are deliver,header
Jan 19 09:28:04 bangor MailScanner[20377]: <A> tag found in message 
B6CC011BD7.8F1E5 from carroll@chronoexpres.com
Jan 19 09:28:04 bangor MailScanner[20377]: HTML Img tag found in message 
B6CC011BD7.8F1E5 from carroll@chronoexpres.com
Jan 19 09:28:04 bangor MailScanner[20377]: Requeue: B6CC011BD7.8F1E5 to 
5D81C11D91

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: That would be because the software doesn't work. 

From taz at taz-mania.com  Fri Jan 19 19:05:53 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Fri Jan 19 18:08:18 2007
Subject: MailScanner vs Borderware
In-Reply-To: <625385e30701190921l7b601667rac0450181d30ede@mail.gmail.com>
Message-ID: <web-8995826@namesystems.net>


MailWatch does already allow individual users to control their white 
and black lists. If you use the latest version Steve has included the 
change I made that allows users to set their own Spam score 
thresholds.

The MailWatch code is organized fairly well and therefore is pretty 
easy to modify.


On Fri, 19 Jan 2007 18:21:37 +0100
  shuttlebox <shuttlebox@gmail.com> wrote:
>A colleague of mine who's responsible for quite a large MS
>installation processing mail for a number of our largest clients is
>considering switching to Borderware instead. I have built his
>installation and take care of all the more complex work but he's fed
>up with tinkering with rulesets (typically white/blacklists) for end
>users.
>
>I know that many of you will recommend him to use MailWatch for
>simplicity but he wants to move configuration to the end users
>themselves and apparently BW offers that.
>
>1. Does anyone here know pros and cons of BW appliances besides what
>you can find out by visiting their web site? I have read their
>material from there.
>2. Is there (web) frontends aimed at the end users available for MS?
>Is DefenderMX the answer?
>
>I want more MS, not less so I want to provide what he thinks MS lacks
>in comparison to the commercial alternatives (who tend to focus on
>nice GUI:s).
>
>-- 
>/peter
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, 
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From ka at pacific.net  Fri Jan 19 19:20:54 2007
From: ka at pacific.net (Ken A)
Date: Fri Jan 19 18:23:24 2007
Subject: [Fwd: NJABL announcement: dynablock & Spamhaus PBL]
Message-ID: <45B10C06.8000408@pacific.net>

fyi.
Ken A
Pacific.Net

> 
> -------- Original Message --------
> Subject: NJABL announcement: dynablock & Spamhaus PBL
> Date: Fri, 19 Jan 2007 11:37:29 -0500 (EST)
> From: help@mail.njabl.org
> To: list@njabl.org
> 
> With the advent of Spamhaus's PBL (http://spamhaus.org/pbl/), 
> dynablock.njabl.org has become obsolete.  Rather than maintain separate similar 
> DNSBL zones, NJABL will be working with Spamhaus on the PBL. Effective 
> immediately, dynablock.njabl.org exists as a copy of the Spamhaus PBL.  After 
> dynablock users have had ample time to update their configurations, the 
> dynablock.njabl.org zone will be emptied.
> 
> Other NJABL zones (i.e. dnsbl, combined, bhnc, and the qw versions) will 
> continue, business as usual, except that combined will eventually lose its 
> dynablock component.
> 
> If you currently use dynablock.njabl.org we recommend you switch immediately to 
> pbl.spamhaus.org.
> 
> If you currently use combined.njabl.org, we recommend you add pbl.spamhaus.org 
> to the list of DNSBLs you use.
> 
> You may also want to consider using zen.spamhaus.org, which is a combination 
> zone consisting of Spamhaus's SBL, XBL, and PBL zones.

From prandal at herefordshire.gov.uk  Fri Jan 19 19:22:19 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Fri Jan 19 18:24:53 2007
Subject: Spam slipping through
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B581237B89E@isabella.herefordshire.gov.uk>

No, my whole point was that the MailScanner.conf documentation is wrong.
It change with 3.1.4 or 3.1.5, IIRC.

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Michael Masse
> Sent: 19 January 2007 17:35
> To: MailScanner discussion
> Subject: RE: Spam slipping through
> 
> >> "Randal, Phil" <prandal@herefordshire.gov.uk> wrote:
> >> > You're possibly not picking up the sa-updated rules when running
> >> > SpamAssassin from within MailScanner.  Running spamassassin from
> the
> >> > command line will use them.
> >> > 
> >> > At some point SpamAssassin was fixed so that the local state dir
> >> > included /spamassassin, e.g. /var/lib/spamassassin, and not
> >> /var/lib.
> >> > 
> >> > See 
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4952#c11
> .
> >> > 
> >> > Try amending your MailScanner.conf to read like my config below
> >> (which
> >> > has been tested and verified to use the updated rules):
> >> > 
> >> > # The rules created by the "sa-update" tool are searched for
> here.
> >> > # This directory contains the 3.001007/updates_spamassassin_org
> >> > # directory structure beneath it.
> >> > # Only un-comment this setting once you have proved that the
> >> sa-update
> >> > # cron job has run successfully and has created a directory
> >> structure
> >> > under
> >> > # the spamassassin directory within this one and has put some
> *.cf
> >> files
> >> > in
> >> > # there. Otherwise it will ignore all your current rules!
> >> > # The default location may be /var/opt on Solaris systems.
> >> > 
> >> > SpamAssassin Local State Dir = /var/lib/spamassassin
> >> > 
> >> > Jules, can you fix the default MailScanner.conf to match reality,
> >> > please?
> >> > 
> >> 
> >> Using Jules latest easy install package, my SpamAssassin local
> state
> >> dir is still in /var/lib/
> >> 
> >> Mike
> > 
> > Mike,
> > 
> > What do you mean by that?  I'm confused.  Are you agreeing or
> > disagreeing with what I wrote?
> > 
> > Is that what it says in your MailScanner.conf?  Or you have some
> other
> > way of divining what the local state dir is?
> > 
> > My comments are based on standard installs of MailScanner and Jules'
> > Install-Clam-SA-3.1.7.
> > 
> > Cheers,
> > 
> > Phil
> > --
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK
> 
> 
> Sorry, I think this is a relative directory issue.     In the snippet
> of the MailScanner.conf you posted, you have the following line:
> # This directory contains the 3.001007/updates_spamassassin_org
> and so you would have to specify /var/lib/spamassassin.
> 
> In my MailScanner.conf that same line shows:
> # This directory contains the
> spamassassin/3.001001/updates_spamassassin_org
> so it appears as though my MailScanner automatically tacks on the
> spamassassin folder, and therefore I only need to specify  
> /var/lib.    
> After looking at this more, I'm concerned that it's showing 3.001001
> instead of 3.001007.   My actual spamassassin sa-update folder is:
> /var/lib/spamassassin/3.001.007.    Is there a way to check that MS is
> absolutely using the sa-updated files?
> 
> Mike
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
From drew at technologytiger.net  Fri Jan 19 19:43:01 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Fri Jan 19 18:45:47 2007
Subject: Not tagging messages?
In-Reply-To: <45B1081E.2000201@chapman.edu>
References: <45B10203.7090209@chapman.edu> <45B1081E.2000201@chapman.edu>
Message-ID: <65022.194.70.180.170.1169232181.squirrel@www.technologytiger.net>

On Fri, January 19, 2007 18:04, Jay Chandler wrote:
> Late-breaking followup:
>
> Apparently it's not just one server, it's both of our primary MX boxes--
> so something changed.

Sorry for the obvious but somethimes...

You have got "Spam Modify Subject" set haven't you and the same for "High
Spam Modify Subject" in MailScanner.conf?

Drew

From mrm at medicine.wisc.edu  Fri Jan 19 19:29:13 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Fri Jan 19 18:47:32 2007
Subject: Spam slipping through
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581237B89E@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B581237B89E@isabella.herefordshire.gov.uk>
Message-ID: <45B0BA11.7FBE.00FC.3@medicine.wisc.edu>

>>> On 1/19/2007 at 12:22 PM, in message
<86144ED6CE5B004DA23E1EAC0B569B581237B89E@isabella.herefordshire.gov.uk>,
"Randal, Phil" <prandal@herefordshire.gov.uk> wrote:
> No, my whole point was that the MailScanner.conf documentation is
wrong.
> It change with 3.1.4 or 3.1.5, IIRC.
> 

How can I verify if MailScanner is utilizing the sa-updated rules?

Mike

From DrewB at united-systems.com  Fri Jan 19 19:58:58 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Fri Jan 19 19:03:18 2007
Subject: Spam slipping through
In-Reply-To: <45B0BA11.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>

Well, I thought it was working, but it's not at all.  From what I can
tell, it is using the sa-updated rules.  At least part of the debug
reads " plugin: fixed relative path:
/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_drugs.cf"
But one of the messages that passed through the MTA came through with
this report:

5.00 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419) 
0.75 BAYES_50 Bayesian spam probability is 40 to 60% 
0.13 HTML_50_60 Message is 50% to 60% HTML 
1.25 HTML_MESSAGE HTML included in message 
0.41 SARE_HOMELOAN   
0.68 SARE_MONEYTERMS   
0.30 SARE_WEOFFER   
-0.00 SPF_HELO_PASS SPF: HELO matches SPF record 
-100.00 USER_IN_WHITELIST From: address is in the user's white-list 
1.36 X_MAILER_SPAM X-Mailer: header is bulk email fingerprint

Which would be fine EXCEPT there's no way in the world this user is in
any whitelist on my system.  I've double checked and triple checked to
make sure.  Plus, when I run the archived copy of this email through
spamassassin on the command line (making sure to use the MTA user), I
get this report:


Content analysis details:   (19.6 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
-0.0 NO_RELAYS              Informational: message was not relayed via
SMTP
 2.5 MISSING_HB_SEP         Missing blank line between message header
and body
 2.5 HEAD_LONG              Message headers are very long
 1.6 HEAD_ILLEGAL_CHARS     Headers have too many raw illegal characters
 0.3 SARE_WEOFFER           BODY: Offers Something
 0.4 SARE_HOMELOAN          BODY: Home mortgage stuff
 0.7 SARE_MONEYTERMS        BODY: Talks about money in some way.
 1.7 SARE_URI_EQUALS        URI: Trying to hide the real URL with IE
parsing bug
 0.8 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5006]
 2.2 NULL_IN_BODY           FULL: Message has NUL (ASCII 0) byte in
message
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.1 TO_CC_NONE             No To: or Cc: header
-0.0 NO_RECEIVED            Informational: message has no Received
headers
 5.0 ADVANCE_FEE_1          Appears to be advance fee fraud (Nigerian
419)

This looks more like what I would expect from this particular email.
So, what is going on that it's getting a completely different score in
MailScanner?


--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

From chandler at chapman.edu  Fri Jan 19 20:11:25 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Fri Jan 19 19:13:53 2007
Subject: Not tagging messages?
In-Reply-To: <65022.194.70.180.170.1169232181.squirrel@www.technologytiger.net>
References: <45B10203.7090209@chapman.edu> <45B1081E.2000201@chapman.edu>
	<65022.194.70.180.170.1169232181.squirrel@www.technologytiger.net>
Message-ID: <45B117DD.10003@chapman.edu>

Drew Marshall wrote:
> On Fri, January 19, 2007 18:04, Jay Chandler wrote:
>   
>> Late-breaking followup:
>>
>> Apparently it's not just one server, it's both of our primary MX boxes--
>> so something changed.
>>     
>
> Sorry for the obvious but somethimes...
>
> You have got "Spam Modify Subject" set haven't you and the same for "High
> Spam Modify Subject" in MailScanner.conf?
>
> Drew
>
>   
# If the message is spam, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.                         
Spam Modify Subject = yes    


# This is just like the "Spam Modify Subject" option above, except that
# it applies when the score from SpamAssassin is higher than the
# "High SpamAssassin Score" value.      
# This can also be the filename of a ruleset.
High Scoring Spam Modify Subject = yes

All I've done is run portupgrade, which brought my current version of 
Mailscanner to 4.57.6.

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: That would be because the software doesn't work. 

From crichardson at cantella.com  Fri Jan 19 20:46:26 2007
From: crichardson at cantella.com (Chris Richardson)
Date: Fri Jan 19 19:49:46 2007
Subject: MailScanner vs Borderware
In-Reply-To: <web-8995826@namesystems.net>
References: <web-8995826@namesystems.net>
Message-ID: <45B12012.9080006@cantella.com>

the thing we do here is we have build a frontend into our website that 
allows the users to adjust the greylisting and whitelist/blacklisting 
along with the scoring levels and delivery methods. then on the server 
we run a script ever night that rebuilds the effected ruleset that 
restarts mailscanner. it was actualy pretty easy to do and if you realy 
wanted it real time i am sure you could a. modify ms to do rules sets 
off of a db. b. setup some time of demon that could insert and control 
the start/stop features of ms.

Dennis Willson wrote:
>
> MailWatch does already allow individual users to control their white 
> and black lists. If you use the latest version Steve has included the 
> change I made that allows users to set their own Spam score thresholds.
>
> The MailWatch code is organized fairly well and therefore is pretty 
> easy to modify.
>
>
> On Fri, 19 Jan 2007 18:21:37 +0100
>  shuttlebox <shuttlebox@gmail.com> wrote:
>> A colleague of mine who's responsible for quite a large MS
>> installation processing mail for a number of our largest clients is
>> considering switching to Borderware instead. I have built his
>> installation and take care of all the more complex work but he's fed
>> up with tinkering with rulesets (typically white/blacklists) for end
>> users.
>>
>> I know that many of you will recommend him to use MailWatch for
>> simplicity but he wants to move configuration to the end users
>> themselves and apparently BW offers that.
>>
>> 1. Does anyone here know pros and cons of BW appliances besides what
>> you can find out by visiting their web site? I have read their
>> material from there.
>> 2. Is there (web) frontends aimed at the end users available for MS?
>> Is DefenderMX the answer?
>>
>> I want more MS, not less so I want to provide what he thinks MS lacks
>> in comparison to the commercial alternatives (who tend to focus on
>> nice GUI:s).
>>
>> -- 
>> /peter
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
>
>
> --------------------------------------------------
> Dennis Willson
>
> taz@taz-mania.com
> http://www.taz-mania.com
>
> Ham (Extra Class): KA6LSW
> GMRS : WQGF680
> Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, 
> Gas Blender
>
> Life should not be a journey to the grave with the intention of 
> arriving safely in a nice looking and well preserved body, but rather 
> to skid in broadside, thoroughly used up, totally worn out, and loudly 
> proclaiming, "WOW! WHAT A RIDE!"




The information transmitted is intended only for the person or entity 
to which it is addressed and may contain confidential and/or 
privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information
by persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete this
material from any computer.

In accordance with industry regulations, all messages are retained and are subject to monitoring. 

This message has been scanned for viruses and dangerous content and is believed to be clean. 

Securities offered through Cantella & Co., Inc., Member NASD/SIPC. 
Home Office: 2 Oliver Street, 11th Floor, Boston, MA 02109
Telephone: (617)521-8630

From ssilva at sgvwater.com  Fri Jan 19 22:43:28 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan 19 21:46:37 2007
Subject: Not tagging messages?
In-Reply-To: <45B117DD.10003@chapman.edu>
References: <45B10203.7090209@chapman.edu>
	<45B1081E.2000201@chapman.edu>	<65022.194.70.180.170.1169232181.squirrel@www.technologytiger.net>
	<45B117DD.10003@chapman.edu>
Message-ID: <eore21$8et$1@sea.gmane.org>

Jay Chandler spake the following on 1/19/2007 11:11 AM:
> Drew Marshall wrote:
>> On Fri, January 19, 2007 18:04, Jay Chandler wrote:
>>  
>>> Late-breaking followup:
>>>
>>> Apparently it's not just one server, it's both of our primary MX boxes--
>>> so something changed.
>>>     
>>
>> Sorry for the obvious but somethimes...
>>
>> You have got "Spam Modify Subject" set haven't you and the same for "High
>> Spam Modify Subject" in MailScanner.conf?
>>
>> Drew
>>
>>   
> # If the message is spam, do you want to modify the subject line?
> # This makes filtering in Outlook very easy.
> # This can also be the filename of a ruleset.                        
> Spam Modify Subject = yes   
> 
> # This is just like the "Spam Modify Subject" option above, except that
> # it applies when the score from SpamAssassin is higher than the
> # "High SpamAssassin Score" value.      # This can also be the filename
> of a ruleset.
> High Scoring Spam Modify Subject = yes
> 
> All I've done is run portupgrade, which brought my current version of
> Mailscanner to 4.57.6.
> 
I don't know how old the version in ports is, but does it allow the
MailScanner --changed command?
That will give you all the defaults next to your changes. Might give a clue.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From chandler at chapman.edu  Fri Jan 19 23:10:02 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Fri Jan 19 22:12:34 2007
Subject: Not tagging messages?
In-Reply-To: <eore21$8et$1@sea.gmane.org>
References: <45B10203.7090209@chapman.edu>	<45B1081E.2000201@chapman.edu>	<65022.194.70.180.170.1169232181.squirrel@www.technologytiger.net>	<45B117DD.10003@chapman.edu>
	<eore21$8et$1@sea.gmane.org>
Message-ID: <45B141BA.9010109@chapman.edu>

Scott Silva wrote:
> I don't know how old the version in ports is, but does it allow the
> MailScanner --changed command?
> That will give you all the defaults next to your changes. Might give a clue.
>
>   
I tend to keep current.  I've pasted the full output below, but the line 
that interested me most was:

spammodifysubject                  start          yes

I've never heard of setting it to "start"

Is this something new?

-- J


Table of Changed Values:

Option Name                        Default        Current Value
===============================================================================
attachmentwarningfilename          VirusWarning.txt 
Chapman-Attachment-Warning.txt
contentmodifysubject               start          no
countrysubdomainslist              /etc/MailScanner/country.domains.conf 
/usr/local/etc/MailScanner/country.domains.conf
customfunctionsdir                 
/usr/lib/MailScanner/MailScanner/CustomFunctions 
/usr/local/lib/MailScanner/MailScanner/CustomFunctions
deletedbadcontentmessagereport     
/etc/MailScanner/reports/en/deleted.content.message.txt 
/usr/local/share/MailScanner/reports/en/deleted.content.message.txt
deletedbadfilenamemessagereport    
/etc/MailScanner/reports/en/deleted.filename.message.txt 
/usr/local/share/MailScanner/reports/en/deleted.filename.message.txt
deletedsizemessagereport           
/etc/MailScanner/reports/en/deleted.size.message.txt 
/usr/local/share/MailScanner/reports/en/deleted.size.message.txt
deletedvirusmessagereport          
/etc/MailScanner/reports/en/deleted.virus.message.txt 
/usr/local/share/MailScanner/reports/en/deleted.virus.message.txt
deliverinbackground                yes            no
deliverunparsabletnef              no             yes
disarmedmodifysubject              start          no
disarmedsubjecttext                {Disarmed}     [Tracking Cookies 
Disabled]
disinfectedreport                  
/etc/MailScanner/reports/en/disinfected.report.txt 
/usr/local/share/MailScanner/reports/en/disinfected.report.txt
enablespambounce                   no             RULESET:Default=no
envelopefromheader                 X-MailScanner-Envelope-From: 
X-Chapman-MailScanner-From:
envelopetoheader                   X-MailScanner-Envelope-To: 
X-Chapman-MailScanner-To:
filecommand                        /usr/bin/file 
filenamemodifysubject              start          no
gunzipcommand                      /bin/gunzip    /usr/bin/gunzip
highscoringmcpmodifysubject        start          yes
highscoringspammodifysubject       start          yes
highscoringspamsubjecttext         {Spam?}        *****SPAM*****
hostname                           the MailScanner the Chapman () 
MailScanner
incomingqueuedir                   /var/spool/mqueue.in 
/var/spool/postfix/hold
informationheader                                 
X-Chapman-MailScanner-Information:
inlinehtmlsignature                
/etc/MailScanner/reports/en/inline.sig.html 
/usr/local/share/MailScanner/reports/en/inline.sig.html
inlinehtmlwarning                  
/etc/MailScanner/reports/en/inline.warning.html 
/usr/local/share/MailScanner/reports/en/inline.warning.html
inlinespamwarning                  
/etc/MailScanner/reports/en/inline.spam.warning.txt 
/usr/local/share/MailScanner/reports/en/inline.spam.warning.txt
inlinetextsignature                
/etc/MailScanner/reports/en/inline.sig.txt 
/usr/local/share/MailScanner/reports/en/inline.sig.txt
inlinetextwarning                  
/etc/MailScanner/reports/en/inline.warning.txt 
/usr/local/share/MailScanner/reports/en/inline.warning.txt
isdefinitelynotspam                no             RULESET:Default=no
languagestrings                                   
/usr/local/share/MailScanner/reports/en/languages.conf
logdangeroushtmltags               no             yes
lognonspam                         no             yes
logsilentviruses                   no             yes
logspam                            no             yes
logspeed                           no             yes
mailheader                         X-MailScanner: X-Chapman-MailScanner:
mailscannerversionnumber           1.0.0          4.57.6
maxchildren                        5              10
maximumarchivedepth                2              0
maxspamassassinsize                30000          30k
mcpheader                          X-MailScanner-MCPCheck: 
X-Chapman-MailScanner-MCPCheck:
mcpmaxspamassassinsize             100000         100k
mcpmodifysubject                   start          yes
mcpspamassassindefaultrulesdir     /etc/MailScanner/mcp 
/usr/local/etc/MailScanner/mcp
mcpspamassassininstallprefix       /etc/MailScanner/mcp 
/usr/local/etc/MailScanner/mcp
mcpspamassassinlocalrulesdir       /etc/MailScanner/mcp 
/usr/local/etc/MailScanner/mcp
mcpspamassassinprefsfile           
/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf 
/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf
monitorsforclamavupdates           /usr/local/share/clamav/*.cvd 
/var/db/clamav/*.cvd
monitorsforsophosupdates           /usr/local/Sophos/ide/*.zip 
/usr/local/Sophos/ide/*ides.zip
mta                                sendmail       postfix
noticesignature                    -- \nMailScanner\nEmail Virus 
Scanner\nwww.mailscanner.info -- \nMailScanner\nEmail Virus 
Scanner\nInformation Services and Technology, Chapman University
noticesto                          postmaster     abuse
outgoingqueuedir                   /var/spool/mqueue 
/var/spool/postfix/incoming
phishingsafesitesfile              
/etc/MailScanner/phishing.safe.sites.conf 
/usr/local/etc/MailScanner/phishing.safe.sites.conf
quarantineinfections               yes            no
queuescaninterval                  6              5
recipientmcpreport                 
/etc/MailScanner/reports/en/recipient.mcp.report.txt 
/usr/local/share/MailScanner/reports/en/recipient.mcp.report.txt
recipientspamreport                
/etc/MailScanner/reports/en/recipient.spam.report.txt 
/usr/local/share/MailScanner/reports/en/recipient.spam.report.txt
rejectionreport                    
/etc/MailScanner/reports/en/message.rejection.report.txt 
/usr/local/share/MailScanner/reports/en/rejection.report.txt
runasgroup                         0              postfix
runasuser                          0              postfix
senderbadcontentreport             
/etc/MailScanner/reports/en/sender.content.report.txt 
/usr/local/share/MailScanner/reports/en/sender.content.report.txt
senderbadfilenamereport            
/etc/MailScanner/reports/en/sender.filename.report.txt 
/usr/local/share/MailScanner/reports/en/sender.filename.report.txt
sendererrorreport                  
/etc/MailScanner/reports/en/sender.error.report.txt 
/usr/local/share/MailScanner/reports/en/sender.error.report.txt
sendermcpreport                    
/etc/MailScanner/reports/en/sender.mcp.report.txt 
/usr/local/share/MailScanner/reports/en/sender.mcp.report.txt
sendersizereport                   
/etc/MailScanner/reports/en/sender.size.report.txt 
/usr/local/share/MailScanner/reports/en/sender.size.report.txt
senderspamassassinreport           
/etc/MailScanner/reports/en/sender.spam.sa.report.txt 
/usr/local/share/MailScanner/reports/en/sender.spam.sa.report.txt
senderspamlistreport               
/etc/MailScanner/reports/en/sender.spam.rbl.report.txt 
/usr/local/share/MailScanner/reports/en/sender.spam.rbl.report.txt
senderspamreport                   
/etc/MailScanner/reports/en/sender.spam.report.txt 
/usr/local/share/MailScanner/reports/en/sender.spam.report.txt
sendervirusreport                  
/etc/MailScanner/reports/en/sender.virus.report.txt 
/usr/local/share/MailScanner/reports/en/sender.virus.report.txt
sendmail                           /usr/sbin/sendmail 
/usr/local/sbin/sendmail
sendmail2                          /usr/sbin/sendmail 
/usr/local/sbin/sendmail
sendnotices                        yes            no
signcleanmessages                  yes            no
sizemodifysubject                  start          no
sophosidedir                                      /usr/local/Sophos/ide
sophoslibdir                                      /usr/local/Sophos/lib
spamassassindefaultrulesdir                       
/usr/local/etc/MailScanner/fuzzy/
spamassassinlocalrulesdir                         
/usr/local/etc/mail/spamassassin/
spamassassinlocalstatedir                         /var/lib
spamassassinsiterulesdir                          
/usr/local/etc/mail/spamassassin
spamassassinuserstatedir                          
/var/spool/MailScanner/spamassassin
spamheader                         X-MailScanner-SpamCheck: 
X-Chapman-MailScanner-SpamCheck:
spamlist                                          spamcop.net NJABL 
BLITZEDALL DSBL
spamlistdefinitions                /etc/MailScanner/spam.lists.conf 
/usr/local/etc/MailScanner/spam.lists.conf
spammodifysubject                  start          yes
spamscoreheader                    X-MailScanner-SpamScore: 
X-Chapman-MailScanner-SpamScore:
spamsubjecttext                    {Spam?}        *****SPAM*****
storedbadcontentmessagereport      
/etc/MailScanner/reports/en/stored.content.message.txt 
/usr/local/share/MailScanner/reports/en/stored.content.message.txt
storedbadfilenamemessagereport     
/etc/MailScanner/reports/en/stored.filename.message.txt 
/usr/local/share/MailScanner/reports/en/stored.filename.message.txt
storedsizemessagereport            
/etc/MailScanner/reports/en/stored.size.message.txt 
/usr/local/share/MailScanner/reports/en/stored.size.message.txt
storedvirusmessagereport           
/etc/MailScanner/reports/en/stored.virus.message.txt 
/usr/local/share/MailScanner/reports/en/stored.virus.message.txt
tnefexpander                       /usr/bin/tnef --maxsize=100000000 
internal
unrarcommand                       /usr/bin/unrar /usr/local/bin/unrar
virusmodifysubject                 start          yes
virusscannerdefinitions            /etc/MailScanner/virus.scanners.conf 
/usr/local/etc/MailScanner/virus.scanners.conf
virusscanners                      auto           clamavmodule
virussubjecttext                   {Virus?}       *****VIRUS*****
webbugreplacement                  
http://www.mailscanner.info/images/1x1spacer.gif 
http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: That would be because the software doesn't work. 

From jm153 at tmp.com.br  Sat Jan 20 01:05:33 2007
From: jm153 at tmp.com.br (Durval Menezes)
Date: Sat Jan 20 00:07:59 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes Of
	Spam)
In-Reply-To: <eoj58c$hrn$1@sea.gmane.org>;
	from ssilva@sgvwater.com on Tue, Jan 16, 2007 at 10:24:11 -0800
References: <eoj58c$hrn$1@sea.gmane.org>
Message-ID: <20070119220533.A4014@tmp.com.br>

Hello folks,

Scott Silva <ssilva@sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11 -0800, wrote:
> Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
> alone. Five seconds is a good starting point, but probably not over 30
> seconds.

The first time I became aware of GreetPause, I dismissed it as probably
not very effective, because it would be very simple for spammers to adapt
by just stopping the slam; on the negative side, it would end up slowing
ALL traffic, including the legitimate (non-spam) emails.

Then I came upon Scott's (and others) recommendations, as above, and I
wondered if my initial analysis was incorrect; today, I found the time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
obtained are as follows:

Pause:    GreetPause:  total connections:	pre-greet/conexoes:
1s     		 14          645         	2.17%
5s      	 19          383         	4.96%
10s      	 36          535         	6.73%

What's worse, about 80% of the connections blocked by GreetPause would
have been blocked anyway by the MTA using RBLs alone, so the *effective*
Greetpause improvement over using RBLs alone would be about 1% or less,
even with relativelly large (10s) pauses.

I've rechecked my analysis and found no mistakes; are you folks *really*
measuring GreetPause efficiency and finding these 10-20% numbers, or are
you deriving these numbers more from "feeling" or something? What other
explanations for the above discrepancies can you think of?

If anyone wants to sift through my logs, I can make then avalable;
just ask.

Thanks in advance for any and all input.

Best Regards,
-- 
   Durval Menezes (durval AT tmp DOT com DOT br, http://www.tmp.com.br/)
From res at ausics.net  Sat Jan 20 01:18:58 2007
From: res at ausics.net (Res)
Date: Sat Jan 20 00:21:34 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <20070119220533.A4014@tmp.com.br>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
Message-ID: <Pine.LNX.4.64.0701201016270.16728@ebfjryy.nhfvpf.arg>

On Fri, 19 Jan 2007, Durval Menezes wrote:

> I've rechecked my analysis and found no mistakes; are you folks *really*
> measuring GreetPause efficiency and finding these 10-20% numbers, or are
> you deriving these numbers more from "feeling" or something? What other
> explanations for the above discrepancies can you think of?

The fact remains mail servers should WAIT for the 220 msg, those that 
dont, are ill configured, most likely but not always spammers.

Either way they dont observe protocol so why the hell SHOULD we accept 
mail from. I certainly don't and wont.



-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From Kevin_Miller at ci.juneau.ak.us  Sat Jan 20 01:22:34 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Sat Jan 20 00:24:59 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	OfSpam)
In-Reply-To: <20070119220533.A4014@tmp.com.br>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB10@city-exch-w3e.cbj.local>

Durval Menezes wrote:
> Hello folks,
> 
> Scott Silva <ssilva@sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11
> -0800, wrote: 
>> Greetpause does help a lot, as I probably drop 10 to 20% of the spam
>> with it alone. Five seconds is a good starting point, but probably
>> not over 30 seconds.
> 
> The first time I became aware of GreetPause, I dismissed it as
> probably 
> not very effective, because it would be very simple for spammers to
> adapt 
> by just stopping the slam; on the negative side, it would end up
> slowing 
> ALL traffic, including the legitimate (non-spam) emails.
> 
> Then I came upon Scott's (and others) recommendations, as above, and I
> wondered if my initial analysis was incorrect; today, I found the time
> to configure one of my servers to use GreetPause, and measured its
> efficiency using pause intervals of 1s, 5s and 10s. The numbers I
> obtained are as follows:
> 
> Pause:    GreetPause:  total connections:	pre-greet/conexoes:
> 1s     		 14          645         	2.17%
> 5s      	 19          383         	4.96%
> 10s      	 36          535         	6.73%
> 
> What's worse, about 80% of the connections blocked by GreetPause would
> have been blocked anyway by the MTA using RBLs alone, so the
> *effective* Greetpause improvement over using RBLs alone would be
> about 1% or less, 
> even with relativelly large (10s) pauses.
> 
> I've rechecked my analysis and found no mistakes; are you folks
> *really* measuring GreetPause efficiency and finding these 10-20%
> numbers, or are 
> you deriving these numbers more from "feeling" or something? What
> other explanations for the above discrepancies can you think of?
> 
> If anyone wants to sift through my logs, I can make then avalable;
> just ask.

I can't speak for others, but it really boils down to how you want to
run your inbound mail.  I use RBLs, but I do so in MailScanner, not my
MTA (sendmail, FFIW).  Consequently, all the messages would have been
accepted anyway.  Too many false positives with RBLs to reject them out
of hand.  At least for me - YMMV.

By running greet pause, I was able to reject out of hand a large number
of mails.  Don't remember the proportion but it seems like it was around
half anyway.  I could be way off though in either direction - it's been
too long since I turned it on.  I have MailWatch installed, so when I
turned on greet pause I was able to quickly and easily see a big
difference in the graph after only a day or two.  Anyway, that's a lot
of mail that MailScanner/Spamassassin/AV didn't have to bother with.
For me, it was a very worthwhile feature to enable.

Also, it depends on the amount of messages you get a day.  If you're
talking 1000 messages, then what's another 67?  If you're talking a
million, then you're processing 67,300 messages that need to be scanned.

It isnt' the end all, be all of spam filtering.  It's just another tool
in the bucket.  But 6.73% here, 20% there, and it all adds up.

Have a good weekend...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From taz at taz-mania.com  Sat Jan 20 01:29:40 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Sat Jan 20 00:32:08 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased
 Volumes Of	Spam)
In-Reply-To: <20070119220533.A4014@tmp.com.br>
Message-ID: <web-8996366@namesystems.net>

It's more effecient to use greet pause than RBLs. RBLs take up more 
resources, both yours and the RBL providers. Not to mention the 
metwork traffic of the RBL query (although not very much most of the 
time, I used to host an RBL and if everyone would have reduced their 
traffic just a little that would have made a big difference in my 
bandwidth usage).

I use greet pause as one of my anti-spam tools and I probably get the 
same effectiveness as you... I just consider this as 'free' and a 
savings of resources. I actually get one of my biggest improvements 
with greylisting (yes this can delay email, users learn to live with 
it and it's such a big gain I can't ignore it). Content scanners are 
such resource hogs that I do as much as I can prior to scanning the 
contents so there are a lot fewer emails to scan.

Doing sender verification (making sure the sending email address is a 
real email address) made a surprising difference too.

Hope this helps


On Fri, 19 Jan 2007 22:05:33 -0200
  Durval Menezes <jm153@tmp.com.br> wrote:
>Hello folks,
>
>Scott Silva <ssilva@sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11 
>-0800, wrote:
>> Greetpause does help a lot, as I probably drop 10 to 20% of the spam 
>>with it
>> alone. Five seconds is a good starting point, but probably not over 
>>30
>> seconds.
>
>The first time I became aware of GreetPause, I dismissed it as 
>probably
>not very effective, because it would be very simple for spammers to 
>adapt
>by just stopping the slam; on the negative side, it would end up 
>slowing
>ALL traffic, including the legitimate (non-spam) emails.
>
>Then I came upon Scott's (and others) recommendations, as above, and 
>I
>wondered if my initial analysis was incorrect; today, I found the 
>time
>to configure one of my servers to use GreetPause, and measured its
>efficiency using pause intervals of 1s, 5s and 10s. The numbers I
>obtained are as follows:
>
>Pause:    GreetPause:  total connections:	pre-greet/conexoes:
>1s     		 14          645         	2.17%
>5s      	 19          383         	4.96%
>10s      	 36          535         	6.73%
>
>What's worse, about 80% of the connections blocked by GreetPause 
>would
>have been blocked anyway by the MTA using RBLs alone, so the 
>*effective*
>Greetpause improvement over using RBLs alone would be about 1% or 
>less,
>even with relativelly large (10s) pauses.
>
>I've rechecked my analysis and found no mistakes; are you folks 
>*really*
>measuring GreetPause efficiency and finding these 10-20% numbers, or 
>are
>you deriving these numbers more from "feeling" or something? What 
>other
>explanations for the above discrepancies can you think of?
>
>If anyone wants to sift through my logs, I can make then avalable;
>just ask.
>
>Thanks in advance for any and all input.
>
>Best Regards,
>-- 
>    Durval Menezes (durval AT tmp DOT com DOT br, 
>http://www.tmp.com.br/)
>-- 
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website! 


--------------------------------------------------
Dennis Willson

taz@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt, 
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of 
arriving safely in a nice looking and well preserved body, but rather 
to skid in broadside, thoroughly used up, totally worn out, and loudly 
proclaiming, "WOW! WHAT A RIDE!"
From ssilva at sgvwater.com  Sat Jan 20 01:46:57 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Sat Jan 20 00:49:42 2007
Subject: Not tagging messages?
In-Reply-To: <45B141BA.9010109@chapman.edu>
References: <45B10203.7090209@chapman.edu>	<45B1081E.2000201@chapman.edu>	<65022.194.70.180.170.1169232181.squirrel@www.technologytiger.net>	<45B117DD.10003@chapman.edu>	<eore21$8et$1@sea.gmane.org>
	<45B141BA.9010109@chapman.edu>
Message-ID: <eoroq2$b04$1@sea.gmane.org>

Jay Chandler spake the following on 1/19/2007 2:10 PM:
> Scott Silva wrote:
>> I don't know how old the version in ports is, but does it allow the
>> MailScanner --changed command?
>> That will give you all the defaults next to your changes. Might give a
>> clue.
>>
>>   
> I tend to keep current.  I've pasted the full output below, but the line
> that interested me most was:
> 
> spammodifysubject                  start          yes
> 
> I've never heard of setting it to "start"
> 
> Is this something new?
Yes. You can now have start or end to go to the beginning or end of the subject
Either Subject(spam)
or
(spam)Subject

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From lhaig at haigmail.com  Sat Jan 20 01:48:05 2007
From: lhaig at haigmail.com (Lance Haig)
Date: Sat Jan 20 00:50:30 2007
Subject: Problems with sendmail
In-Reply-To: <web-8995830@namesystems.net>
References: <web-8995830@namesystems.net>
Message-ID: <45B166C5.7070502@haigmail.com>

Hi Dennis,

Thanks that is what I was missing

Lance


Dennis Willson wrote:
> You did change the default config for sendmail to all access via the 
> network didn't you? The default is to only allow access from 127.0.0.1
>
> You have change that in the sendmail.mc file.
>
>
> On Fri, 19 Jan 2007 15:48:30 +0000
>  Lance Haig <lnhaig@gmail.com> wrote:
>> Hi Guys,
>>
>> I had to do a DR build of an ms server.
>>
>> The new server is built with the following
>>
>> Latest packages from MS site and addons
>>
>> built on SUSE 10.1
>>
>> When I run mailscanner  --lint I get no errors
>>
>> The problem I have is that I cannot connect to the server on port 25.
>>
>> I have checked firewalls and I can ssh onto it from outside the network.
>>
>> I am sure I have missed something.
>>
>> I have created the access files for the relay domains
>>
>> Can anyone give me a heads up/
>>
>> Thanks
>>
>> Lance
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
>
>
> --------------------------------------------------
> Dennis Willson
>
> taz@taz-mania.com
> http://www.taz-mania.com
>
> Ham (Extra Class): KA6LSW
> GMRS : WQGF680
> Scuba: Rescue Diver, EANx, Wreck, Night, Alt, Equip, UW Photographer, 
> Gas Blender
>
> Life should not be a journey to the grave with the intention of 
> arriving safely in a nice looking and well preserved body, but rather 
> to skid in broadside, thoroughly used up, totally worn out, and loudly 
> proclaiming, "WOW! WHAT A RIDE!"

From ssilva at sgvwater.com  Sat Jan 20 01:49:04 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Sat Jan 20 00:52:38 2007
Subject: Not tagging messages?
In-Reply-To: <45B141BA.9010109@chapman.edu>
References: <45B10203.7090209@chapman.edu>	<45B1081E.2000201@chapman.edu>	<65022.194.70.180.170.1169232181.squirrel@www.technologytiger.net>	<45B117DD.10003@chapman.edu>	<eore21$8et$1@sea.gmane.org>
	<45B141BA.9010109@chapman.edu>
Message-ID: <eorou0$b04$2@sea.gmane.org>

Jay Chandler spake the following on 1/19/2007 2:10 PM:
> Scott Silva wrote:
>> I don't know how old the version in ports is, but does it allow the
>> MailScanner --changed command?
>> That will give you all the defaults next to your changes. Might give a
>> clue.
>>
>>   
> I tend to keep current.  I've pasted the full output below, but the line
> that interested me most was:
> 
> spammodifysubject                  start          yes
> 
> I've never heard of setting it to "start"
> 
> Is this something new?
> 
> -- J
Thinking back, someone else had this problem maybe last month, and I can't
find the thread right now.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Sat Jan 20 01:52:50 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Sat Jan 20 00:57:35 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of   Spam)
In-Reply-To: <20070119220533.A4014@tmp.com.br>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
Message-ID: <eorp52$b04$3@sea.gmane.org>

Durval Menezes spake the following on 1/19/2007 4:05 PM:
> Hello folks,
> 
> Scott Silva <ssilva@sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11 -0800, wrote:
>> Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
>> alone. Five seconds is a good starting point, but probably not over 30
>> seconds.
> 
> The first time I became aware of GreetPause, I dismissed it as probably
> not very effective, because it would be very simple for spammers to adapt
> by just stopping the slam; on the negative side, it would end up slowing
> ALL traffic, including the legitimate (non-spam) emails.
> 
> Then I came upon Scott's (and others) recommendations, as above, and I
> wondered if my initial analysis was incorrect; today, I found the time
> to configure one of my servers to use GreetPause, and measured its
> efficiency using pause intervals of 1s, 5s and 10s. The numbers I
> obtained are as follows:
> 
> Pause:    GreetPause:  total connections:	pre-greet/conexoes:
> 1s     		 14          645         	2.17%
> 5s      	 19          383         	4.96%
> 10s      	 36          535         	6.73%
> 
> What's worse, about 80% of the connections blocked by GreetPause would
> have been blocked anyway by the MTA using RBLs alone, so the *effective*
> Greetpause improvement over using RBLs alone would be about 1% or less,
> even with relativelly large (10s) pauses.
> 
> I've rechecked my analysis and found no mistakes; are you folks *really*
> measuring GreetPause efficiency and finding these 10-20% numbers, or are
> you deriving these numbers more from "feeling" or something? What other
> explanations for the above discrepancies can you think of?
> 
> If anyone wants to sift through my logs, I can make then avalable;
> just ask.
> 
> Thanks in advance for any and all input.
> 
> Best Regards,
Many cannot use all the good blacklists, and greetpause does catch some of the
newer spammers that haven't hit the blacklists yet.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Sat Jan 20 10:47:08 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat Jan 20 09:49:36 2007
Subject: Spam slipping through
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>
References: <45B0BA11.7FBE.00FC.3@medicine.wisc.edu>
	<1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>
Message-ID: <223f97700701200147i5a821e09mc6047ac5fa787050@mail.gmail.com>

On 19/01/07, Drew Burchett <DrewB@united-systems.com> wrote:
(snip)
> -0.00 SPF_HELO_PASS SPF: HELO matches SPF record
> -100.00 USER_IN_WHITELIST From: address is in the user's white-list
> 1.36 X_MAILER_SPAM X-Mailer: header is bulk email fingerprint
>
> Which would be fine EXCEPT there's no way in the world this user is in
> any whitelist on my system.
(snip)
So you don't have any SPF whitelist in local.cf or mailscanner.cf at
all? Or any other .cf on the system? No leftover SA whitelist of any
kind?
I know that I had some poor example _uncommented_ for quite some time
in some SA cf file... Not any more though:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From DrewB at united-systems.com  Sat Jan 20 14:13:21 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Sat Jan 20 13:16:58 2007
Subject: Spam slipping through
In-Reply-To: <223f97700701200147i5a821e09mc6047ac5fa787050@mail.gmail.com>
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F768D6@uss2k01.united-systems.local>

The only whitelist that I can find is the one that I set up in mysql. 

--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

From alex at nkpanama.com  Sat Jan 20 15:24:33 2007
From: alex at nkpanama.com (Alex Neuman)
Date: Sat Jan 20 14:27:39 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
In-Reply-To: <eorp52$b04$3@sea.gmane.org>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
Message-ID: <F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>

In my particular case I've had to turn off greylisting for a few  
servers because the owners would rather throw more resources at the  
problem (cpu, ram, etc.) to check mail after it's received. Most  
people I know get used to the additional delay after a while, but  
there are some users who are more... let's call it "recalcitrant".

In any case, GreetPause became a permanent addition to the "bat-belt"  
as soon as it came out. No cases of collateral damage so far, as with  
FPs in RBL's and so on, and it works not just against slammers but a  
lot of DOS situations as well.

If I had only one thing to pick to keep from my setup it would be  
GreetPause.

On Jan 19, 2007, at 7:52 PM, Scott Silva wrote:

> Durval Menezes spake the following on 1/19/2007 4:05 PM:
>> Hello folks,
>>
>> Scott Silva <ssilva@sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11  
>> -0800, wrote:
>>> Greetpause does help a lot, as I probably drop 10 to 20% of the  
>>> spam with it
>>> alone. Five seconds is a good starting point, but probably not  
>>> over 30
>>> seconds.
>>
>> The first time I became aware of GreetPause, I dismissed it as  
>> probably
>> not very effective, because it would be very simple for spammers  
>> to adapt
>> by just stopping the slam; on the negative side, it would end up  
>> slowing
>> ALL traffic, including the legitimate (non-spam) emails.
>>
>> Then I came upon Scott's (and others) recommendations, as above,  
>> and I
>> wondered if my initial analysis was incorrect; today, I found the  
>> time
>> to configure one of my servers to use GreetPause, and measured its
>> efficiency using pause intervals of 1s, 5s and 10s. The numbers I
>> obtained are as follows:
>>
>> Pause:    GreetPause:  total connections:	pre-greet/conexoes:
>> 1s     		 14          645         	2.17%
>> 5s      	 19          383         	4.96%
>> 10s      	 36          535         	6.73%
>>
>> What's worse, about 80% of the connections blocked by GreetPause  
>> would
>> have been blocked anyway by the MTA using RBLs alone, so the  
>> *effective*
>> Greetpause improvement over using RBLs alone would be about 1% or  
>> less,
>> even with relativelly large (10s) pauses.
>>
>> I've rechecked my analysis and found no mistakes; are you folks  
>> *really*
>> measuring GreetPause efficiency and finding these 10-20% numbers,  
>> or are
>> you deriving these numbers more from "feeling" or something? What  
>> other
>> explanations for the above discrepancies can you think of?
>>
>> If anyone wants to sift through my logs, I can make then avalable;
>> just ask.
>>
>> Thanks in advance for any and all input.
>>
>> Best Regards,
> Many cannot use all the good blacklists, and greetpause does catch  
> some of the
> newer spammers that haven't hit the blacklists yet.
>
> -- 
>
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

From glenn.steen at gmail.com  Sat Jan 20 16:00:02 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat Jan 20 15:02:32 2007
Subject: Spam slipping through
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F768D6@uss2k01.united-systems.local>
References: <223f97700701200147i5a821e09mc6047ac5fa787050@mail.gmail.com>
	<1E75E79B854C814784D0E8C5BA55AF76F768D6@uss2k01.united-systems.local>
Message-ID: <223f97700701200700g5cc68d26ha7b1309f907370cd@mail.gmail.com>

On 20/01/07, Drew Burchett <DrewB@united-systems.com> wrote:
> The only whitelist that I can find is the one that I set up in mysql.

Well, that rule is purely in SpamAssassin, so ... SA config is where
you have to search for it.
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Sat Jan 20 18:17:55 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jan 20 17:24:51 2007
Subject: Spam slipping through
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581237B856@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B581237B856@isabella.herefordshire.gov.uk>
Message-ID: <45B24EC3.5030204@ecs.soton.ac.uk>



Randal, Phil wrote:
> You're possibly not picking up the sa-updated rules when running
> SpamAssassin from within MailScanner.  Running spamassassin from the
> command line will use them.
>
> At some point SpamAssassin was fixed so that the local state dir
> included /spamassassin, e.g. /var/lib/spamassassin, and not /var/lib.
>
> See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4952#c11 .
>
> Try amending your MailScanner.conf to read like my config below (which
> has been tested and verified to use the updated rules):
>
> # The rules created by the "sa-update" tool are searched for here.
> # This directory contains the 3.001007/updates_spamassassin_org
> # directory structure beneath it.
> # Only un-comment this setting once you have proved that the sa-update
> # cron job has run successfully and has created a directory structure
> under
> # the spamassassin directory within this one and has put some *.cf files
> in
> # there. Otherwise it will ignore all your current rules!
> # The default location may be /var/opt on Solaris systems.
>
> SpamAssassin Local State Dir = /var/lib/spamassassin
>
> Jules, can you fix the default MailScanner.conf to match reality,
> please?
>   
Can I be reasonably sure that the sa-update will work? And what triggers 
it? Do I need another cron job to do this, or does SpamAssassin do it on 
its own? Please include me directly as my personal address in a Cc for 
this one, I have been trying not to miss a deadline by too much, and 
would still very much like to do a stable release on 1st Feb. It's been 
far too long since the last one. I want to include everything except the 
new p records in Postfix, so if there's anything that needs 
fixing/changing, send it to me personally as soon as possible, as I hope 
to have some time this coming week to work on MailScanner. So I need to 
know the list of outstanding jobs!
> I've posted on the list about this on November 22nd and 23rd last year -
> I spent a productive hour one evening testing various "SpamAssassin
> Local State Dir" settings on a production server
>
> Cheers,
>
> Phil
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK  
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info 
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
>> Of Raymond Dijkxhoorn
>> Sent: 19 January 2007 15:55
>> To: MailScanner discussion
>> Subject: RE: Spam slipping through
>>
>> Hi!
>>
>>     
>>> Thank you, but that doesn't seem to be the problem.  When I 
>>>       
>> run the same 
>>     
>>> mail through spamassassin on the command line, it hits more 
>>>       
>> rules than 
>>     
>>> when it's running through MailScanner.  Both are using the 
>>>       
>> same config.
>>
>> And thats not due to the fact its added LATER on URIBL for 
>> examle? So you 
>> hit more rules when you recheck in time?
>>
>> Bye,
>> Raymond.
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
>>
>>     

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From rpoe at plattesheriff.org  Sat Jan 20 18:50:48 2007
From: rpoe at plattesheriff.org (Rob Poe)
Date: Sat Jan 20 17:53:47 2007
Subject: Question on OUTBOUND for MailMan
Message-ID: <45B20218020000A200004B13@platteco-2.plattesheriff.org>

Is there a way to instruct MailScanner to NOT scan emails (for spam) on an outbound only basis?

Reason I ask, is I had to set the "per user" personalization and now instead of batching, it sends each message as a seperate message - which causes MailScanner to run each of those through SpamAssassin.  

It would be MUCH faster if that were possible.  Maybe this is something I could do in an email header as opposed to the "From:" field.  A thought.


From dave99 at gmail.com  Sat Jan 20 19:21:58 2007
From: dave99 at gmail.com (Dave)
Date: Sat Jan 20 18:27:38 2007
Subject: Virus not marked as high-spam
Message-ID: <loom.20070120T185433-106@post.gmane.org>

I've had quite a few emails in the last couple of days that were marked as
having  'Virus (Trojan.Downloader-648)', and blocked by clamav, bitdefender and
mailscanner:
ClamAV: Full Text.exe contains Trojan.Downloader-648
Bitdefender: Found virus Trojan.Peed.A in file Full Text.exe
MailScanner: Executable DOS/Windows programs are dangerous in email
(Full Text.exe)
No programs allowed (Full Text.exe)

All of these have been marked as high-spam and blocked completely, which is
good. I had 1 this morning though that was marked only as spam, and therefore
sent a pickup notice to the end-user, even though clamav & bitdefender had found
the virus in it and blocked the message.

These messages all have a variation of news items:
Sadam Hussein alive!
Chinese missile shot down Russian aircraft
President of Russia Putin dead.
Hugo Chavez dead. (which is the one that slipped through)

Any ideas how to make sure that doesn't happen?

From res at ausics.net  Sat Jan 20 22:20:55 2007
From: res at ausics.net (Res)
Date: Sat Jan 20 21:23:54 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
Message-ID: <Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>

On Sat, 20 Jan 2007, Alex Neuman wrote:

> In my particular case I've had to turn off greylisting for a few servers 
> because the owners would rather throw more resources at the problem (cpu, 
> ram, etc.) to check mail after it's received. Most people I know get used to 
> the additional delay after a while, but there are some users who are more... 
> let's call it "recalcitrant".
>


The problem with your annoyance at your paying customers who dont 
want greylisting comment here is, business emails are time 
critical, it is unacceptable to delay email destined for lawyers, real 
estates, accountants and every other company where time is crucial, like 
those vying for multi-million dollar contracts.


Picture this:

its 9.10am a QC is due in high court at 10am

most hosting mail servers are very busy so its retry queue is set hourly 
to avoid problems wih normal mail

QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.

At 9.10 your grey laming said "i dunno if your a lamer or not try again 
later"

9.40 QC must leave for court, its still not there.

10.00 its retried and accepted, ..tuff luck the QC is right now before the 
full bench of the high court about to see his client slammed away fo 30 
years because of a lame mail server that delayed the crucial evidence.


OR what about the building sub contractor who just lost out on a 500 
million dollar project to Donald Trump, he's going to think, if 
you cant manage to get and read such a simple effortless thing like an 
email in half an hour do I really want to deal with you.

I dunno  maybe you people dont have time crucial customers :)

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From glenn.steen at gmail.com  Sat Jan 20 22:31:22 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat Jan 20 21:33:53 2007
Subject: Question on OUTBOUND for MailMan
In-Reply-To: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
References: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
Message-ID: <223f97700701201331n5247c6bdrdc0a987383bef1ee@mail.gmail.com>

On 20/01/07, Rob Poe <rpoe@plattesheriff.org> wrote:
> Is there a way to instruct MailScanner to NOT scan emails (for spam) on an outbound only basis?
>
> Reason I ask, is I had to set the "per user" personalization and now instead of batching, it sends each message as a seperate message - which causes MailScanner to run each of those through SpamAssassin.
>
> It would be MUCH faster if that were possible.  Maybe this is something I could do in an email header as opposed to the "From:" field.  A thought.
>
Rob,

Have you measured this? Thing is, if you use the SpamAssassin result
cache (SQLite thing) the overhead of split/recipient messages (which I
assume you are talking about) is rather marginal... Only the cost of
the digest+database lookup/"extra" message...

If you want to skip SpamAssassin, do that with a ruleset (as usual) on
"Use SpamAssassin" in MailScanner.conf, or on "Spam Checks"... The
latter disables a few things more than SA.

Or am I reading you wrong?
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From chandler at chapman.edu  Sat Jan 20 22:32:14 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Sat Jan 20 21:34:31 2007
Subject: Question on OUTBOUND for MailMan
In-Reply-To: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
References: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
Message-ID: <1185.206.211.137.181.1169328734.squirrel@webmail.chapman.edu>


On Sat, January 20, 2007 9:50 am, Rob Poe wrote:

> Reason I ask, is I had to set the "per user" personalization and now
> instead of batching, it sends each message as a seperate message - which
> causes MailScanner to run each of those through SpamAssassin.

Sorry to veer this slightly off topic, but when you say "per user"
personalizations, are you referring to individualized white and black
lists?  If so, I'd have interest in advice on how you implemented this...


-- 
Jay Chandler
Network Administrator
Chapman University

From spamtrap71892316634 at anime.net  Sat Jan 20 22:34:22 2007
From: spamtrap71892316634 at anime.net (Dan Hollis)
Date: Sat Jan 20 21:36:53 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
Message-ID: <Pine.LNX.4.64.0701201333580.14176@sasami.anime.net>

nice strawman, but any mailserver worth its beans will let individual 
customers disable greylisting.

On Sun, 21 Jan 2007, Res wrote:

> On Sat, 20 Jan 2007, Alex Neuman wrote:
>
>> In my particular case I've had to turn off greylisting for a few servers 
>> because the owners would rather throw more resources at the problem (cpu, 
>> ram, etc.) to check mail after it's received. Most people I know get used 
>> to the additional delay after a while, but there are some users who are 
>> more... let's call it "recalcitrant".
>> 
>
>
> The problem with your annoyance at your paying customers who dont want 
> greylisting comment here is, business emails are time critical, it is 
> unacceptable to delay email destined for lawyers, real estates, accountants 
> and every other company where time is crucial, like those vying for 
> multi-million dollar contracts.
>
>
> Picture this:
>
> its 9.10am a QC is due in high court at 10am
>
> most hosting mail servers are very busy so its retry queue is set hourly to 
> avoid problems wih normal mail
>
> QC tells the barrister he needs that info NOW "email it to me"
> barrister sends email 15 seconds later.
>
> At 9.10 your grey laming said "i dunno if your a lamer or not try again 
> later"
>
> 9.40 QC must leave for court, its still not there.
>
> 10.00 its retried and accepted, ..tuff luck the QC is right now before the 
> full bench of the high court about to see his client slammed away fo 30 years 
> because of a lame mail server that delayed the crucial evidence.
>
>
> OR what about the building sub contractor who just lost out on a 500 million 
> dollar project to Donald Trump, he's going to think, if you cant manage to 
> get and read such a simple effortless thing like an email in half an hour do 
> I really want to deal with you.
>
> I dunno  maybe you people dont have time crucial customers :)
>
> -- 
> Cheers
> Res
>
> "So, you think you can tell Heaven from Hell?" - Roger Waters
>
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From prandal at herefordshire.gov.uk  Sat Jan 20 22:36:25 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Sat Jan 20 21:38:59 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768218@isabella.herefordshire.gov.uk>

Oh good,

The sooner we bring down business and capitalism the better (sorry,
couldn't resist :-p ).

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res
Sent: Saturday, January 20, 2007 9:21 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

On Sat, 20 Jan 2007, Alex Neuman wrote:

> In my particular case I've had to turn off greylisting for a few
servers 
> because the owners would rather throw more resources at the problem
(cpu, 
> ram, etc.) to check mail after it's received. Most people I know get
used to 
> the additional delay after a while, but there are some users who are
more... 
> let's call it "recalcitrant".
>


The problem with your annoyance at your paying customers who dont 
want greylisting comment here is, business emails are time 
critical, it is unacceptable to delay email destined for lawyers, real 
estates, accountants and every other company where time is crucial, like

those vying for multi-million dollar contracts.


Picture this:

its 9.10am a QC is due in high court at 10am

most hosting mail servers are very busy so its retry queue is set hourly

to avoid problems wih normal mail

QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.

At 9.10 your grey laming said "i dunno if your a lamer or not try again 
later"

9.40 QC must leave for court, its still not there.

10.00 its retried and accepted, ..tuff luck the QC is right now before
the 
full bench of the high court about to see his client slammed away fo 30 
years because of a lame mail server that delayed the crucial evidence.


OR what about the building sub contractor who just lost out on a 500 
million dollar project to Donald Trump, he's going to think, if 
you cant manage to get and read such a simple effortless thing like an 
email in half an hour do I really want to deal with you.

I dunno  maybe you people dont have time crucial customers :)

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From prandal at herefordshire.gov.uk  Sat Jan 20 22:39:12 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Sat Jan 20 21:41:51 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768219@isabella.herefordshire.gov.uk>

In the real world, resources aren't thrown at the problem, and you get
mail backlogs which can far exceed any delay "imposed" by GreetPause.

If you want instant transfer, use instant messaging, http, or ftp
uploads.

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex
Neuman
Sent: Saturday, January 20, 2007 2:25 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

In my particular case I've had to turn off greylisting for a few  
servers because the owners would rather throw more resources at the  
problem (cpu, ram, etc.) to check mail after it's received. Most  
people I know get used to the additional delay after a while, but  
there are some users who are more... let's call it "recalcitrant".

In any case, GreetPause became a permanent addition to the "bat-belt"  
as soon as it came out. No cases of collateral damage so far, as with  
FPs in RBL's and so on, and it works not just against slammers but a  
lot of DOS situations as well.

If I had only one thing to pick to keep from my setup it would be  
GreetPause.

On Jan 19, 2007, at 7:52 PM, Scott Silva wrote:

> Durval Menezes spake the following on 1/19/2007 4:05 PM:
>> Hello folks,
>>
>> Scott Silva <ssilva@sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11  
>> -0800, wrote:
>>> Greetpause does help a lot, as I probably drop 10 to 20% of the  
>>> spam with it
>>> alone. Five seconds is a good starting point, but probably not  
>>> over 30
>>> seconds.
>>
>> The first time I became aware of GreetPause, I dismissed it as  
>> probably
>> not very effective, because it would be very simple for spammers  
>> to adapt
>> by just stopping the slam; on the negative side, it would end up  
>> slowing
>> ALL traffic, including the legitimate (non-spam) emails.
>>
>> Then I came upon Scott's (and others) recommendations, as above,  
>> and I
>> wondered if my initial analysis was incorrect; today, I found the  
>> time
>> to configure one of my servers to use GreetPause, and measured its
>> efficiency using pause intervals of 1s, 5s and 10s. The numbers I
>> obtained are as follows:
>>
>> Pause:    GreetPause:  total connections:	pre-greet/conexoes:
>> 1s     		 14          645         	2.17%
>> 5s      	 19          383         	4.96%
>> 10s      	 36          535         	6.73%
>>
>> What's worse, about 80% of the connections blocked by GreetPause  
>> would
>> have been blocked anyway by the MTA using RBLs alone, so the  
>> *effective*
>> Greetpause improvement over using RBLs alone would be about 1% or  
>> less,
>> even with relativelly large (10s) pauses.
>>
>> I've rechecked my analysis and found no mistakes; are you folks  
>> *really*
>> measuring GreetPause efficiency and finding these 10-20% numbers,  
>> or are
>> you deriving these numbers more from "feeling" or something? What  
>> other
>> explanations for the above discrepancies can you think of?
>>
>> If anyone wants to sift through my logs, I can make then avalable;
>> just ask.
>>
>> Thanks in advance for any and all input.
>>
>> Best Regards,
> Many cannot use all the good blacklists, and greetpause does catch  
> some of the
> newer spammers that haven't hit the blacklists yet.
>
> -- 
>
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From res at ausics.net  Sat Jan 20 22:40:04 2007
From: res at ausics.net (Res)
Date: Sat Jan 20 21:42:58 2007
Subject: {MailScanner: Spam} Re: Greetpause seems very ineffective (Was:
 RE: Increased Volumes Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701201333580.14176@sasami.anime.net>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701201333580.14176@sasami.anime.net>
Message-ID: <Pine.LNX.4.64.0701210738570.15966@ebfjryy.nhfvpf.arg>

On Sat, 20 Jan 2007, Dan Hollis wrote:

> nice strawman, but any mailserver worth its beans will let individual 
> customers disable greylisting.

you assume the users are tech savvy, half of them are lucky to know how to 
turn a damn PC on let alone do anything else, and they admit it.



>
> On Sun, 21 Jan 2007, Res wrote:
>
>> On Sat, 20 Jan 2007, Alex Neuman wrote:
>> 
>>> In my particular case I've had to turn off greylisting for a few servers 
>>> because the owners would rather throw more resources at the problem (cpu, 
>>> ram, etc.) to check mail after it's received. Most people I know get used 
>>> to the additional delay after a while, but there are some users who are 
>>> more... let's call it "recalcitrant".
>>> 
>> 
>> 
>> The problem with your annoyance at your paying customers who dont want 
>> greylisting comment here is, business emails are time critical, it is 
>> unacceptable to delay email destined for lawyers, real estates, accountants 
>> and every other company where time is crucial, like those vying for 
>> multi-million dollar contracts.
>> 
>> 
>> Picture this:
>> 
>> its 9.10am a QC is due in high court at 10am
>> 
>> most hosting mail servers are very busy so its retry queue is set hourly to 
>> avoid problems wih normal mail
>> 
>> QC tells the barrister he needs that info NOW "email it to me"
>> barrister sends email 15 seconds later.
>> 
>> At 9.10 your grey laming said "i dunno if your a lamer or not try again 
>> later"
>> 
>> 9.40 QC must leave for court, its still not there.
>> 
>> 10.00 its retried and accepted, ..tuff luck the QC is right now before the 
>> full bench of the high court about to see his client slammed away fo 30 
>> years because of a lame mail server that delayed the crucial evidence.
>> 
>> 
>> OR what about the building sub contractor who just lost out on a 500 
>> million dollar project to Donald Trump, he's going to think, if you cant 
>> manage to get and read such a simple effortless thing like an email in half 
>> an hour do I really want to deal with you.
>> 
>> I dunno  maybe you people dont have time crucial customers :)
>> 
>> -- 
>> Cheers
>> Res
>> 
>> "So, you think you can tell Heaven from Hell?" - Roger Waters
>> 
>> 
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
>

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From prandal at herefordshire.gov.uk  Sat Jan 20 22:57:42 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Sat Jan 20 22:00:36 2007
Subject: Spam slipping through
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176821A@isabella.herefordshire.gov.uk>

Julian Field wrote:

>> You're possibly not picking up the sa-updated rules when running
>> SpamAssassin from within MailScanner.  Running spamassassin from the
>> command line will use them.
>>
>> At some point SpamAssassin was fixed so that the local state dir
>> included /spamassassin, e.g. /var/lib/spamassassin, and not /var/lib.
>>
>> See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4952#c11 .
>>
>> Try amending your MailScanner.conf to read like my config below
(which
>> has been tested and verified to use the updated rules):
>>
>> # The rules created by the "sa-update" tool are searched for here.
>> # This directory contains the 3.001007/updates_spamassassin_org
>> # directory structure beneath it.
>> # Only un-comment this setting once you have proved that the
sa-update
>> # cron job has run successfully and has created a directory structure
>> under
>> # the spamassassin directory within this one and has put some *.cf
files
>> in
>> # there. Otherwise it will ignore all your current rules!
>> # The default location may be /var/opt on Solaris systems.
>>
>> SpamAssassin Local State Dir = /var/lib/spamassassin
>>
>> Jules, can you fix the default MailScanner.conf to match reality,
>> please?
>>   
>Can I be reasonably sure that the sa-update will work? And what
triggers 
>it? Do I need another cron job to do this, or does SpamAssassin do it
on 
>its own? Please include me directly as my personal address in a Cc for 
>this one, I have been trying not to miss a deadline by too much, and 
>would still very much like to do a stable release on 1st Feb. It's been

>far too long since the last one. I want to include everything except
the 
>new p records in Postfix, so if there's anything that needs 
>fixing/changing, send it to me personally as soon as possible, as I
hope 
>to have some time this coming week to work on MailScanner. So I need to

>know the list of outstanding jobs!

I guess you have two choices.  The least obtrusive is to leave the
"Spamassassin Local State Dir" value commented out, as it is by default,
but corrected to mirror the change introduced in the middle of last
year.

Or you could put in a sensible default and trust sa-update.

Your call.

You already create an sa-update file in /etc/cron.daily, with it set by
default not to do anything.

It would be useful if MailScanner restarted its children when the files
in the Local State Dir change (if it is being used).

Because there has been past confusion about where the local state dir
should point to, it would be a good idea if "MailScanner --lint" did
some consistency check to make sure the appropriate directory structure
is pointed to by the "Spamassassin Local State Dir" parameter.  That
structure won't exist until sa-update is successfully run, but you could
come up with a suitable set of warnings.

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From prandal at herefordshire.gov.uk  Sat Jan 20 23:00:03 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Sat Jan 20 22:02:44 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176821B@isabella.herefordshire.gov.uk>

Oops, substitute "greylisting" for "GreetPause".

Fingers out of sync with my brain again :-(

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal,
Phil
Sent: Saturday, January 20, 2007 9:39 PM
To: 'MailScanner discussion'
Subject: RE: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

In the real world, resources aren't thrown at the problem, and you get
mail backlogs which can far exceed any delay "imposed" by GreetPause.

If you want instant transfer, use instant messaging, http, or ftp
uploads.

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex
Neuman
Sent: Saturday, January 20, 2007 2:25 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

In my particular case I've had to turn off greylisting for a few  
servers because the owners would rather throw more resources at the  
problem (cpu, ram, etc.) to check mail after it's received. Most  
people I know get used to the additional delay after a while, but  
there are some users who are more... let's call it "recalcitrant".

In any case, GreetPause became a permanent addition to the "bat-belt"  
as soon as it came out. No cases of collateral damage so far, as with  
FPs in RBL's and so on, and it works not just against slammers but a  
lot of DOS situations as well.

If I had only one thing to pick to keep from my setup it would be  
GreetPause.

On Jan 19, 2007, at 7:52 PM, Scott Silva wrote:

> Durval Menezes spake the following on 1/19/2007 4:05 PM:
>> Hello folks,
>>
>> Scott Silva <ssilva@sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11  
>> -0800, wrote:
>>> Greetpause does help a lot, as I probably drop 10 to 20% of the  
>>> spam with it
>>> alone. Five seconds is a good starting point, but probably not  
>>> over 30
>>> seconds.
>>
>> The first time I became aware of GreetPause, I dismissed it as  
>> probably
>> not very effective, because it would be very simple for spammers  
>> to adapt
>> by just stopping the slam; on the negative side, it would end up  
>> slowing
>> ALL traffic, including the legitimate (non-spam) emails.
>>
>> Then I came upon Scott's (and others) recommendations, as above,  
>> and I
>> wondered if my initial analysis was incorrect; today, I found the  
>> time
>> to configure one of my servers to use GreetPause, and measured its
>> efficiency using pause intervals of 1s, 5s and 10s. The numbers I
>> obtained are as follows:
>>
>> Pause:    GreetPause:  total connections:	pre-greet/conexoes:
>> 1s     		 14          645         	2.17%
>> 5s      	 19          383         	4.96%
>> 10s      	 36          535         	6.73%
>>
>> What's worse, about 80% of the connections blocked by GreetPause  
>> would
>> have been blocked anyway by the MTA using RBLs alone, so the  
>> *effective*
>> Greetpause improvement over using RBLs alone would be about 1% or  
>> less,
>> even with relativelly large (10s) pauses.
>>
>> I've rechecked my analysis and found no mistakes; are you folks  
>> *really*
>> measuring GreetPause efficiency and finding these 10-20% numbers,  
>> or are
>> you deriving these numbers more from "feeling" or something? What  
>> other
>> explanations for the above discrepancies can you think of?
>>
>> If anyone wants to sift through my logs, I can make then avalable;
>> just ask.
>>
>> Thanks in advance for any and all input.
>>
>> Best Regards,
> Many cannot use all the good blacklists, and greetpause does catch  
> some of the
> newer spammers that haven't hit the blacklists yet.
>
> -- 
>
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From spamtrap71892316634 at anime.net  Sat Jan 20 23:06:03 2007
From: spamtrap71892316634 at anime.net (Dan Hollis)
Date: Sat Jan 20 22:08:35 2007
Subject: {MailScanner: Spam} Re: Greetpause seems very ineffective (Was:
 RE: Increased Volumes Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701210738570.15966@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701201333580.14176@sasami.anime.net>
	<Pine.LNX.4.64.0701210738570.15966@ebfjryy.nhfvpf.arg>
Message-ID: <Pine.LNX.4.64.0701201404370.23089@sasami.anime.net>

On Sun, 21 Jan 2007, Res wrote:
> On Sat, 20 Jan 2007, Dan Hollis wrote:
>> nice strawman, but any mailserver worth its beans will let individual 
>> customers disable greylisting.
> you assume the users are tech savvy, half of them are lucky to know how to 
> turn a damn PC on let alone do anything else, and they admit it.

then they're obviously too stupid to use an email client right? its 
obviously beyond their abilities. problem solved.
From res at ausics.net  Sat Jan 20 23:51:29 2007
From: res at ausics.net (Res)
Date: Sat Jan 20 22:54:26 2007
Subject: {MailScanner: Spam} Re: {MailScanner: Spam} Re: Greetpause seems
 very ineffective (Was: RE: Increased Volumes Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701201404370.23089@sasami.anime.net>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701201333580.14176@sasami.anime.net>
	<Pine.LNX.4.64.0701210738570.15966@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701201404370.23089@sasami.anime.net>
Message-ID: <Pine.LNX.4.64.0701210848030.16730@ebfjryy.nhfvpf.arg>

On Sat, 20 Jan 2007, Dan Hollis wrote:

> then they're obviously too stupid to use an email client right? its obviously 
> beyond their abilities. problem solved.


what a pathetic childish attitude, everyone starts somewhere

their dollar is just as good as anyone elses in the real world, dunno bout 
the fantasyland you seem to live in lol.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From r.berber at computer.org  Sun Jan 21 00:07:46 2007
From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=)
Date: Sat Jan 20 23:10:30 2007
Subject: Question on OUTBOUND for MailMan
In-Reply-To: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
References: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
Message-ID: <eou7bv$9cj$1@sea.gmane.org>

Rob Poe wrote:

> Is there a way to instruct MailScanner to NOT scan emails (for spam) on an
> outbound only basis?

Yes, take a look at the README and EXAMPLES inside $MAILSCANNER/etc/rules.

> Reason I ask, is I had to set the "per user" personalization and now instead
> of batching, it sends each message as a seperate message - which causes
> MailScanner to run each of those through SpamAssassin.

Which shouldn't be a problem since SA usually keeps a cache that allows it not
to rescan the same message, just reuse the score.

> It would be MUCH faster if that were possible.  Maybe this is something I
> could do in an email header as opposed to the "From:" field.  A thought.

Not with MS, the rules only work with the From and To headers.
-- 
Ren? Berber

From matt at coders.co.uk  Sun Jan 21 00:12:43 2007
From: matt at coders.co.uk (Matt Hampton)
Date: Sat Jan 20 23:15:34 2007
Subject: Question on OUTBOUND for MailMan
In-Reply-To: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
References: <45B20218020000A200004B13@platteco-2.plattesheriff.org>
Message-ID: <45B2A1EB.8030001@coders.co.uk>

Rob Poe wrote:
> Is there a way to instruct MailScanner to NOT scan emails (for spam) on an outbound only basis?
> 
> Reason I ask, is I had to set the "per user" personalization and now instead of batching, it sends each message as a seperate message - which causes MailScanner to run each of those through SpamAssassin.  
> 
> It would be MUCH faster if that were possible.  Maybe this is something I could do in an email header as opposed to the "From:" field.  A thought.
> 
> 


http://wiki.mailscanner.info/doku.php?id=documentation:related_software:mailman
From taz at taz-mania.com  Sun Jan 21 09:12:55 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Sun Jan 21 08:16:27 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org>
	<20070119220533.A4014@tmp.com.br>	<eorp52$b04$3@sea.gmane.org>	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
Message-ID: <45B32087.7030109@taz-mania.com>

eMail has no guarantee of delivery or especially timing of delivery.

There are many many things that can effect the timing of delivery. If a 
lawyer or other business needs an instant or guaranteed time of delivery 
they certainly shouldn't be using eMail. Most servers retry within a few 
minutes. I have my greylisting set to only force a 2 minute delay AND 
this only occurs on the very first send form one user to another, each 
additional email is not delayed at all.

This is really not a valid excuse...

Res wrote:
> On Sat, 20 Jan 2007, Alex Neuman wrote:
>
>> In my particular case I've had to turn off greylisting for a few 
>> servers because the owners would rather throw more resources at the 
>> problem (cpu, ram, etc.) to check mail after it's received. Most 
>> people I know get used to the additional delay after a while, but 
>> there are some users who are more... let's call it "recalcitrant".
>>
>
>
> The problem with your annoyance at your paying customers who dont want 
> greylisting comment here is, business emails are time critical, it is 
> unacceptable to delay email destined for lawyers, real estates, 
> accountants and every other company where time is crucial, like those 
> vying for multi-million dollar contracts.
>
>
> Picture this:
>
> its 9.10am a QC is due in high court at 10am
>
> most hosting mail servers are very busy so its retry queue is set 
> hourly to avoid problems wih normal mail
>
> QC tells the barrister he needs that info NOW "email it to me"
> barrister sends email 15 seconds later.
>
> At 9.10 your grey laming said "i dunno if your a lamer or not try 
> again later"
>
> 9.40 QC must leave for court, its still not there.
>
> 10.00 its retried and accepted, ..tuff luck the QC is right now before 
> the full bench of the high court about to see his client slammed away 
> fo 30 years because of a lame mail server that delayed the crucial 
> evidence.
>
>
> OR what about the building sub contractor who just lost out on a 500 
> million dollar project to Donald Trump, he's going to think, if you 
> cant manage to get and read such a simple effortless thing like an 
> email in half an hour do I really want to deal with you.
>
> I dunno  maybe you people dont have time crucial customers :)
>
From res at ausics.net  Sun Jan 21 13:04:34 2007
From: res at ausics.net (Res)
Date: Sun Jan 21 12:07:13 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <45B32087.7030109@taz-mania.com>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B32087.7030109@taz-mania.com>
Message-ID: <Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>

On Sun, 21 Jan 2007, Dennis Willson wrote:

> eMail has no guarantee of delivery or especially timing of delivery.
>
> There are many many things that can effect the timing of delivery. If a 
> lawyer or other business needs an instant or guaranteed time of delivery they

> certainly shouldn't be using eMail. Most servers retry within a few minutes.

this is not the case in reality, host servers that process real 
quantities of mail do not retry within minutes, typicaly its 10/15/30 60 
mins depending on how busy the servers are.

> I have my greylisting set to only force a 2 minute delay AND this only occurs

the amount of time anyone sets greylaming to is moot, it comes down to 
when the attempting to send server, retries.

if any tech under my control initiates greylisting on any server i will 
dismiss them instantly, our customers want their mail asap that means 
without delay, and I pride myself in ensuring that happens, it keeps the 
paying customers happy, if they happy I'm happy.

but each to our own, clearly you dont give a stuff when your
customers get mail, which is your business entirely, so long as your 
cusotmers are prepared to tolerate it, and accept that deliberate delaying 
of their inbound mail is not the norm with every service providor and you 
advise them of this prior to their application of your serices, you do 
warn them you delay their mail dont you?


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From spamtrap71892316634 at anime.net  Sun Jan 21 13:27:42 2007
From: spamtrap71892316634 at anime.net (Dan Hollis)
Date: Sun Jan 21 12:30:17 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B32087.7030109@taz-mania.com>
	<Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
Message-ID: <Pine.LNX.4.64.0701210426210.9350@sasami.anime.net>

On Sun, 21 Jan 2007, Res wrote:
> but each to our own, clearly you dont give a stuff when your
> customers get mail, which is your business entirely, so long as your 
> cusotmers are prepared to tolerate it, and accept that deliberate delaying of 
> their inbound mail is not the norm with every service providor and you advise 
> them of this prior to their application of your serices, you do warn them you 
> delay their mail dont you?

you can also default it to off, and let customers enable it at their discretion.

customer choice. what a concept, eh? but with you its obviously not a choice.

-Dan
From uxbod at splatnix.net  Sun Jan 21 13:34:42 2007
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Sun Jan 21 12:34:20 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B32087.7030109@taz-mania.com>
	<Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
Message-ID: <20070121123442.58547bfd@localhost>

Per domain opt in/out is the way to go. Most GreyListing applications
store their data in some form of database, so making the choice
customer driven is very easy to implement.

At the end of the day everybody has different needs, but most customers
winge about how much SPAM they receive. Any form of countermeasure
introduces a delay, even MailScanner, so whatever you do a customers
email is always going to be delayed.

Just my 2p worth.

On Sun, 21 Jan 2007 22:04:34 +1000 (EST)
Res <res@ausics.net> wrote:

> On Sun, 21 Jan 2007, Dennis Willson wrote:
> 
> > eMail has no guarantee of delivery or especially timing of delivery.
> >
> > There are many many things that can effect the timing of delivery.
> > If a lawyer or other business needs an instant or guaranteed time
> > of delivery they
> 
> > certainly shouldn't be using eMail. Most servers retry within a few
> > minutes.
> 
> this is not the case in reality, host servers that process real 
> quantities of mail do not retry within minutes, typicaly its 10/15/30
> 60 mins depending on how busy the servers are.
> 
> > I have my greylisting set to only force a 2 minute delay AND this
> > only occurs
> 
> the amount of time anyone sets greylaming to is moot, it comes down
> to when the attempting to send server, retries.
> 
> if any tech under my control initiates greylisting on any server i
> will dismiss them instantly, our customers want their mail asap that
> means without delay, and I pride myself in ensuring that happens, it
> keeps the paying customers happy, if they happy I'm happy.
> 
> but each to our own, clearly you dont give a stuff when your
> customers get mail, which is your business entirely, so long as your 
> cusotmers are prepared to tolerate it, and accept that deliberate
> delaying of their inbound mail is not the norm with every service
> providor and you advise them of this prior to their application of
> your serices, you do warn them you delay their mail dont you?
> 
> 

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From mike at tc3net.com  Sun Jan 21 15:47:03 2007
From: mike at tc3net.com (Michael Baird)
Date: Sun Jan 21 14:50:12 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B32087.7030109@taz-mania.com>
	<Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
Message-ID: <1169390823.4660.25.camel@localhost>

On Sun, 2007-01-21 at 22:04 +1000, Res wrote:
> On Sun, 21 Jan 2007, Dennis Willson wrote:
> 
> > eMail has no guarantee of delivery or especially timing of delivery.
> >
> > There are many many things that can effect the timing of delivery. If a 
> > lawyer or other business needs an instant or guaranteed time of delivery they
> 
> > certainly shouldn't be using eMail. Most servers retry within a few minutes.
> 
> this is not the case in reality, host servers that process real 
> quantities of mail do not retry within minutes, typicaly its 10/15/30 60 
> mins depending on how busy the servers are.
> 

Not if they are working properly, they should retry immediately to
another MX, at which time the tuple would have been propagated between
MX servers (using a very short delay of course). Well at least the
greylisting scheme we use does this.

> > I have my greylisting set to only force a 2 minute delay AND this only occurs
> 
> the amount of time anyone sets greylaming to is moot, it comes down to 
> when the attempting to send server, retries.
> 
> if any tech under my control initiates greylisting on any server i will 
> dismiss them instantly, our customers want their mail asap that means 
> without delay, and I pride myself in ensuring that happens, it keeps the 
> paying customers happy, if they happy I'm happy.
> 

MailScanner imposes a much greater delay per message then what you will
see with Greylisting, so if this is truly your goal, you should dismiss
yourself, since you appear to be using MailScanner and it imposes a much
greater delay per message then the greylisting schemes do. 

> but each to our own, clearly you dont give a stuff when your
> customers get mail, which is your business entirely, so long as your 
> cusotmers are prepared to tolerate it, and accept that deliberate delaying 
> of their inbound mail is not the norm with every service providor and you 
> advise them of this prior to their application of your serices, you do 
> warn them you delay their mail dont you?
> 

Clearly you don't care very much either, since you are delaying each and
every mail by a significant amount processing them via MailScanner.
Maybe if you used greylisting you could bring the batch processing times
down though, and bring the delay per message imposed by MailScanner down
a bit (certainly for legit mail).

Regards
Michael Baird



From liste.gug at free.fr  Sun Jan 21 18:17:28 2007
From: liste.gug at free.fr (liste.gug@free.fr)
Date: Sun Jan 21 17:20:02 2007
Subject: send infected files attachement to an adresse
Message-ID: <1169399848.45b3a028ba6db@imp.free.fr>

Hi,

I've done a smtp gateway with Mailscanner (spam and virus) under :
* Debian Sarge
* Postfix
* MailScanner
* SpamAssassin
* Clamav

Evrything works greats. My smtp gateway works well (transfer mail, scan,
restriction on the rpt and sender, ...)

Actually, when a virus is detected in a mail, Mailscanner send a notification to
virus@.

I'd like that Mailscanner send the infected attachement files with the
notification. I can need thoses files latter for various taks on them.

Do you known how to do it ?

Thank you in advance,

Ben.

From subscriptions at burakueda.com  Mon Jan 22 07:02:15 2007
From: subscriptions at burakueda.com (Burak Ueda)
Date: Mon Jan 22 06:05:03 2007
Subject: User specific rulesets
Message-ID: <45B45367.3090702@burakueda.com>

Greetings everyone.
I have a question about rule sets.
First let me describe the environment and conditions:

Server:
Intel Dempsey Dual Core HT 3.0 GHz (4 virtual processors)
2 GB of memory (upgradeable to 16 GB)
CentOS 4.5 / Apache 1.3
cPanel/WHM control panel installed.

This is an email server. There are about 80 domains (with no websites) 
and currently a bit more than 2000 email accounts.
Number of email account expected to go up to 10K in this 1~2 years.
The busiest domain will have approx 500 email accounts, the domain with 
the least email accounts will have around 50.

I will let the email account owners write their own filter, up to 10 per 
address. This will be black list only.

Here is a simple scenario:

Mr. A has an address: email-A@domain1.com
Mrs. B has an address in same domain:  email-B@domain1.com

These two people are not related to each other in way. They just own an 
email address with same domain name. Just like gmail.com, yahoo.com etc.
So Mr A doesn't wants to receive email from  offers@shop.com,
but Mrs. B is a regular customer of shop.com and want to get emails form 
offers@shop.com

I can achieve this by editing the global rules file:
/usr/mailscanner/etc/rules/spam.blacklist.rules
adding this line:
To: email-A@domain1.com and From: offers@shop.com    yes

Here is the problem:
Lets say server has 9000 email accounts. And 70% of the email account 
owners are using personal filter.
It is unlikely that all the users will use all 10 filters, so average 
filter usage per user will be like 5.
With some calculations, my global black list file will have 30K to 40K 
lines of rules.
And each time an email arrives to the server, MailScanner will check 
this huge blacklist file (correct?).

Instead, I want to do this:
Create a global blacklist file with 50 or so line, included the most 
obvious spammers.
And create a rule set for each domain. Somewhere in:
/home/user/etc/spam.blacklist.rules

So even for the busiest domain, even if the all account holders using 
all of their 10 rules, it will make 5000 lines of rules.
So MailScanner will check the global file 50 lines + black list file for 
the receiver domain 5000 = will be 5050 lines max.

I am so sorry for over detailed explanation, but I hope you got my point.
Is this possible at all? If yes How?
And if this is not possible, is my server specs enough to handle that 
big blacklist file ?

Thanks in advance.
From ka at pacific.net  Mon Jan 22 07:44:59 2007
From: ka at pacific.net (Ken A)
Date: Mon Jan 22 06:47:41 2007
Subject: User specific rulesets
In-Reply-To: <45B45367.3090702@burakueda.com>
References: <45B45367.3090702@burakueda.com>
Message-ID: <45B45D6B.8050304@pacific.net>

Burak Ueda wrote:
> Greetings everyone.
> I have a question about rule sets.
> First let me describe the environment and conditions:
> 
> Server:
> Intel Dempsey Dual Core HT 3.0 GHz (4 virtual processors)
> 2 GB of memory (upgradeable to 16 GB)
> CentOS 4.5 / Apache 1.3
> cPanel/WHM control panel installed.
> 
> This is an email server. There are about 80 domains (with no websites) 
> and currently a bit more than 2000 email accounts.
> Number of email account expected to go up to 10K in this 1~2 years.
> The busiest domain will have approx 500 email accounts, the domain with 
> the least email accounts will have around 50.
> 
> I will let the email account owners write their own filter, up to 10 per 
> address. This will be black list only.

Blacklists are almost useless when used by 'average' users. Inevitably,
things like insxisliekan@throwawaydomain.info get blacklisted most of
the time. Whitelists are more useful. my $.02 :-\

> 
> Here is a simple scenario:
> 
> Mr. A has an address: email-A@domain1.com
> Mrs. B has an address in same domain:  email-B@domain1.com
> 
> These two people are not related to each other in way. They just own an 
> email address with same domain name. Just like gmail.com, yahoo.com etc.
> So Mr A doesn't wants to receive email from  offers@shop.com,
> but Mrs. B is a regular customer of shop.com and want to get emails form 
> offers@shop.com
> 
> I can achieve this by editing the global rules file:
> /usr/mailscanner/etc/rules/spam.blacklist.rules
> adding this line:
> To: email-A@domain1.com and From: offers@shop.com    yes
> 
> Here is the problem:
> Lets say server has 9000 email accounts. And 70% of the email account 
> owners are using personal filter.
> It is unlikely that all the users will use all 10 filters, so average 
> filter usage per user will be like 5.
> With some calculations, my global black list file will have 30K to 40K 
> lines of rules.

> And each time an email arrives to the server, MailScanner will check 
> this huge blacklist file (correct?).

MailScanner loads it all into ram on startup. It doesn't read config 
files when it receives mail. Large config files will bloat the 
MailScanner/SA processes quite a bit, but it should work on the system 
you describe, so long as it's dedicated to MailScanner/SA. 
Apache/cpanel/pop/imap should be on another box. MailScanner will often 
use 100% of cpu when it's busy, which is not a problem, so long as the 
box is dedicated to Scanning mail. The ONLY thing I'd run on this box 
besides MailScanner would be your antivirus software, and a caching 
nameserver, and perhaps a milter or two. Additionally, depending on how 
much mail you actually receive, be prepared to add another MailScanner 
box to the picture too.

Ken A
Pacific.Net

> Instead, I want to do this:
> Create a global blacklist file with 50 or so line, included the most 
> obvious spammers.
> And create a rule set for each domain. Somewhere in:
> /home/user/etc/spam.blacklist.rules
> 
> So even for the busiest domain, even if the all account holders using 
> all of their 10 rules, it will make 5000 lines of rules.
> So MailScanner will check the global file 50 lines + black list file for 
> the receiver domain 5000 = will be 5050 lines max.
> 
> I am so sorry for over detailed explanation, but I hope you got my point.
> Is this possible at all? If yes How?
> And if this is not possible, is my server specs enough to handle that 
> big blacklist file ?
> 
> Thanks in advance.


From res at ausics.net  Mon Jan 22 08:37:47 2007
From: res at ausics.net (Res)
Date: Mon Jan 22 07:40:29 2007
Subject: {MailScanner: Spam} Re: Greetpause seems very ineffective (Was:
 RE: Increased Volumes Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701210426210.9350@sasami.anime.net>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B32087.7030109@taz-mania.com>
	<Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701210426210.9350@sasami.anime.net>
Message-ID: <Pine.LNX.4.64.0701221734190.5103@ebfjryy.nhfvpf.arg>

On Sun, 21 Jan 2007, Dan Hollis wrote:

> On Sun, 21 Jan 2007, Res wrote:
>> but each to our own, clearly you dont give a stuff when your
>> customers get mail, which is your business entirely, so long as your 
>> cusotmers are prepared to tolerate it, and accept that deliberate delaying 
>> of their inbound mail is not the norm with every service providor and you 
>> advise them of this prior to their application of your serices, you do warn 
>> them you delay their mail dont you?
>
> you can also default it to off, and let customers enable it at their 
> discretion.
>
> customer choice. what a concept, eh? but with you its obviously not a choice.

Its worked not having it rather nicely here...
why add to it with another waste of hardware to have a db server 
specific for it, i'm not going to bog down our primary db servers so it 
can do extra greylaming lookups, not when they process constantly 200-500 
cps depending on time of day, not worth it.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Mon Jan 22 08:38:08 2007
From: res at ausics.net (Res)
Date: Mon Jan 22 07:40:52 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <20070121123442.58547bfd@localhost>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B32087.7030109@taz-mania.com>
	<Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
	<20070121123442.58547bfd@localhost>
Message-ID: <Pine.LNX.4.64.0701221737540.5103@ebfjryy.nhfvpf.arg>

On Sun, 21 Jan 2007, --[ UxBoD ]-- wrote:

> Per domain opt in/out is the way to go. Most GreyListing applications
> store their data in some form of database, so making the choice
> customer driven is very easy to implement.


see previous post :)

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Mon Jan 22 08:57:58 2007
From: res at ausics.net (Res)
Date: Mon Jan 22 08:00:41 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <1169390823.4660.25.camel@localhost>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B32087.7030109@taz-mania.com>
	<Pine.LNX.4.64.0701212157100.18776@ebfjryy.nhfvpf.arg>
	<1169390823.4660.25.camel@localhost>
Message-ID: <Pine.LNX.4.64.0701221738130.5103@ebfjryy.nhfvpf.arg>

On Sun, 21 Jan 2007, Michael Baird wrote:

> Not if they are working properly, they should retry immediately to
> another MX, at which time the tuple would have been propagated between

your statement works assuming they are linked to same DB, but of course 
retries would be instant, most the grey lame servs wont accept you  if 
you connect in seconds (sourceforge servers for eg dont work that way)
so back you go into the queue to be retried later.

> MailScanner imposes a much greater delay per message then what you will
> see with Greylisting, so if this is truly your goal, you should dismiss

thats the most stupdist comment ive seen no this list, ever, no it 
does not.

>From time of acceptance, the mail is typcially in their mailbox (or mail 
dir if its one of the qmail servers) within no more than 30 seconds, 
typically its 5.

> Clearly you don't care very much either, since you are delaying each and
> every mail by a significant amount processing them via MailScanner.

Not on my setup. greet pause, blocking no RDNS because idiot 
incompetant admins dont know how to configure DNS, blocking bad helo,
and 4 RBL's, means mostly legit email only gets through, there is 13 msgs 
from past 7 days in the high scored quarantine directory, high score here 
is set to 10.

> Maybe if you used greylisting you could bring the batch processing times
> down though, and bring the delay per message imposed by MailScanner down
> a bit (certainly for legit mail).

I fail to see the delay? I dont exactly use desktop PC's
I use batch size of 50 and have 20 copies mailscanner running (4 real 
CPUs x5 which is what is recommended) I use 1 gig ram drive, the setup 
works nicely i'm not about to screw with it, based on the stats i have.

so I tell you what, when I see constant delays of more than several 
minutes I will put it on one of the boxes and see if it makes any 
difference, but i know i wont be doing it any year soon :)


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From niall at blacknight.ie  Mon Jan 22 13:50:07 2007
From: niall at blacknight.ie (Niall Donegan)
Date: Mon Jan 22 12:52:45 2007
Subject: Database Lock
Message-ID: <45B4B2FF.6040607@blacknight.ie>

Hi all,

One of our servers is currently backing up with email in the queue, and 
the only thing unusual I can spot in the logs is:

Jan 22 12:37:51 server MailScanner[12737]: database is locked(5) at 
dbdimp.c line 398
Jan 22 12:38:17 server MailScanner[12868]: database is locked(5) at 
dbdimp.c line 398
Jan 22 12:38:21 server MailScanner[12737]: database is locked(5) at 
dbdimp.c line 398
Jan 22 12:38:51 server MailScanner[12868]: database is locked(5) at 
dbdimp.c line 398

This is printed out once for each child process.

As far as I know, the database in question is probably 
/var/spool/MailScanner/Incoming/SpamAssassin.cache.db but I can't figure 
out why MailScanner is having such problems with it on this one server.

Has anyone any suggestions as to what could be causing the problem?

Thanks,
Niall.
From prandal at herefordshire.gov.uk  Mon Jan 22 14:48:08 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 22 14:04:46 2007
Subject: Database Lock
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B581237BB03@isabella.herefordshire.gov.uk>

Stop MailScanner, delete
/var/spool/MailScanner/Incoming/SpamAssassin.cache.db and restart
MailScanner.

If it is a database corruption issue that should fix it.

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Niall Donegan
> Sent: 22 January 2007 12:50
> To: mailscanner@lists.mailscanner.info
> Subject: Database Lock
> 
> Hi all,
> 
> One of our servers is currently backing up with email in the 
> queue, and 
> the only thing unusual I can spot in the logs is:
> 
> Jan 22 12:37:51 server MailScanner[12737]: database is locked(5) at 
> dbdimp.c line 398
> Jan 22 12:38:17 server MailScanner[12868]: database is locked(5) at 
> dbdimp.c line 398
> Jan 22 12:38:21 server MailScanner[12737]: database is locked(5) at 
> dbdimp.c line 398
> Jan 22 12:38:51 server MailScanner[12868]: database is locked(5) at 
> dbdimp.c line 398
> 
> This is printed out once for each child process.
> 
> As far as I know, the database in question is probably 
> /var/spool/MailScanner/Incoming/SpamAssassin.cache.db but I 
> can't figure 
> out why MailScanner is having such problems with it on this 
> one server.
> 
> Has anyone any suggestions as to what could be causing the problem?
> 
> Thanks,
> Niall.
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
From dave.list at pixelhammer.com  Mon Jan 22 15:12:27 2007
From: dave.list at pixelhammer.com (DAve)
Date: Mon Jan 22 14:15:33 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org>
	<20070119220533.A4014@tmp.com.br>	<eorp52$b04$3@sea.gmane.org>	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
Message-ID: <45B4C64B.9080908@pixelhammer.com>

Res wrote:
> On Sat, 20 Jan 2007, Alex Neuman wrote:
> 
>> In my particular case I've had to turn off greylisting for a few 
>> servers because the owners would rather throw more resources at the 
>> problem (cpu, ram, etc.) to check mail after it's received. Most 
>> people I know get used to the additional delay after a while, but 
>> there are some users who are more... let's call it "recalcitrant".
>>
> 
> 
> The problem with your annoyance at your paying customers who dont want 
> greylisting comment here is, business emails are time critical, it is 
> unacceptable to delay email destined for lawyers, real estates, 
> accountants and every other company where time is crucial, like those 
> vying for multi-million dollar contracts.
> 
> 
> Picture this:
> 
> its 9.10am a QC is due in high court at 10am
> 
> most hosting mail servers are very busy so its retry queue is set hourly 
> to avoid problems wih normal mail
> 
> QC tells the barrister he needs that info NOW "email it to me"
> barrister sends email 15 seconds later.
> 
> At 9.10 your grey laming said "i dunno if your a lamer or not try again 
> later"
> 
> 9.40 QC must leave for court, its still not there.
> 
> 10.00 its retried and accepted, ..tuff luck the QC is right now before 
> the full bench of the high court about to see his client slammed away fo 
> 30 years because of a lame mail server that delayed the crucial evidence.
> 

We have a considerable number of law offices on our mail servers, they 
have all had greylisting enabled. We do provide a way to opt of 
greylisting per client(domain) and only one has chosen to do so. Their 
spam did not decrease.

Email is not a guaranteed delivery, couriers are. If you go to prison 
because your attorney hinged your defense on the arrival time of an 
email, you chose the wrong attorney.

> 
> OR what about the building sub contractor who just lost out on a 500 
> million dollar project to Donald Trump, he's going to think, if you cant 
> manage to get and read such a simple effortless thing like an email in 
> half an hour do I really want to deal with you.
> 

Real contracts are handled via Fed-Ex overnight, certified mail, web 
based download of RFPs and web based upload of proposals. We have 
contractors as clients as well, and they are do multi million dollar 
contracts at the State level. They do not consider email a critical 
business tool.

> I dunno  maybe you people dont have time crucial customers :)
> 

Several, we  offer to whitelist senders for those communications that 
must use email, and must be delivered without delay. So far we have less 
than ten servers listed. Note also we never preach "email is not 
guaranteed" or "email is not a dependable delivery method". The clients 
are savy enough to know that already.

I handle all email complaints, so far over 4 years we are batting 1000. 
I have found or explained every instance of a slow or missing email 
message. The top problems in order, mis spelled email address in the 
address book, poor RBL choice(people are still using SPAMBAG), "shrink 
wrap" Exchange administrator (Frank in accounting installed Exchange for 
us, but he quit. Bob has been trying to figure it out but sometimes mail 
doesn't work now).

Greylisting may not be a great solution, just a step away from C&R IMO, 
but it will not bring down civilization either ;^)

DAve


-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
From niall at blacknight.ie  Mon Jan 22 15:23:24 2007
From: niall at blacknight.ie (Niall Donegan)
Date: Mon Jan 22 14:26:02 2007
Subject: Database Lock
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581237BB03@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B581237BB03@isabella.herefordshire.gov.uk>
Message-ID: <45B4C8DC.5040101@blacknight.ie>

Randal, Phil wrote:
> Stop MailScanner, delete
> /var/spool/MailScanner/Incoming/SpamAssassin.cache.db and restart
> MailScanner.
>
> If it is a database corruption issue that should fix it.
>   
I should have mentioned that that is exactly what I have been doing to 
get around the problem, however 20mins later it's back again.
> Cheers,
>
> Phil
>
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK  
>   
From wjohns at balita.ph  Mon Jan 22 17:26:04 2007
From: wjohns at balita.ph (Wayne)
Date: Mon Jan 22 16:28:53 2007
Subject: Change of mailer
Message-ID: <200701221626.l0MGQ30O021977@balita.ph>

I have noticed that spammers and virus pushers seem to have deserted
Internet Explorer in favor of Thunderbird i.e.

Thunderbird 1.5.0.9 (Windows/20061207)

Any significance in this apart from its free.

I surveyed 100 reports over the weekend and 95 of them used this
client.

- Wayne -


-- 
This email has been scanned by the Balita server.

From jlcostinha at halla.pt  Mon Jan 22 17:31:02 2007
From: jlcostinha at halla.pt (Jorge Costinha)
Date: Mon Jan 22 16:33:50 2007
Subject: Notify sender of viruses Only when they belong to my internal
	network
Message-ID: <210065444.20070122163102@halla.pt>

greatings all,


here what i have tried, unsuccessful:

in Mailscanner.conf

.
.
.
Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules
.
.
.


contents of NotifyVirusSenders.rules

From:		192.168.10.	yes
FromOrTo:	Default	no


ive tried change the ip to my domain, something like

From: *@mydomain.com yes 

didnt work. the purpose of this started when someone inside my network sent an excel password-protected file. The email wasnt delivered and the sender didnt get any notification. I figure that internal users should be receive notifications. if anyone has a better idead, i would appreciate. Anyway, i cant seem to identify the problem. 

thanks in advance 
__
Jorge Costinha

-- 
This message has been scanned for viruses and
dangerous content by HCC MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070122/8da55004/attachment.html
From alex at nkpanama.com  Mon Jan 22 17:59:46 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Mon Jan 22 17:02:59 2007
Subject: Change of mailer
In-Reply-To: <200701221626.l0MGQ30O021977@balita.ph>
References: <200701221626.l0MGQ30O021977@balita.ph>
Message-ID: <45B4ED82.1090601@nkpanama.com>

Most spammer "clients" are faked.

Wayne wrote:
> I have noticed that spammers and virus pushers seem to have deserted
> Internet Explorer in favor of Thunderbird i.e.
> 
> Thunderbird 1.5.0.9 (Windows/20061207)
> 
> Any significance in this apart from its free.
> 
> I surveyed 100 reports over the weekend and 95 of them used this
> client.
> 
> - Wayne -
> 
> 
From alex at nkpanama.com  Mon Jan 22 18:00:37 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Mon Jan 22 17:03:49 2007
Subject: Notify sender of viruses Only when they belong to my internal
 network
In-Reply-To: <210065444.20070122163102@halla.pt>
References: <210065444.20070122163102@halla.pt>
Message-ID: <45B4EDB5.3010108@nkpanama.com>

Password protected = virus? Are you sure?

Jorge Costinha wrote:
> greatings all,
> 
> 
> 
> here what i have tried, unsuccessful:
> 
> 
> in Mailscanner.conf
> 
> 
> .
> 
> .
> 
> .
> 
> Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules
> 
> .
> 
> .
> 
> .
> 
> 
> 
> contents of NotifyVirusSenders.rules
> 
> 
> From:                192.168.10.        yes
> 
> FromOrTo:        Default        no
> 
> 
> 
> ive tried change the ip to my domain, something like
> 
> 
> From: *@mydomain.com <mailto:*@mydomain.com> yes 
> 
> 
> didnt work. the purpose of this started when someone inside my network 
> sent an excel password-protected file. The email wasnt delivered and the 
> sender didnt get any notification. I figure that internal users should 
> be receive notifications. if anyone has a better idead, i would 
> appreciate. Anyway, i cant seem to identify the problem. 
> 
> 
> thanks in advance 
> 
> __
> 
> Jorge Costinha
> 
> 
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by HCC Mailscanner software, and is
> believed to be clean.
> 
From wjohns at balita.ph  Mon Jan 22 18:06:47 2007
From: wjohns at balita.ph (Wayne)
Date: Mon Jan 22 17:09:25 2007
Subject: Change of mailer
In-Reply-To: <45B4ED82.1090601@nkpanama.com>
References: <200701221626.l0MGQ30O021977@balita.ph>
	<45B4ED82.1090601@nkpanama.com>
Message-ID: <200701221706.l0MH6kdK027253@balita.ph>

At 16:59 22/01/2007, you wrote:

Must be Thunderbird is flavor of the month :-) Only asked as I thought
there may be a security problem with it being targeted by bots as we
recommend it as a secure IE replacement.

- Wayne -


>Most spammer "clients" are faked.
>
>Wayne wrote:
>>I have noticed that spammers and virus pushers seem to have deserted
>>Internet Explorer in favor of Thunderbird i.e.
>>Thunderbird 1.5.0.9 (Windows/20061207)
>>Any significance in this apart from its free.
>>I surveyed 100 reports over the weekend and 95 of them used this
>>client.
>>- Wayne -
>--
>MailScanner mailing list
>mailscanner@lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
>--
>This email has been scanned by the Balita server.


-- 
This email has been scanned by the Balita server.

From martinh at solidstatelogic.com  Mon Jan 22 18:12:00 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jan 22 17:14:54 2007
Subject: Change of mailer
In-Reply-To: <200701221706.l0MH6kdK027253@balita.ph>
Message-ID: <b925e78836a4db44884826e4c6553bd1@solidstatelogic.com>

Wayne

Thunderbird is the Mozilla equivalent of Outlook Express...

Firefox is the Mozilla equiv of IE...

And I wouldn't "secure" I'd say less risky..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Wayne
> Sent: 22 January 2007 17:07
> To: MailScanner discussion
> Subject: Re: Change of mailer
>
> At 16:59 22/01/2007, you wrote:
>
> Must be Thunderbird is flavor of the month :-) Only asked as I thought
> there may be a security problem with it being targeted by bots as we
> recommend it as a secure IE replacement.
>
> - Wayne -
>
>
> >Most spammer "clients" are faked.
> >
> >Wayne wrote:
> >>I have noticed that spammers and virus pushers seem to have deserted
> >>Internet Explorer in favor of Thunderbird i.e.
> >>Thunderbird 1.5.0.9 (Windows/20061207)
> >>Any significance in this apart from its free.
> >>I surveyed 100 reports over the weekend and 95 of them used this
> >>client.
> >>- Wayne -
> >--
> >MailScanner mailing list
> >mailscanner@lists.mailscanner.info
> >http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >Before posting, read http://wiki.mailscanner.info/posting
> >
> >Support MailScanner development - buy the book off the website!
> >--
> >This email has been scanned by the Balita server.
>
>
> --
> This email has been scanned by the Balita server.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From jlcostinha at halla.pt  Mon Jan 22 18:14:27 2007
From: jlcostinha at halla.pt (Jorge Costinha)
Date: Mon Jan 22 17:17:54 2007
Subject: Notify sender of viruses Only when they belong to my
	internal network
In-Reply-To: <45B4EDB5.3010108@nkpanama.com>
References: <210065444.20070122163102@halla.pt> <45B4EDB5.3010108@nkpanama.com>
Message-ID: <648651306.20070122171427@halla.pt>

That was my first question too! according to logs file:

Jan 22 14:51:35 firewall sendmail[8685]: l0MEpX6K008685: from=<jlcostinha@halla.pt>, size=4577117, class=0, nrcpts=1, msgid=<3210629128.20070122145335@halla.pt>, proto=ESMTP, daemon=MTA, relay=[192.168.10.191]
Jan 22 14:51:37 firewall MailScanner[1877]: New Batch: Scanning 1 messages, 4577581 bytes
Jan 22 14:51:37 firewall MailScanner[1877]: Expired 1 records from the SpamAssassin cache
Jan 22 14:51:38 firewall MailScanner[1877]: Virus and Content Scanning: Starting
Jan 22 14:51:42 firewall MailScanner[1877]: Password protected file ./l0MEpX6K008685/horascompensa%%E7.xls
Jan 22 14:51:42 firewall MailScanner[1877]: Virus Scanning: Sophos found 1 infections
Jan 22 14:51:44 firewall MailScanner[1877]: Virus Scanning: Panda found 1 infections
Jan 22 14:51:44 firewall MailScanner[1877]: Infected message l0MEpX6K008685 came from 192.168.10.191
Jan 22 14:51:44 firewall MailScanner[1877]: Virus Scanning: Found 1 viruses

i would say yes to your question, right?

> Password protected = virus? Are you sure?

> Jorge Costinha wrote:
>> greatings all,



>> here what i have tried, unsuccessful:


>> in Mailscanner.conf


>> .

>> .

>> .

>> Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules

>> .

>> .

>> .



>> contents of NotifyVirusSenders.rules


>> From:                192.168.10.        yes

>> FromOrTo:        Default        no



>> ive tried change the ip to my domain, something like


>> From: *@mydomain.com <mailto:*@mydomain.com> yes 


>> didnt work. the purpose of this started when someone inside my network 
>> sent an excel password-protected file. The email wasnt delivered and the 
>> sender didnt get any notification. I figure that internal users should 
>> be receive notifications. if anyone has a better idead, i would 
>> appreciate. Anyway, i cant seem to identify the problem. 


>> thanks in advance 

>> __

>> Jorge Costinha




>> -- 
>> This message has been scanned for viruses and
>> dangerous content by HCC Mailscanner software, and is
>> believed to be clean.

> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner

> Before posting, read http://wiki.mailscanner.info/posting

> Support MailScanner development - buy the book off the website! 



__
Jorge Costinha
MIS S?nior Specialist
Halla climate Control Portugal
telf. 21 233 8825 Fax. 21 233 8801
-- 
This message has been scanned for viruses and
dangerous content by HCC MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070122/6a7d112f/attachment.html
From wjohns at balita.ph  Mon Jan 22 18:22:36 2007
From: wjohns at balita.ph (Wayne)
Date: Mon Jan 22 17:25:15 2007
Subject: Change of mailer
In-Reply-To: <b925e78836a4db44884826e4c6553bd1@solidstatelogic.com>
References: <200701221706.l0MH6kdK027253@balita.ph>
	<b925e78836a4db44884826e4c6553bd1@solidstatelogic.com>
Message-ID: <200701221722.l0MHMZbt031133@balita.ph>

At 17:12 22/01/2007, you wrote:

Opps! My mistake Martin OE/IE got a bit mixed up so read
OE - never use either personally.

Greets from Salop - Wayne


>Thunderbird is the Mozilla equivalent of Outlook Express...
>
>Firefox is the Mozilla equiv of IE...


-- 
This email has been scanned by the Balita server.

From alex at nkpanama.com  Mon Jan 22 18:27:58 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Mon Jan 22 17:31:11 2007
Subject: Notify sender of viruses Only when they belong to my	internal
 network
In-Reply-To: <648651306.20070122171427@halla.pt>
References: <210065444.20070122163102@halla.pt> <45B4EDB5.3010108@nkpanama.com>
	<648651306.20070122171427@halla.pt>
Message-ID: <45B4F41E.5090302@nkpanama.com>

So sophos and panda think it's a virus... Any chance telling them it 
isn't, through one of their config files?

Another thing you might try (if you're not doing that already) is adding 
clamav to the mix. It's easy to install using Julian's prefab tarball, 
and it could presumably catch things the others might miss.

Jorge Costinha wrote:
> That was my first question too! according to logs file:
> 
> 
> Jan 22 14:51:35 firewall sendmail[8685]: l0MEpX6K008685: 
> from=<jlcostinha@halla.pt>, size=4577117, class=0, nrcpts=1, 
> msgid=<3210629128.20070122145335@halla.pt>, proto=ESMTP, daemon=MTA, 
> relay=[192.168.10.191]
> 
> Jan 22 14:51:37 firewall MailScanner[1877]: New Batch: Scanning 1 
> messages, 4577581 bytes
> 
> Jan 22 14:51:37 firewall MailScanner[1877]: Expired 1 records from the 
> SpamAssassin cache
> 
> Jan 22 14:51:38 firewall MailScanner[1877]: Virus and Content Scanning: 
> Starting
> 
> Jan 22 14:51:42 firewall MailScanner[1877]: Password protected file 
> ./l0MEpX6K008685/horascompensa%%E7.xls
> 
> Jan 22 14:51:42 firewall MailScanner[1877]: Virus Scanning: Sophos found 
> 1 infections
> 
> Jan 22 14:51:44 firewall MailScanner[1877]: Virus Scanning: Panda found 
> 1 infections
> 
> Jan 22 14:51:44 firewall MailScanner[1877]: Infected message 
> l0MEpX6K008685 came from 192.168.10.191
> 
> Jan 22 14:51:44 firewall MailScanner[1877]: Virus Scanning: Found 1 viruses
> 
> 
> i would say yes to your question, right?
> 
> 
>>  Password protected = virus? Are you sure?
> 
> 
>>  Jorge Costinha wrote:
> 
>> > greatings all,
> 
> 
> 
> 
>> > here what i have tried, unsuccessful:
> 
> 
> 
>> > in Mailscanner.conf
> 
> 
> 
>> > .
> 
> 
>> > .
> 
> 
>> > .
> 
> 
>> > Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules
> 
> 
>> > .
> 
> 
>> > .
> 
> 
>> > .
> 
> 
> 
> 
>> > contents of NotifyVirusSenders.rules
> 
> 
> 
>> > From:                192.168.10.        yes
> 
> 
>> > FromOrTo:        Default        no
> 
> 
> 
> 
>> > ive tried change the ip to my domain, something like
> 
> 
> 
>> > From: *@mydomain.com <mailto:*@mydomain.com> yes 
> 
> 
> 
>> > didnt work. the purpose of this started when someone inside my network 
> 
>> > sent an excel password-protected file. The email wasnt delivered and the 
> 
>> > sender didnt get any notification. I figure that internal users should 
> 
>> > be receive notifications. if anyone has a better idead, i would 
> 
>> > appreciate. Anyway, i cant seem to identify the problem. 
> 
> 
> 
>> > thanks in advance 
> 
> 
>> > __
> 
> 
>> > Jorge Costinha
> 
> 
> 
> 
> 
>> > -- 
> 
>> > This message has been scanned for viruses and
> 
>> > dangerous content by HCC Mailscanner software, and is
> 
>> > believed to be clean.
> 
> 
>>  -- 
> 
>>  MailScanner mailing list
> 
>  > mailscanner@lists.mailscanner.info 
> <mailto:mailscanner@lists.mailscanner.info>
> 
> *MailScanner has detected a possible fraud attempt from 
> "lists.mailscanner.info" claiming to be* > 
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> 
>>  Before posting, read http://wiki.mailscanner.info/posting
> 
> 
>>  Support MailScanner development - buy the book off the website! 
> 
> 
> 
> 
> __
> 
> Jorge Costinha
> 
> MIS S?nior Specialist
> 
> Halla climate Control Portugal
> 
> telf. 21 233 8825 Fax. 21 233 8801
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by HCC Mailscanner software, and is
> believed to be clean.
> 
From mrm at medicine.wisc.edu  Mon Jan 22 18:37:44 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Mon Jan 22 17:40:46 2007
Subject: problem user
Message-ID: <45B4A27C.7FBE.00FC.3@medicine.wisc.edu>

I have a user who complains about email from a specific domain getting
tagged as spam, and he swears that it's "impossible" for them to be
sending spam to others.     Mailwatch shows a plethora of spam coming
from them, so even though I've whitelisted the domain in question for
this specific user to make him happy, is there a way I can redirect all
of the spam coming in from this one domain regardless of who it's
destined for to him so that he can learn that just because his friend
uses a certain domain doesn't mean it's "impossible" for spam to come
from it?       I know this isn't the right thing to do, nor would I
really implement it.  It's more of a hypothetical question, but it would
make me feel better if I knew that it was at least possible  :)

Mike
From alex at nkpanama.com  Mon Jan 22 18:43:18 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Mon Jan 22 17:46:29 2007
Subject: problem user
In-Reply-To: <45B4A27C.7FBE.00FC.3@medicine.wisc.edu>
References: <45B4A27C.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <45B4F7B6.10604@nkpanama.com>

Set a rule for spam actions like:

Spam Actions = %rules-dir%/spam.actions.rules

FromOrTo:	default	whateveritisyoudowithspam
From:	*@spammydomain.com sameasabove forward clueless@yourdomain.com



Michael Masse wrote:
> I have a user who complains about email from a specific domain getting
> tagged as spam, and he swears that it's "impossible" for them to be
> sending spam to others.     Mailwatch shows a plethora of spam coming
> from them, so even though I've whitelisted the domain in question for
> this specific user to make him happy, is there a way I can redirect all
> of the spam coming in from this one domain regardless of who it's
> destined for to him so that he can learn that just because his friend
> uses a certain domain doesn't mean it's "impossible" for spam to come
> from it?       I know this isn't the right thing to do, nor would I
> really implement it.  It's more of a hypothetical question, but it would
> make me feel better if I knew that it was at least possible  :)
> 
> Mike
From steve.freegard at fsl.com  Mon Jan 22 18:44:35 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Mon Jan 22 17:47:17 2007
Subject: Notify sender of viruses Only when they belong to my internal
 network
In-Reply-To: <210065444.20070122163102@halla.pt>
References: <210065444.20070122163102@halla.pt>
Message-ID: <45B4F803.1010809@fsl.com>

Jorge,

Jorge Costinha wrote:
> greatings all,
> 
> 
> 
> here what i have tried, unsuccessful:
> 
> 
> in Mailscanner.conf
> Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules
> 
> contents of NotifyVirusSenders.rules
> 
> From:                192.168.10.        yes
> FromOrTo:        Default        no
> 
> ive tried change the ip to my domain, something like
> 
> From: *@mydomain.com <mailto:*@mydomain.com> yes 
> 
> didnt work. the purpose of this started when someone inside my network 
> sent an excel password-protected file. The email wasnt delivered and the 
> sender didnt get any notification. I figure that internal users should 
> be receive notifications. if anyone has a better idead, i would 
> appreciate. Anyway, i cant seem to identify the problem. 

Check your setting for 'Silent Viruses' and read up on what this option 
does, you'll probably need a ruleset on this which returns a blank value 
for 192.168.10.

Cheers,
Steve.
From martinh at solidstatelogic.com  Mon Jan 22 18:49:03 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jan 22 17:52:17 2007
Subject: problem user
In-Reply-To: <45B4F7B6.10604@nkpanama.com>
Message-ID: <693f745e044f37478f6dd35e16c7f4bc@solidstatelogic.com>

Close

From:	*@spammydomain.com forward clueless@yourdomain.com
FromOrTo:	default	whateveritisyoudowithspam


In your example the default will always match first and to rules below
it will never get triggered.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans
> Sent: 22 January 2007 17:43
> To: MailScanner discussion
> Subject: Re: problem user
>
> Set a rule for spam actions like:
>
> Spam Actions = %rules-dir%/spam.actions.rules
>
> FromOrTo:	default	whateveritisyoudowithspam
> From:	*@spammydomain.com sameasabove forward clueless@yourdomain.com
>
>
>
> Michael Masse wrote:
> > I have a user who complains about email from a specific domain
getting
> > tagged as spam, and he swears that it's "impossible" for them to be
> > sending spam to others.     Mailwatch shows a plethora of spam
coming
> > from them, so even though I've whitelisted the domain in question
for
> > this specific user to make him happy, is there a way I can redirect
all
> > of the spam coming in from this one domain regardless of who it's
> > destined for to him so that he can learn that just because his
friend
> > uses a certain domain doesn't mean it's "impossible" for spam to
come
> > from it?       I know this isn't the right thing to do, nor would I
> > really implement it.  It's more of a hypothetical question, but it
would
> > make me feel better if I knew that it was at least possible  :)
> >
> > Mike
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From m.anderlini at database.it  Mon Jan 22 18:05:37 2007
From: m.anderlini at database.it (Marcello Anderlini)
Date: Mon Jan 22 18:02:14 2007
Subject: Mqueue.in huge
Message-ID: <200701221705.l0MH5eQh012607@netra.database.it>

Hello to all, I've tried to have a look to wiky but I did not found any good
answer for me.

I'm using mailscanner 4.50.15 with spamassassin 3.1.7.1.el4.rf

Some time the messagges in mqueue.in rise without any good reason until
2000, I check dns and it seems work well, some time I get this
error:SpamAssassin timed out and was killed, failure 0 of 10. this could be
related with my problem ? I'm using CBL spam list.

Thanks for any help and sorry for my worst english.



Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
---------------------------------------------



-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From Kevin_Miller at ci.juneau.ak.us  Mon Jan 22 19:04:44 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon Jan 22 18:07:23 2007
Subject: problem user
In-Reply-To: <45B4A27C.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB11@city-exch-w3e.cbj.local>

Michael Masse wrote:
> I have a user who complains about email from a specific domain getting
> tagged as spam, and he swears that it's "impossible" for them to be
> sending spam to others.     Mailwatch shows a plethora of spam coming
> from them, so even though I've whitelisted the domain in question for
> this specific user to make him happy, is there a way I can redirect
> all of the spam coming in from this one domain regardless of who it's
> destined for to him so that he can learn that just because his friend
> uses a certain domain doesn't mean it's "impossible" for spam to come
> from it?       I know this isn't the right thing to do, nor would I
> really implement it.  It's more of a hypothetical question, but it
> would make me feel better if I knew that it was at least possible  :)
> 
> Mike

It's easy enough to generate a report showing all the mail that comes
from that domain in MailWatch - why not just show him some.  Should be
plenty in the quarantine directory that he can see.  Print out a couple,
or even go into MailWatch and release one or two; you can specify
alternate recipients...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From alex at nkpanama.com  Mon Jan 22 19:07:15 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Mon Jan 22 18:10:28 2007
Subject: problem user
In-Reply-To: <693f745e044f37478f6dd35e16c7f4bc@solidstatelogic.com>
References: <693f745e044f37478f6dd35e16c7f4bc@solidstatelogic.com>
Message-ID: <45B4FD53.4000603@nkpanama.com>

Even closer.

Julian's said in the past default rules kick in before everything else. 
The order matters for everything else, though.

Martin.Hepworth wrote:
> Close
> 
> From:	*@spammydomain.com forward clueless@yourdomain.com
> FromOrTo:	default	whateveritisyoudowithspam
> 
> 
> In your example the default will always match first and to rules below
> it will never get triggered.
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans
>> Sent: 22 January 2007 17:43
>> To: MailScanner discussion
>> Subject: Re: problem user
>>
>> Set a rule for spam actions like:
>>
>> Spam Actions = %rules-dir%/spam.actions.rules
>>
>> FromOrTo:	default	whateveritisyoudowithspam
>> From:	*@spammydomain.com sameasabove forward clueless@yourdomain.com
>>
>>
>>
>> Michael Masse wrote:
>>> I have a user who complains about email from a specific domain
> getting
>>> tagged as spam, and he swears that it's "impossible" for them to be
>>> sending spam to others.     Mailwatch shows a plethora of spam
> coming
>>> from them, so even though I've whitelisted the domain in question
> for
>>> this specific user to make him happy, is there a way I can redirect
> all
>>> of the spam coming in from this one domain regardless of who it's
>>> destined for to him so that he can learn that just because his
> friend
>>> uses a certain domain doesn't mean it's "impossible" for spam to
> come
>>> from it?       I know this isn't the right thing to do, nor would I
>>> really implement it.  It's more of a hypothetical question, but it
> would
>>> make me feel better if I knew that it was at least possible  :)
>>>
>>> Mike
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> 
> 
> 
> 
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
> 
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> 
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
> 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
> 
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
> 
From edwardbruce at sbcglobal.net  Mon Jan 22 19:17:03 2007
From: edwardbruce at sbcglobal.net (Ed Bruce)
Date: Mon Jan 22 18:19:44 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580176821B@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B580176821B@isabella.herefordshire.gov.uk>
Message-ID: <45B4FF9F.3040303@sbcglobal.net>

Randal, Phil wrote:
> Oops, substitute "greylisting" for "GreetPause".
>
> Fingers out of sync with my brain again :-(
>
> Cheers,
>
> Phil
>   
I don't know how you are replying but with Thunderbird (a threaded
email/news reader) your replies all wound up in their own thread. Plus
you top posted making it even more difficult to follow.
From glenn.steen at gmail.com  Mon Jan 22 19:20:43 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 22 18:23:25 2007
Subject: problem user
In-Reply-To: <45B4FD53.4000603@nkpanama.com>
References: <693f745e044f37478f6dd35e16c7f4bc@solidstatelogic.com>
	<45B4FD53.4000603@nkpanama.com>
Message-ID: <223f97700701221020n16a06bbbr97272620b7940ecb@mail.gmail.com>

On 22/01/07, Alex Neuman van der Hans <alex@nkpanama.com> wrote:
> Even closer.
>
> Julian's said in the past default rules kick in before everything else.
> The order matters for everything else, though.
>

Eh, you mean *after*, I presume... Else nothing but default would match:-).

One could enhance the rule with an "and From: ip.add.re.ss" as well,
to be fairly sure it isn't spoofed (well:-). If it is spoofed, one
could argue the user is actually correct, sort of;-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Mon Jan 22 19:41:25 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 22 18:44:03 2007
Subject: Mqueue.in huge
In-Reply-To: <200701221705.l0MH5eQh012607@netra.database.it>
References: <200701221705.l0MH5eQh012607@netra.database.it>
Message-ID: <223f97700701221041p5d24ab95oacb8fde45e90c9c9@mail.gmail.com>

On 22/01/07, Marcello Anderlini <m.anderlini@database.it> wrote:
> Hello to all, I've tried to have a look to wiky but I did not found any good
> answer for me.
>
> I'm using mailscanner 4.50.15 with spamassassin 3.1.7.1.el4.rf
>
> Some time the messagges in mqueue.in rise without any good reason until
> 2000, I check dns and it seems work well, some time I get this
> error:SpamAssassin timed out and was killed, failure 0 of 10. this could be
> related with my problem ? I'm using CBL spam list.
>
> Thanks for any help and sorry for my worst english.
>
Hello Marcello,

The SA timeouts are likely part and parcel off your problem. There are
some likely spots where it is "failing":
- bayes expiry taking "too long".
- some more or less dead BL lookup (or other network test) timing out.
- some "big" or "wrong" ruleset(s) making it take forever.
...

Most likely is the first one (assuming you use bayes, of course:-). If
you have some files like "bayes_toks.expire123456" in the same
directory youstore your bayes database in, this is your problem (a
well-known problem that has been penetrated more than once on this
list).
Instead of me repeating Scotts words, go read
http://article.gmane.org/gmane.mail.virus.mailscanner/48068/match=bayes+expire
or search the archives for Matt Kettlers (final?!) words on
SpamAssassin timeouts/bayes expiry:
http://search.gmane.org/?query=bayes+expire&author=Matt+Kettler&group=gmane.mail.virus.mailscanner&sort=relevance&DEFAULTOP=and&xP=bayes%09expire&xFILTERS=Gmail.virus.mailscanner---A

Matts writings also cover most (if not all) other measures one should
do when SA is "timing out", so do browse the archives...:)

BTW, Your english isn that bad... Try using the best next, and it'll be fine:-D
Cheers
-- 
-- Glenn (who has to catch a train....->me running:-)
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ssilva at sgvwater.com  Mon Jan 22 20:02:20 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 22 19:05:37 2007
Subject: Virus not marked as high-spam
In-Reply-To: <loom.20070120T185433-106@post.gmane.org>
References: <loom.20070120T185433-106@post.gmane.org>
Message-ID: <ep31og$44c$1@sea.gmane.org>

Dave spake the following on 1/20/2007 10:21 AM:
> I've had quite a few emails in the last couple of days that were marked as
> having  'Virus (Trojan.Downloader-648)', and blocked by clamav, bitdefender and
> mailscanner:
> ClamAV: Full Text.exe contains Trojan.Downloader-648
> Bitdefender: Found virus Trojan.Peed.A in file Full Text.exe
> MailScanner: Executable DOS/Windows programs are dangerous in email
> (Full Text.exe)
> No programs allowed (Full Text.exe)
> 
> All of these have been marked as high-spam and blocked completely, which is
> good. I had 1 this morning though that was marked only as spam, and therefore
> sent a pickup notice to the end-user, even though clamav & bitdefender had found
> the virus in it and blocked the message.
> 
> These messages all have a variation of news items:
> Sadam Hussein alive!
> Chinese missile shot down Russian aircraft
> President of Russia Putin dead.
> Hugo Chavez dead. (which is the one that slipped through)
> 
> Any ideas how to make sure that doesn't happen?
> 
This was a new virus variant that hit on Friday. I got one on my spamtrap
account and forwarded copies to the services I use. I ran it through
virustotal.com, and it only hit 3 of the 20 or so scanners there.

Mine hit on the no exe rule, or I wouldn't have caught it either. The safest
thing is to only allow executables inside of a zip file, or only allow them to
be released by an admin.
You could also run your virus scanner over your quarantine from cron. That way
a late update might catch something that passed through earlier.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Mon Jan 22 20:34:03 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 22 19:37:32 2007
Subject: problem user
In-Reply-To: <45B4A27C.7FBE.00FC.3@medicine.wisc.edu>
References: <45B4A27C.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <ep33k3$935$1@sea.gmane.org>

Michael Masse spake the following on 1/22/2007 9:37 AM:
> I have a user who complains about email from a specific domain getting
> tagged as spam, and he swears that it's "impossible" for them to be
> sending spam to others.     Mailwatch shows a plethora of spam coming
> from them, so even though I've whitelisted the domain in question for
> this specific user to make him happy, is there a way I can redirect all
> of the spam coming in from this one domain regardless of who it's
> destined for to him so that he can learn that just because his friend
> uses a certain domain doesn't mean it's "impossible" for spam to come
> from it?       I know this isn't the right thing to do, nor would I
> really implement it.  It's more of a hypothetical question, but it would
> make me feel better if I knew that it was at least possible  :)
> 
> Mike
Unless the user is your boss, tell them, politely or not, no!
But I do like the idea of sending him all the crap. But make sure you virus
scan it, as that user seems clueless enough to get your network in big trouble.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From prandal at herefordshire.gov.uk  Mon Jan 22 21:43:58 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 22 20:46:47 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768221@isabella.herefordshire.gov.uk>

It's Microsoft's wonderful Outlook.

Which makes bottom-posting and proper quoting an arduous task.

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ed
Bruce
Sent: Monday, January 22, 2007 6:17 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

Randal, Phil wrote:
> Oops, substitute "greylisting" for "GreetPause".
>
> Fingers out of sync with my brain again :-(
>
> Cheers,
>
> Phil
>   
I don't know how you are replying but with Thunderbird (a threaded
email/news reader) your replies all wound up in their own thread. Plus
you top posted making it even more difficult to follow.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From eaperezh at gmail.com  Mon Jan 22 21:56:08 2007
From: eaperezh at gmail.com (Erick Perez)
Date: Mon Jan 22 20:58:49 2007
Subject: OT: Contacting Fort Systems
Message-ID: <d08ac7230701221256r7f17e985y60504e81aeb29c34@mail.gmail.com>

Im trying to get a price quote from FSL.COM but the sales line always
get to a voicemail. Do anyone on this list have another phone number
to contact them? I also tried support numbers but they obviously do
not have price lists.

I'm looking for Defender MX for a 280 mailbox, one domain (potentially
two) mail server.

I also registered for a donwload link, but the link provided does not work...

Julian, do you have any contacts?

Suggestions?

Thanks,
------------------------------------------------------------
Erick Perez
Panama Sistemas
Integradores de Telefonia IP y Soluciones Para Centros de Datos
Panama, Republica de Panama
Cel Panama. +(507) 6694-4780
------------------------------------------------------------
From gerard at seibercom.net  Mon Jan 22 22:08:39 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Mon Jan 22 21:11:12 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5801768221@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B5801768221@isabella.herefordshire.gov.uk>
Message-ID: <20070122160347.5DF7.GERARD@seibercom.net>

On Monday January 22, 2007 at 03:43:58 (PM) Randal, Phil wrote:

> It's Microsoft's wonderful Outlook.
> 
> Which makes bottom-posting and proper quoting an arduous task.


Its too much trouble to hit <CTRL><END>? I think the latest version of
Outlook can be configured to place the cursor at the end of a message
automatically. I know that the latest version of MS Live Mail BETA has
that feature.

-- 
Gerard


	A: Because it fouls the order in which people normally read text.
	Q: Why is top-posting such a bad thing?
	A: Top-posting.
	Q: What is the most annoying thing on usenet and in e-mail?

	TOPIC: Posting Etiquette
From KGoods at AIAInsurance.com  Mon Jan 22 22:02:13 2007
From: KGoods at AIAInsurance.com (Ken Goods)
Date: Mon Jan 22 21:12:39 2007
Subject: OT: RE: Greetpause seems very ineffective (Was: RE: Increased Vol
	umes Of Spam)
Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C29118@aiainsurance.com>

mailscanner-bounces@lists.mailscanner.info wrote:
> Randal, Phil wrote:
>> Oops, substitute "greylisting" for "GreetPause".
>> 
>> Fingers out of sync with my brain again :-(
>> 
>> Cheers,
>> 
>> Phil
>> 
> I don't know how you are replying but with Thunderbird (a threaded
> email/news reader) your replies all wound up in their own thread. Plus
> you top posted making it even more difficult to follow.
> 
> Support MailScanner development - buy the book off the website!

Phil,
I too use outlook and find an excellent little piece of freeware by
Dominik Jain called Outlook-Quotefix works really well. Give it a
look-see if you're interested. I find it fixes nearly everything.

2 pennies.... :)

Kind regards,
Ken

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.


From prandal at herefordshire.gov.uk  Mon Jan 22 22:14:34 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 22 21:17:17 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Vol
	umes Of Spam)
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768222@isabella.herefordshire.gov.uk>

Yes, when I remember I use it on my PC.  Unfortunately, I'm reading this
on a terminal server box which I can't mess with too much.

Cheers,

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken
Goods
Sent: Monday, January 22, 2007 9:02 PM
To: 'MailScanner discussion'
Subject: OT: RE: Greetpause seems very ineffective (Was: RE: Increased
Vol umes Of Spam)

mailscanner-bounces@lists.mailscanner.info wrote:
> Randal, Phil wrote:
>> Oops, substitute "greylisting" for "GreetPause".
>> 
>> Fingers out of sync with my brain again :-(
>> 
>> Cheers,
>> 
>> Phil
>> 
> I don't know how you are replying but with Thunderbird (a threaded
> email/news reader) your replies all wound up in their own thread. Plus
> you top posted making it even more difficult to follow.
> 
> Support MailScanner development - buy the book off the website!

Phil,
I too use outlook and find an excellent little piece of freeware by
Dominik Jain called Outlook-Quotefix works really well. Give it a
look-see if you're interested. I find it fixes nearly everything.

2 pennies.... :)

Kind regards,
Ken

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From prandal at herefordshire.gov.uk  Mon Jan 22 22:16:07 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 22 21:19:02 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768223@isabella.herefordshire.gov.uk>

Yes, it is!!!

In fact, I so detest the "bottom post only" Nazis that you're having the
opposite effect to that which you intend.

Sigh.

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard
Seibert
Sent: Monday, January 22, 2007 9:09 PM
To: mailscanner@lists.mailscanner.info
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

On Monday January 22, 2007 at 03:43:58 (PM) Randal, Phil wrote:

> It's Microsoft's wonderful Outlook.
> 
> Which makes bottom-posting and proper quoting an arduous task.


Its too much trouble to hit <CTRL><END>? I think the latest version of
Outlook can be configured to place the cursor at the end of a message
automatically. I know that the latest version of MS Live Mail BETA has
that feature.

-- 
Gerard


	A: Because it fouls the order in which people normally read
text.
	Q: Why is top-posting such a bad thing?
	A: Top-posting.
	Q: What is the most annoying thing on usenet and in e-mail?

	TOPIC: Posting Etiquette
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From gerard at seibercom.net  Mon Jan 22 22:34:07 2007
From: gerard at seibercom.net (Gerard)
Date: Mon Jan 22 21:36:44 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
	Of Spam)
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5801768223@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B5801768223@isabella.herefordshire.gov.uk>
Message-ID: <20070122163318.5E07.GERARD@seibercom.net>

On Monday January 22, 2007 at 04:16:07 (PM) Randal, Phil wrote:

> Yes, it is!!!
> 
> In fact, I so detest the "bottom post only" Nazis that you're having the
> opposite effect to that which you intend.

[snip]

I rarely reply to top posters. In this particular case, I had assumed
that you lacked the knowledge of how to implement placing the cursor at
the bottom of a reply automatically while using MS Outlook. Instead, I
find that you are simply  adamantine in your refusal to embrace bottom
or inline posting.

Therefore, I have placed you on my BL to suppress having to hear any
further rants and or Nazis insults.

By the way, you are familiar with Godwins's law, I presume. You have
provided an excellent example of it.

	http://en.wikipedia.org/wiki/Godwin's_law

-- 
Gerard

http://www.river.com/users/share/etiquette/
http://www.html-faq.com/etiquette/?toppost
http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
http://www.neverending.org/~ftobin/resources/formatting_email_replies/
http://www.reedmedia.net/misc/mail/using-mailing-list.html
http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
http://en.wikipedia.org/wiki/Godwin's_law
From DrewB at united-systems.com  Mon Jan 22 22:40:30 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Mon Jan 22 21:43:31 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
	Spam)
In-Reply-To: <20070122163318.5E07.GERARD@seibercom.net>
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>

Wow.  Now I've seen it all.  Blacklisting someone because they refuse to
follow an old, outdated mode of email transmission that I personally
find hard to follow.  Get with the program and stop whining about how
someone replies.

Drew Burchett
United Systems & Software
Ph:    (270)527-3293
Fax:  (270)527-3132


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard
Sent: Monday, January 22, 2007 3:34 PM
To: mailscanner@lists.mailscanner.info
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
VolumesOf Spam)

On Monday January 22, 2007 at 04:16:07 (PM) Randal, Phil wrote:

> Yes, it is!!!
> 
> In fact, I so detest the "bottom post only" Nazis that you're having
the
> opposite effect to that which you intend.

[snip]

I rarely reply to top posters. In this particular case, I had assumed
that you lacked the knowledge of how to implement placing the cursor at
the bottom of a reply automatically while using MS Outlook. Instead, I
find that you are simply  adamantine in your refusal to embrace bottom
or inline posting.

Therefore, I have placed you on my BL to suppress having to hear any
further rants and or Nazis insults.

By the way, you are familiar with Godwins's law, I presume. You have
provided an excellent example of it.

	http://en.wikipedia.org/wiki/Godwin's_law

-- 
Gerard

http://www.river.com/users/share/etiquette/
http://www.html-faq.com/etiquette/?toppost
http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
http://www.neverending.org/~ftobin/resources/formatting_email_replies/
http://www.reedmedia.net/misc/mail/using-mailing-list.html
http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
http://en.wikipedia.org/wiki/Godwin's_law
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

From prandal at herefordshire.gov.uk  Mon Jan 22 22:43:14 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 22 21:45:54 2007
Subject: [OT] McAfee Update to DAT 4945 not working
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768226@isabella.herefordshire.gov.uk>

Folks, the update.ini in
http://download.nai.com/products/datfiles/4.x/nai
<http://download.nai.com/products/datfiles/4.x/nai>  still says the DAT
version is 4944, and not the expected 4945.

 

I'd recommend manually downloading today's DAT file.

 

Cheers,

 

Phil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070122/61d442cc/attachment.html
From campbell at cnpapers.com  Mon Jan 22 22:59:36 2007
From: campbell at cnpapers.com (Steve Campbell)
Date: Mon Jan 22 22:02:36 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased
	VolumesOfSpam)
References: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
Message-ID: <001f01c73e70$9b91a060$0705000a@ddf5dw71>

Doesn't anyone have any SA rules for top-posting, or bottom-posting? I hate 
to have to start BLing people manually, cause I think it causes swapping.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

----- Original Message ----- 
From: "Drew Burchett" <DrewB@united-systems.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, January 22, 2007 4:40 PM
Subject: RE: Greetpause seems very ineffective (Was: RE: Increased 
VolumesOfSpam)


> Wow.  Now I've seen it all.  Blacklisting someone because they refuse to
> follow an old, outdated mode of email transmission that I personally
> find hard to follow.  Get with the program and stop whining about how
> someone replies.
>
> Drew Burchett
> United Systems & Software
> Ph:    (270)527-3293
> Fax:  (270)527-3132
>
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard
> Sent: Monday, January 22, 2007 3:34 PM
> To: mailscanner@lists.mailscanner.info
> Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
> VolumesOf Spam)
>
> On Monday January 22, 2007 at 04:16:07 (PM) Randal, Phil wrote:
>
>> Yes, it is!!!
>>
>> In fact, I so detest the "bottom post only" Nazis that you're having
> the
>> opposite effect to that which you intend.
>
> [snip]
>
> I rarely reply to top posters. In this particular case, I had assumed
> that you lacked the knowledge of how to implement placing the cursor at
> the bottom of a reply automatically while using MS Outlook. Instead, I
> find that you are simply  adamantine in your refusal to embrace bottom
> or inline posting.
>
> Therefore, I have placed you on my BL to suppress having to hear any
> further rants and or Nazis insults.
>
> By the way, you are familiar with Godwins's law, I presume. You have
> provided an excellent example of it.
>
> http://en.wikipedia.org/wiki/Godwin's_law
>
> -- 
> Gerard
>
> http://www.river.com/users/share/etiquette/
> http://www.html-faq.com/etiquette/?toppost
> http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
> http://www.neverending.org/~ftobin/resources/formatting_email_replies/
> http://www.reedmedia.net/misc/mail/using-mailing-list.html
> http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
> http://en.wikipedia.org/wiki/Godwin's_law
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is 
> for the sole use of the intended recipient(s) and may contain confidential 
> and privileged information. Any unauthorized review, use, disclosure or 
> distribution is prohibited. If you are not the intended recipient, please 
> contact the sender by reply e-mail and destroy all copies of the original 
> message.
>
> -- 
> This message has been scanned for viruses and dangerous content by 
> MailScanner and is believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> 


From ka at pacific.net  Mon Jan 22 23:20:26 2007
From: ka at pacific.net (Ken A)
Date: Mon Jan 22 22:23:11 2007
Subject: Spam slipping through
In-Reply-To: <Pine.LNX.4.64.0701191523480.15122@control.prolocation.net>
References: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
	<Pine.LNX.4.64.0701191523480.15122@control.prolocation.net>
Message-ID: <45B538AA.4070206@pacific.net>

Raymond Dijkxhoorn wrote:
> Hi!
> 
>> I'm not sure if this is a MailScanner problem or a SpamAssassin problem,
>> but someone here will at least be able to help me narrow it down.  I am
>> running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix 2.3.6
>> and I'm running SpamAssassin 3.1.7.
> 
> So you need more rules. Or make own rules. Spammers are getting smarter, 
> so also you need to do more ;)

Yeah, I'm finding myself spending more time adding and removing local 
rules than I'd like. Rules_du_jour and sa-update are good for trends in 
spam, and Bayes, Razor and DCC are helpful, but these blasts of easy to 
catch spam that don't hit many rules are a real PITA.

Spammers are succeeding when they can hit you hard and fast with some 
simple ascii and bayes poisoning junk. If you don't have a rule in place 
pretty quickly, you can see quite a few go through...

My approach is to make adding and removing rules as easy as possible, so 
that if I get a few "Re: now ..." in the subject (todays' flavor), I can 
quickly block them.

It still requires some banging on the keyboard. No point and click or 
telepathic solutions yet.. (patent pending...) .. heh heh..

Ken A.
Pacific.Net

> 
> Bye,
> Raymond.

From matt at coders.co.uk  Mon Jan 22 23:21:15 2007
From: matt at coders.co.uk (Matt Hampton)
Date: Mon Jan 22 22:24:27 2007
Subject: Greetpause seems very ineffective (Was: RE:
	Increased	VolumesOfSpam)
In-Reply-To: <001f01c73e70$9b91a060$0705000a@ddf5dw71>
References: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
	<001f01c73e70$9b91a060$0705000a@ddf5dw71>
Message-ID: <45B538DB.8040303@coders.co.uk>

(do I top post just to wind people up.........)

Steve Campbell wrote:
> Doesn't anyone have any SA rules for top-posting, or bottom-posting? I
> hate to have to start BLing people manually, cause I think it causes
> swapping.
> 

(or continue down here ;-) )

Ah but then the Auto-White-List would mark them the WRONG WAY.

Even worse it might fire the ALL_TRUSTED rule set.


matt
From ssilva at sgvwater.com  Mon Jan 22 23:22:34 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 22 22:26:19 2007
Subject: [OT] McAfee Update to DAT 4945 not working
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5801768226@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B5801768226@isabella.herefordshire.gov.uk>
Message-ID: <ep3dgr$hqg$1@sea.gmane.org>

Randal, Phil spake the following on 1/22/2007 1:43 PM:
> Folks, the update.ini in
> http://download.nai.com/products/datfiles/4.x/nai still says the DAT
> version is 4944, and not the expected 4945.
> 
>  
> 
> I'd recommend manually downloading today's DAT file.
> 
>  
> 
> Cheers,
> 
>  
> 
> Phil
> 
That happens quite often when they have an emergency release. And it seems to
take a few days to get resolved, as the 4946 dats are now posted, but not
coming down.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Mon Jan 22 23:23:54 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 22 22:27:46 2007
Subject: [OT] McAfee Update to DAT 4945 not working
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B5801768226@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B5801768226@isabella.herefordshire.gov.uk>
Message-ID: <ep3djb$hqg$2@sea.gmane.org>

Randal, Phil spake the following on 1/22/2007 1:43 PM:
> Folks, the update.ini in
> http://download.nai.com/products/datfiles/4.x/nai still says the DAT
> version is 4944, and not the expected 4945.
> 
>  
> 
> I'd recommend manually downloading today's DAT file.
> 
>  
> 
> Cheers,
> 
>  
> 
> Phil
> 
Looks to be resolved now.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ka at pacific.net  Mon Jan 22 23:34:55 2007
From: ka at pacific.net (Ken A)
Date: Mon Jan 22 22:37:40 2007
Subject: Greetpause seems very ineffective (Was: RE:
	Increased	VolumesOfSpam)
In-Reply-To: <001f01c73e70$9b91a060$0705000a@ddf5dw71>
References: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
	<001f01c73e70$9b91a060$0705000a@ddf5dw71>
Message-ID: <45B53C0F.5090609@pacific.net>

Steve Campbell wrote:
> Doesn't anyone have any SA rules for top-posting, or bottom-posting? I 
> hate to have to start BLing people manually, cause I think it causes 
> swapping.

roflmao. and how do the Chinese bottom post?
Come on folks. This is a friendly list. Lets keep it that way.

Ken A.
Pacific.Net


> 
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
> 
> ----- Original Message ----- From: "Drew Burchett" 
> <DrewB@united-systems.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, January 22, 2007 4:40 PM
> Subject: RE: Greetpause seems very ineffective (Was: RE: Increased 
> VolumesOfSpam)
> 
> 
>> Wow.  Now I've seen it all.  Blacklisting someone because they refuse to
>> follow an old, outdated mode of email transmission that I personally
>> find hard to follow.  Get with the program and stop whining about how
>> someone replies.
>>
>> Drew Burchett
>> United Systems & Software
>> Ph:    (270)527-3293
>> Fax:  (270)527-3132
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard
>> Sent: Monday, January 22, 2007 3:34 PM
>> To: mailscanner@lists.mailscanner.info
>> Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
>> VolumesOf Spam)
>>
>> On Monday January 22, 2007 at 04:16:07 (PM) Randal, Phil wrote:
>>
>>> Yes, it is!!!
>>>
>>> In fact, I so detest the "bottom post only" Nazis that you're having
>> the
>>> opposite effect to that which you intend.
>>
>> [snip]
>>
>> I rarely reply to top posters. In this particular case, I had assumed
>> that you lacked the knowledge of how to implement placing the cursor at
>> the bottom of a reply automatically while using MS Outlook. Instead, I
>> find that you are simply  adamantine in your refusal to embrace bottom
>> or inline posting.
>>
>> Therefore, I have placed you on my BL to suppress having to hear any
>> further rants and or Nazis insults.
>>
>> By the way, you are familiar with Godwins's law, I presume. You have
>> provided an excellent example of it.
>>
>> http://en.wikipedia.org/wiki/Godwin's_law
>>
>> -- 
>> Gerard
>>
>> http://www.river.com/users/share/etiquette/
>> http://www.html-faq.com/etiquette/?toppost
>> http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
>> http://www.neverending.org/~ftobin/resources/formatting_email_replies/
>> http://www.reedmedia.net/misc/mail/using-mailing-list.html
>> http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
>> http://en.wikipedia.org/wiki/Godwin's_law
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> -- 
>> CONFIDENTIALITY NOTICE: This e-mail message, including any 
>> attachments, is for the sole use of the intended recipient(s) and may 
>> contain confidential and privileged information. Any unauthorized 
>> review, use, disclosure or distribution is prohibited. If you are not 
>> the intended recipient, please contact the sender by reply e-mail and 
>> destroy all copies of the original message.
>>
>> -- 
>> This message has been scanned for viruses and dangerous content by 
>> MailScanner and is believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
> 
> 

From gerard at seibercom.net  Mon Jan 22 23:55:55 2007
From: gerard at seibercom.net (Gerard)
Date: Mon Jan 22 22:58:31 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
	Spam)
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
References: <20070122163318.5E07.GERARD@seibercom.net>
	<1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
Message-ID: <20070122175529.CBEA.GERARD@seibercom.net>

On Monday January 22, 2007 at 04:40:30 (PM) Drew Burchett wrote:

> Wow.  Now I've seen it all.  Blacklisting someone because they refuse to
> follow an old, outdated mode of email transmission that I personally
> find hard to follow.  Get with the program and stop whining about how
> someone replies.


Wrong! I find his 'NAZIS' statement personally offensive. That is why I
BL'd him.

-- 
Gerard
From satya at fsl.com  Tue Jan 23 07:50:04 2007
From: satya at fsl.com (SatyaDev Sharma)
Date: Tue Jan 23 06:52:49 2007
Subject: OT: Contacting Fort Systems
In-Reply-To: <d08ac7230701221256r7f17e985y60504e81aeb29c34@mail.gmail.com>
References: <d08ac7230701221256r7f17e985y60504e81aeb29c34@mail.gmail.com>
Message-ID: <8d5fd62c0701222250ya465939yd7ab6f41f1d542b9@mail.gmail.com>

Hello Erick,

This is Satya from FSL development team. Sorry for inconvenience. I am
answering your e-mail on your personal email address.

Thanx
~SatyaDev Sharma.

On 1/23/07, Erick Perez <eaperezh@gmail.com> wrote:
>
> Im trying to get a price quote from FSL.COM but the sales line always
> get to a voicemail. Do anyone on this list have another phone number
> to contact them? I also tried support numbers but they obviously do
> not have price lists.
>
> I'm looking for Defender MX for a 280 mailbox, one domain (potentially
> two) mail server.
>
> I also registered for a donwload link, but the link provided does not
> work...
>
> Julian, do you have any contacts?
>
> Suggestions?
>
> Thanks,
> ------------------------------------------------------------
> Erick Perez
> Panama Sistemas
> Integradores de Telefonia IP y Soluciones Para Centros de Datos
> Panama, Republica de Panama
> Cel Panama. +(507) 6694-4780
> ------------------------------------------------------------
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070123/3c514716/attachment.html
From Chris.Kimpton at rabobank.com  Tue Jan 23 10:17:23 2007
From: Chris.Kimpton at rabobank.com (Kimpton, C (Chris))
Date: Tue Jan 23 09:20:06 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
Message-ID: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com>

Hi,
 
I am running MailScanner on gentoo (using the sunrise overlay) - version
4.57.6 .
 
It was working ok a few versions back, but I now get this error in the
logs:
 
  MailScanner: waiting for children to die: Process did not exit
cleanly, returned 25 (and 9) with signal 0

Like this:
 
Jan 23 09:09:35 nog MailScanner[8045]: MailScanner E-Mail Virus Scanner
version 4.57.6 starting...
Jan 23 09:09:36 nog MailScanner[8045]: Read 759 hostnames from the
phishing whitelist
Jan 23 09:09:36 nog MailScanner[8045]: Using locktype = posix
Jan 23 09:09:36 nog MailScanner[8045]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Jan 23 09:09:36 nog MailScanner[8045]: New Batch: Found 119 messages
waiting
Jan 23 09:09:36 nog MailScanner[8045]: New Batch: Scanning 30 messages,
242846 bytes
Jan 23 09:09:36 nog MailScanner[8045]: Spam Checks: Starting
Jan 23 09:09:40 nog MailScanner: waiting for children to die: Process
did not exit cleanly, returned 9 with signal 0
Jan 23 09:09:40 nog MailScanner[8053]: MailScanner E-Mail Virus Scanner
version 4.57.6 starting...
Jan 23 09:09:41 nog MailScanner[8053]: Read 759 hostnames from the
phishing whitelist
Jan 23 09:09:41 nog MailScanner[8053]: Using locktype = posix
Jan 23 09:09:41 nog MailScanner[8053]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Jan 23 09:09:41 nog MailScanner[8053]: New Batch: Found 119 messages
waiting
Jan 23 09:09:41 nog MailScanner[8053]: New Batch: Scanning 29 messages,
194591 bytes
Jan 23 09:09:41 nog MailScanner[8053]: Spam Checks: Starting
Jan 23 09:09:45 nog MailScanner: waiting for children to die: Process
did not exit cleanly, returned 25 with signal 0
Jan 23 09:09:45 nog MailScanner[8056]: MailScanner E-Mail Virus Scanner
version 4.57.6 starting...
Jan 23 09:09:46 nog MailScanner[8056]: Read 759 hostnames from the
phishing whitelist
Jan 23 09:09:46 nog MailScanner[8056]: Using locktype = posix
Jan 23 09:09:46 nog MailScanner[8056]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Jan 23 09:10:56 nog MailScanner[31093]: Disabled RBL SBL+XBL as reached
7/10 timeouts

Is there any extra debug I can turn on - or another log file to look at?
 
Or an install integrity check?  Perhaps one of the upgrades did not go
smoothly and its in an inconsistent state...
 
Thanks,
Chris
 

_____________________________________________________________

This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat.
_____________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070123/389fcd59/attachment.html
From res at ausics.net  Tue Jan 23 10:21:39 2007
From: res at ausics.net (Res)
Date: Tue Jan 23 09:24:25 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <45B4C64B.9080908@pixelhammer.com>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B4C64B.9080908@pixelhammer.com>
Message-ID: <Pine.LNX.4.64.0701231920510.10332@ebfjryy.nhfvpf.arg>

On Mon, 22 Jan 2007, DAve wrote:

> Real contracts are handled via Fed-Ex overnight

sorry they dont exist in this country :)


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From uxbod at splatnix.net  Tue Jan 23 10:24:58 2007
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Tue Jan 23 09:24:42 2007
Subject: OT: RE: Greetpause seems very ineffective (Was: RE: Increased
 Vol umes Of Spam)
In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C29118@aiainsurance.com>
References: <13C0059880FDD3118DC600508B6D4A6D01C29118@aiainsurance.com>
Message-ID: <20070123092458.682a4a0d@localhost>

Sigh. This is rather going OT do you think ?

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From martinh at solidstatelogic.com  Tue Jan 23 10:24:40 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 23 09:27:42 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com>
Message-ID: <2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com>

Chris

Yes..

http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot
:mailscanner&s=debug



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Kimpton, C (Chris)
> Sent: 23 January 2007 09:17
> To: mailscanner@lists.mailscanner.info
> Subject: Help: waiting for children to die: Process did not exit
cleanly
>
> Hi,
>
> I am running MailScanner on gentoo (using the sunrise overlay) -
version
> 4.57.6 .
>
> It was working ok a few versions back, but I now get this error in the
> logs:
>
>   MailScanner: waiting for children to die: Process did not exit
cleanly,
> returned 25 (and 9) with signal 0
>
> Like this:
>
> Jan 23 09:09:35 nog MailScanner[8045]: MailScanner E-Mail Virus
Scanner
> version 4.57.6 starting...
> Jan 23 09:09:36 nog MailScanner[8045]: Read 759 hostnames from the
> phishing whitelist
> Jan 23 09:09:36 nog MailScanner[8045]: Using locktype = posix
> Jan 23 09:09:36 nog MailScanner[8045]: Creating hardcoded struct_flock
> subroutine for linux (Linux-type)
> Jan 23 09:09:36 nog MailScanner[8045]: New Batch: Found 119 messages
> waiting
> Jan 23 09:09:36 nog MailScanner[8045]: New Batch: Scanning 30
messages,
> 242846 bytes
> Jan 23 09:09:36 nog MailScanner[8045]: Spam Checks: Starting
> Jan 23 09:09:40 nog MailScanner: waiting for children to die: Process
did
> not exit cleanly, returned 9 with signal 0
> Jan 23 09:09:40 nog MailScanner[8053]: MailScanner E-Mail Virus
Scanner
> version 4.57.6 starting...
> Jan 23 09:09:41 nog MailScanner[8053]: Read 759 hostnames from the
> phishing whitelist
> Jan 23 09:09:41 nog MailScanner[8053]: Using locktype = posix
> Jan 23 09:09:41 nog MailScanner[8053]: Creating hardcoded struct_flock
> subroutine for linux (Linux-type)
> Jan 23 09:09:41 nog MailScanner[8053]: New Batch: Found 119 messages
> waiting
> Jan 23 09:09:41 nog MailScanner[8053]: New Batch: Scanning 29
messages,
> 194591 bytes
> Jan 23 09:09:41 nog MailScanner[8053]: Spam Checks: Starting
> Jan 23 09:09:45 nog MailScanner: waiting for children to die: Process
did
> not exit cleanly, returned 25 with signal 0
> Jan 23 09:09:45 nog MailScanner[8056]: MailScanner E-Mail Virus
Scanner
> version 4.57.6 starting...
> Jan 23 09:09:46 nog MailScanner[8056]: Read 759 hostnames from the
> phishing whitelist
> Jan 23 09:09:46 nog MailScanner[8056]: Using locktype = posix
> Jan 23 09:09:46 nog MailScanner[8056]: Creating hardcoded struct_flock
> subroutine for linux (Linux-type)
> Jan 23 09:10:56 nog MailScanner[31093]: Disabled RBL SBL+XBL as
reached
> 7/10 timeouts
>
> Is there any extra debug I can turn on - or another log file to look
at?
>
> Or an install integrity check?  Perhaps one of the upgrades did not go
> smoothly and its in an inconsistent state...
>
> Thanks,
> Chris
>
>
> ________________________________
>
> This email (including any attachments to it) is confidential, legally
> privileged, subject to copyright and is sent for the personal
attention of
> the intended recipient only. If you have received this email in error,
> please advise us immediately and delete it. You are notified that
> disclosing, copying, distributing or taking any action in reliance on
the
> contents of this information is strictly prohibited. Although we have
> taken reasonable precautions to ensure no viruses are present in this
> email, we cannot accept responsibility for any loss or damage arising
from
> the viruses in this email or attachments. We exclude any liability for
the
> content of this email, or for the consequences of any actions taken on
the
> basis of the information provided in this email or its attachments,
unless
> that information is subsequently confirmed in writing. If this email
> contains an offer, that should be considered as an invitation to
treat.
> ________________________________
>





**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From res at ausics.net  Tue Jan 23 10:26:16 2007
From: res at ausics.net (Res)
Date: Tue Jan 23 09:29:02 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
 Spam)
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
References: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
Message-ID: <Pine.LNX.4.64.0701231923270.10332@ebfjryy.nhfvpf.arg>

On Mon, 22 Jan 2007, Drew Burchett wrote:

> Wow.  Now I've seen it all.  Blacklisting someone because they refuse to
> follow an old, outdated mode of email transmission that I personally
> find hard to follow.  Get with the program and stop whining about how
> someone replies.


I agree.. its simple really, its not rocket science, if you dont like the 
way a person posts DONT READ THEIR POSTS, rather then generate a high 
noise ratio of crap.

I mean its also good etiquette to trim posts to whats relevant, certain 
complainers of top posters dont trim, in fact only a small percentage of 
folk in here trim to whats relevant in response to thier replies.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Tue Jan 23 10:26:51 2007
From: res at ausics.net (Res)
Date: Tue Jan 23 09:29:37 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased
	VolumesOfSpam)
In-Reply-To: <001f01c73e70$9b91a060$0705000a@ddf5dw71>
References: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
	<001f01c73e70$9b91a060$0705000a@ddf5dw71>
Message-ID: <Pine.LNX.4.64.0701231926320.10332@ebfjryy.nhfvpf.arg>

On Mon, 22 Jan 2007, Steve Campbell wrote:

> to have to start BLing people manually, cause I think it causes swapping.

hahahahaha


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From m.anderlini at database.it  Tue Jan 23 10:28:25 2007
From: m.anderlini at database.it (Marcello Anderlini)
Date: Tue Jan 23 09:31:20 2007
Subject: Mqueue.in huge
In-Reply-To: <223f97700701221041p5d24ab95oacb8fde45e90c9c9@mail.gmail.com>
Message-ID: <200701230928.l0N9SSN6015729@netra.database.it>

Thanks for your answer.
I've checked in in /root/.spamassassin and I found just this files.

-rw-------  1 root root 168087552 Jan 23 10:24 auto-whitelist
-rw-------  1 root root     97320 Jan 23 10:24 bayes_journal
-rw-------  1 root root 172904448 Jan 23 10:24 bayes_seen
-rw-------  1 root root 322408448 Jan 23 10:24 bayes_toks


This it's an extract of my Mailscanner.conf
==========================================================
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File =
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no
==========================================================
It's correct ? Should I change something ? Maybe try to use an other
spamlist ?

Thanks again


Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
---------------------------------------------

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Glenn Steen
> Sent: lunedì 22 gennaio 2007 19.41
> To: MailScanner discussion
> Subject: Re: Mqueue.in huge
>
> On 22/01/07, Marcello Anderlini <m.anderlini@database.it> wrote:
> > Hello to all, I've tried to have a look to wiky but I did not found
> > any good answer for me.
> >
> > I'm using mailscanner 4.50.15 with spamassassin 3.1.7.1.el4.rf
> >
> > Some time the messagges in mqueue.in rise without any good reason
> > until 2000, I check dns and it seems work well, some time I
> get this
> > error:SpamAssassin timed out and was killed, failure 0 of 10. this
> > could be related with my problem ? I'm using CBL spam list.
> >
> > Thanks for any help and sorry for my worst english.
> >
> Hello Marcello,
>
> The SA timeouts are likely part and parcel off your problem.
> There are some likely spots where it is "failing":
> - bayes expiry taking "too long".
> - some more or less dead BL lookup (or other network test) timing out.
> - some "big" or "wrong" ruleset(s) making it take forever.
> ...
>
> Most likely is the first one (assuming you use bayes, of
> course:-). If you have some files like
> "bayes_toks.expire123456" in the same directory youstore your
> bayes database in, this is your problem (a well-known problem
> that has been penetrated more than once on this list).
> Instead of me repeating Scotts words, go read
> http://article.gmane.org/gmane.mail.virus.mailscanner/48068/ma
> tch=bayes+expire
> or search the archives for Matt Kettlers (final?!) words on
> SpamAssassin timeouts/bayes expiry:
> http://search.gmane.org/?query=bayes+expire&author=Matt+Kettle
r&group=gmane.mail.virus.mailscanner&sort=relevance&DEFAULTOP=and&xP=bayes%0
9expire&xFILTERS=Gmail.virus.mailscanner---A
>
> Matts writings also cover most (if not all) other measures
> one should do when SA is "timing out", so do browse the archives...:)
>
> BTW, Your english isn that bad... Try using the best next,
> and it'll be fine:-D Cheers
> --
> -- Glenn (who has to catch a train....->me running:-)
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> Messaggio verificato dal servizio antivirus di Database Informatica
>



-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From res at ausics.net  Tue Jan 23 10:29:13 2007
From: res at ausics.net (Res)
Date: Tue Jan 23 09:32:01 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701231920510.10332@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org> <20070119220533.A4014@tmp.com.br>
	<eorp52$b04$3@sea.gmane.org>
	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>
	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>
	<45B4C64B.9080908@pixelhammer.com>
	<Pine.LNX.4.64.0701231920510.10332@ebfjryy.nhfvpf.arg>
Message-ID: <Pine.LNX.4.64.0701231928040.10332@ebfjryy.nhfvpf.arg>

On Tue, 23 Jan 2007, Res wrote:

> On Mon, 22 Jan 2007, DAve wrote:
>
>> Real contracts are handled via Fed-Ex overnight
>
> sorry they dont exist in this country :)
>


Also, its common for a corporations to obtain clarifications, wow things 
will get sorted out fast waiting on overnight mail :) .. not.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From jlcostinha at halla.pt  Tue Jan 23 10:30:14 2007
From: jlcostinha at halla.pt (Jorge Costinha)
Date: Tue Jan 23 09:33:13 2007
Subject: Notify sender of viruses Only when they belong to my
	internal network
In-Reply-To: <45B4F803.1010809@fsl.com>
References: <210065444.20070122163102@halla.pt> <45B4F803.1010809@fsl.com>
Message-ID: <761356861.20070123093014@halla.pt>

i got it Steve,

     my default setting was

  Silent Viruses =  HTML-IFRAME All-Viruses

which means, all emails containing any viruses sent to my network their respective senders would not get notify, exception made for HTML-IFRAME.
I also had "Delivery Silent Viruses = no" which cause the "vanishing" of those internal emails, password protected. This explains why neither Sender or recipient got any warning.

This option have precedence than "Notify Senders of Viruses = yes". 


thanks to you i solve the problem this way:

Silent Viruses =  HTML-IFRAME
Delivery Silent Viruses = %rules-dir%/NotifyVirusRecipients.rules
Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules


contents of NotifyVirusSenders.rules

 From:            192.168.10.        yes
 FromOrTo:        Default            no

contents of NotifyVirusRecipients.rules

 FromOrTo:        192.168.10.        yes
 FromOrTo:        Default            no

Viruses Senders : from internal network they get a notification, from external they wont.
Recipients: from internal network they will be warned of the attempt, from external they wont.

once again, thanks a lot for your help!

Best Regards,

Jorge Costinha


> Jorge,

> Jorge Costinha wrote:
>> greatings all,



>> here what i have tried, unsuccessful:


>> in Mailscanner.conf
>> Notify Senders of Viruses = %rules-dir%/NotifyVirusSenders.rules

>> contents of NotifyVirusSenders.rules

>> From:                192.168.10.        yes
>> FromOrTo:        Default        no

>> ive tried change the ip to my domain, something like

>> From: *@mydomain.com <mailto:*@mydomain.com> yes 

>> didnt work. the purpose of this started when someone inside my network 
>> sent an excel password-protected file. The email wasnt delivered and the 
>> sender didnt get any notification. I figure that internal users should 
>> be receive notifications. if anyone has a better idead, i would 
>> appreciate. Anyway, i cant seem to identify the problem. 

> Check your setting for 'Silent Viruses' and read up on what this option
> does, you'll probably need a ruleset on this which returns a blank value
> for 192.168.10.

> Cheers,
> Steve.
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner

> Before posting, read http://wiki.mailscanner.info/posting

> Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by HCC MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070123/1c0ca0e4/attachment-0001.html
From Chris.Kimpton at rabobank.com  Tue Jan 23 10:37:19 2007
From: Chris.Kimpton at rabobank.com (Kimpton, C (Chris))
Date: Tue Jan 23 09:40:00 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com>
References: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com>
	<2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com>
Message-ID: <5721CE352874114C9AD537E34C447392078077@lons124012.eu.rabonet.com>

Hi,

Thanks for that - and apologies for not finding that entry myself  :-(

Although I am now running it that way - the check_Mailscanner output is
this:

nog MailScanner # check_MailScanner
Starting MailScanner...
In Debugging mode, not forking...


And nothing else...

In /var/log/messages, I have this:

Jan 23 09:33:31 nog MailScanner[9547]: MailScanner E-Mail Virus Scanner
version 4.57.6 starting...
Jan 23 09:33:32 nog MailScanner[9547]: Read 759 hostnames from the
phishing whitelist
Jan 23 09:33:32 nog MailScanner[9547]: lock.pl sees Config  LockType =
posix
Jan 23 09:33:32 nog MailScanner[9547]: lock.pl sees have_module =  0
Jan 23 09:33:32 nog MailScanner[9547]: Using locktype = posix
Jan 23 09:33:32 nog MailScanner[9547]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Jan 23 09:33:32 nog MailScanner[9547]: New Batch: Found 121 messages
waiting
Jan 23 09:33:32 nog MailScanner[9547]: New Batch: Scanning 30 messages,
320887 bytes
Jan 23 09:33:32 nog MailScanner[9547]: Created attachment dirs for 30
messages
Jan 23 09:33:32 nog MailScanner[9547]: Spam Checks: Starting
Jan 23 09:33:43 nog MailScanner[9547]: RBL Checks: returned 0
Jan 23 09:33:54 nog MailScanner[9547]: RBL Checks: returned 0
Jan 23 09:34:02 nog MailScanner[9547]: RBL Checks: returned 0
Jan 23 09:34:13 nog MailScanner[9547]: RBL Checks: returned 0
Jan 23 09:34:24 nog MailScanner[9547]: RBL Checks: returned 0
Jan 23 09:34:32 nog MailScanner[9547]: RBL Checks: returned 0 

The debug flags are set for MailScanner

nog MailScanner # grep Debug /etc/MailScanner/MailScanner.conf
# Set Debug to "yes" to stop it running as a daemon and just process
Debug = yes
Debug SpamAssassin = yes

And only the incoming mta is running.

Any thoughts?


Thanks in advance,
Chris

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: 23 January 2007 09:25
To: MailScanner discussion
Subject: RE: Help: waiting for children to die: Process did not exit
cleanly

Chris

Yes..

http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot
:mailscanner&s=debug



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- 
> bounces@lists.mailscanner.info] On Behalf Of Kimpton, C (Chris)
> Sent: 23 January 2007 09:17
> To: mailscanner@lists.mailscanner.info
> Subject: Help: waiting for children to die: Process did not exit
cleanly
>
> Hi,
>
> I am running MailScanner on gentoo (using the sunrise overlay) -
version
> 4.57.6 .
>
> It was working ok a few versions back, but I now get this error in the
> logs:
>
>   MailScanner: waiting for children to die: Process did not exit
cleanly,
> returned 25 (and 9) with signal 0
>
> Like this:
>
> Jan 23 09:09:35 nog MailScanner[8045]: MailScanner E-Mail Virus
Scanner
> version 4.57.6 starting...
> Jan 23 09:09:36 nog MailScanner[8045]: Read 759 hostnames from the 
> phishing whitelist Jan 23 09:09:36 nog MailScanner[8045]: Using 
> locktype = posix Jan 23 09:09:36 nog MailScanner[8045]: Creating 
> hardcoded struct_flock subroutine for linux (Linux-type) Jan 23 
> 09:09:36 nog MailScanner[8045]: New Batch: Found 119 messages waiting 
> Jan 23 09:09:36 nog MailScanner[8045]: New Batch: Scanning 30
messages,
> 242846 bytes
> Jan 23 09:09:36 nog MailScanner[8045]: Spam Checks: Starting Jan 23 
> 09:09:40 nog MailScanner: waiting for children to die: Process
did
> not exit cleanly, returned 9 with signal 0 Jan 23 09:09:40 nog 
> MailScanner[8053]: MailScanner E-Mail Virus
Scanner
> version 4.57.6 starting...
> Jan 23 09:09:41 nog MailScanner[8053]: Read 759 hostnames from the 
> phishing whitelist Jan 23 09:09:41 nog MailScanner[8053]: Using 
> locktype = posix Jan 23 09:09:41 nog MailScanner[8053]: Creating 
> hardcoded struct_flock subroutine for linux (Linux-type) Jan 23 
> 09:09:41 nog MailScanner[8053]: New Batch: Found 119 messages waiting 
> Jan 23 09:09:41 nog MailScanner[8053]: New Batch: Scanning 29
messages,
> 194591 bytes
> Jan 23 09:09:41 nog MailScanner[8053]: Spam Checks: Starting Jan 23 
> 09:09:45 nog MailScanner: waiting for children to die: Process
did
> not exit cleanly, returned 25 with signal 0 Jan 23 09:09:45 nog 
> MailScanner[8056]: MailScanner E-Mail Virus
Scanner
> version 4.57.6 starting...
> Jan 23 09:09:46 nog MailScanner[8056]: Read 759 hostnames from the 
> phishing whitelist Jan 23 09:09:46 nog MailScanner[8056]: Using 
> locktype = posix Jan 23 09:09:46 nog MailScanner[8056]: Creating 
> hardcoded struct_flock subroutine for linux (Linux-type) Jan 23 
> 09:10:56 nog MailScanner[31093]: Disabled RBL SBL+XBL as
reached
> 7/10 timeouts
>
> Is there any extra debug I can turn on - or another log file to look
at?
>
> Or an install integrity check?  Perhaps one of the upgrades did not go

> smoothly and its in an inconsistent state...
>
> Thanks,
> Chris
>
>
> ________________________________
>
> This email (including any attachments to it) is confidential, legally 
> privileged, subject to copyright and is sent for the personal
attention of
> the intended recipient only. If you have received this email in error,

> please advise us immediately and delete it. You are notified that 
> disclosing, copying, distributing or taking any action in reliance on
the
> contents of this information is strictly prohibited. Although we have 
> taken reasonable precautions to ensure no viruses are present in this 
> email, we cannot accept responsibility for any loss or damage arising
from
> the viruses in this email or attachments. We exclude any liability for
the
> content of this email, or for the consequences of any actions taken on
the
> basis of the information provided in this email or its attachments,
unless
> that information is subsequently confirmed in writing. If this email 
> contains an offer, that should be considered as an invitation to
treat.
> ________________________________
>





**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error you
must take no action based on them, nor must you copy or show them to
anyone. Please advise the sender by replying to this e-mail immediately
and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales (Company
No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5
1RU, United Kingdom
**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From glenn.steen at gmail.com  Tue Jan 23 10:38:57 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 09:41:39 2007
Subject: Spam slipping through
In-Reply-To: <45B538AA.4070206@pacific.net>
References: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>
	<Pine.LNX.4.64.0701191523480.15122@control.prolocation.net>
	<45B538AA.4070206@pacific.net>
Message-ID: <223f97700701230138i7844eb78s8a0bbab6b8e57436@mail.gmail.com>

On 22/01/07, Ken A <ka@pacific.net> wrote:
> Raymond Dijkxhoorn wrote:
> > Hi!
> >
> >> I'm not sure if this is a MailScanner problem or a SpamAssassin problem,
> >> but someone here will at least be able to help me narrow it down.  I am
> >> running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix 2.3.6
> >> and I'm running SpamAssassin 3.1.7.
> >
> > So you need more rules. Or make own rules. Spammers are getting smarter,
> > so also you need to do more ;)
>
> Yeah, I'm finding myself spending more time adding and removing local
> rules than I'd like. Rules_du_jour and sa-update are good for trends in
> spam, and Bayes, Razor and DCC are helpful, but these blasts of easy to
> catch spam that don't hit many rules are a real PITA.
>
> Spammers are succeeding when they can hit you hard and fast with some
> simple ascii and bayes poisoning junk. If you don't have a rule in place
> pretty quickly, you can see quite a few go through...

We can be fairly certain they've become more proficient at using SA on
their own spam to ensure ti doesn't trigegr a truckload of rules, yes.
Unfortunately this means we can't avoid this "local temporary rules"
work. Sigh.

> My approach is to make adding and removing rules as easy as possible, so
> that if I get a few "Re: now ..." in the subject (todays' flavor), I can
> quickly block them.
>
> It still requires some banging on the keyboard. No point and click or
> telepathic solutions yet.. (patent pending...) .. heh heh..
UCEdetection by ESP... What a concept:-). Looking forward to the first beta;-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 23 11:12:46 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 10:15:29 2007
Subject: [OT] McAfee Update to DAT 4945 not working
In-Reply-To: <ep3djb$hqg$2@sea.gmane.org>
References: <86144ED6CE5B004DA23E1EAC0B569B5801768226@isabella.herefordshire.gov.uk>
	<ep3djb$hqg$2@sea.gmane.org>
Message-ID: <223f97700701230212l7b67a6f8o81be52dbdfcbd0c7@mail.gmail.com>

On 22/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> Randal, Phil spake the following on 1/22/2007 1:43 PM:
> > Folks, the update.ini in
> > http://download.nai.com/products/datfiles/4.x/nai still says the DAT
> > version is 4944, and not the expected 4945.
> >
> >
> >
> > I'd recommend manually downloading today's DAT file.
> >
> >
> >
> > Cheers,
> >
> >
> >
> > Phil
> >
> Looks to be resolved now.
>
Well, I'm not sure the mirrors are OK yet. I've got one machine set to
get it's updates from the speedownload site and the rest to the
default download site... The default ones hadn't gotten it just a
moment or two ago, while the speedownload one had. So ... At least
checking still seems to be the prudent thing to do (shame on me for
being a tad lax here... Prioritising things like sleep, food and
work:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 23 12:41:46 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 11:44:29 2007
Subject: Mqueue.in huge
In-Reply-To: <200701230928.l0N9SSN6015729@netra.database.it>
References: <223f97700701221041p5d24ab95oacb8fde45e90c9c9@mail.gmail.com>
	<200701230928.l0N9SSN6015729@netra.database.it>
Message-ID: <223f97700701230341m52c72d43t58d9fd69e4ac2b39@mail.gmail.com>

On 23/01/07, Marcello Anderlini <m.anderlini@database.it> wrote:
> Thanks for your answer.
> I've checked in in /root/.spamassassin and I found just this files.
>
> -rw-------  1 root root 168087552 Jan 23 10:24 auto-whitelist
> -rw-------  1 root root     97320 Jan 23 10:24 bayes_journal
> -rw-------  1 root root 172904448 Jan 23 10:24 bayes_seen
> -rw-------  1 root root 322408448 Jan 23 10:24 bayes_toks

Ok, no expire files there.... not that problem then:-).

> This it's an extract of my Mailscanner.conf
> ==========================================================
> Spam Score = yes
> Cache SpamAssassin Results = yes
> SpamAssassin Cache Database File =
> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> Rebuild Bayes Every = 0
> Wait During Bayes Rebuild = no
> ==========================================================
> It's correct ? Should I change something ? Maybe try to use an other
> spamlist ?
You could go for a force expire solution anyway. But you don't really
have to, no.

Next thing to check is if something takes a lot of time completing...
Simplest is to run a test message through (so that you would get the
network tests too) spamassassin. That way you'll see if any of the
digest tests (both Pyzor and DCC have been known to mess things up (in
different ways:)), or BLs, or individual rules seem to take forever.
If you have MailWatch, it has a very nice "timed breakdown" of a lint
run, but unfortunately this will not help you (since you are runnig
3.1.7, which has the network tests turned off for the --lint test).
Did you use Pyzor? Do you use the "alternate" sever at
82.94.255.100:24441
... The default one always seem to time out, this doesn't, so use this one.

Martin Hepworth have posted a few BLs he "habitually" turns off in
SpamAssassin, search the list archives for those... Might help you.
Also look for DCC timeout problems (I don't rightly recall what that
was about... Centered on dccifd IIRC).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 23 12:50:38 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 11:53:21 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <5721CE352874114C9AD537E34C447392078077@lons124012.eu.rabonet.com>
References: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com>
	<2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com>
	<5721CE352874114C9AD537E34C447392078077@lons124012.eu.rabonet.com>
Message-ID: <223f97700701230350y5046ba59u52c7b2f54fd1f9f7@mail.gmail.com>

On 23/01/07, Kimpton, C (Chris) <Chris.Kimpton@rabobank.com> wrote:
> Hi,
>
> Thanks for that - and apologies for not finding that entry myself  :-(
>
> Although I am now running it that way - the check_Mailscanner output is
> this:
>
> nog MailScanner # check_MailScanner
> Starting MailScanner...
> In Debugging mode, not forking...
>
>
> And nothing else...
>
> In /var/log/messages, I have this:
>
> Jan 23 09:33:31 nog MailScanner[9547]: MailScanner E-Mail Virus Scanner
> version 4.57.6 starting...
> Jan 23 09:33:32 nog MailScanner[9547]: Read 759 hostnames from the
> phishing whitelist
> Jan 23 09:33:32 nog MailScanner[9547]: lock.pl sees Config  LockType =
> posix
> Jan 23 09:33:32 nog MailScanner[9547]: lock.pl sees have_module =  0
> Jan 23 09:33:32 nog MailScanner[9547]: Using locktype = posix
> Jan 23 09:33:32 nog MailScanner[9547]: Creating hardcoded struct_flock
> subroutine for linux (Linux-type)
> Jan 23 09:33:32 nog MailScanner[9547]: New Batch: Found 121 messages
> waiting
> Jan 23 09:33:32 nog MailScanner[9547]: New Batch: Scanning 30 messages,
> 320887 bytes
> Jan 23 09:33:32 nog MailScanner[9547]: Created attachment dirs for 30
> messages
> Jan 23 09:33:32 nog MailScanner[9547]: Spam Checks: Starting
> Jan 23 09:33:43 nog MailScanner[9547]: RBL Checks: returned 0
> Jan 23 09:33:54 nog MailScanner[9547]: RBL Checks: returned 0
> Jan 23 09:34:02 nog MailScanner[9547]: RBL Checks: returned 0
> Jan 23 09:34:13 nog MailScanner[9547]: RBL Checks: returned 0
> Jan 23 09:34:24 nog MailScanner[9547]: RBL Checks: returned 0
> Jan 23 09:34:32 nog MailScanner[9547]: RBL Checks: returned 0
>
> The debug flags are set for MailScanner
>
> nog MailScanner # grep Debug /etc/MailScanner/MailScanner.conf
> # Set Debug to "yes" to stop it running as a daemon and just process
> Debug = yes
> Debug SpamAssassin = yes
>
> And only the incoming mta is running.
>
> Any thoughts?
>
>
> Thanks in advance,
> Chris

And it isn't moving things out of the incoming queue into the outgoing
queue qt all?

What BLs do you have specified in "Spam List" (and possibly "Spam
Domain List") in MailScanner.conf?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From prandal at herefordshire.gov.uk  Tue Jan 23 13:13:06 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jan 23 12:18:13 2007
Subject: Mqueue.in huge
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B581237BD96@isabella.herefordshire.gov.uk>

Glenn Steen wrote:
> Martin Hepworth have posted a few BLs he "habitually" turns off in
> SpamAssassin, search the list archives for those... Might help you.
> Also look for DCC timeout problems (I don't rightly recall what that
> was about... Centered on dccifd IIRC).
> 
> Cheers
> --
> -- Glenn

Martin's list is here for those struggling to find it:

  http://thread.gmane.org/gmane.mail.virus.mailscanner/41826/focus=41827

Cheers,

Phil
-- 
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From martinh at solidstatelogic.com  Tue Jan 23 13:20:05 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 23 12:23:01 2007
Subject: Mqueue.in huge
In-Reply-To: <223f97700701230341m52c72d43t58d9fd69e4ac2b39@mail.gmail.com>
Message-ID: <c9963cc095918142a1b9e26b969c4d97@solidstatelogic.com>


It's true I did post this list.

I turn just about RBL off in spamassassin, only running a couple..

It's basically of turning on the RBLs

In /etc/mail/spamassassin/mailscanner.cf..

# skip_rbl_checks 1   (make sure this is commented out)


Then changing the score to zero of the ones you DON'T want to run

Find these in 20_dnsbl_tests.cf, then in mailscanner.cf

score RCVD_IN_SBL 0.0
score RCVD_IN_XBL 0.0
score __RCVD_IN_NJABL 0.0



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: 23 January 2007 11:42
> To: MailScanner discussion
> Subject: Re: Mqueue.in huge
>
> On 23/01/07, Marcello Anderlini <m.anderlini@database.it> wrote:
> > Thanks for your answer.
> > I've checked in in /root/.spamassassin and I found just this files.
> >
> > -rw-------  1 root root 168087552 Jan 23 10:24 auto-whitelist
> > -rw-------  1 root root     97320 Jan 23 10:24 bayes_journal
> > -rw-------  1 root root 172904448 Jan 23 10:24 bayes_seen
> > -rw-------  1 root root 322408448 Jan 23 10:24 bayes_toks
>
> Ok, no expire files there.... not that problem then:-).
>
> > This it's an extract of my Mailscanner.conf
> > ==========================================================
> > Spam Score = yes
> > Cache SpamAssassin Results = yes
> > SpamAssassin Cache Database File =
> > /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> > Rebuild Bayes Every = 0
> > Wait During Bayes Rebuild = no
> > ==========================================================
> > It's correct ? Should I change something ? Maybe try to use an other
> > spamlist ?
> You could go for a force expire solution anyway. But you don't really
> have to, no.
>
> Next thing to check is if something takes a lot of time completing...
> Simplest is to run a test message through (so that you would get the
> network tests too) spamassassin. That way you'll see if any of the
> digest tests (both Pyzor and DCC have been known to mess things up (in
> different ways:)), or BLs, or individual rules seem to take forever.
> If you have MailWatch, it has a very nice "timed breakdown" of a lint
> run, but unfortunately this will not help you (since you are runnig
> 3.1.7, which has the network tests turned off for the --lint test).
> Did you use Pyzor? Do you use the "alternate" sever at
> 82.94.255.100:24441
> ... The default one always seem to time out, this doesn't, so use this
> one.
>
> Martin Hepworth have posted a few BLs he "habitually" turns off in
> SpamAssassin, search the list archives for those... Might help you.
> Also look for DCC timeout problems (I don't rightly recall what that
> was about... Centered on dccifd IIRC).
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From Chris.Kimpton at rabobank.com  Tue Jan 23 13:22:33 2007
From: Chris.Kimpton at rabobank.com (Kimpton, C (Chris))
Date: Tue Jan 23 12:25:43 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <223f97700701230350y5046ba59u52c7b2f54fd1f9f7@mail.gmail.com>
References: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com><2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com><5721CE352874114C9AD537E34C447392078077@lons124012.eu.rabonet.com>
	<223f97700701230350y5046ba59u52c7b2f54fd1f9f7@mail.gmail.com>
Message-ID: <5721CE352874114C9AD537E34C44739207807D@lons124012.eu.rabonet.com>

Hi,
 

> And it isn't moving things out of the incoming queue into the outgoing
queue qt all?

I don't think so - but my knowledge of sendmail is not that deep - mailq
and mailq -Ac both say the queues are empty and they seem to be
reporting on the same queues that my sendmail processes say they are
using.

> What BLs do you have specified in "Spam List" (and possibly "Spam
Domain List") in MailScanner.conf?

These:

Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk)

Spam Domain List =


Tried commenting out the Spam List entry - but that does not seem to
help.


Thanks,
Chris
_____________________________________________________________

This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat.
_____________________________________________________________
From martinh at solidstatelogic.com  Tue Jan 23 13:30:36 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 23 12:33:38 2007
Subject: Mqueue.in huge
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B581237BD96@isabella.herefordshire.gov.uk>
Message-ID: <99f027de0894c14cb085a0f612b75ccb@solidstatelogic.com>

Hmm that needs updating for 3.1.7 and things like the new zen list....

Best to do this yourself with a "grep header
<path-to>/20_dnsbl_tests.cf"...

Eg if your running 3.1.7 and you've sa-update-ed (which I hope you
have)...

grep header /var/lib/spamassassin/3.001007/updates_spamassassin_org
/20_dnsbl_tests.cf | cut -f2 -d ' ' | cut -f1


(all one line of course)

The use these labels to rebuild the score list...remove anything like
'header' from the list..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Randal, Phil
> Sent: 23 January 2007 12:13
> To: MailScanner discussion
> Subject: RE: Mqueue.in huge
>
> Glenn Steen wrote:
> > Martin Hepworth have posted a few BLs he "habitually" turns off in
> > SpamAssassin, search the list archives for those... Might help you.
> > Also look for DCC timeout problems (I don't rightly recall what that
> > was about... Centered on dccifd IIRC).
> >
> > Cheers
> > --
> > -- Glenn
>
> Martin's list is here for those struggling to find it:
>
>
http://thread.gmane.org/gmane.mail.virus.mailscanner/41826/focus=41827
>
> Cheers,
>
> Phil
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From martinh at solidstatelogic.com  Tue Jan 23 13:31:26 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 23 12:34:15 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <5721CE352874114C9AD537E34C44739207807D@lons124012.eu.rabonet.com>
Message-ID: <7e2ac0feb390fd48befda9831bdcb598@solidstatelogic.com>

Hmm

I wonder is this is fallout from the SBL+XBL list being moved to ZEN..



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Kimpton, C (Chris)
> Sent: 23 January 2007 12:23
> To: MailScanner discussion
> Subject: RE: Help: waiting for children to die: Process did not exit
> cleanly
>
> Hi,
>
>
> > And it isn't moving things out of the incoming queue into the
outgoing
> queue qt all?
>
> I don't think so - but my knowledge of sendmail is not that deep -
mailq
> and mailq -Ac both say the queues are empty and they seem to be
> reporting on the same queues that my sendmail processes say they are
> using.
>
> > What BLs do you have specified in "Spam List" (and possibly "Spam
> Domain List") in MailScanner.conf?
>
> These:
>
> Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk)
>
> Spam Domain List =
>
>
> Tried commenting out the Spam List entry - but that does not seem to
> help.
>
>
> Thanks,
> Chris
> _____________________________________________________________
>
> This email (including any attachments to it) is confidential, legally
> privileged, subject to copyright and is sent for the personal
attention of
> the intended recipient only. If you have received this email in error,
> please advise us immediately and delete it. You are notified that
> disclosing, copying, distributing or taking any action in reliance on
the
> contents of this information is strictly prohibited. Although we have
> taken reasonable precautions to ensure no viruses are present in this
> email, we cannot accept responsibility for any loss or damage arising
from
> the viruses in this email or attachments. We exclude any liability for
the
> content of this email, or for the consequences of any actions taken on
the
> basis of the information provided in this email or its attachments,
unless
> that information is subsequently confirmed in writing. If this email
> contains an offer, that should be considered as an invitation to
treat.
> _____________________________________________________________
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From glenn.steen at gmail.com  Tue Jan 23 13:58:15 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 13:00:58 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <7e2ac0feb390fd48befda9831bdcb598@solidstatelogic.com>
References: <5721CE352874114C9AD537E34C44739207807D@lons124012.eu.rabonet.com>
	<7e2ac0feb390fd48befda9831bdcb598@solidstatelogic.com>
Message-ID: <223f97700701230458v241b62cfu88f7335794704c76@mail.gmail.com>

On 23/01/07, Martin.Hepworth <martinh@solidstatelogic.com> wrote:
> Hmm
>
> I wonder is this is fallout from the SBL+XBL list being moved to ZEN..
>
If so, shuldn't we all (that use SBL-XBL) be seeing this? Hm, gotta
check... No, I don't see this, and I use SBL-XBL in MS.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From support-lists at petdoctors.co.uk  Tue Jan 23 13:59:31 2007
From: support-lists at petdoctors.co.uk (Nigel Kendrick)
Date: Tue Jan 23 13:02:23 2007
Subject: My scripting talent is sadly failing...
Message-ID: <008f01c73eee$530232a0$3c65a8c0@support01>

Hi Folks,

I have put together the following one-liner to re-submit all emails sent to
me from an archive folder - it works EXCEPT that the 'echo/cut' command is
not removing the file extension from the file name and so the emails are not
processed in the queue. Would someone kindly have a look and educate me!! 

grep -l 'To: <nigel.kendrick' * | xargs -t -i bash -c "chmod 700 {} ; cp {}
/var/spool/postfix/hold/`echo {} | cut -d . -f 1` "

Many thanks

Nigel Kendrick

From martinh at solidstatelogic.com  Tue Jan 23 14:03:33 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 23 13:06:24 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <223f97700701230458v241b62cfu88f7335794704c76@mail.gmail.com>
Message-ID: <1ff9b8b5449bed4da78b71110c06a031@solidstatelogic.com>

Glenn

This is true - just wondering....could be the start of things..?!?!?




--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Glenn Steen
> Sent: 23 January 2007 12:58
> To: MailScanner discussion
> Subject: Re: Help: waiting for children to die: Process did not exit
> cleanly
>
> On 23/01/07, Martin.Hepworth <martinh@solidstatelogic.com> wrote:
> > Hmm
> >
> > I wonder is this is fallout from the SBL+XBL list being moved to
ZEN..
> >
> If so, shuldn't we all (that use SBL-XBL) be seeing this? Hm, gotta
> check... No, I don't see this, and I use SBL-XBL in MS.
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From glenn.steen at gmail.com  Tue Jan 23 14:03:44 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 13:06:27 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <5721CE352874114C9AD537E34C44739207807D@lons124012.eu.rabonet.com>
References: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com>
	<2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com>
	<5721CE352874114C9AD537E34C447392078077@lons124012.eu.rabonet.com>
	<223f97700701230350y5046ba59u52c7b2f54fd1f9f7@mail.gmail.com>
	<5721CE352874114C9AD537E34C44739207807D@lons124012.eu.rabonet.com>
Message-ID: <223f97700701230503j7ff5524dsa01e029caa42c48b@mail.gmail.com>

On 23/01/07, Kimpton, C (Chris) <Chris.Kimpton@rabobank.com> wrote:
> Hi,
>
>
> > And it isn't moving things out of the incoming queue into the outgoing
> queue qt all?
>
> I don't think so - but my knowledge of sendmail is not that deep - mailq
> and mailq -Ac both say the queues are empty and they seem to be
> reporting on the same queues that my sendmail processes say they are
> using.

Ok, I'm certainly no Sendmail guru, but I think those are both looking
ath the "post MailScanner" queue.

> > What BLs do you have specified in "Spam List" (and possibly "Spam
> Domain List") in MailScanner.conf?
>
> These:
>
> Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk)

Remove ORDB-RBL from that, it is dead since a while (rather recently),
and restart MS. Might have something to do with this.

> Spam Domain List =
>
>
> Tried commenting out the Spam List entry - but that does not seem to
> help.
>
If you comment it out that is the same as using the defaults (which
might not be empty!). "MailScanner --changed" might give you a clue as
to what has been changed from the defaults here. Hm, no... the default
seem to be empty here, so that might not be it. You restarted/reloaded
MailScanner after the change, did you?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 23 14:21:27 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 13:24:09 2007
Subject: My scripting talent is sadly failing...
In-Reply-To: <008f01c73eee$530232a0$3c65a8c0@support01>
References: <008f01c73eee$530232a0$3c65a8c0@support01>
Message-ID: <223f97700701230521g18039d68gb0bacbc35ee457bb@mail.gmail.com>

On 23/01/07, Nigel Kendrick <support-lists@petdoctors.co.uk> wrote:
> Hi Folks,
>
> I have put together the following one-liner to re-submit all emails sent to
> me from an archive folder - it works EXCEPT that the 'echo/cut' command is
> not removing the file extension from the file name and so the emails are not
> processed in the queue. Would someone kindly have a look and educate me!!
>
> grep -l 'To: <nigel.kendrick' * | xargs -t -i bash -c "chmod 700 {} ; cp {}
> /var/spool/postfix/hold/`echo {} | cut -d . -f 1` "
>
> Many thanks
>
> Nigel Kendrick
>
A bit off-topic, but what the...:-).
You're not that far off. Observe:
# echo 123456789.12345|xargs -t -i bash -c "echo chmod 700 {} ; echo
cp {} `echo {} | cut -d . -f1` "
bash -c echo chmod 700 123456789.12345 ; echo cp 123456789.12345
123456789.12345
chmod 700 123456789.12345
cp 123456789.12345 123456789.12345
# echo 123456789.12345|xargs -t -i bash -c 'echo chmod 700 {} ; echo
cp {} `echo {} | cut -d . -f1` '
bash -c echo chmod 700 123456789.12345 ; echo cp 123456789.12345 `echo
123456789.12345 | cut -d . -f1`
chmod 700 123456789.12345
cp 123456789.12345 123456789
#

Problem is _which_ shell interpretes the quoted stuff or not. With
single quotes you make sure that the one called by xargs is the one.

Now, you need make sure those queue files are owned by your PF user
too, else they will just sit there:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 23 14:24:09 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 13:26:54 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <1ff9b8b5449bed4da78b71110c06a031@solidstatelogic.com>
References: <223f97700701230458v241b62cfu88f7335794704c76@mail.gmail.com>
	<1ff9b8b5449bed4da78b71110c06a031@solidstatelogic.com>
Message-ID: <223f97700701230524l5004f9e7h9a8ff0c1cc4a26d0@mail.gmail.com>

On 23/01/07, Martin.Hepworth <martinh@solidstatelogic.com> wrote:
> Glenn
>
> This is true - just wondering....could be the start of things..?!?!?
>
Lets hope not:-)... Fingers crossed and all...:-)
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From dave.list at pixelhammer.com  Tue Jan 23 14:47:34 2007
From: dave.list at pixelhammer.com (DAve)
Date: Tue Jan 23 13:50:22 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased Volumes
 Of Spam)
In-Reply-To: <Pine.LNX.4.64.0701231928040.10332@ebfjryy.nhfvpf.arg>
References: <eoj58c$hrn$1@sea.gmane.org>
	<20070119220533.A4014@tmp.com.br>	<eorp52$b04$3@sea.gmane.org>	<F22ADF5C-313F-44F3-865E-B2FE1145CEE0@nkpanama.com>	<Pine.LNX.4.64.0701210707210.15527@ebfjryy.nhfvpf.arg>	<45B4C64B.9080908@pixelhammer.com>	<Pine.LNX.4.64.0701231920510.10332@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701231928040.10332@ebfjryy.nhfvpf.arg>
Message-ID: <45B611F6.6060905@pixelhammer.com>

Res wrote:
> On Tue, 23 Jan 2007, Res wrote:
> 
>> On Mon, 22 Jan 2007, DAve wrote:
>>
>>> Real contracts are handled via Fed-Ex overnight
>>
>> sorry they dont exist in this country :)
>>
> 
> Also, its common for a corporations to obtain clarifications, wow things 
> will get sorted out fast waiting on overnight mail :) .. not.
> 

That is exactly why there is no one all encompassing solution to the 
problem of spam. I chuckle when I read postings that claim there are. 
Client business models differ, client expectations differ, client mail 
trends differ as well. Differences are cultural, geographical, and other 
things I haven't thought of.

MailScanner is an excellent solution because it provides tools that suit 
our network and clients without forcing your network and clients to our 
model. Choices are cool, Julian gives us choices.

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
From mike at tc3net.com  Tue Jan 23 14:52:38 2007
From: mike at tc3net.com (Michael Baird)
Date: Tue Jan 23 13:53:14 2007
Subject: My scripting talent is sadly failing...
In-Reply-To: <008f01c73eee$530232a0$3c65a8c0@support01>
References: <008f01c73eee$530232a0$3c65a8c0@support01>
Message-ID: <1169560359.21702.6.camel@localhost>

On Tue, 2007-01-23 at 12:59 +0000, Nigel Kendrick wrote:
> Hi Folks,
> 
> I have put together the following one-liner to re-submit all emails sent to
> me from an archive folder - it works EXCEPT that the 'echo/cut' command is
> not removing the file extension from the file name and so the emails are not
> processed in the queue. Would someone kindly have a look and educate me!! 
> 
> grep -l 'To: <nigel.kendrick' * | xargs -t -i bash -c "chmod 700 {} ; cp {}
> /var/spool/postfix/hold/`echo {} | cut -d . -f 1` "

The syntax I use for a restore is the following (within a perl script),
and using sendmail.

system("find $line -name 'q*'| xargs grep -w $username | awk -F :
'{print $1}' | sort -u | sed 's/\\/qf/\\/?f/' > /tmp/queuefiles");

This gives me a list of the queuefile names, which I read within another
loop in the script and submit to the queue.

Regards
Michael Baird


From matt at coders.co.uk  Tue Jan 23 15:28:40 2007
From: matt at coders.co.uk (Matt Hampton)
Date: Tue Jan 23 14:31:38 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <223f97700701230503j7ff5524dsa01e029caa42c48b@mail.gmail.com>
References: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com>	<2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com>	<5721CE352874114C9AD537E34C447392078077@lons124012.eu.rabonet.com>	<223f97700701230350y5046ba59u52c7b2f54fd1f9f7@mail.gmail.com>	<5721CE352874114C9AD537E34C44739207807D@lons124012.eu.rabonet.com>
	<223f97700701230503j7ff5524dsa01e029caa42c48b@mail.gmail.com>
Message-ID: <45B61B98.6070104@coders.co.uk>

Glenn Steen wrote:
> On 23/01/07, Kimpton, C (Chris) <Chris.Kimpton@rabobank.com> wrote:
>> Hi,
>>
>>
>> > And it isn't moving things out of the incoming queue into the outgoing
>> queue qt all?
>>
>> I don't think so - but my knowledge of sendmail is not that deep - mailq
>> and mailq -Ac both say the queues are empty and they seem to be
>> reporting on the same queues that my sendmail processes say they are
>> using.
> 
> Ok, I'm certainly no Sendmail guru, but I think those are both looking
> ath the "post MailScanner" queue.
> 

Yep - the non Sendmail guru has it right:

# mailq

shows mail waiting for delivery

# mailq -OQueueDirectory=/var/spool/mqueue.in

will show the email waiting for processing (assuming that you have used
the default paths for MailScanner)

matt
From nerijusb at dtiltas.lt  Tue Jan 23 15:46:14 2007
From: nerijusb at dtiltas.lt (Nerijus Baliunas)
Date: Tue Jan 23 14:52:49 2007
Subject: Archive Mail vs High Scoring Spam Actions
Message-ID: <20070123144827.960AC1224AC@mx-b.vdnet.lt>

Hello,

I have
Archive Mail = %rules-dir%/archiving.rules
High Scoring Spam Actions = delete forward spamarchive@example.com

I want high scoring spam to go only to spamarchive@example.com,
bypassing archiving rules. The problem is, spam is archived by both
%rules-dir%/archiving.rules and goes to spamarchive@example.com.

Regards,
Nerijus

From Denis.Beauchemin at USherbrooke.ca  Tue Jan 23 15:49:33 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Tue Jan 23 14:53:04 2007
Subject: send infected files attachement to an adresse
In-Reply-To: <1169399848.45b3a028ba6db@imp.free.fr>
References: <1169399848.45b3a028ba6db@imp.free.fr>
Message-ID: <45B6207D.7020409@USherbrooke.ca>

liste.gug@free.fr a ?crit :
> Hi,
>
> I've done a smtp gateway with Mailscanner (spam and virus) under :
> * Debian Sarge
> * Postfix
> * MailScanner
> * SpamAssassin
> * Clamav
>
> Evrything works greats. My smtp gateway works well (transfer mail, scan,
> restriction on the rpt and sender, ...)
>
> Actually, when a virus is detected in a mail, Mailscanner send a notification to
> virus@.
>
> I'd like that Mailscanner send the infected attachement files with the
> notification. I can need thoses files latter for various taks on them.
>
> Do you known how to do it ?
>
> Thank you in advance,
>
> Ben.
>
>   
Ben,

I don't think you can do that.  What I'd do would be to quarantine those 
infected emails and consult them on the server.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070123/cfb69308/smime.bin
From shuttlebox at gmail.com  Tue Jan 23 16:01:08 2007
From: shuttlebox at gmail.com (shuttlebox)
Date: Tue Jan 23 15:03:52 2007
Subject: Archive Mail vs High Scoring Spam Actions
In-Reply-To: <20070123144827.960AC1224AC@mx-b.vdnet.lt>
References: <20070123144827.960AC1224AC@mx-b.vdnet.lt>
Message-ID: <625385e30701230701n6068301jf48ab3886e6f484f@mail.gmail.com>

On 1/23/07, Nerijus Baliunas <nerijusb@dtiltas.lt> wrote:
> Hello,
>
> I have
> Archive Mail = %rules-dir%/archiving.rules
> High Scoring Spam Actions = delete forward spamarchive@example.com
>
> I want high scoring spam to go only to spamarchive@example.com,
> bypassing archiving rules. The problem is, spam is archived by both
> %rules-dir%/archiving.rules and goes to spamarchive@example.com.

Those are separate functions so I doubt it can be avoided. There's an
option to keep the quarantine clean from viruses but not the archive
from spam. It's supposed to be an exact copy of how it was received,
no filtering or modification.

By the way, the "delete" action is redundant.

-- 
/peter
From glenn.steen at gmail.com  Tue Jan 23 16:10:34 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 23 15:13:17 2007
Subject: Archive Mail vs High Scoring Spam Actions
In-Reply-To: <20070123144827.960AC1224AC@mx-b.vdnet.lt>
References: <20070123144827.960AC1224AC@mx-b.vdnet.lt>
Message-ID: <223f97700701230710y1187eb85p17555b1e9c747331@mail.gmail.com>

On 23/01/07, Nerijus Baliunas <nerijusb@dtiltas.lt> wrote:
> Hello,
>
> I have
> Archive Mail = %rules-dir%/archiving.rules
> High Scoring Spam Actions = delete forward spamarchive@example.com
>
> I want high scoring spam to go only to spamarchive@example.com,
> bypassing archiving rules. The problem is, spam is archived by both
> %rules-dir%/archiving.rules and goes to spamarchive@example.com.
>
> Regards,
> Nerijus
>
Hi Nerijus,

IIRC this is a "non-solvable" thing. Jules has mandated in the past
that the Archive Mail setting will archive _all_ maill _in its
pristine and untouched form_ (well, as close as is possible). So the
archive is built by the _in_ message queue files, prior to any
scanning.

Only alternative is to go for "archive by quarantine" instead, AFAICS.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Chris.Kimpton at rabobank.com  Tue Jan 23 16:20:53 2007
From: Chris.Kimpton at rabobank.com (Kimpton, C (Chris))
Date: Tue Jan 23 15:23:37 2007
Subject: Help: waiting for children to die: Process did not exit cleanly
In-Reply-To: <223f97700701230503j7ff5524dsa01e029caa42c48b@mail.gmail.com>
References: <5721CE352874114C9AD537E34C447392078076@lons124012.eu.rabonet.com><2b06d98b13e53846acf78124caf1ce64@solidstatelogic.com><5721CE352874114C9AD537E34C447392078077@lons124012.eu.rabonet.com><223f97700701230350y5046ba59u52c7b2f54fd1f9f7@mail.gmail.com><5721CE352874114C9AD537E34C44739207807D@lons124012.eu.rabonet.com>
	<223f97700701230503j7ff5524dsa01e029caa42c48b@mail.gmail.com>
Message-ID: <5721CE352874114C9AD537E34C447392078084@lons124012.eu.rabonet.com>

Hi,

My production box is on MailScanner 4.50.15.1 and that's working fine.


I realised that I had spamassassin turned off and it was not even
installed.


Running it in debug now gives more info - ending in this error:

[11934] dbg: check: is spam? score=2.216 required=5
[11934] dbg: check:
tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS
,TO_CC_NONE
[11934] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,_
_SANE_MSGID,__UNUSABLE_MSGID
Ignore errors about failing to find EOCD signature
format error: can't find EOCD signature
 at /usr/sbin/MailScanner line 820
Undefined subroutine &MailScanner::Message::df called at
/usr/lib/MailScanner/MailScanner/Message.pm line 1715.


So it looks like an issue with statfs/df stuff is not being found for
Perl... Now to track down which Gentoo package has it or perhaps it's a
USE flag  ;-)

Ok - RTFM - I see there is g-cpan that can install Filesys::Df....

http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner#Installi
ng_of_Additional_Software

... And now its working - hurray.

Thanks for the help,
Chris

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn
Steen
Sent: 23 January 2007 13:04
To: MailScanner discussion
Subject: Re: Help: waiting for children to die: Process did not exit
cleanly

On 23/01/07, Kimpton, C (Chris) <Chris.Kimpton@rabobank.com> wrote:
> Hi,
>
>
> > And it isn't moving things out of the incoming queue into the 
> > outgoing
> queue qt all?
>
> I don't think so - but my knowledge of sendmail is not that deep - 
> mailq and mailq -Ac both say the queues are empty and they seem to be 
> reporting on the same queues that my sendmail processes say they are 
> using.

Ok, I'm certainly no Sendmail guru, but I think those are both looking
ath the "post MailScanner" queue.

> > What BLs do you have specified in "Spam List" (and possibly "Spam
> Domain List") in MailScanner.conf?
>
> These:
>
> Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk)

Remove ORDB-RBL from that, it is dead since a while (rather recently),
and restart MS. Might have something to do with this.

> Spam Domain List =
>
>
> Tried commenting out the Spam List entry - but that does not seem to 
> help.
>
If you comment it out that is the same as using the defaults (which
might not be empty!). "MailScanner --changed" might give you a clue as
to what has been changed from the defaults here. Hm, no... the default
seem to be empty here, so that might not be it. You restarted/reloaded
MailScanner after the change, did you?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
_____________________________________________________________

This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat.
_____________________________________________________________
From MailScanner at ecs.soton.ac.uk  Tue Jan 23 16:53:19 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 23 15:59:35 2007
Subject: 1 million downloads !!!
Message-ID: <45B62F6F.3000407@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MailScanner has now been downloaded over 1 million times!!!

Yay :-)


(Celebratory rounds of drinks should be in the form of Virgin wines gift 
vouchers :-)

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtjAKEfZZRxQVtlQRAs7jAKCDENpP1SWoG0e9767Ojv+p2b/xMgCeOlxD
ISRfjs6pyP4ixRv5V4Q8WtA=
=UGZ5
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Tue Jan 23 16:51:14 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 23 15:59:41 2007
Subject: New 4.58.5 beta released
Message-ID: <45B62EF2.1050501@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks!

I have just released a new beta, in anticipation of a stable release 
next week at the start of February.

*Please* can some of you try it and confirm whether it works or not. 
Please report problems direct to me as well as the mailing list.

Thanks all,

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtjAGEfZZRxQVtlQRApFyAKCrqSiGIKUOHni20P5z3lOySvBSDgCgt0Ec
2ic/GzsXZqkgOxcCAWo9aB0=
=4hdw
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From Rodney at rcrcomputing.com  Tue Jan 23 17:05:56 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Tue Jan 23 16:08:46 2007
Subject: 1 million downloads !!!
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404ADCF@server1.RCRComputing.local>

> 
> MailScanner has now been downloaded over 1 million times!!!
> 
> Yay :-)
> 
> 
> (Celebratory rounds of drinks should be in the form of Virgin wines
gift
> vouchers :-)
> 

Does it count the debian apt-get installs?  If not, the number may be
much higher..

(Currently server replacement testing)
Etch, postfix, mailscanner(debian unstable)

From jstevens at athensdistributing.com  Tue Jan 23 17:05:58 2007
From: jstevens at athensdistributing.com (James R. Stevens)
Date: Tue Jan 23 16:08:51 2007
Subject: 1 million downloads !!!
Message-ID: <1A65E6BAEADF9B4F865314484A13ECF16087DC@atlas.athensdistributing.com>

It's a great product. With good people and development behind it.
Congratulations. 

I'm in the US still wanting a few (5) nice polo shirts. Can ya help me
out. Can the website take US dollars now?

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: Tuesday, January 23, 2007 9:53 AM
To: MailScanner discussion
Subject: 1 million downloads !!!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MailScanner has now been downloaded over 1 million times!!!

Yay :-)


(Celebratory rounds of drinks should be in the form of Virgin wines gift
vouchers :-)

Jules

- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtjAKEfZZRxQVtlQRAs7jAKCDENpP1SWoG0e9767Ojv+p2b/xMgCeOlxD
ISRfjs6pyP4ixRv5V4Q8WtA=
=UGZ5
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.
For all your IT requirements visit www.transtec.co.uk

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and dangerous content by
Athens Hyperion Scanner, and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by Athens Hyperion Scanner, and is
believed to be clean.

From clacroix at cegep-ste-foy.qc.ca  Tue Jan 23 17:10:07 2007
From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix)
Date: Tue Jan 23 16:11:53 2007
Subject: New 4.58.5 beta released
In-Reply-To: <45B62EF2.1050501@ecs.soton.ac.uk>
References: <45B62EF2.1050501@ecs.soton.ac.uk>
Message-ID: <200701231110.07431.clacroix@cegep-ste-foy.qc.ca>

Nice way to increment your downloads :)

Congratulation Jules :)


On Tuesday 23 January 2007 10:51, Julian Field wrote:
> Hi folks!
>
> I have just released a new beta, in anticipation of a stable release
> next week at the start of February.
>
> *Please* can some of you try it and confirm whether it works or not.
> Please report problems direct to me as well as the mailing list.
>
> Thanks all,
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
From martinh at solidstatelogic.com  Tue Jan 23 17:10:52 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 23 16:14:09 2007
Subject: 1 million downloads !!!
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADCF@server1.RCRComputing.local>
Message-ID: <3d1892eb4ad7fa44965801164d2ff2d7@solidstatelogic.com>

I guess this is just direct downloads from the web site so depends on
how the individual ports are done - ie FreeBSD ports prob downloads from
here as well then applies patched..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Rodney Richison
> Sent: 23 January 2007 16:06
> To: MailScanner discussion
> Subject: RE: 1 million downloads !!!
>
> >
> > MailScanner has now been downloaded over 1 million times!!!
> >
> > Yay :-)
> >
> >
> > (Celebratory rounds of drinks should be in the form of Virgin wines
> gift
> > vouchers :-)
> >
>
> Does it count the debian apt-get installs?  If not, the number may be
> much higher..
>
> (Currently server replacement testing)
> Etch, postfix, mailscanner(debian unstable)
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Tue Jan 23 17:24:37 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 23 16:29:42 2007
Subject: 1 million downloads !!!
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADCF@server1.RCRComputing.local>
References: <D5CCFECF93FF4F4EB819EC304BE34A0404ADCF@server1.RCRComputing.local>
Message-ID: <45B636C5.1050100@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Rodney Richison wrote:
>> MailScanner has now been downloaded over 1 million times!!!
>>
>> Yay :-)
>>
>>
>> (Celebratory rounds of drinks should be in the form of Virgin wines
>>     
> gift
>   
>> vouchers :-)
>>
>>     
>
> Does it count the debian apt-get installs?  If not, the number may be
> much higher..
>   
No, nor the BSD port installs, just downloads of my 3 distributions from 
the main website.

> (Currently server replacement testing)
> Etch, postfix, mailscanner(debian unstable)
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtjcWEfZZRxQVtlQRAhkAAKCVpix28Owj0ZGaFm+svvp5QFRS5wCcCVkn
Ob+/1fh2dNTNJnDeowe8oYQ=
=Qk7G
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Tue Jan 23 17:25:37 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 23 16:30:46 2007
Subject: 1 million downloads !!!
In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF16087DC@atlas.athensdistributing.com>
References: <1A65E6BAEADF9B4F865314484A13ECF16087DC@atlas.athensdistributing.com>
Message-ID: <45B63701.9070400@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



James R. Stevens wrote:
> It's a great product. With good people and development behind it.
>   
Ooh yes, there are dozens of us :-)
> Congratulations. 
>   
Thanks.
> I'm in the US still wanting a few (5) nice polo shirts. Can ya help me
> out. Can the website take US dollars now?
>   
It takes credit cards, so the currency is pretty irrelevant isn't it?

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: Tuesday, January 23, 2007 9:53 AM
> To: MailScanner discussion
> Subject: 1 million downloads !!!
>
>
> * PGP Signed by an unmatched address: 01/23/07 at 15:55:54
>
> MailScanner has now been downloaded over 1 million times!!!
>
> Yay :-)
>
>
> (Celebratory rounds of drinks should be in the form of Virgin wines gift
> vouchers :-)
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> * Julian Field <Jules@jules.fm>
> * 0x1415B654(L)
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and dangerous content by
> Athens Hyperion Scanner, and is believed to be clean.
>
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtjcaEfZZRxQVtlQRAhoBAJ9h8wAs9eVNrdF0nNUmniW4iAkQyQCgpXoC
8VOwnJkCxvAbFyQCZS/m/4M=
=h+Rs
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From ssilva at sgvwater.com  Tue Jan 23 17:51:25 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 23 16:56:25 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
 Spam)
In-Reply-To: <Pine.LNX.4.64.0701231923270.10332@ebfjryy.nhfvpf.arg>
References: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
	<Pine.LNX.4.64.0701231923270.10332@ebfjryy.nhfvpf.arg>
Message-ID: <ep5ei8$2a6$3@sea.gmane.org>

Res spake the following on 1/23/2007 1:26 AM:
> On Mon, 22 Jan 2007, Drew Burchett wrote:
> 
<snip>
> I mean its also good etiquette to trim posts to whats relevant, certain
> complainers of top posters don't trim, in fact only a small percentage of
> folk in here trim to whats relevant in response to their replies.
> 
Try posting on the mimedefang list.. Too much quoted material and your message
gets rejected.




-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Tue Jan 23 17:48:43 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 23 16:57:46 2007
Subject: Spam slipping through
In-Reply-To: <223f97700701230138i7844eb78s8a0bbab6b8e57436@mail.gmail.com>
References: <1E75E79B854C814784D0E8C5BA55AF76F07F8E@uss2k01.united-systems.local>	<Pine.LNX.4.64.0701191523480.15122@control.prolocation.net>	<45B538AA.4070206@pacific.net>
	<223f97700701230138i7844eb78s8a0bbab6b8e57436@mail.gmail.com>
Message-ID: <ep5ed5$2a6$2@sea.gmane.org>

Glenn Steen spake the following on 1/23/2007 1:38 AM:
> On 22/01/07, Ken A <ka@pacific.net> wrote:
>> Raymond Dijkxhoorn wrote:
>> > Hi!
>> >
>> >> I'm not sure if this is a MailScanner problem or a SpamAssassin
>> problem,
>> >> but someone here will at least be able to help me narrow it down. 
>> I am
>> >> running MailScanner 4.57.6 on Suse Linux 10.1.  My MTA is Postfix
>> 2.3.6
>> >> and I'm running SpamAssassin 3.1.7.
>> >
>> > So you need more rules. Or make own rules. Spammers are getting
>> smarter,
>> > so also you need to do more ;)
>>
>> Yeah, I'm finding myself spending more time adding and removing local
>> rules than I'd like. Rules_du_jour and sa-update are good for trends in
>> spam, and Bayes, Razor and DCC are helpful, but these blasts of easy to
>> catch spam that don't hit many rules are a real PITA.
>>
>> Spammers are succeeding when they can hit you hard and fast with some
>> simple ascii and bayes poisoning junk. If you don't have a rule in place
>> pretty quickly, you can see quite a few go through...
> 
> We can be fairly certain they've become more proficient at using SA on
> their own spam to ensure ti doesn't trigegr a truckload of rules, yes.
> Unfortunately this means we can't avoid this "local temporary rules"
> work. Sigh.
> 
>> My approach is to make adding and removing rules as easy as possible, so
>> that if I get a few "Re: now ..." in the subject (todays' flavor), I can
>> quickly block them.
>>
>> It still requires some banging on the keyboard. No point and click or
>> telepathic solutions yet.. (patent pending...) .. heh heh..
> UCEdetection by ESP... What a concept:-). Looking forward to the first
> beta;-).
> 
But the beta will need to be hardwired. Have you seen "The Matrix"?
Looks painful... ;-D


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Tue Jan 23 17:56:53 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 23 17:02:49 2007
Subject: [OT] McAfee Update to DAT 4945 not working
In-Reply-To: <223f97700701230212l7b67a6f8o81be52dbdfcbd0c7@mail.gmail.com>
References: <86144ED6CE5B004DA23E1EAC0B569B5801768226@isabella.herefordshire.gov.uk>	<ep3djb$hqg$2@sea.gmane.org>
	<223f97700701230212l7b67a6f8o81be52dbdfcbd0c7@mail.gmail.com>
Message-ID: <ep5esf$2a6$4@sea.gmane.org>

Glenn Steen spake the following on 1/23/2007 2:12 AM:
<snip>
>>
> Well, I'm not sure the mirrors are OK yet. I've got one machine set to
> get it's updates from the speedownload site and the rest to the
> default download site... The default ones hadn't gotten it just a
> moment or two ago, while the speedownload one had. So ... At least
> checking still seems to be the prudent thing to do (shame on me for
> being a tad lax here... Prioritising things like sleep, food and
> work:-).
> 
Sleep? ;-)


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Tue Jan 23 18:06:07 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 23 17:11:13 2007
Subject: Archive Mail vs High Scoring Spam Actions
In-Reply-To: <20070123144827.960AC1224AC@mx-b.vdnet.lt>
References: <20070123144827.960AC1224AC@mx-b.vdnet.lt>
Message-ID: <ep5fdq$2a6$5@sea.gmane.org>

Nerijus Baliunas spake the following on 1/23/2007 6:46 AM:
> Hello,
> 
> I have
> Archive Mail = %rules-dir%/archiving.rules
> High Scoring Spam Actions = delete forward spamarchive@example.com
> 
> I want high scoring spam to go only to spamarchive@example.com,
> bypassing archiving rules. The problem is, spam is archived by both
> %rules-dir%/archiving.rules and goes to spamarchive@example.com.
> 
> Regards,
> Nerijus
> 
How complex are your archive.rules?
You could have different forwards for non-spam and low scoring spam and
simulate some of it.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Tue Jan 23 18:10:11 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 23 17:17:54 2007
Subject: 1 million downloads !!!
In-Reply-To: <45B62F6F.3000407@ecs.soton.ac.uk>
References: <45B62F6F.3000407@ecs.soton.ac.uk>
Message-ID: <ep5fle$2a6$6@sea.gmane.org>

Julian Field spake the following on 1/23/2007 7:53 AM:
> MailScanner has now been downloaded over 1 million times!!!
> 
> Yay :-)
> 
> 
> (Celebratory rounds of drinks should be in the form of Virgin wines gift
> vouchers :-)
> 
> Jules
> 
Now if you could get a quid for every download ......
-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From chandler at chapman.edu  Tue Jan 23 18:21:00 2007
From: chandler at chapman.edu (Jay Chandler)
Date: Tue Jan 23 17:23:53 2007
Subject: 1 million downloads !!!
Message-ID: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>

(Please forgive top posting, my Treo is ornery)

I've always installed it via ports tree, so there are likely many people in my position. Probably closer to 1.2 million unless ports pulls from the Mailscanner site.

On a related note, are there any efforts to port Mailwatch? I'd be interested in helping.


-- 
Jay Chandler
Network Administrator
Chapman University

-----Original Message-----

From:  Scott Silva <ssilva@sgvwater.com>
Subj:  Re: 1 million downloads !!!
Date:  Tue Jan 23, 2007 9:10 am
Size:  649 bytes
To:  mailscanner@lists.mailscanner.info

Julian Field spake the following on 1/23/2007 7:53 AM:
> MailScanner has now been downloaded over 1 million times!!!
> 
> Yay :-)
> 
> 
> (Celebratory rounds of drinks should be in the form of Virgin wines gift
> vouchers :-)
> 
> Jules
> 
Now if you could get a quid for every download ......
-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From gerard at seibercom.net  Tue Jan 23 18:29:17 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Tue Jan 23 17:31:52 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
	Spam)
In-Reply-To: <ep5ei8$2a6$3@sea.gmane.org>
References: <Pine.LNX.4.64.0701231923270.10332@ebfjryy.nhfvpf.arg>
	<ep5ei8$2a6$3@sea.gmane.org>
Message-ID: <20070123122251.1115.GERARD@seibercom.net>

On Tuesday January 23, 2007 at 11:51:25 (AM) Scott Silva wrote:

> Res spake the following on 1/23/2007 1:26 AM:
> > On Mon, 22 Jan 2007, Drew Burchett wrote:
> > 
> <snip>
> > I mean its also good etiquette to trim posts to whats relevant, certain
> > complainers of top posters don't trim, in fact only a small percentage of
> > folk in here trim to whats relevant in response to their replies.
> > 
> Try posting on the mimedefang list.. Too much quoted material and your message
> gets rejected.

I wish more forums copied that style. I hate receiving a five page
document with a one line comment like, "Ya, OK!" at the top. Top posters
by definition have no clue as to how to trim messages.

-- 
Gerard
From gerard at seibercom.net  Tue Jan 23 18:52:16 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Tue Jan 23 17:54:51 2007
Subject: 1 million downloads !!!
In-Reply-To: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>
References: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>
Message-ID: <20070123125209.61EC.GERARD@seibercom.net>

On Tuesday January 23, 2007 at 12:21:00 (PM) Jay Chandler wrote:

> I've always installed it via ports tree, so there are likely many
> people in my position. Probably closer to 1.2 million unless ports
> pulls from the Mailscanner site.


I cannot get to my FBSD machine at present; however, I believe that,
that is the primary FTP location. Most ports tend to download from a
programs main site unless it is being mirrored by the maintainer.

-- 
Gerard

Thought for the Day:

I think the most frightening thing about heredity and
environment is that our parents provide both.
From sandrews at andrewscompanies.com  Tue Jan 23 18:55:06 2007
From: sandrews at andrewscompanies.com (sandrews@andrewscompanies.com)
Date: Tue Jan 23 17:57:53 2007
Subject: New 4.58.5 beta released
References: <45B62EF2.1050501@ecs.soton.ac.uk>
Message-ID: <1964AAFBC212F742958F9275BF63DBB0429E98@winchester.andrewscompanies.com>

I see the note about BarricadeMX in the changelog and to contact fsl.com
for it; but I don't see anything on their website regarding this
product. 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: Tuesday, January 23, 2007 10:51 AM
To: MailScanner discussion; MailScanner-Beta mailing list
Subject: New 4.58.5 beta released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks!

I have just released a new beta, in anticipation of a stable release
next week at the start of February.

*Please* can some of you try it and confirm whether it works or not. 
Please report problems direct to me as well as the mailing list.

Thanks all,

Jules

- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtjAGEfZZRxQVtlQRApFyAKCrqSiGIKUOHni20P5z3lOySvBSDgCgt0Ec
2ic/GzsXZqkgOxcCAWo9aB0=
=4hdw
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.
For all your IT requirements visit www.transtec.co.uk

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From steve.freegard at fsl.com  Tue Jan 23 19:55:58 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Jan 23 18:58:47 2007
Subject: New 4.58.5 beta released
In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0429E98@winchester.andrewscompanies.com>
References: <45B62EF2.1050501@ecs.soton.ac.uk>
	<1964AAFBC212F742958F9275BF63DBB0429E98@winchester.andrewscompanies.com>
Message-ID: <45B65A3E.9010701@fsl.com>

sandrews@andrewscompanies.com wrote:
> I see the note about BarricadeMX in the changelog and to contact fsl.com
> for it; but I don't see anything on their website regarding this
> product. 

It's not available yet - we're beta testing it at the moment and getting 
all the ancillary stuff ready.

BarricadeMX is a collaboration between FSL and Snertsoft, it is a 
multi-threaded SMTP proxy written entirely in C, *some* of it's features 
include:

-  DNS blacklisting
-  URI blacklisting
-  SPF checks
-  SIQ server support (Reputation Services)
-  SMTP call-ahead/call-back and SMTP AUTH proxying
-  Greylisting (our version is different to other implementations)
-  Backscatter removal + Auto Whitelist of Message Replies
-  Various RFC checks (HELO, connecting IP, no MX records etc.)
-  Rate controls (Conncurrent, Per Minute, Size, Number etc.)
-  Extensible filtering using custom scripts written in any language

It can also run SpamAssassin (spamd) and ClamAV (clamd) checks at SMTP 
time if desired (it's better do these in MailScanner though).

The initial version will be UNIX only and we will follow that with a 
Windows release at a later date.  BarricadeMX will also be included as 
part of DefenderMX 2.0 when it is released.

We'll post more information when the product is ready, but in the 
meantime you can send questions to info@fsl.com (please don't send them 
to the MailScanner list).

Kind regards,
Steve.

--
Steve Freegard
Development Director
Fort Systems Ltd.
From dave.list at pixelhammer.com  Tue Jan 23 20:27:49 2007
From: dave.list at pixelhammer.com (DAve)
Date: Tue Jan 23 19:30:42 2007
Subject: 1 million downloads !!!
In-Reply-To: <20070123125209.61EC.GERARD@seibercom.net>
References: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>
	<20070123125209.61EC.GERARD@seibercom.net>
Message-ID: <45B661B5.4060107@pixelhammer.com>

Gerard Seibert wrote:
> On Tuesday January 23, 2007 at 12:21:00 (PM) Jay Chandler wrote:
> 
>> I've always installed it via ports tree, so there are likely many
>> people in my position. Probably closer to 1.2 million unless ports
>> pulls from the Mailscanner site.
> 
> 
> I cannot get to my FBSD machine at present; however, I believe that,
> that is the primary FTP location. Most ports tend to download from a
> programs main site unless it is being mirrored by the maintainer.
> 

I show it uses MASTER_SITE_SOURCEFORGE, which I believe is 
http://${mirror}.dl.sourceforge.net/sourceforge/

So FBSD port builds would be in the count, correct?

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
From MailScanner at ecs.soton.ac.uk  Tue Jan 23 20:46:41 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 23 19:49:57 2007
Subject: 1 million downloads !!!
In-Reply-To: <45B661B5.4060107@pixelhammer.com>
References: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>	<20070123125209.61EC.GERARD@seibercom.net>
	<45B661B5.4060107@pixelhammer.com>
Message-ID: <45B66621.3060600@ecs.soton.ac.uk>



DAve wrote:
> Gerard Seibert wrote:
>> On Tuesday January 23, 2007 at 12:21:00 (PM) Jay Chandler wrote:
>>
>>> I've always installed it via ports tree, so there are likely many
>>> people in my position. Probably closer to 1.2 million unless ports
>>> pulls from the Mailscanner site.
>>
>>
>> I cannot get to my FBSD machine at present; however, I believe that,
>> that is the primary FTP location. Most ports tend to download from a
>> programs main site unless it is being mirrored by the maintainer.
>>
>
> I show it uses MASTER_SITE_SOURCEFORGE, which I believe is 
> http://${mirror}.dl.sourceforge.net/sourceforge/
>
> So FBSD port builds would be in the count, correct?
The only things in the count are the .tar.gz files downloaded from 
www.mailscaner.info.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From lars+lister.mailscanner at adventuras.no  Tue Jan 23 21:38:45 2007
From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen)
Date: Tue Jan 23 20:42:25 2007
Subject: 1 million downloads !!!
In-Reply-To: <45B66621.3060600@ecs.soton.ac.uk>
References: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>	<20070123125209.61EC.GERARD@seibercom.net>	<45B661B5.4060107@pixelhammer.com>
	<45B66621.3060600@ecs.soton.ac.uk>
Message-ID: <45B67255.8060504@adventuras.no>

Julian Field skrev:
> 
> 
> DAve wrote:
>> Gerard Seibert wrote:
>>> On Tuesday January 23, 2007 at 12:21:00 (PM) Jay Chandler wrote:
>>>
>>>> I've always installed it via ports tree, so there are likely many
>>>> people in my position. Probably closer to 1.2 million unless ports
>>>> pulls from the Mailscanner site.
>>>
>>>
>>> I cannot get to my FBSD machine at present; however, I believe that,
>>> that is the primary FTP location. Most ports tend to download from a
>>> programs main site unless it is being mirrored by the maintainer.
>>>
>>
>> I show it uses MASTER_SITE_SOURCEFORGE, which I believe is 
>> http://${mirror}.dl.sourceforge.net/sourceforge/
>>
>> So FBSD port builds would be in the count, correct?
> The only things in the count are the .tar.gz files downloaded from 
> www.mailscaner.info.
> 
> Jules
> 

Then Freebsd is counted.
The ports Makefile says:
MASTER_SITES=   http://www.mailscanner.info/files/4/tar/

And that site is used when I try to fetch the distfile:
<snip>
=> MailScanner-install-4.57.6-1.tar.gz doesn't seem to exist in 
/usr/ports/distfiles/.
=> Attempting to fetch from http://www.mailscanner.info/files/4/tar/.
MailScanner-install-4.57.6-1.tar.gz           100% of 6886 kB   91 kBps 
00m00s
=> MD5 Checksum OK for MailScanner-install-4.57.6-1.tar.gz.
=> SHA256 Checksum OK for MailScanner-install-4.57.6-1.tar.gz.
</snip>

-- 
Regards, Lars

From drew at technologytiger.net  Tue Jan 23 21:44:22 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Tue Jan 23 20:47:15 2007
Subject: 1 million downloads !!!
In-Reply-To: <45B66621.3060600@ecs.soton.ac.uk>
References: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>	<20070123125209.61EC.GERARD@seibercom.net>
	<45B661B5.4060107@pixelhammer.com>
	<45B66621.3060600@ecs.soton.ac.uk>
Message-ID: <F2289AA0-8158-4E66-8548-69B36E376B46@technologytiger.net>

On 23 Jan 2007, at 19:46, Julian Field wrote:

>> I show it uses MASTER_SITE_SOURCEFORGE, which I believe is http://$ 
>> {mirror}.dl.sourceforge.net/sourceforge/
>>
>> So FBSD port builds would be in the count, correct?

Not according to my Makefile version?

> The only things in the count are the .tar.gz files downloaded from  
> www.mailscaner.info.

In that case FreeBSD does count as in the Makefile is  
'MASTER_SITES=   http://www.mailscanner.info/files/4/tar/' and the  
file it is fetching is MailScanner-install-{version}.tar.gz

Any way, well done!! They always say your first million is the  
hardest :-)

Drew

-- 
In line with our policy, this message has been scanned for viruses and dangerous 
content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From dave.list at pixelhammer.com  Tue Jan 23 22:41:21 2007
From: dave.list at pixelhammer.com (DAve)
Date: Tue Jan 23 21:44:13 2007
Subject: 1 million downloads !!!
In-Reply-To: <45B67255.8060504@adventuras.no>
References: <20070123171910.BD2E45689A@hyperion.svr.1-x.net>	<20070123125209.61EC.GERARD@seibercom.net>	<45B661B5.4060107@pixelhammer.com>	<45B66621.3060600@ecs.soton.ac.uk>
	<45B67255.8060504@adventuras.no>
Message-ID: <45B68101.2050000@pixelhammer.com>

Lars Kristiansen wrote:
> Julian Field skrev:
>>
>>
>> DAve wrote:
>>> Gerard Seibert wrote:
>>>> On Tuesday January 23, 2007 at 12:21:00 (PM) Jay Chandler wrote:
>>>>
>>>>> I've always installed it via ports tree, so there are likely many
>>>>> people in my position. Probably closer to 1.2 million unless ports
>>>>> pulls from the Mailscanner site.
>>>>
>>>>
>>>> I cannot get to my FBSD machine at present; however, I believe that,
>>>> that is the primary FTP location. Most ports tend to download from a
>>>> programs main site unless it is being mirrored by the maintainer.
>>>>
>>>
>>> I show it uses MASTER_SITE_SOURCEFORGE, which I believe is 
>>> http://${mirror}.dl.sourceforge.net/sourceforge/
>>>
>>> So FBSD port builds would be in the count, correct?
>> The only things in the count are the .tar.gz files downloaded from 
>> www.mailscaner.info.
>>
>> Jules
>>
> 
> Then Freebsd is counted.
> The ports Makefile says:
> MASTER_SITES=   http://www.mailscanner.info/files/4/tar/
> 
> And that site is used when I try to fetch the distfile:
> <snip>
> => MailScanner-install-4.57.6-1.tar.gz doesn't seem to exist in 
> /usr/ports/distfiles/.
> => Attempting to fetch from http://www.mailscanner.info/files/4/tar/.
> MailScanner-install-4.57.6-1.tar.gz           100% of 6886 kB   91 kBps 
> 00m00s
> => MD5 Checksum OK for MailScanner-install-4.57.6-1.tar.gz.
> => SHA256 Checksum OK for MailScanner-install-4.57.6-1.tar.gz.
> </snip>
> 

I am upgrading all our Bacula installations this week and I was looking 
at the wrong Makefile. Please ignore my previous ramblings, I was 
momentarily befuddled.

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
From res at ausics.net  Tue Jan 23 22:47:45 2007
From: res at ausics.net (Res)
Date: Tue Jan 23 21:50:38 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
 Spam)
In-Reply-To: <ep5ei8$2a6$3@sea.gmane.org>
References: <1E75E79B854C814784D0E8C5BA55AF76F76978@uss2k01.united-systems.local>
	<Pine.LNX.4.64.0701231923270.10332@ebfjryy.nhfvpf.arg>
	<ep5ei8$2a6$3@sea.gmane.org>
Message-ID: <Pine.LNX.4.64.0701240744590.21470@ebfjryy.nhfvpf.arg>

On Tue, 23 Jan 2007, Scott Silva wrote:

> Try posting on the mimedefang list.. Too much quoted material and your message
> gets rejected.

This is a good thing, the list server I run has quota percentage, lines 
and other config variables to automatically bitch-slap people, I dont 
enforce it globally, but I know several of the lists managers have enabled
the feature.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Tue Jan 23 22:51:09 2007
From: res at ausics.net (Res)
Date: Tue Jan 23 21:54:01 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
 Spam)
In-Reply-To: <20070123122251.1115.GERARD@seibercom.net>
References: <Pine.LNX.4.64.0701231923270.10332@ebfjryy.nhfvpf.arg>
	<ep5ei8$2a6$3@sea.gmane.org> <20070123122251.1115.GERARD@seibercom.net>
Message-ID: <Pine.LNX.4.64.0701240748250.21470@ebfjryy.nhfvpf.arg>

On Tue, 23 Jan 2007, Gerard Seibert wrote:

> document with a one line comment like, "Ya, OK!" at the top. Top posters
> by definition have no clue as to how to trim messages.

*sigh*  far more non-top posters dont know how to trim

now,. grow the f up.



-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From prandal at herefordshire.gov.uk  Tue Jan 23 23:05:47 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jan 23 22:08:37 2007
Subject: 1 million downloads !!!
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801768228@isabella.herefordshire.gov.uk>

Jules wrote:

> MailScanner has now been downloaded over 1 million times!!!

> Yay :-)


> (Celebratory rounds of drinks should be in the form of
> Virgin wines gift vouchers :-)

Congratulations!

As a matter of curiosity, what's the number of downloads of the current
released version?

And does anyone have any idea of how many live sites run MailScanner?

Cheers,

Phil
 
From leiw324 at yahoo.com.hk  Wed Jan 24 07:20:34 2007
From: leiw324 at yahoo.com.hk (Wilson Kwok)
Date: Wed Jan 24 06:23:20 2007
Subject: MailScanner cannot see score record
Message-ID: <935253.94032.qm@web54410.mail.yahoo.com>

My company mail gateway using postfix + clamav + spamassassin + mailscanner cannot separate spam mail, I checked the maillog cannot see 
  the socre record, please see the following record, thanks.
   
  From dell@smtp2.prognostics.com  Wed Jan 24 05:48:04 2007
Return-Path: <dell@smtp2.prognostics.com>
Received: from gateway ([192.168.0.86])
        by eclass.sfaeps.edu.hk (8.13.1/8.13.1) with ESMTP id l0NLm3e0016412
        for user@cooltest.net; Wed, 24 Jan 2007 05:48:04 +0800
Received: from smtp2.prognostics.com (mail2.prognostics.com [206.104.153.180])
        by gateway (Postfix) with ESMTP id 2482B3302BA
        for USER@COOLTEST.NET; Wed, 24 Jan 2007 05:51:08 +0800 (HKT)
Received: from mail pickup service by smtp2.prognostics.com with Microsoft SMTPSVC;
         Tue, 23 Jan 2007 16:47:54 -0500
thread-index: Acc/OCMKcugoy4VHS0KE6SNbgci/bA==
Thread-Topic: =?big5?B?wLm6uKS9pXG6obdOq9e91axk?=
From: "Dell Inc." <dell@smtp2.prognostics.com>
To: <USER@cooltest.net>
Subject: =?big5?B?wLm6uKS9pXG6obdOq9e91axk?=
Date: Tue, 23 Jan 2007 16:47:54 -0500
Message-ID: <66c2301c73f38$230a3b20$b4daa8c0@toldmz.nfor.com>
MIME-Version: 1.0
Content-Type: text/plain;
        charset="big5"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
X-OriginalArrivalTime: 23 Jan 2007 21:47:54.0522 (UTC) FILETIME=[233C47A0:01C73F38]
X-SFAEPS-MailScanner-Information: Please contact the ISP for more information
X-SFAEPS-MailScanner: Found to be clean
X-SFAEPS-MailScanner-From: dell@smtp2.prognostics.com
X-Spam-Status: No


 _______________________________________
 YM - Â÷½u°T®§
 ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C
 http://messenger.yahoo.com.hk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070124/fa87de05/attachment.html
From fajarep at simplimobile.com  Wed Jan 24 08:01:19 2007
From: fajarep at simplimobile.com (Fajar)
Date: Wed Jan 24 07:04:18 2007
Subject: [OOT] MailScanner & MTA Usage in the World
Message-ID: <00de01c73f85$75292720$8001a8c0@Fajar>

Like Julian said, it's already 1 million download. I just wandering, in percentage.... How many that use Exim+MailScanner, Postfix+MailScanner, and Sendmail+MailScanner combination in the server? Maybe someone know?

Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070124/cef03056/attachment.html
From drew at technologytiger.net  Wed Jan 24 09:06:18 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Wed Jan 24 08:09:12 2007
Subject: [OOT] MailScanner & MTA Usage in the World
In-Reply-To: <00de01c73f85$75292720$8001a8c0@Fajar>
References: <00de01c73f85$75292720$8001a8c0@Fajar>
Message-ID: <0935FE72-CC77-48D0-A8F0-023A6CD00E82@technologytiger.net>

On 24 Jan 2007, at 07:01, Fajar wrote:

> Like Julian said, it's already 1 million download. I just  
> wandering, in percentage.... How many that use Exim+MailScanner,  
> Postfix+MailScanner, and Sendmail+MailScanner combination in the  
> server? Maybe someone know?

Other than putting my Postfix vote in, I suspect you are down to pure  
guesswork on this one. If pushed I would say something like 50%  
Sendmail, 30% Exim and 19% Postfix and 1% Others but I could be a  
mile off.

Drew
-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070124/59025095/attachment.html
From MailScanner at ecs.soton.ac.uk  Wed Jan 24 11:52:10 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 24 10:57:17 2007
Subject: Greetpause seems very ineffective (Was: RE: Increased VolumesOf
 Spam)
In-Reply-To: <Pine.LNX.4.64.0701240748250.21470@ebfjryy.nhfvpf.arg>
References: <Pine.LNX.4.64.0701231923270.10332@ebfjryy.nhfvpf.arg>	<ep5ei8$2a6$3@sea.gmane.org>
	<20070123122251.1115.GERARD@seibercom.net>
	<Pine.LNX.4.64.0701240748250.21470@ebfjryy.nhfvpf.arg>
Message-ID: <45B73A5A.5000004@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can we drop this please?
It's getting personal, and I won't have anyone being rude on the list.

End of thread!

Res wrote:
> On Tue, 23 Jan 2007, Gerard Seibert wrote:
>
>> document with a one line comment like, "Ya, OK!" at the top. Top posters
>> by definition have no clue as to how to trim messages.
>
> *sigh*  far more non-top posters dont know how to trim
>
> now,. grow the f up.
>
>
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtzqoEfZZRxQVtlQRAm6wAKCHkz/15k71oyE+OHgjhjv+Umz9sQCgoJ+x
3C25q+2YxZjUHbstfCajfPQ=
=/Hnj
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From talora-listas at talora.com.br  Wed Jan 24 12:12:01 2007
From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=)
Date: Wed Jan 24 11:15:50 2007
Subject: Clamav with MailScanner on Fedora 6
Message-ID: <45B73F01.2020603@talora.com.br>

Fellows,

I sent this message before, but it seens it didn?t get to the list... 
I?ve just built a Fedora 6 box with Postfix + MailScanner + Clamav 
(installed via yum). MailScanner is working just fine, but, if I enable 
Virus Scanning, I see lots of messages like theese on maillog:
 
    Jan 22 12:10:44 barney MailScanner[6201]: clamav: Failed to 
complete, timed out
    Jan 22 12:10:45 barney MailScanner[6320]: Commercial scanner clamav 
timed out!
 
Is there any configuration I need to do on Clamav to make it work with 
MailScanner? I?ve reduced, on /etc/MailScanner/MailScanner.conf the 
"Virus Scanner Timeout" form 300 to 30 seconds (if I let 300 seconds, my 
mail queue becoumes huge and nobody sends or recieves messages for a 
long time).
 
Any tips?
 
Thanks a lot!
 
Best regards,
 
Luis Talora

From raymond at prolocation.net  Wed Jan 24 12:17:21 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Wed Jan 24 11:20:05 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <45B73F01.2020603@talora.com.br>
References: <45B73F01.2020603@talora.com.br>
Message-ID: <Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>

Hi!

> I sent this message before, but it seens it didn?t get to the list... I?ve 
> just built a Fedora 6 box with Postfix + MailScanner + Clamav (installed via 
> yum). MailScanner is working just fine, but, if I enable Virus Scanning, I 
> see lots of messages like theese on maillog:
>
>   Jan 22 12:10:44 barney MailScanner[6201]: clamav: Failed to complete, 
> timed out
>   Jan 22 12:10:45 barney MailScanner[6320]: Commercial scanner clamav timed 
> out!
>
> Is there any configuration I need to do on Clamav to make it work with 
> MailScanner? I?ve reduced, on /etc/MailScanner/MailScanner.conf the "Virus 
> Scanner Timeout" form 300 to 30 seconds (if I let 300 seconds, my mail queue 
> becoumes huge and nobody sends or recieves messages for a long time).

Dont sound like a mailscanner issue, but a performance issue on your 
system?

Bye,
Raymond.
From nerijusb at dtiltas.lt  Wed Jan 24 12:16:47 2007
From: nerijusb at dtiltas.lt (Nerijus Baliunas)
Date: Wed Jan 24 11:22:50 2007
Subject: Archive Mail vs High Scoring Spam Actions
In-Reply-To: <ep5fdq$2a6$5@sea.gmane.org>
References: <20070123144827.960AC1224AC@mx-b.vdnet.lt>
	<ep5fdq$2a6$5@sea.gmane.org>
Message-ID: <20070124112002.5BB48FF41@mx-a.vdnet.lt>

On Tue, 23 Jan 2007 09:06:07 -0800 Scott Silva <ssilva@sgvwater.com> wrote:

> > I have
> > Archive Mail = %rules-dir%/archiving.rules
> > High Scoring Spam Actions = delete forward spamarchive@example.com
> > 
> > I want high scoring spam to go only to spamarchive@example.com,
> > bypassing archiving rules. The problem is, spam is archived by both
> > %rules-dir%/archiving.rules and goes to spamarchive@example.com.
>
> How complex are your archive.rules?

Very simple:
To:             xxx@example.com              salesarchive@example.com

> You could have different forwards for non-spam and low scoring spam and
> simulate some of it.

How can I do it?

Regards,
Nerijus
From talora-listas at talora.com.br  Wed Jan 24 12:29:15 2007
From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=)
Date: Wed Jan 24 11:33:03 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>
References: <45B73F01.2020603@talora.com.br>
	<Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>
Message-ID: <45B7430B.6000504@talora.com.br>

Don?t think so... I?m not sure, but I think I?ve misconfigured Clamav 
(in fact, I did nothing on its config files - just left files as they 
came when I made a "yum install clamav*"). On the IRC Channel, someone 
told me I should use the Clamav package posted on the MailScanner 
website. Is that right?

Thanks a lot!

Regards,

Luis Talora


Raymond Dijkxhoorn escreveu:
> Hi!
>
>> I sent this message before, but it seens it didn?t get to the list... 
>> I?ve just built a Fedora 6 box with Postfix + MailScanner + Clamav 
>> (installed via yum). MailScanner is working just fine, but, if I 
>> enable Virus Scanning, I see lots of messages like theese on maillog:
>>
>>   Jan 22 12:10:44 barney MailScanner[6201]: clamav: Failed to 
>> complete, timed out
>>   Jan 22 12:10:45 barney MailScanner[6320]: Commercial scanner clamav 
>> timed out!
>>
>> Is there any configuration I need to do on Clamav to make it work 
>> with MailScanner? I?ve reduced, on /etc/MailScanner/MailScanner.conf 
>> the "Virus Scanner Timeout" form 300 to 30 seconds (if I let 300 
>> seconds, my mail queue becoumes huge and nobody sends or recieves 
>> messages for a long time).
>
> Dont sound like a mailscanner issue, but a performance issue on your 
> system?
>
> Bye,
> Raymond.

From glenn.steen at gmail.com  Wed Jan 24 13:16:50 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 12:19:37 2007
Subject: MailScanner cannot see score record
In-Reply-To: <935253.94032.qm@web54410.mail.yahoo.com>
References: <935253.94032.qm@web54410.mail.yahoo.com>
Message-ID: <223f97700701240416s73b22081q663084827aba83dd@mail.gmail.com>

On 24/01/07, Wilson Kwok <leiw324@yahoo.com.hk> wrote:
> My company mail gateway using postfix + clamav + spamassassin + mailscanner
> cannot separate spam mail, I checked the maillog cannot see
> the socre record, please see the following record, thanks.
>
> From dell@smtp2.prognostics.com  Wed Jan 24 05:48:04 2007
> Return-Path: <dell@smtp2.prognostics.com>
> Received: from gateway ([192.168.0.86])
>         by eclass.sfaeps.edu.hk (8.13.1/8.13.1) with ESMTP id l0NLm3e0016412
>         for user@cooltest.net; Wed, 24 Jan 2007 05:48:04 +0800
> Received: from smtp2.prognostics.com (mail2.prognostics.com
> [206.104.153.180])
>         by gateway (Postfix) with ESMTP id 2482B3302BA
>         for USER@COOLTEST.NET; Wed, 24 Jan 2007 05:51:08 +0800 (HKT)
> Received: from mail pickup service by smtp2.prognostics.com with Microsoft
> SMTPSVC;
>          Tue, 23 Jan 2007 16:47:54 -0500
> thread-index: Acc/OCMKcugoy4VHS0KE6SNbgci/bA==
> Thread-Topic: =?big5?B?wLm6uKS9pXG6obdOq9e91axk?=
> From: "Dell Inc." <dell@smtp2.prognostics.com>
> To: <USER@cooltest.net>
> Subject: =?big5?B?wLm6uKS9pXG6obdOq9e91axk?=
> Date: Tue, 23 Jan 2007 16:47:54 -0500
> Message-ID:
> <66c2301c73f38$230a3b20$b4daa8c0@toldmz.nfor.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
>         charset="big5"
> Content-Transfer-Encoding: 8bit
> X-Mailer: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
> X-OriginalArrivalTime: 23 Jan 2007 21:47:54.0522 (UTC)
> FILETIME=[233C47A0:01C73F38]
> X-SFAEPS-MailScanner-Information: Please contact the ISP
> for more information
> X-SFAEPS-MailScanner: Found to be clean
> X-SFAEPS-MailScanner-From: dell@smtp2.prognostics.com
> X-Spam-Status: No
>
If you don't have "Spam Score = yes", it will not add that to clean
messages (as this seems to be), but you would still see a spam report
in MailWatch, if you use that.
There is a (small:-) truckload of settings in MailScanner.conf for
adjusting what and how spam is reported, so I sugegst you read either
that files relevant sections (they are very well commented) or the
webified extracted same thing you can find here:
http://www.mailscanner.info/MailScanner.conf.index.html (start looking
at the ones statrting with Spam Score...:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Wed Jan 24 13:19:19 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 12:22:06 2007
Subject: [OOT] MailScanner & MTA Usage in the World
In-Reply-To: <0935FE72-CC77-48D0-A8F0-023A6CD00E82@technologytiger.net>
References: <00de01c73f85$75292720$8001a8c0@Fajar>
	<0935FE72-CC77-48D0-A8F0-023A6CD00E82@technologytiger.net>
Message-ID: <223f97700701240419s5d718e64we3541a9002e85568@mail.gmail.com>

On 24/01/07, Drew Marshall <drew@technologytiger.net> wrote:
>
> On 24 Jan 2007, at 07:01, Fajar wrote:
>
> Like Julian said, it's already 1 million download. I just wandering, in
> percentage.... How many that use Exim+MailScanner, Postfix+MailScanner, and
> Sendmail+MailScanner combination in the server? Maybe someone know?
>
> Other than putting my Postfix vote in, I suspect you are down to pure
> guesswork on this one. If pushed I would say something like 50% Sendmail,
> 30% Exim and 19% Postfix and 1% Others but I could be a mile off.
>
> Drew

CC.
One could try draw some conclusions from how many messages on this
list pertain to one MTA or another, but that would mostly measure how
easy/hard it is to set them up... So judging from something like that
Zmailer and Exim would look like "winners":-):-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From cobalt-users1 at fishnet.co.uk  Wed Jan 24 13:28:15 2007
From: cobalt-users1 at fishnet.co.uk (Ian)
Date: Wed Jan 24 12:31:12 2007
Subject: To: and "not From:" Ruleset Option?
Message-ID: <45B750DF.6746.BC5836A@cobalt-users1.fishnet.co.uk>

Hi,

I don't think this is possible but would like to here your opions:

I use several different email addresses for various mailing lists.  Sooner or later these 
addresses get spammed.  I would like a Spam Blacklist rule like:

To:	mailinglist_local_address@mydomain.tld	AND NOT From: 
maillinglist_sending_addr@mailing_list_domain.tld	yes

(all one line)

Is this possible.  I have read the MAQ and examples and can't see this anywhere so I 
assume it isn't.  If not, could it be added in a future release?

I am not bothered about losing emails from people posting directly to me, the should be 
posting to the list anyway!

Regards

Ian
-- 

From glenn.steen at gmail.com  Wed Jan 24 13:30:21 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 12:33:09 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <45B7430B.6000504@talora.com.br>
References: <45B73F01.2020603@talora.com.br>
	<Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>
	<45B7430B.6000504@talora.com.br>
Message-ID: <223f97700701240430w20390a0ft6d38d42655f08a9b@mail.gmail.com>

On 24/01/07, "Lu?s Fernando C. Talora" <talora-listas@talora.com.br> wrote:
> Don?t think so... I?m not sure, but I think I?ve misconfigured Clamav
> (in fact, I did nothing on its config files - just left files as they
> came when I made a "yum install clamav*"). On the IRC Channel, someone
> told me I should use the Clamav package posted on the MailScanner
> website. Is that right?
>
> Thanks a lot!
>
> Regards,
>
> Luis Talora
>
0) Check that what you have in virus.scanner.conf chimes with where
you have clamav installed. By default, MailScanner will look for it in
/usr/local/bin, but your RPM might have put it in /usr/bin ... if so,
amend virus.scanners.conf so that it has only "/usr" in the third
field for the clamscan AV... _OR_ deinstall  the clamav rpm package
(and spamassassin) and use Jules Clam+SA easy-install package, which
will put clamav in the default /usr/local location.

1) What happens when you run clamscan on a file containing EICAR?

2) What happens when you run the clamscan wrapper on the same file?
You need specify a bit more with the wrapper, like:
/usr/lib/MailScanner/clamav-wrapper /usr/local -r --disable-summary
--stdout /path/to/file
where the /usr/local is the third field from virus.scanners.conf
(pointing to where clamav is installed).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From raymond at prolocation.net  Wed Jan 24 13:42:21 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Wed Jan 24 12:45:05 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <45B7430B.6000504@talora.com.br>
References: <45B73F01.2020603@talora.com.br>
	<Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>
	<45B7430B.6000504@talora.com.br>
Message-ID: <Pine.LNX.4.64.0701241341541.971@control.prolocation.net>

Hi!

> Don?t think so... I?m not sure, but I think I?ve misconfigured Clamav (in 
> fact, I did nothing on its config files - just left files as they came when I 
> made a "yum install clamav*"). On the IRC Channel, someone told me I should 
> use the Clamav package posted on the MailScanner website. Is that right?

Yips... that might works better, also installs SA for you. Worth a try.

Bye,
Raymond.
From glenn.steen at gmail.com  Wed Jan 24 14:13:45 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 13:16:33 2007
Subject: To: and "not From:" Ruleset Option?
In-Reply-To: <45B750DF.6746.BC5836A@cobalt-users1.fishnet.co.uk>
References: <45B750DF.6746.BC5836A@cobalt-users1.fishnet.co.uk>
Message-ID: <223f97700701240513u6ebc0f2bk3cd88df4bafcddc0@mail.gmail.com>

On 24/01/07, Ian <cobalt-users1@fishnet.co.uk> wrote:
> Hi,
>
> I don't think this is possible but would like to here your opions:
>
> I use several different email addresses for various mailing lists.  Sooner or later these
> addresses get spammed.  I would like a Spam Blacklist rule like:
>
> To:     mailinglist_local_address@mydomain.tld  AND NOT From:
> maillinglist_sending_addr@mailing_list_domain.tld       yes
>
> (all one line)
>
> Is this possible.  I have read the MAQ and examples and can't see this anywhere so I
> assume it isn't.  If not, could it be added in a future release?
>
> I am not bothered about losing emails from people posting directly to me, the should be
> posting to the list anyway!
>
> Regards
>
> Ian
AFAICR there is no "test negation", no. Then again, you could instead
set a "default to yes" rule first and then put a "specifically say no"
rule before that, like
To:     mailinglist_local_address@mydomain.tld  AND From:
maillinglist_sending_addr@mailing_list_domain.tld       no
To:     mailinglist_local_address@mydomain.tld   yes
(watch out for wrapping/WS conversion... Just an example, type your own:-)
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From jcb at dream.com.ph  Wed Jan 24 14:13:42 2007
From: jcb at dream.com.ph (jcb dream.com.ph)
Date: Wed Jan 24 13:16:49 2007
Subject: quarantine in postfix without the directory
Message-ID: <00f501c73fb9$78bc6260$920bbdcb@pmsi.net>

hi guys,

im looking on my /var/spool/postfix/incoming and i dont see any directories. how can release a message on quarantine without these directories. i tried omitting the letter directory as indicated on the wiki but i got a warning on the postfix queue.

tnx


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070124/4262f731/attachment.html
From tgc at statsbiblioteket.dk  Wed Jan 24 14:20:34 2007
From: tgc at statsbiblioteket.dk (Tom G. Christensen)
Date: Wed Jan 24 13:23:20 2007
Subject: My scripting talent is sadly failing...
In-Reply-To: <008f01c73eee$530232a0$3c65a8c0@support01>
References: <008f01c73eee$530232a0$3c65a8c0@support01>
Message-ID: <45B75D22.6010704@statsbiblioteket.dk>

Nigel Kendrick wrote:
> Hi Folks,
> 
> I have put together the following one-liner to re-submit all emails sent to
> me from an archive folder - it works EXCEPT that the 'echo/cut' command is
> not removing the file extension from the file name and so the emails are not
> processed in the queue. Would someone kindly have a look and educate me!! 
> 
> grep -l 'To: <nigel.kendrick' * | xargs -t -i bash -c "chmod 700 {} ; cp {}
> /var/spool/postfix/hold/`echo {} | cut -d . -f 1` "
> 
I often find that using a simple for loop is much more straightforward 
than fiddling with xargs.
Like this:
for i in $(grep -l 'To: <nigel.kendrick' *); do fnam=$(echo $i | cut -d. 
-f1); chmod 700 $i; cp $i /var/spool/postfix/hold/$fnam); done

-tgc
From glenn.steen at gmail.com  Wed Jan 24 14:44:05 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 13:46:55 2007
Subject: My scripting talent is sadly failing...
In-Reply-To: <45B75D22.6010704@statsbiblioteket.dk>
References: <008f01c73eee$530232a0$3c65a8c0@support01>
	<45B75D22.6010704@statsbiblioteket.dk>
Message-ID: <223f97700701240544wad638a8h642c4cc81aa15a2c@mail.gmail.com>

On 24/01/07, Tom G. Christensen <tgc@statsbiblioteket.dk> wrote:
> Nigel Kendrick wrote:
> > Hi Folks,
> >
> > I have put together the following one-liner to re-submit all emails sent to
> > me from an archive folder - it works EXCEPT that the 'echo/cut' command is
> > not removing the file extension from the file name and so the emails are not
> > processed in the queue. Would someone kindly have a look and educate me!!
> >
> > grep -l 'To: <nigel.kendrick' * | xargs -t -i bash -c "chmod 700 {} ; cp {}
> > /var/spool/postfix/hold/`echo {} | cut -d . -f 1` "
> >
> I often find that using a simple for loop is much more straightforward
> than fiddling with xargs.
> Like this:
> for i in $(grep -l 'To: <nigel.kendrick' *); do fnam=$(echo $i | cut -d.
> -f1); chmod 700 $i; cp $i /var/spool/postfix/hold/$fnam); done
>
Not to mention that it removes the problem here by not needing that
"second bash", and the whole "which bach expands what" problem:-).
As to for efficiency compared to xargs here is perhaps even better,
since it'd preclude one fork/file... If that matters, which it likely
don't:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Wed Jan 24 15:15:41 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 14:18:33 2007
Subject: quarantine in postfix without the directory
In-Reply-To: <00f501c73fb9$78bc6260$920bbdcb@pmsi.net>
References: <00f501c73fb9$78bc6260$920bbdcb@pmsi.net>
Message-ID: <223f97700701240615n2433c01eoa2d291183bd3d314@mail.gmail.com>

On 24/01/07, jcb dream.com.ph <jcb@dream.com.ph> wrote:
>
>
> hi guys,
>
> im looking on my /var/spool/postfix/incoming and i dont see any directories.
> how can release a message on quarantine without these directories. i tried
> omitting the letter directory as indicated on the wiki but i got a warning
> on the postfix queue.
>
> tnx
>
Could you be a bit more verbose? What error (exactly) did you receive?
Do you quarantine by queue file? Did you follow the wiki instructions
(and which ones:-) to the letter?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From liste.gug at free.fr  Wed Jan 24 17:21:29 2007
From: liste.gug at free.fr (liste.gug@free.fr)
Date: Wed Jan 24 16:24:17 2007
Subject: Problemes with Quarantine infections
Message-ID: <1169655689.45b7878902b8b@imp.free.fr>

Hi,

I'm using Mailscanner patched for clamav support, on a smtp gateway.

When I send infected attachement, I'd like that attachement was save to the
Quarantine Dir.

It's work great for spam but not for virus ... I don't know why ...

My options are :

Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no
Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine Permissions = 0644
Keep Spam And MCP Archive Clean = no

Have you any idea ? thank you in advance.


From drew at technologytiger.net  Wed Jan 24 17:36:45 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Wed Jan 24 16:39:46 2007
Subject: Problemes with Quarantine infections
In-Reply-To: <1169655689.45b7878902b8b@imp.free.fr>
References: <1169655689.45b7878902b8b@imp.free.fr>
Message-ID: <42448.194.70.180.170.1169656605.squirrel@www.technologytiger.net>

On Wed, January 24, 2007 16:21, liste.gug@free.fr wrote:
> My options are :
>
> Quarantine Infections = yes
> Quarantine Silent Viruses = no

There it is                  ^^^^^

Make that yes and you will have your viruses put to quarantine. Check the
silent viruses secion in MailScanner.conf for details of what your system
thinks is a silent virus (Most probably)

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From drew at technologytiger.net  Wed Jan 24 17:40:39 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Wed Jan 24 16:43:42 2007
Subject: quarantine in postfix without the directory
In-Reply-To: <00f501c73fb9$78bc6260$920bbdcb@pmsi.net>
References: <00f501c73fb9$78bc6260$920bbdcb@pmsi.net>
Message-ID: <42473.194.70.180.170.1169656839.squirrel@www.technologytiger.net>

On Wed, January 24, 2007 13:13, jcb dream.com.ph wrote:
> hi guys,
>
> im looking on my /var/spool/postfix/incoming and i dont see any
> directories. how can release a message on quarantine without these
directories. i tried omitting the letter directory as indicated on the
wiki but i got a warning on the postfix queue.

The 'letter directories' you describe are Postfix's hashed queue (I'll
leave you to do the Googling for what they are and if you think you need
them). If you don't have them (The default these days) all you do is the
same as described in the wiki but ignore the bit about the lettered
directory. Just drop the message (Assuming it's in queue file format as
Glenn asked) in to /var/spool/postfix/incoming/ with the right ownership
and file permissions and wait for the qrunner to pick it up and do it's
job.

Drew




-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From mkettler at evi-inc.com  Wed Jan 24 17:46:43 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jan 24 16:49:43 2007
Subject: Antidrug.cf - error file posted to comcast.
Message-ID: <45B78D73.6090807@evi-inc.com>

I have posted the promised error-generating file for antidrug.cf to the
comcast webspace. Anyone RDJ'ing antidrug from comcast (instead of
verizon) will start getting lint errors so they will hopefully pay
attention to the new site notice in the rulefile.

For those that have missed my numerous previous announcements:  Antidrug
has MOVED!

Antidrug now lives at:
http://mysite.verizon.net/mkettler_sa/antidrug.cf

Also, make note of the fact that this file is for users of SA 2.64 and
below.If you are running SA 3.0.0 or higher, you already have antidrug and
this file will merely downgrade any improvements made by the SA devs.


Some past posts for reference:

9/2/06 - warning of pending change

http://mail-archives.apache.org/mod_mbox/spamassassin-users/200609.mbox/%3C44F919B8.4000600@comcast.net%3E

10/2/06 - new home announced

http://mail-archives.apache.org/mod_mbox/spamassassin-users/200610.mbox/%3C45205682.3050800@comcast.net%3E

12/8/06 - antidrug removed from current RDJ releases:

http://mail-archives.apache.org/mod_mbox/spamassassin-users/200612.mbox/%3celcuav$gr3$1@sea.gmane.org%3e

From vasiliy at linuxspecial.com  Wed Jan 24 17:46:28 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 24 16:51:26 2007
Subject: SA, MS, RBL problem
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>
References: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>
Message-ID: <45B78D64.7020102@linuxspecial.com>

GENTS!

I have setup rbldnsd daemon, and am rsyncing down from NJABL...

I have made the local DNS cachers forward queries to rbldnsd. That can 
be tested via dig @dnscacheserver 2.0.0.127.dnsbl.njabl.org... i see 
that query get forwarded to rbldnsd, and i see the query in the log so i 
know 100 percent that rsync is working, dns forwarding is working 
correctly from bind to rbldnsd host

so thats out of the question....   MS machine is checking for DNS only 
against that dns cache server... so any queries for njabl should in 
theory forward to my rbldnsd box

now, just so you know, no queries come to rbldnsd box, nothing in the 
logs there

1169650318 172.30.35.65 192.120.70.217.dnsbl.njabl.org A IN: NOERROR/1/323
1169650345 172.30.35.64 192.120.70.217.dnsbl.njabl.org A IN: NOERROR/1/323
1169650365 172.30.35.64 19.120.70.217.dnsbl.njabl.org A IN: NXDOMAIN/0/92
1169650378 172.30.35.64 18.120.70.217.dnsbl.njabl.org A IN: NXDOMAIN/0/92
1169650385 172.30.35.65 11.120.70.217.dnsbl.njabl.org A IN: NXDOMAIN/0/92
1169650407 172.30.35.65 101.192.247.63.dnsbl.njabl.org A IN: NXDOMAIN/0/93

now, what you see there is the log from rbldnsd

regardless if it finds a record, or doesnt find one...  it STILL logs it
so i know for a fact that those queries are not hitting that box


this will show you what happens when I test SA

cat message.test
spamassassin -D < fix.pl > /dev/null


Can someone please help me setup NJABL properly?  I am invoking SA via 
MS... as you can see below, SA does seem to check NJABL...

THANKS!

./message.test
[15101] dbg: logger: adding facilities: all
[15101] dbg: logger: logging level is DBG
[15101] dbg: generic: SpamAssassin version 3.1.7
[15101] dbg: config: score set 0 chosen.
[15101] dbg: util: running in taint mode? yes
[15101] dbg: util: taint mode: deleting unsafe environment variables, 
resetting PATH
[15101] dbg: util: PATH included '/usr/kerberos/sbin', keeping
[15101] dbg: util: PATH included '/usr/kerberos/bin', keeping
[15101] dbg: util: PATH included '/usr/local/bin', keeping
[15101] dbg: util: PATH included '/bin', keeping
[15101] dbg: util: PATH included '/usr/bin', keeping
[15101] dbg: util: PATH included '/usr/X11R6/bin', keeping
[15101] dbg: util: PATH included '/home/vboulytchev/bin', which doesn't 
exist, dropping
[15101] dbg: util: PATH included '/usr/sbin', keeping
[15101] dbg: util: PATH included '/sbin', keeping
[15101] dbg: util: PATH included '/usr/local/apache/bin', which doesn't 
exist, dropping
[15101] dbg: util: PATH included '/usr/local/apache/rsawebagent', which 
doesn't exist, dropping
[15101] dbg: util: final PATH set to: 
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/sbin:/sbin
[15101] dbg: message: ---- MIME PARSER START ----
[15101] dbg: message: main message type: text/plain
[15101] dbg: message: parsing normal part
[15101] dbg: message: added part, type: text/plain
[15101] dbg: message: ---- MIME PARSER END ----
[15101] dbg: dns: is Net::DNS::Resolver available? yes
[15101] dbg: dns: Net::DNS version: 0.59
[15101] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[15101] dbg: config: read file /etc/mail/spamassassin/init.pre
[15101] dbg: config: read file /etc/mail/spamassassin/v310.pre
[15101] dbg: config: read file /etc/mail/spamassassin/v312.pre
[15101] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[15101] dbg: config: using "/usr/share/spamassassin" for default rules dir
[15101] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[15101] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[15101] dbg: config: read file 
/usr/share/spamassassin/60_whitelist_subject.cf
[15101] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[15101] dbg: config: read file /etc/mail/spamassassin/local.cf
[15101] dbg: config: using "/home/vboulytchev/.spamassassin" for user 
state dir
[15101] dbg: config: using "/home/vboulytchev/.spamassassin/user_prefs" 
for user prefs file
[15101] dbg: config: read file /home/vboulytchev/.spamassassin/user_prefs
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa6ab670)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::SPF=HASH(0xa6cfd94)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC
[15101] dbg: dcc: network tests on, registering DCC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::DCC=HASH(0xa6ae24c)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[15101] dbg: pyzor: network tests on, attempting Pyzor
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::Pyzor=HASH(0xa7298a8)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[15101] dbg: razor2: razor2 is available, version 2.82
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::Razor2=HASH(0xa731e9c)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[15101] dbg: reporter: network tests on, attempting SpamCop
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::SpamCop=HASH(0xac0224c)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::AWL=HASH(0xab6618c)
[15101] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xac34d04)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::TextCat from @INC
[15101] dbg: textcat: loading languages file...
[15101] dbg: textcat: loaded 73 language models
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::TextCat=HASH(0xac4e080)
[15101] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xaec0ac8)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from 
@INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xaec69e4)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags 
from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xaecff78)
[15101] dbg: config: adding redirector regex: 
/^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[15101] dbg: config: adding redirector regex: 
m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
[15101] dbg: config: adding redirector regex: 
m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[15101] dbg: config: adding redirector regex: 
m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xaecff78) implements 
'finish_parsing_end'
[15101] dbg: replacetags: replacing tags
[15101] dbg: replacetags: done replacing tags
[15101] dbg: bayes: using username: mailscanner
[15101] dbg: bayes: database connection established
[15101] dbg: bayes: found bayes db version 3
[15101] dbg: bayes: Using userid: 1
[15101] dbg: bayes: not available for scanning, only 0 spam(s) in bayes 
DB < 200
[15101] dbg: config: score set 1 chosen.
[15101] dbg: bayes: database connection established
[15101] dbg: bayes: found bayes db version 3
[15101] dbg: bayes: Using userid: 1
[15101] dbg: bayes: not available for scanning, only 0 spam(s) in bayes 
DB < 200
[15101] dbg: dns: dns_available set to yes in config file, skipping test
[15101] dbg: metadata: X-Spam-Relays-Trusted:
[15101] dbg: metadata: X-Spam-Relays-Untrusted:
[15101] dbg: metadata: X-Spam-Relays-Internal:
[15101] dbg: metadata: X-Spam-Relays-External:
[15101] dbg: plugin: Mail::SpamAssassin::Plugin::TextCat=HASH(0xac4e080) 
implements 'extract_metadata'
[15101] dbg: message: ---- MIME PARSER START ----
[15101] dbg: message: main message type: text/plain
[15101] dbg: message: parsing normal part
[15101] dbg: message: added part, type: text/plain
[15101] dbg: message: ---- MIME PARSER END ----
[15101] dbg: message: no encoding detected
[15101] dbg: textcat: message too short for language analysis
[15101] dbg: textcat: X-Languages: "", X-Languages-Length: 188
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0) implements 
'parsed_metadata'
[15101] dbg: uridnsbl: domains to query:
[15101] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set 
sblxbl-lastexternal
[15101] dbg: dns: checking RBL sa-accredit.habeas.com., set 
habeas-firsttrusted
[15101] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[15101] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[15101] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal
[15101] dbg: dns: checking RBL combined.njabl.org., set njabl
[15101] dbg: dns: checking RBL 
combined-HIB.dnsiplists.completewhois.com., set whois
[15101] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[15101] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[15101] dbg: dns: checking RBL sa-trusted.bondedsender.org., set 
bsp-firsttrusted
[15101] dbg: dns: checking RBL 
combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
[15101] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[15101] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[15101] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[15101] dbg: check: running tests for priority: 0
[15101] dbg: rules: running header regexp tests; score so far=0
[15101] dbg: spf: no suitable relay for spf use found, skipping SPF-helo 
check
[15101] dbg: eval: all '*From' addrs:
[15101] dbg: eval: all '*To' addrs:
[15101] dbg: spf: no suitable relay for spf use found, skipping SPF check
[15101] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[15101] dbg: rules: ran eval rule __ENV_AND_HDR_FROM_MATCH ======> got hit
[15101] dbg: spf: cannot get Envelope-From, cannot use SPF
[15101] dbg: spf: def_spf_whitelist_from: could not find useable 
envelope sender
[15101] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[15101] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
[15101] dbg: spf: spf_whitelist_from: could not find useable envelope sender
[15101] dbg: rules: running body-text per-line regexp tests; score so 
far=0.188
[15101] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "o"
[15101] dbg: uri: running uri tests; score so far=0.188
[15101] dbg: bayes: database connection established
[15101] dbg: bayes: found bayes db version 3
[15101] dbg: bayes: Using userid: 1
[15101] dbg: bayes: not available for scanning, only 0 spam(s) in bayes 
DB < 200
[15101] dbg: bayes: not scoring message, returning undef
[15101] dbg: rules: running raw-body-text per-line regexp tests; score 
so far=0.188
[15101] dbg: rules: running full-text regexp tests; score so far=0.188
[15101] dbg: info: entering helper-app run mode
[15101] dbg: info: leaving helper-app run mode
[15101] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[15101] dbg: razor2: results: spam? 0
[15101] dbg: razor2: results: engine 8, highest cf score: 0
[15101] dbg: razor2: results: engine 4, highest cf score: 0
[15101] dbg: pyzor: pyzor is available: /usr/bin/pyzor
[15101] dbg: info: entering helper-app run mode
[15101] dbg: pyzor: opening pipe: /usr/bin/pyzor check < 
/tmp/.spamassassin15101RuRka7tmp
[15102] dbg: util: setuid: ruid=0 euid=0
[15101] dbg: pyzor: [15102] finished: exit=0x0100
[15101] dbg: pyzor: got response: 66.250.40.33:24441 TimeoutError:
[15101] dbg: info: leaving helper-app run mode
[15101] dbg: pyzor: failure to parse response "66.250.40.33:24441 
TimeoutError: "
[15101] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[15101] dbg: dcc: dccproc is available: /usr/local/bin/dccproc
[15101] dbg: info: entering helper-app run mode
[15101] dbg: dcc: opening pipe: /usr/local/bin/dccproc -H -x 0 < 
/tmp/.spamassassin15101RuRka7tmp
[15103] dbg: util: setuid: ruid=0 euid=0
[15101] dbg: dcc: got response: missing SMTP header lines; fatal error
[15101] dbg: info: leaving helper-app run mode
[15101] dbg: dcc: check failed: no X-DCC returned (did you create a map 
file?): missing SMTP header lines; fatal error
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0) implements 'check_tick'
[15101] dbg: check: running tests for priority: 500
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0) implements 
'check_post_dnsbl'
[15101] dbg: rules: running meta tests; score so far=0.188
[15101] dbg: rules: running header regexp tests; score so far=1.666
[15101] dbg: rules: running body-text per-line regexp tests; score so 
far=1.666
[15101] dbg: uri: running uri tests; score so far=1.666
[15101] dbg: rules: running raw-body-text per-line regexp tests; score 
so far=1.666
[15101] dbg: rules: running full-text regexp tests; score so far=1.666
[15101] dbg: check: running tests for priority: 1000
[15101] dbg: rules: running meta tests; score so far=1.666
[15101] dbg: rules: running header regexp tests; score so far=1.666
[15101] dbg: rules: running body-text per-line regexp tests; score so 
far=1.666
[15101] dbg: uri: running uri tests; score so far=1.666
[15101] dbg: rules: running raw-body-text per-line regexp tests; score 
so far=1.666
[15101] dbg: rules: running full-text regexp tests; score so far=1.666
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xac34d04) 
implements 'autolearn_discriminator'
[15101] dbg: learn: auto-learn: currently using scoreset 1
[15101] dbg: learn: auto-learn: message score: 1.666, computed score for 
autolearn: 1.668
[15101] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0, 
head-points=0.189, learned-points=0
[15101] dbg: learn: auto-learn? no: inside auto-learn thresholds, not 
considered ham or spam
[15101] dbg: check: is spam? score=1.666 required=5
[15101] dbg: check: 
tests=MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[15101] dbg: check: 
subtests=__ENV_AND_HDR_FROM_MATCH,__NONEMPTY_BODY,__UNUSABLE_MSGID

Vasiliy Boulytchev
vasiliy@linuxspecial.com

From vasiliy at linuxspecial.com  Wed Jan 24 18:08:36 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 24 17:11:27 2007
Subject: [Fwd: NJABL announcement: dynablock & Spamhaus PBL]
In-Reply-To: <45B10C06.8000408@pacific.net>
References: <45B10C06.8000408@pacific.net>
Message-ID: <45B79294.2060704@linuxspecial.com>

Question regarding this... If i rsync to a local rbldnsd via

rsync -vaL rsync.njabl.org::njabl/rbldnsd/ /var/lib/rbldns/work

Does this mean I am uneffected by this in a sense?

I dont think I should update my rsync job...

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Ken A wrote:
>
> fyi.
> Ken A
> Pacific.Net
>
>>
>> -------- Original Message --------
>> Subject: NJABL announcement: dynablock & Spamhaus PBL
>> Date: Fri, 19 Jan 2007 11:37:29 -0500 (EST)
>> From: help@mail.njabl.org
>> To: list@njabl.org
>>
>> With the advent of Spamhaus's PBL (http://spamhaus.org/pbl/), 
>> dynablock.njabl.org has become obsolete.  Rather than maintain 
>> separate similar DNSBL zones, NJABL will be working with Spamhaus on 
>> the PBL. Effective immediately, dynablock.njabl.org exists as a copy 
>> of the Spamhaus PBL.  After dynablock users have had ample time to 
>> update their configurations, the dynablock.njabl.org zone will be 
>> emptied.
>>
>> Other NJABL zones (i.e. dnsbl, combined, bhnc, and the qw versions) 
>> will continue, business as usual, except that combined will 
>> eventually lose its dynablock component.
>>
>> If you currently use dynablock.njabl.org we recommend you switch 
>> immediately to pbl.spamhaus.org.
>>
>> If you currently use combined.njabl.org, we recommend you add 
>> pbl.spamhaus.org to the list of DNSBLs you use.
>>
>> You may also want to consider using zen.spamhaus.org, which is a 
>> combination zone consisting of Spamhaus's SBL, XBL, and PBL zones.
>
From mkettler at evi-inc.com  Wed Jan 24 18:09:13 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jan 24 17:12:48 2007
Subject: SA, MS, RBL problem
In-Reply-To: <45B78D64.7020102@linuxspecial.com>
References: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>
	<45B78D64.7020102@linuxspecial.com>
Message-ID: <45B792B9.4010109@evi-inc.com>

Vasiliy Boulytchev wrote:
> GENTS!
> 
> I have setup rbldnsd daemon, and am rsyncing down from NJABL...
> 
> I have made the local DNS cachers forward queries to rbldnsd. That can
> be tested via dig @dnscacheserver 2.0.0.127.dnsbl.njabl.org... i see
> that query get forwarded to rbldnsd, and i see the query in the log so i
> know 100 percent that rsync is working, dns forwarding is working
> correctly from bind to rbldnsd host
> 
> so thats out of the question....   MS machine is checking for DNS only
> against that dns cache server... so any queries for njabl should in
> theory forward to my rbldnsd box

Check your /etc/resolv.conf. Are there *any* DNS servers in there other than the
cacheserver that forwards to rbldnsd?

SpamAssassin has a strong tendency to use the "first working" DNS server it
finds for all of its queries. So if there are multiple entries in resolv.conf,
SA could be using a server other than your cacheserver, unless ALL of the listed
servers perform forwarding.

From liste.gug at free.fr  Wed Jan 24 18:21:06 2007
From: liste.gug at free.fr (liste.gug@free.fr)
Date: Wed Jan 24 17:23:53 2007
Subject: Problemes with Quarantine infections
Message-ID: <1169659266.45b79582bb223@imp.free.fr>


Thank you, effectivly you're right ;)

One more question ;)Do you know how to attache the infected to the Notices mail
? Is it possible ?




Drew Marshall a ?crit :
> On Wed, January 24, 2007 16:21, liste.gug@free.fr wrote:
>> My options are :
>>
>> Quarantine Infections = yes
>> Quarantine Silent Viruses = no
>
> There it is                  ^^^^^
>
> Make that yes and you will have your viruses put to quarantine. Check the
> silent viruses secion in MailScanner.conf for details of what your system
> thinks is a silent virus (Most probably)
>
> Drew
>
>
From talora-listas at talora.com.br  Wed Jan 24 18:28:08 2007
From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=)
Date: Wed Jan 24 17:32:06 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <223f97700701240430w20390a0ft6d38d42655f08a9b@mail.gmail.com>
References: <45B73F01.2020603@talora.com.br>	<Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>	<45B7430B.6000504@talora.com.br>
	<223f97700701240430w20390a0ft6d38d42655f08a9b@mail.gmail.com>
Message-ID: <45B79728.3040407@talora.com.br>

Fellows,

I?ve changed the path under /etc/MailScanner/virus.scanner.conf, but it 
still doesn?t work. I?ll try the clamav+SA packer from mailscanner.info.

Thanks a lot, again!

Regards,

Luis Talora

Glenn Steen escreveu:
> On 24/01/07, "Lu?s Fernando C. Talora" <talora-listas@talora.com.br> 
> wrote:
>> Don?t think so... I?m not sure, but I think I?ve misconfigured Clamav
>> (in fact, I did nothing on its config files - just left files as they
>> came when I made a "yum install clamav*"). On the IRC Channel, someone
>> told me I should use the Clamav package posted on the MailScanner
>> website. Is that right?
>>
>> Thanks a lot!
>>
>> Regards,
>>
>> Luis Talora
>>
> 0) Check that what you have in virus.scanner.conf chimes with where
> you have clamav installed. By default, MailScanner will look for it in
> /usr/local/bin, but your RPM might have put it in /usr/bin ... if so,
> amend virus.scanners.conf so that it has only "/usr" in the third
> field for the clamscan AV... _OR_ deinstall  the clamav rpm package
> (and spamassassin) and use Jules Clam+SA easy-install package, which
> will put clamav in the default /usr/local location.
>
> 1) What happens when you run clamscan on a file containing EICAR?
>
> 2) What happens when you run the clamscan wrapper on the same file?
> You need specify a bit more with the wrapper, like:
> /usr/lib/MailScanner/clamav-wrapper /usr/local -r --disable-summary
> --stdout /path/to/file
> where the /usr/local is the third field from virus.scanners.conf
> (pointing to where clamav is installed).
>
> Cheers

From vasiliy at linuxspecial.com  Wed Jan 24 18:42:53 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 24 17:45:44 2007
Subject: SA, MS, RBL problem
In-Reply-To: <45B792B9.4010109@evi-inc.com>
References: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>	<45B78D64.7020102@linuxspecial.com>
	<45B792B9.4010109@evi-inc.com>
Message-ID: <45B79A9D.506@linuxspecial.com>

All of the servers listed in /etc/resolv.conf perform forwarding, and 
they all have been tested.

Anything else I could check?

THANKS!

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Matt Kettler wrote:
> Vasiliy Boulytchev wrote:
>   
>> GENTS!
>>
>> I have setup rbldnsd daemon, and am rsyncing down from NJABL...
>>
>> I have made the local DNS cachers forward queries to rbldnsd. That can
>> be tested via dig @dnscacheserver 2.0.0.127.dnsbl.njabl.org... i see
>> that query get forwarded to rbldnsd, and i see the query in the log so i
>> know 100 percent that rsync is working, dns forwarding is working
>> correctly from bind to rbldnsd host
>>
>> so thats out of the question....   MS machine is checking for DNS only
>> against that dns cache server... so any queries for njabl should in
>> theory forward to my rbldnsd box
>>     
>
> Check your /etc/resolv.conf. Are there *any* DNS servers in there other than the
> cacheserver that forwards to rbldnsd?
>
> SpamAssassin has a strong tendency to use the "first working" DNS server it
> finds for all of its queries. So if there are multiple entries in resolv.conf,
> SA could be using a server other than your cacheserver, unless ALL of the listed
> servers perform forwarding.
>
>   
From ssilva at sgvwater.com  Wed Jan 24 19:15:23 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 24 18:20:27 2007
Subject: [OOT] MailScanner & MTA Usage in the World
In-Reply-To: <223f97700701240419s5d718e64we3541a9002e85568@mail.gmail.com>
References: <00de01c73f85$75292720$8001a8c0@Fajar>	<0935FE72-CC77-48D0-A8F0-023A6CD00E82@technologytiger.net>
	<223f97700701240419s5d718e64we3541a9002e85568@mail.gmail.com>
Message-ID: <ep87rl$8gd$1@sea.gmane.org>

Glenn Steen spake the following on 1/24/2007 4:19 AM:
> On 24/01/07, Drew Marshall <drew@technologytiger.net> wrote:
>>
>> On 24 Jan 2007, at 07:01, Fajar wrote:
>>
>> Like Julian said, it's already 1 million download. I just wandering, in
>> percentage.... How many that use Exim+MailScanner,
>> Postfix+MailScanner, and
>> Sendmail+MailScanner combination in the server? Maybe someone know?
>>
>> Other than putting my Postfix vote in, I suspect you are down to pure
>> guesswork on this one. If pushed I would say something like 50% Sendmail,
>> 30% Exim and 19% Postfix and 1% Others but I could be a mile off.
>>
>> Drew
> 
> CC.
> One could try draw some conclusions from how many messages on this
> list pertain to one MTA or another, but that would mostly measure how
> easy/hard it is to set them up... So judging from something like that
> Zmailer and Exim would look like "winners":-):-).
> 
> Cheers
And many of the installations will use the default MTA for the distro. So
RedHat and SUSE would be sendmail, Debian would be exim ...
Julian has made his easy to install packages so darn easy that you can get
something running in less than an hour, distro and all.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From john at katy.com  Wed Jan 24 18:29:44 2007
From: john at katy.com (John Schmerold)
Date: Wed Jan 24 18:21:30 2007
Subject: Exiscan
Message-ID: <45B79788.6000509@katy.com>

Anyone using (or tried using)exiscan with MailScanner? Any feedback?

Exiscan is Exim's SPAM scanner.

http://www.exim.org/eximwiki/EximContentScanning

-- 
John Schmerold

Katy Computer & Wireless
347 Clarkson Rd
Ellisville MO 63011
636-861-6900 v
775-227-6947 f
From vasiliy at linuxspecial.com  Wed Jan 24 19:51:07 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 24 18:53:58 2007
Subject: Quarantine not working
Message-ID: <45B7AA9B.2010009@linuxspecial.com>

Guys,
    Just sent a eicar message through, the attachment did not get placed 
into

Quarantine Dir = /var/spool/MailScanner/quarantine

    Any suggestions?  Permissions look OK

THANKS!

-- 
Vasiliy Boulytchev
vasiliy@linuxspecial.com

From talora-listas at talora.com.br  Wed Jan 24 20:01:42 2007
From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=)
Date: Wed Jan 24 19:05:37 2007
Subject: Problem with MPEG file type
Message-ID: <45B7AD16.5070301@talora.com.br>

Fellows,

I had the followin line in filetype.rules.conf:

    deny MPEG            No MPEG movies          No MPEG movies allowed

Sometimes, users used to complain about send messages without any 
attachments and receiving an error from MailScanner, saying "No MPEG 
movies allowed". After I commented that line, the problem stopped. I 
seems that, under some unknown circumstances (at least for me), 
MailScanner "sees" some nonexistent MPEG attachments on the messages. 
Have you guys ever experienced that? Is there a solution (other than 
disabling the line above)?

Thanks a lot!

Regards,

Luis Talora
From vasiliy at linuxspecial.com  Wed Jan 24 20:14:48 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 24 19:17:39 2007
Subject: SA, MS, RBL problem
In-Reply-To: <20070124185838.GW32051@kluge.net>
References: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>
	<45B78D64.7020102@linuxspecial.com>
	<20070124185838.GW32051@kluge.net>
Message-ID: <45B7B028.3030508@linuxspecial.com>

Excellent,
    Now we are in the right direction.

    Now. I use the NJABL-provided rsync syntax to sync...


   

$ cat /usr/local/bin/njablrsync
#!/bin/sh
 
rsync -vaL rsync.njabl.org::njabl/rbldnsd/ /var/dnsbl/njabl/

which provides me with:

ls /var/lib/rbldns/work/
bhnc.gz               dnsbl.njabl.org.data     rbldns.dynablock.easynet.nl
dnsbl.njabl.org.auto  dnsbl.njabl.org.generic  README

How come am I not getting the combined?  And so how do I set SA to use my current 
dnsbl.njabl.org,

THANKS!

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Theo Van Dinter wrote:
> On Wed, Jan 24, 2007 at 11:46:28AM -0500, Vasiliy Boulytchev wrote:
>   
>> be tested via dig @dnscacheserver 2.0.0.127.dnsbl.njabl.org... i see 
>>     
> [...]
>   
>> Can someone please help me setup NJABL properly?  I am invoking SA via 
>> MS... as you can see below, SA does seem to check NJABL...
>>     
> [...]
>   
>> [15101] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal
>> [15101] dbg: dns: checking RBL combined.njabl.org., set njabl
>>     
>
> SpamAssassin is looking for combined.dnsbl.org.  You've setup your servers to
> deal with dnsbl.njabl.org, which is different, and so won't be used.
>
>   
From vasiliy at linuxspecial.com  Wed Jan 24 20:35:43 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 24 19:39:40 2007
Subject: SA, MS, RBL problem
In-Reply-To: <45B7B028.3030508@linuxspecial.com>
References: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>	<45B78D64.7020102@linuxspecial.com>	<20070124185838.GW32051@kluge.net>
	<45B7B028.3030508@linuxspecial.com>
Message-ID: <45B7B50F.1010907@linuxspecial.com>

Problem solved, I had to forward combined.njabl.org in named conf on the 
cachers... duh!

THANKS!

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Vasiliy Boulytchev wrote:
>
> Excellent,
>    Now we are in the right direction.
>
>    Now. I use the NJABL-provided rsync syntax to sync...
>
>
>  
> $ cat /usr/local/bin/njablrsync
> #!/bin/sh
>
> rsync -vaL rsync.njabl.org::njabl/rbldnsd/ /var/dnsbl/njabl/
>
> which provides me with:
>
> ls /var/lib/rbldns/work/
> bhnc.gz               dnsbl.njabl.org.data     
> rbldns.dynablock.easynet.nl
> dnsbl.njabl.org.auto  dnsbl.njabl.org.generic  README
>
> How come am I not getting the combined?  And so how do I set SA to use 
> my current dnsbl.njabl.org,
>
> THANKS!
>
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
>
>
>
> Theo Van Dinter wrote:
>> On Wed, Jan 24, 2007 at 11:46:28AM -0500, Vasiliy Boulytchev wrote:
>>  
>>> be tested via dig @dnscacheserver 2.0.0.127.dnsbl.njabl.org... i see 
>>>     
>> [...]
>>  
>>> Can someone please help me setup NJABL properly?  I am invoking SA 
>>> via MS... as you can see below, SA does seem to check NJABL...
>>>     
>> [...]
>>  
>>> [15101] dbg: dns: checking RBL combined.njabl.org., set 
>>> njabl-lastexternal
>>> [15101] dbg: dns: checking RBL combined.njabl.org., set njabl
>>>     
>>
>> SpamAssassin is looking for combined.dnsbl.org.  You've setup your 
>> servers to
>> deal with dnsbl.njabl.org, which is different, and so won't be used.
>>
>>   
From vasiliy at linuxspecial.com  Wed Jan 24 20:38:03 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Wed Jan 24 19:40:55 2007
Subject: SA, MS, RBL problem
In-Reply-To: <45B7B028.3030508@linuxspecial.com>
References: <1E75E79B854C814784D0E8C5BA55AF76F7688F@uss2k01.united-systems.local>	<45B78D64.7020102@linuxspecial.com>	<20070124185838.GW32051@kluge.net>
	<45B7B028.3030508@linuxspecial.com>
Message-ID: <45B7B59B.3020104@linuxspecial.com>

Further question,

Since the *combined.njabl.org*: dnsbl.njabl.org and dynablock.njabl.org 
in a single zone is what you get....

and :

With the advent of Spamhaus's PBL (http://spamhaus.org/pbl/), 
dynablock.njabl.org has become obsolete.  Rather than maintain separate 
similar DNSBL zones, NJABL will be working with Spamhaus on the PBL. 
Effective immediately, dynablock.njabl.org exists as a copy of the 
Spamhaus PBL.  After dynablock users have had ample time to update their 
configurations, the dynablock.njabl.org zone will be emptied.

Would it be wise to tell SA not to check combined.njabl.org?  And just 
look at dydns.njabl.org only?

THANKS!


Vasiliy Boulytchev
vasiliy@linuxspecial.com



Vasiliy Boulytchev wrote:
>
> Excellent,
>    Now we are in the right direction.
>
>    Now. I use the NJABL-provided rsync syntax to sync...
>
>
>  
> $ cat /usr/local/bin/njablrsync
> #!/bin/sh
>
> rsync -vaL rsync.njabl.org::njabl/rbldnsd/ /var/dnsbl/njabl/
>
> which provides me with:
>
> ls /var/lib/rbldns/work/
> bhnc.gz               dnsbl.njabl.org.data     
> rbldns.dynablock.easynet.nl
> dnsbl.njabl.org.auto  dnsbl.njabl.org.generic  README
>
> How come am I not getting the combined?  And so how do I set SA to use 
> my current dnsbl.njabl.org,
>
> THANKS!
>
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
>
>
>
> Theo Van Dinter wrote:
>> On Wed, Jan 24, 2007 at 11:46:28AM -0500, Vasiliy Boulytchev wrote:
>>  
>>> be tested via dig @dnscacheserver 2.0.0.127.dnsbl.njabl.org... i see 
>>>     
>> [...]
>>  
>>> Can someone please help me setup NJABL properly?  I am invoking SA 
>>> via MS... as you can see below, SA does seem to check NJABL...
>>>     
>> [...]
>>  
>>> [15101] dbg: dns: checking RBL combined.njabl.org., set 
>>> njabl-lastexternal
>>> [15101] dbg: dns: checking RBL combined.njabl.org., set njabl
>>>     
>>
>> SpamAssassin is looking for combined.dnsbl.org.  You've setup your 
>> servers to
>> deal with dnsbl.njabl.org, which is different, and so won't be used.
>>
>>   
From mkettler at evi-inc.com  Wed Jan 24 21:00:57 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jan 24 20:03:53 2007
Subject: Problem with MPEG file type
In-Reply-To: <45B7AD16.5070301@talora.com.br>
References: <45B7AD16.5070301@talora.com.br>
Message-ID: <45B7BAF9.9080605@evi-inc.com>

Anything using filetype.rules.conf is dependent on the "file" utility on your
server to attempt to identify the actual type of file involved.

The "file" utility works by checking for any one of a series of magic numbers
located in the file. In theory, this should always work correctly. In practice,
it doesn't.

Check the actual attachments from those messages and feed them to the file
command on your server and see what it says about them.

ie:

$file home.tgz
home.tgz: gzip compressed data, from Unix


Lu?s Fernando C. Talora wrote:
> Fellows,
> 
> I had the followin line in filetype.rules.conf:
> 
>    deny MPEG            No MPEG movies          No MPEG movies allowed
> 
> Sometimes, users used to complain about send messages without any
> attachments and receiving an error from MailScanner, saying "No MPEG
> movies allowed". After I commented that line, the problem stopped. I
> seems that, under some unknown circumstances (at least for me),
> MailScanner "sees" some nonexistent MPEG attachments on the messages.
> Have you guys ever experienced that? Is there a solution (other than
> disabling the line above)?
> 
> Thanks a lot!
> 
> Regards,
> 
> Luis Talora

From ssilva at sgvwater.com  Wed Jan 24 21:27:08 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 24 20:32:20 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <45B79728.3040407@talora.com.br>
References: <45B73F01.2020603@talora.com.br>	<Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>	<45B7430B.6000504@talora.com.br>	<223f97700701240430w20390a0ft6d38d42655f08a9b@mail.gmail.com>
	<45B79728.3040407@talora.com.br>
Message-ID: <ep8fim$8bi$1@sea.gmane.org>

Lu?s Fernando C. Talora spake the following on 1/24/2007 9:28 AM:
> Fellows,
> 
> I?ve changed the path under /etc/MailScanner/virus.scanner.conf, but it
> still doesn?t work. I?ll try the clamav+SA packer from mailscanner.info.
> 
Make sure you rpm -e clamav stuff before you install Julian's, or you will
bork up things more.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Wed Jan 24 21:42:33 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 20:45:22 2007
Subject: Quarantine not working
In-Reply-To: <45B7AA9B.2010009@linuxspecial.com>
References: <45B7AA9B.2010009@linuxspecial.com>
Message-ID: <223f97700701241242q28a00da0le98217d1e86f5d1a@mail.gmail.com>

On 24/01/07, Vasiliy Boulytchev <vasiliy@linuxspecial.com> wrote:
> Guys,
>     Just sent a eicar message through, the attachment did not get placed
> into
>
> Quarantine Dir = /var/spool/MailScanner/quarantine
>
>     Any suggestions?  Permissions look OK
>
> THANKS!
>
is EICAR part of your "Silent Viruses", and do you "Quarantine Silent Viruses"?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ssilva at sgvwater.com  Wed Jan 24 21:43:12 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 24 20:48:20 2007
Subject: Problemes with Quarantine infections
In-Reply-To: <1169659266.45b79582bb223@imp.free.fr>
References: <1169659266.45b79582bb223@imp.free.fr>
Message-ID: <ep8ggq$eq6$1@sea.gmane.org>

liste.gug@free.fr spake the following on 1/24/2007 9:21 AM:
> Thank you, effectivly you're right ;)
> 
> One more question ;)Do you know how to attache the infected to the Notices mail
> ? Is it possible ?
> 
> 
> 
> 
> Drew Marshall a ?crit :
>> On Wed, January 24, 2007 16:21, liste.gug@free.fr wrote:
>>> My options are :
>>>
>>> Quarantine Infections = yes
>>> Quarantine Silent Viruses = no
>> There it is                  ^^^^^
>>
>> Make that yes and you will have your viruses put to quarantine. Check the
>> silent viruses secion in MailScanner.conf for details of what your system
>> thinks is a silent virus (Most probably)
>>
>> Drew
>>
>>
IF you attach the infected item to a notice, you are just creating another
virus laden message. If you really want them, you need to get them from the
quarantine manually.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Wed Jan 24 21:49:42 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 24 20:52:31 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <ep8fim$8bi$1@sea.gmane.org>
References: <45B73F01.2020603@talora.com.br>
	<Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>
	<45B7430B.6000504@talora.com.br>
	<223f97700701240430w20390a0ft6d38d42655f08a9b@mail.gmail.com>
	<45B79728.3040407@talora.com.br> <ep8fim$8bi$1@sea.gmane.org>
Message-ID: <223f97700701241249n4c4ca9b7l7ee1d296edd44751@mail.gmail.com>

On 24/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> Lu?s Fernando C. Talora spake the following on 1/24/2007 9:28 AM:
> > Fellows,
> >
> > I?ve changed the path under /etc/MailScanner/virus.scanner.conf, but it
> > still doesn?t work. I?ll try the clamav+SA packer from mailscanner.info.
> >
> Make sure you rpm -e clamav stuff before you install Julian's, or you will
> bork up things more.
>
And probably you need "rpm -e spamassassin" too... Jules package will
put it back, but perhaps not exactly at the same place as the rpm
would... It's good to not have things like this more than once...
Avoids questions like "now, why did it invoke _that_ incarnation
....":-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ssilva at sgvwater.com  Wed Jan 24 21:53:33 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 24 20:58:38 2007
Subject: Quarantine not working
In-Reply-To: <45B7AA9B.2010009@linuxspecial.com>
References: <45B7AA9B.2010009@linuxspecial.com>
Message-ID: <ep8h48$iet$1@sea.gmane.org>

Vasiliy Boulytchev spake the following on 1/24/2007 10:51 AM:
> Guys,
>    Just sent a eicar message through, the attachment did not get placed
> into
> 
> Quarantine Dir = /var/spool/MailScanner/quarantine
> 
>    Any suggestions?  Permissions look OK
> 
> THANKS!
> 
These are the settings I had to make to get it to work;

Quarantine Infections = yes
Quarantine Silent Viruses = yes
Quarantine Modified Body = no
Quarantine Whole Message = yes
Keep Spam And MCP Archive Clean = no


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From alex at nkpanama.com  Thu Jan 25 03:22:21 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Thu Jan 25 02:25:54 2007
Subject: Problem with MPEG file type
In-Reply-To: <45B7AD16.5070301@talora.com.br>
References: <45B7AD16.5070301@talora.com.br>
Message-ID: <45B8145D.2000703@nkpanama.com>

(carefully trying to avoid top-posting and over-quoting ;-) )
Lu?s Fernando C. Talora wrote:
> Fellows,
> 
>    deny MPEG            No MPEG movies          No MPEG movies allowed

> Have you guys ever experienced that? Is there a solution (other than 
> disabling the line above)?

You may want to try updating your "file" utility, which is what 
MailScanner calls to check what the contents of a file appear to be. 
Your users might also be sending e-mail messages which are formatted as 
to appear to be MPEG files because of a bit.

Google around for "file command" and "magic", which is the file 
command's way of looking for specific sequences that suggest what a file 
might be from its contents. I found the following:

http://www.oracle.com/technology/pub/articles/calish_file_commands.html

... to be useful in understanding "file". The source for "file" is 
available from ftp://ftp.astron.com/pub/file/ - you may want to try 
compiling a new one to see how it goes.

Good luck...
From alex at nkpanama.com  Thu Jan 25 05:44:02 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Thu Jan 25 04:47:52 2007
Subject: Problem with MPEG file type
In-Reply-To: <45B8145D.2000703@nkpanama.com>
References: <45B7AD16.5070301@talora.com.br> <45B8145D.2000703@nkpanama.com>
Message-ID: <45B83592.6090100@nkpanama.com>

Our MailScanner believes that the attachment to this message sent to you
   
    From: alex@nkpanama.com
 Subject: Re: Problem with MPEG file type

is Unsolicited Commercial Email (spam). Unless you are sure that this message
is incorrectly thought to be spam, please delete this message without opening
it. Opening spam messages might allow the spammer to verify your email
address.

If you believe that this message has been incorrectly marked as spam, please
forward this email to postmaster.

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 BOTNET_BADDNS          IP address doesn't have full circle DNS
 2.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [200.75.226.223 listed in dnsbl.sorbs.net]
 1.7 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
                            [200.75.226.223 listed in combined.njabl.org]
 2.0 BOTNET                 Any Botnet rule hit



-------------- next part --------------
An embedded message was scrubbed...
From: Alex Neuman van der Hans <alex@nkpanama.com>
Subject: Re: Problem with MPEG file type
Date: Wed, 24 Jan 2007 23:44:02 -0500
Size: 1326
Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070124/bdc712c3/attachment.mht
From jcb at dream.com.ph  Thu Jan 25 08:17:51 2007
From: jcb at dream.com.ph (jcb dream.com.ph)
Date: Thu Jan 25 07:21:11 2007
Subject: no RBL checks
Message-ID: <014901c74050$ed6af6c0$920bbdcb@pmsi.net>

hi guys,
i tried checking the details on one of my messages which was not tagged as spam. And mostly i found out that there are no RBL checks, is it possible that my messages bypass RBL checks ? 

X--MailServer-MailScanner-Information: Please contact the ISP for more information
X--MailServer-MailScanner: Found to be clean
X-MailServer-MailScanner-SpamScore: ss
X-PMSI-MailServer-MailScanner-From: vacheressexwe@bambooplants4uk.com
X-Spam-Status: No
Status: O


tnx


 MS rocks!!! That's MailScanner to be exact....
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070125/511d28fa/attachment.html
From davidj at synaq.com  Thu Jan 25 09:04:44 2007
From: davidj at synaq.com (David Jacobson)
Date: Thu Jan 25 08:07:41 2007
Subject: Minor Bug: Mailwatch DBI Tracing w/ MailScanner
Message-ID: <1169712284.6464.5.camel@localhost>

Hi,

Just reporting this incase anyone wants to fix it:

I enabled DBI Tracing in Mailwatch.pm (1.0.3) and found our Virus
Scanners picking up 12 Viruses on a plain text mail (or atleast it
thought so - but delivered Uninfected)

MailScanner Ver = 4.56.8

Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: Virus and Content
Scanning: Starting
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::    --
DBI::END
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::    ->
disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0xabcaa94)~0xaf26dbc)
thr#9d70008
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::    <-
disconnect_all= (not implemented) at DBI.pm line 692
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::    ->
disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0xaec5810)~0xb6d305c)
thr#9d70008
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::    <-
disconnect_all= '' at DBI.pm line 692
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::!   ->
DESTROY for DBD::SQLite::db (DBI::db=HASH(0xb6d37c8)~INNER) thr#9d70008
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::
DESTROY DBI::db=HASH(0xb6d37c8) skipped due to InactiveDestroy
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::!   <-
DESTROY= undef during global destruction
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::!   ->
DESTROY in DBD::_::common for DBD::SQLite::dr
(DBI::dr=HASH(0xb6d305c)~INNER) thr#9d70008
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::!   <-
DESTROY= undef during global destruction
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::!   ->
DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0xaf26dbc)~INNER)
thr#9d70008
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: ClamAVModule::!   <-
DESTROY= undef during global destruction
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: Virus Scanning:
ClamAV Module found 12 infections
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: Virus Scanning:
Bitdefender found 12 infections
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: Virus Scanning: Found
12 viruses
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: Uninfected: Delivered
1 messages
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18524]: Logging message
1H9oyI-0004ol-Ky to SQL
Jan 24 22:44:47 mailfilter-mx1 MailScanner[18538]: 1H9oyI-0004ol-Ky:
Logged to MailWatch SQL


-- 

Regards,

David Jacobson
Technical Director
SYNAQ (Pty) Ltd

Tel:    011 245 5888
Direct: 011 245 5889
Fax:    011 783 9275
Cell:   083 235 0760
Mail:   davidj@synaq.com
Web:    http://www.synaq.com

Key Fingerprint
8246 FCE1 3C22 7EFB E61B  18DF 6E8B 65E8 BD50 78A1

From jcb at dream.com.ph  Thu Jan 25 09:59:06 2007
From: jcb at dream.com.ph (jepoy)
Date: Thu Jan 25 09:02:13 2007
Subject: dcc,razor,pyzor on MS running centos4.4
Message-ID: <01b101c7405f$12666640$920bbdcb@pmsi.net>

hi guys,

just read about these things as plugins on spamassassin. how can i incorporate them on my centos 4.4.

tnx


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070125/5aff14e5/attachment.html
From glenn.steen at gmail.com  Thu Jan 25 10:42:48 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 09:45:39 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <01b101c7405f$12666640$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
Message-ID: <223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>

On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
>
>
> hi guys,
>
> just read about these things as plugins on spamassassin. how can i
> incorporate them on my centos 4.4.
>
Start looking at (MAQ):
http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_and_bayes
And also (wiki):
http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spamassassin:plugins

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From uxbod at splatnix.net  Thu Jan 25 11:05:06 2007
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Thu Jan 25 10:05:42 2007
Subject: SOT: AntiVirus Software
Message-ID: <20070125100506.4544c990@uxbod.splatnix.net>

I have recently built a new server and currently only use ClamAV and
Bitdefender with MailScanner.  I would like to introduce a commercial
scanner aswell, but there appears to be so many on the market now.

I do like Kaspersky, but you seem to be unable to buy and download in
the UK :(

Any other recommendations ?

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From jcb at dream.com.ph  Thu Jan 25 11:15:58 2007
From: jcb at dream.com.ph (jepoy)
Date: Thu Jan 25 10:19:02 2007
Subject: dcc,razor,pyzor on MS running centos4.4
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
Message-ID: <01c101c74069$cf07ff20$920bbdcb@pmsi.net>


>>
>>
>> hi guys,
>>
>> just read about these things as plugins on spamassassin. how can i
>> incorporate them on my centos 4.4.
>>
> Start looking at (MAQ):
> http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_and_bayes
> And also (wiki):
> http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spamassassin:plugins
>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
hi glenn,
found some sites also, do i have to put user_pyzor 1 in 
spam.assassin.prefs.conf ? how can i validate if pyzor is working on my 
system ?

thanks. 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From talora-listas at talora.com.br  Thu Jan 25 11:31:27 2007
From: talora-listas at talora.com.br (=?ISO-8859-1?Q?=22Lu=EDs_Fernando_C=2E_Talora=22?=)
Date: Thu Jan 25 10:35:20 2007
Subject: Clamav with MailScanner on Fedora 6
In-Reply-To: <223f97700701241249n4c4ca9b7l7ee1d296edd44751@mail.gmail.com>
References: <45B73F01.2020603@talora.com.br>	<Pine.LNX.4.64.0701241216560.2757@control.prolocation.net>	<45B7430B.6000504@talora.com.br>	<223f97700701240430w20390a0ft6d38d42655f08a9b@mail.gmail.com>	<45B79728.3040407@talora.com.br>
	<ep8fim$8bi$1@sea.gmane.org>
	<223f97700701241249n4c4ca9b7l7ee1d296edd44751@mail.gmail.com>
Message-ID: <45B886FF.5040805@talora.com.br>

OK. Thanks!

Regards,

Talora

Glenn Steen escreveu:
> On 24/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>> Lu?s Fernando C. Talora spake the following on 1/24/2007 9:28 AM:
>> > Fellows,
>> >
>> > I?ve changed the path under /etc/MailScanner/virus.scanner.conf, 
>> but it
>> > still doesn?t work. I?ll try the clamav+SA packer from 
>> mailscanner.info.
>> >
>> Make sure you rpm -e clamav stuff before you install Julian's, or you 
>> will
>> bork up things more.
>>
> And probably you need "rpm -e spamassassin" too... Jules package will
> put it back, but perhaps not exactly at the same place as the rpm
> would... It's good to not have things like this more than once...
> Avoids questions like "now, why did it invoke _that_ incarnation
> ....":-)
>
> Cheers

From martinh at solidstatelogic.com  Thu Jan 25 11:28:52 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu Jan 25 10:36:53 2007
Subject: AntiVirus Software
In-Reply-To: <20070125100506.4544c990@uxbod.splatnix.net>
Message-ID: <3da1ae1e3a53324e8e9878ce3acfe960@solidstatelogic.com>

HI

You don't mention what O/S you're running on, but

f-prot used by a lot of a people, a 'local' reseller is Blacknight.ie
who also happen to host the MS websites and mailing lists..

I find sophos good, but is way more expensive that f-prot..you shouldn't
have any problems finding a reseller..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]--
> Sent: 25 January 2007 10:05
> To: MailScanner discussion
> Subject: SOT: AntiVirus Software
>
> I have recently built a new server and currently only use ClamAV and
> Bitdefender with MailScanner.  I would like to introduce a commercial
> scanner aswell, but there appears to be so many on the market now.
>
> I do like Kaspersky, but you seem to be unable to buy and download in
> the UK :(
>
> Any other recommendations ?
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From steve.freegard at fsl.com  Thu Jan 25 11:53:11 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Thu Jan 25 10:56:04 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <20070125100506.4544c990@uxbod.splatnix.net>
References: <20070125100506.4544c990@uxbod.splatnix.net>
Message-ID: <45B88C17.4050305@fsl.com>

--[ UxBoD ]-- wrote:
> I have recently built a new server and currently only use ClamAV and
> Bitdefender with MailScanner.  I would like to introduce a commercial
> scanner aswell, but there appears to be so many on the market now.
> 
> I do like Kaspersky, but you seem to be unable to buy and download in
> the UK :(
> 
> Any other recommendations ?

My recommendation would be to get rid of BitDefender - it's no longer 
available for download for free and it's quite slow.

Then look at either F-Prot or NOD32 as these have a reputation for being 
the fastest two scanners aside from ClamAVmodule or SophosSAVI (expensive).

You can even get NOD32 immediately via download if you purchase it 
through their website and they'll mail you the license key.

Kind regards,
Steve.
From uxbod at splatnix.net  Thu Jan 25 12:44:40 2007
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Thu Jan 25 11:45:43 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <45B88C17.4050305@fsl.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
Message-ID: <20070125114440.5ea3fc5c@uxbod.splatnix.net>

You have to buy a five user license, but for home use, when only two
uses its a bit expensive :(

On Thu, 25 Jan 2007 10:53:11 +0000
Steve Freegard <steve.freegard@fsl.com> wrote:

> --[ UxBoD ]-- wrote:
> > I have recently built a new server and currently only use ClamAV and
> > Bitdefender with MailScanner.  I would like to introduce a
> > commercial scanner aswell, but there appears to be so many on the
> > market now.
> > 
> > I do like Kaspersky, but you seem to be unable to buy and download
> > in the UK :(
> > 
> > Any other recommendations ?
> 
> My recommendation would be to get rid of BitDefender - it's no longer 
> available for download for free and it's quite slow.
> 
> Then look at either F-Prot or NOD32 as these have a reputation for
> being the fastest two scanners aside from ClamAVmodule or SophosSAVI
> (expensive).
> 
> You can even get NOD32 immediately via download if you purchase it 
> through their website and they'll mail you the license key.
> 
> Kind regards,
> Steve.

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Thu Jan 25 13:09:01 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 12:11:53 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <01c101c74069$cf07ff20$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<01c101c74069$cf07ff20$920bbdcb@pmsi.net>
Message-ID: <223f97700701250409g7176171fw3fe974f943b0e200@mail.gmail.com>

On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
>
> >>
> >>
> >> hi guys,
> >>
> >> just read about these things as plugins on spamassassin. how can i
> >> incorporate them on my centos 4.4.
> >>
> > Start looking at (MAQ):
> > http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_and_bayes
> > And also (wiki):
> > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spamassassin:plugins
> >
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> hi glenn,
> found some sites also, do i have to put user_pyzor 1 in
> spam.assassin.prefs.conf ? how can i validate if pyzor is working on my
> system ?
>
> thanks.
>
You have to load the plugin, and set approrpiate configs for all of
them. For pyzor that might be as little as (in my case):
#pyzor_path /usr/bin/pyzor
/etc/mail/spamassassin/mailscanner.cf:# To stop Pyzor checks,
uncomment the following line
/etc/mail/spamassassin/mailscanner.cf:#  use_pyzor      0
/etc/mail/spamassassin/mailscanner.cf:pyzor_timeout 10
/etc/mail/spamassassin/v310.pre:# Pyzor - perform Pyzor message checks.
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::Pyzor

You can test Pyzor with a ping (just "pyzor ping" ... will try connect
to the server) and by running spamassassin -D on a message file. If
you run a "pyzor discover" it will find the non-working/overloaded
official server, which isn't good... So instead use
82.94.255.100:24441 in your .pyzor/servers (wherever that has been
put).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Thu Jan 25 13:11:45 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 12:14:37 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <223f97700701250409g7176171fw3fe974f943b0e200@mail.gmail.com>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<01c101c74069$cf07ff20$920bbdcb@pmsi.net>
	<223f97700701250409g7176171fw3fe974f943b0e200@mail.gmail.com>
Message-ID: <223f97700701250411r51be5385ldca7db09eec957d1@mail.gmail.com>

On 25/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
(snip)
The quote got a bit garbled, here's a better one:-)
> ... For pyzor that might be as little as (in my case):
# egrep -r -i pyzor /etc/mail/spamassassin/
/etc/mail/spamassassin/mailscanner.cf:pyzor_path /usr/bin/pyzor
/etc/mail/spamassassin/mailscanner.cf:# To stop Pyzor checks,
uncomment the following line
/etc/mail/spamassassin/mailscanner.cf:#  use_pyzor      0
/etc/mail/spamassassin/mailscanner.cf:pyzor_timeout 10
/etc/mail/spamassassin/v310.pre:# Pyzor - perform Pyzor message checks.
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::Pyzor
#

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Thu Jan 25 13:30:08 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 12:33:00 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <20070125114440.5ea3fc5c@uxbod.splatnix.net>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
Message-ID: <223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>

On 25/01/07, --[ UxBoD ]-- <uxbod@splatnix.net> wrote:
> You have to buy a five user license, but for home use, when only two
> uses its a bit expensive :(
>
Eh, is this for *home* use? Why, then Avira (formerly antivir ..
http://www.free-av.com), AVG (http://www.grisoft.com) and avast
(http://www.avast.com/eng/download-avast-for-linux-edition.html) have
"free for home use/personal use" offerings... and at least avast and
avira have *nix downloads there. I suppose there might be others as
well (I don't check this that often:-)... There was some talk about
building a wrapper for avast, but I haven't checked the latest beta...
Might be there, might not:-).
Many also offer fully functional trial downloads of their products, as
well as some form of "shop online" capability.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From jcb at dream.com.ph  Thu Jan 25 13:33:11 2007
From: jcb at dream.com.ph (jepoy)
Date: Thu Jan 25 12:36:33 2007
Subject: dcc,razor,pyzor on MS running centos4.4
References: <01b101c7405f$12666640$920bbdcb@pmsi.net><223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com><01c101c74069$cf07ff20$920bbdcb@pmsi.net><223f97700701250409g7176171fw3fe974f943b0e200@mail.gmail.com>
	<223f97700701250411r51be5385ldca7db09eec957d1@mail.gmail.com>
Message-ID: <027d01c7407c$fa02d340$920bbdcb@pmsi.net>



> On 25/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>> On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
> (snip)
> The quote got a bit garbled, here's a better one:-)
>> ... For pyzor that might be as little as (in my case):
> # egrep -r -i pyzor /etc/mail/spamassassin/
> /etc/mail/spamassassin/mailscanner.cf:pyzor_path /usr/bin/pyzor
> /etc/mail/spamassassin/mailscanner.cf:# To stop Pyzor checks,
> uncomment the following line
> /etc/mail/spamassassin/mailscanner.cf:#  use_pyzor      0
> /etc/mail/spamassassin/mailscanner.cf:pyzor_timeout 10
> /etc/mail/spamassassin/v310.pre:# Pyzor - perform Pyzor message checks.
> /etc/mail/spamassassin/v310.pre:loadplugin 
> Mail::SpamAssassin::Plugin::Pyzor
> #
>
Hi glen,

got that, though im still using spamassassin=3.0.6.is this ok ?
[root@mail MailScanner]# egrep -r -i pyzor /etc/mail/spamassassin/
/etc/mail/spamassassin/mailscanner.cf:ifplugin 
Mail::SpamAssassin::Plugin::Pyzor
/etc/mail/spamassassin/mailscanner.cf:pyzor_path /usr/bin/pyzor
/etc/mail/spamassassin/mailscanner.cf:# To stop Pyzor checks, uncomment the 
following line
/etc/mail/spamassassin/mailscanner.cf:#  use_pyzor      0
/etc/mail/spamassassin/mailscanner.cf:pyzor_timeout 10
[root@mail MailScanner]# rpm -qa|grep spam
spamassassin-3.0.6-1.el4

im on way checking razor now. and finding a way to change these 
/var/spool/postfix/hold/razor-agent.log.
i already created a directory razor on 
/var/spool/MailScanner/spamassassin/razor.

[root@mail MailScanner]# 
razor-admin -create -conf=/var/spool/MailScanner/spamassassin/razor
Could not create 'razorhome': Can't write file 
/var/spool/MailScanner/spamassassin/razor: Is a directory




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From tmartins at gmail.com  Thu Jan 25 13:58:32 2007
From: tmartins at gmail.com (Thiago Martins)
Date: Thu Jan 25 13:01:24 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
Message-ID: <fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>

Bitdefender has a free *Nix version too.

[]?s

On 1/25/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 25/01/07, --[ UxBoD ]-- <uxbod@splatnix.net> wrote:
> > You have to buy a five user license, but for home use, when only two
> > uses its a bit expensive :(
> >
> Eh, is this for *home* use? Why, then Avira (formerly antivir ..
> http://www.free-av.com), AVG (http://www.grisoft.com) and avast
> (http://www.avast.com/eng/download-avast-for-linux-edition.html) have
> "free for home use/personal use" offerings... and at least avast and
> avira have *nix downloads there. I suppose there might be others as
> well (I don't check this that often:-)... There was some talk about
> building a wrapper for avast, but I haven't checked the latest beta...
> Might be there, might not:-).
> Many also offer fully functional trial downloads of their products, as
> well as some form of "shop online" capability.
From ugob at camo-route.com  Thu Jan 25 14:04:19 2007
From: ugob at camo-route.com (Ugo Bellavance)
Date: Thu Jan 25 13:07:21 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <027d01c7407c$fa02d340$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net><223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com><01c101c74069$cf07ff20$920bbdcb@pmsi.net><223f97700701250409g7176171fw3fe974f943b0e200@mail.gmail.com>	<223f97700701250411r51be5385ldca7db09eec957d1@mail.gmail.com>
	<027d01c7407c$fa02d340$920bbdcb@pmsi.net>
Message-ID: <epa9sk$dl4$1@sea.gmane.org>

jepoy wrote:
> 
> 
>> On 25/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>>> On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
>> (snip)
>> The quote got a bit garbled, here's a better one:-)
>>> ... For pyzor that might be as little as (in my case):
>> # egrep -r -i pyzor /etc/mail/spamassassin/
>> /etc/mail/spamassassin/mailscanner.cf:pyzor_path /usr/bin/pyzor
>> /etc/mail/spamassassin/mailscanner.cf:# To stop Pyzor checks,
>> uncomment the following line
>> /etc/mail/spamassassin/mailscanner.cf:#  use_pyzor      0
>> /etc/mail/spamassassin/mailscanner.cf:pyzor_timeout 10
>> /etc/mail/spamassassin/v310.pre:# Pyzor - perform Pyzor message checks.
>> /etc/mail/spamassassin/v310.pre:loadplugin 
>> Mail::SpamAssassin::Plugin::Pyzor
>> #
>>
> Hi glen,
> 
> got that, though im still using spamassassin=3.0.6.is this ok ?

You should uninstall the rpm and install it from source or from the 
clamav-SA rpm provided on the MailScanner site.

Ugo

From glenn.steen at gmail.com  Thu Jan 25 14:10:16 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 13:13:09 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>
Message-ID: <223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>

On 25/01/07, Thiago Martins <tmartins@gmail.com> wrote:
> Bitdefender has a free *Nix version too.
>
Yes, I'm aware of this (I wrote the wiki page on it:-).
Two differences: It used to be free for *all*, not only home use, and
it is free no longer... well, it's harder to find the console thing at
least:-).
The ones I quoted seem to be free still....;).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From tmartins at gmail.com  Thu Jan 25 14:27:01 2007
From: tmartins at gmail.com (Thiago Martins)
Date: Thu Jan 25 13:29:52 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>
	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>
Message-ID: <fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>

I have seen the wiki page on It yet.

Just in case, all versions for Linux and FreeBSD can be downloaded from:
http://download.bitdefender.com/unices/

I don't read their license for a long time, so I must check it any time soon. :)

[]?s

On 1/25/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 25/01/07, Thiago Martins <tmartins@gmail.com> wrote:
> > Bitdefender has a free *Nix version too.
> >
> Yes, I'm aware of this (I wrote the wiki page on it:-).
> Two differences: It used to be free for *all*, not only home use, and
> it is free no longer... well, it's harder to find the console thing at
> least:-).
> The ones I quoted seem to be free still....;).
>
> Cheers
> --
From tmartins at gmail.com  Thu Jan 25 14:27:54 2007
From: tmartins at gmail.com (Thiago Martins)
Date: Thu Jan 25 13:30:45 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>
	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>
	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
Message-ID: <fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>

Just a typo: I have not seen the wiki on BitDefender ...

On 1/25/07, Thiago Martins <tmartins@gmail.com> wrote:
> I have seen the wiki page on It yet.
>
> Just in case, all versions for Linux and FreeBSD can be downloaded from:
> http://download.bitdefender.com/unices/
>
> I don't read their license for a long time, so I must check it any time soon. :)
>
> []?s
>
> On 1/25/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> > On 25/01/07, Thiago Martins <tmartins@gmail.com> wrote:
> > > Bitdefender has a free *Nix version too.
> > >
> > Yes, I'm aware of this (I wrote the wiki page on it:-).
> > Two differences: It used to be free for *all*, not only home use, and
> > it is free no longer... well, it's harder to find the console thing at
> > least:-).
> > The ones I quoted seem to be free still....;).
> >
> > Cheers
> > --
>


-- 
[]?s
Thiago Martins
http://tmartins.blogsome.com
From glenn.steen at gmail.com  Thu Jan 25 14:28:11 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 13:31:06 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <027d01c7407c$fa02d340$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<01c101c74069$cf07ff20$920bbdcb@pmsi.net>
	<223f97700701250409g7176171fw3fe974f943b0e200@mail.gmail.com>
	<223f97700701250411r51be5385ldca7db09eec957d1@mail.gmail.com>
	<027d01c7407c$fa02d340$920bbdcb@pmsi.net>
Message-ID: <223f97700701250528x7942ca03h3c654dcdd95b7952@mail.gmail.com>

On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
>
>
> > On 25/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> >> On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
> > (snip)
> > The quote got a bit garbled, here's a better one:-)
> >> ... For pyzor that might be as little as (in my case):
> > # egrep -r -i pyzor /etc/mail/spamassassin/
> > /etc/mail/spamassassin/mailscanner.cf:pyzor_path /usr/bin/pyzor
> > /etc/mail/spamassassin/mailscanner.cf:# To stop Pyzor checks,
> > uncomment the following line
> > /etc/mail/spamassassin/mailscanner.cf:#  use_pyzor      0
> > /etc/mail/spamassassin/mailscanner.cf:pyzor_timeout 10
> > /etc/mail/spamassassin/v310.pre:# Pyzor - perform Pyzor message checks.
> > /etc/mail/spamassassin/v310.pre:loadplugin
> > Mail::SpamAssassin::Plugin::Pyzor
> > #
> >
> Hi glen,
>
> got that, though im still using spamassassin=3.0.6.is this ok ?
> [root@mail MailScanner]# egrep -r -i pyzor /etc/mail/spamassassin/
> /etc/mail/spamassassin/mailscanner.cf:ifplugin
> Mail::SpamAssassin::Plugin::Pyzor
> /etc/mail/spamassassin/mailscanner.cf:pyzor_path /usr/bin/pyzor
> /etc/mail/spamassassin/mailscanner.cf:# To stop Pyzor checks, uncomment the
> following line
> /etc/mail/spamassassin/mailscanner.cf:#  use_pyzor      0
> /etc/mail/spamassassin/mailscanner.cf:pyzor_timeout 10
You don't seem to actually load the prugin anywhere, so ... no Pyzor
unless you do:(

> [root@mail MailScanner]# rpm -qa|grep spam
> spamassassin-3.0.6-1.el4
As Ugo suggests, deinstall this version of SA (and any non-source
install of clamav) and use Jules package for them instead. It'll help
you with module dependencies and some configs.
Still, Check your *.pre files that you actually load the plugins you
want (they need be mentioned _once_, although there is little harm in
having them more than once... it might be a bit confusing if you
comment the one, thinking it would disable the function... and then
the next -pre file sucking it in:-):-).

> im on way checking razor now. and finding a way to change these
> /var/spool/postfix/hold/razor-agent.log.
> i already created a directory razor on
> /var/spool/MailScanner/spamassassin/razor.

Ah, so you run Postfix. Two possible solutions. Either do as you try
do below (just make sure you specify a plain non-existant filename and
it'll work better), or ... do it another way:
As root:
cd ~postfix
mkdir .pyzor
mkdir .razor
mkdir .spamassassin
chown postfix.postfix .pyzor .razor .spamassassin
su - postfix -s /bin/bash
pyzor discover
(edit .pyzor/servers as suggested earlier)
razor-admin -create
... done, just run a few "spamassassin -D -t < /path/to/file" to check
that all is working.
This depends a bit on how you've configured it all:-).

> [root@mail MailScanner]#
> razor-admin -create -conf=/var/spool/MailScanner/spamassassin/razor
> Could not create 'razorhome': Can't write file
> /var/spool/MailScanner/spamassassin/razor: Is a directory
>
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Thu Jan 25 14:48:14 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 13:51:06 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>
	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>
	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>
Message-ID: <223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>

On 25/01/07, Thiago Martins <tmartins@gmail.com> wrote:
> Just a typo: I have not seen the wiki on BitDefender ...
>
Well, here it is (has gotten a bit messy over time.. Still some more
or less usable info though):
http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install

And befopre you beat me over the head with it.... Yes, I should read
my own writings more often:-). You are correct, it is indeed still
free for personal/home use:).
But as has been noted (by Steve wasn't it), it is a bit of a resource
hog, so might be disqualified by that.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From acabrera at etapatelecom.net  Thu Jan 25 14:59:28 2007
From: acabrera at etapatelecom.net (Ing. Augusto Cabrera D.)
Date: Thu Jan 25 14:02:33 2007
Subject: Problem with tildes in squirrelmail
In-Reply-To: <fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
Message-ID: <200701251358.l0PDwKDt030584@smtp.etapatelecom.net>

Hello, 

I have problem with squirrelmail, because the ? and tildes  
they are not shown , shows me a box or string in the inbox and in the
subject I not have problem.

Please help me

Augusto

 
 
 



_____________________________________ 
Este mensaje ha sido analizado por el
Servicio Gratuito de Proteccion contra Virus de E-mail de Etapatelecom.

From tmartins at gmail.com  Thu Jan 25 15:09:12 2007
From: tmartins at gmail.com (Thiago Martins)
Date: Thu Jan 25 14:12:04 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>
	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>
	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>
	<223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>
Message-ID: <fced6f550701250609qa3b42a5ueeff45a79f3b564c@mail.gmail.com>

I will try to improve the wiki on FreeBSD since I use it. My setup is
a FBSD 6.1 and I run clamav and bitdefender. I don?t see it as a
resource hog since my traffic is very low and most of the files are
blocked before virus scanning. But I will look more on this topic.

Since there are lots of options, I can reconsider my scan engines if
BitDefender is that bad boy. :)

This page of the wiki is not bad.

As always, thanks for your attention Glenn.


On 1/25/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 25/01/07, Thiago Martins <tmartins@gmail.com> wrote:
> > Just a typo: I have not seen the wiki on BitDefender ...
> >
> Well, here it is (has gotten a bit messy over time.. Still some more
> or less usable info though):
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install
>
> And befopre you beat me over the head with it.... Yes, I should read
> my own writings more often:-). You are correct, it is indeed still
> free for personal/home use:).
> But as has been noted (by Steve wasn't it), it is a bit of a resource
> hog, so might be disqualified by that.
From glenn.steen at gmail.com  Thu Jan 25 15:21:13 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 14:24:05 2007
Subject: Problem with tildes in squirrelmail
In-Reply-To: <200701251358.l0PDwKDt030584@smtp.etapatelecom.net>
References: <fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
	<200701251358.l0PDwKDt030584@smtp.etapatelecom.net>
Message-ID: <223f97700701250621q58c2a430gf4ab181eb62a87e8@mail.gmail.com>

On 25/01/07, Ing. Augusto Cabrera D. <acabrera@etapatelecom.net> wrote:
> Hello,
>
> I have problem with squirrelmail, because the ? and tildes
> they are not shown , shows me a box or string in the inbox and in the
> subject I not have problem.
>
> Please help me
>
> Augusto
>
Are you saying that MailScanner is destorying your diacritical letters
somehow (conveting latin1 -> utf8 or somesuch)? Else I fail to see
what this question has to do with this list, and would kindly ask you
to put that question to a squirrelmail-related forum.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From brent.bolin at gmail.com  Thu Jan 25 15:23:38 2007
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 25 14:26:30 2007
Subject: OT: wise username@domain.com
Message-ID: <787dcac20701250623o1dfef377g782de3c011561390@mail.gmail.com>

Most mail servers I have setup in the past have very English looking email
address -

joe@domain.com
jill@domain.com

The large place I'm doing contract work at now use a coreID (employee
number) as the username.  The real English name is still displayed in the
mail client setup.

Seems to eliminate spam.  Certainly stops dictionary attacks.

Anybody else using this kind of setup ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070125/ab033f19/attachment.html
From DrewB at united-systems.com  Thu Jan 25 15:25:09 2007
From: DrewB at united-systems.com (Drew Burchett)
Date: Thu Jan 25 14:29:11 2007
Subject: Archiving mail
Message-ID: <1E75E79B854C814784D0E8C5BA55AF76F76B17@uss2k01.united-systems.local>

When MailScanner is set to archive messages, it stores them in binary
format (at least on my machine).  Is there any way to convert this to
text format for testing, forwarding, whatever the heck else I might need
to do with it?

 

Drew Burchett

United Systems & Software

Ph:    (270)527-3293

Fax:  (270)527-3132

 


--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070125/0784e700/attachment.html
From glenn.steen at gmail.com  Thu Jan 25 16:03:52 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 15:06:44 2007
Subject: OT: wise username@domain.com
In-Reply-To: <787dcac20701250623o1dfef377g782de3c011561390@mail.gmail.com>
References: <787dcac20701250623o1dfef377g782de3c011561390@mail.gmail.com>
Message-ID: <223f97700701250703m3710b219j9f6d9e6ab8d88428@mail.gmail.com>

On 25/01/07, BB <brent.bolin@gmail.com> wrote:
>
> Most mail servers I have setup in the past have very English looking email
> address -
>
> joe@domain.com
> jill@domain.com
>
>  The large place I'm doing contract work at now use a coreID (employee
> number) as the username.  The real English name is still displayed in the
> mail client setup.
>
> Seems to eliminate spam.  Certainly stops dictionary attacks.
>
> Anybody else using this kind of setup ?
>
Have doen in the past... Used cryptic combinations of letters and numbers.
But that really doesn't "defeat" dictionary attacs/harvesting ... It
might "delay" things a tad, but you will be seeing spam, trust me:-).

If the scheme is relatively new, that might explain low volumes -> no
spam... Or if they have very strict email address use policies, that
might keep things down for a while too.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From doc at maddoc.net  Thu Jan 25 16:13:37 2007
From: doc at maddoc.net (Doc Schneider)
Date: Thu Jan 25 15:16:30 2007
Subject: OT: wise username@domain.com
In-Reply-To: <223f97700701250703m3710b219j9f6d9e6ab8d88428@mail.gmail.com>
References: <787dcac20701250623o1dfef377g782de3c011561390@mail.gmail.com>
	<223f97700701250703m3710b219j9f6d9e6ab8d88428@mail.gmail.com>
Message-ID: <45B8C921.8060407@maddoc.net>

Glenn Steen wrote:
> On 25/01/07, BB <brent.bolin@gmail.com> wrote:
>>
>> Most mail servers I have setup in the past have very English looking 
>> email
>> address -
>>
>> joe@domain.com
>> jill@domain.com
>>
>>  The large place I'm doing contract work at now use a coreID (employee
>> number) as the username.  The real English name is still displayed in the
>> mail client setup.
>>
>> Seems to eliminate spam.  Certainly stops dictionary attacks.
>>
>> Anybody else using this kind of setup ?
>>
> Have doen in the past... Used cryptic combinations of letters and numbers.
> But that really doesn't "defeat" dictionary attacs/harvesting ... It
> might "delay" things a tad, but you will be seeing spam, trust me:-).
> 
> If the scheme is relatively new, that might explain low volumes -> no
> spam... Or if they have very strict email address use policies, that
> might keep things down for a while too.
> 
> Cheers

I've been seeing dictionary style attacks using numbers only for a 
couple months. They are usually 7 digits example 6052211@domain.ext of 
course they don't work since I have no one using that scheme. 8*)

-- 
-Doc
Lincoln, NE.
http://www.genealogyforyou.com/
http://www.cairnproductions.com/

From glenn.steen at gmail.com  Thu Jan 25 16:15:15 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 15:18:07 2007
Subject: Archiving mail
In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF76F76B17@uss2k01.united-systems.local>
References: <1E75E79B854C814784D0E8C5BA55AF76F76B17@uss2k01.united-systems.local>
Message-ID: <223f97700701250715u52a9c47tfa4864f6fd117335@mail.gmail.com>

On 25/01/07, Drew Burchett <DrewB@united-systems.com> wrote:
>
> When MailScanner is set to archive messages, it stores them in binary format
> (at least on my machine).  Is there any way to convert this to text format
> for testing, forwarding, whatever the heck else I might need to do with it?
>
This is very likely a copy of your MTAs queue file(s) as seen _before_
MailScanner has touched it/them.
So you would need use the tools available to manipulate it/them as
provided by your MTA.
With Sendmail, those files are pretty much plain text, so I'm guessing
you are using something else... Perhaps Postfix?
If so, you can look at it with the postcat command (postcat
/path/to/file), and could possibly extract the message as such with
some scripting.
Or you could use the third alternative to the Archive Mail setting
(archive to preexisting mbox files... just touch a filename and
specify that:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From email at ace.net.au  Thu Jan 25 16:18:02 2007
From: email at ace.net.au (Peter Nitschke)
Date: Thu Jan 25 15:23:23 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
Message-ID: <200701260148020079.03ABA951@smtp1.ace.net.au>

On 25/01/2007 at 10:42 AM Glenn Steen wrote:

>On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
>>
>>
>> hi guys,
>>
>> just read about these things as plugins on spamassassin. how can i
>> incorporate them on my centos 4.4.
>>
>Start looking at (MAQ):
>http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_and
_bayes
>And also (wiki):
>http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spama
ssassin:plugins

Is that stuff still current?  On my new Centos 4 setup I simply used "yum
install perl-Razor-Agent pyzor DCC"

The last 2 are from atrpms.net

I then commented out the lines in spam.assassin.prefs.conf: (I got lint
errors if I left them in)
# pyzor path 
# DCC path

Last I made sure the relevant lines in v310.pre were uncommented.

Bingo, instant razor, pyzor and DCC.

Peter


From glenn.steen at gmail.com  Thu Jan 25 16:36:02 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 15:38:54 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <200701260148020079.03ABA951@smtp1.ace.net.au>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<200701260148020079.03ABA951@smtp1.ace.net.au>
Message-ID: <223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com>

On 25/01/07, Peter Nitschke <email@ace.net.au> wrote:
> On 25/01/2007 at 10:42 AM Glenn Steen wrote:
>
> >On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
> >>
> >>
> >> hi guys,
> >>
> >> just read about these things as plugins on spamassassin. how can i
> >> incorporate them on my centos 4.4.
> >>
> >Start looking at (MAQ):
> >http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_and
> _bayes
> >And also (wiki):
> >http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spama
> ssassin:plugins
>
> Is that stuff still current?  On my new Centos 4 setup I simply used "yum
> install perl-Razor-Agent pyzor DCC"
>
> The last 2 are from atrpms.net
>
> I then commented out the lines in spam.assassin.prefs.conf: (I got lint
> errors if I left them in)
> # pyzor path
> # DCC path
>
> Last I made sure the relevant lines in v310.pre were uncommented.
>
> Bingo, instant razor, pyzor and DCC.
>
> Peter
>
Since they detail how to use the f^Hsource, I presume they are OK.
If you want to use RPMs and yum, and feel this should be mentioned in
the wiki... why then... feel free to update the wiki pages with this
additional info;-). After all, that is what a wiki is all about:-D

That you get errors about some lines regarding pyzor and DCC might be
indicative that you aren't loading the plugins properly... Have you
checked (with a spamassassin -D) that they load/execute as they
should? See, SpamAssassin doesn'?t know about those settings.... the
individual plugins do though;-). So if you had done thinsg the other
way around (load plugins uncommented, then --lint) things might've
looked differently;)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From chandler.lists at chapman.edu  Thu Jan 25 16:48:38 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Thu Jan 25 15:51:31 2007
Subject: Two servers, identical configs,one won't tag messages.
Message-ID: <45B8D156.2020103@chapman.edu>

I have two servers running the same version of Mailscanner (4.57.6), 
Postfix, and FreeBSD.

One server is happily changing the subjects with the spam tag, while the 
other isn't. 

The one that isn't tagging is running FuzzyOCR, while the working one is 
not at this time.

Anyone have any thoughts?


diff from the working mailscanner.conf to the non working one:

1530c1530
< Local Postmaster = postmaster
---
 > Local Postmaster = abuse
2050c2050
< SpamAssassin Default Rules Dir =
---
 > SpamAssassin Default Rules Dir = /usr/local/etc/MailScanner/fuzzy/

Sample message headers:


*Return-Path:* <kwxy@markgorge.com 
<https://webmail.chapman.edu/src/compose.php?send_to=kwxy%40markgorge.com>>
*X-Original-To:* <munged>@chapman.edu 
<https://webmail.chapman.edu/src/compose.php?send_to=netops%40chapman.edu>
*Delivered-To:* <munged>@chapman.edu 
<https://webmail.chapman.edu/src/compose.php?send_to=netops%40chapman.edu>
*Received:* from mail.evansfoodservice.com (mail.evansfoodservice.com 
[66.208.247.117])
     by aconcagua.chapman.edu (Postfix) with SMTP id 4F9F4455E6
     for <netops@chapman.edu 
<https://webmail.chapman.edu/src/compose.php?send_to=netops%40chapman.edu>>; 
Thu, 25 Jan 2007 06:24:52 -0800 (PST)
*Received:* (qmail 26919 invoked from network); Thu, 25 Jan 2007 
09:24:52 -0500
*Received:* from unknown (HELO kabeb) (110.148.149.212)
     by mail.evansfoodservice.com with SMTP; Thu, 25 Jan 2007 09:24:52 -0500
*Message-ID:* <45B8BDB4.9080606@markgorge.com>
*Date:* Thu, 25 Jan 2007 09:24:52 -0500
*From:* Nik Winston <kwxy@markgorge.com 
<https://webmail.chapman.edu/src/compose.php?send_to=kwxy%40markgorge.com>>
*User-Agent:* Thunderbird 1.5.0.9 (Windows/20061207)
*MIME-Version:* 1.0
*To:* <munged>@chapman.edu 
<https://webmail.chapman.edu/src/compose.php?send_to=netops%40chapman.edu>
*Subject:* Deal of Day Auctions - Shop Thousands of Items!
*Content-Type:* multipart/related;
     boundary="------------000301050907020100000007"
*X-Chapman-MailScanner-Information:* Please contact the ISP for more 
information
*X-Chapman-MailScanner:* Found to be clean
*X-Chapman-MailScanner-SpamCheck:* spam, SpamAssassin (not cached, 
score=8.827,
     required 6, FUZZY_OCR 8.00, SARE_GIF_ATTACH 0.75, TW_MN 0.08)
*X-Chapman-MailScanner-SpamScore:* ssssssss
*X-Chapman-MailScanner-From:* kwxy@markgorge.com 
<https://webmail.chapman.edu/src/compose.php?send_to=kwxy%40markgorge.com>
*X-Spam-Status:* Yes
        

From rcooper at dwford.com  Thu Jan 25 16:56:04 2007
From: rcooper at dwford.com (Rick Cooper)
Date: Thu Jan 25 15:59:08 2007
Subject: Exiscan
In-Reply-To: <45B79788.6000509@katy.com>
Message-ID: <042b01c74099$51dc8950$0301a8c0@SAHOMELT>

 

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of John Schmerold
> Sent: Wednesday, January 24, 2007 12:30 PM
> To: MailScanner discussion
> Subject: Exiscan
> 
> Anyone using (or tried using)exiscan with MailScanner? Any feedback?
> 
> Exiscan is Exim's SPAM scanner.
> 

I use ExiScan with MailScanner and it's fine. I do the virus scan (with
clamav), I block basic file types we never accept (.exe/.cmd/.pif, etc),
CLSID attachments, Invalid MIME boundaries, Excessive Mime parts (> 256),
excessive line lengths ( > 32764), partial messages, file names > 512,
Boundary Space Gaps (broken mime), Long Mime boundaries, spam scored above
14 (I have never had a FP > 14), all with ExiScan. On the MailScanner side,
I add two AV products and block spam based on MailScanner rules. This let's
me use MailWatch to handle the quarantine and releasing there of, for the
lower scoring spam that could possibly be FP.

Now bear in mind I have a very informative reject message associated with
each of the ExiScan rejects but who pays attention to those? I use
MailScanner for more in-depth file-type/name analysis, more refined spam
handling and user messages for more obscure file-type/name rejections. Our
sites also do hundreds of emails per day not hundreds of thousands so the
cost of the above checks (spam/av) are not an issue. Were I handling very
large amounts of mail I would rather offload the spam/AV stuff entirely to
MailScanner. I currently use my own SPF perl program (embedded into Exim)
because there was a period where ExiScan hadn't update to the latest spf
libs, that has been handled but I am too lazy to recompile exim so you could
do that within exim as well. Also bear in mind you could, technically, add a
X-Spam-Free type header to those messages that fall below your MailScanner
threshold (in exim) and skip reprocessing them again in MailScanner but our
volume is low enough I have never bothered.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From glenn.steen at gmail.com  Thu Jan 25 16:58:55 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 16:01:47 2007
Subject: Two servers, identical configs,one won't tag messages.
In-Reply-To: <45B8D156.2020103@chapman.edu>
References: <45B8D156.2020103@chapman.edu>
Message-ID: <223f97700701250758s3730ddf4sc8b5c29f1cb060ac@mail.gmail.com>

On 25/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
> I have two servers running the same version of Mailscanner (4.57.6),
> Postfix, and FreeBSD.
>
> One server is happily changing the subjects with the spam tag, while the
> other isn't.
>
> The one that isn't tagging is running FuzzyOCR, while the working one is
> not at this time.
>
> Anyone have any thoughts?
>
>
> diff from the working mailscanner.conf to the non working one:
>
> 1530c1530
> < Local Postmaster = postmaster
> ---
>  > Local Postmaster = abuse
> 2050c2050
> < SpamAssassin Default Rules Dir =
> ---
>  > SpamAssassin Default Rules Dir = /usr/local/etc/MailScanner/fuzzy/
>
(snip)
Do you have a ruleset on "Spam Modify Subject" and/or "High Scoring
Spam Modify Subject" perhaps?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From email at ace.net.au  Thu Jan 25 17:07:56 2007
From: email at ace.net.au (Peter Nitschke)
Date: Thu Jan 25 16:12:06 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<200701260148020079.03ABA951@smtp1.ace.net.au>
	<223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com>
Message-ID: <200701260237560115.03D958C4@smtp1.ace.net.au>

On 25/01/2007 at 4:36 PM Glenn Steen wrote:

>> >Start looking at (MAQ):
>>
>>http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_
and
>> _bayes
>> >And also (wiki):
>>
>>http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:
spama
>> ssassin:plugins
>>
>> Is that stuff still current?  On my new Centos 4 setup I simply used
"yum
>> install perl-Razor-Agent pyzor DCC"
>>
>> The last 2 are from atrpms.net
>>
>> I then commented out the lines in spam.assassin.prefs.conf: (I got lint
>> errors if I left them in)
>> # pyzor path
>> # DCC path
>>
>> Last I made sure the relevant lines in v310.pre were uncommented.
>>
>> Bingo, instant razor, pyzor and DCC.
>>
>> Peter
>>
>Since they detail how to use the f^Hsource, I presume they are OK.
>If you want to use RPMs and yum, and feel this should be mentioned in
>the wiki... why then... feel free to update the wiki pages with this
>additional info;-). After all, that is what a wiki is all about:-D
>
>That you get errors about some lines regarding pyzor and DCC might be
>indicative that you aren't loading the plugins properly... Have you
>checked (with a spamassassin -D) that they load/execute as they
>should? See, SpamAssassin doesn'?t know about those settings.... the
>individual plugins do though;-). So if you had done thinsg the other
>way around (load plugins uncommented, then --lint) things might've
>looked differently;)

I just tested it again, the pyzor_path is actually OK and DCC_path is also
OK if I change it from /usr/local/bin to /usr/bin - the rpm put dccproc in
a different place.

However, I am curious as to why the settings are needed as it actually
worked and linted fine with the lines commented out.

Now that they are plugins, are the path lines still needed?

Peter




From chandler.lists at chapman.edu  Thu Jan 25 17:39:06 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Thu Jan 25 16:42:02 2007
Subject: Two servers, identical configs,one won't tag messages.
In-Reply-To: <223f97700701250758s3730ddf4sc8b5c29f1cb060ac@mail.gmail.com>
References: <45B8D156.2020103@chapman.edu>
	<223f97700701250758s3730ddf4sc8b5c29f1cb060ac@mail.gmail.com>
Message-ID: <45B8DD2A.4060203@chapman.edu>

Glenn Steen wrote:
> [snippetry]
>>
> (snip)
> Do you have a ruleset on "Spam Modify Subject" and/or "High Scoring
> Spam Modify Subject" perhaps?
>
Nope.  Both are set to "yes".

-- 
Jay Chandler
From m.anderlini at database.it  Thu Jan 25 17:48:40 2007
From: m.anderlini at database.it (Marcello Anderlini)
Date: Thu Jan 25 16:56:39 2007
Subject: Mqueue.in huge
In-Reply-To: <c9963cc095918142a1b9e26b969c4d97@solidstatelogic.com>
Message-ID: <200701251648.l0PGmhg7005410@netra.database.it>

Sorry, if I answer just today but I way busy.

I've checked In /etc/mail/spamassassin/mailscanner.cf but I found just this
lines nothing else
=============================
# MailScanner
# MailScanner users, please
=============================
It's correct ? But If I add the lines you suggested the spam controls will
stoped at all ?

Sorry again for my worst english and thanks for any kind of help you will
give me..

bye




Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
---------------------------------------------

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Martin.Hepworth
> Sent: martedì 23 gennaio 2007 13.20
> To: MailScanner discussion
> Subject: RE: Mqueue.in huge
>
>
> It's true I did post this list.
>
> I turn just about RBL off in spamassassin, only running a couple..
>
> It's basically of turning on the RBLs
>
> In /etc/mail/spamassassin/mailscanner.cf..
>
> # skip_rbl_checks 1   (make sure this is commented out)
>
>
> Then changing the score to zero of the ones you DON'T want to run
>
> Find these in 20_dnsbl_tests.cf, then in mailscanner.cf
>
> score RCVD_IN_SBL 0.0
> score RCVD_IN_XBL 0.0
> score __RCVD_IN_NJABL 0.0
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen
> > Sent: 23 January 2007 11:42
> > To: MailScanner discussion
> > Subject: Re: Mqueue.in huge
> >
> > On 23/01/07, Marcello Anderlini <m.anderlini@database.it> wrote:
> > > Thanks for your answer.
> > > I've checked in in /root/.spamassassin and I found just
> this files.
> > >
> > > -rw-------  1 root root 168087552 Jan 23 10:24 auto-whitelist
> > > -rw-------  1 root root     97320 Jan 23 10:24 bayes_journal
> > > -rw-------  1 root root 172904448 Jan 23 10:24 bayes_seen
> > > -rw-------  1 root root 322408448 Jan 23 10:24 bayes_toks
> >
> > Ok, no expire files there.... not that problem then:-).
> >
> > > This it's an extract of my Mailscanner.conf
> > > ==========================================================
> > > Spam Score = yes
> > > Cache SpamAssassin Results = yes
> > > SpamAssassin Cache Database File =
> > > /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> > > Rebuild Bayes Every = 0
> > > Wait During Bayes Rebuild = no
> > > ==========================================================
> > > It's correct ? Should I change something ? Maybe try to
> use an other
> > > spamlist ?
> > You could go for a force expire solution anyway. But you
> don't really
> > have to, no.
> >
> > Next thing to check is if something takes a lot of time
> completing...
> > Simplest is to run a test message through (so that you
> would get the
> > network tests too) spamassassin. That way you'll see if any of the
> > digest tests (both Pyzor and DCC have been known to mess
> things up (in
> > different ways:)), or BLs, or individual rules seem to take forever.
> > If you have MailWatch, it has a very nice "timed breakdown"
> of a lint
> > run, but unfortunately this will not help you (since you are runnig
> > 3.1.7, which has the network tests turned off for the --lint test).
> > Did you use Pyzor? Do you use the "alternate" sever at
> > 82.94.255.100:24441
> > ... The default one always seem to time out, this doesn't,
> so use this
> > one.
> >
> > Martin Hepworth have posted a few BLs he "habitually" turns off in
> > SpamAssassin, search the list archives for those... Might help you.
> > Also look for DCC timeout problems (I don't rightly recall
> what that
> > was about... Centered on dccifd IIRC).
> >
> > Cheers
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are
> intended for the addressee only and may be confidential. If
> they come to you in error you must take no action based on
> them, nor must you copy or show them to anyone. Please advise
> the sender by replying to this e-mail immediately and then
> delete the original from your computer.
>
> Opinion : Any opinions expressed in this e-mail are entirely
> those of the author and unless specifically stated to the
> contrary, are not necessarily those of the author's employer.
>
> Security Warning : Internet e-mail is not necessarily a
> secure communications medium and can be subject to data
> corruption. We advise that you consider this fact when e-mailing us.
>
> Viruses : We have taken steps to ensure that this e-mail and
> any attachments are free from known viruses but in keeping
> with good computing practice, you should ensure that they are
> virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales (Company
> No:5362730) Registered Office: 25 Spring Hill Road, Begbroke,
> Oxford OX5 1RU, United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> Messaggio verificato dal servizio antivirus di Database Informatica
>



-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From chandler.lists at chapman.edu  Thu Jan 25 18:05:34 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Thu Jan 25 17:08:25 2007
Subject: Mqueue.in huge
In-Reply-To: <200701251648.l0PGmhg7005410@netra.database.it>
References: <200701251648.l0PGmhg7005410@netra.database.it>
Message-ID: <45B8E35E.3070505@chapman.edu>

Marcello Anderlini wrote:
> Sorry, if I answer just today but I way busy.
>
> I've checked In /etc/mail/spamassassin/mailscanner.cf but I found just this
> lines nothing else
> =============================
> # MailScanner
> # MailScanner users, please
> =============================
> It's correct ? But If I add the lines you suggested the spam controls will
> stoped at all ?
>
> Sorry again for my worst english and thanks for any kind of help you will
> give me..
>
> bye
>
>   

Howdy.

MailScanner.conf is a couple of thousand lines long-- that's not correct 
at all.

I'd suggest getting a fresh copy out of the tar file at 
www.mailscanner.info-- I'd also wonder what else is corrupted on your 
installation.

--Jay
From ugob at camo-route.com  Thu Jan 25 18:13:45 2007
From: ugob at camo-route.com (Ugo Bellavance)
Date: Thu Jan 25 17:16:58 2007
Subject: msrbl, anyone using these RBLs?
Message-ID: <epaog9$b09$1@sea.gmane.org>

http://www.msrbl.com/site/

Any opinions?

Thanks,

Ugo

From Rodney at rcrcomputing.com  Thu Jan 25 18:18:21 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Thu Jan 25 17:22:10 2007
Subject: Spamassassin report in body
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404ADD9@server1.RCRComputing.local>



> 
> X-MailScanner-Information Spam detection information
> X-mx2-rcrnet-MailScanner: Virus-scan found to be clean
> X-mx2-rcrnet-MailScanner-SpamCheck: not spam, SpamAssassin 
> (not cached,
> 	score=0.813, required 6, INFO_TLD 0.81)
> X-mx2-rcrnet-MailScanner-From: 
> mailscanner-bounces@lists.mailscanner.info
> 

I replied to an existing message on this list to give the above example.
I've done something that causes the report to be shown in the body of
messages to me. I've looked at the Mailscanner.conf file and don't see
it. I searched the file for the word "body" and don't see it. I'd keep
messing with it, but two reasons not to..  Time today, and this thing is
now live...    :(

Anyone know what I've done? 
From chandler.lists at chapman.edu  Thu Jan 25 18:27:53 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Thu Jan 25 17:30:49 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <epaog9$b09$1@sea.gmane.org>
References: <epaog9$b09$1@sea.gmane.org>
Message-ID: <45B8E899.5050801@chapman.edu>

Ugo Bellavance wrote:
> http://www.msrbl.com/site/
>
> Any opinions?
>
> Thanks,
>
> Ugo
>
Haven't used that one yet.

There any consensus on the number of RBLs to use?  I'm mirroring a few 
locally, but I'm not certain of the overhead on using others...
From drew at technologytiger.net  Thu Jan 25 18:46:28 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Thu Jan 25 17:50:02 2007
Subject: Spamassassin report in body
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADD9@server1.RCRComputing.local>
References: <D5CCFECF93FF4F4EB819EC304BE34A0404ADD9@server1.RCRComputing.local>
Message-ID: <45255.194.70.180.170.1169747188.squirrel@www.technologytiger.net>

On Thu, January 25, 2007 17:18, Rodney Richison wrote:
>
>
>>
>> X-MailScanner-Information Spam detection information

I think this is it               ^^

I know this header is a specified option and I would think the ':' should
be in there but I can't remember if MailScanner will add it if you miss it
(It looks like it doesn't). Have a look in MailScanner.conf for this
header option and make sure the ':' is at the end of the header.

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From ssilva at sgvwater.com  Thu Jan 25 19:53:53 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 18:57:08 2007
Subject: no RBL checks
In-Reply-To: <014901c74050$ed6af6c0$920bbdcb@pmsi.net>
References: <014901c74050$ed6af6c0$920bbdcb@pmsi.net>
Message-ID: <epauc1$rtm$2@sea.gmane.org>

jcb dream.com.ph spake the following on 1/24/2007 11:17 PM:
> hi guys,
> i tried checking the details on one of my messages which was not tagged
> as spam. And mostly i found out that there are no RBL checks, is it
> possible that my messages bypass RBL checks ?

If the message is under your spam threshold the report won't show unless;

# Do you want to always include the Spam Report in the SpamCheck
# header, even if the message wasn't spam?
# This can also be the filename of a ruleset.
Always Include SpamAssassin Report = yes

This will give more detail in your messages, and help you see what happened.
Otherwise, you need to grep for that message id in the logs to see the detail.
-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Thu Jan 25 20:01:30 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 19:04:43 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <45B88C17.4050305@fsl.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
Message-ID: <epauqa$rtm$3@sea.gmane.org>

Steve Freegard spake the following on 1/25/2007 2:53 AM:
> --[ UxBoD ]-- wrote:
>> I have recently built a new server and currently only use ClamAV and
>> Bitdefender with MailScanner.  I would like to introduce a commercial
>> scanner aswell, but there appears to be so many on the market now.
>>
>> I do like Kaspersky, but you seem to be unable to buy and download in
>> the UK :(
>>
>> Any other recommendations ?
> 
> My recommendation would be to get rid of BitDefender - it's no longer
> available for download for free and it's quite slow.
Still available for download;
http://download.bitdefender.com/unices/old/linux/free/bitdefender-console/en/

> 
> Then look at either F-Prot or NOD32 as these have a reputation for being
> the fastest two scanners aside from ClamAVmodule or SophosSAVI (expensive).
> 
> You can even get NOD32 immediately via download if you purchase it
> through their website and they'll mail you the license key.
> 
> Kind regards,
> Steve.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Thu Jan 25 20:06:48 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 19:09:41 2007
Subject: Mqueue.in huge
In-Reply-To: <45B8E35E.3070505@chapman.edu>
References: <200701251648.l0PGmhg7005410@netra.database.it>
	<45B8E35E.3070505@chapman.edu>
Message-ID: <223f97700701251106o7f1911a6sa8951034ca44b279@mail.gmail.com>

On 25/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
> Marcello Anderlini wrote:
> > Sorry, if I answer just today but I way busy.
> >
> > I've checked In /etc/mail/spamassassin/mailscanner.cf but I found just this
> > lines nothing else
> > =============================
> > # MailScanner
> > # MailScanner users, please
> > =============================
> > It's correct ? But If I add the lines you suggested the spam controls will
> > stoped at all ?
> >
> > Sorry again for my worst english and thanks for any kind of help you will
> > give me..
> >
> > bye
> >
> >
>
> Howdy.
>
> MailScanner.conf is a couple of thousand lines long-- that's not correct
> at all.
>
> I'd suggest getting a fresh copy out of the tar file at
> www.mailscanner.info-- I'd also wonder what else is corrupted on your
> installation.
>
Hi Jay & Marcello,

First... Jay: MailScanner.conf != mailscanner.cf (which is just a
symlink to spam.assassin.prefs.conf)... You knew that;-)

Second, Marcello: I assume the lines you are asking about are the
score lines as suggested by Martin (simply turning off some RBLs in
SpamAssassin).
The reason to turn these of is _if_ you can see (with a test message
run through spamassassin manually) that some BL or other is taking a
long time to finish... If a few of them do SA might take a rather long
while to finish, in turn leading to MailScanner killing it off and
logging the incident. *If* you see this, it might be a good idea to do
this. And yes, it would perhaps affect the scoring a bit, if you
turned them all off.
You should also check over any digest checks... All this would
probably be very obvious (one would hope, at least:-) if you do a
spamassassin -D -t < /path/to/test/file

Hopefully this all is passing the language barrier OK... I think we'll
stick with english though... I suspect your Swedish is even
worse;-):-)... And that are the two languages I'm really fluent in,
so...:/

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ssilva at sgvwater.com  Thu Jan 25 20:12:47 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 19:16:12 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<45B88C17.4050305@fsl.com>	<20070125114440.5ea3fc5c@uxbod.splatnix.net>	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>
	<223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>
Message-ID: <epavff$6q0$1@sea.gmane.org>

Glenn Steen spake the following on 1/25/2007 5:48 AM:
> On 25/01/07, Thiago Martins <tmartins@gmail.com> wrote:
>> Just a typo: I have not seen the wiki on BitDefender ...
>>
> Well, here it is (has gotten a bit messy over time.. Still some more
> or less usable info though):
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install
> 
> 
> And befopre you beat me over the head with it.... Yes, I should read
> my own writings more often:-). You are correct, it is indeed still
> free for personal/home use:).
> But as has been noted (by Steve wasn't it), it is a bit of a resource
> hog, so might be disqualified by that.
> 
> Cheers
The free version still includes this statement in it;

    Thank  you  for  choosing  to  install  the  freeware version of
    BitDefender for Linux Console Free Edition. It can be used  free
    of  charge.  It is fully functional and without any restrictions
    regarding the licensed version of the product.

I'm not a lawyer, but it looks like it is still free.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Thu Jan 25 20:17:32 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 19:23:09 2007
Subject: OT: wise username@domain.com
In-Reply-To: <45B8C921.8060407@maddoc.net>
References: <787dcac20701250623o1dfef377g782de3c011561390@mail.gmail.com>	<223f97700701250703m3710b219j9f6d9e6ab8d88428@mail.gmail.com>
	<45B8C921.8060407@maddoc.net>
Message-ID: <epavod$6q0$2@sea.gmane.org>


> 
> I've been seeing dictionary style attacks using numbers only for a
> couple months. They are usually 7 digits example 6052211@domain.ext of
> course they don't work since I have no one using that scheme. 8*)
> 
I have seen those too. I think they are trying to spam to cellphones. Just not
very smart, as it is easy to find a cellphone providers e-mail to sms domains.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Thu Jan 25 20:22:04 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 19:28:01 2007
Subject: Two servers, identical configs,one won't tag messages.
In-Reply-To: <45B8DD2A.4060203@chapman.edu>
References: <45B8D156.2020103@chapman.edu>	<223f97700701250758s3730ddf4sc8b5c29f1cb060ac@mail.gmail.com>
	<45B8DD2A.4060203@chapman.edu>
Message-ID: <epb00t$6q0$3@sea.gmane.org>

Jay Chandler spake the following on 1/25/2007 8:39 AM:
> Glenn Steen wrote:
>> [snippetry]
>>>
>> (snip)
>> Do you have a ruleset on "Spam Modify Subject" and/or "High Scoring
>> Spam Modify Subject" perhaps?
>>
> Nope.  Both are set to "yes".
> 
Maybe a MailScanner -V to see if a module is different?

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From chandler.lists at chapman.edu  Thu Jan 25 20:48:47 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Thu Jan 25 19:51:45 2007
Subject: Two servers, identical configs,one won't tag messages.
In-Reply-To: <epb00t$6q0$3@sea.gmane.org>
References: <45B8D156.2020103@chapman.edu>	<223f97700701250758s3730ddf4sc8b5c29f1cb060ac@mail.gmail.com>	<45B8DD2A.4060203@chapman.edu>
	<epb00t$6q0$3@sea.gmane.org>
Message-ID: <45B9099F.6070906@chapman.edu>

Scott Silva wrote:
> Maybe a MailScanner -V to see if a module is different?
>   

Just checked.  A diff shows that the ONLY difference is the uname -a string.

These boxes are kept current via the Ports tree within FreeBSD, so 
everything builds off the same source.

I've tried forcibly recompiling everything on the box, and still no luck.

This one's driving me crazy-- any assistance would be super, as I'm 
starting to get asked some awkward questions!

-- 
Jay Chandler

From ssilva at sgvwater.com  Thu Jan 25 21:10:18 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 20:13:25 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <45B8E899.5050801@chapman.edu>
References: <epaog9$b09$1@sea.gmane.org> <45B8E899.5050801@chapman.edu>
Message-ID: <epb2ra$kfs$1@sea.gmane.org>

Jay Chandler spake the following on 1/25/2007 9:27 AM:
> Ugo Bellavance wrote:
>> http://www.msrbl.com/site/
>>
>> Any opinions?
>>
>> Thanks,
>>
>> Ugo
>>
> Haven't used that one yet.
> 
> There any consensus on the number of RBLs to use?  I'm mirroring a few
> locally, but I'm not certain of the overhead on using others...
I threw the combined one into spamassassin just to see if it hits anything.
We'll see ....

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Thu Jan 25 21:33:56 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 20:37:08 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <epavff$6q0$1@sea.gmane.org>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<45B88C17.4050305@fsl.com>	<20070125114440.5ea3fc5c@uxbod.splatnix.net>	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>	<223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>
	<epavff$6q0$1@sea.gmane.org>
Message-ID: <epb47m$qtd$1@sea.gmane.org>


> The free version still includes this statement in it;
> 
>     Thank  you  for  choosing  to  install  the  freeware version of
>     BitDefender for Linux Console Free Edition. It can be used  free
>     of  charge.  It is fully functional and without any restrictions
>     regarding the licensed version of the product.
> 
> I'm not a lawyer, but it looks like it is still free.
> 
Looking at my logs, it doesn't seem to be hitting anything here lately.
Especially the new Trojan.Downloader-??? that clam has been getting since last
weekend. Even a scan of the quarantined file shows nothing. Even McAfee is
getting these!

I guess it is time to hit the flusher on Bitdefender.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From Denis.Beauchemin at USherbrooke.ca  Thu Jan 25 21:34:04 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Thu Jan 25 20:37:11 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <epb2ra$kfs$1@sea.gmane.org>
References: <epaog9$b09$1@sea.gmane.org> <45B8E899.5050801@chapman.edu>
	<epb2ra$kfs$1@sea.gmane.org>
Message-ID: <45B9143C.3010602@USherbrooke.ca>

Scott Silva a ?crit :
> Jay Chandler spake the following on 1/25/2007 9:27 AM:
>   
>> Ugo Bellavance wrote:
>>     
>>> http://www.msrbl.com/site/
>>>
>>> Any opinions?
>>>
>>> Thanks,
>>>
>>> Ugo
>>>
>>>       
>> Haven't used that one yet.
>>
>> There any consensus on the number of RBLs to use?  I'm mirroring a few
>> locally, but I'm not certain of the overhead on using others...
>>     
> I threw the combined one into spamassassin just to see if it hits anything.
> We'll see ....
>
>   
I seems like a good way to test it.  Can you describe how you did it?

Thanks!

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070125/51386d45/smime.bin
From Kevin_Miller at ci.juneau.ak.us  Thu Jan 25 21:42:36 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu Jan 25 20:45:30 2007
Subject: sa-update, the untold story...
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB40@city-exch-w3e.cbj.local>

Being generally adverse to adopting new 'features' before anybody else,
I haven't activated sa-update on my mail servers until this morning.  I
just spent the past couple hours reading everything in the archives with
'sa-update' in it; seems that it's been causing confusion since at least
last April or so.  Anyway, here's my current understanding of the
critter as it relates to MailScanner.  If I'm missing something, I hope
someone will clue me in as the only thing that gets my users more riled
up than spam would be the Boston Pops doing Muzak covers of Nirvana
tunes.

So, here's what I've gleaned.

1:  Sometimes sa-update blows up on the first run.  Therefore, run it
manually at 
    least once before enabling it in /etc/cron.daily/sa-update, and
verify that 
    the /var/lib/spamassassin exists. (Edit it first to enable it.)

2:  I *think* the proper setting in MailScanner.conf is: 
      SpamAssassin Local State Dir = /var/lib/spamassassin
    Earlier versions of MailScanner just had /var/lib.  This should be
uncommented
    after a successful sa-update run.

3:  sa-update should be run after a spamassassin update to be sure the
proper rules 
    being looked at.

4:  sa-update will return 0 after a successful update, and 1 after a
successful run
    but no update found.  This 'breaks' cron reporting.  Possible
solutions include
    taking it out of cron.daily and running it in crontab, or modifying
the MS provided
    script in cron.daily to return 0 when the SA supplied sa-update
returns either 0 or 
    1.  Or leaving it disabled and running it manually from time to
time.
    An rc greater than 4 indicates it bit the dust.

Does that all look correct?  

Also, I think it would be helpful to have notes at the end of the
ClamAV/SA installer detailing the steps, similar to what Julian does now
with MailScanner regarding upgrading (run upgrade_MailScanner_Conf blah
blah blah).

S'later...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
 
From ssilva at sgvwater.com  Thu Jan 25 21:47:33 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 25 20:50:46 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <45B9143C.3010602@USherbrooke.ca>
References: <epaog9$b09$1@sea.gmane.org>
	<45B8E899.5050801@chapman.edu>	<epb2ra$kfs$1@sea.gmane.org>
	<45B9143C.3010602@USherbrooke.ca>
Message-ID: <epb515$tjg$1@sea.gmane.org>

Denis Beauchemin spake the following on 1/25/2007 12:34 PM:
> Scott Silva a ?crit :
>> Jay Chandler spake the following on 1/25/2007 9:27 AM:
>>  
>>> Ugo Bellavance wrote:
>>>    
>>>> http://www.msrbl.com/site/
>>>>
>>>> Any opinions?
>>>>
>>>> Thanks,
>>>>
>>>> Ugo
>>>>
>>>>       
>>> Haven't used that one yet.
>>>
>>> There any consensus on the number of RBLs to use?  I'm mirroring a few
>>> locally, but I'm not certain of the overhead on using others...
>>>     
>> I threw the combined one into spamassassin just to see if it hits
>> anything.
>> We'll see ....
>>
>>   
> I seems like a good way to test it.  Can you describe how you did it?
> 
> Thanks!
> 
> Denis
> 
Add 4 lines to spam.assassin.prefs.conf

 header   RCVD_IN_MSRBL          eval:check_rbl('msrbl',
'combined.rbl.msrbl.net.')
 describe RCVD_IN_MSRBL          Received via a relay in MSRBL
 tflags   RCVD_IN_MSRBL          net
 score    RCVD_IN_MSRBL          0 1.00 0 1.00
I also have some for the psbl, uceprotect, spamcannibal and mailpolice if you
are interested.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From Denis.Beauchemin at USherbrooke.ca  Thu Jan 25 22:01:37 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Thu Jan 25 21:04:44 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <epb515$tjg$1@sea.gmane.org>
References: <epaog9$b09$1@sea.gmane.org>	<45B8E899.5050801@chapman.edu>	<epb2ra$kfs$1@sea.gmane.org>	<45B9143C.3010602@USherbrooke.ca>
	<epb515$tjg$1@sea.gmane.org>
Message-ID: <45B91AB1.1080906@USherbrooke.ca>

Scott Silva a ?crit :
> Denis Beauchemin spake the following on 1/25/2007 12:34 PM:
>   
>> Scott Silva a ?crit :
>>     
>>> Jay Chandler spake the following on 1/25/2007 9:27 AM:
>>>  
>>>       
>>>> Ugo Bellavance wrote:
>>>>    
>>>>         
>>>>> http://www.msrbl.com/site/
>>>>>
>>>>> Any opinions?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Ugo
>>>>>
>>>>>       
>>>>>           
>>>> Haven't used that one yet.
>>>>
>>>> There any consensus on the number of RBLs to use?  I'm mirroring a few
>>>> locally, but I'm not certain of the overhead on using others...
>>>>     
>>>>         
>>> I threw the combined one into spamassassin just to see if it hits
>>> anything.
>>> We'll see ....
>>>
>>>   
>>>       
>> I seems like a good way to test it.  Can you describe how you did it?
>>
>> Thanks!
>>
>> Denis
>>
>>     
> Add 4 lines to spam.assassin.prefs.conf
>
>  header   RCVD_IN_MSRBL          eval:check_rbl('msrbl',
> 'combined.rbl.msrbl.net.')
>  describe RCVD_IN_MSRBL          Received via a relay in MSRBL
>  tflags   RCVD_IN_MSRBL          net
>  score    RCVD_IN_MSRBL          0 1.00 0 1.00
> I also have some for the psbl, uceprotect, spamcannibal and mailpolice if you
> are interested.
>
>   
Yes sure!

Thanks again!

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070125/3b802c20/smime.bin
From Kevin_Miller at ci.juneau.ak.us  Thu Jan 25 22:47:16 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu Jan 25 21:50:12 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D2041CB87C@UBIMAIL1.ubisoft.org>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB43@city-exch-w3e.cbj.local>

Daniel Maher wrote:
 
> Just to add my voice to the chorus, I recently implemented SARE
> updates via sa-update, as per D. O'Shea's excellent service and
> instructions:
> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt  
> 
> It works flawlessly.

So when you did this, are you running the spamassassin updates out of
the cron.daily job and the sare updates with crontab or what?  It isn't
clear to me how to integrate the sare stuff with the regular rules -
i.e., whether it's two steps or just one...


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From glenn.steen at gmail.com  Thu Jan 25 23:07:01 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 22:09:57 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <epb47m$qtd$1@sea.gmane.org>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>
	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>
	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>
	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>
	<223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>
	<epavff$6q0$1@sea.gmane.org> <epb47m$qtd$1@sea.gmane.org>
Message-ID: <223f97700701251407j3d5a42bag7e45fe351ee01f0b@mail.gmail.com>

On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>
> > The free version still includes this statement in it;
> >
> >     Thank  you  for  choosing  to  install  the  freeware version of
> >     BitDefender for Linux Console Free Edition. It can be used  free
> >     of  charge.  It is fully functional and without any restrictions
> >     regarding the licensed version of the product.
> >
> > I'm not a lawyer, but it looks like it is still free.
> >
> Looking at my logs, it doesn't seem to be hitting anything here lately.
> Especially the new Trojan.Downloader-??? that clam has been getting since last
> weekend. Even a scan of the quarantined file shows nothing. Even McAfee is
> getting these!
>
> I guess it is time to hit the flusher on Bitdefender.
>
Still seems to be on par with mcafee here.... which isn't saying that much:-):-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Thu Jan 25 23:12:03 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 25 22:14:57 2007
Subject: sa-update, the untold story...
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC863BB40@city-exch-w3e.cbj.local>
References: <D1587DCF6294524BAFA2C9944312FCC863BB40@city-exch-w3e.cbj.local>
Message-ID: <223f97700701251412k1024a41ao670419cff18527c7@mail.gmail.com>

On 25/01/07, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Being generally adverse to adopting new 'features' before anybody else,
> I haven't activated sa-update on my mail servers until this morning.  I
> just spent the past couple hours reading everything in the archives with
> 'sa-update' in it; seems that it's been causing confusion since at least
> last April or so.  Anyway, here's my current understanding of the
> critter as it relates to MailScanner.  If I'm missing something, I hope
> someone will clue me in as the only thing that gets my users more riled
> up than spam would be the Boston Pops doing Muzak covers of Nirvana
> tunes.
>
> So, here's what I've gleaned.
>
> 1:  Sometimes sa-update blows up on the first run.  Therefore, run it
> manually at
>     least once before enabling it in /etc/cron.daily/sa-update, and
> verify that
>     the /var/lib/spamassassin exists. (Edit it first to enable it.)
>
> 2:  I *think* the proper setting in MailScanner.conf is:
>       SpamAssassin Local State Dir = /var/lib/spamassassin
>     Earlier versions of MailScanner just had /var/lib.  This should be
> uncommented
>     after a successful sa-update run.
>
> 3:  sa-update should be run after a spamassassin update to be sure the
> proper rules
>     being looked at.
>
> 4:  sa-update will return 0 after a successful update, and 1 after a
> successful run
>     but no update found.  This 'breaks' cron reporting.  Possible
> solutions include
>     taking it out of cron.daily and running it in crontab, or modifying
> the MS provided
>     script in cron.daily to return 0 when the SA supplied sa-update
> returns either 0 or
>     1.  Or leaving it disabled and running it manually from time to
> time.
>     An rc greater than 4 indicates it bit the dust.
>
> Does that all look correct?
>
> Also, I think it would be helpful to have notes at the end of the
> ClamAV/SA installer detailing the steps, similar to what Julian does now
> with MailScanner regarding upgrading (run upgrade_MailScanner_Conf blah
> blah blah).
>
Pretty much covers it, yes, at least AFAICS... Go type it into the
wiki, before you forget;-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Kevin_Miller at ci.juneau.ak.us  Fri Jan 26 00:00:53 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu Jan 25 23:03:48 2007
Subject: sa-update, the untold story...
In-Reply-To: <223f97700701251412k1024a41ao670419cff18527c7@mail.gmail.com>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB48@city-exch-w3e.cbj.local>

Glenn Steen wrote:

> Pretty much covers it, yes, at least AFAICS... Go type it into the
> wiki, before you forget;-)

OK, thanks for the sanity check.  Sorry about the funky formatting.
Outlook will auto line wrap, but I wanted indented paragraphs so was
hitting return a third the way across - guess I should have made it a
quarter the way!  

I'll have to create an identity to edit the wiki.  Where would be the
best place to put it?

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From mkettler at evi-inc.com  Fri Jan 26 00:11:27 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Thu Jan 25 23:14:29 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <223f97700701251407j3d5a42bag7e45fe351ee01f0b@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<20070125114440.5ea3fc5c@uxbod.splatnix.net>	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>	<223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>	<epavff$6q0$1@sea.gmane.org>
	<epb47m$qtd$1@sea.gmane.org>
	<223f97700701251407j3d5a42bag7e45fe351ee01f0b@mail.gmail.com>
Message-ID: <45B9391F.4070200@evi-inc.com>

Glenn Steen wrote:
> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>>
>> > The free version still includes this statement in it;
>> >
>> >     Thank  you  for  choosing  to  install  the  freeware version of
>> >     BitDefender for Linux Console Free Edition. It can be used  free
>> >     of  charge.  It is fully functional and without any restrictions
>> >     regarding the licensed version of the product.
>> >
>> > I'm not a lawyer, but it looks like it is still free.
>> >
>> Looking at my logs, it doesn't seem to be hitting anything here lately.
>> Especially the new Trojan.Downloader-??? that clam has been getting
>> since last
>> weekend. Even a scan of the quarantined file shows nothing. Even
>> McAfee is
>> getting these!
>>
>> I guess it is time to hit the flusher on Bitdefender.
>>
> Still seems to be on par with mcafee here.... which isn't saying that
> much:-):-)
> 
> Cheers


It seems in recent months both sides of the clamav and bitdefender hits have
diverged considerably.

Let's look at some numbers from my system. Note I've excluded "HTML-Phishing"
matches by clamav from this, as that's not something BitDefender (aka bdc) looks
for.


Dec 1, 2006-today:
messages with viruses found by clam but not bdc: 142
messages with viruses found by bdc but clam: 148

Looks like both bdc and clam are catching about the same number of messages that
the other missed..



July 1, 2006 - Dec 1, 2006
clam not bdc: 39
bdc not clam: 30

Note that in the previous 5 months, these numbers were MUCH smaller. This tells
me that in the past clam and bdc both matched most of the same messages.
However, recently, that's changed and a lot more viruses are coming out that are
only caught by one of the two.

This might be due to an increase in how fast viruses mutate, I'm not sure.
However, clearly BitDefender is still doing a lot of good here, catching several
things clam is missing.





From res at ausics.net  Fri Jan 26 00:28:12 2007
From: res at ausics.net (Res)
Date: Thu Jan 25 23:31:15 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <20070125114440.5ea3fc5c@uxbod.splatnix.net>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B88C17.4050305@fsl.com>
	<20070125114440.5ea3fc5c@uxbod.splatnix.net>
Message-ID: <Pine.LNX.4.64.0701260915460.7715@ebfjryy.nhfvpf.arg>

On Thu, 25 Jan 2007, --[ UxBoD ]-- wrote:

> You have to buy a five user license, but for home use, when only two
> uses its a bit expensive :(

F-Prot...
Is it for home use only? purely non commercial? Linux? In that case 
f-prot is downloadable and usable for free for the desktop, you dont in 
this case need the mail server version, the folk at f-prot once said so 
long as it gets no commercial use they dont object to you using the 
desktop version in your _private home use only mail server_ (they're not 
as blind and stupid as most and know and accept 3/4 of it downloaded are 
used for this reason as well as scanning pc, however it was stressed the 
first time that pc is used for *any* commercial use, you must cease use 
of the free desktop version immediately or will be in violation of the 
license and subject to actions.

On a more personal thought...
Also using this version in a commercial environment places the free use
in jepoardy for all, it would take no effort for them to pull it 
completely, so do the right thing by them, it is rare when we have this
type of free use ability at home with something that is so very good and 
effective and efficient, it's almost like saying you can use the BMW for 
free when ever you want (but subject to not driving it off bitumen roads) 
:)


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Fri Jan 26 00:30:42 2007
From: res at ausics.net (Res)
Date: Thu Jan 25 23:33:49 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <027d01c7407c$fa02d340$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net><223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com><01c101c74069$cf07ff20$920bbdcb@pmsi.net><223f97700701250409g7176171fw3fe974f943b0e200@mail.gmail.com>
	<223f97700701250411r51be5385ldca7db09eec957d1@mail.gmail.com>
	<027d01c7407c$fa02d340$920bbdcb@pmsi.net>
Message-ID: <Pine.LNX.4.64.0701260928450.7715@ebfjryy.nhfvpf.arg>

On Thu, 25 Jan 2007, jepoy wrote:

> im on way checking razor now. and finding a way to change these 
> /var/spool/postfix/hold/razor-agent.log.
> i already created a directory razor on 
> /var/spool/MailScanner/spamassassin/razor.
>

I might add to, that once you add these things in,  activate the log speed 
option, and keep an eye on it, if you have a busy server you will regret 
using these add-ons, as the time taken will blow out severely and can lead 
to very serious queue process times. But if you do no more than a couple 
messages every few minutes, you wont notice it that much if at all.

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Fri Jan 26 00:33:53 2007
From: res at ausics.net (Res)
Date: Thu Jan 25 23:36:53 2007
Subject: Archiving mail
In-Reply-To: <223f97700701250715u52a9c47tfa4864f6fd117335@mail.gmail.com>
References: <1E75E79B854C814784D0E8C5BA55AF76F76B17@uss2k01.united-systems.local>
	<223f97700701250715u52a9c47tfa4864f6fd117335@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701260932360.7715@ebfjryy.nhfvpf.arg>


> With Sendmail, those files are pretty much plain text, so I'm guessing

archive command use mbox format, use   mutt -f archivename


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Fri Jan 26 00:34:14 2007
From: res at ausics.net (Res)
Date: Thu Jan 25 23:37:14 2007
Subject: Problem with tildes in squirrelmail
In-Reply-To: <200701251358.l0PDwKDt030584@smtp.etapatelecom.net>
References: <200701251358.l0PDwKDt030584@smtp.etapatelecom.net>
Message-ID: <Pine.LNX.4.64.0701260931160.7715@ebfjryy.nhfvpf.arg>

On Thu, 25 Jan 2007, Ing. Augusto Cabrera D. wrote:

> Hello,
>
> I have problem with squirrelmail, because the ñ and tildes
> they are not shown , shows me a box or string in the inbox and in the
> subject I not have problem.
>

Please take this to the squirrelmail list. Paul is always very active.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
From ssilva at sgvwater.com  Fri Jan 26 00:58:54 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan 26 00:02:07 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <45B9391F.4070200@evi-inc.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<20070125114440.5ea3fc5c@uxbod.splatnix.net>	<223f97700701250430v48b80795v82250d363fe412c9@mail.gmail.com>	<fced6f550701250458p7b79a21ej9c822d60bd90276d@mail.gmail.com>	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>	<223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>	<epavff$6q0$1@sea.gmane.org>	<epb47m$qtd$1@sea.gmane.org>	<223f97700701251407j3d5a42bag7e45fe351ee01f0b@mail.gmail.com>
	<45B9391F.4070200@evi-inc.com>
Message-ID: <epbg7u$6ir$1@sea.gmane.org>

Matt Kettler spake the following on 1/25/2007 3:11 PM:
> Glenn Steen wrote:
>> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>>>> The free version still includes this statement in it;
>>>>
>>>>     Thank  you  for  choosing  to  install  the  freeware version of
>>>>     BitDefender for Linux Console Free Edition. It can be used  free
>>>>     of  charge.  It is fully functional and without any restrictions
>>>>     regarding the licensed version of the product.
>>>>
>>>> I'm not a lawyer, but it looks like it is still free.
>>>>
>>> Looking at my logs, it doesn't seem to be hitting anything here lately.
>>> Especially the new Trojan.Downloader-??? that clam has been getting
>>> since last
>>> weekend. Even a scan of the quarantined file shows nothing. Even
>>> McAfee is
>>> getting these!
>>>
>>> I guess it is time to hit the flusher on Bitdefender.
>>>
>> Still seems to be on par with mcafee here.... which isn't saying that
>> much:-):-)
>>
>> Cheers
> 
> 
> It seems in recent months both sides of the clamav and bitdefender hits have
> diverged considerably.
> 
> Let's look at some numbers from my system. Note I've excluded "HTML-Phishing"
> matches by clamav from this, as that's not something BitDefender (aka bdc) looks
> for.
> 
> 
> Dec 1, 2006-today:
> messages with viruses found by clam but not bdc: 142
> messages with viruses found by bdc but clam: 148
> 
> Looks like both bdc and clam are catching about the same number of messages that
> the other missed..
> 
> 
> 
> July 1, 2006 - Dec 1, 2006
> clam not bdc: 39
> bdc not clam: 30
> 
> Note that in the previous 5 months, these numbers were MUCH smaller. This tells
> me that in the past clam and bdc both matched most of the same messages.
> However, recently, that's changed and a lot more viruses are coming out that are
> only caught by one of the two.
> 
> This might be due to an increase in how fast viruses mutate, I'm not sure.
> However, clearly BitDefender is still doing a lot of good here, catching several
> things clam is missing.
> 

My volume is still low enough to leave it running. I think I am dumping most
of the viruses with blacklists, as my hit rate is very low. And MailScanner is
catching them by filetype rules even when the virus scanners miss.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From lars+lister.mailscanner at adventuras.no  Fri Jan 26 02:05:13 2007
From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen)
Date: Fri Jan 26 01:08:34 2007
Subject: sa-update, the untold story...
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC863BB40@city-exch-w3e.cbj.local>
References: <D1587DCF6294524BAFA2C9944312FCC863BB40@city-exch-w3e.cbj.local>
Message-ID: <45B953C9.9030003@adventuras.no>

Kevin Miller skrev:
> 
> 2:  I *think* the proper setting in MailScanner.conf is: 
>       SpamAssassin Local State Dir = /var/lib/spamassassin
>     Earlier versions of MailScanner just had /var/lib.  This should be
> uncommented
>     after a successful sa-update run.

I don't think you need this setting any more with recent spamassassin.


> 3:  sa-update should be run after a spamassassin update to be sure the
> proper rules 
>     being looked at.

Thanks, appreciated.

Suggestion:
If running from crontab, a random time could be nice.
This command sleeps randomly from 0 to 18 minutes.
Needs bash.
  echo 'sleep $(($RANDOM/30))'|/bin/bash; /usr/local/bin/sa-update


-- 
Regards,
    Lars


From ka at pacific.net  Fri Jan 26 06:24:27 2007
From: ka at pacific.net (Ken A)
Date: Fri Jan 26 05:27:34 2007
Subject: [Fwd: NJABL announcement: dynablock & Spamhaus PBL]
In-Reply-To: <45B79294.2060704@linuxspecial.com>
References: <45B10C06.8000408@pacific.net> <45B79294.2060704@linuxspecial.com>
Message-ID: <45B9908B.7090903@pacific.net>

Vasiliy Boulytchev wrote:
> Question regarding this... If i rsync to a local rbldnsd via
> 
> rsync -vaL rsync.njabl.org::njabl/rbldnsd/ /var/lib/rbldns/work
> 
> Does this mean I am uneffected by this in a sense?

Depends if you also use spamhaus. If you use dynablock.njable.org AND 
(?:pbl|zen)spamhaus.org, you are doubling up on rbl hits. After 'ample 
time', whatever that is has passed, dynablock will match nothing, so do 
switch to zen!
Ken
Pacific.Net

> 
> I dont think I should update my rsync job...
> 
> Vasiliy Boulytchev
> vasiliy@linuxspecial.com
> 
> 
> 
> Ken A wrote:
>>
>> fyi.
>> Ken A
>> Pacific.Net
>>
>>>
>>> -------- Original Message --------
>>> Subject: NJABL announcement: dynablock & Spamhaus PBL
>>> Date: Fri, 19 Jan 2007 11:37:29 -0500 (EST)
>>> From: help@mail.njabl.org
>>> To: list@njabl.org
>>>
>>> With the advent of Spamhaus's PBL (http://spamhaus.org/pbl/), 
>>> dynablock.njabl.org has become obsolete.  Rather than maintain 
>>> separate similar DNSBL zones, NJABL will be working with Spamhaus on 
>>> the PBL. Effective immediately, dynablock.njabl.org exists as a copy 
>>> of the Spamhaus PBL.  After dynablock users have had ample time to 
>>> update their configurations, the dynablock.njabl.org zone will be 
>>> emptied.
>>>
>>> Other NJABL zones (i.e. dnsbl, combined, bhnc, and the qw versions) 
>>> will continue, business as usual, except that combined will 
>>> eventually lose its dynablock component.
>>>
>>> If you currently use dynablock.njabl.org we recommend you switch 
>>> immediately to pbl.spamhaus.org.
>>>
>>> If you currently use combined.njabl.org, we recommend you add 
>>> pbl.spamhaus.org to the list of DNSBLs you use.
>>>
>>> You may also want to consider using zen.spamhaus.org, which is a 
>>> combination zone consisting of Spamhaus's SBL, XBL, and PBL zones.
>>

From jlcostinha at halla.pt  Fri Jan 26 09:30:08 2007
From: jlcostinha at halla.pt (Jorge Costinha)
Date: Fri Jan 26 08:33:15 2007
Subject: how to prevent fake email to enter my domain?
Message-ID: <1527637772.20070126083008@halla.pt>

i receive a lot of spam mask as internal email, as if someone within my network send it, but in fact is just spam, from outside.
i figure i could solve effectively just with spam.whitelist.rules and spam.blacklist.rules, for some reason i can't understand it only works with some emails.

here what i did, whitelist is checked first, if rule matches it skips the remaining rules and blacklist aswell:

on spam.whitelist.rules:

From:	192.168.10.	yes

on spam.blacklist.rules:

From: *@mydomain.com  yes


any internal email will match the rule on Whitelist, so it never gets rejected in blacklist. if its fake, it wont match the ip address and it only matches the blacklist.
when i did this, almost all fake email was detected, however some aren't. is there something i miss in here? is there a better approach? 
also regarding SPF records, mailscanner doesnt handle SPF? 

thanks!  
__
Jorge Costinha
-- 
This message has been scanned for viruses and
dangerous content by HCC MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070126/2deed0be/attachment.html
From m.anderlini at database.it  Fri Jan 26 09:32:48 2007
From: m.anderlini at database.it (Marcello Anderlini)
Date: Fri Jan 26 08:35:54 2007
Subject: Mqueue.in huge
In-Reply-To: <45B8E35E.3070505@chapman.edu>
Message-ID: <200701260832.l0Q8WqNM004756@netra.database.it>

Yes I know, but this was not Mailscanner.conf just
/etc/mail/spamassassin/mailscanner.cf ...



Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
---------------------------------------------

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Jay Chandler
> Sent: giovedì 25 gennaio 2007 18.06
> To: MailScanner discussion
> Subject: Re: Mqueue.in huge
>
> Marcello Anderlini wrote:
> > Sorry, if I answer just today but I way busy.
> >
> > I've checked In /etc/mail/spamassassin/mailscanner.cf but I
> found just
> > this lines nothing else ============================= #
> MailScanner #
> > MailScanner users, please =============================
> It's correct ?
> > But If I add the lines you suggested the spam controls will
> stoped at
> > all ?
> >
> > Sorry again for my worst english and thanks for any kind of
> help you
> > will give me..
> >
> > bye
> >
> >
>
> Howdy.
>
> MailScanner.conf is a couple of thousand lines long-- that's
> not correct at all.
>
> I'd suggest getting a fresh copy out of the tar file at
> www.mailscanner.info-- I'd also wonder what else is corrupted
> on your installation.
>
> --Jay
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> Messaggio verificato dal servizio antivirus di Database Informatica
>



-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From res at ausics.net  Fri Jan 26 11:04:06 2007
From: res at ausics.net (Res)
Date: Fri Jan 26 10:07:07 2007
Subject: how to prevent fake email to enter my domain?
In-Reply-To: <1527637772.20070126083008@halla.pt>
References: <1527637772.20070126083008@halla.pt>
Message-ID: <Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>

You should use a helo check, if you use sendmail use the block_bad_helo 
hack for 8.13.x,   8.14.x will have this as a feature, along with require 
rdns.

for spf, use milters and comment it out in SA ( no point in dbl lookups)

On Fri, 26 Jan 2007, Jorge Costinha wrote:

> i receive a lot of spam mask as internal email, as if someone within my network send it, but in fact is just spam, from outside.
> i figure i could solve effectively just with spam.whitelist.rules and spam.blacklist.rules, for some reason i can't understand it only works with some emails.
>
> here what i did, whitelist is checked first, if rule matches it skips the remaining rules and blacklist aswell:
>
> on spam.whitelist.rules:
>
> From:	192.168.10.	yes
>
> on spam.blacklist.rules:
>
> From: *@mydomain.com  yes
>
>
> any internal email will match the rule on Whitelist, so it never gets rejected in blacklist. if its fake, it wont match the ip address and it only matches the blacklist.
> when i did this, almost all fake email was detected, however some aren't. is there something i miss in here? is there a better approach?
> also regarding SPF records, mailscanner doesnt handle SPF?
>
> thanks!
> __
> Jorge Costinha
>

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From glenn.steen at gmail.com  Fri Jan 26 12:31:08 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 26 11:34:04 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <epbg7u$6ir$1@sea.gmane.org>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<223f97700701250510x6f60836fl62aca2a3b9db827f@mail.gmail.com>
	<fced6f550701250527r3218d6bn46178f8dc6a2348e@mail.gmail.com>
	<fced6f550701250527k4c8e9d18k896b701a27bc95a0@mail.gmail.com>
	<223f97700701250548w1022c168r77b6c611db59960b@mail.gmail.com>
	<epavff$6q0$1@sea.gmane.org> <epb47m$qtd$1@sea.gmane.org>
	<223f97700701251407j3d5a42bag7e45fe351ee01f0b@mail.gmail.com>
	<45B9391F.4070200@evi-inc.com> <epbg7u$6ir$1@sea.gmane.org>
Message-ID: <223f97700701260331h49c0fda1o85bee91f810c6e5a@mail.gmail.com>

On 26/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> Matt Kettler spake the following on 1/25/2007 3:11 PM:
> > Glenn Steen wrote:
> >> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> >>>> The free version still includes this statement in it;
> >>>>
> >>>>     Thank  you  for  choosing  to  install  the  freeware version of
> >>>>     BitDefender for Linux Console Free Edition. It can be used  free
> >>>>     of  charge.  It is fully functional and without any restrictions
> >>>>     regarding the licensed version of the product.
> >>>>
> >>>> I'm not a lawyer, but it looks like it is still free.
> >>>>
> >>> Looking at my logs, it doesn't seem to be hitting anything here lately.
> >>> Especially the new Trojan.Downloader-??? that clam has been getting
> >>> since last
> >>> weekend. Even a scan of the quarantined file shows nothing. Even
> >>> McAfee is
> >>> getting these!
> >>>
> >>> I guess it is time to hit the flusher on Bitdefender.
> >>>
> >> Still seems to be on par with mcafee here.... which isn't saying that
> >> much:-):-)
> >>
> >> Cheers
> >
> >
> > It seems in recent months both sides of the clamav and bitdefender hits have
> > diverged considerably.
> >
> > Let's look at some numbers from my system. Note I've excluded "HTML-Phishing"
> > matches by clamav from this, as that's not something BitDefender (aka bdc) looks
> > for.
> >
> >
> > Dec 1, 2006-today:
> > messages with viruses found by clam but not bdc: 142
> > messages with viruses found by bdc but clam: 148
> >
> > Looks like both bdc and clam are catching about the same number of messages that
> > the other missed..
> >
> >
> >
> > July 1, 2006 - Dec 1, 2006
> > clam not bdc: 39
> > bdc not clam: 30
> >
> > Note that in the previous 5 months, these numbers were MUCH smaller. This tells
> > me that in the past clam and bdc both matched most of the same messages.
> > However, recently, that's changed and a lot more viruses are coming out that are
> > only caught by one of the two.
> >
> > This might be due to an increase in how fast viruses mutate, I'm not sure.
> > However, clearly BitDefender is still doing a lot of good here, catching several
> > things clam is missing.
> >
>
> My volume is still low enough to leave it running. I think I am dumping most
> of the viruses with blacklists, as my hit rate is very low. And MailScanner is
> catching them by filetype rules even when the virus scanners miss.
>
Yeah, that mirrors my situation. Just judging from the very few facts
I can glean from all the crap that never reaches MailScanner, I'd say
your hypothesis could well be right Scott.

Thanks for the stats Matt!
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Fri Jan 26 12:45:41 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 26 11:48:37 2007
Subject: sa-update, the untold story...
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC863BB48@city-exch-w3e.cbj.local>
References: <223f97700701251412k1024a41ao670419cff18527c7@mail.gmail.com>
	<D1587DCF6294524BAFA2C9944312FCC863BB48@city-exch-w3e.cbj.local>
Message-ID: <223f97700701260345s7b710ea4t5d36b35d58a69ed0@mail.gmail.com>

On 26/01/07, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Glenn Steen wrote:
>
> > Pretty much covers it, yes, at least AFAICS... Go type it into the
> > wiki, before you forget;-)
>
> OK, thanks for the sanity check.  Sorry about the funky formatting.
> Outlook will auto line wrap, but I wanted indented paragraphs so was
> hitting return a third the way across - guess I should have made it a
> quarter the way!
>
> I'll have to create an identity to edit the wiki.
Should be easy enough:-)

> Where would be the best place to put it?
>
somewhere under documentation:anti_spam:spamassassin should be fine
... http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spamassassin

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Fri Jan 26 13:17:48 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 26 12:20:44 2007
Subject: Two servers, identical configs,one won't tag messages.
In-Reply-To: <45B9099F.6070906@chapman.edu>
References: <45B8D156.2020103@chapman.edu>
	<223f97700701250758s3730ddf4sc8b5c29f1cb060ac@mail.gmail.com>
	<45B8DD2A.4060203@chapman.edu> <epb00t$6q0$3@sea.gmane.org>
	<45B9099F.6070906@chapman.edu>
Message-ID: <223f97700701260417o197c2ef9u3e56e5f00302563f@mail.gmail.com>

On 25/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
> Scott Silva wrote:
> > Maybe a MailScanner -V to see if a module is different?
> >
>
> Just checked.  A diff shows that the ONLY difference is the uname -a string.
>
> These boxes are kept current via the Ports tree within FreeBSD, so
> everything builds off the same source.
>
> I've tried forcibly recompiling everything on the box, and still no luck.
>
> This one's driving me crazy-- any assistance would be super, as I'm
> starting to get asked some awkward questions!
>
You're not alone... If erally nothing diffs, this should not be happening.
You didn't do something like edit a config file in a windoze editor or
somesuch? Stray "unprintable" characters could .-.. "liven things up"
so to speak:-). Yeah, it's a bit of a "reaching for straws while
drowning", but ... even the sun has spots:-).
If you tirn off the "only thing differing" (fuzzy), does it start
tagging things again?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From dyioulos at firstbhph.com  Fri Jan 26 14:21:41 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri Jan 26 13:24:45 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <epbg7u$6ir$1@sea.gmane.org>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B9391F.4070200@evi-inc.com> <epbg7u$6ir$1@sea.gmane.org>
Message-ID: <200701260821.42223.dyioulos@firstbhph.com>

On Thursday 25 January 2007 6:58 pm, Scott Silva wrote:
> Matt Kettler spake the following on 1/25/2007 3:11 PM:
> > Glenn Steen wrote:
> >> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> >>>> The free version still includes this statement in it;
> >>>>
> >>>>     Thank  you  for  choosing  to  install  the  freeware version of
> >>>>     BitDefender for Linux Console Free Edition. It can be used  free
> >>>>     of  charge.  It is fully functional and without any restrictions
> >>>>     regarding the licensed version of the product.
> >>>>
> >>>> I'm not a lawyer, but it looks like it is still free.
> >>>
> >>> Looking at my logs, it doesn't seem to be hitting anything here lately.
> >>> Especially the new Trojan.Downloader-??? that clam has been getting
> >>> since last
> >>> weekend. Even a scan of the quarantined file shows nothing. Even
> >>> McAfee is
> >>> getting these!
> >>>
> >>> I guess it is time to hit the flusher on Bitdefender.
> >>
> >> Still seems to be on par with mcafee here.... which isn't saying that
> >> much:-):-)
> >>
> >> Cheers
> >
> > It seems in recent months both sides of the clamav and bitdefender hits
> > have diverged considerably.
> >
> > Let's look at some numbers from my system. Note I've excluded
> > "HTML-Phishing" matches by clamav from this, as that's not something
> > BitDefender (aka bdc) looks for.
> >
> >
> > Dec 1, 2006-today:
> > messages with viruses found by clam but not bdc: 142
> > messages with viruses found by bdc but clam: 148
> >
> > Looks like both bdc and clam are catching about the same number of
> > messages that the other missed..
> >
> >
> >
> > July 1, 2006 - Dec 1, 2006
> > clam not bdc: 39
> > bdc not clam: 30
> >
> > Note that in the previous 5 months, these numbers were MUCH smaller. This
> > tells me that in the past clam and bdc both matched most of the same
> > messages. However, recently, that's changed and a lot more viruses are
> > coming out that are only caught by one of the two.
> >
> > This might be due to an increase in how fast viruses mutate, I'm not
> > sure. However, clearly BitDefender is still doing a lot of good here,
> > catching several things clam is missing.
>
> My volume is still low enough to leave it running. I think I am dumping
> most of the viruses with blacklists, as my hit rate is very low. And
> MailScanner is catching them by filetype rules even when the virus scanners
> miss.
>
> --

I apologize if I'm taking this post OT, but is anyone using the "free" 
BitDefender console version with MS?  I installed it, and ran MS 
bitdefender-autoupdate, which seemed to work.  But, it's hard to tell if the 
virus signatures were truly updated.  Does anyone know if this is the case?  
Also, must bitdefender be "started"?  If so, how?  And, finally, should 
bitdefender-autoupdate be run as a cron job, or does MS handle that?

Thanks.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Fri Jan 26 14:50:50 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 26 13:53:47 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <200701260821.42223.dyioulos@firstbhph.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<45B9391F.4070200@evi-inc.com> <epbg7u$6ir$1@sea.gmane.org>
	<200701260821.42223.dyioulos@firstbhph.com>
Message-ID: <223f97700701260550s22da4d2es5b31eaa876513681@mail.gmail.com>

On 26/01/07, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
(snip)
>
> I apologize if I'm taking this post OT, but is anyone using the "free"
> BitDefender console version with MS?  I installed it, and ran MS
> bitdefender-autoupdate, which seemed to work.  But, it's hard to tell if the
> virus signatures were truly updated.  Does anyone know if this is the case?
> Also, must bitdefender be "started"?  If so, how?  And, finally, should
> bitdefender-autoupdate be run as a cron job, or does MS handle that?
>
I would say that all of us that use bdc (well, pretty close to all ...
at least:-) are using the "free console version".
You do not need run the autoupdate script by hand, it will be run (as
any _installed_ AVs autoupdate-script... Whether it is used is
immaterial, if it's there, MS will update it) by the
update_virus_scanners script that the MS install places into cron
(well, at least for the RPM install, you might need schedule it by
hand on the tarball install, and I imagine the freebsd port to do
something appropriate to that:-).
So... basically there is _no_ setup needed to get updates.
And the update_virus_scanners script/teh autoupdate scripts will log
what it does, and possibly what result (update, no update needed etc)
to your maillog, and possibly some place else... In the case of
ClamAV, there is a file /tmp/ClamAv.update.log (or similar) that you
can look at for details, and for bdc there is
/var/log/bitdefender_updater.log ... And if you want it at a glance,
and use MailWatch there one can look at the Tools page (I don't recall
if one had to add the script for this, or if it is part of 1.0.3 ...
The answer to that is somewhere in the MailWatch mailing list
archives). Hm. Perhaps I should update the bitdefender wiki page with
this info... When I get the time:-).
Enough?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From dyioulos at firstbhph.com  Fri Jan 26 14:59:55 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri Jan 26 14:02:59 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <223f97700701260550s22da4d2es5b31eaa876513681@mail.gmail.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<200701260821.42223.dyioulos@firstbhph.com>
	<223f97700701260550s22da4d2es5b31eaa876513681@mail.gmail.com>
Message-ID: <200701260859.56117.dyioulos@firstbhph.com>

On Friday 26 January 2007 8:50 am, Glenn Steen wrote:
> On 26/01/07, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
> (snip)
>
> > I apologize if I'm taking this post OT, but is anyone using the "free"
> > BitDefender console version with MS?  I installed it, and ran MS
> > bitdefender-autoupdate, which seemed to work.  But, it's hard to tell if
> > the virus signatures were truly updated.  Does anyone know if this is the
> > case? Also, must bitdefender be "started"?  If so, how?  And, finally,
> > should bitdefender-autoupdate be run as a cron job, or does MS handle
> > that?
>
> I would say that all of us that use bdc (well, pretty close to all ...
> at least:-) are using the "free console version".
> You do not need run the autoupdate script by hand, it will be run (as
> any _installed_ AVs autoupdate-script... Whether it is used is
> immaterial, if it's there, MS will update it) by the
> update_virus_scanners script that the MS install places into cron
> (well, at least for the RPM install, you might need schedule it by
> hand on the tarball install, and I imagine the freebsd port to do
> something appropriate to that:-).
> So... basically there is _no_ setup needed to get updates.
> And the update_virus_scanners script/teh autoupdate scripts will log
> what it does, and possibly what result (update, no update needed etc)
> to your maillog, and possibly some place else... In the case of
> ClamAV, there is a file /tmp/ClamAv.update.log (or similar) that you
> can look at for details, and for bdc there is
> /var/log/bitdefender_updater.log ... And if you want it at a glance,
> and use MailWatch there one can look at the Tools page (I don't recall
> if one had to add the script for this, or if it is part of 1.0.3 ...
> The answer to that is somewhere in the MailWatch mailing list
> archives). Hm. Perhaps I should update the bitdefender wiki page with
> this info... When I get the time:-).
> Enough?
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --

More than.  Thanks, Glenn.  All I need to do now is figure out the MaiWatch 
piece (if anybody knows how to, I'd appreciate it).

Thanks again Glenn.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From daniel.maher at ubisoft.com  Fri Jan 26 15:50:45 2007
From: daniel.maher at ubisoft.com (Daniel Maher)
Date: Fri Jan 26 14:53:42 2007
Subject: Increased Volumes Of Spam
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC863BB43@city-exch-w3e.cbj.local>
Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2044332EC@UBIMAIL1.ubisoft.org>

> > Just to add my voice to the chorus, I recently implemented SARE
> > updates via sa-update, as per D. O'Shea's excellent service and
> > instructions:
> > http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
> >
> > It works flawlessly.
> 
> So when you did this, are you running the spamassassin updates out of
> the cron.daily job and the sare updates with crontab or what?  It isn't
> clear to me how to integrate the sare stuff with the regular rules -
> i.e., whether it's two steps or just one...
> 
> 
> ...Kevin

I am running sa-update via a daily cronjob, which pulls down both the SA default rules, as well as the SARE rules of my choosing in one fell swoop.  There is no magic to integrating the "sare stuff" wit the "regular rules"; simply create a small config file with the rules you want, in the form:

updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_obfu0.cf.sare.sa-update.dostech.net
[..etc..]

Then, in your cronjob, specify that you'd like to use said config file during your sa-update run:
/usr/bin/sa-update --channelfile <file>

Done!


--
  _
 ?v?  Daniel Maher
/(_)\ Administrateur Syst?me Unix
 ^ ^  Unix System Administrator
 
Four elements!
From cobalt-users1 at fishnet.co.uk  Fri Jan 26 16:37:04 2007
From: cobalt-users1 at fishnet.co.uk (Ian)
Date: Fri Jan 26 15:40:25 2007
Subject: OT: CentOD Kickstart CD with MailScanner
Message-ID: <45BA2020.21164.16BF2F48@cobalt-users1.fishnet.co.uk>

Hi,

Sorry, Slightly OT.

I am trying to create a CentOS kickstart cd with MailScanner included.

I have installed MailScanner on the build machine using the install.sh script from the rpm 
package without any problems.  I then copied the perl module rpms, mailscanner & tnef 
over to my build directory.

I am now testing for dependency problems (after creating the testdb) with:

	sudo rpm --test --dbpath testdb -Uvh /build/cd1/CentOS/RPMS/*.rpm

I am getting some conflicts with some of the perl modules (see below).

My question is, can I simply remove the conflicting rpms because the stock perl-5.8.5 rpm 
seems to have them already installed? Or would it be better to install MailScanner via the 
install.sh script after the main installation is done?

I have noticed that non of the conflicting modules appear to be installed when I do a:

	rpm -qa

on the build machine.

I have probably answered my own question here but would grateful for some clarification.

Thanks for any assistance.

Ian
----------------------

<output>
        file /usr/lib/perl5/5.8.5/File/Temp.pm conflicts between attempted installs of perl-
5.8.5-36.RHEL4 and perl-File-Temp-0.16-1
        file /usr/lib/perl5/5.8.5/Getopt/Long.pm conflicts between attempted installs of perl-
5.8.5-36.RHEL4 and perl-Getopt-Long-2.35-1
        file /usr/lib/perl5/5.8.5/i386-linux-thread-multi/Sys/Syslog.pm conflicts between 
attempted installs of perl-5.8.5-36.RHEL4 and perl-Sys-Syslog-0.18-1
        file /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.so conflicts 
between attempted installs of perl-5.8.5-36.RHEL4 and perl-Sys-Syslog-0.18-1
        file /usr/share/man/man3/File::Temp.3pm.gz conflicts between attempted installs of 
perl-5.8.5-36.RHEL4 and perl-File-Temp-0.16-1
        file /usr/share/man/man3/Getopt::Long.3pm.gz conflicts between attempted installs 
of perl-5.8.5-36.RHEL4 and perl-Getopt-Long-2.35-1
        file /usr/bin/instmodsh conflicts between attempted installs of perl-ExtUtils-
MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/Command.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/Command/MM.pm conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/Install.pm conflicts between attempted installs of perl-
ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/Liblist.pm conflicts between attempted installs of perl-
ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/Liblist/Kid.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MANIFEST.SKIP conflicts between attempted installs 
of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM.pm conflicts between attempted installs of perl-
ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_Any.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_BeOS.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_Cygwin.pm conflicts between attempted installs 
of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_MacOS.pm conflicts between attempted installs 
of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_NW5.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_OS2.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_Unix.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_VMS.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_Win32.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MM_Win95.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MakeMaker.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MakeMaker/FAQ.pod conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MakeMaker/Tutorial.pod conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MakeMaker/bytes.pm conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/MakeMaker/vmsish.pm conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/lib/perl5/5.8.5/ExtUtils/Manifest.pm conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Command.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Command::MM.3pm.gz conflicts between 
attempted installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Install.3pm.gz conflicts between attempted installs 
of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Installed.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Liblist.3pm.gz conflicts between attempted installs 
of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM.3pm.gz conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_Any.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_BeOS.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_Cygwin.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_DOS.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_MacOS.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_NW5.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_OS2.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_UWIN.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_Unix.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_VMS.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_Win32.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MM_Win95.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MY.3pm.gz conflicts between attempted installs of 
perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MakeMaker.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MakeMaker::FAQ.3pm.gz conflicts between 
attempted installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MakeMaker::Tutorial.3pm.gz conflicts between 
attempted installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MakeMaker::bytes.3pm.gz conflicts between 
attempted installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::MakeMaker::vmsish.3pm.gz conflicts between 
attempted installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Manifest.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Mkbootstrap.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Mksymlists.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::Packlist.3pm.gz conflicts between attempted 
installs of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
        file /usr/share/man/man3/ExtUtils::testlib.3pm.gz conflicts between attempted installs 
of perl-ExtUtils-MakeMaker-6.30-1 and perl-5.8.5-36.RHEL4
</output>






From vasiliy at linuxspecial.com  Fri Jan 26 16:49:14 2007
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Fri Jan 26 15:52:15 2007
Subject: AntiVirus Software
In-Reply-To: <3da1ae1e3a53324e8e9878ce3acfe960@solidstatelogic.com>
References: <3da1ae1e3a53324e8e9878ce3acfe960@solidstatelogic.com>
Message-ID: <45BA22FA.2030507@linuxspecial.com>

Personally, we use fprot licences from blacknight.ie... and clam.  That 
does the job EXTREMELY well

Vasiliy Boulytchev
vasiliy@linuxspecial.com



Martin.Hepworth wrote:
> HI
>
> You don't mention what O/S you're running on, but
>
> f-prot used by a lot of a people, a 'local' reseller is Blacknight.ie
> who also happen to host the MS websites and mailing lists..
>
> I find sophos good, but is way more expensive that f-prot..you shouldn't
> have any problems finding a reseller..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]--
>> Sent: 25 January 2007 10:05
>> To: MailScanner discussion
>> Subject: SOT: AntiVirus Software
>>
>> I have recently built a new server and currently only use ClamAV and
>> Bitdefender with MailScanner.  I would like to introduce a commercial
>> scanner aswell, but there appears to be so many on the market now.
>>
>> I do like Kaspersky, but you seem to be unable to buy and download in
>> the UK :(
>>
>> Any other recommendations ?
>>
>> --
>> This message has been scanned for viruses and dangerous content by
>> MailScanner, and is
>> believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
>
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
>
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
>
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   
From leiw324 at yahoo.com.hk  Fri Jan 26 17:13:07 2007
From: leiw324 at yahoo.com.hk (Wilson Kwok)
Date: Fri Jan 26 16:16:08 2007
Subject: How to upgrade mailscanner ?
Message-ID: <446761.224.qm@web54403.mail.yahoo.com>

What I need to be careful to upgrade mailscanner ?
   
   
   
  Thanks

 _______________________________________
 YM - Â÷½u°T®§
 ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C
 http://messenger.yahoo.com.hk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070127/34a84ffb/attachment.html
From ugob at camo-route.com  Fri Jan 26 17:23:43 2007
From: ugob at camo-route.com (Ugo Bellavance)
Date: Fri Jan 26 16:27:01 2007
Subject: How to upgrade mailscanner ?
In-Reply-To: <446761.224.qm@web54403.mail.yahoo.com>
References: <446761.224.qm@web54403.mail.yahoo.com>
Message-ID: <epd9uf$u15$1@sea.gmane.org>

Wilson Kwok wrote:
> What I need to be careful to upgrade mailscanner ?
http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm

From Kevin_Miller at ci.juneau.ak.us  Fri Jan 26 17:30:33 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Fri Jan 26 16:33:31 2007
Subject: sa-update, the untold story...
In-Reply-To: <45B953C9.9030003@adventuras.no>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB4A@city-exch-w3e.cbj.local>

Lars Kristiansen wrote:
> Kevin Miller skrev:
>> 
>> 2:  I *think* the proper setting in MailScanner.conf is:
>>       SpamAssassin Local State Dir = /var/lib/spamassassin
>>     Earlier versions of MailScanner just had /var/lib.  This should
>>     be uncommented after a successful sa-update run.
> 
> I don't think you need this setting any more with recent spamassassin.

I don't know - I sorta got that impression in all my reading but on the
other hand I don't see any harm in leaving it so that's probably the
safest bet.

>> 3:  sa-update should be run after a spamassassin update to be sure
>>     the proper rules being looked at.
> 
> Thanks, appreciated.
> 
> Suggestion:
> If running from crontab, a random time could be nice.

Julian's sa-update script in cron.daily has a randomizer built in
already...


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From mkettler at evi-inc.com  Fri Jan 26 17:56:22 2007
From: mkettler at evi-inc.com (Matt Kettler)
Date: Fri Jan 26 16:59:50 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <200701260821.42223.dyioulos@firstbhph.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<45B9391F.4070200@evi-inc.com>
	<epbg7u$6ir$1@sea.gmane.org>
	<200701260821.42223.dyioulos@firstbhph.com>
Message-ID: <45BA32B6.9070506@evi-inc.com>

Dimitri Yioulos wrote:
> On Thursday 25 January 2007 6:58 pm, Scott Silva wrote:
>> Matt Kettler spake the following on 1/25/2007 3:11 PM:
>>> Glenn Steen wrote:
>>>> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>>>>>> The free version still includes this statement in it;
>>>>>>
>>>>>>     Thank  you  for  choosing  to  install  the  freeware version of
>>>>>>     BitDefender for Linux Console Free Edition. It can be used  free
>>>>>>     of  charge.  It is fully functional and without any restrictions
>>>>>>     regarding the licensed version of the product.
>>>>>>
>>>>>> I'm not a lawyer, but it looks like it is still free.
>>>>> Looking at my logs, it doesn't seem to be hitting anything here lately.
>>>>> Especially the new Trojan.Downloader-??? that clam has been getting
>>>>> since last
>>>>> weekend. Even a scan of the quarantined file shows nothing. Even
>>>>> McAfee is
>>>>> getting these!
>>>>>
>>>>> I guess it is time to hit the flusher on Bitdefender.
>>>> Still seems to be on par with mcafee here.... which isn't saying that
>>>> much:-):-)
>>>>
>>>> Cheers
>>> It seems in recent months both sides of the clamav and bitdefender hits
>>> have diverged considerably.
>>>
>>> Let's look at some numbers from my system. Note I've excluded
>>> "HTML-Phishing" matches by clamav from this, as that's not something
>>> BitDefender (aka bdc) looks for.
>>>
>>>
>>> Dec 1, 2006-today:
>>> messages with viruses found by clam but not bdc: 142
>>> messages with viruses found by bdc but clam: 148
>>>
>>> Looks like both bdc and clam are catching about the same number of
>>> messages that the other missed..
>>>
>>>
>>>
>>> July 1, 2006 - Dec 1, 2006
>>> clam not bdc: 39
>>> bdc not clam: 30
>>>
>>> Note that in the previous 5 months, these numbers were MUCH smaller. This
>>> tells me that in the past clam and bdc both matched most of the same
>>> messages. However, recently, that's changed and a lot more viruses are
>>> coming out that are only caught by one of the two.
>>>
>>> This might be due to an increase in how fast viruses mutate, I'm not
>>> sure. However, clearly BitDefender is still doing a lot of good here,
>>> catching several things clam is missing.
>> My volume is still low enough to leave it running. I think I am dumping
>> most of the viruses with blacklists, as my hit rate is very low. And
>> MailScanner is catching them by filetype rules even when the virus scanners
>> miss.
>>
>> --
> 
> I apologize if I'm taking this post OT, but is anyone using the "free" 
> BitDefender console version with MS? 

Erm, yes.. that's what BDC is that I'm referring to above.

 I installed it, and ran MS
> bitdefender-autoupdate, which seemed to work.  But, it's hard to tell if the 
> virus signatures were truly updated.  Does anyone know if this is the case?  

You can always run bdc --update manually right after the autoupdate. If the
autoupdate worked, the manual run shouldn't find anything to update.

> Also, must bitdefender be "started"?  I

No. the free version is a console app. There's nothing to start.

>And, finally, should
> bitdefender-autoupdate be run as a cron job, or does MS handle that?

MS handles that, by default ever hour.

You should see log messages like this:

Jan 26 06:09:53 xanadu update.virus.scanners: Found bitdefender installed
Jan 26 06:09:53 xanadu update.virus.scanners: Running autoupdate for bitdefender

Jan 26 07:09:17 xanadu update.virus.scanners: Found bitdefender installed
Jan 26 07:09:17 xanadu update.virus.scanners: Running autoupdate for bitdefender
From glenn.steen at gmail.com  Fri Jan 26 18:57:27 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 26 18:00:25 2007
Subject: sa-update, the untold story...
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC863BB4A@city-exch-w3e.cbj.local>
References: <45B953C9.9030003@adventuras.no>
	<D1587DCF6294524BAFA2C9944312FCC863BB4A@city-exch-w3e.cbj.local>
Message-ID: <223f97700701260957i6fcc4637g8ff1f92816202628@mail.gmail.com>

On 26/01/07, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:
> Lars Kristiansen wrote:
> > Kevin Miller skrev:
> >>
> >> 2:  I *think* the proper setting in MailScanner.conf is:
> >>       SpamAssassin Local State Dir = /var/lib/spamassassin
> >>     Earlier versions of MailScanner just had /var/lib.  This should
> >>     be uncommented after a successful sa-update run.
> >
> > I don't think you need this setting any more with recent spamassassin.
>
> I don't know - I sorta got that impression in all my reading but on the
> other hand I don't see any harm in leaving it so that's probably the
> safest bet.
>
If you specify it, you need amend it as you specify... But many (if
not all) *should* manage without since SA should take care of it by
default (mine does). I think this just _might_ depend a bit on what
(packaged) SA one is using, but I haven't corroborated this in any
way.
Specifying it correctly will work for everyone though, so ... Perhaps
one should formulate the wiki entry along those lines?
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mrm at medicine.wisc.edu  Fri Jan 26 19:00:46 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Fri Jan 26 18:04:10 2007
Subject: how to prevent fake email to enter my domain?
In-Reply-To: <Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>
References: <1527637772.20070126083008@halla.pt>
	<Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>
Message-ID: <45B9ED6B.7FBE.00FC.3@medicine.wisc.edu>

>>> On 1/26/2007 at 4:04 AM, in message
<Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>, Res
<res@ausics.net>
wrote:
> You should use a helo check, if you use sendmail use the
block_bad_helo 
> hack for 8.13.x,   8.14.x will have this as a feature, along with
require 
> rdns.

The Block_bad_helo hack works excellent, except there are a few
legitimate senders out there with badly configured servers that send
things like localhost during helo, so you have no choice but to
whitelist some of these senders.    Sendmail-speak is not the easiest
thing to decipher, so make sure you know how to whitelist bad helos
before implementing it.

Mike

From glenn.steen at gmail.com  Fri Jan 26 20:21:56 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jan 26 19:24:57 2007
Subject: how to prevent fake email to enter my domain?
In-Reply-To: <45B9ED6B.7FBE.00FC.3@medicine.wisc.edu>
References: <1527637772.20070126083008@halla.pt>
	<Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>
	<45B9ED6B.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <223f97700701261121i17980cdfs9e4733b332900b5b@mail.gmail.com>

On 26/01/07, Michael Masse <mrm@medicine.wisc.edu> wrote:
> >>> On 1/26/2007 at 4:04 AM, in message
> <Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>, Res
> <res@ausics.net>
> wrote:
> > You should use a helo check, if you use sendmail use the
> block_bad_helo
> > hack for 8.13.x,   8.14.x will have this as a feature, along with
> require
> > rdns.
>
> The Block_bad_helo hack works excellent, except there are a few
> legitimate senders out there with badly configured servers that send
> things like localhost during helo, so you have no choice but to
> whitelist some of these senders.    Sendmail-speak is not the easiest
> thing to decipher, so make sure you know how to whitelist bad helos
> before implementing it.
>
> Mike
Preempting Res normal (and justified... Yeah, I'm well into my first
half-bottle of red, no inhibitions:-) reaction to this argument...
Which would be along the line "If they're that stoopid they _should_
be dropped... Unless it affects a paying customer in a really bad
way"... I tend to think along the same lines, but scratch the last
part. If it is an issue, contact them, inform them that it is in
violation of RFC to do this... And if they fail to comply, well... Be
damned:-).
I've _never_ had any legitimate (business) sender that has failed to
see the light, when their error has been pointed out to them... ever.
On the contrary, most have (rather politely:) asked me to pass them
the brown bag:-D.

But enabling "RFC strictness" do mean one has to at least keep a
fraction of an eye on it.

(literally this time:) Cheers fellows
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From dyioulos at firstbhph.com  Fri Jan 26 21:11:51 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri Jan 26 20:14:58 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <45BA32B6.9070506@evi-inc.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<200701260821.42223.dyioulos@firstbhph.com>
	<45BA32B6.9070506@evi-inc.com>
Message-ID: <200701261511.51743.dyioulos@firstbhph.com>

On Friday 26 January 2007 11:56 am, Matt Kettler wrote:
> Dimitri Yioulos wrote:
> > On Thursday 25 January 2007 6:58 pm, Scott Silva wrote:
> >> Matt Kettler spake the following on 1/25/2007 3:11 PM:
> >>> Glenn Steen wrote:
> >>>> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> >>>>>> The free version still includes this statement in it;
> >>>>>>
> >>>>>>     Thank  you  for  choosing  to  install  the  freeware version of
> >>>>>>     BitDefender for Linux Console Free Edition. It can be used  free
> >>>>>>     of  charge.  It is fully functional and without any restrictions
> >>>>>>     regarding the licensed version of the product.
> >>>>>>
> >>>>>> I'm not a lawyer, but it looks like it is still free.
> >>>>>
> >>>>> Looking at my logs, it doesn't seem to be hitting anything here
> >>>>> lately. Especially the new Trojan.Downloader-??? that clam has been
> >>>>> getting since last
> >>>>> weekend. Even a scan of the quarantined file shows nothing. Even
> >>>>> McAfee is
> >>>>> getting these!
> >>>>>
> >>>>> I guess it is time to hit the flusher on Bitdefender.
> >>>>
> >>>> Still seems to be on par with mcafee here.... which isn't saying that
> >>>> much:-):-)
> >>>>
> >>>> Cheers
> >>>
> >>> It seems in recent months both sides of the clamav and bitdefender hits
> >>> have diverged considerably.
> >>>
> >>> Let's look at some numbers from my system. Note I've excluded
> >>> "HTML-Phishing" matches by clamav from this, as that's not something
> >>> BitDefender (aka bdc) looks for.
> >>>
> >>>
> >>> Dec 1, 2006-today:
> >>> messages with viruses found by clam but not bdc: 142
> >>> messages with viruses found by bdc but clam: 148
> >>>
> >>> Looks like both bdc and clam are catching about the same number of
> >>> messages that the other missed..
> >>>
> >>>
> >>>
> >>> July 1, 2006 - Dec 1, 2006
> >>> clam not bdc: 39
> >>> bdc not clam: 30
> >>>
> >>> Note that in the previous 5 months, these numbers were MUCH smaller.
> >>> This tells me that in the past clam and bdc both matched most of the
> >>> same messages. However, recently, that's changed and a lot more viruses
> >>> are coming out that are only caught by one of the two.
> >>>
> >>> This might be due to an increase in how fast viruses mutate, I'm not
> >>> sure. However, clearly BitDefender is still doing a lot of good here,
> >>> catching several things clam is missing.
> >>
> >> My volume is still low enough to leave it running. I think I am dumping
> >> most of the viruses with blacklists, as my hit rate is very low. And
> >> MailScanner is catching them by filetype rules even when the virus
> >> scanners miss.
> >>
> >> --
> >
> > I apologize if I'm taking this post OT, but is anyone using the "free"
> > BitDefender console version with MS?
>
> Erm, yes.. that's what BDC is that I'm referring to above.
>
>  I installed it, and ran MS
>
> > bitdefender-autoupdate, which seemed to work.  But, it's hard to tell if
> > the virus signatures were truly updated.  Does anyone know if this is the
> > case?
>
> You can always run bdc --update manually right after the autoupdate. If the
> autoupdate worked, the manual run shouldn't find anything to update.
>
> > Also, must bitdefender be "started"?  I
>
> No. the free version is a console app. There's nothing to start.
>
> >And, finally, should
> > bitdefender-autoupdate be run as a cron job, or does MS handle that?
>
> MS handles that, by default ever hour.
>
> You should see log messages like this:
>
> Jan 26 06:09:53 xanadu update.virus.scanners: Found bitdefender installed
> Jan 26 06:09:53 xanadu update.virus.scanners: Running autoupdate for
> bitdefender
>
> Jan 26 07:09:17 xanadu update.virus.scanners: Found bitdefender installed
> Jan 26 07:09:17 xanadu update.virus.scanners: Running autoupdate for
> bitdefender --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

Thanks, Matt.  I admit that some of my questions seemed to have an intuitive 
answer, but I felt I could go ahead and ask anyway for comfort's sake.  I 
tested the server against GFI tests, and bitdefender did, indeed, work.

In an earlier post, Glenn mentioned that bitdefender could be accessed from 
MailWatch's Tools page, but that's not the case on my system.  Might I humbly 
reask here if anyone knows how to add this functionality.

Thanks again.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Rodney at rcrcomputing.com  Fri Jan 26 21:25:56 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Fri Jan 26 20:29:52 2007
Subject: Spamassassin report in body
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404ADDE@server1.RCRComputing.local>


> On Thu, January 25, 2007 17:18, Rodney Richison wrote:
> >
> >
> >>
> >> X-MailScanner-Information Spam detection information
> 
> I think this is it               ^^
> 
> I know this header is a specified option and I would think 
> the ':' should be in there but I can't remember if 
> MailScanner will add it if you miss it (It looks like it 
> doesn't). Have a look in MailScanner.conf for this header 
> option and make sure the ':' is at the end of the header.
> 
> Drew
>

Yup that did it. It should have had the ":" at the end. I sure glad..
Long day..   :)

Thank a million. 
From mrm at medicine.wisc.edu  Fri Jan 26 21:39:04 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Fri Jan 26 20:42:21 2007
Subject: how to prevent fake email to enter my domain?
In-Reply-To: <223f97700701261121i17980cdfs9e4733b332900b5b@mail.gmail.com>
References: <1527637772.20070126083008@halla.pt>
	<Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>
	<45B9ED6B.7FBE.00FC.3@medicine.wisc.edu>
	<223f97700701261121i17980cdfs9e4733b332900b5b@mail.gmail.com>
Message-ID: <45BA1285.7FBE.00FC.3@medicine.wisc.edu>

> Which would be along the line "If they're that stoopid they _should_
> be dropped... Unless it affects a paying customer in a really bad
> way"... I tend to think along the same lines, but scratch the last
> part. If it is an issue, contact them, inform them that it is in
> violation of RFC to do this... And if they fail to comply, well...
Be
> damned:-).
> I've _never_ had any legitimate (business) sender that has failed to
> see the light, when their error has been pointed out to them...
ever.
> On the contrary, most have (rather politely:) asked me to pass them
> the brown bag:-D.
> 
> But enabling "RFC strictness" do mean one has to at least keep a
> fraction of an eye on it.
> 

I totally agree with this in theory, but there have been cases where
it's been impossible for the "sender" to change.   This usually occurs
with hardware systems with embedded software which have the capability
of sending alerts via email, such as our SAN hardware, our ethernet
switches, and a certain SQL server written by a certain large company
that should really know better.   Although I would love to think that
Xiotech, EMC, Cisco, and Microsoft are going to push out firmware and or
software fixes to become RFC compliant the instant I have a problem,  my
experience has been that we are not considered a big enough player for
them to bow down to.    In these cases I find that whitelisting the
offending IP to be a solution that works quickly even if it's not the
correct thing to do in principle.   I was originally trying to point out
that the recipe to get helo checking installed is very easy, but if you
need to make changes, such as whitelisting an IP, it's not clearly
apparent if you're not proficient in sendmail's config language, so it
might be good to find out how <before> you have an issue, regardless of
how you handle it.

My understanding (which I admit is very limited) of the helo stage is
that to be RFC compliant you are supposed to send your domain, but it is
also non compliant to reject an email if the sender is sending a bogus
helo, and I believe this is what these major vendors hide behind,
stating that I am breaking RFC compliance by rejecting their bogus
helos.  

My apologies for taking this so OT.

Mike


From ssilva at sgvwater.com  Fri Jan 26 23:07:28 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan 26 22:10:47 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <200701260859.56117.dyioulos@firstbhph.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<200701260821.42223.dyioulos@firstbhph.com>	<223f97700701260550s22da4d2es5b31eaa876513681@mail.gmail.com>
	<200701260859.56117.dyioulos@firstbhph.com>
Message-ID: <epdu30$1nh$1@sea.gmane.org>

Dimitri Yioulos spake the following on 1/26/2007 5:59 AM:
> On Friday 26 January 2007 8:50 am, Glenn Steen wrote:
>> On 26/01/07, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
>> (snip)
>>
>>> I apologize if I'm taking this post OT, but is anyone using the "free"
>>> BitDefender console version with MS?  I installed it, and ran MS
>>> bitdefender-autoupdate, which seemed to work.  But, it's hard to tell if
>>> the virus signatures were truly updated.  Does anyone know if this is the
>>> case? Also, must bitdefender be "started"?  If so, how?  And, finally,
>>> should bitdefender-autoupdate be run as a cron job, or does MS handle
>>> that?
>> I would say that all of us that use bdc (well, pretty close to all ...
>> at least:-) are using the "free console version".
>> You do not need run the autoupdate script by hand, it will be run (as
>> any _installed_ AVs autoupdate-script... Whether it is used is
>> immaterial, if it's there, MS will update it) by the
>> update_virus_scanners script that the MS install places into cron
>> (well, at least for the RPM install, you might need schedule it by
>> hand on the tarball install, and I imagine the freebsd port to do
>> something appropriate to that:-).
>> So... basically there is _no_ setup needed to get updates.
>> And the update_virus_scanners script/teh autoupdate scripts will log
>> what it does, and possibly what result (update, no update needed etc)
>> to your maillog, and possibly some place else... In the case of
>> ClamAV, there is a file /tmp/ClamAv.update.log (or similar) that you
>> can look at for details, and for bdc there is
>> /var/log/bitdefender_updater.log ... And if you want it at a glance,
>> and use MailWatch there one can look at the Tools page (I don't recall
>> if one had to add the script for this, or if it is part of 1.0.3 ...
>> The answer to that is somewhere in the MailWatch mailing list
>> archives). Hm. Perhaps I should update the bitdefender wiki page with
>> this info... When I get the time:-).
>> Enough?
>>
>> Cheers
>> --
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> --
> 
> More than.  Thanks, Glenn.  All I need to do now is figure out the MaiWatch 
> piece (if anybody knows how to, I'd appreciate it).
> 
If mailwatch doesn't have the bitdefender status page by default, one of us
will send it to you.

We are a full service list... most of the time  ;-D


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From dyioulos at firstbhph.com  Fri Jan 26 23:37:39 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri Jan 26 22:40:46 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <epdu30$1nh$1@sea.gmane.org>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<200701260859.56117.dyioulos@firstbhph.com>
	<epdu30$1nh$1@sea.gmane.org>
Message-ID: <200701261737.40169.dyioulos@firstbhph.com>

On Friday 26 January 2007 5:07 pm, Scott Silva wrote:
> Dimitri Yioulos spake the following on 1/26/2007 5:59 AM:
> > On Friday 26 January 2007 8:50 am, Glenn Steen wrote:
> >> On 26/01/07, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
> >> (snip)
> >>
> >>> I apologize if I'm taking this post OT, but is anyone using the "free"
> >>> BitDefender console version with MS?  I installed it, and ran MS
> >>> bitdefender-autoupdate, which seemed to work.  But, it's hard to tell
> >>> if the virus signatures were truly updated.  Does anyone know if this
> >>> is the case? Also, must bitdefender be "started"?  If so, how?  And,
> >>> finally, should bitdefender-autoupdate be run as a cron job, or does MS
> >>> handle that?
> >>
> >> I would say that all of us that use bdc (well, pretty close to all ...
> >> at least:-) are using the "free console version".
> >> You do not need run the autoupdate script by hand, it will be run (as
> >> any _installed_ AVs autoupdate-script... Whether it is used is
> >> immaterial, if it's there, MS will update it) by the
> >> update_virus_scanners script that the MS install places into cron
> >> (well, at least for the RPM install, you might need schedule it by
> >> hand on the tarball install, and I imagine the freebsd port to do
> >> something appropriate to that:-).
> >> So... basically there is _no_ setup needed to get updates.
> >> And the update_virus_scanners script/teh autoupdate scripts will log
> >> what it does, and possibly what result (update, no update needed etc)
> >> to your maillog, and possibly some place else... In the case of
> >> ClamAV, there is a file /tmp/ClamAv.update.log (or similar) that you
> >> can look at for details, and for bdc there is
> >> /var/log/bitdefender_updater.log ... And if you want it at a glance,
> >> and use MailWatch there one can look at the Tools page (I don't recall
> >> if one had to add the script for this, or if it is part of 1.0.3 ...
> >> The answer to that is somewhere in the MailWatch mailing list
> >> archives). Hm. Perhaps I should update the bitdefender wiki page with
> >> this info... When I get the time:-).
> >> Enough?
> >>
> >> Cheers
> >> --
> >> -- Glenn
> >> email: glenn < dot > steen < at > gmail < dot > com
> >> work: glenn < dot > steen < at > ap1 < dot > se
> >> --
> >
> > More than.  Thanks, Glenn.  All I need to do now is figure out the
> > MaiWatch piece (if anybody knows how to, I'd appreciate it).
>
> If mailwatch doesn't have the bitdefender status page by default, one of us
> will send it to you.
>
> We are a full service list... most of the time  ;-D
>
>

Scott,

I'll take you up on the offer.  Btw, I do all my shopping here :-)  .

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Fri Jan 26 23:37:50 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan 26 22:40:58 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <200701261511.51743.dyioulos@firstbhph.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<200701260821.42223.dyioulos@firstbhph.com>	<45BA32B6.9070506@evi-inc.com>
	<200701261511.51743.dyioulos@firstbhph.com>
Message-ID: <epdvru$7cc$1@sea.gmane.org>

Dimitri Yioulos spake the following on 1/26/2007 12:11 PM:
> On Friday 26 January 2007 11:56 am, Matt Kettler wrote:
>> Dimitri Yioulos wrote:
>>> On Thursday 25 January 2007 6:58 pm, Scott Silva wrote:
>>>> Matt Kettler spake the following on 1/25/2007 3:11 PM:
>>>>> Glenn Steen wrote:
>>>>>> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>>>>>>>> The free version still includes this statement in it;
>>>>>>>>
>>>>>>>>     Thank  you  for  choosing  to  install  the  freeware version of
>>>>>>>>     BitDefender for Linux Console Free Edition. It can be used  free
>>>>>>>>     of  charge.  It is fully functional and without any restrictions
>>>>>>>>     regarding the licensed version of the product.
>>>>>>>>
>>>>>>>> I'm not a lawyer, but it looks like it is still free.
>>>>>>> Looking at my logs, it doesn't seem to be hitting anything here
>>>>>>> lately. Especially the new Trojan.Downloader-??? that clam has been
>>>>>>> getting since last
>>>>>>> weekend. Even a scan of the quarantined file shows nothing. Even
>>>>>>> McAfee is
>>>>>>> getting these!
>>>>>>>
>>>>>>> I guess it is time to hit the flusher on Bitdefender.
>>>>>> Still seems to be on par with mcafee here.... which isn't saying that
>>>>>> much:-):-)
>>>>>>
>>>>>> Cheers
>>>>> It seems in recent months both sides of the clamav and bitdefender hits
>>>>> have diverged considerably.
>>>>>
>>>>> Let's look at some numbers from my system. Note I've excluded
>>>>> "HTML-Phishing" matches by clamav from this, as that's not something
>>>>> BitDefender (aka bdc) looks for.
>>>>>
>>>>>
>>>>> Dec 1, 2006-today:
>>>>> messages with viruses found by clam but not bdc: 142
>>>>> messages with viruses found by bdc but clam: 148
>>>>>
>>>>> Looks like both bdc and clam are catching about the same number of
>>>>> messages that the other missed..
>>>>>
>>>>>
>>>>>
>>>>> July 1, 2006 - Dec 1, 2006
>>>>> clam not bdc: 39
>>>>> bdc not clam: 30
>>>>>
>>>>> Note that in the previous 5 months, these numbers were MUCH smaller.
>>>>> This tells me that in the past clam and bdc both matched most of the
>>>>> same messages. However, recently, that's changed and a lot more viruses
>>>>> are coming out that are only caught by one of the two.
>>>>>
>>>>> This might be due to an increase in how fast viruses mutate, I'm not
>>>>> sure. However, clearly BitDefender is still doing a lot of good here,
>>>>> catching several things clam is missing.
>>>> My volume is still low enough to leave it running. I think I am dumping
>>>> most of the viruses with blacklists, as my hit rate is very low. And
>>>> MailScanner is catching them by filetype rules even when the virus
>>>> scanners miss.
>>>>
>>>> --
>>> I apologize if I'm taking this post OT, but is anyone using the "free"
>>> BitDefender console version with MS?
>> Erm, yes.. that's what BDC is that I'm referring to above.
>>
>>  I installed it, and ran MS
>>
>>> bitdefender-autoupdate, which seemed to work.  But, it's hard to tell if
>>> the virus signatures were truly updated.  Does anyone know if this is the
>>> case?
>> You can always run bdc --update manually right after the autoupdate. If the
>> autoupdate worked, the manual run shouldn't find anything to update.
>>
>>> Also, must bitdefender be "started"?  I
>> No. the free version is a console app. There's nothing to start.
>>
>>> And, finally, should
>>> bitdefender-autoupdate be run as a cron job, or does MS handle that?
>> MS handles that, by default ever hour.
>>
>> You should see log messages like this:
>>
>> Jan 26 06:09:53 xanadu update.virus.scanners: Found bitdefender installed
>> Jan 26 06:09:53 xanadu update.virus.scanners: Running autoupdate for
>> bitdefender
>>
>> Jan 26 07:09:17 xanadu update.virus.scanners: Found bitdefender installed
>> Jan 26 07:09:17 xanadu update.virus.scanners: Running autoupdate for
>> bitdefender --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> 
> Thanks, Matt.  I admit that some of my questions seemed to have an intuitive 
> answer, but I felt I could go ahead and ask anyway for comfort's sake.  I 
> tested the server against GFI tests, and bitdefender did, indeed, work.
> 
> In an earlier post, Glenn mentioned that bitdefender could be accessed from 
> MailWatch's Tools page, but that's not the case on my system.  Might I humbly 
> reask here if anyone knows how to add this functionality.
> 
> Thanks again.
> 
> Dimitri
> 
Here are the two files you need. Unpack them into your mailscanner directory,
and make sure they have the same permissions that the clamav files have,

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bitdefender.tgz
Type: application/x-compressed
Size: 1064 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070126/91474a9d/bitdefender-0001.bin
From res at ausics.net  Fri Jan 26 23:38:40 2007
From: res at ausics.net (Res)
Date: Fri Jan 26 22:41:45 2007
Subject: how to prevent fake email to enter my domain?
In-Reply-To: <45B9ED6B.7FBE.00FC.3@medicine.wisc.edu>
References: <1527637772.20070126083008@halla.pt>
	<Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>
	<45B9ED6B.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <Pine.LNX.4.64.0701270831410.7714@ebfjryy.nhfvpf.arg>

On Fri, 26 Jan 2007, Michael Masse wrote:

>> You should use a helo check, if you use sendmail use the block_bad_helo

> The Block_bad_helo hack works excellent, except there are a few
> legitimate senders out there with badly configured servers that send
> things like localhost during helo, so you have no choice but to
> whitelist some of these senders.    Sendmail-speak is not the easiest

I think it is up to the sending smtp server admin to fix *their* problem 
not the receiving side put in a work around because *they* wont.

The only exemptions which should already be allowed anyway in relay, are 
local IP ranges.

Its almost like saying I'll whitelist comcast because they are always in 
blacklists because they have no idea on how to control their abusive 
spamming L-users, and hell will freeze over before that happens here :P

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From dyioulos at firstbhph.com  Fri Jan 26 23:46:40 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri Jan 26 22:49:48 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <epdvru$7cc$1@sea.gmane.org>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<200701261511.51743.dyioulos@firstbhph.com>
	<epdvru$7cc$1@sea.gmane.org>
Message-ID: <200701261746.41165.dyioulos@firstbhph.com>

On Friday 26 January 2007 5:37 pm, Scott Silva wrote:
> Dimitri Yioulos spake the following on 1/26/2007 12:11 PM:
> > On Friday 26 January 2007 11:56 am, Matt Kettler wrote:
> >> Dimitri Yioulos wrote:
> >>> On Thursday 25 January 2007 6:58 pm, Scott Silva wrote:
> >>>> Matt Kettler spake the following on 1/25/2007 3:11 PM:
> >>>>> Glenn Steen wrote:
> >>>>>> On 25/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> >>>>>>>> The free version still includes this statement in it;
> >>>>>>>>
> >>>>>>>>     Thank  you  for  choosing  to  install  the  freeware version
> >>>>>>>> of BitDefender for Linux Console Free Edition. It can be used 
> >>>>>>>> free of  charge.  It is fully functional and without any
> >>>>>>>> restrictions regarding the licensed version of the product.
> >>>>>>>>
> >>>>>>>> I'm not a lawyer, but it looks like it is still free.
> >>>>>>>
> >>>>>>> Looking at my logs, it doesn't seem to be hitting anything here
> >>>>>>> lately. Especially the new Trojan.Downloader-??? that clam has been
> >>>>>>> getting since last
> >>>>>>> weekend. Even a scan of the quarantined file shows nothing. Even
> >>>>>>> McAfee is
> >>>>>>> getting these!
> >>>>>>>
> >>>>>>> I guess it is time to hit the flusher on Bitdefender.
> >>>>>>
> >>>>>> Still seems to be on par with mcafee here.... which isn't saying
> >>>>>> that much:-):-)
> >>>>>>
> >>>>>> Cheers
> >>>>>
> >>>>> It seems in recent months both sides of the clamav and bitdefender
> >>>>> hits have diverged considerably.
> >>>>>
> >>>>> Let's look at some numbers from my system. Note I've excluded
> >>>>> "HTML-Phishing" matches by clamav from this, as that's not something
> >>>>> BitDefender (aka bdc) looks for.
> >>>>>
> >>>>>
> >>>>> Dec 1, 2006-today:
> >>>>> messages with viruses found by clam but not bdc: 142
> >>>>> messages with viruses found by bdc but clam: 148
> >>>>>
> >>>>> Looks like both bdc and clam are catching about the same number of
> >>>>> messages that the other missed..
> >>>>>
> >>>>>
> >>>>>
> >>>>> July 1, 2006 - Dec 1, 2006
> >>>>> clam not bdc: 39
> >>>>> bdc not clam: 30
> >>>>>
> >>>>> Note that in the previous 5 months, these numbers were MUCH smaller.
> >>>>> This tells me that in the past clam and bdc both matched most of the
> >>>>> same messages. However, recently, that's changed and a lot more
> >>>>> viruses are coming out that are only caught by one of the two.
> >>>>>
> >>>>> This might be due to an increase in how fast viruses mutate, I'm not
> >>>>> sure. However, clearly BitDefender is still doing a lot of good here,
> >>>>> catching several things clam is missing.
> >>>>
> >>>> My volume is still low enough to leave it running. I think I am
> >>>> dumping most of the viruses with blacklists, as my hit rate is very
> >>>> low. And MailScanner is catching them by filetype rules even when the
> >>>> virus scanners miss.
> >>>>
> >>>> --
> >>>
> >>> I apologize if I'm taking this post OT, but is anyone using the "free"
> >>> BitDefender console version with MS?
> >>
> >> Erm, yes.. that's what BDC is that I'm referring to above.
> >>
> >>  I installed it, and ran MS
> >>
> >>> bitdefender-autoupdate, which seemed to work.  But, it's hard to tell
> >>> if the virus signatures were truly updated.  Does anyone know if this
> >>> is the case?
> >>
> >> You can always run bdc --update manually right after the autoupdate. If
> >> the autoupdate worked, the manual run shouldn't find anything to update.
> >>
> >>> Also, must bitdefender be "started"?  I
> >>
> >> No. the free version is a console app. There's nothing to start.
> >>
> >>> And, finally, should
> >>> bitdefender-autoupdate be run as a cron job, or does MS handle that?
> >>
> >> MS handles that, by default ever hour.
> >>
> >> You should see log messages like this:
> >>
> >> Jan 26 06:09:53 xanadu update.virus.scanners: Found bitdefender
> >> installed Jan 26 06:09:53 xanadu update.virus.scanners: Running
> >> autoupdate for bitdefender
> >>
> >> Jan 26 07:09:17 xanadu update.virus.scanners: Found bitdefender
> >> installed Jan 26 07:09:17 xanadu update.virus.scanners: Running
> >> autoupdate for bitdefender --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> > Thanks, Matt.  I admit that some of my questions seemed to have an
> > intuitive answer, but I felt I could go ahead and ask anyway for
> > comfort's sake.  I tested the server against GFI tests, and bitdefender
> > did, indeed, work.
> >
> > In an earlier post, Glenn mentioned that bitdefender could be accessed
> > from MailWatch's Tools page, but that's not the case on my system.  Might
> > I humbly reask here if anyone knows how to add this functionality.
> >
> > Thanks again.
> >
> > Dimitri
>
> Here are the two files you need. Unpack them into your mailscanner
> directory, and make sure they have the same permissions that the clamav
> files have,
>
> --

With thanks!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Fri Jan 26 23:53:14 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jan 26 22:56:35 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <200701261737.40169.dyioulos@firstbhph.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<200701260859.56117.dyioulos@firstbhph.com>	<epdu30$1nh$1@sea.gmane.org>
	<200701261737.40169.dyioulos@firstbhph.com>
Message-ID: <epe0oq$abh$1@sea.gmane.org>

Dimitri Yioulos spake the following on 1/26/2007 2:37 PM:
> On Friday 26 January 2007 5:07 pm, Scott Silva wrote:
>> Dimitri Yioulos spake the following on 1/26/2007 5:59 AM:
>>> On Friday 26 January 2007 8:50 am, Glenn Steen wrote:
>>>> On 26/01/07, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
>>>> (snip)
>>>>
>>>>> I apologize if I'm taking this post OT, but is anyone using the "free"
>>>>> BitDefender console version with MS?  I installed it, and ran MS
>>>>> bitdefender-autoupdate, which seemed to work.  But, it's hard to tell
>>>>> if the virus signatures were truly updated.  Does anyone know if this
>>>>> is the case? Also, must bitdefender be "started"?  If so, how?  And,
>>>>> finally, should bitdefender-autoupdate be run as a cron job, or does MS
>>>>> handle that?
>>>> I would say that all of us that use bdc (well, pretty close to all ...
>>>> at least:-) are using the "free console version".
>>>> You do not need run the autoupdate script by hand, it will be run (as
>>>> any _installed_ AVs autoupdate-script... Whether it is used is
>>>> immaterial, if it's there, MS will update it) by the
>>>> update_virus_scanners script that the MS install places into cron
>>>> (well, at least for the RPM install, you might need schedule it by
>>>> hand on the tarball install, and I imagine the freebsd port to do
>>>> something appropriate to that:-).
>>>> So... basically there is _no_ setup needed to get updates.
>>>> And the update_virus_scanners script/teh autoupdate scripts will log
>>>> what it does, and possibly what result (update, no update needed etc)
>>>> to your maillog, and possibly some place else... In the case of
>>>> ClamAV, there is a file /tmp/ClamAv.update.log (or similar) that you
>>>> can look at for details, and for bdc there is
>>>> /var/log/bitdefender_updater.log ... And if you want it at a glance,
>>>> and use MailWatch there one can look at the Tools page (I don't recall
>>>> if one had to add the script for this, or if it is part of 1.0.3 ...
>>>> The answer to that is somewhere in the MailWatch mailing list
>>>> archives). Hm. Perhaps I should update the bitdefender wiki page with
>>>> this info... When I get the time:-).
>>>> Enough?
>>>>
>>>> Cheers
>>>> --
>>>> -- Glenn
>>>> email: glenn < dot > steen < at > gmail < dot > com
>>>> work: glenn < dot > steen < at > ap1 < dot > se
>>>> --
>>> More than.  Thanks, Glenn.  All I need to do now is figure out the
>>> MaiWatch piece (if anybody knows how to, I'd appreciate it).
>> If mailwatch doesn't have the bitdefender status page by default, one of us
>> will send it to you.
>>
>> We are a full service list... most of the time  ;-D
>>
>>
> 
> Scott,
> 
> I'll take you up on the offer.  Btw, I do all my shopping here :-)  .
> 
> Dimitri
> 
I sent it in reply to another thread, but I seem to remember also adding
something to other.php. Look around this area. The code between f-prot and the
mysql status.

    <? if(!DISTRIBUTED_SETUP &&
preg_match('/mcafee/i',get_conf_var('VirusScanners'))): ?>
     <LI><A HREF="mcafee_status.php">McAfee Status</A>
    <? endif; ?>
    <? if(!DISTRIBUTED_SETUP &&
preg_match('/f-prot/i',get_conf_var('VirusScanners'))): ?>
     <LI><A HREF="f-prot_status.php">F-Prot Status</A>
    <? endif; ?>
    <? if(!DISTRIBUTED_SETUP &&
preg_match('/bitdefender/i',get_conf_var('VirusScanners'))): ?>
    <LI><A HREF="bitdefender_status.php">BitDefender Status</A>
    <? endif; ?>
    <? if($GLOBALS['user_type'] == 'A'): ?>
    <LI><A HREF="mysql_status.php">MySQL Database Status</A>
    <? endif; ?>
    <? if(!DISTRIBUTED_SETUP && $GLOBALS['user_type'] == 'A'): ?>




-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From jcb at dream.com.ph  Sat Jan 27 00:07:10 2007
From: jcb at dream.com.ph (jepoy)
Date: Fri Jan 26 23:10:15 2007
Subject: dcc,razor,pyzor on MS running centos4.4
References: <01b101c7405f$12666640$920bbdcb@pmsi.net><223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com><200701260148020079.03ABA951@smtp1.ace.net.au><223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com>
	<200701260237560115.03D958C4@smtp1.ace.net.au>
Message-ID: <00d501c7419e$b6f1b300$920bbdcb@pmsi.net>


>> >Start looking at (MAQ):
>>
>>http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_
and
>> _bayes
>> >And also (wiki):
>>
>>http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:
spama
>> ssassin:plugins
>>
>> Is that stuff still current?  On my new Centos 4 setup I simply used
"yum
>> install perl-Razor-Agent pyzor DCC"
>>
>> The last 2 are from atrpms.net
>>
>> I then commented out the lines in spam.assassin.prefs.conf: (I got lint
>> errors if I left them in)
>> # pyzor path
>> # DCC path
>>
>> Last I made sure the relevant lines in v310.pre were uncommented.
>>
>> Bingo, instant razor, pyzor and DCC.
>>
>> Peter
>>
>Since they detail how to use the f^Hsource, I presume they are OK.
>If you want to use RPMs and yum, and feel this should be mentioned in
>the wiki... why then... feel free to update the wiki pages with this
>additional info;-). After all, that is what a wiki is all about:-D
>
>That you get errors about some lines regarding pyzor and DCC might be
>indicative that you aren't loading the plugins properly... Have you
>checked (with a spamassassin -D) that they load/execute as they
>should? See, SpamAssassin doesn'?t know about those settings.... the
>individual plugins do though;-). So if you had done thinsg the other
>way around (load plugins uncommented, then --lint) things might've
>looked differently;)

I just tested it again, the pyzor_path is actually OK and DCC_path is also
OK if I change it from /usr/local/bin to /usr/bin - the rpm put dccproc in
a different place.

However, I am curious as to why the settings are needed as it actually
worked and linted fine with the lines commented out.

Now that they are plugins, are the path lines still needed?

Peter

Hi guys,

just came back from the office. ill' try to upgrade first my SA to 3.1 and 
try those things out.i hope they can put this stuff on the wiki for us new 
to MS really work things out.

Thanks.






-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dyioulos at firstbhph.com  Sat Jan 27 00:08:42 2007
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri Jan 26 23:11:55 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <epe0oq$abh$1@sea.gmane.org>
References: <20070125100506.4544c990@uxbod.splatnix.net>
	<200701261737.40169.dyioulos@firstbhph.com>
	<epe0oq$abh$1@sea.gmane.org>
Message-ID: <200701261808.43280.dyioulos@firstbhph.com>

On Friday 26 January 2007 5:53 pm, Scott Silva wrote:
> Dimitri Yioulos spake the following on 1/26/2007 2:37 PM:
> > On Friday 26 January 2007 5:07 pm, Scott Silva wrote:
> >> Dimitri Yioulos spake the following on 1/26/2007 5:59 AM:
> >>> On Friday 26 January 2007 8:50 am, Glenn Steen wrote:
> >>>> On 26/01/07, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
> >>>> (snip)
> >>>>
> >>>>> I apologize if I'm taking this post OT, but is anyone using the
> >>>>> "free" BitDefender console version with MS?  I installed it, and ran
> >>>>> MS bitdefender-autoupdate, which seemed to work.  But, it's hard to
> >>>>> tell if the virus signatures were truly updated.  Does anyone know if
> >>>>> this is the case? Also, must bitdefender be "started"?  If so, how? 
> >>>>> And, finally, should bitdefender-autoupdate be run as a cron job, or
> >>>>> does MS handle that?
> >>>>
> >>>> I would say that all of us that use bdc (well, pretty close to all ...
> >>>> at least:-) are using the "free console version".
> >>>> You do not need run the autoupdate script by hand, it will be run (as
> >>>> any _installed_ AVs autoupdate-script... Whether it is used is
> >>>> immaterial, if it's there, MS will update it) by the
> >>>> update_virus_scanners script that the MS install places into cron
> >>>> (well, at least for the RPM install, you might need schedule it by
> >>>> hand on the tarball install, and I imagine the freebsd port to do
> >>>> something appropriate to that:-).
> >>>> So... basically there is _no_ setup needed to get updates.
> >>>> And the update_virus_scanners script/teh autoupdate scripts will log
> >>>> what it does, and possibly what result (update, no update needed etc)
> >>>> to your maillog, and possibly some place else... In the case of
> >>>> ClamAV, there is a file /tmp/ClamAv.update.log (or similar) that you
> >>>> can look at for details, and for bdc there is
> >>>> /var/log/bitdefender_updater.log ... And if you want it at a glance,
> >>>> and use MailWatch there one can look at the Tools page (I don't recall
> >>>> if one had to add the script for this, or if it is part of 1.0.3 ...
> >>>> The answer to that is somewhere in the MailWatch mailing list
> >>>> archives). Hm. Perhaps I should update the bitdefender wiki page with
> >>>> this info... When I get the time:-).
> >>>> Enough?
> >>>>
> >>>> Cheers
> >>>> --
> >>>> -- Glenn
> >>>> email: glenn < dot > steen < at > gmail < dot > com
> >>>> work: glenn < dot > steen < at > ap1 < dot > se
> >>>> --
> >>>
> >>> More than.  Thanks, Glenn.  All I need to do now is figure out the
> >>> MaiWatch piece (if anybody knows how to, I'd appreciate it).
> >>
> >> If mailwatch doesn't have the bitdefender status page by default, one of
> >> us will send it to you.
> >>
> >> We are a full service list... most of the time  ;-D
> >
> > Scott,
> >
> > I'll take you up on the offer.  Btw, I do all my shopping here :-)  .
> >
> > Dimitri
>
> I sent it in reply to another thread, but I seem to remember also adding
> something to other.php. Look around this area. The code between f-prot and
> the mysql status.
>
>     <? if(!DISTRIBUTED_SETUP &&
> preg_match('/mcafee/i',get_conf_var('VirusScanners'))): ?>
>      <LI><A HREF="mcafee_status.php">McAfee Status</A>
>     <? endif; ?>
>     <? if(!DISTRIBUTED_SETUP &&
> preg_match('/f-prot/i',get_conf_var('VirusScanners'))): ?>
>      <LI><A HREF="f-prot_status.php">F-Prot Status</A>
>     <? endif; ?>
>     <? if(!DISTRIBUTED_SETUP &&
> preg_match('/bitdefender/i',get_conf_var('VirusScanners'))): ?>
>     <LI><A HREF="bitdefender_status.php">BitDefender Status</A>
>     <? endif; ?>
>     <? if($GLOBALS['user_type'] == 'A'): ?>
>     <LI><A HREF="mysql_status.php">MySQL Database Status</A>
>     <? endif; ?>
>     <? if(!DISTRIBUTED_SETUP && $GLOBALS['user_type'] == 'A'): ?>
>
>
>

Much better.  Thanks!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Sat Jan 27 01:06:43 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Sat Jan 27 00:09:52 2007
Subject: SOT: AntiVirus Software
In-Reply-To: <200701261808.43280.dyioulos@firstbhph.com>
References: <20070125100506.4544c990@uxbod.splatnix.net>	<200701261737.40169.dyioulos@firstbhph.com>	<epe0oq$abh$1@sea.gmane.org>
	<200701261808.43280.dyioulos@firstbhph.com>
Message-ID: <epe52j$rkg$1@sea.gmane.org>

Dimitri Yioulos spake the following on 1/26/2007 3:08 PM:
> On Friday 26 January 2007 5:53 pm, Scott Silva wrote:
>> Dimitri Yioulos spake the following on 1/26/2007 2:37 PM:
>>> On Friday 26 January 2007 5:07 pm, Scott Silva wrote:
>>>> Dimitri Yioulos spake the following on 1/26/2007 5:59 AM:
>>>>> On Friday 26 January 2007 8:50 am, Glenn Steen wrote:
>>>>>> On 26/01/07, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
>>>>>> (snip)
>>>>>>
>>>>>>> I apologize if I'm taking this post OT, but is anyone using the
>>>>>>> "free" BitDefender console version with MS?  I installed it, and ran
>>>>>>> MS bitdefender-autoupdate, which seemed to work.  But, it's hard to
>>>>>>> tell if the virus signatures were truly updated.  Does anyone know if
>>>>>>> this is the case? Also, must bitdefender be "started"?  If so, how? 
>>>>>>> And, finally, should bitdefender-autoupdate be run as a cron job, or
>>>>>>> does MS handle that?
>>>>>> I would say that all of us that use bdc (well, pretty close to all ...
>>>>>> at least:-) are using the "free console version".
>>>>>> You do not need run the autoupdate script by hand, it will be run (as
>>>>>> any _installed_ AVs autoupdate-script... Whether it is used is
>>>>>> immaterial, if it's there, MS will update it) by the
>>>>>> update_virus_scanners script that the MS install places into cron
>>>>>> (well, at least for the RPM install, you might need schedule it by
>>>>>> hand on the tarball install, and I imagine the freebsd port to do
>>>>>> something appropriate to that:-).
>>>>>> So... basically there is _no_ setup needed to get updates.
>>>>>> And the update_virus_scanners script/teh autoupdate scripts will log
>>>>>> what it does, and possibly what result (update, no update needed etc)
>>>>>> to your maillog, and possibly some place else... In the case of
>>>>>> ClamAV, there is a file /tmp/ClamAv.update.log (or similar) that you
>>>>>> can look at for details, and for bdc there is
>>>>>> /var/log/bitdefender_updater.log ... And if you want it at a glance,
>>>>>> and use MailWatch there one can look at the Tools page (I don't recall
>>>>>> if one had to add the script for this, or if it is part of 1.0.3 ...
>>>>>> The answer to that is somewhere in the MailWatch mailing list
>>>>>> archives). Hm. Perhaps I should update the bitdefender wiki page with
>>>>>> this info... When I get the time:-).
>>>>>> Enough?
>>>>>>
>>>>>> Cheers
>>>>>> --
>>>>>> -- Glenn
>>>>>> email: glenn < dot > steen < at > gmail < dot > com
>>>>>> work: glenn < dot > steen < at > ap1 < dot > se
>>>>>> --
>>>>> More than.  Thanks, Glenn.  All I need to do now is figure out the
>>>>> MaiWatch piece (if anybody knows how to, I'd appreciate it).
>>>> If mailwatch doesn't have the bitdefender status page by default, one of
>>>> us will send it to you.
>>>>
>>>> We are a full service list... most of the time  ;-D
>>> Scott,
>>>
>>> I'll take you up on the offer.  Btw, I do all my shopping here :-)  .
>>>
>>> Dimitri
>> I sent it in reply to another thread, but I seem to remember also adding
>> something to other.php. Look around this area. The code between f-prot and
>> the mysql status.
>>
>>     <? if(!DISTRIBUTED_SETUP &&
>> preg_match('/mcafee/i',get_conf_var('VirusScanners'))): ?>
>>      <LI><A HREF="mcafee_status.php">McAfee Status</A>
>>     <? endif; ?>
>>     <? if(!DISTRIBUTED_SETUP &&
>> preg_match('/f-prot/i',get_conf_var('VirusScanners'))): ?>
>>      <LI><A HREF="f-prot_status.php">F-Prot Status</A>
>>     <? endif; ?>
>>     <? if(!DISTRIBUTED_SETUP &&
>> preg_match('/bitdefender/i',get_conf_var('VirusScanners'))): ?>
>>     <LI><A HREF="bitdefender_status.php">BitDefender Status</A>
>>     <? endif; ?>
>>     <? if($GLOBALS['user_type'] == 'A'): ?>
>>     <LI><A HREF="mysql_status.php">MySQL Database Status</A>
>>     <? endif; ?>
>>     <? if(!DISTRIBUTED_SETUP && $GLOBALS['user_type'] == 'A'): ?>
>>
>>
>>
> 
> Much better.  Thanks!
> 
Now I want to figure out how to get the f-prot status page working. Before my
30 day trial runs out.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From bamcomp at yahoo.com  Sat Jan 27 01:52:58 2007
From: bamcomp at yahoo.com (Brett Moss)
Date: Sat Jan 27 01:02:38 2007
Subject: SOT: AntiVirus Software / f-prot status
In-Reply-To: <epe52j$rkg$1@sea.gmane.org>
Message-ID: <20070127005258.55020.qmail@web36604.mail.mud.yahoo.com>

<snip>
> Now I want to figure out how to get the f-prot
> status page working. Before my
> 30 day trial runs out.

from mailwatch mailing list archive---
change the line in the f-prot-wrapper from
RamDisk=yes
to
RamDisk=no

Brett

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
From jcb at dream.com.ph  Sat Jan 27 04:54:09 2007
From: jcb at dream.com.ph (jepoy)
Date: Sat Jan 27 03:57:13 2007
Subject: no RBL checks
References: <014901c74050$ed6af6c0$920bbdcb@pmsi.net>
	<epauc1$rtm$2@sea.gmane.org>
Message-ID: <019901c741c6$ccf46fd0$920bbdcb@pmsi.net>

> jcb dream.com.ph spake the following on 1/24/2007 11:17 PM:
>> hi guys,
>> i tried checking the details on one of my messages which was not tagged
>> as spam. And mostly i found out that there are no RBL checks, is it
>> possible that my messages bypass RBL checks ?
>
> If the message is under your spam threshold the report won't show unless;
>
> # Do you want to always include the Spam Report in the SpamCheck
> # header, even if the message wasn't spam?
> # This can also be the filename of a ruleset.
> Always Include SpamAssassin Report = yes
>
> This will give more detail in your messages, and help you see what
> happened.
> Otherwise, you need to grep for that message id in the logs to see the
> detail.
hi scot,
i activated the report and saw the details. its giving a low score on the
message thats why it was not tag as spam. any tips on how to get these
spams?
here's the sample spam from accessthislive.com where i got 3 messages per
minute.
X-Server-MailScanner-Information: Please contact the ISP for more 
information
X-Server-MailScanner: Found to be clean
X-Server-MailScanner-SpamCheck: not spam,
 SpamAssassin (not cached, score=2.701, required 3,
 FORGED_RCVD_HELO 0.05, FROM_ENDS_IN_NUMS 0.52, HTML_00_10 0.14,
 HTML_MESSAGE 0.00, URIBL_OB_SURBL 2.00)
X-Mail_Server-MailScanner-SpamScore: ss
X-Mail_Server-MailScanner-From: toni02@accesthislive.com



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jcb at dream.com.ph  Sat Jan 27 04:56:42 2007
From: jcb at dream.com.ph (jepoy)
Date: Sat Jan 27 03:59:53 2007
Subject: dcc,razor,pyzor on MS running centos4.4
References: <01b101c7405f$12666640$920bbdcb@pmsi.net><223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com><200701260148020079.03ABA951@smtp1.ace.net.au><223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com><200701260237560115.03D958C4@smtp1.ace.net.au>
	<00d501c7419e$b6f1b300$920bbdcb@pmsi.net>
Message-ID: <01a701c741c7$27d07a20$920bbdcb@pmsi.net>


hi guys,
just reinstalled SA 3.1 from source, just followed the documentation on the 
site. im on way on reinstalling the plugins.will these plugins really help ?

tnx 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Rodney at rcrcomputing.com  Sat Jan 27 06:25:10 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Sat Jan 27 05:28:37 2007
Subject: add high scoring spam to my rbl list
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404ADE7@server1.RCRComputing.local>

Is there a way one might grab the ip of the high scoring spam
Mailscanner finds and have it put into my own rbl list for postfix to
then deny...

Kindof wondering if such a project exists.


Highest Regards,


Rodney Richison 
RCR Computing 
PO Box 566 - 118 N. Broadway 
Cleveland, OK 74020 
Phone: 918-358-1111
Proud ChannelVar member!
www.ChannelVar.com


From leiw324 at yahoo.com.hk  Sat Jan 27 09:37:16 2007
From: leiw324 at yahoo.com.hk (Wilson Kwok)
Date: Sat Jan 27 08:40:17 2007
Subject: How to uninstall MailScanner ?
Message-ID: <499726.64463.qm@web54403.mail.yahoo.com>

My MailScanner have some problem caused cannot to separate spam mail, 
   
  so I want to uninstall the MailScanner and then re-install a new one.

   
   
  Thanks 
   

 _______________________________________
 YM - Â÷½u°T®§
 ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C
 http://messenger.yahoo.com.hk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070127/f42191df/attachment.html
From chandler.lists at chapman.edu  Sat Jan 27 10:31:58 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Sat Jan 27 09:35:01 2007
Subject: How to uninstall MailScanner ?
In-Reply-To: <499726.64463.qm@web54403.mail.yahoo.com>
References: <499726.64463.qm@web54403.mail.yahoo.com>
Message-ID: <45BB1C0E.2090901@chapman.edu>

Wilson Kwok wrote:
> My MailScanner have some problem caused cannot to separate spam mail,
> so I want to uninstall the MailScanner and then re-install a new one.
> Thanks
>
> _______________________________________
> YM - Â÷½u°T®§
> ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô
> ¦ó»¡¸Ü³£ÉN¨«¥¢¡C
> http://messenger.yahoo.com.hk
>
Go into the /usr/ports/mail/mailscanner directory and type "make
deinstall" then "make reinstall."

OR

Type "yum remove mailscanner" then "yum install mailscanner"

OR

Get a big hammer and beat the crap out of your hard drive. Then replace
it and install a new version of everything.

Without knowing what your operating system is, there's no way to tell you.


-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: The file system is full of it 

From prandal at herefordshire.gov.uk  Sat Jan 27 10:55:46 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Sat Jan 27 09:58:50 2007
Subject: How to uninstall MailScanner ?
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176822A@isabella.herefordshire.gov.uk>

I love it when people ask the wrong questions.

 

We need a few details.

 

1:  What operating system and version is it running under?

 

2:  Which versions of MailScanner and Spamassassin are installed, and
how were they installed? (MailScanner ¨CV) will tell you the version
info.

 

3:  Are you using any Spamassassin plugins?  (DCC, Razor, Pyzor)

 

4:  Are you using any additional rulesets for spamassassin?  If so, are
they up to date?

 

Cheers,

 

Phil

 

  _____  

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Wilson
Kwok
Sent: Saturday, January 27, 2007 8:37 AM
To: mailscanner@lists.mailscanner.info
Subject: How to uninstall MailScanner ?

 

My MailScanner have some problem caused cannot to separate spam mail, 

 

so I want to uninstall the MailScanner and then re-install a new one.

 

 

Thanks 

 

 _______________________________________
YM - ëx¾€Ó�Ï¢
¾ÍËãÄã›]ÓÐÉϾW£¬ÄãµÄÅóÓÑÈÔ¿ÉÒÔÁôÏÂÓ�Ï¢½oÄ㣬®”ÄãÉϾW•r¾ÍÄÜÁ¢¼´¿´µ½£¬ÈκÎ
ÕfÔ’¶¼ƒÓ×ßʧ¡£
http://messenger.yahoo.com.hk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070127/8686cc1f/attachment.html
From glenn.steen at gmail.com  Sat Jan 27 11:48:48 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat Jan 27 10:51:49 2007
Subject: how to prevent fake email to enter my domain?
In-Reply-To: <45BA1285.7FBE.00FC.3@medicine.wisc.edu>
References: <1527637772.20070126083008@halla.pt>
	<Pine.LNX.4.64.0701262000570.5146@ebfjryy.nhfvpf.arg>
	<45B9ED6B.7FBE.00FC.3@medicine.wisc.edu>
	<223f97700701261121i17980cdfs9e4733b332900b5b@mail.gmail.com>
	<45BA1285.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <223f97700701270248g54deef9emfd468478be19a9a7@mail.gmail.com>

On 26/01/07, Michael Masse <mrm@medicine.wisc.edu> wrote:
> > Which would be along the line "If they're that stoopid they _should_
> > be dropped... Unless it affects a paying customer in a really bad
> > way"... I tend to think along the same lines, but scratch the last
> > part. If it is an issue, contact them, inform them that it is in
> > violation of RFC to do this... And if they fail to comply, well...
> Be
> > damned:-).
> > I've _never_ had any legitimate (business) sender that has failed to
> > see the light, when their error has been pointed out to them...
> ever.
> > On the contrary, most have (rather politely:) asked me to pass them
> > the brown bag:-D.
> >
> > But enabling "RFC strictness" do mean one has to at least keep a
> > fraction of an eye on it.
> >
>
> I totally agree with this in theory, but there have been cases where
> it's been impossible for the "sender" to change.   This usually occurs
> with hardware systems with embedded software which have the capability
> of sending alerts via email, such as our SAN hardware, our ethernet
> switches, and a certain SQL server written by a certain large company
> that should really know better.   Although I would love to think that
> Xiotech, EMC, Cisco, and Microsoft are going to push out firmware and or
> software fixes to become RFC compliant the instant I have a problem,  my
> experience has been that we are not considered a big enough player for
> them to bow down to.    In these cases I find that whitelisting the
> offending IP to be a solution that works quickly even if it's not the
> correct thing to do in principle.   I was originally trying to point out
> that the recipe to get helo checking installed is very easy, but if you
> need to make changes, such as whitelisting an IP, it's not clearly
> apparent if you're not proficient in sendmail's config language, so it
> might be good to find out how <before> you have an issue, regardless of
> how you handle it.
>
> My understanding (which I admit is very limited) of the helo stage is
> that to be RFC compliant you are supposed to send your domain, but it is
> also non compliant to reject an email if the sender is sending a bogus
> helo, and I believe this is what these major vendors hide behind,
> stating that I am breaking RFC compliance by rejecting their bogus
> helos.
>
> My apologies for taking this so OT.
>
> Mike

(A bit more sober today:-).
In principle you are right... For some things it can be a *tch to get
the thing to do the right thing.
At least the EMC and Cisco _should_ be able (with some config,
depending on flare/firmware of course) to do the right thing... But
whitelisting "internal" resources is of course OK... I'm thinking more
"external business email".
As to the "hiding behind RFC" argument... Wrong is wrong, and in  this
day and age... It is quite OK to just reject any violators.
A tad OT, yes... but still relevant methinks.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Sat Jan 27 11:55:53 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat Jan 27 10:58:54 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <01a701c741c7$27d07a20$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<200701260148020079.03ABA951@smtp1.ace.net.au>
	<223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com>
	<200701260237560115.03D958C4@smtp1.ace.net.au>
	<00d501c7419e$b6f1b300$920bbdcb@pmsi.net>
	<01a701c741c7$27d07a20$920bbdcb@pmsi.net>
Message-ID: <223f97700701270255l62d89c81w71453bfcf6b3ae6f@mail.gmail.com>

On 27/01/07, jepoy <jcb@dream.com.ph> wrote:
>
> hi guys,
> just reinstalled SA 3.1 from source, just followed the documentation on the
> site. im on way on reinstalling the plugins.will these plugins really help ?
>
> tnx
Yes. As Res points out they may be "roadblocks" on high-volume servers
(more than 100K messages/day and you need keep an eye on that), but
they will definitely make a difference.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From res at ausics.net  Sat Jan 27 13:00:25 2007
From: res at ausics.net (Res)
Date: Sat Jan 27 12:03:32 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <01a701c741c7$27d07a20$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net><223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com><200701260148020079.03ABA951@smtp1.ace.net.au><223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com><200701260237560115.03D958C4@smtp1.ace.net.au>
	<00d501c7419e$b6f1b300$920bbdcb@pmsi.net>
	<01a701c741c7$27d07a20$920bbdcb@pmsi.net>
Message-ID: <Pine.LNX.4.64.0701272159060.4943@ebfjryy.nhfvpf.arg>

On Sat, 27 Jan 2007, jepoy wrote:

> site. im on way on reinstalling the plugins.will these plugins really help ?

I've not seen much that warrants them, and their delays introduced are a 
hinderance so I wouldn't bother.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From ttaylor20060622 at duh.net  Sat Jan 27 17:34:05 2007
From: ttaylor20060622 at duh.net (ttaylor20060622@duh.net)
Date: Sat Jan 27 16:34:14 2007
Subject: MailScanner and x86_64 OS
Message-ID: <1169915645@otherbbs.com>

 
Any known or new issues with running MailScanner on a x86_64 OS, other 
then the antivirus and memory pointed out in the "x86_64 mail servers" 
thread earlier last year? 
 
I just tried a fresh install of CentOS 4.4 and the installed fail almost 
immediately trying to build perl-ExtUtils-MakeMaker. 
 
--  
Travis Taylor 
 

From raymond at prolocation.net  Sat Jan 27 17:44:12 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Sat Jan 27 16:47:09 2007
Subject: MailScanner and x86_64 OS
In-Reply-To: <1169915645@otherbbs.com>
References: <1169915645@otherbbs.com>
Message-ID: <Pine.LNX.4.64.0701271743350.8543@control.prolocation.net>

Hi!

> Any known or new issues with running MailScanner on a x86_64 OS, other
> then the antivirus and memory pointed out in the "x86_64 mail servers"
> thread earlier last year?

We have a large number of X64 servers running with MailScanner.
No strange things there.

Bye,
Raymond.
From uxbod at splatnix.net  Sat Jan 27 17:48:36 2007
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Sat Jan 27 16:48:25 2007
Subject: MailScanner and x86_64 OS
In-Reply-To: <1169915645@otherbbs.com>
References: <1169915645@otherbbs.com>
Message-ID: <20070127164836.5bd020e2@uxbod.splatnix.net>

On Sat, 27 Jan 2007 10:34:05 -0600
ttaylor20060622@duh.net wrote:

>  
> Any known or new issues with running MailScanner on a x86_64 OS,
> other then the antivirus and memory pointed out in the "x86_64 mail
> servers" thread earlier last year? 
>  
> I just tried a fresh install of CentOS 4.4 and the installed fail
> almost immediately trying to build perl-ExtUtils-MakeMaker. 
>  
> --  
> Travis Taylor 
>  
> 

No problem here what so ever :-

uname -a

Linux xxxxxxx.xxxxxxx.net 2.6.19-gentoo-r4 #2 SMP Wed Jan 24 15:44:51
GMT 2007 x86_64 AMD Opteron(tm) Processor 250 AuthenticAMD GNU/Linux

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From dnsadmin at 1bigthink.com  Sat Jan 27 18:14:44 2007
From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com)
Date: Sat Jan 27 17:18:04 2007
Subject: [OT] Anyone experience DoS symptoms with mta*.adelphia.net?
Message-ID: <7.0.1.0.0.20070127120514.08e82eb0@1bigthink.com>

Hello All,

I've got two different users under milter-greylist that are receiving 
mail from mta*.adelphia.net and it looks like a DoS, but could be a 
misbehaved MTA. The DNS does resolve to a host.

Jan 25 19:55:42 mxt milter-greylist: l0Q0jqpr027000: addr 
mta8.adelphia.net[68.168.78.196] from <> to <someone@here> delayed 
for 00:05:10 (ACL 634)
Jan 25 19:55:42 mxt sendmail[27000]: l0Q0jqpr027000: Milter: 
to=<someone@here>, reject=451 4.7.1 Greylisting in action, please 
come back later

ALSO:

Jan 26 20:33:58 mxt milter-greylist: l0R1XJAh017040: addr 
mta10.adelphia.net[68.168.78.202] from <someone@adelphia.net> to 
<someone@here> delayed for 00:14:21 (ACL 634)
Jan 26 20:33:58 mxt sendmail[17040]: l0R1XJAh017040: Milter: 
to=<someone@here>, reject=451 4.7.1 Greylisting in action, please 
come back later
Jan 26 20:33:59 mxt milter-greylist: l0R1XJAj017040: addr 
mta10.adelphia.net[68.168.78.202] from <someone@adelphia.net> to 
<someone@here> delayed for 00:14:20 (ACL 634)
Jan 26 20:33:59 mxt sendmail[17040]: l0R1XJAj017040: Milter: 
to=<someone@here>, reject=451 4.7.1 Greylisting in action, please 
come back later

I changed the names to 'someone' to protect the innocent.

Of course, I've reported the problem and their abuse@adelphia.net 
does not deliver.

Should they be whitelisted in milter-greylist?

Thanks,
Glenn Parsons

From Rodney at rcrcomputing.com  Sat Jan 27 19:20:57 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Sat Jan 27 18:24:21 2007
Subject: subject line errors
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404ADED@server1.RCRComputing.local>

I'm getting some apparently NOT spam marked with the {spam?} in the
subject anyway.. It seems to even be autolearning that it is not spam.
So why is Mailscanner inserting the {spam?} in the subject line.
Confused...  :)

Here's some info on one of the messages from the header.

******************************
X-mx2-rcrnet-MailScanner-Information: Spam detection information
X-mx2-rcrnet-MailScanner: Virus-scan found to be clean
X-mx2-rcrnet-MailScanner-SpamCheck: spam, SORBS-DNSBL,
	SpamAssassin (not cached, score=-0.023, required 6,
	autolearn=not spam, AWL 0.72, BAYES_20 -0.74, HTML_MESSAGE 0.00)

X-mx2-rcrnet-MailScanner-From: rsmith7@cox.net
Return-Path: rsmith7@cox.net




Highest Regards,


Rodney Richison 
RCR Computing 
PO Box 566 - 118 N. Broadway 
Cleveland, OK 74020 
Phone: 918-358-1111
Proud ChannelVar member!
www.ChannelVar.com


From raymond at prolocation.net  Sat Jan 27 19:33:00 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Sat Jan 27 18:35:57 2007
Subject: subject line errors
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADED@server1.RCRComputing.local>
References: <D5CCFECF93FF4F4EB819EC304BE34A0404ADED@server1.RCRComputing.local>
Message-ID: <Pine.LNX.4.64.0701271932350.12505@control.prolocation.net>

Hi!

> Here's some info on one of the messages from the header.
>
> ******************************
> X-mx2-rcrnet-MailScanner-Information: Spam detection information
> X-mx2-rcrnet-MailScanner: Virus-scan found to be clean
> X-mx2-rcrnet-MailScanner-SpamCheck: spam, SORBS-DNSBL,
> 	SpamAssassin (not cached, score=-0.023, required 6,
> 	autolearn=not spam, AWL 0.72, BAYES_20 -0.74, HTML_MESSAGE 0.00)
>
> X-mx2-rcrnet-MailScanner-From: rsmith7@cox.net
> Return-Path: rsmith7@cox.net

Uh!

> X-mx2-rcrnet-MailScanner-SpamCheck: spam, SORBS-DNSBL,
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Bye,
Raymond.
From uxbod at splatnix.net  Sat Jan 27 19:43:38 2007
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Sat Jan 27 18:43:28 2007
Subject: subject line errors
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADED@server1.RCRComputing.local>
References: <D5CCFECF93FF4F4EB819EC304BE34A0404ADED@server1.RCRComputing.local>
Message-ID: <20070127184338.7dc4caf8@uxbod.splatnix.net>

On Sat, 27 Jan 2007 12:20:57 -0600
"Rodney Richison" <Rodney@rcrcomputing.com> wrote:

> I'm getting some apparently NOT spam marked with the {spam?} in the
> subject anyway.. It seems to even be autolearning that it is not spam.
> So why is Mailscanner inserting the {spam?} in the subject line.
> Confused...  :)
> 
> Here's some info on one of the messages from the header.
> 
> ******************************
> X-mx2-rcrnet-MailScanner-Information: Spam detection information
> X-mx2-rcrnet-MailScanner: Virus-scan found to be clean
> X-mx2-rcrnet-MailScanner-SpamCheck: spam, SORBS-DNSBL,
> 	SpamAssassin (not cached, score=-0.023, required 6,
> 	autolearn=not spam, AWL 0.72, BAYES_20 -0.74, HTML_MESSAGE
> 0.00)
> 
> X-mx2-rcrnet-MailScanner-From: rsmith7@cox.net
> Return-Path: rsmith7@cox.net
> 
> 
> 
> 
> Highest Regards,
> 
> 
> Rodney Richison 
> RCR Computing 
> PO Box 566 - 118 N. Broadway 
> Cleveland, OK 74020 
> Phone: 918-358-1111
> Proud ChannelVar member!
> www.ChannelVar.com
> 
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 

What version of MailScanner please ?

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

From Rodney at rcrcomputing.com  Sat Jan 27 20:02:02 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Sat Jan 27 19:05:29 2007
Subject: subject line errors
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404ADEF@server1.RCRComputing.local>

> > X-mx2-rcrnet-MailScanner-Information: Spam detection information
> > X-mx2-rcrnet-MailScanner: Virus-scan found to be clean
> > X-mx2-rcrnet-MailScanner-SpamCheck: spam, SORBS-DNSBL,
> > 	SpamAssassin (not cached, score=-0.023, required 6,
> > 	autolearn=not spam, AWL 0.72, BAYES_20 -0.74, HTML_MESSAGE 0.00)
> >
> > X-mx2-rcrnet-MailScanner-From: rsmith7@cox.net
> > Return-Path: rsmith7@cox.net
> 
> Uh!
> 
> > X-mx2-rcrnet-MailScanner-SpamCheck: spam, SORBS-DNSBL,
>                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

And the light-bulb comes on!  Ha  

Let's see if I've got it right...

If you use mailscanner to check the rbl's, the message gets marked as
possible scan just for being found on an rbl. 

Hmm, I'm thinking to use a bit more aggressive rbl's in my spam checks
than I do at the postfix level.

Maybe it'd be best to turn it on at the spamassasin level instead. (Just
thinking out loud)

Are there other implications I should consider?

From raymond at prolocation.net  Sat Jan 27 20:07:07 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Sat Jan 27 19:10:04 2007
Subject: subject line errors
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADEF@server1.RCRComputing.local>
References: <D5CCFECF93FF4F4EB819EC304BE34A0404ADEF@server1.RCRComputing.local>
Message-ID: <Pine.LNX.4.64.0701272006130.3009@control.prolocation.net>

Hi!

>> Uh!
>>
>>> X-mx2-rcrnet-MailScanner-SpamCheck: spam, SORBS-DNSBL,
>>                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>
> And the light-bulb comes on!  Ha
>
> Let's see if I've got it right...
>
> If you use mailscanner to check the rbl's, the message gets marked as
> possible scan just for being found on an rbl.

Yups.

> Hmm, I'm thinking to use a bit more aggressive rbl's in my spam checks
> than I do at the postfix level.

Let SA do the spamchecking, much better, it does it anyway. Not wise to do 
it twice... wasting CPU...

> Maybe it'd be best to turn it on at the spamassasin level instead. (Just
> thinking out loud)

Please do :)

> Are there other implications I should consider?

No think thats it.

Bye,
Raymond.

From MailScanner at ecs.soton.ac.uk  Sat Jan 27 23:56:36 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat Jan 27 23:01:00 2007
Subject: Users in Canada or North East USA?
Message-ID: <45BBD8A4.3020103@ecs.soton.ac.uk>

I am looking to visit a MailScanner user in August for a few days in Maine.
Are there any of you near there who would mind me visiting for a few days?
So looking at Canada or Boston. Never been to Boston before.

Please reply to me directly, as this is totally OT.

Thanks folks,

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From technician at cenpac.net.nr  Sun Jan 28 00:23:29 2007
From: technician at cenpac.net.nr (Jon Leeman)
Date: Sat Jan 27 23:26:19 2007
Subject: Users in Canada or North East USA?
In-Reply-To: <45BBD8A4.3020103@ecs.soton.ac.uk>
References: <45BBD8A4.3020103@ecs.soton.ac.uk>
Message-ID: <45BBDEF1.9040906@cenpac.net.nr>

Julian Field wrote:
> I am looking to visit a MailScanner user in August for a few days in Maine.
> Are there any of you near there who would mind me visiting for a few days?
> So looking at Canada or Boston. Never been to Boston before.
> 
> Please reply to me directly, as this is totally OT.
> 
> Thanks folks,
> 
> Jules
> 

Off topic it may be.

Take it as a given, in the unlikely event you're in this neck of the
woods, accommodation/meals/beverages/transport are available gratis.

(I must warn you, the local moonshine brew is lethal!)

Regards,

Jon (Nauru, 1120 local, overcast skies, 27 deg. C)
From glenn.steen at gmail.com  Sun Jan 28 01:10:15 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sun Jan 28 00:13:23 2007
Subject: Users in Canada or North East USA?
In-Reply-To: <45BBDEF1.9040906@cenpac.net.nr>
References: <45BBD8A4.3020103@ecs.soton.ac.uk> <45BBDEF1.9040906@cenpac.net.nr>
Message-ID: <223f97700701271610n178dabddj3fb9dd5f3a2c7fca@mail.gmail.com>

On 28/01/07, Jon Leeman <technician@cenpac.net.nr> wrote:
> Julian Field wrote:
> > I am looking to visit a MailScanner user in August for a few days in Maine.
> > Are there any of you near there who would mind me visiting for a few days?
> > So looking at Canada or Boston. Never been to Boston before.
> >
> > Please reply to me directly, as this is totally OT.
> >
> > Thanks folks,
> >
> > Jules
> >
>
> Off topic it may be.
>
> Take it as a given, in the unlikely event you're in this neck of the
> woods, accommodation/meals/beverages/transport are available gratis.
>
> (I must warn you, the local moonshine brew is lethal!)
>
> Regards,
>
> Jon (Nauru, 1120 local, overcast skies, 27 deg. C)
If you haven't already, go update the worldtour in the wiki....
http://wiki.mailscanner.info/doku.php?id=worldtour:restofworld ...
:-)

-- 
-- Glenn (finally winter! Snow! -12 degrees C! Wonderful!:-)
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From vlad at mazek.com  Sun Jan 28 08:59:59 2007
From: vlad at mazek.com (Vlad Mazek)
Date: Sun Jan 28 08:02:55 2007
Subject: Feature suggestion: archive non-spam
Message-ID: <45BC57FF.8070609@mazek.com>

Wanted to offer a feature suggestion. Instead of archive being 
all-or-none, consider allowing archival of non-spam messages only and 
ignoring the scores above the spam level. Most of us I imagine would 
only want to archive "clean" messages while the rest end up either 
getting stored or deleted. Just a thought.
From drew at technologytiger.net  Sun Jan 28 10:39:43 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Sun Jan 28 09:42:55 2007
Subject: So far OT Res will be quite emotional: Re: Users in Canada or North
	East USA?
In-Reply-To: <223f97700701271610n178dabddj3fb9dd5f3a2c7fca@mail.gmail.com>
References: <45BBD8A4.3020103@ecs.soton.ac.uk> <45BBDEF1.9040906@cenpac.net.nr>
	<223f97700701271610n178dabddj3fb9dd5f3a2c7fca@mail.gmail.com>
Message-ID: <E3A86451-7383-498A-8889-B68C9C4646A0@technologytiger.net>

On 28 Jan 2007, at 00:10, Glenn Steen wrote:

> -- Glenn (finally winter! Snow! -12 degrees C! Wonderful!:-)

But mind the leg this year. It would be a shame to have to miss out  
on any of that nice snow :-)

Drew

-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From glenn.steen at gmail.com  Sun Jan 28 12:13:29 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sun Jan 28 11:16:34 2007
Subject: Feature suggestion: archive non-spam
In-Reply-To: <45BC57FF.8070609@mazek.com>
References: <45BC57FF.8070609@mazek.com>
Message-ID: <223f97700701280313kb551decmb870f0db6bee3c68@mail.gmail.com>

On 28/01/07, Vlad Mazek <vlad@mazek.com> wrote:
> Wanted to offer a feature suggestion. Instead of archive being
> all-or-none, consider allowing archival of non-spam messages only and
> ignoring the scores above the spam level. Most of us I imagine would
> only want to archive "clean" messages while the rest end up either
> getting stored or deleted. Just a thought.
Can't you live with the little "tampering" done by storing
(quarantining) non-spam in the Non Spam Actions then? It would be
pretty much the same:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Sun Jan 28 12:17:11 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sun Jan 28 11:20:16 2007
Subject: So far OT Res will be quite emotional: Re: Users in Canada or
	North East USA?
In-Reply-To: <E3A86451-7383-498A-8889-B68C9C4646A0@technologytiger.net>
References: <45BBD8A4.3020103@ecs.soton.ac.uk> <45BBDEF1.9040906@cenpac.net.nr>
	<223f97700701271610n178dabddj3fb9dd5f3a2c7fca@mail.gmail.com>
	<E3A86451-7383-498A-8889-B68C9C4646A0@technologytiger.net>
Message-ID: <223f97700701280317h3897cc0bga0344eb4a9289ac5@mail.gmail.com>

On 28/01/07, Drew Marshall <drew@technologytiger.net> wrote:
> On 28 Jan 2007, at 00:10, Glenn Steen wrote:
>
> > -- Glenn (finally winter! Snow! -12 degrees C! Wonderful!:-)
>
> But mind the leg this year. It would be a shame to have to miss out
> on any of that nice snow :-)
>
> Drew

Trust me, neither me nor my brother are getting on any downhill
conveyance of any form.... at least not together... (Don't know if I
mentioned that embarrassing fact about the leg:-). I'll be doing some
nice downhill skiing next weekend though!
Now... What was this list again...?:-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From res at ausics.net  Sun Jan 28 12:52:41 2007
From: res at ausics.net (Res)
Date: Sun Jan 28 11:55:53 2007
Subject: So far OT Res will be quite emotional: Re: Users in Canada or
 North East USA?
In-Reply-To: <E3A86451-7383-498A-8889-B68C9C4646A0@technologytiger.net>
References: <45BBD8A4.3020103@ecs.soton.ac.uk> <45BBDEF1.9040906@cenpac.net.nr>
	<223f97700701271610n178dabddj3fb9dd5f3a2c7fca@mail.gmail.com>
	<E3A86451-7383-498A-8889-B68C9C4646A0@technologytiger.net>
Message-ID: <Pine.LNX.4.64.0701282151290.15339@ebfjryy.nhfvpf.arg>

On Sun, 28 Jan 2007, Drew Marshall wrote:

> On 28 Jan 2007, at 00:10, Glenn Steen wrote:
>
>> -- Glenn (finally winter! Snow! -12 degrees C! Wonderful!:-)
>
> But mind the leg this year. It would be a shame to have to miss out on any of 
> that nice snow :-)

hahaha no i  dont mind its humorous and its nothing to do with mailwatch 
or SA or postmix ;P

.... ahh whats snow its all a mystery in this city, even rains a mystery.


>
> Drew
>
>

-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From res at ausics.net  Sun Jan 28 12:53:55 2007
From: res at ausics.net (Res)
Date: Sun Jan 28 11:57:08 2007
Subject: So far OT Res will be quite emotional: Re: Users in Canada or
 North East USA?
In-Reply-To: <223f97700701280317h3897cc0bga0344eb4a9289ac5@mail.gmail.com>
References: <45BBD8A4.3020103@ecs.soton.ac.uk> <45BBDEF1.9040906@cenpac.net.nr>
	<223f97700701271610n178dabddj3fb9dd5f3a2c7fca@mail.gmail.com>
	<E3A86451-7383-498A-8889-B68C9C4646A0@technologytiger.net>
	<223f97700701280317h3897cc0bga0344eb4a9289ac5@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701282153010.15339@ebfjryy.nhfvpf.arg>

On Sun, 28 Jan 2007, Glenn Steen wrote:

> Trust me, neither me nor my brother are getting on any downhill

> mentioned that embarrassing fact about the leg:-).


Glenny, we dont need to know what you and your bro get up to ;)


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters


From glenn.steen at gmail.com  Sun Jan 28 15:02:12 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sun Jan 28 14:05:18 2007
Subject: So far OT Res will be quite emotional: Re: Users in Canada or
	North East USA?
In-Reply-To: <Pine.LNX.4.64.0701282153010.15339@ebfjryy.nhfvpf.arg>
References: <45BBD8A4.3020103@ecs.soton.ac.uk> <45BBDEF1.9040906@cenpac.net.nr>
	<223f97700701271610n178dabddj3fb9dd5f3a2c7fca@mail.gmail.com>
	<E3A86451-7383-498A-8889-B68C9C4646A0@technologytiger.net>
	<223f97700701280317h3897cc0bga0344eb4a9289ac5@mail.gmail.com>
	<Pine.LNX.4.64.0701282153010.15339@ebfjryy.nhfvpf.arg>
Message-ID: <223f97700701280602w3c7fc1c0o468869ff036b3d@mail.gmail.com>

On 28/01/07, Res <res@ausics.net> wrote:
> On Sun, 28 Jan 2007, Glenn Steen wrote:
>
> > Trust me, neither me nor my brother are getting on any downhill
>
> > mentioned that embarrassing fact about the leg:-).
>
>
> Glenny, we dont need to know what you and your bro get up to ;)
>
If you ever consider getting two fully grown men onto a child-sized
snow-racer (bob), then you do... Oh wait, you've never seen
snow....:-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Sun Jan 28 17:28:43 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sun Jan 28 16:37:01 2007
Subject: New Beta 4.58.6 released
Message-ID: <45BCCF3B.8060608@ecs.soton.ac.uk>

There was 1 serious bug in 4.58.5 which I have now hopefully fixed.

*Please* give this version a try as I don't intend changing anything 
before the 1st Feb stable release unless you notify me of any problems 
or bugs.

Support for the 'p' records in Postfix 2.3/2.4 will have to wait for the 
next release of MailScanner, personally I think it is a nasty bodge. I 
wouldn't be at all surprised if Weitse changed his mind on this topic, 
he certainly should do.

Any major bugs you know of, please let me know, both to me personally 
and the beta-testers mailing list.

Thanks folks!

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From Rodney at rcrcomputing.com  Sun Jan 28 18:18:22 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Sun Jan 28 17:22:30 2007
Subject: sa-learn dumb question
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404ADFC@server1.RCRComputing.local>

Just to verify...  Since I run MailScanner as postfix, I should run
sa-learn as the postfix user??




Highest Regards,


Rodney Richison 
RCR Computing 
PO Box 566 - 118 N. Broadway 
Cleveland, OK 74020 
Phone: 918-358-1111
Proud ChannelVar member!
www.ChannelVar.com


From glenn.steen at gmail.com  Sun Jan 28 19:47:18 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sun Jan 28 18:50:26 2007
Subject: sa-learn dumb question
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADFC@server1.RCRComputing.local>
References: <D5CCFECF93FF4F4EB819EC304BE34A0404ADFC@server1.RCRComputing.local>
Message-ID: <223f97700701281047n6ccaf104g6440e4f15a8a7ae6@mail.gmail.com>

On 28/01/07, Rodney Richison <Rodney@rcrcomputing.com> wrote:
> Just to verify...  Since I run MailScanner as postfix, I should run
> sa-learn as the postfix user??
>
Or as another group that has write pernmissions on the files in
question. Usually an apache _gru?up_ when running MailWatch, at
least...
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mikej at rogers.com  Mon Jan 29 05:33:29 2007
From: mikej at rogers.com (Mike Jakubik)
Date: Mon Jan 29 04:35:48 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BCCF3B.8060608@ecs.soton.ac.uk>
References: <45BCCF3B.8060608@ecs.soton.ac.uk>
Message-ID: <45BD7919.1020009@rogers.com>

Julian Field wrote:
> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
>
> *Please* give this version a try as I don't intend changing anything 
> before the 1st Feb stable release unless you notify me of any problems 
> or bugs.
>
> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for 
> the next release of MailScanner, personally I think it is a nasty 
> bodge. I wouldn't be at all surprised if Weitse changed his mind on 
> this topic, he certainly should do.

Julian,

Could you give a little more detail as to what 'p' records are, and how 
this will affect MS's compatibility with postfix?

Thanks.
From glenn.steen at gmail.com  Mon Jan 29 10:00:48 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 09:03:57 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BD7919.1020009@rogers.com>
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com>
Message-ID: <223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>

On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
> Julian Field wrote:
> > There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
> >
> > *Please* give this version a try as I don't intend changing anything
> > before the 1st Feb stable release unless you notify me of any problems
> > or bugs.
> >
> > Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
> > the next release of MailScanner, personally I think it is a nasty
> > bodge. I wouldn't be at all surprised if Weitse changed his mind on
> > this topic, he certainly should do.
>
> Julian,
>
> Could you give a little more detail as to what 'p' records are, and how
> this will affect MS's compatibility with postfix?
>
> Thanks.
Mike,

Download the postfix source and read the comment in
src/cleanup/cleanup_milter.c (starts on line 114 in the version 2.3.6
sources). This is so far the best explanation of what it is I've
found.

If we manage to implement "support" for it correctly, it'll not change
the support/non-support status of postfix one whit (Jules still
supports it, Wietse will still see us as more evil than the horned
devil for perusing the queue files directly... Well, perhaps not that
evil, but close:-).

We aim at making "milter edited queue files" -> "a (new) normal queue file".

If you want my patches to look at beforehand, I can get them to you in
a blink:-). So far they've been tested by me and Nerijus Baliunas (who
is a brave soul and seems to be running them in production:-). They're
good for 2.3 with milters, not yet 2.4 with body editing milters.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mailscanner at barendse.to  Mon Jan 29 10:26:11 2007
From: mailscanner at barendse.to (Remco Barendse)
Date: Mon Jan 29 09:29:24 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BCCF3B.8060608@ecs.soton.ac.uk>
References: <45BCCF3B.8060608@ecs.soton.ac.uk>
Message-ID: <Pine.LNX.4.64.0701291020220.27095@raveon.vaag.nu>

Hi Jules!

Thanks for the new beta, just installed it.

Not really a MailScanner bug but i noticed ORDB-RBL is still in 
spam.lists.conf

Cheers!
Remco



On Sun, 28 Jan 2007, Julian Field wrote:

> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
>
> *Please* give this version a try as I don't intend changing anything before 
> the 1st Feb stable release unless you notify me of any problems or bugs.
>
> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for the next 
> release of MailScanner, personally I think it is a nasty bodge. I wouldn't be 
> at all surprised if Weitse changed his mind on this topic, he certainly 
> should do.
>
> Any major bugs you know of, please let me know, both to me personally and the 
> beta-testers mailing list.
>
> Thanks folks!
>
> Jules
>
>
From MailScanner at ecs.soton.ac.uk  Mon Jan 29 10:50:06 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan 29 09:55:10 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <Pine.LNX.4.64.0701291020220.27095@raveon.vaag.nu>
References: <45BCCF3B.8060608@ecs.soton.ac.uk>
	<Pine.LNX.4.64.0701291020220.27095@raveon.vaag.nu>
Message-ID: <45BDC34E.2030304@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fixed. Thanks for spotting that one.

Remco Barendse wrote:
> Hi Jules!
>
> Thanks for the new beta, just installed it.
>
> Not really a MailScanner bug but i noticed ORDB-RBL is still in 
> spam.lists.conf
>
> Cheers!
> Remco
>
>
>
> On Sun, 28 Jan 2007, Julian Field wrote:
>
>> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
>>
>> *Please* give this version a try as I don't intend changing anything 
>> before the 1st Feb stable release unless you notify me of any 
>> problems or bugs.
>>
>> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for 
>> the next release of MailScanner, personally I think it is a nasty 
>> bodge. I wouldn't be at all surprised if Weitse changed his mind on 
>> this topic, he certainly should do.
>>
>> Any major bugs you know of, please let me know, both to me personally 
>> and the beta-testers mailing list.
>>
>> Thanks folks!
>>
>> Jules
>>
>>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFvcOwEfZZRxQVtlQRAs8MAKCxQAJgArDV2GSWDMPPDF2+p1ympwCgx+8x
FpOX6Ae4+wrdRcCh+sXz8iY=
=MNVR
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From martinh at solidstatelogic.com  Mon Jan 29 10:55:38 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jan 29 09:58:58 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BCCF3B.8060608@ecs.soton.ac.uk>
Message-ID: <5be54859d3d8e54a8af4205ee3341f0a@solidstatelogic.com>

Jules

All looking good so far... been running a few minutes but the 4.58.5 fix
is still working ;-)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-beta-bounces@lists.mailscanner.info
[mailto:mailscanner-
> beta-bounces@lists.mailscanner.info] On Behalf Of Julian Field
> Sent: 28 January 2007 16:29
> To: MailScanner beta testers; MailScanner discussion
> Subject: New Beta 4.58.6 released
>
> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
>
> *Please* give this version a try as I don't intend changing anything
> before the 1st Feb stable release unless you notify me of any problems
> or bugs.
>
> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
the
> next release of MailScanner, personally I think it is a nasty bodge. I
> wouldn't be at all surprised if Weitse changed his mind on this topic,
> he certainly should do.
>
> Any major bugs you know of, please let me know, both to me personally
> and the beta-testers mailing list.
>
> Thanks folks!
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner-Beta mailing list
> mailscanner-beta@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From gmatt at nerc.ac.uk  Mon Jan 29 12:02:32 2007
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Mon Jan 29 11:25:18 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BCCF3B.8060608@ecs.soton.ac.uk>
References: <45BCCF3B.8060608@ecs.soton.ac.uk>
Message-ID: <45BDD448.3080908@nerc.ac.uk>

not sure that the multiple queue bug is actually fixed. I'm testing on a 
dev box and I have:

Non Spam Actions = forward testuser@localhost

to forward mail to a local user but mail is still getting held up in the 
  /var/spool/mqueue/q* directories. sendmail doesnt seem to be "kicked" 
to deliver the message immediately.

I'll tinker with this a bit further to see if I can spot the problem, 
but no promises!

G


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From martinh at solidstatelogic.com  Mon Jan 29 12:32:15 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jan 29 11:35:32 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BDD448.3080908@nerc.ac.uk>
Message-ID: <1a3386992d6c56498fcb5a2c0a996fe1@solidstatelogic.com>

Greg

Sounds like the problem I had with exim...

In Sendmail.pm around line 717 in KickMessage there's a line...

system(MailScanner::Config::Value('sendmail2') . $args);

add in this above it...

print STDERR "About to do \"Sendmail2 -Mc $args\"\n";

and run in debug mode (MailScanner -debug), it should print out to the
screen what it's trying to do..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Greg Matthews
> Sent: 29 January 2007 11:03
> To: MailScanner discussion
> Subject: Re: New Beta 4.58.6 released
>
> not sure that the multiple queue bug is actually fixed. I'm testing on
a
> dev box and I have:
>
> Non Spam Actions = forward testuser@localhost
>
> to forward mail to a local user but mail is still getting held up in
the
>   /var/spool/mqueue/q* directories. sendmail doesnt seem to be
"kicked"
> to deliver the message immediately.
>
> I'll tinker with this a bit further to see if I can spot the problem,
> but no promises!
>
> G
>
>
> --
> Greg Matthews           01491 692445
> Head of UNIX/Linux, iTSS Wallingford
>
> --
> This message (and any attachments) is for the recipient only. NERC
> is subject to the Freedom of Information Act 2000 and the contents
> of this email and any reply you make may be disclosed by NERC unless
> it is exempt from release under the Act. Any material supplied to
> NERC may be stored in an electronic records management system.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From gmatt at nerc.ac.uk  Mon Jan 29 13:01:45 2007
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Mon Jan 29 12:05:04 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <1a3386992d6c56498fcb5a2c0a996fe1@solidstatelogic.com>
References: <1a3386992d6c56498fcb5a2c0a996fe1@solidstatelogic.com>
Message-ID: <45BDE229.6060300@nerc.ac.uk>

Martin.Hepworth wrote:
> Greg
> 
> Sounds like the problem I had with exim...
> 
> In Sendmail.pm around line 717 in KickMessage there's a line...
> 
> system(MailScanner::Config::Value('sendmail2') . $args);
> 
> add in this above it...
> 
> print STDERR "About to do \"Sendmail2 -Mc $args\"\n";
> 
> and run in debug mode (MailScanner -debug), it should print out to the
> screen what it's trying to do..

ah yes, that throws some light on it:

Can't use string ("l0TBnj5s014430") as a HASH ref while "strict refs" in 
use at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 699.

This is part of the new code, specifically:

     foreach $queue (keys %$messages) {

GREG

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From martinh at solidstatelogic.com  Mon Jan 29 13:20:57 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jan 29 12:24:31 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BDE229.6060300@nerc.ac.uk>
Message-ID: <134e2de53753bd4c98392aaea4fa1be6@solidstatelogic.com>

Greg

Jules just up info on the beta list about this - the split queue stuff
is still a work in progress.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Greg Matthews
> Sent: 29 January 2007 12:02
> To: MailScanner discussion
> Subject: Re: New Beta 4.58.6 released
>
> Martin.Hepworth wrote:
> > Greg
> >
> > Sounds like the problem I had with exim...
> >
> > In Sendmail.pm around line 717 in KickMessage there's a line...
> >
> > system(MailScanner::Config::Value('sendmail2') . $args);
> >
> > add in this above it...
> >
> > print STDERR "About to do \"Sendmail2 -Mc $args\"\n";
> >
> > and run in debug mode (MailScanner -debug), it should print out to
the
> > screen what it's trying to do..
>
> ah yes, that throws some light on it:
>
> Can't use string ("l0TBnj5s014430") as a HASH ref while "strict refs"
in
> use at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 699.
>
> This is part of the new code, specifically:
>
>      foreach $queue (keys %$messages) {
>
> GREG
>
> --
> Greg Matthews           01491 692445
> Head of UNIX/Linux, iTSS Wallingford
>
> --
> This message (and any attachments) is for the recipient only. NERC
> is subject to the Freedom of Information Act 2000 and the contents
> of this email and any reply you make may be disclosed by NERC unless
> it is exempt from release under the Act. Any material supplied to
> NERC may be stored in an electronic records management system.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From gerard at seibercom.net  Mon Jan 29 13:31:24 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Mon Jan 29 12:41:23 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
Message-ID: <20070129072647.3B08.GERARD@seibercom.net>

On Monday January 29, 2007 at 04:00:48 (AM) Glenn Steen wrote:

> On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
> > Julian Field wrote:
> > > There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
> > >
> > > *Please* give this version a try as I don't intend changing anything
> > > before the 1st Feb stable release unless you notify me of any problems
> > > or bugs.
> > >
> > > Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
> > > the next release of MailScanner, personally I think it is a nasty
> > > bodge. I wouldn't be at all surprised if Weitse changed his mind on
> > > this topic, he certainly should do.
> >
> > Julian,
> >
> > Could you give a little more detail as to what 'p' records are, and how
> > this will affect MS's compatibility with postfix?
> >
> > Thanks.
> Mike,
> 
> Download the postfix source and read the comment in
> src/cleanup/cleanup_milter.c (starts on line 114 in the version 2.3.6
> sources). This is so far the best explanation of what it is I've
> found.
> 
> If we manage to implement "support" for it correctly, it'll not change
> the support/non-support status of postfix one whit (Jules still
> supports it, Wietse will still see us as more evil than the horned
> devil for perusing the queue files directly... Well, perhaps not that
> evil, but close:-).
> 
> We aim at making "milter edited queue files" -> "a (new) normal queue file".
> 
> If you want my patches to look at beforehand, I can get them to you in
> a blink:-). So far they've been tested by me and Nerijus Baliunas (who
> is a brave soul and seems to be running them in production:-). They're
> good for 2.3 with milters, not yet 2.4 with body editing milters.

I posted the original post regarding 'p' records on the Postfix forum,
and these are two of the responses that I received.

//Quote//

He is referring to his mis-use of the non-public, undocumented Postfix
queue file format and plans to keep track of changes in this format
rather than abandon its use.

Mailscanner attempts to implement a fast-path for messages that are not
modified by the content scanner. It cuts too many corners to achieve
this goal.

	Viktor.

//End Quote//

//Quote//

It means that some people don't understand ELEMENTARY SOFTWARE
ENGINEERING practice.

I spend huge efforts to maintain compatibility with software that
depends on EXTERNAL Postfix interfaces, even when MAJOR changes
are made to Postfix. If something breaks anyway, then I will do my
best to provide a solution to make it work again.

Postfix queue files are an INTERNAL interface.

Software that depends on Postfix INTERNAL interfaces breaks the
warranty. It is unsupported. It breaks even with MINOR Postfix
changes, and I will not provide a solution when it breaks.

	Wietse

//End Quote//

-- 
Gerard

After a time, you may find that "having" is not so pleasing a thing,
after all, as "wanting."  It is not logical, but it is often true.

	Spock, "Amok Time", stardate 3372.7
From gmatt at nerc.ac.uk  Mon Jan 29 13:42:42 2007
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Mon Jan 29 12:46:02 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <134e2de53753bd4c98392aaea4fa1be6@solidstatelogic.com>
References: <134e2de53753bd4c98392aaea4fa1be6@solidstatelogic.com>
Message-ID: <45BDEBC2.70109@nerc.ac.uk>

Martin.Hepworth wrote:
> Greg
> 
> Jules just up info on the beta list about this - the split queue stuff
> is still a work in progress.
> 

um... beta list? Cant find any mention of this on mailscanner.info or 
wiki. I'm subscribed to MailScanner-Announce and MailScanner-discuss.

Unfortunately, multiple outbound queues have worked for us for at least 
the last 4 years until I upgraded to 4.57.x. I was able to fix it in 
4.57 but I no longer understand the code in 4.58 so it will/would take 
me some time to find a fix beyond using an old Sendmail.pm.

GREG

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From drew at technologytiger.net  Mon Jan 29 13:54:32 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Mon Jan 29 12:57:54 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <20070129072647.3B08.GERARD@seibercom.net>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
Message-ID: <51548.194.70.180.170.1170075272.squirrel@www.technologytiger.net>

On Mon, January 29, 2007 12:31, Gerard Seibert wrote:
> I posted the original post regarding 'p' records on the Postfix forum,
> and these are two of the responses that I received.
>
> //Quote//
>
> He is referring to his mis-use of the non-public, undocumented Postfix
> queue file format and plans to keep track of changes in this format
> rather than abandon its use.
>
> Mailscanner attempts to implement a fast-path for messages that are not
> modified by the content scanner. It cuts too many corners to achieve
> this goal.
>
> 	Viktor.
>
> //End Quote//
>
> //Quote//
>
> It means that some people don't understand ELEMENTARY SOFTWARE
> ENGINEERING practice.
>
> I spend huge efforts to maintain compatibility with software that
> depends on EXTERNAL Postfix interfaces, even when MAJOR changes
> are made to Postfix. If something breaks anyway, then I will do my
> best to provide a solution to make it work again.
>
> Postfix queue files are an INTERNAL interface.
>
> Software that depends on Postfix INTERNAL interfaces breaks the
> warranty. It is unsupported. It breaks even with MINOR Postfix
> changes, and I will not provide a solution when it breaks.
>
> 	Wietse
>
> //End Quote//

Always such a delight to see nothing changes. :-)

Well those of us using Postfix with MailScanner always knew that it would
always be down to MailScanner to do the fixing :-(

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From martinh at solidstatelogic.com  Mon Jan 29 14:43:05 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jan 29 13:47:30 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BDEBC2.70109@nerc.ac.uk>
Message-ID: <4773bb2312bd6c44bc10f541017e44e2@solidstatelogic.com>

Gregg

Beta list is invite only...

Email Jules direct and ask him to be put on the list..



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Greg Matthews
> Sent: 29 January 2007 12:43
> To: MailScanner discussion
> Subject: Re: New Beta 4.58.6 released
>
> Martin.Hepworth wrote:
> > Greg
> >
> > Jules just up info on the beta list about this - the split queue
stuff
> > is still a work in progress.
> >
>
> um... beta list? Cant find any mention of this on mailscanner.info or
> wiki. I'm subscribed to MailScanner-Announce and MailScanner-discuss.
>
> Unfortunately, multiple outbound queues have worked for us for at
least
> the last 4 years until I upgraded to 4.57.x. I was able to fix it in
> 4.57 but I no longer understand the code in 4.58 so it will/would take
> me some time to find a fix beyond using an old Sendmail.pm.
>
> GREG
>
> --
> Greg Matthews           01491 692445
> Head of UNIX/Linux, iTSS Wallingford
>
> --
> This message (and any attachments) is for the recipient only. NERC
> is subject to the Freedom of Information Act 2000 and the contents
> of this email and any reply you make may be disclosed by NERC unless
> it is exempt from release under the Act. Any material supplied to
> NERC may be stored in an electronic records management system.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From glenn.steen at gmail.com  Mon Jan 29 14:48:46 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 13:51:59 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <20070129072647.3B08.GERARD@seibercom.net>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
Message-ID: <223f97700701290548n19af0889kced4799c76a1880@mail.gmail.com>

On 29/01/07, Gerard Seibert <gerard@seibercom.net> wrote:
> On Monday January 29, 2007 at 04:00:48 (AM) Glenn Steen wrote:
>
> > On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
> > > Julian Field wrote:
> > > > There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
> > > >
> > > > *Please* give this version a try as I don't intend changing anything
> > > > before the 1st Feb stable release unless you notify me of any problems
> > > > or bugs.
> > > >
> > > > Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
> > > > the next release of MailScanner, personally I think it is a nasty
> > > > bodge. I wouldn't be at all surprised if Weitse changed his mind on
> > > > this topic, he certainly should do.
> > >
> > > Julian,
> > >
> > > Could you give a little more detail as to what 'p' records are, and how
> > > this will affect MS's compatibility with postfix?
> > >
> > > Thanks.
> > Mike,
> >
> > Download the postfix source and read the comment in
> > src/cleanup/cleanup_milter.c (starts on line 114 in the version 2.3.6
> > sources). This is so far the best explanation of what it is I've
> > found.
> >
> > If we manage to implement "support" for it correctly, it'll not change
> > the support/non-support status of postfix one whit (Jules still
> > supports it, Wietse will still see us as more evil than the horned
> > devil for perusing the queue files directly... Well, perhaps not that
> > evil, but close:-).
> >
> > We aim at making "milter edited queue files" -> "a (new) normal queue file".
> >
> > If you want my patches to look at beforehand, I can get them to you in
> > a blink:-). So far they've been tested by me and Nerijus Baliunas (who
> > is a brave soul and seems to be running them in production:-). They're
> > good for 2.3 with milters, not yet 2.4 with body editing milters.
>
> I posted the original post regarding 'p' records on the Postfix forum,
> and these are two of the responses that I received.
>
> //Quote//
>
> He is referring to his mis-use of the non-public, undocumented Postfix
> queue file format and plans to keep track of changes in this format
> rather than abandon its use.
>
> Mailscanner attempts to implement a fast-path for messages that are not
> modified by the content scanner. It cuts too many corners to achieve
> this goal.
>
>         Viktor.
>
> //End Quote//
I'm not entirely sure I agree with Viktor here:-). There's no "fast
path" reason to how things are done in MS, nor does it "cut corners".
On the contrary, all messages are equal in a batch, and if one can use
the queue files for all other MTAs, why shouldn't one with Postfix
too? Redisgn MS to fit PF... I think not. Wietse once stipulated a
list of things that a system like MailScanner would have to do to "get
away" with reading the queue files directly. Turns out that Jules
already did every single thing on that list. So, apart from normal
things like this (they change their format to support something new,
we change our SW to suit), there really is no basis for the animosity
between the two camps.

> //Quote//
>
> It means that some people don't understand ELEMENTARY SOFTWARE
> ENGINEERING practice.
>
> I spend huge efforts to maintain compatibility with software that
> depends on EXTERNAL Postfix interfaces, even when MAJOR changes
> are made to Postfix. If something breaks anyway, then I will do my
> best to provide a solution to make it work again.
>
> Postfix queue files are an INTERNAL interface.
>
> Software that depends on Postfix INTERNAL interfaces breaks the
> warranty. It is unsupported. It breaks even with MINOR Postfix
> changes, and I will not provide a solution when it breaks.
>
>         Wietse
>
> //End Quote//

This is actually a little BS and a little true: Wietse publish his
code under the GPL, and have to live with the consequences. But he
doesn't have to support _our_ misstakes, when we do them.
Example: OpenProtect make a Qmail port of MailScanner. We _never_
handle problems with that... We _always_ redirect such questions in
the general direction of those responsible for that code/port.

And that (without all the moaning) should be what the Postfix crowd
should do when the problem is caused by MailScanner. No more and no
less.

It actually has nothing to do with what Wietse thinks is "good
engineering practices".

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Mon Jan 29 15:01:10 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 14:04:23 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <223f97700701290548n19af0889kced4799c76a1880@mail.gmail.com>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
	<223f97700701290548n19af0889kced4799c76a1880@mail.gmail.com>
Message-ID: <223f97700701290601j2ec912card8a14516cdfb72e4@mail.gmail.com>

On 29/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> code under the GPL, and have to live with the consequences. But he
(snip)
No, not the GPL (I'm tired today:-)... "IBM Secure Mailer License"...
Doesn't matter anyway, the code is out there, and MailScanner (and
it's massaging of queue files) is specifically not subject to it.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Mon Jan 29 15:09:01 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 14:12:12 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <51548.194.70.180.170.1170075272.squirrel@www.technologytiger.net>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
	<51548.194.70.180.170.1170075272.squirrel@www.technologytiger.net>
Message-ID: <223f97700701290609kac52d18q50fd0e5ce0ee38cd@mail.gmail.com>

On 29/01/07, Drew Marshall <drew@technologytiger.net> wrote:
> On Mon, January 29, 2007 12:31, Gerard Seibert wrote:
> > I posted the original post regarding 'p' records on the Postfix forum,
> > and these are two of the responses that I received.
> >
> > //Quote//
> >
> > He is referring to his mis-use of the non-public, undocumented Postfix
> > queue file format and plans to keep track of changes in this format
> > rather than abandon its use.
> >
> > Mailscanner attempts to implement a fast-path for messages that are not
> > modified by the content scanner. It cuts too many corners to achieve
> > this goal.
> >
> >       Viktor.
> >
> > //End Quote//
> >
> > //Quote//
> >
> > It means that some people don't understand ELEMENTARY SOFTWARE
> > ENGINEERING practice.
> >
> > I spend huge efforts to maintain compatibility with software that
> > depends on EXTERNAL Postfix interfaces, even when MAJOR changes
> > are made to Postfix. If something breaks anyway, then I will do my
> > best to provide a solution to make it work again.
> >
> > Postfix queue files are an INTERNAL interface.
> >
> > Software that depends on Postfix INTERNAL interfaces breaks the
> > warranty. It is unsupported. It breaks even with MINOR Postfix
> > changes, and I will not provide a solution when it breaks.
> >
> >       Wietse
> >
> > //End Quote//
>
> Always such a delight to see nothing changes. :-)
>
> Well those of us using Postfix with MailScanner always knew that it would
> always be down to MailScanner to do the fixing :-(
>
> Drew
Well it really should be. One can argue in any of a whole lot of
directions, but it still remains true that we/Jules are responsible
for MailScanner, not Wietse. In inversely Wietse is responsible for
Postfix.
We'll get by:-):-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From clacroix at cegep-ste-foy.qc.ca  Mon Jan 29 15:14:40 2007
From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix)
Date: Mon Jan 29 14:16:31 2007
Subject: Disabling quarantine totally
Message-ID: <200701290914.40977.clacroix@cegep-ste-foy.qc.ca>

Hi,

i want to completely disable quarantine for now.

I'm scared that settnig "Quarantine infections = no" will just
silently drop attachments without me knowing about it.

here is what i have for config:

Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0640
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
Allow Filenames =
Deny Filenames =
Filename Rules =
Allow Filetypes =
Deny Filetypes =
Filetype Rules =
Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Filename Modify Subject = no
Filename Subject Text = {Filename?}


Thanks,
Charles
From drew at technologytiger.net  Mon Jan 29 15:33:15 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Mon Jan 29 14:36:40 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <223f97700701290609kac52d18q50fd0e5ce0ee38cd@mail.gmail.com>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
	<51548.194.70.180.170.1170075272.squirrel@www.technologytiger.net>
	<223f97700701290609kac52d18q50fd0e5ce0ee38cd@mail.gmail.com>
Message-ID: <52669.194.70.180.170.1170081195.squirrel@www.technologytiger.net>

> Well it really should be. One can argue in any of a whole lot of
> directions, but it still remains true that we/Jules are responsible
> for MailScanner, not Wietse.

Agreed. Perhaps what I meant was that sometimes it's better to ignore what
is being done with your product and point others in the direction of it's
fix than become over emotional about it's use. I'm sure engine
manufacturers don't rant on to car manufacturers about how they really
didn't expect them to use their engine in a saloon as it only has an
approved interface for a hatch.

> We'll get by:-):-)

I absolutely no doubt! :-)

Drew



-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From rob at robhq.com  Mon Jan 29 15:45:13 2007
From: rob at robhq.com (rob)
Date: Mon Jan 29 14:48:43 2007
Subject: {Filename?} Not blocking executables
Message-ID: <20070129142752.M4131@robhq.com>

Warning: This message has had one or more attachments removed
Warning: (the entire message).
Warning: Please read the "robhq.com-Attachment-Warning.txt" attachment(s) for more information.

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "the entire message"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

If you wish to receive a copy of the original attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Mon Jan 29 08:45:14 2007 the virus scanner said:
   MailScanner: Executable DOS/Windows programs are dangerous in email (unison-2.10.2d-win-text.exe)

Note to Help Desk: Look on the robhq.com () MailScanner in /var/spool/MailScanner/quarantine/20070129 (message l0TEjD2F024409).
-- 
Postmaster
Your Organisation Name Here
www.your-organisation.com

For all your IT requirements visit: http://www.transtec.co.uk

From mailscanner at barendse.to  Mon Jan 29 15:50:18 2007
From: mailscanner at barendse.to (Remco Barendse)
Date: Mon Jan 29 14:53:33 2007
Subject: upgrade_languages_conf
Message-ID: <Pine.LNX.4.64.0701291545570.24895@raveon.vaag.nu>

Is anyone using upgrade_languages_conf on a redhat box?

I never did manage to get it working, with the latest beta I thought I'd 
try again

As suggested when you run upgrade_languages_conf I did this on a CentOS 
4.4 box :

[root@whatever en]# cd /etc/MailScanner/reports/en
[root@whatever en]# upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new


But that just throws up the "Usage:" page again (yes that second line was 
all one line, not word wrapped)

Does anyone have a script to simply nuke all the old files and replace 
them with the .rpmnew stuff?

Hopefully that will work better.

Thanks!
Remco
From itdept at fractalweb.com  Mon Jan 29 15:53:11 2007
From: itdept at fractalweb.com (Chris Yuzik)
Date: Mon Jan 29 14:57:24 2007
Subject: OT: building new server, need MTA advice
Message-ID: <45BE0A57.5010109@fractalweb.com>

We're in the process of building what will be our new web and mail 
server. We will be hosting several virtual domains and each will have 
anywhere from a few to a couple of hundred email users. Obviously we 
will be running MailScanner and also MailWatch. The box is running 
CentOS 4.4 (it's like RHEL).

Since we're starting fresh on this box, we're not necessarily married to 
Sendmail like on our other servers. We could stick with Sendmail, or we 
could move over to Postfix or Exim (anything else worth considering?). 
We'd like to be able to add new spam-fighting features as they come out, 
such as the greet-pause and such. Over the years we've used Sendmail, 
I've found it a bear to tweak so have done the absolute minimum with it. 
We're looking for something that is secure, efficient, maintained (which 
rules out qmail) and easy to administer. Whatever we look at needs to 
play very nicely with MailScanner or it's not worth considering. 
Finally, (and I'm not sure it makes a difference to the MTA), we need 
our users to be able to log in with the "username@domain.tld" format 
because that's what they use now and I don't want to have to change 
hundreds of user's email client settings.

Now for the big question: Is there an MTA that should we consider using 
instead of Sendmail?

Thanks,
Chris
From rob at robhq.com  Mon Jan 29 15:56:00 2007
From: rob at robhq.com (rob)
Date: Mon Jan 29 14:59:44 2007
Subject: Not blocking executables
Message-ID: <20070129145548.M24844@robhq.com>

My MailScanner is allowing .exe files to be sent to users.  

I have this in my filetype.rules.conf

allow   text            -                       -
allow   \bscript        -                       -
allow   archive         -                       -
allow   postscript      -                       -
deny    self-extract    No self-extracting archives     No self-extracting archives allowed
deny    executable      No executables          No programs allowed
deny    ELF             No executables          No programs allowed
deny    Registry        No Windows Registry entries     No Windows Registry files allowed

I tried adding

deny    .exe$           No exe files            No exe files

But a test .exe still came in.  I have a feeling I am doing something stupid.  Maybe the
lack of caffeine this monday morning. 
From martinh at solidstatelogic.com  Mon Jan 29 16:02:51 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jan 29 15:06:09 2007
Subject: building new server, need MTA advice
In-Reply-To: <45BE0A57.5010109@fractalweb.com>
Message-ID: <17a080ad27082b458030ab2e7a537675@solidstatelogic.com>

Chris

I'd say "better the devil you know", but if you're looking for a switch
and are willing to spend the time learning a new MTA, my vote is for...

Exim

Nice rules based syntax, nice people on the mailing lists for support,
responsive developers (sound familiar ;-)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik
> Sent: 29 January 2007 14:53
> To: MailScanner discussion
> Subject: OT: building new server, need MTA advice
>
> We're in the process of building what will be our new web and mail
> server. We will be hosting several virtual domains and each will have
> anywhere from a few to a couple of hundred email users. Obviously we
> will be running MailScanner and also MailWatch. The box is running
> CentOS 4.4 (it's like RHEL).
>
> Since we're starting fresh on this box, we're not necessarily married
to
> Sendmail like on our other servers. We could stick with Sendmail, or
we
> could move over to Postfix or Exim (anything else worth considering?).
> We'd like to be able to add new spam-fighting features as they come
out,
> such as the greet-pause and such. Over the years we've used Sendmail,
> I've found it a bear to tweak so have done the absolute minimum with
it.
> We're looking for something that is secure, efficient, maintained
(which
> rules out qmail) and easy to administer. Whatever we look at needs to
> play very nicely with MailScanner or it's not worth considering.
> Finally, (and I'm not sure it makes a difference to the MTA), we need
> our users to be able to log in with the "username@domain.tld" format
> because that's what they use now and I don't want to have to change
> hundreds of user's email client settings.
>
> Now for the big question: Is there an MTA that should we consider
using
> instead of Sendmail?
>
> Thanks,
> Chris
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From raymond at prolocation.net  Mon Jan 29 16:05:06 2007
From: raymond at prolocation.net (Raymond Dijkxhoorn)
Date: Mon Jan 29 15:08:15 2007
Subject: Not blocking executables
In-Reply-To: <20070129145548.M24844@robhq.com>
References: <20070129145548.M24844@robhq.com>
Message-ID: <Pine.LNX.4.64.0701291604340.7549@control.prolocation.net>

Hi!

> I have this in my filetype.rules.conf
>
> allow   text            -                       -
> allow   \bscript        -                       -
> allow   archive         -                       -
> allow   postscript      -                       -
> deny    self-extract    No self-extracting archives     No self-extracting archives allowed
> deny    executable      No executables          No programs allowed
> deny    ELF             No executables          No programs allowed
> deny    Registry        No Windows Registry entries     No Windows Registry files allowed
>
> I tried adding
>
> deny    .exe$           No exe files            No exe files
>
> But a test .exe still came in.  I have a feeling I am doing something stupid.  Maybe the
> lack of caffeine this monday morning.

In the default distribution its added also, why not simply use that?

# These 2 added by popular demand - Very often used by viruses
deny    \.com$          Windows/DOS Executable                                                          Executable DOS/Windows programs are dangerous in email
deny    \.exe$          Windows/DOS Executable                                                          Executable DOS/Windows programs are dangerous in email

Nye,
Raymond.
From glenn.steen at gmail.com  Mon Jan 29 16:15:09 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 15:18:20 2007
Subject: Not blocking executables
In-Reply-To: <20070129145548.M24844@robhq.com>
References: <20070129145548.M24844@robhq.com>
Message-ID: <223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>

On 29/01/07, rob <rob@robhq.com> wrote:
> My MailScanner is allowing .exe files to be sent to users.
>
> I have this in my filetype.rules.conf
>
> allow   text            -                       -
> allow   \bscript        -                       -
> allow   archive         -                       -
> allow   postscript      -                       -
> deny    self-extract    No self-extracting archives     No self-extracting archives allowed
> deny    executable      No executables          No programs allowed
> deny    ELF             No executables          No programs allowed
> deny    Registry        No Windows Registry entries     No Windows Registry files allowed
>
> I tried adding
>
> deny    .exe$           No exe files            No exe files
>
> But a test .exe still came in.  I have a feeling I am doing something stupid.  Maybe the
> lack of caffeine this monday morning.
That is _filetype_, not _filename_ rules. They are subject to your
file commands quirks, so many simply never turn it on... You have both
filename and filetype rules, and another "simplified" system for both
to consider... What do you have for
File Command
Allow Filetypes
Deny Filetypes
Filetype Rules
Allow Filenames
Deny Filenames
Filename Rules

And then we haven't looked at other things that might come into play
(UU-encoding, or other archive... and the depth you look at).
Lets start there.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From prandal at herefordshire.gov.uk  Mon Jan 29 16:14:48 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 29 15:18:31 2007
Subject: Not blocking executables
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58125FED7B@isabella.herefordshire.gov.uk>

>> I tried adding
>> 
>> deny    .exe$           No exe files            No exe files
>> 
>> But a test .exe still came in.  I have a feeling I am doing
>> something stupid.  Maybe the lack of caffeine this monday morning.
> 
> In the default distribution its added also, why not simply use that?
> 
> # These 2 added by popular demand - Very often used by viruses
> deny    \.com$          Windows/DOS Executable
>                                           Executable
> DOS/Windows programs are dangerous in email
> deny    \.exe$          Windows/DOS Executable
>                                           Executable
> DOS/Windows programs are dangerous in email
> 
> Nye,
> Raymond.

The above lines are in filename.rules.conf.

Neither filename.rules.conf nor filetype.rules.conf will be of any use
unless they are correctly referenced in MailScanner.conf's "Filename
Rules" and "Filetype Rules" (or indirectly via rules specified there).

Cheers,

Phil

-- 
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From rob at robhq.com  Mon Jan 29 16:25:44 2007
From: rob at robhq.com (rob)
Date: Mon Jan 29 15:29:18 2007
Subject: Not blocking executables
In-Reply-To: <Pine.LNX.4.64.0701291604340.7549@control.prolocation.net>
References: <20070129145548.M24844@robhq.com>
	<Pine.LNX.4.64.0701291604340.7549@control.prolocation.net>
Message-ID: <20070129152417.M4179@robhq.com>

On Mon, 29 Jan 2007 16:05:06 +0100 (CET), Raymond Dijkxhoorn wrote
> Hi!
> 
> > I have this in my filetype.rules.conf
> >
> > allow   text            -                       -
> > allow   \bscript        -                       -
> > allow   archive         -                       -
> > allow   postscript      -                       -
> > deny    self-extract    No self-extracting archives     No self-extracting archives
allowed
> > deny    executable      No executables          No programs allowed
> > deny    ELF             No executables          No programs allowed
> > deny    Registry        No Windows Registry entries     No Windows Registry files
allowed
> >
> > I tried adding
> >
> > deny    .exe$           No exe files            No exe files
> >
> > But a test .exe still came in.  I have a feeling I am doing something stupid.  Maybe the
> > lack of caffeine this monday morning.
> 
> In the default distribution its added also, why not simply use that?
> 
> # These 2 added by popular demand - Very often used by viruses
> deny    \.com$          Windows/DOS Executable                                 
>                          Executable DOS/Windows programs are dangerous in 
> email deny    \.exe$          Windows/DOS Executable                           
>                                Executable DOS/Windows programs are dangerous 
> in email
> 
> Nye,
> Raymond.

I added the lines above, restart MailScanner, and the exe was still delivered.  A
MailScanner --lint does not show any errors.


From drew at technologytiger.net  Mon Jan 29 16:30:12 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Mon Jan 29 15:33:31 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE0A57.5010109@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>
Message-ID: <52903.194.70.180.170.1170084612.squirrel@www.technologytiger.net>

On Mon, January 29, 2007 14:53, Chris Yuzik wrote:
> Now for the big question: Is there an MTA that should we consider using
> instead of Sendmail?

I tend to go with Martin on this but I moved (A number of years ago) from
Sendmail as I personally found it's config to be something of a mystery
and it's then almost constant patching a real nightmare (I did say it was
a few years ago. This has been dramatically reduced in the 8.13.x series).
I moved to Postfix and have found it's config to be clear, simple and
powerful. Currently it plays fine with MailScanner and it will do so into
the future (Postfix's author will claim otherwise and will keep changing
the queue structure to keep Jules and Glenn on their toes). So my vote is
Postfix but usual caveats apply :-)

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From glenn.steen at gmail.com  Mon Jan 29 16:33:46 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 15:36:57 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE0A57.5010109@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>
Message-ID: <223f97700701290733t61628ce2qb2d793e787a3ebe@mail.gmail.com>

On 29/01/07, Chris Yuzik <itdept@fractalweb.com> wrote:
> We're in the process of building what will be our new web and mail
> server. We will be hosting several virtual domains and each will have
> anywhere from a few to a couple of hundred email users. Obviously we
> will be running MailScanner and also MailWatch. The box is running
> CentOS 4.4 (it's like RHEL).
>
> Since we're starting fresh on this box, we're not necessarily married to
> Sendmail like on our other servers. We could stick with Sendmail, or we
> could move over to Postfix or Exim (anything else worth considering?).
> We'd like to be able to add new spam-fighting features as they come out,
> such as the greet-pause and such. Over the years we've used Sendmail,
> I've found it a bear to tweak so have done the absolute minimum with it.
> We're looking for something that is secure, efficient, maintained (which
> rules out qmail) and easy to administer. Whatever we look at needs to
> play very nicely with MailScanner or it's not worth considering.
> Finally, (and I'm not sure it makes a difference to the MTA), we need
> our users to be able to log in with the "username@domain.tld" format
> because that's what they use now and I don't want to have to change
> hundreds of user's email client settings.
>
> Now for the big question: Is there an MTA that should we consider using
> instead of Sendmail?
>
> Thanks,
> Chris

If you are truly unsatisfied with your current MTA, I'd sugegst that
you at least look at both Exim and Postfix, perhaps testing them on a
testrigg that you feed a copy of your normal mails or similar.

Unsurprisingly, I'd further recommend Postfix for things like sane
config file syntax/ease of configuration, security and to some extent
elegance. In the bargain you get a sometimes less than civil
to-and-fro between Postfix developers and us, but ... that is nothing
to get real excited about. And there might be some jibes/jeering from
certain Sendmail users:-):-).
So far (don't rightly remember how many years:) Jules has provided
excellent Postfix support in MailScanner, and there is not much
speaking for a change in this area.

But I certainly think it best if you form your own opinion by
experimentation/experience:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From rob at robhq.com  Mon Jan 29 16:46:50 2007
From: rob at robhq.com (rob)
Date: Mon Jan 29 15:50:14 2007
Subject: Not blocking executables
In-Reply-To: <223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
Message-ID: <20070129153034.M16280@robhq.com>

On Mon, 29 Jan 2007 16:15:09 +0100, Glenn Steen wrote
> On 29/01/07, rob <rob@robhq.com> wrote:
> > My MailScanner is allowing .exe files to be sent to users.
> >
> > I have this in my filetype.rules.conf
> >
> > allow   text            -                       -
> > allow   \bscript        -                       -
> > allow   archive         -                       -
> > allow   postscript      -                       -
> > deny    self-extract    No self-extracting archives     No self-extracting archives
allowed
> > deny    executable      No executables          No programs allowed
> > deny    ELF             No executables          No programs allowed
> > deny    Registry        No Windows Registry entries     No Windows Registry files
allowed
> >
> > I tried adding
> >
> > deny    .exe$           No exe files            No exe files
> >
> > But a test .exe still came in.  I have a feeling I am doing something stupid.  Maybe the
> > lack of caffeine this monday morning.
> That is _filetype_, not _filename_ rules. They are subject to your
> file commands quirks, so many simply never turn it on... You have both
> filename and filetype rules, and another "simplified" system for both
> to consider... What do you have for
> File Command
> Allow Filetypes
> Deny Filetypes
> Filetype Rules
> Allow Filenames
> Deny Filenames
> Filename Rules
> 
> And then we haven't looked at other things that might come into play
> (UU-encoding, or other archive... and the depth you look at).
> Lets start there.
> 
> Cheers
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se


>From /etc/MailScanner/MailScanner.conf


File Command = /usr/bin/file
Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules.conf
Allow Filetypes =
Deny Filetypes =
Filetype Rules = %etc-dir%/filetype.rules.conf


From mrm at medicine.wisc.edu  Mon Jan 29 17:00:56 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Mon Jan 29 16:04:40 2007
Subject: add high scoring spam to my rbl list
In-Reply-To: <D5CCFECF93FF4F4EB819EC304BE34A0404ADE7@server1.RCRComputing.local>
References: <D5CCFECF93FF4F4EB819EC304BE34A0404ADE7@server1.RCRComputing.local>
Message-ID: <45BDC5D1.7FBE.00FC.3@medicine.wisc.edu>

>>> On 1/26/2007 at 11:25 PM, in message
<D5CCFECF93FF4F4EB819EC304BE34A0404ADE7@server1.RCRComputing.local>,
"Rodney
Richison" <Rodney@rcrcomputing.com> wrote:
> Is there a way one might grab the ip of the high scoring spam
> Mailscanner finds and have it put into my own rbl list for postfix
to
> then deny...
> 
> Kindof wondering if such a project exists.
> 

Although not exactly what you're looking for, the Vispan project does
essentially what I think you are looking to do.     It simply examines
MailScanner's log and keeps track of spammers.    If a certain spammer
sends more spams within a specified amount of time then what you allow,
then it automatically adds that sender to your access list so that it's
denied at the MTA level.  

Mike
From glenn.steen at gmail.com  Mon Jan 29 17:05:20 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 16:08:32 2007
Subject: Not blocking executables
In-Reply-To: <20070129153034.M16280@robhq.com>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
	<20070129153034.M16280@robhq.com>
Message-ID: <223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>

On 29/01/07, rob <rob@robhq.com> wrote:
(snip)
>From /etc/MailScanner/MailScanner.conf
>
>
> File Command = /usr/bin/file
> Allow Filenames =
> Deny Filenames =
> Filename Rules = %etc-dir%/filename.rules.conf
> Allow Filetypes =
> Deny Filetypes =
> Filetype Rules = %etc-dir%/filetype.rules.conf
>
Ok good. Then what does
grep -i exe /etc/MailScanner/filename.rules.conf
/etc/MailScanner/filetype.rules.conf
give? Be as verbose as possible, redirect into a file and attach
that... Both files are a bit hysterical about whitespace... They
absolutely need have <TAB> as field separator... and I'd like to see
if these lines have that (or you could just check it:-). Then again,
MailScanner --lint is supposed to catch those:-).
But that is the secondary thing... the primary thing to check for here
is any "allow" lines that shouldn't be there.

Perhaps time to start looking at the messages themselves too, how do
you send them? MIME type etc?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From Denis.Beauchemin at USherbrooke.ca  Mon Jan 29 17:18:44 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Mon Jan 29 16:22:36 2007
Subject: [OT] Anyone experience DoS symptoms with mta*.adelphia.net?
In-Reply-To: <7.0.1.0.0.20070127120514.08e82eb0@1bigthink.com>
References: <7.0.1.0.0.20070127120514.08e82eb0@1bigthink.com>
Message-ID: <45BE1E64.9000101@USherbrooke.ca>

dnsadmin 1bigthink.com a ?crit :
> Hello All,
>
> I've got two different users under milter-greylist that are receiving 
> mail from mta*.adelphia.net and it looks like a DoS, but could be a 
> misbehaved MTA. The DNS does resolve to a host.
>
> Jan 25 19:55:42 mxt milter-greylist: l0Q0jqpr027000: addr 
> mta8.adelphia.net[68.168.78.196] from <> to <someone@here> delayed for 
> 00:05:10 (ACL 634)
> Jan 25 19:55:42 mxt sendmail[27000]: l0Q0jqpr027000: Milter: 
> to=<someone@here>, reject=451 4.7.1 Greylisting in action, please come 
> back later
>
> ALSO:
>
> Jan 26 20:33:58 mxt milter-greylist: l0R1XJAh017040: addr 
> mta10.adelphia.net[68.168.78.202] from <someone@adelphia.net> to 
> <someone@here> delayed for 00:14:21 (ACL 634)
> Jan 26 20:33:58 mxt sendmail[17040]: l0R1XJAh017040: Milter: 
> to=<someone@here>, reject=451 4.7.1 Greylisting in action, please come 
> back later
> Jan 26 20:33:59 mxt milter-greylist: l0R1XJAj017040: addr 
> mta10.adelphia.net[68.168.78.202] from <someone@adelphia.net> to 
> <someone@here> delayed for 00:14:20 (ACL 634)
> Jan 26 20:33:59 mxt sendmail[17040]: l0R1XJAj017040: Milter: 
> to=<someone@here>, reject=451 4.7.1 Greylisting in action, please come 
> back later
>
> I changed the names to 'someone' to protect the innocent.
>
> Of course, I've reported the problem and their abuse@adelphia.net does 
> not deliver.
>
> Should they be whitelisted in milter-greylist?
>
> Thanks,
> Glenn Parsons
>
Glenn,

I guess you are receiving many more of these because there seems to be 
nothing wrong with what you posted. 2 different messages (2 diff. msg 
IDs) on different dates being greylisted.  Looks fine to me.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070129/324969d4/smime.bin
From chandler.lists at chapman.edu  Mon Jan 29 17:20:17 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Mon Jan 29 16:23:31 2007
Subject: Erroring after install
Message-ID: <45BE1EC1.1090707@chapman.edu>

Greetings.

Attempting to do a test machine a bit differently-- this time with 
maildirs instead of my normal mbox format.

I keep getting the following error on Mailscanner start:

Jan 29 08:13:20 MyBox MailScanner[56253]: Queue directory 
/var/spool/postfix/hold cannot contain sub-directories, currently 
contains dir 9

I meander on over to /var/spool/postfix/hold, and discover that there 
are indeed several empty subdirectories.  I delete them, and new ones 
are created.

Any suggestions?

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From rob at robhq.com  Mon Jan 29 17:29:13 2007
From: rob at robhq.com (rob)
Date: Mon Jan 29 16:32:43 2007
Subject: Not blocking executables
In-Reply-To: <223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
	<20070129153034.M16280@robhq.com>
	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>
Message-ID: <20070129162520.M66697@robhq.com>

On Mon, 29 Jan 2007 17:05:20 +0100, Glenn Steen wrote
> On 29/01/07, rob <rob@robhq.com> wrote:
> (snip)
> >From /etc/MailScanner/MailScanner.conf
> >
> >
> > File Command = /usr/bin/file
> > Allow Filenames =
> > Deny Filenames =
> > Filename Rules = %etc-dir%/filename.rules.conf
> > Allow Filetypes =
> > Deny Filetypes =
> > Filetype Rules = %etc-dir%/filetype.rules.conf
> >
> Ok good. Then what does
> grep -i exe /etc/MailScanner/filename.rules.conf
> /etc/MailScanner/filetype.rules.conf
> give? Be as verbose as possible, redirect into a file and attach
> that... Both files are a bit hysterical about whitespace... They
> absolutely need have <TAB> as field separator... and I'd like to see
> if these lines have that (or you could just check it:-). Then again,
> MailScanner --lint is supposed to catch those:-).
> But that is the secondary thing... the primary thing to check for here
> is any "allow" lines that shouldn't be there.
> 
> Perhaps time to start looking at the messages themselves too, how do
> you send them? MIME type etc?
> 
> Cheers
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se

Just testing this sending from a yahoo account via their webmail client.  Just checked
and this is happening on both our installs of MailScanner.  My install at the house does
block the same message.  

Microsoft Mail Internet Headers Version 2.0
Received: from XXXXXXXXXXXXXXXXXXXX by stymie.fleetone.com with Microsoft
SMTPSVC(6.0.3790.1830);
	 Mon, 29 Jan 2007 10:22:56 -0600
Received: from web58011.mail.re3.yahoo.com (web58011.mail.re3.yahoo.com [68.142.236.119])
	by XXXXXXXXXXXXXXXXXXX (8.12.11.20060308/8.12.11) with SMTP id l0TGMNhx018076
	for <XXXXXXXXXXXXXXXXXXXX>; Mon, 29 Jan 2007 10:22:25 -0600
Received: (qmail 96988 invoked by uid 60001); 29 Jan 2007 16:22:28 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
 
b=QtlZicUefe6otxmKuLou6iEDrwyYOkBFvYbNB+yDwUf5En855F2aTUWiBefZYGF7/cxa4Ffm9IV2tbG4U4cTHgwSYuqAf8vrKcc7yqn1dNQjpPrYILgDOoEBRlH/wm4JoQ7Qdb1pak3pIvjKSg/5jm9LZWpK5Y+HNziJCrfrVCs=;
X-YMail-OSG:
tJGQyMAVM1lm83K8oq_QNfdePe4z_3rCfhTDYHSBztbAFOutHBpv8IO_TcVFLwed0j9FX45jy6Eq0Nw1PB5o5nMCwjtlDAax2h73lpquog--
Received: from [XXXXXXXXXXXXX] by web58011.mail.re3.yahoo.com via HTTP; Mon, 29 Jan 2007
08:22:28 PST
X-Mailer: YahooMailRC/368.3 YahooMailWebService/0.6.132.7
Date: Mon, 29 Jan 2007 08:22:28 -0800 (PST)
From: Rob Freeman <XXXXXXXXX@yahoo.com>
Subject: test 6
To: XXXXXXXXXXXXXXXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1342646654-1170087748=:92000"
Message-ID: <324593.92000.qm@web58011.mail.re3.yahoo.com>
-------------- next part --------------
deny	pretty\s+park\.exe$	"Pretty Park" virus								"Pretty Park" virus
deny	happy99\.exe$		"Happy" virus									"Happy" virus
deny	\.com$		Windows/DOS Executable								Executable DOS/Windows programs are dangerous in email
deny	\.exe$		Windows/DOS Executable								Executable DOS/Windows programs are dangerous in email
-------------- next part --------------
deny	executable	No executables		No programs allowed
deny	ELF		No executables		No programs allowed
From drew at technologytiger.net  Mon Jan 29 17:47:45 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Mon Jan 29 16:51:13 2007
Subject: Erroring after install
In-Reply-To: <45BE1EC1.1090707@chapman.edu>
References: <45BE1EC1.1090707@chapman.edu>
Message-ID: <53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>

On Mon, January 29, 2007 16:20, Jay Chandler wrote:
> Greetings.
>
> Attempting to do a test machine a bit differently-- this time with
> maildirs instead of my normal mbox format.
>
> I keep getting the following error on Mailscanner start:
>
> Jan 29 08:13:20 MyBox MailScanner[56253]: Queue directory
> /var/spool/postfix/hold cannot contain sub-directories, currently
> contains dir 9
>
> I meander on over to /var/spool/postfix/hold, and discover that there
> are indeed several empty subdirectories.  I delete them, and new ones
> are created.
>
> Any suggestions?

You have hashed queues turned on for one side of MailScanner and not the
other. Make sure that you have either specified that both hold and
incoming are hashed quese or neither
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation#error_messages
gives some more details.

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From chandler.lists at chapman.edu  Mon Jan 29 18:01:15 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Mon Jan 29 17:04:28 2007
Subject: Erroring after install
In-Reply-To: <53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>
References: <45BE1EC1.1090707@chapman.edu>
	<53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>
Message-ID: <45BE285B.9040904@chapman.edu>

Drew Marshall wrote:
> On Mon, January 29, 2007 16:20, Jay Chandler wrote:
>   
>> Greetings.
>>
>> Attempting to do a test machine a bit differently-- this time with
>> maildirs instead of my normal mbox format.
>>
>> I keep getting the following error on Mailscanner start:
>>
>> Jan 29 08:13:20 MyBox MailScanner[56253]: Queue directory
>> /var/spool/postfix/hold cannot contain sub-directories, currently
>> contains dir 9
>>
>> I meander on over to /var/spool/postfix/hold, and discover that there
>> are indeed several empty subdirectories.  I delete them, and new ones
>> are created.
>>
>> Any suggestions?
>>     
>
> You have hashed queues turned on for one side of MailScanner and not the
> other. Make sure that you have either specified that both hold and
> incoming are hashed quese or neither
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation#error_messages
> gives some more details.
 From MailScanner.conf:

hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
hash_queue_depth=2

Looks like both sides are hashing...

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From rob at robhq.com  Mon Jan 29 18:30:32 2007
From: rob at robhq.com (rob)
Date: Mon Jan 29 17:34:03 2007
Subject: Not blocking executables
In-Reply-To: <20070129162520.M66697@robhq.com>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
	<20070129153034.M16280@robhq.com>
	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>
	<20070129162520.M66697@robhq.com>
Message-ID: <20070129172917.M71838@robhq.com>

On Mon, 29 Jan 2007 10:29:13 -0600, rob wrote
> On Mon, 29 Jan 2007 17:05:20 +0100, Glenn Steen wrote
> > On 29/01/07, rob <rob@robhq.com> wrote:
> > (snip)
> > >From /etc/MailScanner/MailScanner.conf
> > >
> > >
> > > File Command = /usr/bin/file
> > > Allow Filenames =
> > > Deny Filenames =
> > > Filename Rules = %etc-dir%/filename.rules.conf
> > > Allow Filetypes =
> > > Deny Filetypes =
> > > Filetype Rules = %etc-dir%/filetype.rules.conf
> > >
> > Ok good. Then what does
> > grep -i exe /etc/MailScanner/filename.rules.conf
> > /etc/MailScanner/filetype.rules.conf
> > give? Be as verbose as possible, redirect into a file and attach
> > that... Both files are a bit hysterical about whitespace... They
> > absolutely need have <TAB> as field separator... and I'd like to see
> > if these lines have that (or you could just check it:-). Then again,
> > MailScanner --lint is supposed to catch those:-).
> > But that is the secondary thing... the primary thing to check for here
> > is any "allow" lines that shouldn't be there.
> > 
> > Perhaps time to start looking at the messages themselves too, how do
> > you send them? MIME type etc?
> > 
> > Cheers
> > -- 
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> 

I feel stupid.  Decided to compare the MailScanner.conf files from home and here at
work.  Found this to be off:

Dangerous Content Scanning = no

Changed it to yes and back to normal.  Going to find some hole to hide in now.  Thanks
for you assitance on this.
From drew at technologytiger.net  Mon Jan 29 18:32:15 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Mon Jan 29 17:35:36 2007
Subject: Erroring after install
In-Reply-To: <45BE285B.9040904@chapman.edu>
References: <45BE1EC1.1090707@chapman.edu>
	<53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>
	<45BE285B.9040904@chapman.edu>
Message-ID: <54176.194.70.180.170.1170091935.squirrel@www.technologytiger.net>

On Mon, January 29, 2007 17:01, Jay Chandler wrote:
> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
> hash_queue_depth=2
>
> Looks like both sides are hashing...

Good. I assume you have you restarted MailScanner (Rather then reload it)
to pick up the queue depth?

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From chandler.lists at chapman.edu  Mon Jan 29 18:49:49 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Mon Jan 29 17:53:04 2007
Subject: Erroring after install
In-Reply-To: <54176.194.70.180.170.1170091935.squirrel@www.technologytiger.net>
References: <45BE1EC1.1090707@chapman.edu>	<53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>	<45BE285B.9040904@chapman.edu>
	<54176.194.70.180.170.1170091935.squirrel@www.technologytiger.net>
Message-ID: <45BE33BD.7020401@chapman.edu>

Drew Marshall wrote:
> On Mon, January 29, 2007 17:01, Jay Chandler wrote:
>   
>> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
>> hash_queue_depth=2
>>
>> Looks like both sides are hashing...
>>     
>
> Good. I assume you have you restarted MailScanner (Rather then reload it)
> to pick up the queue depth?
>
> Drew
>
>
>   
This is the initial config I built it with-- not something I just changed.

A restart causes the same problem:

Jan 29 09:47:58 MyBox MailScanner[67039]: MailScanner E-Mail Virus 
Scanner version 4.57.6 starting...
Jan 29 09:47:58 MyBox MailScanner[67039]: Skipping Custom Function file 
CustomFunctions as its name does not end in .pm or .pl
Jan 29 09:47:59 MyBox MailScanner[67039]: Skipping Custom Function file 
notes.txt as its name does not end in .pm or .pl
Jan 29 09:47:59 MyBox MailScanner[67039]: Read 759 hostnames from the 
phishing whitelist
Jan 29 09:47:59 MyBox MailScanner[67039]: Using SpamAssassin results cache
Jan 29 09:47:59 MyBox MailScanner[67039]: Connected to SpamAssassin 
cache database
Jan 29 09:48:14 MyBox MailScanner[67039]: Queue directory 
/var/spool/postfix/hold cannot contain sub-directories, currently 
contains dir 9

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From MailScanner at ecs.soton.ac.uk  Mon Jan 29 18:48:22 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan 29 17:53:51 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <20070129072647.3B08.GERARD@seibercom.net>
References: <45BD7919.1020009@rogers.com>	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
Message-ID: <45BE3366.8050301@ecs.soton.ac.uk>



Gerard Seibert wrote:
> On Monday January 29, 2007 at 04:00:48 (AM) Glenn Steen wrote:
>
>   
>> On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
>>     
>>> Julian Field wrote:
>>>       
>>>> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
>>>>
>>>> *Please* give this version a try as I don't intend changing anything
>>>> before the 1st Feb stable release unless you notify me of any problems
>>>> or bugs.
>>>>
>>>> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
>>>> the next release of MailScanner, personally I think it is a nasty
>>>> bodge. I wouldn't be at all surprised if Weitse changed his mind on
>>>> this topic, he certainly should do.
>>>>         
>>> Julian,
>>>
>>> Could you give a little more detail as to what 'p' records are, and how
>>> this will affect MS's compatibility with postfix?
>>>
>>> Thanks.
>>>       
>> Mike,
>>
>> Download the postfix source and read the comment in
>> src/cleanup/cleanup_milter.c (starts on line 114 in the version 2.3.6
>> sources). This is so far the best explanation of what it is I've
>> found.
>>
>> If we manage to implement "support" for it correctly, it'll not change
>> the support/non-support status of postfix one whit (Jules still
>> supports it, Wietse will still see us as more evil than the horned
>> devil for perusing the queue files directly... Well, perhaps not that
>> evil, but close:-).
>>
>> We aim at making "milter edited queue files" -> "a (new) normal queue file".
>>
>> If you want my patches to look at beforehand, I can get them to you in
>> a blink:-). So far they've been tested by me and Nerijus Baliunas (who
>> is a brave soul and seems to be running them in production:-). They're
>> good for 2.3 with milters, not yet 2.4 with body editing milters.
>>     
>
> I posted the original post regarding 'p' records on the Postfix forum,
> and these are two of the responses that I received.
>
>
> Software that depends on Postfix INTERNAL interfaces breaks the
> warranty.
Since when did his software come with a warranty? Ooohh, can I sue him 
please? Please?

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From Kevin_Miller at ci.juneau.ak.us  Mon Jan 29 18:58:29 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon Jan 29 18:01:38 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BE3366.8050301@ecs.soton.ac.uk>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB60@city-exch-w3e.cbj.local>

Julian Field wrote:

> Since when did his software come with a warranty? Ooohh, can I sue him
> please? Please?

Working for SCO on the side now, are we? <g>


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From MailScanner at ecs.soton.ac.uk  Mon Jan 29 18:58:12 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan 29 18:03:48 2007
Subject: Split queues
Message-ID: <45BE35B4.7070400@ecs.soton.ac.uk>

The latest beta should work, as far as it goes.
However, messages put in queues other than the default one won't be 
"kicked" at the MTA. They will wait until the MTA next does a round of 
that non-default queue.

I do not intend changing this in the next stable release, as it is due 
out on Thursday and I wouldn't have time for my helpful beta-testers to 
prove it is okay before then. I don't want to put out a release with 
this feature in it, if it doesn't work 100% of the time.

I will produce beta releases containing this feature, but it (probably) 
won't be in the stable release on Thursday.

I do not guarantee that I won't change my mind before Thursday. It 
partly depends on how fast you folks can test things for me.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From veliogluh at itu.edu.tr  Mon Jan 29 19:18:05 2007
From: veliogluh at itu.edu.tr (Hakan VELIOGLU)
Date: Mon Jan 29 18:21:27 2007
Subject: OT: Sendmail : # of mails per TCP connection
In-Reply-To: <20070129172917.M71838@robhq.com>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
	<20070129153034.M16280@robhq.com>
	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>
	<20070129162520.M66697@robhq.com> <20070129172917.M71838@robhq.com>
Message-ID: <20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>

Hi,

I upgrade my sistem to Red Hat 4 + Sendmail 8.13 + MailScanner-4.57.6-1 ( RPM
install). I want to use greet_pause option.

My MTA will wait a few seconds before greeting but after that a spammer could
send lots of mails. For this reason, I am looking for a way of limiting the
number of mails accepted per connection. I have searched the www.sendmail.org
but couldn't find anything useful. Is there a way for doing this.
Thanx.

Hakan


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

From steve.freegard at fsl.com  Mon Jan 29 19:25:56 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Mon Jan 29 18:29:19 2007
Subject: OT: Sendmail : # of mails per TCP connection
In-Reply-To: <20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
References: <20070129145548.M24844@robhq.com>	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>	<20070129153034.M16280@robhq.com>	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>	<20070129162520.M66697@robhq.com>
	<20070129172917.M71838@robhq.com>
	<20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
Message-ID: <45BE3C34.2090503@fsl.com>

Hi Hakan,

Hakan VELIOGLU wrote:
> Hi,
> 
> I upgrade my sistem to Red Hat 4 + Sendmail 8.13 + MailScanner-4.57.6-1 
> ( RPM
> install). I want to use greet_pause option.
> 
> My MTA will wait a few seconds before greeting but after that a spammer 
> could
> send lots of mails. For this reason, I am looking for a way of limiting the
> number of mails accepted per connection. I have searched the 
> www.sendmail.org
> but couldn't find anything useful. Is there a way for doing this.
> Thanx.

Sure - see http://www.technoids.org/dossed.html for a good explanation 
of what you can do and how to do it.

Cheers,
Steve.
From naolson at gmail.com  Mon Jan 29 19:42:52 2007
From: naolson at gmail.com (Nathan Olson)
Date: Mon Jan 29 18:46:04 2007
Subject: OT: Sendmail : # of mails per TCP connection
In-Reply-To: <20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
	<20070129153034.M16280@robhq.com>
	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>
	<20070129162520.M66697@robhq.com> <20070129172917.M71838@robhq.com>
	<20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
Message-ID: <8f54b4330701291042qfeb8d6cvd03964b914512c5e@mail.gmail.com>

sendmail does not have an option to limit the number of
message envelopes sent over a single connection.
I use milter-sender for this.  It is very effective.

Nate
From Denis.Beauchemin at USherbrooke.ca  Mon Jan 29 19:43:38 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Mon Jan 29 18:47:07 2007
Subject: OT: Sendmail : # of mails per TCP connection
In-Reply-To: <20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
References: <20070129145548.M24844@robhq.com>	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>	<20070129153034.M16280@robhq.com>	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>	<20070129162520.M66697@robhq.com>
	<20070129172917.M71838@robhq.com>
	<20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
Message-ID: <45BE405A.2020609@USherbrooke.ca>

Hakan VELIOGLU a ?crit :
> Hi,
>
> I upgrade my sistem to Red Hat 4 + Sendmail 8.13 + 
> MailScanner-4.57.6-1 ( RPM
> install). I want to use greet_pause option.
>
> My MTA will wait a few seconds before greeting but after that a 
> spammer could
> send lots of mails. For this reason, I am looking for a way of 
> limiting the
> number of mails accepted per connection. I have searched the 
> www.sendmail.org
> but couldn't find anything useful. Is there a way for doing this.
> Thanx.
>
> Hakan

Hakan,

I use http://www.snertsoft.com/sendmail/milter-limit/ to do just that.  
Works just fine on RHEL4 with sendmail.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070129/2dc90a9a/smime.bin
From glenn.steen at gmail.com  Mon Jan 29 19:52:32 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 18:55:44 2007
Subject: Not blocking executables
In-Reply-To: <20070129172917.M71838@robhq.com>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
	<20070129153034.M16280@robhq.com>
	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>
	<20070129162520.M66697@robhq.com> <20070129172917.M71838@robhq.com>
Message-ID: <223f97700701291052m14e636abw5f665aad4dda51e7@mail.gmail.com>

On 29/01/07, rob <rob@robhq.com> wrote:
(snip)
>
> I feel stupid.  Decided to compare the MailScanner.conf files from home and here at
> work.  Found this to be off:
>
> Dangerous Content Scanning = no
>
> Changed it to yes and back to normal.  Going to find some hole to hide in now.  Thanks
> for you assitance on this.
That would indeed have that effect...:-)
 Don't choose a too deep hole, we all do something really stoopid from
time to time. Anyway, glad to have been of any type of help.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From naolson at gmail.com  Mon Jan 29 19:53:35 2007
From: naolson at gmail.com (Nathan Olson)
Date: Mon Jan 29 18:56:48 2007
Subject: OT: Sendmail : # of mails per TCP connection
In-Reply-To: <20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
References: <20070129145548.M24844@robhq.com>
	<223f97700701290715t7ff9224cpc09e05c6d075c508@mail.gmail.com>
	<20070129153034.M16280@robhq.com>
	<223f97700701290805h257b679eicb85b9c31c2d1380@mail.gmail.com>
	<20070129162520.M66697@robhq.com> <20070129172917.M71838@robhq.com>
	<20070129201805.qsuyv9zrydk40gwc@webmail.itu.edu.tr>
Message-ID: <8f54b4330701291053p283fafddgbe879804a13afbed@mail.gmail.com>

crap.  I meant milter-limit, not milter-sender.

Nate
From gerard at seibercom.net  Mon Jan 29 20:24:20 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Mon Jan 29 19:27:24 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BE3366.8050301@ecs.soton.ac.uk>
References: <20070129072647.3B08.GERARD@seibercom.net>
	<45BE3366.8050301@ecs.soton.ac.uk>
Message-ID: <20070129140820.8445.GERARD@seibercom.net>

On Monday January 29, 2007 at 12:48:22 (PM) Julian Field wrote:

[snip]

> Since when did his software come with a warranty? Ooohh, can I sue him 
> please? Please?

I assume he is referring to the implied warranty; i.e., the product
works as is. If you modify or attempt to use it in a way not expressly
approved by the author, you have voided the warranty.

This who matte seems rather strange though. The following two post were
just placed on the Postfix forum.

// QUOTE //

In the past, people did experience MailScanner corruption problems.
This corruption was traced back to queue files being moved between
Postfix queues on different file systems. This is just one example
of what happens when software approaches Postfix internals via
inappropriate methods.

It does not matter if this particular problem has been fixed.  It
should never have been allowed to exist. The MailScanner authors
should have used a documented EXTERNAL interface, and if no suitable
interface existed, then they should have proposed one - for example,
provide a patch for adoption into the MTA.

Case in point: there is no EXTERNAL interface to find out when a
file in the "hold" queue is ready for access; I have not been asked
to provide such an interface, nor have I seen a proposal to provide
support for such an interface. Absent a supported interface, it is
very well possible that MailScanner moves queue files around at an
inappropriate time; if not today, then some time when I revise the
Postfix queue internals. And then people will lose mail.

As long as the MailScanner people ignore common software engineering
practices, such as the use of documented EXTERNAL interfaces, they
will put the mail of their Postfix users at risk. The statement
that some operator never saw a problem is meaningless.

	Wietse

// END QUOTE //

// QUOTE //

It seems to me that all that is needed is for Mailscanner to propose an
external API that Postfix could implement to allow Mailscanner to access
the information they want and do the processing they want without
grovelling through undocumented queue files.

Paul Tomblin

// END QUOTE //

It has occurred to me that since Dovecot wrote an API to Postfix that
Mailscanner should be able to accomplish the feat also. It would appear
to me at least, that since Postfix is the 'Parent Program' and
'Mailscanner' is attempting to use the services that it offers, that
Mailscanner should take the lead in developing an interface that meets
with the Postfix developer's satisfaction.


-- 
Gerard

Scitum est inter caecos luscum regnare posse.
(It is well known, that among the blind the one-eyed man is king.)

     Gerard Didier Erasmus
From MailScanner at ecs.soton.ac.uk  Mon Jan 29 20:25:57 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan 29 19:34:01 2007
Subject: Split queues
In-Reply-To: <45BE35B4.7070400@ecs.soton.ac.uk>
References: <45BE35B4.7070400@ecs.soton.ac.uk>
Message-ID: <45BE4A45.6070203@ecs.soton.ac.uk>

Okay, I've changed my mind.

I have put in the split queue support for kicking MTA's to tell them 
about messages that need delivering in all queues.

*Please* test this stuff in:
    Sendmail
    Exim
    Postfix

Without sufficient testing, I will withdraw it again.

Thanks folks.

Julian Field wrote:
> The latest beta should work, as far as it goes.
> However, messages put in queues other than the default one won't be 
> "kicked" at the MTA. They will wait until the MTA next does a round of 
> that non-default queue.
>
> I do not intend changing this in the next stable release, as it is due 
> out on Thursday and I wouldn't have time for my helpful beta-testers 
> to prove it is okay before then. I don't want to put out a release 
> with this feature in it, if it doesn't work 100% of the time.
>
> I will produce beta releases containing this feature, but it 
> (probably) won't be in the stable release on Thursday.
>
> I do not guarantee that I won't change my mind before Thursday. It 
> partly depends on how fast you folks can test things for me.
>
> Jules
>

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From glenn.steen at gmail.com  Mon Jan 29 20:34:11 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 19:37:23 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BE3366.8050301@ecs.soton.ac.uk>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
	<45BE3366.8050301@ecs.soton.ac.uk>
Message-ID: <223f97700701291134g5a9cad33jafdca54f954eddf8@mail.gmail.com>

On 29/01/07, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
>
>
> Gerard Seibert wrote:
> > On Monday January 29, 2007 at 04:00:48 (AM) Glenn Steen wrote:
> >
> >
> >> On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
> >>
> >>> Julian Field wrote:
> >>>
> >>>> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
> >>>>
> >>>> *Please* give this version a try as I don't intend changing anything
> >>>> before the 1st Feb stable release unless you notify me of any problems
> >>>> or bugs.
> >>>>
> >>>> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
> >>>> the next release of MailScanner, personally I think it is a nasty
> >>>> bodge. I wouldn't be at all surprised if Weitse changed his mind on
> >>>> this topic, he certainly should do.
> >>>>
> >>> Julian,
> >>>
> >>> Could you give a little more detail as to what 'p' records are, and how
> >>> this will affect MS's compatibility with postfix?
> >>>
> >>> Thanks.
> >>>
> >> Mike,
> >>
> >> Download the postfix source and read the comment in
> >> src/cleanup/cleanup_milter.c (starts on line 114 in the version 2.3.6
> >> sources). This is so far the best explanation of what it is I've
> >> found.
> >>
> >> If we manage to implement "support" for it correctly, it'll not change
> >> the support/non-support status of postfix one whit (Jules still
> >> supports it, Wietse will still see us as more evil than the horned
> >> devil for perusing the queue files directly... Well, perhaps not that
> >> evil, but close:-).
> >>
> >> We aim at making "milter edited queue files" -> "a (new) normal queue file".
> >>
> >> If you want my patches to look at beforehand, I can get them to you in
> >> a blink:-). So far they've been tested by me and Nerijus Baliunas (who
> >> is a brave soul and seems to be running them in production:-). They're
> >> good for 2.3 with milters, not yet 2.4 with body editing milters.
> >>
> >
> > I posted the original post regarding 'p' records on the Postfix forum,
> > and these are two of the responses that I received.
> >
> >
> > Software that depends on Postfix INTERNAL interfaces breaks the
> > warranty.
> Since when did his software come with a warranty? Ooohh, can I sue him
> please? Please?
>
> Jules
>
ROFL!
Thanks Jules... Really needed that today. Oh well, enough play... Back
to playing at being a plumber... (Sometimes I really don't like my
house:)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Mon Jan 29 20:40:59 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 19:44:11 2007
Subject: Erroring after install
In-Reply-To: <45BE285B.9040904@chapman.edu>
References: <45BE1EC1.1090707@chapman.edu>
	<53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>
	<45BE285B.9040904@chapman.edu>
Message-ID: <223f97700701291140j6b34265cuacda301f38331bbb@mail.gmail.com>

On 29/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
(snip)
>  From MailScanner.conf:
Uhm, you mean main.cf, right?

> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
> hash_queue_depth=2
>
> Looks like both sides are hashing...
>

Check what postconf has to say about it.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ssilva at sgvwater.com  Mon Jan 29 20:48:36 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 29 19:54:40 2007
Subject: no RBL checks
In-Reply-To: <019901c741c6$ccf46fd0$920bbdcb@pmsi.net>
References: <014901c74050$ed6af6c0$920bbdcb@pmsi.net>	<epauc1$rtm$2@sea.gmane.org>
	<019901c741c6$ccf46fd0$920bbdcb@pmsi.net>
Message-ID: <eplj2k$b5r$1@sea.gmane.org>

jepoy spake the following on 1/26/2007 7:54 PM:
>> jcb dream.com.ph spake the following on 1/24/2007 11:17 PM:
>>> hi guys,
>>> i tried checking the details on one of my messages which was not tagged
>>> as spam. And mostly i found out that there are no RBL checks, is it
>>> possible that my messages bypass RBL checks ?
>>
>> If the message is under your spam threshold the report won't show unless;
>>
>> # Do you want to always include the Spam Report in the SpamCheck
>> # header, even if the message wasn't spam?
>> # This can also be the filename of a ruleset.
>> Always Include SpamAssassin Report = yes
>>
>> This will give more detail in your messages, and help you see what
>> happened.
>> Otherwise, you need to grep for that message id in the logs to see the
>> detail.
> hi scot,
> i activated the report and saw the details. its giving a low score on the
> message thats why it was not tag as spam. any tips on how to get these
> spams?
> here's the sample spam from accessthislive.com where i got 3 messages per
> minute.
> X-Server-MailScanner-Information: Please contact the ISP for more
> information
> X-Server-MailScanner: Found to be clean
> X-Server-MailScanner-SpamCheck: not spam,
> SpamAssassin (not cached, score=2.701, required 3,
> FORGED_RCVD_HELO 0.05, FROM_ENDS_IN_NUMS 0.52, HTML_00_10 0.14,
> HTML_MESSAGE 0.00, URIBL_OB_SURBL 2.00)
> X-Mail_Server-MailScanner-SpamScore: ss
> X-Mail_Server-MailScanner-From: toni02@accesthislive.com
> 
> 
> 
Are you using any extra rules? Maybe some from sare
(http://www.rulesemporium.com/)
You could also try some of the digest tools like DCC, Razor, Pyzor, etc..
It takes some amount of tinkering to keep a server efficient with catching spam.
I have to look at mine at least once a week to check for things getting by. I
also have users send me things that get through consistently so I can write
custom rules if I have to.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From chandler.lists at chapman.edu  Mon Jan 29 20:51:36 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Mon Jan 29 19:54:49 2007
Subject: Erroring after install
In-Reply-To: <223f97700701291140j6b34265cuacda301f38331bbb@mail.gmail.com>
References: <45BE1EC1.1090707@chapman.edu>	<53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>	<45BE285B.9040904@chapman.edu>
	<223f97700701291140j6b34265cuacda301f38331bbb@mail.gmail.com>
Message-ID: <45BE5048.8090503@chapman.edu>

Glenn Steen wrote:
> On 29/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
> (snip)
>>  From MailScanner.conf:
> Uhm, you mean main.cf, right?
>
Yup.  *bangs head off desk*  I tend to screw that one up periodically..

>> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
>> hash_queue_depth=2
>>
>> Looks like both sides are hashing...
>>
>
> Check what postconf has to say about it.

hash_queue_depth = 2
hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold

I can paste the entire output of postconf if you'd like...

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From chandler.lists at chapman.edu  Mon Jan 29 20:52:35 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Mon Jan 29 19:55:48 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <223f97700701291134g5a9cad33jafdca54f954eddf8@mail.gmail.com>
References: <45BD7919.1020009@rogers.com>	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>	<20070129072647.3B08.GERARD@seibercom.net>	<45BE3366.8050301@ecs.soton.ac.uk>
	<223f97700701291134g5a9cad33jafdca54f954eddf8@mail.gmail.com>
Message-ID: <45BE5083.3090807@chapman.edu>

Glenn Steen wrote:
> Thanks Jules... Really needed that today. Oh well, enough play... Back
> to playing at being a plumber... (Sometimes I really don't like my
> house:)
>
I wish I'd been a plumber... At least then the crap'd only come up to my 
knees...

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From ssilva at sgvwater.com  Mon Jan 29 20:54:20 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 29 19:58:33 2007
Subject: SOT: AntiVirus Software / f-prot status
In-Reply-To: <20070127005258.55020.qmail@web36604.mail.mud.yahoo.com>
References: <epe52j$rkg$1@sea.gmane.org>
	<20070127005258.55020.qmail@web36604.mail.mud.yahoo.com>
Message-ID: <epljdc$b5r$2@sea.gmane.org>

Brett Moss spake the following on 1/26/2007 4:52 PM:
> <snip>
>> Now I want to figure out how to get the f-prot
>> status page working. Before my
>> 30 day trial runs out.
> 
> from mailwatch mailing list archive---
> change the line in the f-prot-wrapper from
> RamDisk=yes
> to
> RamDisk=no
> 
> Brett
> 
<<Slaps head>> Why couldn't I find that?



-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Mon Jan 29 20:56:05 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 19:59:17 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <20070129140820.8445.GERARD@seibercom.net>
References: <20070129072647.3B08.GERARD@seibercom.net>
	<45BE3366.8050301@ecs.soton.ac.uk>
	<20070129140820.8445.GERARD@seibercom.net>
Message-ID: <223f97700701291156o7ef98890y2f2795eb8e4c12da@mail.gmail.com>

On 29/01/07, Gerard Seibert <gerard@seibercom.net> wrote:
> On Monday January 29, 2007 at 12:48:22 (PM) Julian Field wrote:
>
> [snip]
>
> > Since when did his software come with a warranty? Ooohh, can I sue him
> > please? Please?
>
> I assume he is referring to the implied warranty; i.e., the product
> works as is. If you modify or attempt to use it in a way not expressly
> approved by the author, you have voided the warranty.
>
> This who matte seems rather strange though. The following two post were
> just placed on the Postfix forum.
>
> // QUOTE //
>
> In the past, people did experience MailScanner corruption problems.
> This corruption was traced back to queue files being moved between
> Postfix queues on different file systems. This is just one example
> of what happens when software approaches Postfix internals via
> inappropriate methods.
>
> It does not matter if this particular problem has been fixed.  It
> should never have been allowed to exist. The MailScanner authors
> should have used a documented EXTERNAL interface, and if no suitable
> interface existed, then they should have proposed one - for example,
> provide a patch for adoption into the MTA.
>
> Case in point: there is no EXTERNAL interface to find out when a
> file in the "hold" queue is ready for access; I have not been asked
> to provide such an interface, nor have I seen a proposal to provide
> support for such an interface. Absent a supported interface, it is
> very well possible that MailScanner moves queue files around at an
> inappropriate time; if not today, then some time when I revise the
> Postfix queue internals. And then people will lose mail.
>
> As long as the MailScanner people ignore common software engineering
> practices, such as the use of documented EXTERNAL interfaces, they
> will put the mail of their Postfix users at risk. The statement
> that some operator never saw a problem is meaningless.
>
>         Wietse
>
> // END QUOTE //
>
> // QUOTE //
>
> It seems to me that all that is needed is for Mailscanner to propose an
> external API that Postfix could implement to allow Mailscanner to access
> the information they want and do the processing they want without
> grovelling through undocumented queue files.
>
> Paul Tomblin
>
> // END QUOTE //
>
> It has occurred to me that since Dovecot wrote an API to Postfix that
> Mailscanner should be able to accomplish the feat also. It would appear
> to me at least, that since Postfix is the 'Parent Program' and
> 'Mailscanner' is attempting to use the services that it offers, that
> Mailscanner should take the lead in developing an interface that meets
> with the Postfix developer's satisfaction.
>
Hi Gerard,

If memory serves me, this type of solution has been explored a bit in
the past, with someone (don't remember who) using one of the
"documented external interfaces" to grab the messages, take them out
of the loop (by writing them to files) that were different from the
queue files only in organization, not much else, letting MailScanenr
use the sendmail convenience command to reinject the mails. At least
that is what my decidedly flakey (ATM:-) memory tells me.
Never met much approval in any camp.

But having said that, it might not be an absolutely unrealistic view
on the matter...

Then again, all we really would need is some prior notice (and perhaps
some explanation:-) to keep doing things as we do now.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Mon Jan 29 21:00:20 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon Jan 29 20:03:32 2007
Subject: Erroring after install
In-Reply-To: <45BE5048.8090503@chapman.edu>
References: <45BE1EC1.1090707@chapman.edu>
	<53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>
	<45BE285B.9040904@chapman.edu>
	<223f97700701291140j6b34265cuacda301f38331bbb@mail.gmail.com>
	<45BE5048.8090503@chapman.edu>
Message-ID: <223f97700701291200w10ac6238l5ae6a7e68def4a61@mail.gmail.com>

On 29/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
> Glenn Steen wrote:
> > On 29/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
> > (snip)
> >>  From MailScanner.conf:
> > Uhm, you mean main.cf, right?
> >
> Yup.  *bangs head off desk*  I tend to screw that one up periodically..
>
> >> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
> >> hash_queue_depth=2
> >>
> >> Looks like both sides are hashing...
> >>
> >
> > Check what postconf has to say about it.
>
> hash_queue_depth = 2
> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
>
> I can paste the entire output of postconf if you'd like...
>
Please don't:-).

Do you have more than one postfix instance running? Perhaps tried to
follow my "split mail per recipient" wiki entry? If so, you'd need
check the other one too...

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Mon Jan 29 21:07:19 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan 29 20:13:25 2007
Subject: [Fwd: Re: Split queues] -- Please Read
Message-ID: <45BE53F7.9070403@ecs.soton.ac.uk>

Sorry to label a message so it gets treated as spam, but if this is 
going in Thursday's release, I really need you folks to listen up and 
start testing for me please, if you could be so kind.

Thanks!

-------- Original Message --------

	

	

	

	

	

	

	



Okay, I've changed my mind.

I have put in the split queue support for kicking MTA's to tell them 
about messages that need delivering in all queues.

*Please* test this stuff in:
   Sendmail
   Exim
   Postfix

Without sufficient testing, I will withdraw it again.

Thanks folks.

Julian Field wrote:
> The latest beta should work, as far as it goes.
> However, messages put in queues other than the default one won't be 
> "kicked" at the MTA. They will wait until the MTA next does a round of 
> that non-default queue.
>
> I do not intend changing this in the next stable release, as it is due 
> out on Thursday and I wouldn't have time for my helpful beta-testers 
> to prove it is okay before then. I don't want to put out a release 
> with this feature in it, if it doesn't work 100% of the time.
>
> I will produce beta releases containing this feature, but it 
> (probably) won't be in the stable release on Thursday.
>
> I do not guarantee that I won't change my mind before Thursday. It 
> partly depends on how fast you folks can test things for me.
>
> Jules
>

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From prandal at herefordshire.gov.uk  Mon Jan 29 21:34:40 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Mon Jan 29 20:37:54 2007
Subject: OT: Sendmail : # of mails per TCP connection
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580176822C@isabella.herefordshire.gov.uk>

I was looking at this in the weekend and am still puzzled as to suitable
values for ClientRate and ClientConn.  Any hints?

Phil

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve
Freegard
Sent: Monday, January 29, 2007 6:26 PM
To: MailScanner discussion
Subject: Re: OT: Sendmail : # of mails per TCP connection

Hi Hakan,

Hakan VELIOGLU wrote:
> Hi,
> 
> I upgrade my sistem to Red Hat 4 + Sendmail 8.13 +
MailScanner-4.57.6-1 
> ( RPM
> install). I want to use greet_pause option.
> 
> My MTA will wait a few seconds before greeting but after that a
spammer 
> could
> send lots of mails. For this reason, I am looking for a way of
limiting the
> number of mails accepted per connection. I have searched the 
> www.sendmail.org
> but couldn't find anything useful. Is there a way for doing this.
> Thanx.

Sure - see http://www.technoids.org/dossed.html for a good explanation 
of what you can do and how to do it.

Cheers,
Steve.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From ssilva at sgvwater.com  Mon Jan 29 21:40:53 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 29 20:44:25 2007
Subject: How to uninstall MailScanner ?
In-Reply-To: <45BB1C0E.2090901@chapman.edu>
References: <499726.64463.qm@web54403.mail.yahoo.com>
	<45BB1C0E.2090901@chapman.edu>
Message-ID: <eplm4l$mas$1@sea.gmane.org>

Jay Chandler spake the following on 1/27/2007 1:31 AM:
> Wilson Kwok wrote:
>> My MailScanner have some problem caused cannot to separate spam mail,
>> so I want to uninstall the MailScanner and then re-install a new one.
>> Thanks
>>
>> _______________________________________
>> YM - ????
>> ???????????????????????????????????
>> ????????
>> http://messenger.yahoo.com.hk
>>
> Go into the /usr/ports/mail/mailscanner directory and type "make
> deinstall" then "make reinstall."
> 
> OR
> 
> Type "yum remove mailscanner" then "yum install mailscanner"
> 
> OR
> 
> Get a big hammer and beat the crap out of your hard drive. Then replace
> it and install a new version of everything.
> 
> Without knowing what your operating system is, there's no way to tell you.
> 
> 
I like choice number 3. ;-D


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From Denis.Beauchemin at USherbrooke.ca  Mon Jan 29 21:55:08 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Mon Jan 29 20:58:34 2007
Subject: OT: Sendmail : # of mails per TCP connection
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580176822C@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B580176822C@isabella.herefordshire.gov.uk>
Message-ID: <45BE5F2C.3060002@USherbrooke.ca>

Randal, Phil a ?crit :
> I was looking at this in the weekend and am still puzzled as to suitable
> values for ClientRate and ClientConn.  Any hints?
>
> Phil
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve
> Freegard
> Sent: Monday, January 29, 2007 6:26 PM
> To: MailScanner discussion
> Subject: Re: OT: Sendmail : # of mails per TCP connection
>
> Hi Hakan,
>
> Hakan VELIOGLU wrote:
>   
>> Hi,
>>
>> I upgrade my sistem to Red Hat 4 + Sendmail 8.13 +
>>     
> MailScanner-4.57.6-1 
>   
>> ( RPM
>> install). I want to use greet_pause option.
>>
>> My MTA will wait a few seconds before greeting but after that a
>>     
> spammer 
>   
>> could
>> send lots of mails. For this reason, I am looking for a way of
>>     
> limiting the
>   
>> number of mails accepted per connection. I have searched the 
>> www.sendmail.org
>> but couldn't find anything useful. Is there a way for doing this.
>> Thanx.
>>     
>
> Sure - see http://www.technoids.org/dossed.html for a good explanation 
> of what you can do and how to do it.
>
> Cheers,
> Steve.
>   
I use the following values:
# default
ClientRate:                  5
# loopback
ClientRate:127.0.0.1         0
# my network
ClientRate:132.210          10
# about 10 internal/external hosts specified by IP address range from 10 
to 300 with most values equal to 10

# default
ClientConn:                  2
# loopback
ClientConn:127.0.0.1         0
# my network
ClientConn:132.210           5
# about 10 internal/external hosts specified by IP address range from 4 
to 25 with most values around 4-5

Look daily at your LogWatch output to spot hosts that go over your 
limits and decide if you want to give them some slack or not.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070129/793de5e2/smime.bin
From ssilva at sgvwater.com  Mon Jan 29 21:56:35 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 29 21:00:12 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <223f97700701291134g5a9cad33jafdca54f954eddf8@mail.gmail.com>
References: <45BD7919.1020009@rogers.com>	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>	<20070129072647.3B08.GERARD@seibercom.net>	<45BE3366.8050301@ecs.soton.ac.uk>
	<223f97700701291134g5a9cad33jafdca54f954eddf8@mail.gmail.com>
Message-ID: <epln23$mas$2@sea.gmane.org>

Glenn Steen spake the following on 1/29/2007 11:34 AM:
> On 29/01/07, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
>>
>>
>> Gerard Seibert wrote:
>> > On Monday January 29, 2007 at 04:00:48 (AM) Glenn Steen wrote:
>> >
>> >
>> >> On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
>> >>
>> >>> Julian Field wrote:
>> >>>
>> >>>> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
>> >>>>
>> >>>> *Please* give this version a try as I don't intend changing anything
>> >>>> before the 1st Feb stable release unless you notify me of any
>> problems
>> >>>> or bugs.
>> >>>>
>> >>>> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
>> >>>> the next release of MailScanner, personally I think it is a nasty
>> >>>> bodge. I wouldn't be at all surprised if Weitse changed his mind on
>> >>>> this topic, he certainly should do.
>> >>>>
>> >>> Julian,
>> >>>
>> >>> Could you give a little more detail as to what 'p' records are,
>> and how
>> >>> this will affect MS's compatibility with postfix?
>> >>>
>> >>> Thanks.
>> >>>
>> >> Mike,
>> >>
>> >> Download the postfix source and read the comment in
>> >> src/cleanup/cleanup_milter.c (starts on line 114 in the version 2.3.6
>> >> sources). This is so far the best explanation of what it is I've
>> >> found.
>> >>
>> >> If we manage to implement "support" for it correctly, it'll not change
>> >> the support/non-support status of postfix one whit (Jules still
>> >> supports it, Wietse will still see us as more evil than the horned
>> >> devil for perusing the queue files directly... Well, perhaps not that
>> >> evil, but close:-).
>> >>
>> >> We aim at making "milter edited queue files" -> "a (new) normal
>> queue file".
>> >>
>> >> If you want my patches to look at beforehand, I can get them to you in
>> >> a blink:-). So far they've been tested by me and Nerijus Baliunas (who
>> >> is a brave soul and seems to be running them in production:-). They're
>> >> good for 2.3 with milters, not yet 2.4 with body editing milters.
>> >>
>> >
>> > I posted the original post regarding 'p' records on the Postfix forum,
>> > and these are two of the responses that I received.
>> >
>> >
>> > Software that depends on Postfix INTERNAL interfaces breaks the
>> > warranty.
>> Since when did his software come with a warranty? Ooohh, can I sue him
>> please? Please?
>>
>> Jules
>>
> ROFL!
> Thanks Jules... Really needed that today. Oh well, enough play... Back
> to playing at being a plumber... (Sometimes I really don't like my
> house:)
> 
I am real good at plumbing! Now where is that 10,000 mile pipewrench?
;-D


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From chandler.lists at chapman.edu  Mon Jan 29 22:16:30 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Mon Jan 29 21:19:46 2007
Subject: Erroring after install
In-Reply-To: <223f97700701291200w10ac6238l5ae6a7e68def4a61@mail.gmail.com>
References: <45BE1EC1.1090707@chapman.edu>	<53983.194.70.180.170.1170089265.squirrel@www.technologytiger.net>	<45BE285B.9040904@chapman.edu>	<223f97700701291140j6b34265cuacda301f38331bbb@mail.gmail.com>	<45BE5048.8090503@chapman.edu>
	<223f97700701291200w10ac6238l5ae6a7e68def4a61@mail.gmail.com>
Message-ID: <45BE642E.9010206@chapman.edu>

Glenn Steen wrote:
> On 29/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
>> Glenn Steen wrote:
>> > On 29/01/07, Jay Chandler <chandler.lists@chapman.edu> wrote:
>> > (snip)
>> >>  From MailScanner.conf:
>> > Uhm, you mean main.cf, right?
>> >
>> Yup.  *bangs head off desk*  I tend to screw that one up periodically..
>>
>> >> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
>> >> hash_queue_depth=2
>> >>
>> >> Looks like both sides are hashing...
>> >>
>> >
>> > Check what postconf has to say about it.
>>
>> hash_queue_depth = 2
>> hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
>>
>> I can paste the entire output of postconf if you'd like...
>>
> Please don't:-).
>
> Do you have more than one postfix instance running? Perhaps tried to
> follow my "split mail per recipient" wiki entry? If so, you'd need
> check the other one too...
>
No, this is just one instance, with mailscanner, courier, and ideally 
Squirrelmail or equivalent running.

No virtual domains or anything screwy like that...

--J


-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From MailScanner at ecs.soton.ac.uk  Mon Jan 29 22:16:27 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan 29 21:24:33 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE0A57.5010109@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>
Message-ID: <45BE642B.7070104@ecs.soton.ac.uk>

What is a brief summary of the outcome of this thread?
If it's of any help (I haven't read the whole thread) it might be worth 
posting in the wiki. Anyone?

Chris Yuzik wrote:
> We're in the process of building what will be our new web and mail 
> server. We will be hosting several virtual domains and each will have 
> anywhere from a few to a couple of hundred email users. Obviously we 
> will be running MailScanner and also MailWatch. The box is running 
> CentOS 4.4 (it's like RHEL).
>
> Since we're starting fresh on this box, we're not necessarily married 
> to Sendmail like on our other servers. We could stick with Sendmail, 
> or we could move over to Postfix or Exim (anything else worth 
> considering?). We'd like to be able to add new spam-fighting features 
> as they come out, such as the greet-pause and such. Over the years 
> we've used Sendmail, I've found it a bear to tweak so have done the 
> absolute minimum with it. We're looking for something that is secure, 
> efficient, maintained (which rules out qmail) and easy to administer. 
> Whatever we look at needs to play very nicely with MailScanner or it's 
> not worth considering. Finally, (and I'm not sure it makes a 
> difference to the MTA), we need our users to be able to log in with 
> the "username@domain.tld" format because that's what they use now and 
> I don't want to have to change hundreds of user's email client settings.
>
> Now for the big question: Is there an MTA that should we consider 
> using instead of Sendmail?
>
> Thanks,
> Chris

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Mon Jan 29 22:22:40 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jan 29 21:29:30 2007
Subject: upgrade_languages_conf
In-Reply-To: <Pine.LNX.4.64.0701291545570.24895@raveon.vaag.nu>
References: <Pine.LNX.4.64.0701291545570.24895@raveon.vaag.nu>
Message-ID: <45BE65A0.4060407@ecs.soton.ac.uk>

Did both languages.conf and languages.conf.rpmnew exist?
I haven't changed this script at all in a *very* long time. It is 
actually a soft-link to upgrade_MailScanner_conf. The 2 config files may 
well look very different, but they are actually exactly the same, and 
the script works out which one you called and gives different help and 
usage information based on how you invoked it. Cute huh?

I always did like upgrade_*_conf as it upgrades/downgrades any version 
to any other version given only the contents of the 2 files, and 
requires no external input in the form of a list of allowed options or 
anything like that. Plenty of people have enquired "How on earth do you 
do that?" and I just tell them to read the code. Works a treat.

But obviously you are having some problem with it. Do all the relevant 
files exist and can you read all of them?

Remco Barendse wrote:
> Is anyone using upgrade_languages_conf on a redhat box?
>
> I never did manage to get it working, with the latest beta I thought 
> I'd try again
>
> As suggested when you run upgrade_languages_conf I did this on a 
> CentOS 4.4 box :
>
> [root@whatever en]# cd /etc/MailScanner/reports/en
> [root@whatever en]# upgrade_languages_conf languages.conf 
> languages.conf.rpmnew > languages.new
>
>
> But that just throws up the "Usage:" page again (yes that second line 
> was all one line, not word wrapped)
>
> Does anyone have a script to simply nuke all the old files and replace 
> them with the .rpmnew stuff?
>
> Hopefully that will work better.
>
> Thanks!
> Remco

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From ssilva at sgvwater.com  Mon Jan 29 22:50:45 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 29 21:54:17 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE642B.7070104@ecs.soton.ac.uk>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk>
Message-ID: <eplq7l$a64$1@sea.gmane.org>

Julian Field spake the following on 1/29/2007 1:16 PM:
> What is a brief summary of the outcome of this thread?
> If it's of any help (I haven't read the whole thread) it might be worth
> posting in the wiki. Anyone?
> 
> Chris Yuzik wrote:
>> We're in the process of building what will be our new web and mail
>> server. We will be hosting several virtual domains and each will have
>> anywhere from a few to a couple of hundred email users. Obviously we
>> will be running MailScanner and also MailWatch. The box is running
>> CentOS 4.4 (it's like RHEL).
>>
>> Since we're starting fresh on this box, we're not necessarily married
>> to Sendmail like on our other servers. We could stick with Sendmail,
>> or we could move over to Postfix or Exim (anything else worth
>> considering?). We'd like to be able to add new spam-fighting features
>> as they come out, such as the greet-pause and such. Over the years
>> we've used Sendmail, I've found it a bear to tweak so have done the
>> absolute minimum with it. We're looking for something that is secure,
>> efficient, maintained (which rules out qmail) and easy to administer.
>> Whatever we look at needs to play very nicely with MailScanner or it's
>> not worth considering. Finally, (and I'm not sure it makes a
>> difference to the MTA), we need our users to be able to log in with
>> the "username@domain.tld" format because that's what they use now and
>> I don't want to have to change hundreds of user's email client settings.
>>
>> Now for the big question: Is there an MTA that should we consider
>> using instead of Sendmail?
>>
>> Thanks,
>> Chris
> 
> Jules
> 
Typical outcome .. 2 votes postfix one for exim. A sendmail bash and an
absolute "no" to qmail.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From mrm at medicine.wisc.edu  Mon Jan 29 22:56:48 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Mon Jan 29 22:00:34 2007
Subject: phishing.safe.sites.conf
Message-ID: <45BE193F.7FBE.00FC.3@medicine.wisc.edu>

If I edit the safe site file, will my changes survive an upgrade?

Mike

From Kevin_Miller at ci.juneau.ak.us  Mon Jan 29 23:17:38 2007
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon Jan 29 22:20:48 2007
Subject: phishing.safe.sites.conf
In-Reply-To: <45BE193F.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC863BB66@city-exch-w3e.cbj.local>

Michael Masse wrote:
> If I edit the safe site file, will my changes survive an upgrade?
> 
> Mike

In the safesite file is an address to send updates - that's nifty,
because then we can all share the wealth.  Might consider doing that.
But to answer your question, yes, your additions will survive even if
you don't send them to the 'master copy'...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From pete at enitech.com.au  Mon Jan 29 23:36:19 2007
From: pete at enitech.com.au (Peter Russell)
Date: Mon Jan 29 22:39:37 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <eplq7l$a64$1@sea.gmane.org>
References: <45BE0A57.5010109@fractalweb.com>	<45BE642B.7070104@ecs.soton.ac.uk>
	<eplq7l$a64$1@sea.gmane.org>
Message-ID: <45BE76E3.40506@enitech.com.au>



Scott Silva wrote:
> Julian Field spake the following on 1/29/2007 1:16 PM:
>> What is a brief summary of the outcome of this thread?
>> If it's of any help (I haven't read the whole thread) it might be worth
>> posting in the wiki. Anyone?
>>
>> Chris Yuzik wrote:
>>> We're in the process of building what will be our new web and mail
>>> server. We will be hosting several virtual domains and each will have
>>> anywhere from a few to a couple of hundred email users. Obviously we
>>> will be running MailScanner and also MailWatch. The box is running
>>> CentOS 4.4 (it's like RHEL).
>>>
>>> Since we're starting fresh on this box, we're not necessarily married
>>> to Sendmail like on our other servers. We could stick with Sendmail,
>>> or we could move over to Postfix or Exim (anything else worth
>>> considering?). We'd like to be able to add new spam-fighting features
>>> as they come out, such as the greet-pause and such. Over the years
>>> we've used Sendmail, I've found it a bear to tweak so have done the
>>> absolute minimum with it. We're looking for something that is secure,
>>> efficient, maintained (which rules out qmail) and easy to administer.
>>> Whatever we look at needs to play very nicely with MailScanner or it's
>>> not worth considering. Finally, (and I'm not sure it makes a
>>> difference to the MTA), we need our users to be able to log in with
>>> the "username@domain.tld" format because that's what they use now and
>>> I don't want to have to change hundreds of user's email client settings.
>>>
>>> Now for the big question: Is there an MTA that should we consider
>>> using instead of Sendmail?

Is the mailscanner wiki the place to be comparing (and maintaining 
comparisons) on MTAs?

>>>
>>> Thanks,
>>> Chris
>> Jules
>>
> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and an
> absolute "no" to qmail.
> 

Dont forget to mention that postfix cannot and probably never will be 
able to split emails that are addressed to multiple recipients into 
multiple queue files, so you the one email can be subject to various 
rules, depending on who it was addressed to.

From res at ausics.net  Mon Jan 29 23:48:34 2007
From: res at ausics.net (Res)
Date: Mon Jan 29 23:06:37 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE0A57.5010109@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>
Message-ID: <Pine.LNX.4.64.0701300844580.27480@ebfjryy.nhfvpf.arg>

On Mon, 29 Jan 2007, Chris Yuzik wrote:

> We're in the process of building what will be our new web and mail server. We 
> will be hosting several virtual domains and each will have anywhere from a 
> few to a couple of hundred email users. Obviously we will be running 
> MailScanner and also MailWatch. The box is running CentOS 4.4 (it's like 
> RHEL).
>
> Since we're starting fresh on this box, we're not necessarily married to 
> Sendmail like on our other servers. We could stick with Sendmail, or we could 
> move over to Postfix or Exim (anything else worth considering?). We'd like to 
> be able to add new spam-fighting features as they come out, such as the

Qmail and vpopmail is the easiest and simplest for virtual domains, its 
not messy cluttered with alias files and whatever else, and they work hand 
in hand together, no adding it to several places, simply use vadddomain 
blah.com  then  vadduser blah@blah.com and it just works, handles millions 
of users per domain and millions of domains :)

I'm a complete sendmail fan, and even thuogh I despise qmail for needing 
to be patched for moderness, this is where qmail wins out over 
anything in existance.

I am aware that someone might be about to take up on qmail2 ( modern 
version ) since its original author has abandoned it.
Qmail is also probably the second most comon MTA.


-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From itdept at fractalweb.com  Tue Jan 30 00:11:52 2007
From: itdept at fractalweb.com (Chris Yuzik)
Date: Mon Jan 29 23:15:51 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE76E3.40506@enitech.com.au>
References: <45BE0A57.5010109@fractalweb.com>	<45BE642B.7070104@ecs.soton.ac.uk>	<eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au>
Message-ID: <45BE7F38.9090003@fractalweb.com>

Peter Russell wrote:
> Dont forget to mention that postfix cannot and probably never will be 
> able to split emails that are addressed to multiple recipients into 
> multiple queue files, so you the one email can be subject to various 
> rules, depending on who it was addressed to.
Hmmm. That's interesting. And this is something that Sendmail does now? 
Or does Sendmail need to be hacked to support this?

I don't think we're really doing any of this now, and am not sure how 
important this feature would be. Anyone else doing this?

Chris

From itdept at fractalweb.com  Tue Jan 30 00:15:56 2007
From: itdept at fractalweb.com (Chris Yuzik)
Date: Mon Jan 29 23:20:15 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <52903.194.70.180.170.1170084612.squirrel@www.technologytiger.net>
References: <45BE0A57.5010109@fractalweb.com>
	<52903.194.70.180.170.1170084612.squirrel@www.technologytiger.net>
Message-ID: <45BE802C.9080207@fractalweb.com>

Drew Marshall wrote:
> I tend to go with Martin on this but I moved (A number of years ago) from
> Sendmail as I personally found it's config to be something of a mystery
> and it's then almost constant patching a real nightmare (I did say it was
> a few years ago. This has been dramatically reduced in the 8.13.x series).
> I moved to Postfix and have found it's config to be clear, simple and
> powerful. Currently it plays fine with MailScanner and it will do so into
> the future (Postfix's author will claim otherwise and will keep changing
> the queue structure to keep Jules and Glenn on their toes). So my vote is
> Postfix but usual caveats apply :-)
>   
Drew,

Are you saying that the Postfix authors are purposefully changing the 
queue structure to intentionally break MailScanner (and similar)? 
Obviously, we can't have a must-have upgrade to either MailScanner or 
Postfix, then find that mail is stuck until a patch comes in from the 
other guys. Has this been much of an issue?

After reading some of the other messages, I was leaning towards Postfix 
but this could be cause for concern.

Chris
From mailscanner at berger.nl  Mon Jan 29 23:42:03 2007
From: mailscanner at berger.nl (mailscanner@berger.nl)
Date: Mon Jan 29 23:25:26 2007
Subject: freebsd upgrade
Message-ID: <1170110523.72133@bsd4.nedport.net>

OK,

I have the same problem. Installed Freebsd upgrade by using the ports and now spam is not tagged any more. It gives the normal spam info in the header, but the subject is not changed. Does anyone have this solved yet?

Roger
From matt at coders.co.uk  Tue Jan 30 00:32:56 2007
From: matt at coders.co.uk (Matt Hampton)
Date: Mon Jan 29 23:36:27 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE7F38.9090003@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>	<45BE642B.7070104@ecs.soton.ac.uk>	<eplq7l$a64$1@sea.gmane.org>	<45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com>
Message-ID: <45BE8428.8050706@coders.co.uk>

Chris Yuzik wrote:
> Peter Russell wrote:
>> Dont forget to mention that postfix cannot and probably never will be
>> able to split emails that are addressed to multiple recipients into
>> multiple queue files, so you the one email can be subject to various
>> rules, depending on who it was addressed to.
> Hmmm. That's interesting. And this is something that Sendmail does now?
> Or does Sendmail need to be hacked to support this?
> 
> I don't think we're really doing any of this now, and am not sure how
> important this feature would be. Anyone else doing this?
> 
> Chris
> 

Sendmail supports it now and we use it extensively - postfix also
supports it (Glenn is about to kill me ;-)) but it is more of a bodge.

http://wiki.mailscanner.info/doku.php?id=maq:index#multiple_recipient_message_-_how_to_apply_different_rules

This feature is important as you may wish apply different rules to
different people.  If you don't split the envelope then the rules are
applied to the first email address in the envelope.

matt
From steve.freegard at fsl.com  Tue Jan 30 00:43:52 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Mon Jan 29 23:47:16 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE7F38.9090003@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>	<45BE642B.7070104@ecs.soton.ac.uk>	<eplq7l$a64$1@sea.gmane.org>	<45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com>
Message-ID: <45BE86B8.8030207@fsl.com>

Hi Chris,

Chris Yuzik wrote:
> Peter Russell wrote:
>> Dont forget to mention that postfix cannot and probably never will be 
>> able to split emails that are addressed to multiple recipients into 
>> multiple queue files, so you the one email can be subject to various 
>> rules, depending on who it was addressed to.
> Hmmm. That's interesting. And this is something that Sendmail does now? 
> Or does Sendmail need to be hacked to support this?

No hacking required - just a QUEUEGROUP definition (a one-liner).

> I don't think we're really doing any of this now, and am not sure how 
> important this feature would be. Anyone else doing this?

If you want per-recipient rules (e.g. spam scores, actions et al.) it is 
an absolute requirement.  This splits multiple recipient messages into 
multiple messages with a single recipient so that you can apply the 
policy chosen by each recipient individually as normally for a multiple 
recipient message you would normally have to take the 'default' action.

And to throw my hat into the ring about which MTA I would personally use 
if I switched from Sendmail - my choice would be:  Exim.

Reason:  it's easy to configure (like Postfix), can do the above 
multi-recipient message splitting (though not quite as elegantly as 
Sendmail), but it much more configurable than either Postfix or Sendmail 
but without the arcane syntax of Sendmail or the rigidity of the Postfix 
configuration.  For example - you could do greylisting natively using 
Exim's acl syntax without too much difficulty.  Virtual hosting doesn't 
seem too difficult either (as it supports native SQL lookup etc. like 
Postfix).

Cheers,
Steve.
From chandler.lists at chapman.edu  Tue Jan 30 00:46:37 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Mon Jan 29 23:49:55 2007
Subject: freebsd upgrade
In-Reply-To: <1170110523.72133@bsd4.nedport.net>
References: <1170110523.72133@bsd4.nedport.net>
Message-ID: <45BE875D.9070102@chapman.edu>

mailscanner@berger.nl wrote:
> OK,
>
> I have the same problem. Installed Freebsd upgrade by using the ports and now spam is not tagged any more. It gives the normal spam info in the header, but the subject is not changed. Does anyone have this solved yet?
>
> Roger
>   
Yeah, ain't that a fun one?

I did a portupgrade -f on the entire MailScanner dependency tree, and it 
seems to have resolved itself...

Damned if it didn't take FOREVER, though...

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From ssilva at sgvwater.com  Tue Jan 30 00:53:14 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jan 29 23:56:51 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE802C.9080207@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>	<52903.194.70.180.170.1170084612.squirrel@www.technologytiger.net>
	<45BE802C.9080207@fractalweb.com>
Message-ID: <epm1db$3b6$1@sea.gmane.org>

Chris Yuzik spake the following on 1/29/2007 3:15 PM:
> Drew Marshall wrote:
>> I tend to go with Martin on this but I moved (A number of years ago) from
>> Sendmail as I personally found it's config to be something of a mystery
>> and it's then almost constant patching a real nightmare (I did say it was
>> a few years ago. This has been dramatically reduced in the 8.13.x
>> series).
>> I moved to Postfix and have found it's config to be clear, simple and
>> powerful. Currently it plays fine with MailScanner and it will do so into
>> the future (Postfix's author will claim otherwise and will keep changing
>> the queue structure to keep Jules and Glenn on their toes). So my vote is
>> Postfix but usual caveats apply :-)
>>   
> Drew,
> 
> Are you saying that the Postfix authors are purposefully changing the
> queue structure to intentionally break MailScanner (and similar)?
> Obviously, we can't have a must-have upgrade to either MailScanner or
> Postfix, then find that mail is stuck until a patch comes in from the
> other guys. Has this been much of an issue?
> 
> After reading some of the other messages, I was leaning towards Postfix
> but this could be cause for concern.
> 
> Chris
I wouldn't say changing it to break Mailscanner. More like changing it to
exercise creative control over his work. He wants things done a certain way,
and that leaves him room to change the internals of his program without
worrying if it breaks something outside his control, or breaks how his
software used to work. Not worrying about backward compatibility frees him to
be creative to the ends he wants.
If it breaks the code of those that think outside "his" box, then that is of
no consequence to him. He "warned" everyone.
He does have the right to change his code. But that probably keeps more people
away from postfix.
Julian will make mailscanner work with postfix. He always has. Or he will get
to a point where he doesn't want to mess with it anymore.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Tue Jan 30 00:57:50 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 00:01:04 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <epln23$mas$2@sea.gmane.org>
References: <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<20070129072647.3B08.GERARD@seibercom.net>
	<45BE3366.8050301@ecs.soton.ac.uk>
	<223f97700701291134g5a9cad33jafdca54f954eddf8@mail.gmail.com>
	<epln23$mas$2@sea.gmane.org>
Message-ID: <223f97700701291557y488a862agf630e326e8c5db6d@mail.gmail.com>

OFF TOPIC! Don't read unless you really want to spend the time!!!
You've been warned:-)

On 29/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
> Glenn Steen spake the following on 1/29/2007 11:34 AM:
> > On 29/01/07, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> >>
> >>
> >> Gerard Seibert wrote:
> >> > On Monday January 29, 2007 at 04:00:48 (AM) Glenn Steen wrote:
> >> >
> >> >
> >> >> On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
> >> >>
> >> >>> Julian Field wrote:
> >> >>>
> >> >>>> There was 1 serious bug in 4.58.5 which I have now hopefully fixed.
> >> >>>>
> >> >>>> *Please* give this version a try as I don't intend changing anything
> >> >>>> before the 1st Feb stable release unless you notify me of any
> >> problems
> >> >>>> or bugs.
> >> >>>>
> >> >>>> Support for the 'p' records in Postfix 2.3/2.4 will have to wait for
> >> >>>> the next release of MailScanner, personally I think it is a nasty
> >> >>>> bodge. I wouldn't be at all surprised if Weitse changed his mind on
> >> >>>> this topic, he certainly should do.
> >> >>>>
> >> >>> Julian,
> >> >>>
> >> >>> Could you give a little more detail as to what 'p' records are,
> >> and how
> >> >>> this will affect MS's compatibility with postfix?
> >> >>>
> >> >>> Thanks.
> >> >>>
> >> >> Mike,
> >> >>
> >> >> Download the postfix source and read the comment in
> >> >> src/cleanup/cleanup_milter.c (starts on line 114 in the version 2.3.6
> >> >> sources). This is so far the best explanation of what it is I've
> >> >> found.
> >> >>
> >> >> If we manage to implement "support" for it correctly, it'll not change
> >> >> the support/non-support status of postfix one whit (Jules still
> >> >> supports it, Wietse will still see us as more evil than the horned
> >> >> devil for perusing the queue files directly... Well, perhaps not that
> >> >> evil, but close:-).
> >> >>
> >> >> We aim at making "milter edited queue files" -> "a (new) normal
> >> queue file".
> >> >>
> >> >> If you want my patches to look at beforehand, I can get them to you in
> >> >> a blink:-). So far they've been tested by me and Nerijus Baliunas (who
> >> >> is a brave soul and seems to be running them in production:-). They're
> >> >> good for 2.3 with milters, not yet 2.4 with body editing milters.
> >> >>
> >> >
> >> > I posted the original post regarding 'p' records on the Postfix forum,
> >> > and these are two of the responses that I received.
> >> >
> >> >
> >> > Software that depends on Postfix INTERNAL interfaces breaks the
> >> > warranty.
> >> Since when did his software come with a warranty? Ooohh, can I sue him
> >> please? Please?
> >>
> >> Jules
> >>
> > ROFL!
> > Thanks Jules... Really needed that today. Oh well, enough play... Back
> > to playing at being a plumber... (Sometimes I really don't like my
> > house:)
> >
> I am real good at plumbing! Now where is that 10,000 mile pipewrench?
> ;-D
I could've used the help.... Oh well, all tight now, no leaks (that I
know of)....:-).
I really hate it, pipes, water muck and all...
Estimated time: 1 hour
Real time: 4 hours.
Reason: Midway through, with everything in bits ... I realise I didn't
buy the right connectors... time to salvage the bits and pieces and
try combine with the new ones. Sigh.

BTW, of all the off-topic posts I've made lately... This one has to
take the price:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 30 01:17:22 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 00:20:38 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE7F38.9090003@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk> <eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au> <45BE7F38.9090003@fractalweb.com>
Message-ID: <223f97700701291617r7d95fae0g2140c6127df17fc8@mail.gmail.com>

On 30/01/07, Chris Yuzik <itdept@fractalweb.com> wrote:
> Peter Russell wrote:
> > Dont forget to mention that postfix cannot and probably never will be
> > able to split emails that are addressed to multiple recipients into
> > multiple queue files, so you the one email can be subject to various
> > rules, depending on who it was addressed to.
> Hmmm. That's interesting. And this is something that Sendmail does now?
> Or does Sendmail need to be hacked to support this?
>
> I don't think we're really doing any of this now, and am not sure how
> important this feature would be. Anyone else doing this?
>
> Chris
Not really interresting, no. It isn't true.
Postfix can do this, but does it at delivery, so one has to "fake" a
delivery via a dual instance setup and a transport map... It is all in
the wiki (both MAQ and my specific page), when/if you need it.
Pete has been telling us/me this cannot be done, although I've had a
box running with that ever since I wrote the page (and told Pete about
it, IIRC). Don't know why... Maybe he didn't get it to work or
somesuch.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From itdept at fractalweb.com  Tue Jan 30 01:20:39 2007
From: itdept at fractalweb.com (Chris Yuzik)
Date: Tue Jan 30 00:25:53 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <epm1db$3b6$1@sea.gmane.org>
References: <45BE0A57.5010109@fractalweb.com>	<52903.194.70.180.170.1170084612.squirrel@www.technologytiger.net>	<45BE802C.9080207@fractalweb.com>
	<epm1db$3b6$1@sea.gmane.org>
Message-ID: <45BE8F57.9020907@fractalweb.com>

Scott Silva wrote:
> I wouldn't say changing it to break Mailscanner. More like changing it to
> exercise creative control over his work. He wants things done a certain way,
> and that leaves him room to change the internals of his program without
> worrying if it breaks something outside his control, or breaks how his
> software used to work. Not worrying about backward compatibility frees him to
> be creative to the ends he wants.
> If it breaks the code of those that think outside "his" box, then that is of
> no consequence to him. He "warned" everyone.
> He does have the right to change his code. But that probably keeps more people
> away from postfix.
> Julian will make mailscanner work with postfix. He always has. Or he will get
> to a point where he doesn't want to mess with it anymore.
Hmmm. Interesting. So then Postfix is sort of a "dictatorship opensource 
project"? I would have thought that people would want their software to 
NOT break people's production servers.

Typically, how long has the lag been from a new version of Postfix that 
breaks things until a new version of MailScanner comes out that makes 
them work again?

Chris
From ssilva at sgvwater.com  Tue Jan 30 01:25:02 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 30 00:28:42 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <223f97700701291557y488a862agf630e326e8c5db6d@mail.gmail.com>
References: <45BD7919.1020009@rogers.com>	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>	<20070129072647.3B08.GERARD@seibercom.net>	<45BE3366.8050301@ecs.soton.ac.uk>	<223f97700701291134g5a9cad33jafdca54f954eddf8@mail.gmail.com>	<epln23$mas$2@sea.gmane.org>
	<223f97700701291557y488a862agf630e326e8c5db6d@mail.gmail.com>
Message-ID: <epm38u$8it$1@sea.gmane.org>

Glenn Steen spake the following on 1/29/2007 3:57 PM:
Warning accepted!
Off the old topic, but on the new topic.
So I guess this thread is officially hijacked!
Here be dragons!
Ye be warned!

> OFF TOPIC! Don't read unless you really want to spend the time!!!
> You've been warned:-)
> 
> On 29/01/07, Scott Silva <ssilva@sgvwater.com> wrote:
>> Glenn Steen spake the following on 1/29/2007 11:34 AM:
>> > On 29/01/07, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
>> >>
>> >>
>> >> Gerard Seibert wrote:
>> >> > On Monday January 29, 2007 at 04:00:48 (AM) Glenn Steen wrote:
>> >> >
>> >> >
>> >> >> On 29/01/07, Mike Jakubik <mikej@rogers.com> wrote:
>> >> >>
>> >> >>> Julian Field wrote:
>> >> >>>
>> >> >>>> There was 1 serious bug in 4.58.5 which I have now hopefully
>> fixed.
>> >> >>>>
>> >> >>>> *Please* give this version a try as I don't intend changing
>> anything
>> >> >>>> before the 1st Feb stable release unless you notify me of any
>> >> problems
>> >> >>>> or bugs.
>> >> >>>>
>> >> >>>> Support for the 'p' records in Postfix 2.3/2.4 will have to
>> wait for
>> >> >>>> the next release of MailScanner, personally I think it is a nasty
>> >> >>>> bodge. I wouldn't be at all surprised if Weitse changed his
>> mind on
>> >> >>>> this topic, he certainly should do.
>> >> >>>>
>> >> >>> Julian,
>> >> >>>
>> >> >>> Could you give a little more detail as to what 'p' records are,
>> >> and how
>> >> >>> this will affect MS's compatibility with postfix?
>> >> >>>
>> >> >>> Thanks.
>> >> >>>
>> >> >> Mike,
>> >> >>
>> >> >> Download the postfix source and read the comment in
>> >> >> src/cleanup/cleanup_milter.c (starts on line 114 in the version
>> 2.3.6
>> >> >> sources). This is so far the best explanation of what it is I've
>> >> >> found.
>> >> >>
>> >> >> If we manage to implement "support" for it correctly, it'll not
>> change
>> >> >> the support/non-support status of postfix one whit (Jules still
>> >> >> supports it, Wietse will still see us as more evil than the horned
>> >> >> devil for perusing the queue files directly... Well, perhaps not
>> that
>> >> >> evil, but close:-).
>> >> >>
>> >> >> We aim at making "milter edited queue files" -> "a (new) normal
>> >> queue file".
>> >> >>
>> >> >> If you want my patches to look at beforehand, I can get them to
>> you in
>> >> >> a blink:-). So far they've been tested by me and Nerijus
>> Baliunas (who
>> >> >> is a brave soul and seems to be running them in production:-).
>> They're
>> >> >> good for 2.3 with milters, not yet 2.4 with body editing milters.
>> >> >>
>> >> >
>> >> > I posted the original post regarding 'p' records on the Postfix
>> forum,
>> >> > and these are two of the responses that I received.
>> >> >
>> >> >
>> >> > Software that depends on Postfix INTERNAL interfaces breaks the
>> >> > warranty.
>> >> Since when did his software come with a warranty? Ooohh, can I sue him
>> >> please? Please?
>> >>
>> >> Jules
>> >>
>> > ROFL!
>> > Thanks Jules... Really needed that today. Oh well, enough play... Back
>> > to playing at being a plumber... (Sometimes I really don't like my
>> > house:)
>> >
>> I am real good at plumbing! Now where is that 10,000 mile pipewrench?
>> ;-D
> I could've used the help.... Oh well, all tight now, no leaks (that I
> know of)....:-).
> I really hate it, pipes, water muck and all...
> Estimated time: 1 hour
> Real time: 4 hours.
> Reason: Midway through, with everything in bits ... I realise I didn't
> buy the right connectors... time to salvage the bits and pieces and
> try combine with the new ones. Sigh.
> 
> BTW, of all the off-topic posts I've made lately... This one has to
> take the price:-).
> 
> Cheers
I have had even worse than that.
In my old house, I put in a new sink. I needed to change out a very clogged 90
fitting. Removing that fitting broke the pipe all the way under the house.
2 hour job turned into 2 day job, and even though the plumber didn't charge by
the hour, he (and I) went through a lot of beer, and I found a dead cat under
the house.
But I learned some good tricks those days.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From glenn.steen at gmail.com  Tue Jan 30 01:26:09 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 00:29:22 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE8428.8050706@coders.co.uk>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk> <eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au> <45BE7F38.9090003@fractalweb.com>
	<45BE8428.8050706@coders.co.uk>
Message-ID: <223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>

On 30/01/07, Matt Hampton <matt@coders.co.uk> wrote:
> Chris Yuzik wrote:
> > Peter Russell wrote:
> >> Dont forget to mention that postfix cannot and probably never will be
> >> able to split emails that are addressed to multiple recipients into
> >> multiple queue files, so you the one email can be subject to various
> >> rules, depending on who it was addressed to.
> > Hmmm. That's interesting. And this is something that Sendmail does now?
> > Or does Sendmail need to be hacked to support this?
> >
> > I don't think we're really doing any of this now, and am not sure how
> > important this feature would be. Anyone else doing this?
> >
> > Chris
> >
>
> Sendmail supports it now and we use it extensively - postfix also
> supports it (Glenn is about to kill me ;-)) but it is more of a bodge.

No, I'm not feeling murderous tonight... The "bogdiness" is due to the
fact that the one-liner change to make it split mails take effect
_after_ MS is done, so ... one has to be just a little creative to
make it happen before. Once setup, one can more or less treat the
system as any other PF/MS setup.

> http://wiki.mailscanner.info/doku.php?id=maq:index#multiple_recipient_message_-_how_to_apply_different_rules
>
> This feature is important as you may wish apply different rules to
> different people.  If you don't split the envelope then the rules are
> applied to the first email address in the envelope.
>
True.
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From pete at enitech.com.au  Tue Jan 30 01:32:12 2007
From: pete at enitech.com.au (Peter Russell)
Date: Tue Jan 30 00:35:28 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <223f97700701291617r7d95fae0g2140c6127df17fc8@mail.gmail.com>
References: <45BE0A57.5010109@fractalweb.com>	<45BE642B.7070104@ecs.soton.ac.uk>
	<eplq7l$a64$1@sea.gmane.org>	<45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com>
	<223f97700701291617r7d95fae0g2140c6127df17fc8@mail.gmail.com>
Message-ID: <45BE920C.7060904@enitech.com.au>



Glenn Steen wrote:
> On 30/01/07, Chris Yuzik <itdept@fractalweb.com> wrote:
>> Peter Russell wrote:
>> > Dont forget to mention that postfix cannot and probably never will be
>> > able to split emails that are addressed to multiple recipients into
>> > multiple queue files, so you the one email can be subject to various
>> > rules, depending on who it was addressed to.
>> Hmmm. That's interesting. And this is something that Sendmail does now?
>> Or does Sendmail need to be hacked to support this?
>>
>> I don't think we're really doing any of this now, and am not sure how
>> important this feature would be. Anyone else doing this?
>>
>> Chris
> Not really interresting, no. It isn't true.
> Postfix can do this, but does it at delivery, so one has to "fake" a
> delivery via a dual instance setup and a transport map... It is all in
> the wiki (both MAQ and my specific page), when/if you need it.
> Pete has been telling us/me this cannot be done, although I've had a
> box running with that ever since I wrote the page (and told Pete about
> it, IIRC). Don't know why... Maybe he didn't get it to work or
> somesuch.
> 
This is true you did show me and i havent done it. But i extend my 
thanks again. :) Because, i dont want to run 2 instances of postfix 
again. I am too cautious about making changes to want to affect every 
single message to achieve it.

Another way is to set #smtpd_recipient_limit = 1 but this creates 
performance issues.

Anyway i wasnt trying to make a big deal out of it, only suggesting that 
it is something i would consider if was choosing the MTA for a new 
installation. If it was me starting again, i would choose Exim - based 
on my limited understanding of the features of these softwares.



From glenn.steen at gmail.com  Tue Jan 30 01:36:03 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 00:39:16 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE8F57.9020907@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>
	<52903.194.70.180.170.1170084612.squirrel@www.technologytiger.net>
	<45BE802C.9080207@fractalweb.com> <epm1db$3b6$1@sea.gmane.org>
	<45BE8F57.9020907@fractalweb.com>
Message-ID: <223f97700701291636w33a46feax912aa25b8527375@mail.gmail.com>

On 30/01/07, Chris Yuzik <itdept@fractalweb.com> wrote:
> Scott Silva wrote:
> > I wouldn't say changing it to break Mailscanner. More like changing it to
> > exercise creative control over his work. He wants things done a certain way,
> > and that leaves him room to change the internals of his program without
> > worrying if it breaks something outside his control, or breaks how his
> > software used to work. Not worrying about backward compatibility frees him to
> > be creative to the ends he wants.
> > If it breaks the code of those that think outside "his" box, then that is of
> > no consequence to him. He "warned" everyone.
> > He does have the right to change his code. But that probably keeps more people
> > away from postfix.
> > Julian will make mailscanner work with postfix. He always has. Or he will get
> > to a point where he doesn't want to mess with it anymore.
> Hmmm. Interesting. So then Postfix is sort of a "dictatorship opensource
> project"? I would have thought that people would want their software to
> NOT break people's production servers.
>
> Typically, how long has the lag been from a new version of Postfix that
> breaks things until a new version of MailScanner comes out that makes
> them work again?
>
> Chris
Actually hard to say... Not that long. By the time "mainline" distros
have picked up that particular new version, MailScanner has been up to
speed, so far... Often, the lag has been less than a few days.
It's not like one _has_ to be first with every update to PF:-).
It's not often subject to vulnerabilities, and those usually don't
have very far-reaching consequenses (due to design... This is where
the behemoths (sendmail and Exim) can fall short:).

I imagine it isn't a problem for most people. Certainly not for me;).
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From res at ausics.net  Tue Jan 30 01:39:57 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 00:43:17 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <45BE8428.8050706@coders.co.uk>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk>
	<eplq7l$a64$1@sea.gmane.org> <45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com> <45BE8428.8050706@coders.co.uk>
Message-ID: <Pine.LNX.4.64.0701301038410.27838@ebfjryy.nhfvpf.arg>

ARGGGGGGGGG



On Mon, 29 Jan 2007, Matt Hampton wrote:

> Our MailScanner believes that the attachment to this message sent to you
>
>    From: mailscanner-bounces@lists.mailscanner.info
> Subject: Re: OT: building new server, need MTA advice
>
> is Unsolicited Commercial Email (spam). Unless you are sure that this message
> is incorrectly thought to be spam, please delete this message without opening
> it. Opening spam messages might allow the spammer to verify your email
> address.
>
> If you believe that this message has been incorrectly marked as spam, please
> forward this email to mailscanner-bounce.
>
> pts rule name              description
> ---- ---------------------- --------------------------------------------------
> 0.8 INFO_TLD               URI: Contains an URL in the INFO top-level domain
> 3.2 URI_NO_WWW_INFO_CGI    URI: CGI in .info TLD other than third-level
>                            "www"
>
>
>
>

-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From ssilva at sgvwater.com  Tue Jan 30 01:39:19 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 30 00:45:08 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE8F57.9020907@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>	<52903.194.70.180.170.1170084612.squirrel@www.technologytiger.net>	<45BE802C.9080207@fractalweb.com>	<epm1db$3b6$1@sea.gmane.org>
	<45BE8F57.9020907@fractalweb.com>
Message-ID: <epm43o$bo5$1@sea.gmane.org>

Chris Yuzik spake the following on 1/29/2007 4:20 PM:
> Scott Silva wrote:
>> I wouldn't say changing it to break Mailscanner. More like changing it to
>> exercise creative control over his work. He wants things done a
>> certain way,
>> and that leaves him room to change the internals of his program without
>> worrying if it breaks something outside his control, or breaks how his
>> software used to work. Not worrying about backward compatibility frees
>> him to
>> be creative to the ends he wants.
>> If it breaks the code of those that think outside "his" box, then that
>> is of
>> no consequence to him. He "warned" everyone.
>> He does have the right to change his code. But that probably keeps
>> more people
>> away from postfix.
>> Julian will make mailscanner work with postfix. He always has. Or he
>> will get
>> to a point where he doesn't want to mess with it anymore.
> Hmmm. Interesting. So then Postfix is sort of a "dictatorship opensource
> project"? I would have thought that people would want their software to
> NOT break people's production servers.
> 
> Typically, how long has the lag been from a new version of Postfix that
> breaks things until a new version of MailScanner comes out that makes
> them work again?
> 
> Chris
Julian usually has a beta up within a week, maybe two. Many times it is only a
few days.
It usually is fixed by the next full release. So not very long. There are
several beta testers using postfix, and they hammer the code pretty well and
toss patches and suggestions back.
So mailscanner doesn't work with postfix "because of" Wietse. It works "in
spite of him".

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From res at ausics.net  Tue Jan 30 01:43:25 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 00:46:44 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk>
	<eplq7l$a64$1@sea.gmane.org> <45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com> <45BE8428.8050706@coders.co.uk>
	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>

Hrm what are you guys doing, there are a few of these things coming to the 
list in recent days...

should it not be telling you, not the list :)


On Tue, 30 Jan 2007, Glenn Steen wrote:

> Our MailScanner believes that the attachment to this message sent to you
>
>    From: mailscanner-bounces@lists.mailscanner.info
> Subject: Re: OT: building new server, need MTA advice
>
> is Unsolicited Commercial Email (spam). Unless you are sure that this message
> is incorrectly thought to be spam, please delete this message without opening
> it. Opening spam messages might allow the spammer to verify your email
> address.
>
> If you believe that this message has been incorrectly marked as spam, please
> forward this email to mailscanner-bounce.
>
> pts rule name              description
> ---- ---------------------- --------------------------------------------------
> 0.8 INFO_TLD               URI: Contains an URL in the INFO top-level domain
> 3.2 URI_NO_WWW_INFO_CGI    URI: CGI in .info TLD other than third-level
>                            "www"
> 0.6 SARE_MSGID_LONG40      Message ID has suspicious length
>
>
>
>

-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From chandler.lists at chapman.edu  Tue Jan 30 01:46:11 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Tue Jan 30 00:49:27 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
References: <45BE0A57.5010109@fractalweb.com>	<45BE642B.7070104@ecs.soton.ac.uk>	<eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au>	<45BE7F38.9090003@fractalweb.com>
	<45BE8428.8050706@coders.co.uk>	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
Message-ID: <45BE9553.3010103@chapman.edu>

Res wrote:
> Hrm what are you guys doing, there are a few of these things coming to 
> the list in recent days...
>
> should it not be telling you, not the list :)
>
Urm... they're not showing up to me.  I think your Mailscanner 
implementation has a fairly broken notification scheme...

Also, you filter so that 4.6 constitutes spam?  Jeez...

-- Jay

>
> On Tue, 30 Jan 2007, Glenn Steen wrote:
>
>> Our MailScanner believes that the attachment to this message sent to you
>>
>>    From: mailscanner-bounces@lists.mailscanner.info
>> Subject: Re: OT: building new server, need MTA advice
>>
>> is Unsolicited Commercial Email (spam). Unless you are sure that this 
>> message
>> is incorrectly thought to be spam, please delete this message without 
>> opening
>> it. Opening spam messages might allow the spammer to verify your email
>> address.
>>
>> If you believe that this message has been incorrectly marked as spam, 
>> please
>> forward this email to mailscanner-bounce.
>>
>> pts rule name              description
>> ---- ---------------------- 
>> --------------------------------------------------
>> 0.8 INFO_TLD               URI: Contains an URL in the INFO top-level 
>> domain
>> 3.2 URI_NO_WWW_INFO_CGI    URI: CGI in .info TLD other than third-level
>>                            "www"
>> 0.6 SARE_MSGID_LONG40      Message ID has suspicious length
>>
>>
>>
>>
>


-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From glenn.steen at gmail.com  Tue Jan 30 01:55:57 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 00:59:10 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE920C.7060904@enitech.com.au>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk> <eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au> <45BE7F38.9090003@fractalweb.com>
	<223f97700701291617r7d95fae0g2140c6127df17fc8@mail.gmail.com>
	<45BE920C.7060904@enitech.com.au>
Message-ID: <223f97700701291655t7cfa47cdq13cd87e1420d51d9@mail.gmail.com>

On 30/01/07, Peter Russell <pete@enitech.com.au> wrote:
>
>
> Glenn Steen wrote:
> > On 30/01/07, Chris Yuzik <itdept@fractalweb.com> wrote:
> >> Peter Russell wrote:
> >> > Dont forget to mention that postfix cannot and probably never will be
> >> > able to split emails that are addressed to multiple recipients into
> >> > multiple queue files, so you the one email can be subject to various
> >> > rules, depending on who it was addressed to.
> >> Hmmm. That's interesting. And this is something that Sendmail does now?
> >> Or does Sendmail need to be hacked to support this?
> >>
> >> I don't think we're really doing any of this now, and am not sure how
> >> important this feature would be. Anyone else doing this?
> >>
> >> Chris
> > Not really interresting, no. It isn't true.
> > Postfix can do this, but does it at delivery, so one has to "fake" a
> > delivery via a dual instance setup and a transport map... It is all in
> > the wiki (both MAQ and my specific page), when/if you need it.
> > Pete has been telling us/me this cannot be done, although I've had a
> > box running with that ever since I wrote the page (and told Pete about
> > it, IIRC). Don't know why... Maybe he didn't get it to work or
> > somesuch.
> >
> This is true you did show me and i havent done it. But i extend my
> thanks again. :) Because, i dont want to run 2 instances of postfix
> again. I am too cautious about making changes to want to affect every
> single message to achieve it.
>
> Another way is to set #smtpd_recipient_limit = 1 but this creates
> performance issues.
That would be truly bad.

> Anyway i wasnt trying to make a big deal out of it, only suggesting that
> it is something i would consider if was choosing the MTA for a new
> installation. If it was me starting again, i would choose Exim - based
> on my limited understanding of the features of these softwares.
>
>
Well, if one is to set things up from scratch, why then setting it up
like this is
a) harmless, since there is no preexisting system to "upset":-)
b) not that hard, sure it might look much, but... I opted for
"detailed" instead of "salespersonlike";-)
c) not hugely expensive.... If you run MS and particularly SA on every
message, the overhead of the second instance is _nothing_. It was
never performance that made us abandon the defer method;). And
splitting is "expensive" for all MTAs, so ...

Anyway, I too would consider Exim very carefully. They all have their
strengths/weaknesses, and none of them are truey a bad choice, AFAICS.

If I were to leave my current employer, I'd seel them DefenderMX,
probably "applianced"... Which would mean Sendmail.
But they have me, and I'm comfy with PF, so ... There I will remain:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From res at ausics.net  Tue Jan 30 01:57:37 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 01:00:56 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <45BE9553.3010103@chapman.edu>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk>
	<eplq7l$a64$1@sea.gmane.org> <45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com> <45BE8428.8050706@coders.co.uk>
	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
	<45BE9553.3010103@chapman.edu>
Message-ID: <Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>

On Mon, 29 Jan 2007, Jay Chandler wrote:

> Res wrote:
>> Hrm what are you guys doing, there are a few of these things coming to the 
>> list in recent days...
>> 
>> should it not be telling you, not the list :)
>> 
> Urm... they're not showing up to me.  I think your Mailscanner implementation 
> has a fairly broken notification scheme...
>
> Also, you filter so that 4.6 constitutes spam?  Jeez...


ARG i knew it was still too early after a late night and only having 1 
coffee so far, ill come back in 30 mins and restart the day again :P

Yes, 3 is low score spam here, its worked well and very rarely has 
positive hits, only in past few days it has.



-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From chandler.lists at chapman.edu  Tue Jan 30 02:07:25 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Tue Jan 30 01:10:40 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>
References: <45BE0A57.5010109@fractalweb.com>	<45BE642B.7070104@ecs.soton.ac.uk>	<eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au>	<45BE7F38.9090003@fractalweb.com>
	<45BE8428.8050706@coders.co.uk>	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>	<45BE9553.3010103@chapman.edu>
	<Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>
Message-ID: <45BE9A4D.1010705@chapman.edu>

Res wrote:
> On Mon, 29 Jan 2007, Jay Chandler wrote:
>
> ARG i knew it was still too early after a late night and only having 1 
> coffee so far, ill come back in 30 mins and restart the day again :P
>
Jeez, it's 5PM here-- quittin' time!  So how's the Glorious Future?
> Yes, 3 is low score spam here, its worked well and very rarely has 
> positive hits, only in past few days it has.
>
>
>
I had the same issue once, and my solution was to add more rules.  I 
prefer the "death of a thousand cuts" method-- with some of the rulesets 
we use, ham with scores of 4 aren't unheard of...



-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From gerard at seibercom.net  Tue Jan 30 02:08:40 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Tue Jan 30 01:11:46 2007
Subject: freebsd upgrade
In-Reply-To: <45BE875D.9070102@chapman.edu>
References: <1170110523.72133@bsd4.nedport.net> <45BE875D.9070102@chapman.edu>
Message-ID: <20070129200640.6E1A.GERARD@seibercom.net>

On Monday January 29, 2007 at 06:46:37 (PM) Jay Chandler wrote:

[...]

> I did a portupgrade -f on the entire MailScanner dependency tree, and it 
> seems to have resolved itself...
> 
> Damned if it didn't take FOREVER, though...

Personally, I use 'portmanager' for updating. It seems to do a more
through job.

Just my 2?.

-- 
Gerard

From res at ausics.net  Tue Jan 30 02:09:57 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 01:13:15 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk>
	<eplq7l$a64$1@sea.gmane.org> <45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com> <45BE8428.8050706@coders.co.uk>
	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
	<45BE9553.3010103@chapman.edu>
	<Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>
Message-ID: <Pine.LNX.4.64.0701301107040.27955@ebfjryy.nhfvpf.arg>

On Tue, 30 Jan 2007, Res wrote:
> On Mon, 29 Jan 2007, Jay Chandler wrote:

OK found the confusion...

There is no:
" From: "$postmastername" <$localpostmaster> "
header in  inline.spam.warning.txt

Giving the appearance that the other guys sent it :)




-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From chandler.lists at chapman.edu  Tue Jan 30 02:10:43 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Tue Jan 30 01:13:58 2007
Subject: freebsd upgrade
In-Reply-To: <20070129200640.6E1A.GERARD@seibercom.net>
References: <1170110523.72133@bsd4.nedport.net> <45BE875D.9070102@chapman.edu>
	<20070129200640.6E1A.GERARD@seibercom.net>
Message-ID: <45BE9B13.6030308@chapman.edu>

Gerard Seibert wrote:
> On Monday January 29, 2007 at 06:46:37 (PM) Jay Chandler wrote:
>
> [...]
>
>   
>> I did a portupgrade -f on the entire MailScanner dependency tree, and it 
>> seems to have resolved itself...
>>
>> Damned if it didn't take FOREVER, though...
>>     
>
> Personally, I use 'portmanager' for updating. It seems to do a more
> through job.
>
> Just my 2?.
>
>   
Yeah, I've heard that from a couple people-- I might start using it.

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From glenn.steen at gmail.com  Tue Jan 30 02:11:36 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 01:14:51 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk> <eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au> <45BE7F38.9090003@fractalweb.com>
	<45BE8428.8050706@coders.co.uk>
	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
Message-ID: <223f97700701291711v399aa2b4mb01276f9af2da21e@mail.gmail.com>

On 30/01/07, Res <res@ausics.net> wrote:
> Hrm what are you guys doing, there are a few of these things coming to the
> list in recent days...
>
> should it not be telling you, not the list :)

No it shouldn't... Look below for explanation... It is telling the
"guilty one" AFAICS;-)

> On Tue, 30 Jan 2007, Glenn Steen wrote:
(snip)
> > pts rule name              description
> > ---- ---------------------- --------------------------------------------------
> > 0.8 INFO_TLD               URI: Contains an URL in the INFO top-level domain
> > 3.2 URI_NO_WWW_INFO_CGI    URI: CGI in .info TLD other than third-level
> >                            "www"
These two are due to a reference to the wiki. It starts with wiki
instead of www, and MailScanner has a .info tld.

> > 0.6 SARE_MSGID_LONG40      Message ID has suspicious length
This one is probably due to Gmail having very long Message-IDs.... but
not over any RFC limit.

Two things:
This is your setup carping. If it bothers you, fix it;-):-)
You should follow Jules recommendation to whitelist the mailing list.
If not, you'll have one of these every time someone include a link to
the wiki (or the MAQ).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 30 02:15:56 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 01:19:09 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701301107040.27955@ebfjryy.nhfvpf.arg>
References: <45BE0A57.5010109@fractalweb.com> <eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au> <45BE7F38.9090003@fractalweb.com>
	<45BE8428.8050706@coders.co.uk>
	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
	<45BE9553.3010103@chapman.edu>
	<Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701301107040.27955@ebfjryy.nhfvpf.arg>
Message-ID: <223f97700701291715g52bcd6a6q58ce55b1add1e319@mail.gmail.com>

On 30/01/07, Res <res@ausics.net> wrote:
> On Tue, 30 Jan 2007, Res wrote:
> > On Mon, 29 Jan 2007, Jay Chandler wrote:
>
> OK found the confusion...
>
> There is no:
> " From: "$postmastername" <$localpostmaster> "
> header in  inline.spam.warning.txt
>
> Giving the appearance that the other guys sent it :)
>
We wouldn't do that to you... After all, we're not evil:-D.

Put some amber in it, might not help the thought process, but... Well,
sounds like you need it as bad as another cup o' java;)
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From res at ausics.net  Tue Jan 30 02:17:50 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 01:21:08 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <45BE9A4D.1010705@chapman.edu>
References: <45BE0A57.5010109@fractalweb.com>
	<45BE642B.7070104@ecs.soton.ac.uk>
	<eplq7l$a64$1@sea.gmane.org> <45BE76E3.40506@enitech.com.au>
	<45BE7F38.9090003@fractalweb.com> <45BE8428.8050706@coders.co.uk>
	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
	<45BE9553.3010103@chapman.edu>
	<Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>
	<45BE9A4D.1010705@chapman.edu>
Message-ID: <Pine.LNX.4.64.0701301110210.27955@ebfjryy.nhfvpf.arg>

On Mon, 29 Jan 2007, Jay Chandler wrote:

>> ARG i knew it was still too early after a late night and only having 1 
>> coffee so far, ill come back in 30 mins and restart the day again :P
>> 
> Jeez, it's 5PM here-- quittin' time!  So how's the Glorious Future?

Well, you'll go to bed about 12.30am,  be woken up around 1.45am by a 
wild vicous electrical storm (very pretty display though), after an hour 
the thunder will abait and you'll just have nice heavy rain easy to go 
back to sleep too, then around 430am you will be woken up again with
round two, you'll get back to sleep around 5.15-5.30 only to have to get 
up at 630, you'll have one cup of coffee, but buy about 10am youll wish 
you had 4.

>> Yes, 3 is low score spam here, its worked well and very rarely has positive 
>> hits, only in past few days it has.

> I had the same issue once, and my solution was to add more rules.  I prefer 
> the "death of a thousand cuts" method-- with some of the rulesets we use, ham 
> with scores of 4 aren't unheard of...

It still works good, the only thing I object to, is the .info TLD scores.
I quarantine messages at 8, and monitored it for ages, 8 was a gopod 
level, I probably could use 5, buit 8 is fair, one of my cisco suppliers 
weekly specials always topped in at 7 :) (course hes whitelisted now)


-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From res at ausics.net  Tue Jan 30 02:21:04 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 01:24:22 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <223f97700701291715g52bcd6a6q58ce55b1add1e319@mail.gmail.com>
References: <45BE0A57.5010109@fractalweb.com> <eplq7l$a64$1@sea.gmane.org>
	<45BE76E3.40506@enitech.com.au> <45BE7F38.9090003@fractalweb.com>
	<45BE8428.8050706@coders.co.uk>
	<223f97700701291626p75521a4fr53981c4efa7b8bb1@mail.gmail.com>
	<Pine.LNX.4.64.0701301042260.27838@ebfjryy.nhfvpf.arg>
	<45BE9553.3010103@chapman.edu>
	<Pine.LNX.4.64.0701301054320.27955@ebfjryy.nhfvpf.arg>
	<Pine.LNX.4.64.0701301107040.27955@ebfjryy.nhfvpf.arg>
	<223f97700701291715g52bcd6a6q58ce55b1add1e319@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.0701301118480.27955@ebfjryy.nhfvpf.arg>

On Tue, 30 Jan 2007, Glenn Steen wrote:

>> OK found the confusion...
>> 
>> There is no:
>> " From: "$postmastername" <$localpostmaster> "
>> header in  inline.spam.warning.txt
>> 
>> Giving the appearance that the other guys sent it :)
>> 
> We wouldn't do that to you... After all, we're not evil:-D.

*cough*  :P

> Put some amber in it, might not help the thought process, but... Well,

oh my... not at 11.19 am, I try not to amberise things till least 6pm :D
even if its already 33c outside, still cooler than yesterday.

-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From email at ace.net.au  Tue Jan 30 02:42:45 2007
From: email at ace.net.au (Peter Nitschke)
Date: Tue Jan 30 01:46:27 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <200701260237560115.03D958C4@smtp1.ace.net.au>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<200701260148020079.03ABA951@smtp1.ace.net.au>
	<223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com>
	<200701260237560115.03D958C4@smtp1.ace.net.au>
Message-ID: <200701301212450355.1A8086C5@smtp1.ace.net.au>



*********** REPLY SEPARATOR  ***********

On 26/01/2007 at 2:37 AM Peter Nitschke wrote:

>On 25/01/2007 at 4:36 PM Glenn Steen wrote:
>
>>> >Start looking at (MAQ):
>>>
>>>http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins
_
>and
>>> _bayes
>>> >And also (wiki):
>>>
>>>http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam
:
>spama
>>> ssassin:plugins
>>>
>>> Is that stuff still current?  On my new Centos 4 setup I simply used
>"yum
>>> install perl-Razor-Agent pyzor DCC"
>>>
>>> The last 2 are from atrpms.net
>>>
>>> I then commented out the lines in spam.assassin.prefs.conf: (I got lint
>>> errors if I left them in)
>>> # pyzor path
>>> # DCC path
>>>
>>> Last I made sure the relevant lines in v310.pre were uncommented.
>>>
>>> Bingo, instant razor, pyzor and DCC.
>>>
>>> Peter
>>>
>>Since they detail how to use the f^Hsource, I presume they are OK.
>>If you want to use RPMs and yum, and feel this should be mentioned in
>>the wiki... why then... feel free to update the wiki pages with this
>>additional info;-). After all, that is what a wiki is all about:-D
>>
>>That you get errors about some lines regarding pyzor and DCC might be
>>indicative that you aren't loading the plugins properly... Have you
>>checked (with a spamassassin -D) that they load/execute as they
>>should? See, SpamAssassin doesn'?t know about those settings.... the
>>individual plugins do though;-). So if you had done thinsg the other
>>way around (load plugins uncommented, then --lint) things might've
>>looked differently;)
>
>I just tested it again, the pyzor_path is actually OK and DCC_path is also
>OK if I change it from /usr/local/bin to /usr/bin - the rpm put dccproc in
>a different place.
>
>However, I am curious as to why the settings are needed as it actually
>worked and linted fine with the lines commented out.
>
>Now that they are plugins, are the path lines still needed?

Can anyone verify this for me please?



From chandler.lists at chapman.edu  Tue Jan 30 03:14:49 2007
From: chandler.lists at chapman.edu (Jay Chandler)
Date: Tue Jan 30 02:18:03 2007
Subject: Missing new spam...
Message-ID: <45BEAA19.8050205@chapman.edu>

Gotten a few of these:

Hi,

VI_zAGRA $3, 35
VA_zLIUM $1, 20
AM_zBIEN $2, 90
CI_zALIS $3, 75
XA_zNAX  $1, 45

http://www.tod*rx.com 

Remove "*" to make the link working!


Has anyone written some custom rules to handle these yet?

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / chandler@chapman.edu
Today's Excuse: Secretary sent chain letter to all 5000 employees. 

From email at ace.net.au  Tue Jan 30 04:14:07 2007
From: email at ace.net.au (Peter Nitschke)
Date: Tue Jan 30 03:17:35 2007
Subject: TNEF setting.
Message-ID: <200701301344070228.1AD42C55@smtp1.ace.net.au>

I have been doing many fresh MS installs recently and I find that it still
occasionally trips up on some winmail.dat files.

Changing to TNEF Expander = internal instead of external fixes the problem.

Is it worth making "internal" the default in the conf file?

Peter


From subscriptions at burakueda.com  Tue Jan 30 05:23:23 2007
From: subscriptions at burakueda.com (Burak Ueda)
Date: Tue Jan 30 04:26:50 2007
Subject: {Spam?} Re: Missing new spam...
In-Reply-To: <45BEAA19.8050205@chapman.edu>
References: <45BEAA19.8050205@chapman.edu>
Message-ID: <45BEC83B.5070306@burakueda.com>

Hi,
 wrote some set of rules for this.
I am an absolute beginner in both writing SA rules, and using regular 
expressions.
I am continuously checking it for few days now, and it seems to be working.

But I'd love to hear some comments from experienced users. Here are the 
rules:
http://burakueda.com/text/drugrules.txt



Jay Chandler wrote:
> Gotten a few of these:
>
> Hi,
>
> VI_zAGRA $3, 35
> VA_zLIUM $1, 20
> AM_zBIEN $2, 90
> CI_zALIS $3, 75
> XA_zNAX  $1, 45
>
> http://www.tod*rx.com
> Remove "*" to make the link working!
>
>
> Has anyone written some custom rules to handle these yet?
>

From dave99 at gmail.com  Tue Jan 30 06:41:29 2007
From: dave99 at gmail.com (Dave)
Date: Tue Jan 30 05:45:01 2007
Subject: New Beta 4.58.6 released
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BDD448.3080908@nerc.ac.uk>
Message-ID: <loom.20070130T063937-341@post.gmane.org>

I'm getting an error in the new version:
KickMessage failed as couldn't write to /qmgr, Permission denied

I'm guessing that is path error on my part somewhere, but being a mailscanner
newbie, I'm just not sure where to begin with it.



From email at ace.net.au  Tue Jan 30 07:10:43 2007
From: email at ace.net.au (Peter Nitschke)
Date: Tue Jan 30 06:14:14 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45BE0A57.5010109@fractalweb.com>
References: <45BE0A57.5010109@fractalweb.com>
Message-ID: <200701301640430775.1B75DD18@smtp1.ace.net.au>

>We're in the process of building what will be our new web and mail 
>server. We will be hosting several virtual domains and each will have 
>anywhere from a few to a couple of hundred email users. Obviously we 
>will be running MailScanner and also MailWatch. The box is running 
>CentOS 4.4 (it's like RHEL).
>
>Since we're starting fresh on this box, we're not necessarily married to 
>Sendmail like on our other servers. We could stick with Sendmail, or we 
>could move over to Postfix or Exim (anything else worth considering?). 
>We'd like to be able to add new spam-fighting features as they come out, 
>such as the greet-pause and such. Over the years we've used Sendmail, 
>I've found it a bear to tweak so have done the absolute minimum with it. 
>We're looking for something that is secure, efficient, maintained (which 
>rules out qmail) and easy to administer. Whatever we look at needs to 
>play very nicely with MailScanner or it's not worth considering. 
>Finally, (and I'm not sure it makes a difference to the MTA), we need 
>our users to be able to log in with the "username@domain.tld" format 
>because that's what they use now and I don't want to have to change 
>hundreds of user's email client settings.
>
>Now for the big question: Is there an MTA that should we consider using 
>instead of Sendmail?

I added a couple of lines to sendmail.mc that allowed me to tune it easier,
things that have defaults in sendmail.cf that I wanted to adjust.

Apart from that, after having used sendmail for a few years, I find the
later versions very easy to work with, and use minimal changes from the
default settings.

Peter


From martinh at solidstatelogic.com  Tue Jan 30 10:25:24 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 30 09:28:50 2007
Subject: Missing new spam...
In-Reply-To: <45BEAA19.8050205@chapman.edu>
Message-ID: <a9872a814c190a4a85b7e746d882acde@solidstatelogic.com>

Jay

I put in the following last night and it seems to be working fine....BTW
DCC is trapping SOME of these!

# 2007-01-24 new rules (adapted from Henrik Krohns
# <hege@stream.hege.li> on SA list) # http:// [user [:password] @]
# <legal uri characters> + <1 illegal char> + <legal chars> # + (<end of
uri> or
 / or ? or :<port>)
uri             local_OBFUDOM
/https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9
._\-]{1,30})?\@)?[a-z0-9._\-]{1,30}[^a-z0-9._\-\/:'\[][a-z0-9._\-\@]{1,3
0}(?:$|\
/|\?|:[0-9])/i
describe        local_OBFUDOM           Domain contains illegal
characters
score   local_OBFUDOM           1.1

body            __obfdomreq1
/\b(?:remove|replace|substitute)\b/i
body            __obfdomreq2
/(?:\bdomain\b|\baddress\b|"[^"]"|'[^']'
)/i
body            __obfdomreq3            /\bImportant!/i
meta            __obfudomreq            (__obfdomreq1 + __obfdomreq2 +
__obfdomr
eq3) > 1
meta            local_OBFDOMREQ         (local_OBFUDOM && __obfudomreq)
describe        local_OBFDOMREQ         Request to modify obfuscated
domain
score   local_OBFDOMREQ         3.1

watch out for newlines in the wrong place..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Jay Chandler
> Sent: 30 January 2007 02:15
> To: MailScanner discussion
> Subject: Missing new spam...
>
> Gotten a few of these:
>
> Hi,
>
> VI_zAGRA $3, 35
> VA_zLIUM $1, 20
> AM_zBIEN $2, 90
> CI_zALIS $3, 75
> XA_zNAX  $1, 45
>
> http://www.tod*rx.com
>
> Remove "*" to make the link working!
>
>
> Has anyone written some custom rules to handle these yet?
>
> --
> Jay Chandler
> Network Administrator, Chapman University
> 714.628.7249 / chandler@chapman.edu
> Today's Excuse: Secretary sent chain letter to all 5000 employees.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From martinh at solidstatelogic.com  Tue Jan 30 10:27:48 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 30 09:31:16 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701301038410.27838@ebfjryy.nhfvpf.arg>
Message-ID: <67b9adfa23e7124e9909573e28ca8748@solidstatelogic.com>

Res

Put the mailscanner lists in your mailScanner (not Spamassassin)
whitelist...ie a ruleset attached to "Is Definitely Not Spam".

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Res
> Sent: 30 January 2007 00:40
> To: MailScanner discussion
> Subject: Re: {MailScanner: Spam} Re: OT: building new server, need MTA
> advice
>
> ARGGGGGGGGG
>
>
>
> On Mon, 29 Jan 2007, Matt Hampton wrote:
>
> > Our MailScanner believes that the attachment to this message sent to
you
> >
> >    From: mailscanner-bounces@lists.mailscanner.info
> > Subject: Re: OT: building new server, need MTA advice
> >
> > is Unsolicited Commercial Email (spam). Unless you are sure that
this
> message
> > is incorrectly thought to be spam, please delete this message
without
> opening
> > it. Opening spam messages might allow the spammer to verify your
email
> > address.
> >
> > If you believe that this message has been incorrectly marked as
spam,
> please
> > forward this email to mailscanner-bounce.
> >
> > pts rule name              description
> > ---- ----------------------
--------------------------------------------
> ------
> > 0.8 INFO_TLD               URI: Contains an URL in the INFO
top-level
> domain
> > 3.2 URI_NO_WWW_INFO_CGI    URI: CGI in .info TLD other than
third-level
> >                            "www"
> >
> >
> >
> >
>
> --
> Cheers
> Res
>
> "We can be Heroes, just for one day" - Davey (Jones) Bowie
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Tue Jan 30 10:35:02 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 09:39:45 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <loom.20070130T063937-341@post.gmane.org>
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BDD448.3080908@nerc.ac.uk>
	<loom.20070130T063937-341@post.gmane.org>
Message-ID: <45BF1146.4090302@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just noticed a nasty obvious bug in KickMessage in Postfix.pm.

Please find the "sub KickMessage" line in Postfix.pm and change the code 
to this:

  # Send an I down the FIFO to the Postfix queue manager, so that it reads
  # its incoming queue.
  # I am passed a hash of queues --> space-separated string of message ids
  sub KickMessage {
    my($queue2ids) = @_;
    my($queue);

    # Do a kick for every queue that contains some message ids
    foreach $queue (keys %$queue2ids) {
      next unless $queue2ids->{$queue};

      # Using the spool directory with the last element chopped off,
      # find the public directory wth the qmgr FIFO in it. Send an I
      # to that FIFO.
      my $public = $queue;
      $public =~ s/[^\/]+$/public/;
      next unless $public; # Sanity checking!
      my $fh = new FileHandle;
      $fh->open(">$public/qmgr") or
        MailScanner::Log::WarnLog("KickMessage failed as couldn't write 
to " .
                                  "%s, %s", "$public/qmgr", $!);
      print $fh "I";
      $fh->close;
    }
    return 0;
  }

That stands rather more chance of working properly. But please do test 
this to ensure it works. If you remove the "Sanity checking!" line 
completely and then run it as you were before, you should not get any 
error message again. Let me know how you get on.

Thanks!

Jules.


Dave wrote:
> I'm getting an error in the new version:
> KickMessage failed as couldn't write to /qmgr, Permission denied
>
> I'm guessing that is path error on my part somewhere, but being a mailscanner
> newbie, I'm just not sure where to begin with it.
>
>
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFvxGIEfZZRxQVtlQRAootAKC5YCoQkDw0iw3EqWAgI5l7okjTfwCg9deu
miBvm0OkAP+TdvNXKYY5w7I=
=6I5P
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From lhaig at haigmail.com  Tue Jan 30 10:44:44 2007
From: lhaig at haigmail.com (Lance Haig)
Date: Tue Jan 30 09:48:08 2007
Subject: Error when starting Mailscanner
Message-ID: <45BF138C.1060409@haigmail.com>

Hi,

I get the following error when I restart my MS server

sendmail
    (reason: 550 5.1.1 <sendmail@mailhost.redarmour.co.uk>... User unknown)
    (expanded from: sendmail)
-bd
    (reason: 550 5.1.1 <-bd@mailhost.redarmour.co.uk>... User unknown)
    (expanded from: -bd)
-OPrivacyOptions=noetrn
    (reason: 550 5.1.1 <-OPrivacyOptions=noetrn@mailhost.redarmour.co.uk>... User unknown)
    (expanded from: -OPrivacyOptions=noetrn)
-ODeliveryMode=queueonly
    (reason: 550 5.1.1 <-ODeliveryMode=queueonly@mailhost.redarmour.co.uk>... User unknown)
    (expanded from: -ODeliveryMode=queueonly)
-OQueueDirectory=/var/spool/mqueue.in
    (reason: 550 5.1.1 <-OQueueDirectory=/var/spool/mqueue.in@mailhost.redarmour.co.uk>... User unknown)
    (expanded from: -OQueueDirectory=/var/spool/mqueue.in)



It seems like the sendmail command line is being put into the mail queue 
and sendmail is trying to deliver it.

Has anyone seen this before?

I am running the following

MS 4.56.5
with Sendmail
on SUSE 9.2

Thanks

Lance

From MailScanner at ecs.soton.ac.uk  Tue Jan 30 10:56:36 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 10:02:11 2007
Subject: Error when starting Mailscanner
In-Reply-To: <45BF138C.1060409@haigmail.com>
References: <45BF138C.1060409@haigmail.com>
Message-ID: <45BF1654.9040309@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Something is wrong in your init.d script or /etc/sysconfig/MailScanner.
It's doubling up the initial sendmail on the command line.

Lance Haig wrote:
> Hi,
>
> I get the following error when I restart my MS server
>
> sendmail
>    (reason: 550 5.1.1 <sendmail@mailhost.redarmour.co.uk>... User 
> unknown)
>    (expanded from: sendmail)
> -bd
>    (reason: 550 5.1.1 <-bd@mailhost.redarmour.co.uk>... User unknown)
>    (expanded from: -bd)
> -OPrivacyOptions=noetrn
>    (reason: 550 5.1.1 
> <-OPrivacyOptions=noetrn@mailhost.redarmour.co.uk>... User unknown)
>    (expanded from: -OPrivacyOptions=noetrn)
> -ODeliveryMode=queueonly
>    (reason: 550 5.1.1 
> <-ODeliveryMode=queueonly@mailhost.redarmour.co.uk>... User unknown)
>    (expanded from: -ODeliveryMode=queueonly)
> -OQueueDirectory=/var/spool/mqueue.in
>    (reason: 550 5.1.1 
> <-OQueueDirectory=/var/spool/mqueue.in@mailhost.redarmour.co.uk>... 
> User unknown)
>    (expanded from: -OQueueDirectory=/var/spool/mqueue.in)
>
>
>
> It seems like the sendmail command line is being put into the mail 
> queue and sendmail is trying to deliver it.
>
> Has anyone seen this before?
>
> I am running the following
>
> MS 4.56.5
> with Sendmail
> on SUSE 9.2
>
> Thanks
>
> Lance
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFvxbDEfZZRxQVtlQRApg+AKCzDHxzExWoo3epoRnHioYZFdkGVwCfcQjo
i8QxcaK+kRYQbNknKFSlFkg=
=ljA6
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From lhaig at haigmail.com  Tue Jan 30 11:09:05 2007
From: lhaig at haigmail.com (Lance Haig)
Date: Tue Jan 30 10:12:18 2007
Subject: Error when starting Mailscanner
In-Reply-To: <45BF1654.9040309@ecs.soton.ac.uk>
References: <45BF138C.1060409@haigmail.com> <45BF1654.9040309@ecs.soton.ac.uk>
Message-ID: <45BF1941.6080701@haigmail.com>

Thanks Julian,

I will have a look

Lance

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Something is wrong in your init.d script or /etc/sysconfig/MailScanner.
> It's doubling up the initial sendmail on the command line.
>
> Lance Haig wrote:
>   
>> Hi,
>>
>> I get the following error when I restart my MS server
>>
>> sendmail
>>    (reason: 550 5.1.1 <sendmail@mailhost.redarmour.co.uk>... User 
>> unknown)
>>    (expanded from: sendmail)
>> -bd
>>    (reason: 550 5.1.1 <-bd@mailhost.redarmour.co.uk>... User unknown)
>>    (expanded from: -bd)
>> -OPrivacyOptions=noetrn
>>    (reason: 550 5.1.1 
>> <-OPrivacyOptions=noetrn@mailhost.redarmour.co.uk>... User unknown)
>>    (expanded from: -OPrivacyOptions=noetrn)
>> -ODeliveryMode=queueonly
>>    (reason: 550 5.1.1 
>> <-ODeliveryMode=queueonly@mailhost.redarmour.co.uk>... User unknown)
>>    (expanded from: -ODeliveryMode=queueonly)
>> -OQueueDirectory=/var/spool/mqueue.in
>>    (reason: 550 5.1.1 
>> <-OQueueDirectory=/var/spool/mqueue.in@mailhost.redarmour.co.uk>... 
>> User unknown)
>>    (expanded from: -OQueueDirectory=/var/spool/mqueue.in)
>>
>>
>>
>> It seems like the sendmail command line is being put into the mail 
>> queue and sendmail is trying to deliver it.
>>
>> Has anyone seen this before?
>>
>> I am running the following
>>
>> MS 4.56.5
>> with Sendmail
>> on SUSE 9.2
>>
>> Thanks
>>
>> Lance
>>
>>     
>
> Jules
>
> - -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.3 (Build 5003)
> Comment: (pgp-secured)
> Charset: ISO-8859-1
>
> wj8DBQFFvxbDEfZZRxQVtlQRApg+AKCzDHxzExWoo3epoRnHioYZFdkGVwCfcQjo
> i8QxcaK+kRYQbNknKFSlFkg=
> =ljA6
> -----END PGP SIGNATURE-----
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070130/38df9a2d/attachment.html
From ugob at camo-route.com  Tue Jan 30 11:29:58 2007
From: ugob at camo-route.com (Ugo Bellavance)
Date: Tue Jan 30 10:33:30 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <epb2ra$kfs$1@sea.gmane.org>
References: <epaog9$b09$1@sea.gmane.org> <45B8E899.5050801@chapman.edu>
	<epb2ra$kfs$1@sea.gmane.org>
Message-ID: <epn6n8$us0$1@sea.gmane.org>

Scott Silva wrote:
> Jay Chandler spake the following on 1/25/2007 9:27 AM:
>> Ugo Bellavance wrote:
>>> http://www.msrbl.com/site/
>>>
>>> Any opinions?
>>>
>>> Thanks,
>>>
>>> Ugo
>>>
>> Haven't used that one yet.
>>
>> There any consensus on the number of RBLs to use?  I'm mirroring a few
>> locally, but I'm not certain of the overhead on using others...
> I threw the combined one into spamassassin just to see if it hits anything.
> We'll see ....
> 

Do you have stats, yet, Scott?

Regards,

Ugo

From glenn.steen at gmail.com  Tue Jan 30 13:06:28 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 12:09:43 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BF1146.4090302@ecs.soton.ac.uk>
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BDD448.3080908@nerc.ac.uk>
	<loom.20070130T063937-341@post.gmane.org>
	<45BF1146.4090302@ecs.soton.ac.uk>
Message-ID: <223f97700701300406i77611f53ge93ab52f91d1160@mail.gmail.com>

On 30/01/07, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I just noticed a nasty obvious bug in KickMessage in Postfix.pm.
>
> Please find the "sub KickMessage" line in Postfix.pm and change the code
> to this:
>
>   # Send an I down the FIFO to the Postfix queue manager, so that it reads
>   # its incoming queue.
>   # I am passed a hash of queues --> space-separated string of message ids
>   sub KickMessage {
>     my($queue2ids) = @_;
>     my($queue);
>
>     # Do a kick for every queue that contains some message ids
>     foreach $queue (keys %$queue2ids) {
>       next unless $queue2ids->{$queue};
>
>       # Using the spool directory with the last element chopped off,
>       # find the public directory wth the qmgr FIFO in it. Send an I
>       # to that FIFO.
>       my $public = $queue;
>       $public =~ s/[^\/]+$/public/;
>       next unless $public; # Sanity checking!
>       my $fh = new FileHandle;
>       $fh->open(">$public/qmgr") or
>         MailScanner::Log::WarnLog("KickMessage failed as couldn't write
> to " .
>                                   "%s, %s", "$public/qmgr", $!);
>       print $fh "I";
>       $fh->close;
>     }
>     return 0;
>   }
>
> That stands rather more chance of working properly. But please do test
> this to ensure it works. If you remove the "Sanity checking!" line
> completely and then run it as you were before, you should not get any
> error message again. Let me know how you get on.
>
> Thanks!
>
> Jules.
>
Ah, that explains that:-).
Now running without a problem on my testbed, with the above twoline
fix as well as with my p record (still not 2.4 "kocher") thing;-)
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From prandal at herefordshire.gov.uk  Tue Jan 30 13:23:43 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jan 30 12:27:36 2007
Subject: OT: building new server, need MTA advice
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>

 
> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
> an absolute "no" to qmail.

I'm going to be a backweard-looking heretic and vote for sendmail.

For my purposes, it does just what I want, and has milter support.

So far I've never needed to edit sendmail.cf or put in any nasty hacks,
just a bit of configuration in sendmail.mc, access, and mailertable.

It takes a while to get used to, but the O'Reilly books are excellent,
as are the resources on the web which have been cited often enough on
this list.

Cheers,

Phil

-- 
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
From daniel.maher at ubisoft.com  Tue Jan 30 14:46:03 2007
From: daniel.maher at ubisoft.com (Daniel Maher)
Date: Tue Jan 30 13:49:23 2007
Subject: {Spam?} Re: Missing new spam...
In-Reply-To: <45BEC83B.5070306@burakueda.com>
Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2044872B3@UBIMAIL1.ubisoft.org>

 

> -----Original Message-----

> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-

> bounces@lists.mailscanner.info] On Behalf Of Burak Ueda

> Sent: January 29, 2007 11:23 PM

> To: MailScanner discussion

> Subject: {Spam?} Re: Missing new spam...

> 

> Hi,

>  wrote some set of rules for this.

> I am an absolute beginner in both writing SA rules, and using regular

> expressions.

> I am continuously checking it for few days now, and it seems to be

> working.

> 

> But I'd love to hear some comments from experienced users. Here are the

> rules:

> http://burakueda.com/text/drugrules.txt

> 

> 

> 

> Jay Chandler wrote:

> > Gotten a few of these:

> >

> > Hi,

> >

> > VI_zAGRA $3, 35

> > VA_zLIUM $1, 20

> > AM_zBIEN $2, 90

> > CI_zALIS $3, 75

> > XA_zNAX  $1, 45

> >

> > http://www.tod*rx.com

> > Remove "*" to make the link working!

> >

> >

> > Has anyone written some custom rules to handle these yet?

> >

 

 

Consider:

 

 

# every rule has a "clean" counter-part, since these are legitimate words individually...

body            __UBI_PHARMVIAG01       /v[il1t]{0,1}.{0,2}a.{0,2}g{1,2}.{0,2}a{0,1}.{0,2}ra/i

body            __UBI_PHARMVIAG02       /viagra/i

body            __UBI_PHARMAMBI01       /am.{0,2}b.{0,2}[il1].{0,2}en/i

body            __UBI_PHARMAMBI02       /ambien/i

body            __UBI_PHARMCIAL01       /c[il1].{0,2}a.{0,2}l[il1]s/i

body            __UBI_PHARMCIAL02       /cialis/i

body            __UBI_PHARMVALI01       /va.{0,2}l.{0,2}[il1]um/i

body            __UBI_PHARMVALI02       /valium/i

 

# counter-rules to balance "clean" hits...

meta            UBI_PHARMVIAGRA         ( __UBI_PHARMVIAG01 && ! __UBI_PHARMVIAG02 )

score           UBI_PHARMVIAGRA         6

describe        UBI_PHARMVIAGRA         Obfuscated Viagra string

#etc...

 

I prefer {0,1} to ?, simply because it "feels" more precise, but both work (obviously).

 

 

--

  _

 ?v?  Daniel Maher

/(_)\ Administrateur Syst?me Unix

 ^ ^  Unix System Administrator

 

Four elements!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070130/e71eb835/attachment.html
From jaearick at colby.edu  Tue Jan 30 15:28:32 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue Jan 30 14:36:42 2007
Subject: zero byte exe files filling quarantine, help!!
Message-ID: <Pine.GSO.4.64.0701300915310.766@karst>

Gang,

I'm running beta version 4.58.7, and I've noticed this morning that
a ton of stuff is getting dumped into my MailScanner quarantine 
directory.  Everything that ends up there is a zero-byte exe
file like "postcard.exe" or "Greeting Card.exe" (virus?), that 
generates a quarantine message back to the sender.  These quarantine
message will make MailScanner look **bad**.  Version 4.57.7 does this
too.  Running sophos 4.14 and the latest clam.

The only quick fix I could think of was to change "Quarantine Infections"
from yes to no.  Anybody else seeing this issue??

Jeff Earickson
Colby College
From martinh at solidstatelogic.com  Tue Jan 30 15:39:01 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 30 14:42:31 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <Pine.GSO.4.64.0701300915310.766@karst>
Message-ID: <a83dddb09e00da4eba8a80bdce071690@solidstatelogic.com>

Jeff

Broken downloader Trojan - looks like the malware writers QA is bit crap
;-)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson
> Sent: 30 January 2007 14:29
> To: mailscanner mailing list
> Subject: zero byte exe files filling quarantine, help!!
>
> Gang,
>
> I'm running beta version 4.58.7, and I've noticed this morning that
> a ton of stuff is getting dumped into my MailScanner quarantine
> directory.  Everything that ends up there is a zero-byte exe
> file like "postcard.exe" or "Greeting Card.exe" (virus?), that
> generates a quarantine message back to the sender.  These quarantine
> message will make MailScanner look **bad**.  Version 4.57.7 does this
> too.  Running sophos 4.14 and the latest clam.
>
> The only quick fix I could think of was to change "Quarantine
Infections"
> from yes to no.  Anybody else seeing this issue??
>
> Jeff Earickson
> Colby College
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From a.peacock at chime.ucl.ac.uk  Tue Jan 30 15:42:22 2007
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Tue Jan 30 14:45:46 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <Pine.GSO.4.64.0701300915310.766@karst>
References: <Pine.GSO.4.64.0701300915310.766@karst>
Message-ID: <45BF594E.4010908@chime.ucl.ac.uk>

Hi,

Jeff A. Earickson wrote:
> Gang,
> 
> I'm running beta version 4.58.7, and I've noticed this morning that
> a ton of stuff is getting dumped into my MailScanner quarantine 
> directory.  Everything that ends up there is a zero-byte exe
> file like "postcard.exe" or "Greeting Card.exe" (virus?), that generates 
> a quarantine message back to the sender.  These quarantine
> message will make MailScanner look **bad**.  Version 4.57.7 does this
> too.  Running sophos 4.14 and the latest clam.
> 
> The only quick fix I could think of was to change "Quarantine Infections"
> from yes to no.  Anybody else seeing this issue??

Me too.

I wondered why so many obviously bogus .exe files were getting caught by 
the filetype/filename rules but not the two virus scanners.  I just 
assumed that the viruses were mutating too quickly for the virus 
scanners to keep up, and was expecting to see them caught later on today 
or tomorrow.

After reading your email I checked my quarantine directory and this also 
contains lots of zero byte .exe files.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have  an apple and we  exchange apples
then you and I will still each have  one apple. But  if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
From jaearick at colby.edu  Tue Jan 30 15:45:32 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue Jan 30 14:48:52 2007
Subject: more on zero byte exe files
Message-ID: <Pine.GSO.4.64.0701300941590.766@karst>

Gang,

Since the file is zero bytes, named exe, and does not trigger
a sophos/clam virus event, I am having a lot of the following
messages outgoing:

    From: MailScanner <postmaster@colby.edu>
    To: upwcc@wwsolutions.demon.co.uk
    Subject: Warning: E-mail viruses detected

    Our e-mail content detector has just been triggered by a message you sent:
      To: llivshi@colby.edu
      Subject: Wine and Roses
      Date: Tue Jan 30 09:18:57 2007

    One or more of the attachments (Greeting Card.exe) are on
    the list of unacceptable attachments for this site and will not have
    been delivered.

    Consider renaming the files to avoid this constraint.

    The virus detector said this about the message:
    Report: Report: MailScanner: Executable DOS/Windows programs are dangerous
    in email (Greeting Card.exe)

which will make me (and MailScanner) *real* popular in the real world.
I don't want to remove the exe check in filename.rules.conf, which is
the only quick way I can think of to shut up MailScanner.  Help....

Jeff Earickson
Colby College
From drew at technologytiger.net  Tue Jan 30 15:47:12 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Tue Jan 30 14:50:43 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <Pine.GSO.4.64.0701300915310.766@karst>
References: <Pine.GSO.4.64.0701300915310.766@karst>
Message-ID: <58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>

On Tue, January 30, 2007 14:28, Jeff A. Earickson wrote:
> Gang,
>
> I'm running beta version 4.58.7, and I've noticed this morning that a
ton of stuff is getting dumped into my MailScanner quarantine
> directory.  Everything that ends up there is a zero-byte exe
> file like "postcard.exe" or "Greeting Card.exe" (virus?), that
> generates a quarantine message back to the sender.  These quarantine
message will make MailScanner look **bad**.  Version 4.57.7 does this
too.  Running sophos 4.14 and the latest clam.
>
> The only quick fix I could think of was to change "Quarantine
Infections"
> from yes to no.  Anybody else seeing this issue??

I found this issue a while a go and Jason Desai was able to provide a fix:

---- Quote ----
Sorry for the late reply - still catching up on the list.  I just dealt
with this recently.  Here's what I did.  I modified languages.conf,
changing AttachmentTooSmall to be "Attachment is too small (too-small)".
For completeness, I changed AttachmentTooLarge in the same way.  Then I
modified MailScanner.conf, and added "too-small" to the list of Silent
Viruses.  This seems to prevent notifications.  You don't have to use
"too-small", you could use some other string which has no spaces in
AttachmentTooSmall and Silent Viruses.

----Quote Ends -----

The small files then get treated like viruses rather than invalid file
types so you can then play games with silent viruses and quarantine rule
sets etc.

HTH

Drew



-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From martinh at solidstatelogic.com  Tue Jan 30 15:50:19 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jan 30 14:53:48 2007
Subject: more on zero byte exe files
In-Reply-To: <Pine.GSO.4.64.0701300941590.766@karst>
Message-ID: <0f3564f14d9c9f4298dcfda4901c55db@solidstatelogic.com>

Jeff

Bouncing email is considered a bad idea, ' rejecting' is different, but
I never get MS to bounce any emails...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson
> Sent: 30 January 2007 14:46
> To: mailscanner mailing list
> Subject: more on zero byte exe files
>
> Gang,
>
> Since the file is zero bytes, named exe, and does not trigger
> a sophos/clam virus event, I am having a lot of the following
> messages outgoing:
>
>     From: MailScanner <postmaster@colby.edu>
>     To: upwcc@wwsolutions.demon.co.uk
>     Subject: Warning: E-mail viruses detected
>
>     Our e-mail content detector has just been triggered by a message
you
> sent:
>       To: llivshi@colby.edu
>       Subject: Wine and Roses
>       Date: Tue Jan 30 09:18:57 2007
>
>     One or more of the attachments (Greeting Card.exe) are on
>     the list of unacceptable attachments for this site and will not
have
>     been delivered.
>
>     Consider renaming the files to avoid this constraint.
>
>     The virus detector said this about the message:
>     Report: Report: MailScanner: Executable DOS/Windows programs are
> dangerous
>     in email (Greeting Card.exe)
>
> which will make me (and MailScanner) *real* popular in the real world.
> I don't want to remove the exe check in filename.rules.conf, which is
> the only quick way I can think of to shut up MailScanner.  Help....
>
> Jeff Earickson
> Colby College
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From glenn.steen at gmail.com  Tue Jan 30 15:59:52 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 15:03:07 2007
Subject: more on zero byte exe files
In-Reply-To: <Pine.GSO.4.64.0701300941590.766@karst>
References: <Pine.GSO.4.64.0701300941590.766@karst>
Message-ID: <223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>

On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
> Gang,
>
> Since the file is zero bytes, named exe, and does not trigger
> a sophos/clam virus event, I am having a lot of the following
> messages outgoing:
>
>     From: MailScanner <postmaster@colby.edu>
>     To: upwcc@wwsolutions.demon.co.uk
>     Subject: Warning: E-mail viruses detected
>
>     Our e-mail content detector has just been triggered by a message you sent:
>       To: llivshi@colby.edu
>       Subject: Wine and Roses
>       Date: Tue Jan 30 09:18:57 2007
>
>     One or more of the attachments (Greeting Card.exe) are on
>     the list of unacceptable attachments for this site and will not have
>     been delivered.
>
>     Consider renaming the files to avoid this constraint.
>
>     The virus detector said this about the message:
>     Report: Report: MailScanner: Executable DOS/Windows programs are dangerous
>     in email (Greeting Card.exe)
>
> which will make me (and MailScanner) *real* popular in the real world.
> I don't want to remove the exe check in filename.rules.conf, which is
> the only quick way I can think of to shut up MailScanner.  Help....
>
> Jeff Earickson
> Colby College
Set
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders Of Other Blocked Content = no
temporarily.

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 30 16:01:26 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 15:04:42 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
References: <Pine.GSO.4.64.0701300915310.766@karst>
	<58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
Message-ID: <223f97700701300701w29c64aebk97e887b5e79ba64f@mail.gmail.com>

On 30/01/07, Drew Marshall <drew@technologytiger.net> wrote:
> On Tue, January 30, 2007 14:28, Jeff A. Earickson wrote:
> > Gang,
> >
> > I'm running beta version 4.58.7, and I've noticed this morning that a
> ton of stuff is getting dumped into my MailScanner quarantine
> > directory.  Everything that ends up there is a zero-byte exe
> > file like "postcard.exe" or "Greeting Card.exe" (virus?), that
> > generates a quarantine message back to the sender.  These quarantine
> message will make MailScanner look **bad**.  Version 4.57.7 does this
> too.  Running sophos 4.14 and the latest clam.
> >
> > The only quick fix I could think of was to change "Quarantine
> Infections"
> > from yes to no.  Anybody else seeing this issue??
>
> I found this issue a while a go and Jason Desai was able to provide a fix:
>
> ---- Quote ----
> Sorry for the late reply - still catching up on the list.  I just dealt
> with this recently.  Here's what I did.  I modified languages.conf,
> changing AttachmentTooSmall to be "Attachment is too small (too-small)".
> For completeness, I changed AttachmentTooLarge in the same way.  Then I
> modified MailScanner.conf, and added "too-small" to the list of Silent
> Viruses.  This seems to prevent notifications.  You don't have to use
> "too-small", you could use some other string which has no spaces in
> AttachmentTooSmall and Silent Viruses.
>
> ----Quote Ends -----
>
> The small files then get treated like viruses rather than invalid file
> types so you can then play games with silent viruses and quarantine rule
> sets etc.
>
> HTH
>
> Drew
>
Ah. Clever.
Thanks a bundle!
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Tue Jan 30 16:03:50 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jan 30 15:07:06 2007
Subject: more on zero byte exe files
In-Reply-To: <223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>
References: <Pine.GSO.4.64.0701300941590.766@karst>
	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>
Message-ID: <223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>

On 30/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
> > Gang,
> >
> > Since the file is zero bytes, named exe, and does not trigger
> > a sophos/clam virus event, I am having a lot of the following
> > messages outgoing:
> >
> >     From: MailScanner <postmaster@colby.edu>
> >     To: upwcc@wwsolutions.demon.co.uk
> >     Subject: Warning: E-mail viruses detected
> >
> >     Our e-mail content detector has just been triggered by a message you sent:
> >       To: llivshi@colby.edu
> >       Subject: Wine and Roses
> >       Date: Tue Jan 30 09:18:57 2007
> >
> >     One or more of the attachments (Greeting Card.exe) are on
> >     the list of unacceptable attachments for this site and will not have
> >     been delivered.
> >
> >     Consider renaming the files to avoid this constraint.
> >
> >     The virus detector said this about the message:
> >     Report: Report: MailScanner: Executable DOS/Windows programs are dangerous
> >     in email (Greeting Card.exe)
> >
> > which will make me (and MailScanner) *real* popular in the real world.
> > I don't want to remove the exe check in filename.rules.conf, which is
> > the only quick way I can think of to shut up MailScanner.  Help....
> >
> > Jeff Earickson
> > Colby College
> Set
> # *If* "Notify Senders" is set to yes, do you want to notify people
> # who sent you messages containing other blocked content, such as
> # partial messages or messages with external bodies?
> # This can also be the filename of a ruleset.
> Notify Senders Of Other Blocked Content = no
> temporarily.

Wrong quote, sloppy cut'n'paste... Sorry. Meant
# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# their filename or file contents?
# This can also be the filename of a ruleset.
Notify Senders Of Blocked Filenames Or Filetypes = yes
... and nothing else.
But Drews/Jasons clever trick seems more workable in the long run, so
... do that instead:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From jaearick at colby.edu  Tue Jan 30 16:14:32 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue Jan 30 15:18:09 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
References: <Pine.GSO.4.64.0701300915310.766@karst>
	<58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
Message-ID: <Pine.GSO.4.64.0701301012440.766@karst>

On Tue, 30 Jan 2007, Drew Marshall wrote:

> Date: Tue, 30 Jan 2007 14:47:12 -0000 (UTC)
> From: Drew Marshall <drew@technologytiger.net>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: zero byte exe files filling quarantine, help!!
> 
> On Tue, January 30, 2007 14:28, Jeff A. Earickson wrote:
>> Gang,
>>
>> I'm running beta version 4.58.7, and I've noticed this morning that a
> ton of stuff is getting dumped into my MailScanner quarantine
>> directory.  Everything that ends up there is a zero-byte exe
>> file like "postcard.exe" or "Greeting Card.exe" (virus?), that
>> generates a quarantine message back to the sender.  These quarantine
> message will make MailScanner look **bad**.  Version 4.57.7 does this
> too.  Running sophos 4.14 and the latest clam.
>>
>> The only quick fix I could think of was to change "Quarantine
> Infections"
>> from yes to no.  Anybody else seeing this issue??
>
> I found this issue a while a go and Jason Desai was able to provide a fix:
>
> ---- Quote ----
> Sorry for the late reply - still catching up on the list.  I just dealt
> with this recently.  Here's what I did.  I modified languages.conf,
> changing AttachmentTooSmall to be "Attachment is too small (too-small)".
> For completeness, I changed AttachmentTooLarge in the same way.  Then I
> modified MailScanner.conf, and added "too-small" to the list of Silent
> Viruses.  This seems to prevent notifications.  You don't have to use
> "too-small", you could use some other string which has no spaces in
> AttachmentTooSmall and Silent Viruses.
>
> ----Quote Ends -----
>
> The small files then get treated like viruses rather than invalid file
> types so you can then play games with silent viruses and quarantine rule
> sets etc.

Tried this, didn't work, don't know why...  Gleen Steen's mention of
"Notify Senders Of Blocked Filenames Or Filetypes" looks like a good
hack.  I wrote a ruleset to notify internal users, but not external
ones.  Testing this now...

Jeff Earickson
Colby College
From MailScanner at ecs.soton.ac.uk  Tue Jan 30 16:21:20 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 15:26:57 2007
Subject: more on zero byte exe files
In-Reply-To: <223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
References: <Pine.GSO.4.64.0701300941590.766@karst>	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>
	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
Message-ID: <45BF6270.20708@ecs.soton.ac.uk>



Glenn Steen wrote:
> On 30/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>> On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
>> > Gang,
>> >
>> > Since the file is zero bytes, named exe, and does not trigger
>> > a sophos/clam virus event, I am having a lot of the following
>> > messages outgoing:
>> >
>> >     From: MailScanner <postmaster@colby.edu>
>> >     To: upwcc@wwsolutions.demon.co.uk
>> >     Subject: Warning: E-mail viruses detected
>> >
>> >     Our e-mail content detector has just been triggered by a 
>> message you sent:
>> >       To: llivshi@colby.edu
>> >       Subject: Wine and Roses
>> >       Date: Tue Jan 30 09:18:57 2007
>> >
>> >     One or more of the attachments (Greeting Card.exe) are on
>> >     the list of unacceptable attachments for this site and will not 
>> have
>> >     been delivered.
>> >
>> >     Consider renaming the files to avoid this constraint.
>> >
>> >     The virus detector said this about the message:
>> >     Report: Report: MailScanner: Executable DOS/Windows programs 
>> are dangerous
>> >     in email (Greeting Card.exe)
>> >
>> > which will make me (and MailScanner) *real* popular in the real world.
>> > I don't want to remove the exe check in filename.rules.conf, which is
>> > the only quick way I can think of to shut up MailScanner.  Help....
>> >
>> > Jeff Earickson
>> > Colby College
>> Set
>> # *If* "Notify Senders" is set to yes, do you want to notify people
>> # who sent you messages containing other blocked content, such as
>> # partial messages or messages with external bodies?
>> # This can also be the filename of a ruleset.
>> Notify Senders Of Other Blocked Content = no
>> temporarily.
>
> Wrong quote, sloppy cut'n'paste... Sorry. Meant
> # *If* "Notify Senders" is set to yes, do you want to notify people
> # who sent you messages containing attachments that are blocked due to
> # their filename or file contents?
> # This can also be the filename of a ruleset.
> Notify Senders Of Blocked Filenames Or Filetypes = yes
> ... and nothing else.
> But Drews/Jasons clever trick seems more workable in the long run, so
> ... do that instead:-).
>

What would be your best long-term solution to this problem?
Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
?
Or have you a better idea? It needs to be very simple to write at this 
point in time.


Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From a.peacock at chime.ucl.ac.uk  Tue Jan 30 16:28:46 2007
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Tue Jan 30 15:32:16 2007
Subject: more on zero byte exe files
In-Reply-To: <45BF6270.20708@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300941590.766@karst>	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
	<45BF6270.20708@ecs.soton.ac.uk>
Message-ID: <45BF642E.90003@chime.ucl.ac.uk>

Hi Julian,

Julian Field wrote:
> 
> 
> Glenn Steen wrote:
>> On 30/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>>> On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
>>> > Gang,
>>> >
>>> > Since the file is zero bytes, named exe, and does not trigger
>>> > a sophos/clam virus event, I am having a lot of the following
>>> > messages outgoing:
>>> >
>>> >     From: MailScanner <postmaster@colby.edu>
>>> >     To: upwcc@wwsolutions.demon.co.uk
>>> >     Subject: Warning: E-mail viruses detected
>>> >
>>> >     Our e-mail content detector has just been triggered by a 
>>> message you sent:
>>> >       To: llivshi@colby.edu
>>> >       Subject: Wine and Roses
>>> >       Date: Tue Jan 30 09:18:57 2007
>>> >
>>> >     One or more of the attachments (Greeting Card.exe) are on
>>> >     the list of unacceptable attachments for this site and will not 
>>> have
>>> >     been delivered.
>>> >
>>> >     Consider renaming the files to avoid this constraint.
>>> >
>>> >     The virus detector said this about the message:
>>> >     Report: Report: MailScanner: Executable DOS/Windows programs 
>>> are dangerous
>>> >     in email (Greeting Card.exe)
>>> >
>>> > which will make me (and MailScanner) *real* popular in the real world.
>>> > I don't want to remove the exe check in filename.rules.conf, which is
>>> > the only quick way I can think of to shut up MailScanner.  Help....
>>> >
>>> > Jeff Earickson
>>> > Colby College
>>> Set
>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>> # who sent you messages containing other blocked content, such as
>>> # partial messages or messages with external bodies?
>>> # This can also be the filename of a ruleset.
>>> Notify Senders Of Other Blocked Content = no
>>> temporarily.
>>
>> Wrong quote, sloppy cut'n'paste... Sorry. Meant
>> # *If* "Notify Senders" is set to yes, do you want to notify people
>> # who sent you messages containing attachments that are blocked due to
>> # their filename or file contents?
>> # This can also be the filename of a ruleset.
>> Notify Senders Of Blocked Filenames Or Filetypes = yes
>> ... and nothing else.
>> But Drews/Jasons clever trick seems more workable in the long run, so
>> ... do that instead:-).
>>
> 
> What would be your best long-term solution to this problem?
> Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
> ?
> Or have you a better idea? It needs to be very simple to write at this 
> point in time.

Well in my case these messages do not seem to be triggering the small 
attachment rule, they are all being caught by filename rules.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have  an apple and we  exchange apples
then you and I will still each have  one apple. But  if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
From jaearick at colby.edu  Tue Jan 30 16:31:27 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue Jan 30 15:34:50 2007
Subject: more on zero byte exe files
In-Reply-To: <45BF6270.20708@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300941590.766@karst>
	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>
	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
	<45BF6270.20708@ecs.soton.ac.uk>
Message-ID: <Pine.GSO.4.64.0701301027410.766@karst>

On Tue, 30 Jan 2007, Julian Field wrote:

> Date: Tue, 30 Jan 2007 15:21:20 +0000
> From: Julian Field <MailScanner@ecs.soton.ac.uk>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: more on zero byte exe files
> 
>
>
> Glenn Steen wrote:
>> On 30/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>>> On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
>>> > Gang,
>>> >
>>> > Since the file is zero bytes, named exe, and does not trigger
>>> > a sophos/clam virus event, I am having a lot of the following
>>> > messages outgoing:
>>> >
>>> >     From: MailScanner <postmaster@colby.edu>
>>> >     To: upwcc@wwsolutions.demon.co.uk
>>> >     Subject: Warning: E-mail viruses detected
>>> >
>>> >     Our e-mail content detector has just been triggered by a message you 
>>> sent:
>>> >       To: llivshi@colby.edu
>>> >       Subject: Wine and Roses
>>> >       Date: Tue Jan 30 09:18:57 2007
>>> >
>>> >     One or more of the attachments (Greeting Card.exe) are on
>>> >     the list of unacceptable attachments for this site and will not have
>>> >     been delivered.
>>> >
>>> >     Consider renaming the files to avoid this constraint.
>>> >
>>> >     The virus detector said this about the message:
>>> >     Report: Report: MailScanner: Executable DOS/Windows programs are 
>>> dangerous
>>> >     in email (Greeting Card.exe)
>>> >
>>> > which will make me (and MailScanner) *real* popular in the real world.
>>> > I don't want to remove the exe check in filename.rules.conf, which is
>>> > the only quick way I can think of to shut up MailScanner.  Help....
>>> >
>>> > Jeff Earickson
>>> > Colby College
>>> Set
>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>> # who sent you messages containing other blocked content, such as
>>> # partial messages or messages with external bodies?
>>> # This can also be the filename of a ruleset.
>>> Notify Senders Of Other Blocked Content = no
>>> temporarily.
>> 
>> Wrong quote, sloppy cut'n'paste... Sorry. Meant
>> # *If* "Notify Senders" is set to yes, do you want to notify people
>> # who sent you messages containing attachments that are blocked due to
>> # their filename or file contents?
>> # This can also be the filename of a ruleset.
>> Notify Senders Of Blocked Filenames Or Filetypes = yes
>> ... and nothing else.
>> But Drews/Jasons clever trick seems more workable in the long run, so
>> ... do that instead:-).
>> 
>
> What would be your best long-term solution to this problem?
> Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
> ?
> Or have you a better idea? It needs to be very simple to write at this point 
> in time.

The too-small trick seemed the most elegant (but I couldn't get it to work).
I'm still fiddling with my ruleset for filenames/filetypes.  I find it
ironic that a zero-byte "virus" is kicking my ass right now.  Sheesh.

Jeff Earickson
Colby College
From Denis.Beauchemin at USherbrooke.ca  Tue Jan 30 16:34:51 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Tue Jan 30 15:38:58 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
References: <Pine.GSO.4.64.0701300915310.766@karst>
	<58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
Message-ID: <45BF659B.8060701@USherbrooke.ca>

Drew Marshall a ?crit :
> On Tue, January 30, 2007 14:28, Jeff A. Earickson wrote:
>   
>> Gang,
>>
>> I'm running beta version 4.58.7, and I've noticed this morning that a
>>     
> ton of stuff is getting dumped into my MailScanner quarantine
>   
>> directory.  Everything that ends up there is a zero-byte exe
>> file like "postcard.exe" or "Greeting Card.exe" (virus?), that
>> generates a quarantine message back to the sender.  These quarantine
>>     
> message will make MailScanner look **bad**.  Version 4.57.7 does this
> too.  Running sophos 4.14 and the latest clam.
>   
>> The only quick fix I could think of was to change "Quarantine
>>     
> Infections"
>   
>> from yes to no.  Anybody else seeing this issue??
>>     
>
> I found this issue a while a go and Jason Desai was able to provide a fix:
>
> ---- Quote ----
> Sorry for the late reply - still catching up on the list.  I just dealt
> with this recently.  Here's what I did.  I modified languages.conf,
> changing AttachmentTooSmall to be "Attachment is too small (too-small)".
> For completeness, I changed AttachmentTooLarge in the same way.  Then I
> modified MailScanner.conf, and added "too-small" to the list of Silent
> Viruses.  This seems to prevent notifications.  You don't have to use
> "too-small", you could use some other string which has no spaces in
> AttachmentTooSmall and Silent Viruses.
>
> ----Quote Ends -----
>
> The small files then get treated like viruses rather than invalid file
> types so you can then play games with silent viruses and quarantine rule
> sets etc.
>
> HTH
>
> Drew
>
>
>
>   
This looks interesting.  I had already written an SA rule that seems to 
catch most of them:
describe UDES_GREET01  Virus often with zero-byte file
full     UDES_GREET01  
/filename=\"(greeting|Flash)?\s*(post\s*)?card\.exe\"/i
score    UDES_GREET01  50

Of  course it will also match legit files with the same name... but 
since I already block EXEs, the only difference will be that people will 
not receive a notification about a quarantined EXE with these names.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070130/aaf0ab9a/smime.bin
From MailScanner at ecs.soton.ac.uk  Tue Jan 30 17:11:00 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 16:17:10 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <45BF659B.8060701@USherbrooke.ca>
References: <Pine.GSO.4.64.0701300915310.766@karst>	<58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
	<45BF659B.8060701@USherbrooke.ca>
Message-ID: <45BF6E14.2010709@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Will 1 configuration setting do, like this:

Notify Senders Of Too Large Or Too Small Attachments = yes or no

You don't really need separate configurations for too large and too 
small do you? Please say no :-)

Jules.

Denis Beauchemin wrote:
> Drew Marshall a ?crit :
>> On Tue, January 30, 2007 14:28, Jeff A. Earickson wrote:
>>  
>>> Gang,
>>>
>>> I'm running beta version 4.58.7, and I've noticed this morning that a
>>>     
>> ton of stuff is getting dumped into my MailScanner quarantine
>>  
>>> directory.  Everything that ends up there is a zero-byte exe
>>> file like "postcard.exe" or "Greeting Card.exe" (virus?), that
>>> generates a quarantine message back to the sender.  These quarantine
>>>     
>> message will make MailScanner look **bad**.  Version 4.57.7 does this
>> too.  Running sophos 4.14 and the latest clam.
>>  
>>> The only quick fix I could think of was to change "Quarantine
>>>     
>> Infections"
>>  
>>> from yes to no.  Anybody else seeing this issue??
>>>     
>>
>> I found this issue a while a go and Jason Desai was able to provide a 
>> fix:
>>
>> ---- Quote ----
>> Sorry for the late reply - still catching up on the list.  I just dealt
>> with this recently.  Here's what I did.  I modified languages.conf,
>> changing AttachmentTooSmall to be "Attachment is too small (too-small)".
>> For completeness, I changed AttachmentTooLarge in the same way.  Then I
>> modified MailScanner.conf, and added "too-small" to the list of Silent
>> Viruses.  This seems to prevent notifications.  You don't have to use
>> "too-small", you could use some other string which has no spaces in
>> AttachmentTooSmall and Silent Viruses.
>>
>> ----Quote Ends -----
>>
>> The small files then get treated like viruses rather than invalid file
>> types so you can then play games with silent viruses and quarantine rule
>> sets etc.
>>
>> HTH
>>
>> Drew
>>
>>
>>
>>   
> This looks interesting.  I had already written an SA rule that seems 
> to catch most of them:
> describe UDES_GREET01  Virus often with zero-byte file
> full     UDES_GREET01  
> /filename=\"(greeting|Flash)?\s*(post\s*)?card\.exe\"/i
> score    UDES_GREET01  50
>
> Of  course it will also match legit files with the same name... but 
> since I already block EXEs, the only difference will be that people 
> will not receive a notification about a quarantined EXE with these names.
>
> Denis
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654




-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFv26nEfZZRxQVtlQRAnSwAJ9A013eZw6vH+VFFvEU8NZP27/4CACcD9vv
lV1e0e6sP/EVY2VFVeoq3D0=
=vM3U
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From drew at technologytiger.net  Tue Jan 30 17:14:26 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Tue Jan 30 16:17:58 2007
Subject: more on zero byte exe files
In-Reply-To: <45BF6270.20708@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300941590.766@karst>
	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>
	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
	<45BF6270.20708@ecs.soton.ac.uk>
Message-ID: <58751.194.70.180.170.1170173666.squirrel@www.technologytiger.net>

On Tue, January 30, 2007 15:21, Julian Field wrote:
> What would be your best long-term solution to this problem?
> Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
> ?
> Or have you a better idea? It needs to be very simple to write at this
> point in time.

I would suggest either your option above or including bad sized
attachments as a silent virus type. Certainly I can't see any good reason
to notify senders that they have sent a file with nothing in it and even
less reason to quarantine an empty file.

The too-small option that I posted works fine for me. These zero byte
files are from bounce notices that have truncated the full attachment.

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From Denis.Beauchemin at USherbrooke.ca  Tue Jan 30 17:15:32 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Tue Jan 30 16:19:20 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <epn6n8$us0$1@sea.gmane.org>
References: <epaog9$b09$1@sea.gmane.org>
	<45B8E899.5050801@chapman.edu>	<epb2ra$kfs$1@sea.gmane.org>
	<epn6n8$us0$1@sea.gmane.org>
Message-ID: <45BF6F24.1060209@USherbrooke.ca>

Ugo Bellavance a ?crit :
> Scott Silva wrote:
>> Jay Chandler spake the following on 1/25/2007 9:27 AM:
>>> Ugo Bellavance wrote:
>>>> http://www.msrbl.com/site/
>>>>
>>>> Any opinions?
>>>>
>>>> Thanks,
>>>>
>>>> Ugo
>>>>
>>> Haven't used that one yet.
>>>
>>> There any consensus on the number of RBLs to use?  I'm mirroring a few
>>> locally, but I'm not certain of the overhead on using others...
>> I threw the combined one into spamassassin just to see if it hits 
>> anything.
>> We'll see ....
>>
>
> Do you have stats, yet, Scott?
>
> Regards,
>
> Ugo
>
Here are my stats (zgrep -c):
/var/log/old/maillog.20070125.gz:1
/var/log/old/maillog.20070126.gz:0
/var/log/old/maillog.20070127.gz:4
/var/log/old/maillog.20070128.gz:0
/var/log/old/maillog.20070129:3
/var/log/maillog:0

So this RBL is not really interesting for me.  I already block tons of 
emails in sendmail with:
FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} 
" found in safe.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} " 
found in cbl.abuseat.org"')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found 
in list.dsbl.org"')dnl
FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} " 
found in zen.spamhaus.org"')dnl

Stats for emails blocked by sendmail:
/var/log/old/maillog.20070125.gz:252170
/var/log/old/maillog.20070126.gz:263338
/var/log/old/maillog.20070127.gz:243305
/var/log/old/maillog.20070128.gz:183986
/var/log/old/maillog.20070129:204867
/var/log/maillog:112922

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070130/8348b137/smime-0001.bin
From MailScanner at ecs.soton.ac.uk  Tue Jan 30 17:21:33 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 16:25:55 2007
Subject: more on zero byte exe files -- solution?
In-Reply-To: <45BF6270.20708@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300941590.766@karst>	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
	<45BF6270.20708@ecs.soton.ac.uk>
Message-ID: <45BF708D.1070501@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Julian Field wrote:
>
>
> Glenn Steen wrote:
>> On 30/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>>> On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
>>> > Gang,
>>> >
>>> > Since the file is zero bytes, named exe, and does not trigger
>>> > a sophos/clam virus event, I am having a lot of the following
>>> > messages outgoing:
>>> >
>>> >     From: MailScanner <postmaster@colby.edu>
>>> >     To: upwcc@wwsolutions.demon.co.uk
>>> >     Subject: Warning: E-mail viruses detected
>>> >
>>> >     Our e-mail content detector has just been triggered by a 
>>> message you sent:
>>> >       To: llivshi@colby.edu
>>> >       Subject: Wine and Roses
>>> >       Date: Tue Jan 30 09:18:57 2007
>>> >
>>> >     One or more of the attachments (Greeting Card.exe) are on
>>> >     the list of unacceptable attachments for this site and will 
>>> not have
>>> >     been delivered.
>>> >
>>> >     Consider renaming the files to avoid this constraint.
>>> >
>>> >     The virus detector said this about the message:
>>> >     Report: Report: MailScanner: Executable DOS/Windows programs 
>>> are dangerous
>>> >     in email (Greeting Card.exe)
>>> >
>>> > which will make me (and MailScanner) *real* popular in the real 
>>> world.
>>> > I don't want to remove the exe check in filename.rules.conf, which is
>>> > the only quick way I can think of to shut up MailScanner.  Help....
>>> >
>>> > Jeff Earickson
>>> > Colby College
>>> Set
>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>> # who sent you messages containing other blocked content, such as
>>> # partial messages or messages with external bodies?
>>> # This can also be the filename of a ruleset.
>>> Notify Senders Of Other Blocked Content = no
>>> temporarily.
>>
>> Wrong quote, sloppy cut'n'paste... Sorry. Meant
>> # *If* "Notify Senders" is set to yes, do you want to notify people
>> # who sent you messages containing attachments that are blocked due to
>> # their filename or file contents?
>> # This can also be the filename of a ruleset.
>> Notify Senders Of Blocked Filenames Or Filetypes = yes
>> ... and nothing else.
>> But Drews/Jasons clever trick seems more workable in the long run, so
>> ... do that instead:-).
>>
>
> What would be your best long-term solution to this problem?
> Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
> ?
> Or have you a better idea? It needs to be very simple to write at this 
> point in time.
Okay, here's a patch that adds a new configuration setting

Notify Senders Of Blocked Size Attachments = yes or no (or 
ruleset/Custom Function)

First, the patch to ConfigDefs.pl:

- -=-=-SNIP-=-=-
- --- ConfigDefs.pl       2006-10-30 20:38:34.000000000 +0000
+++ ConfigDefs.pl.new   2007-01-30 16:16:29.000000000 +0000
@@ -205,6 +205,7 @@
 warnsenders                    = notifysenders
 warnvirussenders               = notifysendersofviruses
 warnnamesenders                        = 
notifysendersofblockedfilenamesorfiletypes
+warnsizesenders                 = notifysendersofblockedsizeattachments
 warnothersenders               = notifysendersofotherblockedcontent
 webbugurl                      = webbugreplacement
 webbugwhitelist                        = ignoredwebbugfilenames
@@ -409,6 +410,7 @@
 WarnSenders            1       no      0       yes     1
 WarnVirusSenders       0       no      0       yes     1
 WarnNameSenders                1       no      0       yes     1
+WarnSizeSenders                1       no      0       yes     1
 WarnOtherSenders       1       no      0       yes     1
 
 [First,File]
- -=-=-SNIP-=-=-

Now the patch for MessageBatch.pm:

- -=-=-SNIP-=-=-
- --- MessageBatch.pm     2006-11-29 13:43:26.000000000 +0000
+++ MessageBatch.pm.new 2007-01-30 16:06:39.000000000 +0000
@@ -862,8 +862,12 @@
                   $warnviruses;
     $reasons++ if $message->{nameinfected}  &&
                   MailScanner::Config::Value('warnnamesenders', $message);
- -    $reasons++ if ($message->{otherinfected} || 
$message->{sizeinfected}) &&
+    $reasons++ if $message->{sizeinfected} &&
+                  MailScanner::Config::Value('warnsizesenders', $message);
+    $reasons++ if $message->{otherinfected} &&
                   MailScanner::Config::Value('warnothersenders', $message);
+    #$reasons++ if ($message->{otherinfected} || 
$message->{sizeinfected}) &&
+    #              MailScanner::Config::Value('warnothersenders', 
$message);
     next if $reasons==0;
 
     $message->WarnSender();
- -=-=-SNIP-=-=-

If this is enough for you, please apply the patches above and restart 
MailScanner (*not* reload).

Let me know how you get on.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFv3C8EfZZRxQVtlQRAhRMAKCka0Df3buuTBJivi73lkKa4nNIJQCgzsis
KLhUFa/JayrG4m2rnACqZ9s=
=BPr0
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From jaearick at colby.edu  Tue Jan 30 17:26:42 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue Jan 30 16:30:03 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <45BF6E14.2010709@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300915310.766@karst>
	<58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>
	<45BF659B.8060701@USherbrooke.ca> <45BF6E14.2010709@ecs.soton.ac.uk>
Message-ID: <Pine.GSO.4.64.0701301120130.766@karst>

On Tue, 30 Jan 2007, Julian Field wrote:

> Date: Tue, 30 Jan 2007 16:11:00 +0000
> From: Julian Field <MailScanner@ecs.soton.ac.uk>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: zero byte exe files filling quarantine, help!!
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Will 1 configuration setting do, like this:
>
> Notify Senders Of Too Large Or Too Small Attachments = yes or no
>
> You don't really need separate configurations for too large and too
> small do you? Please say no :-)
>
> Jules.

I consider zero-byte attachments a pathological case where no notification
is needed, ever.  Anything > 0 would be legit; then it is just a case
of "too large" and whether or not to notify.

Hmmm, I just noticed this in MailScanner.conf:

# The minimum size, in bytes, of any attachment in a message.
# If this is set less than or equal to zero, then no size checking is done.
# It is very useful to set this to 1 as it removes any zero-length
# attachments which may be created by broken viruses.
# This can also be the filename of a ruleset.
Minimum Attachment Size = -1

If I set this to 1, per the comment, would I have avoided this morning's
problems?  Maybe the default for this *should* be one???

Jeff Earickson
Colby College
From jaearick at colby.edu  Tue Jan 30 17:27:53 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue Jan 30 16:31:14 2007
Subject: more on zero byte exe files -- solution?
In-Reply-To: <45BF708D.1070501@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300941590.766@karst>
	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>
	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
	<45BF6270.20708@ecs.soton.ac.uk> <45BF708D.1070501@ecs.soton.ac.uk>
Message-ID: <Pine.GSO.4.64.0701301127330.766@karst>

Maybe roll out another beta???

On Tue, 30 Jan 2007, Julian Field wrote:

> Date: Tue, 30 Jan 2007 16:21:33 +0000
> From: Julian Field <MailScanner@ecs.soton.ac.uk>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: more on zero byte exe files -- solution?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Julian Field wrote:
>>
>>
>> Glenn Steen wrote:
>>> On 30/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>>>> On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
>>>>> Gang,
>>>>>
>>>>> Since the file is zero bytes, named exe, and does not trigger
>>>>> a sophos/clam virus event, I am having a lot of the following
>>>>> messages outgoing:
>>>>>
>>>>>     From: MailScanner <postmaster@colby.edu>
>>>>>     To: upwcc@wwsolutions.demon.co.uk
>>>>>     Subject: Warning: E-mail viruses detected
>>>>>
>>>>>     Our e-mail content detector has just been triggered by a
>>>> message you sent:
>>>>>       To: llivshi@colby.edu
>>>>>       Subject: Wine and Roses
>>>>>       Date: Tue Jan 30 09:18:57 2007
>>>>>
>>>>>     One or more of the attachments (Greeting Card.exe) are on
>>>>>     the list of unacceptable attachments for this site and will
>>>> not have
>>>>>     been delivered.
>>>>>
>>>>>     Consider renaming the files to avoid this constraint.
>>>>>
>>>>>     The virus detector said this about the message:
>>>>>     Report: Report: MailScanner: Executable DOS/Windows programs
>>>> are dangerous
>>>>>     in email (Greeting Card.exe)
>>>>>
>>>>> which will make me (and MailScanner) *real* popular in the real
>>>> world.
>>>>> I don't want to remove the exe check in filename.rules.conf, which is
>>>>> the only quick way I can think of to shut up MailScanner.  Help....
>>>>>
>>>>> Jeff Earickson
>>>>> Colby College
>>>> Set
>>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>>> # who sent you messages containing other blocked content, such as
>>>> # partial messages or messages with external bodies?
>>>> # This can also be the filename of a ruleset.
>>>> Notify Senders Of Other Blocked Content = no
>>>> temporarily.
>>>
>>> Wrong quote, sloppy cut'n'paste... Sorry. Meant
>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>> # who sent you messages containing attachments that are blocked due to
>>> # their filename or file contents?
>>> # This can also be the filename of a ruleset.
>>> Notify Senders Of Blocked Filenames Or Filetypes = yes
>>> ... and nothing else.
>>> But Drews/Jasons clever trick seems more workable in the long run, so
>>> ... do that instead:-).
>>>
>>
>> What would be your best long-term solution to this problem?
>> Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
>> ?
>> Or have you a better idea? It needs to be very simple to write at this
>> point in time.
> Okay, here's a patch that adds a new configuration setting
>
> Notify Senders Of Blocked Size Attachments = yes or no (or
> ruleset/Custom Function)
>
> First, the patch to ConfigDefs.pl:
>
> - -=-=-SNIP-=-=-
> - --- ConfigDefs.pl       2006-10-30 20:38:34.000000000 +0000
> +++ ConfigDefs.pl.new   2007-01-30 16:16:29.000000000 +0000
> @@ -205,6 +205,7 @@
> warnsenders                    = notifysenders
> warnvirussenders               = notifysendersofviruses
> warnnamesenders                        =
> notifysendersofblockedfilenamesorfiletypes
> +warnsizesenders                 = notifysendersofblockedsizeattachments
> warnothersenders               = notifysendersofotherblockedcontent
> webbugurl                      = webbugreplacement
> webbugwhitelist                        = ignoredwebbugfilenames
> @@ -409,6 +410,7 @@
> WarnSenders            1       no      0       yes     1
> WarnVirusSenders       0       no      0       yes     1
> WarnNameSenders                1       no      0       yes     1
> +WarnSizeSenders                1       no      0       yes     1
> WarnOtherSenders       1       no      0       yes     1
>
> [First,File]
> - -=-=-SNIP-=-=-
>
> Now the patch for MessageBatch.pm:
>
> - -=-=-SNIP-=-=-
> - --- MessageBatch.pm     2006-11-29 13:43:26.000000000 +0000
> +++ MessageBatch.pm.new 2007-01-30 16:06:39.000000000 +0000
> @@ -862,8 +862,12 @@
>                   $warnviruses;
>     $reasons++ if $message->{nameinfected}  &&
>                   MailScanner::Config::Value('warnnamesenders', $message);
> - -    $reasons++ if ($message->{otherinfected} ||
> $message->{sizeinfected}) &&
> +    $reasons++ if $message->{sizeinfected} &&
> +                  MailScanner::Config::Value('warnsizesenders', $message);
> +    $reasons++ if $message->{otherinfected} &&
>                   MailScanner::Config::Value('warnothersenders', $message);
> +    #$reasons++ if ($message->{otherinfected} ||
> $message->{sizeinfected}) &&
> +    #              MailScanner::Config::Value('warnothersenders',
> $message);
>     next if $reasons==0;
>
>     $message->WarnSender();
> - -=-=-SNIP-=-=-
>
> If this is enough for you, please apply the patches above and restart
> MailScanner (*not* reload).
>
> Let me know how you get on.
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.3 (Build 5003)
> Comment: (pgp-secured)
> Charset: ISO-8859-1
>
> wj8DBQFFv3C8EfZZRxQVtlQRAhRMAKCka0Df3buuTBJivi73lkKa4nNIJQCgzsis
> KLhUFa/JayrG4m2rnACqZ9s=
> =BPr0
> -----END PGP SIGNATURE-----
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From dave99 at gmail.com  Tue Jan 30 17:26:09 2007
From: dave99 at gmail.com (Dave)
Date: Tue Jan 30 16:33:20 2007
Subject: New Beta 4.58.6 released
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BDD448.3080908@nerc.ac.uk>
	<loom.20070130T063937-341@post.gmane.org>
	<45BF1146.4090302@ecs.soton.ac.uk>
Message-ID: <loom.20070130T172508-219@post.gmane.org>

Julian Field <MailScanner <at> ecs.soton.ac.uk> writes:

> 
> 
> I just noticed a nasty obvious bug in KickMessage in Postfix.pm.
> 
> Please find the "sub KickMessage" line in Postfix.pm and change the code 
> to this:
> 

That solves it, thanks Julian.




From MailScanner at ecs.soton.ac.uk  Tue Jan 30 17:31:50 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 16:38:09 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <Pine.GSO.4.64.0701301120130.766@karst>
References: <Pine.GSO.4.64.0701300915310.766@karst>	<58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>	<45BF659B.8060701@USherbrooke.ca>
	<45BF6E14.2010709@ecs.soton.ac.uk>
	<Pine.GSO.4.64.0701301120130.766@karst>
Message-ID: <45BF72F6.3060404@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Jeff A. Earickson wrote:
> On Tue, 30 Jan 2007, Julian Field wrote:
>
>> Date: Tue, 30 Jan 2007 16:11:00 +0000
>> From: Julian Field <MailScanner@ecs.soton.ac.uk>
>> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
>> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
>> Subject: Re: zero byte exe files filling quarantine, help!!
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Will 1 configuration setting do, like this:
>>
>> Notify Senders Of Too Large Or Too Small Attachments = yes or no
>>
>> You don't really need separate configurations for too large and too
>> small do you? Please say no :-)
>>
>> Jules.
>
> I consider zero-byte attachments a pathological case where no 
> notification
> is needed, ever.  Anything > 0 would be legit; then it is just a case
> of "too large" and whether or not to notify.
>
> Hmmm, I just noticed this in MailScanner.conf:
>
> # The minimum size, in bytes, of any attachment in a message.
> # If this is set less than or equal to zero, then no size checking is 
> done.
> # It is very useful to set this to 1 as it removes any zero-length
> # attachments which may be created by broken viruses.
> # This can also be the filename of a ruleset.
> Minimum Attachment Size = -1
>
> If I set this to 1, per the comment, would I have avoided this morning's
> problems?  Maybe the default for this *should* be one???
>
It would have notified the apparent sender of all the 0-byte files, 
which you probably didn't want.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFv3NXEfZZRxQVtlQRAiuVAJ0ehFYjMU/XFu7DvlR/zzB+6Pw1SACgi2WR
GUOs8uiHZjcQB4csh1uaWKA=
=kcn8
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Tue Jan 30 17:33:51 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 16:38:11 2007
Subject: more on zero byte exe files -- solution?
In-Reply-To: <Pine.GSO.4.64.0701301127330.766@karst>
References: <Pine.GSO.4.64.0701300941590.766@karst>	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>	<45BF6270.20708@ecs.soton.ac.uk>
	<45BF708D.1070501@ecs.soton.ac.uk>
	<Pine.GSO.4.64.0701301127330.766@karst>
Message-ID: <45BF736F.6070703@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I want to know if it is what you guys want first, before I commit it to 
the source codebase properly.

Comments please?

Jeff A. Earickson wrote:
> Maybe roll out another beta???
>
> On Tue, 30 Jan 2007, Julian Field wrote:
>
>> Date: Tue, 30 Jan 2007 16:21:33 +0000
>> From: Julian Field <MailScanner@ecs.soton.ac.uk>
>> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
>> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
>> Subject: Re: more on zero byte exe files -- solution?
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>> Julian Field wrote:
>>>
>>>
>>> Glenn Steen wrote:
>>>> On 30/01/07, Glenn Steen <glenn.steen@gmail.com> wrote:
>>>>> On 30/01/07, Jeff A. Earickson <jaearick@colby.edu> wrote:
>>>>>> Gang,
>>>>>>
>>>>>> Since the file is zero bytes, named exe, and does not trigger
>>>>>> a sophos/clam virus event, I am having a lot of the following
>>>>>> messages outgoing:
>>>>>>
>>>>>>     From: MailScanner <postmaster@colby.edu>
>>>>>>     To: upwcc@wwsolutions.demon.co.uk
>>>>>>     Subject: Warning: E-mail viruses detected
>>>>>>
>>>>>>     Our e-mail content detector has just been triggered by a
>>>>> message you sent:
>>>>>>       To: llivshi@colby.edu
>>>>>>       Subject: Wine and Roses
>>>>>>       Date: Tue Jan 30 09:18:57 2007
>>>>>>
>>>>>>     One or more of the attachments (Greeting Card.exe) are on
>>>>>>     the list of unacceptable attachments for this site and will
>>>>> not have
>>>>>>     been delivered.
>>>>>>
>>>>>>     Consider renaming the files to avoid this constraint.
>>>>>>
>>>>>>     The virus detector said this about the message:
>>>>>>     Report: Report: MailScanner: Executable DOS/Windows programs
>>>>> are dangerous
>>>>>>     in email (Greeting Card.exe)
>>>>>>
>>>>>> which will make me (and MailScanner) *real* popular in the real
>>>>> world.
>>>>>> I don't want to remove the exe check in filename.rules.conf, 
>>>>>> which is
>>>>>> the only quick way I can think of to shut up MailScanner.  Help....
>>>>>>
>>>>>> Jeff Earickson
>>>>>> Colby College
>>>>> Set
>>>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>>>> # who sent you messages containing other blocked content, such as
>>>>> # partial messages or messages with external bodies?
>>>>> # This can also be the filename of a ruleset.
>>>>> Notify Senders Of Other Blocked Content = no
>>>>> temporarily.
>>>>
>>>> Wrong quote, sloppy cut'n'paste... Sorry. Meant
>>>> # *If* "Notify Senders" is set to yes, do you want to notify people
>>>> # who sent you messages containing attachments that are blocked due to
>>>> # their filename or file contents?
>>>> # This can also be the filename of a ruleset.
>>>> Notify Senders Of Blocked Filenames Or Filetypes = yes
>>>> ... and nothing else.
>>>> But Drews/Jasons clever trick seems more workable in the long run, so
>>>> ... do that instead:-).
>>>>
>>>
>>> What would be your best long-term solution to this problem?
>>> Perhaps a "Notify Senders Of Bad Sized Attachments = yes/no"
>>> ?
>>> Or have you a better idea? It needs to be very simple to write at this
>>> point in time.
>> Okay, here's a patch that adds a new configuration setting
>>
>> Notify Senders Of Blocked Size Attachments = yes or no (or
>> ruleset/Custom Function)
>>
>> First, the patch to ConfigDefs.pl:
>>
>> - -=-=-SNIP-=-=-
>> - --- ConfigDefs.pl       2006-10-30 20:38:34.000000000 +0000
>> +++ ConfigDefs.pl.new   2007-01-30 16:16:29.000000000 +0000
>> @@ -205,6 +205,7 @@
>> warnsenders                    = notifysenders
>> warnvirussenders               = notifysendersofviruses
>> warnnamesenders                        =
>> notifysendersofblockedfilenamesorfiletypes
>> +warnsizesenders                 = notifysendersofblockedsizeattachments
>> warnothersenders               = notifysendersofotherblockedcontent
>> webbugurl                      = webbugreplacement
>> webbugwhitelist                        = ignoredwebbugfilenames
>> @@ -409,6 +410,7 @@
>> WarnSenders            1       no      0       yes     1
>> WarnVirusSenders       0       no      0       yes     1
>> WarnNameSenders                1       no      0       yes     1
>> +WarnSizeSenders                1       no      0       yes     1
>> WarnOtherSenders       1       no      0       yes     1
>>
>> [First,File]
>> - -=-=-SNIP-=-=-
>>
>> Now the patch for MessageBatch.pm:
>>
>> - -=-=-SNIP-=-=-
>> - --- MessageBatch.pm     2006-11-29 13:43:26.000000000 +0000
>> +++ MessageBatch.pm.new 2007-01-30 16:06:39.000000000 +0000
>> @@ -862,8 +862,12 @@
>>                   $warnviruses;
>>     $reasons++ if $message->{nameinfected}  &&
>>                   MailScanner::Config::Value('warnnamesenders', 
>> $message);
>> - -    $reasons++ if ($message->{otherinfected} ||
>> $message->{sizeinfected}) &&
>> +    $reasons++ if $message->{sizeinfected} &&
>> +                  MailScanner::Config::Value('warnsizesenders', 
>> $message);
>> +    $reasons++ if $message->{otherinfected} &&
>>                   MailScanner::Config::Value('warnothersenders', 
>> $message);
>> +    #$reasons++ if ($message->{otherinfected} ||
>> $message->{sizeinfected}) &&
>> +    #              MailScanner::Config::Value('warnothersenders',
>> $message);
>>     next if $reasons==0;
>>
>>     $message->WarnSender();
>> - -=-=-SNIP-=-=-
>>
>> If this is enough for you, please apply the patches above and restart
>> MailScanner (*not* reload).
>>
>> Let me know how you get on.
>>
>> Jules
>>
>> - --
>> Julian Field MEng CITP
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.5.3 (Build 5003)
>> Comment: (pgp-secured)
>> Charset: ISO-8859-1
>>
>> wj8DBQFFv3C8EfZZRxQVtlQRAhRMAKCka0Df3buuTBJivi73lkKa4nNIJQCgzsis
>> KLhUFa/JayrG4m2rnACqZ9s=
>> =BPr0
>> -----END PGP SIGNATURE-----
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> For all your IT requirements visit www.transtec.co.uk
>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFv3OREfZZRxQVtlQRApkCAKC4VeyB8Jf+VuJfvAYnOBBD8XMXCgCfW/qZ
nnCJKA5T+8ZZFosTw3ocJoU=
=+coK
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From Denis.Beauchemin at USherbrooke.ca  Tue Jan 30 17:42:42 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Tue Jan 30 16:46:36 2007
Subject: zero byte exe files filling quarantine, help!!
In-Reply-To: <45BF6E14.2010709@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300915310.766@karst>	<58210.194.70.180.170.1170168432.squirrel@www.technologytiger.net>	<45BF659B.8060701@USherbrooke.ca>
	<45BF6E14.2010709@ecs.soton.ac.uk>
Message-ID: <45BF7582.3070502@USherbrooke.ca>

Julian Field a ?crit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Will 1 configuration setting do, like this:
>
> Notify Senders Of Too Large Or Too Small Attachments = yes or no
>
> You don't really need separate configurations for too large and too 
> small do you? Please say no :-)
>
> Jules.
>
>   

That would be perfect!

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070130/ee779a85/smime.bin
From ssilva at sgvwater.com  Tue Jan 30 18:01:15 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jan 30 17:05:16 2007
Subject: msrbl, anyone using these RBLs?
In-Reply-To: <epn6n8$us0$1@sea.gmane.org>
References: <epaog9$b09$1@sea.gmane.org>
	<45B8E899.5050801@chapman.edu>	<epb2ra$kfs$1@sea.gmane.org>
	<epn6n8$us0$1@sea.gmane.org>
Message-ID: <epntkr$ndt$2@sea.gmane.org>

Ugo Bellavance spake the following on 1/30/2007 2:29 AM:
> Scott Silva wrote:
>> Jay Chandler spake the following on 1/25/2007 9:27 AM:
>>> Ugo Bellavance wrote:
>>>> http://www.msrbl.com/site/
>>>>
>>>> Any opinions?
>>>>
>>>> Thanks,
>>>>
>>>> Ugo
>>>>
>>> Haven't used that one yet.
>>>
>>> There any consensus on the number of RBLs to use?  I'm mirroring a few
>>> locally, but I'm not certain of the overhead on using others...
>> I threw the combined one into spamassassin just to see if it hits
>> anything.
>> We'll see ....
>>
> 
> Do you have stats, yet, Scott?
> 
> Regards,
> 
> Ugo
> 
I haven't had one hit yet, but I am dropping zen hits at the mta.
I am probably killing anything that might hit before it gets in.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From mike at vesol.com  Tue Jan 30 18:45:11 2007
From: mike at vesol.com (Mike Kercher)
Date: Tue Jan 30 17:51:45 2007
Subject: OT:  Global Exchange Deployment INCLUDING China
Message-ID: <EAE39E9E242F774099806D1052118953142933@samba2003.home.middlefinger.net>

We have an initiative to roll all of our users worldwide to Exchange and
ultimately Dynamics CRM.  One hurdle we face is the regulation of email
in China.  Has anyone done something like this before?
 
Please feel free to take this off the list and contact me offline.
 
TIA
 
Mike
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070130/f9746884/attachment.html
From MailScanner at ecs.soton.ac.uk  Tue Jan 30 19:32:51 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 18:36:49 2007
Subject: New beta 4.58.8
Message-ID: <45BF8F53.1080305@ecs.soton.ac.uk>

I have added a configuration setting to control delivery of sender 
notifications in response to attachments outside your configured range. 
By default this is set to no, but also by default the size limits are 
disabled.
If you set the minimum attachment size to 1 then no-one will receive 
notifications about broken viruses sending out 0-length copies of 
themselves. This helps to minimise the amount of backscatter mail out there.

This also includes the fixes to the Postfix code for kicking the MTA to 
trigger the delivery of new messages, when multiple copies of Postfix 
are running supporting multiple outgoing queues from MailScanner.

Please do some final testing for me, as the stable release is due for 
Thursday.

The Change Log is now this:

* New Features and Improvements *
1 Added accessor functions to Config.pm to enable implementation of ruleset
  evaluation within a Custom Function.
4 New example Custom Function to show how to evaluate a ruleset from within
  a Custom Function.
5 Checks the SA cache more intelligently now, to use the required score from
  the right message always. Thanks to Olaf.Ohlenmacher@colt.net for this.
5 Supporting code for BarricadeMX. If you haven't got this superb package
  yet, contact Fort Systems (www.fsl.com) for an evaluation licence 
RIGHT NOW!
  It's superb, and even runs on Windows with Exchange, in addition to all
  the other platforms normally supported. Say goodnight to all your spam
  problems. It will reduce the load on your mail servers so much that you
  won't be needing any upgrades for a few years, which will save you a
  whole load of money!
5 "MailScanner --lint" now checks the version number of the MailScanner.conf
  file to ensure you are not behind with your settings and need to run
  upgrade_MailScanner_conf.
6 Improvement to check_MailScanner script so it prints Done or Failed as
  appropriate.
7 Mail sent out to split mail queues will only be picked up when the MTA
  next scans the queue. This problem will be rectified in the next release.
  I didn't want to change the code so close to the release date, I will fix
  it very soon. This does not affect the vast proportion of users.
7 Okay, I've changed my mind. The new code is in for testing.
8 Mail sent out to multiple mail queues will all cause the MTA to be
  "kicked" into knowing there are new messages in the outgoing queue
  waiting to be delivered.
8 Added new configuration option
  "Notify Senders Of Blocked Size Attachments = no".
  This is to stop notifying senders of 0-length files which are generated
  by some broken viruses and worms. It does also control sender 
notifications
  for other sizes of attachments that are outside your pre-set limits set
  in other configuration options.

* Fixes *
1 Small addition to Config.pm for one customer.
2 Don't use 4.58.1, bug introduced in Config.pm.
4 Bug fixed where {Fraud?} Subject: tag would not appear when appropriate.
5 Fixed bug in Exim delivery code that would leave stray defunct processes
  lying around in some situations.
5 Now kicks Sendmail/whatever about all messages in all outgoing queues.
5 MCP doesn't pick up sa-update rules any more. Thanks to Jason Desai.
5 AVG7 support improved.
6 Bug fixed where 1 disarmed message followed by another 1 non-disarmed
  message would cause the 2nd message to be tagged disarmed in the Subject:
  line, but only if the message batch would be processed in exactly 1
  particular order.
6 Fixed bug with extra "Disarmed" tags where there shouldn't be.
8 Postfix support for split queue kicking fixed. Sendmail support 
working well.
8 Fixed potential DoS attack bug with very long headers in ZMailer support.
  Patch from Leonardo Helman.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From jaearick at colby.edu  Tue Jan 30 19:59:32 2007
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue Jan 30 19:02:54 2007
Subject: New beta 4.58.8
In-Reply-To: <45BF8F53.1080305@ecs.soton.ac.uk>
References: <45BF8F53.1080305@ecs.soton.ac.uk>
Message-ID: <Pine.GSO.4.64.0701301357440.766@karst>



On Tue, 30 Jan 2007, Julian Field wrote:

> Date: Tue, 30 Jan 2007 18:32:51 +0000
> From: Julian Field <MailScanner@ecs.soton.ac.uk>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>,
>     MailScanner beta testers <mailscanner-beta@lists.mailscanner.info>
> Subject: New beta 4.58.8
> 
> I have added a configuration setting to control delivery of sender 
> notifications in response to attachments outside your configured range. By 
> default this is set to no, but also by default the size limits are disabled.
> If you set the minimum attachment size to 1 then no-one will receive 
> notifications about broken viruses sending out 0-length copies of themselves. 
> This helps to minimise the amount of backscatter mail out there.
>
> This also includes the fixes to the Postfix code for kicking the MTA to 
> trigger the delivery of new messages, when multiple copies of Postfix are 
> running supporting multiple outgoing queues from MailScanner.
>
> Please do some final testing for me, as the stable release is due for 
> Thursday.
>
> The Change Log is now this:
>
> * New Features and Improvements *
> 1 Added accessor functions to Config.pm to enable implementation of ruleset
> evaluation within a Custom Function.
> 4 New example Custom Function to show how to evaluate a ruleset from within
> a Custom Function.
> 5 Checks the SA cache more intelligently now, to use the required score from
> the right message always. Thanks to Olaf.Ohlenmacher@colt.net for this.
> 5 Supporting code for BarricadeMX. If you haven't got this superb package
> yet, contact Fort Systems (www.fsl.com) for an evaluation licence RIGHT NOW!
> It's superb, and even runs on Windows with Exchange, in addition to all
> the other platforms normally supported. Say goodnight to all your spam
> problems. It will reduce the load on your mail servers so much that you
> won't be needing any upgrades for a few years, which will save you a
> whole load of money!
> 5 "MailScanner --lint" now checks the version number of the MailScanner.conf
> file to ensure you are not behind with your settings and need to run
> upgrade_MailScanner_conf.
> 6 Improvement to check_MailScanner script so it prints Done or Failed as
> appropriate.
> 7 Mail sent out to split mail queues will only be picked up when the MTA
> next scans the queue. This problem will be rectified in the next release.
> I didn't want to change the code so close to the release date, I will fix
> it very soon. This does not affect the vast proportion of users.
> 7 Okay, I've changed my mind. The new code is in for testing.
> 8 Mail sent out to multiple mail queues will all cause the MTA to be
> "kicked" into knowing there are new messages in the outgoing queue
> waiting to be delivered.
> 8 Added new configuration option
> "Notify Senders Of Blocked Size Attachments = no".
> This is to stop notifying senders of 0-length files which are generated
> by some broken viruses and worms. It does also control sender notifications
> for other sizes of attachments that are outside your pre-set limits set
> in other configuration options.
>
> * Fixes *
> 1 Small addition to Config.pm for one customer.
> 2 Don't use 4.58.1, bug introduced in Config.pm.
> 4 Bug fixed where {Fraud?} Subject: tag would not appear when appropriate.
> 5 Fixed bug in Exim delivery code that would leave stray defunct processes
> lying around in some situations.
> 5 Now kicks Sendmail/whatever about all messages in all outgoing queues.
> 5 MCP doesn't pick up sa-update rules any more. Thanks to Jason Desai.
> 5 AVG7 support improved.
> 6 Bug fixed where 1 disarmed message followed by another 1 non-disarmed
> message would cause the 2nd message to be tagged disarmed in the Subject:
> line, but only if the message batch would be processed in exactly 1
> particular order.
> 6 Fixed bug with extra "Disarmed" tags where there shouldn't be.
> 8 Postfix support for split queue kicking fixed. Sendmail support working 
> well.
> 8 Fixed potential DoS attack bug with very long headers in ZMailer support.
> Patch from Leonardo Helman.
>
> Jules

Julian,

In place and running at my site.  I noticed that Sophos starting flagging
this malware as Mal/HckPk-A starting at 13:00 local time, so this may
be moot for this testcase.

Jeff Earickson
Colby College
From chris at clh.org.uk  Tue Jan 30 20:33:44 2007
From: chris at clh.org.uk (Chris Hardy)
Date: Tue Jan 30 19:37:16 2007
Subject: New beta 4.58.8
In-Reply-To: <45BF8F53.1080305@ecs.soton.ac.uk>
References: <45BF8F53.1080305@ecs.soton.ac.uk>
Message-ID: <45BF9D98.5000803@clh.org.uk>

Just a quick 'aesthetic' issue

When installing MailScanner, it still says Mandrake - surely this should 
now be changed to Mandriva

I appreciate it is a very minor thing though

c

-- 
This message has been scanned for viruses and
dangerous content by www.clh.org.uk, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue Jan 30 22:10:06 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jan 30 21:13:46 2007
Subject: New beta 4.58.8
In-Reply-To: <45BF9D98.5000803@clh.org.uk>
References: <45BF8F53.1080305@ecs.soton.ac.uk> <45BF9D98.5000803@clh.org.uk>
Message-ID: <45BFB42E.9000504@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fixed. Thanks for spotting that, the minor cosmetic errors are just as 
important as mistakes in the code.
Presentation matters a lot to me.
Presentation matters very little, if at all, to many free software 
authors, some of whom never reach version 1 and wonder why they don't 
get taken seriously. It matters to me.

Cheers,
Jules.


Chris Hardy wrote:
> Just a quick 'aesthetic' issue
>
> When installing MailScanner, it still says Mandrake - surely this 
> should now be changed to Mandriva
>
> I appreciate it is a very minor thing though
>
> c
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFFv7QxEfZZRxQVtlQRArtQAKCmkPDN6yIPTRv+wt579bdtYxZ+KgCfcqdC
KWMnACdLP+qMVSVs2xSiXUE=
=jAoC
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From res at ausics.net  Tue Jan 30 11:20:29 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 22:16:28 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <67b9adfa23e7124e9909573e28ca8748@solidstatelogic.com>
References: <67b9adfa23e7124e9909573e28ca8748@solidstatelogic.com>
Message-ID: <Pine.LNX.4.64.0701302019550.29439@ebfjryy.nhfvpf.arg>

Martin,

On Tue, 30 Jan 2007, Martin.Hepworth wrote:

> Put the mailscanner lists in your mailScanner (not Spamassassin)
> whitelist...ie a ruleset attached to "Is Definitely Not Spam".

Already done :)


-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From res at ausics.net  Tue Jan 30 13:37:53 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 22:16:29 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>
Message-ID: <Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>

On Tue, 30 Jan 2007, Randal, Phil wrote:

>> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
>> an absolute "no" to qmail.

who voted no to qmail? It in fact the best for virtual domains.

If I wasnt voted in for sendmail, chuck me in now :)


> It takes a while to get used to

This is the biggest thing, it is very very configurable and that scares 
those who dont know it.

I liken Sendmail to a console user and postfix as the gui user

/me ducks from Glenn


--
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From res at ausics.net  Tue Jan 30 23:05:20 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 22:16:31 2007
Subject: more on zero byte exe files -- solution?
In-Reply-To: <45BF736F.6070703@ecs.soton.ac.uk>
References: <Pine.GSO.4.64.0701300941590.766@karst>
	<223f97700701300659s14d27e60t47245239eac508b1@mail.gmail.com>
	<223f97700701300703n240fc65ap4123c355f8b059cb@mail.gmail.com>
	<45BF6270.20708@ecs.soton.ac.uk> <45BF708D.1070501@ecs.soton.ac.uk>
	<Pine.GSO.4.64.0701301127330.766@karst>
	<45BF736F.6070703@ecs.soton.ac.uk>
Message-ID: <Pine.LNX.4.64.0701310804130.32206@ebfjryy.nhfvpf.arg>

On Tue, 30 Jan 2007, Julian Field wrote:

>I want to know if it is what you guys want first, before I commit it to 
>the source codebase properly.

>Comments please?

Yes :)

-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From res at ausics.net  Tue Jan 30 08:43:20 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 22:16:34 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <loom.20070130T063937-341@post.gmane.org>
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BDD448.3080908@nerc.ac.uk>
	<loom.20070130T063937-341@post.gmane.org>
Message-ID: <Pine.LNX.4.64.0701301741230.29087@ebfjryy.nhfvpf.arg>

On Tue, 30 Jan 2007, Dave wrote:

> I'm getting an error in the new version:
> KickMessage failed as couldn't write to /qmgr, Permission denied

The current beta is 4.58.7 this resolves a few issues with kick message.
Also you don't say your MTA or OS flavour.
Please try current beta.


-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From res at ausics.net  Tue Jan 30 23:25:14 2007
From: res at ausics.net (Res)
Date: Tue Jan 30 22:28:35 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <Pine.LNX.4.64.0701301741230.29087@ebfjryy.nhfvpf.arg>
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BDD448.3080908@nerc.ac.uk>
	<loom.20070130T063937-341@post.gmane.org>
	<Pine.LNX.4.64.0701301741230.29087@ebfjryy.nhfvpf.arg>
Message-ID: <Pine.LNX.4.64.0701310824200.32326@ebfjryy.nhfvpf.arg>

Ignore this as 4.58.8 beta is out, it was held on my test server which was 
off the lan overnight :)


On Tue, 30 Jan 2007, Res wrote:

> On Tue, 30 Jan 2007, Dave wrote:
>
>> I'm getting an error in the new version:
>> KickMessage failed as couldn't write to /qmgr, Permission denied
>
> The current beta is 4.58.7 this resolves a few issues with kick message.
> Also you don't say your MTA or OS flavour.
> Please try current beta.
>
>
>

-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From drew at technologytiger.net  Tue Jan 30 23:32:04 2007
From: drew at technologytiger.net (Drew Marshall)
Date: Tue Jan 30 22:35:26 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>
	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
Message-ID: <A711E33A-C45D-4D65-9A24-B9A4A3071645@technologytiger.net>

> /me ducks from Glenn

Amongst others!

>
> "We can be Heroes, just for one day" - Davey (Jones) Bowie

How strangely appropriate!

Drew

-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

From mikej at rogers.com  Wed Jan 31 00:17:38 2007
From: mikej at rogers.com (Mike Jakubik)
Date: Tue Jan 30 23:20:47 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
Message-ID: <45BFD212.6090204@rogers.com>

Glenn Steen wrote:
>
> We aim at making "milter edited queue files" -> "a (new) normal queue 
> file".
>
> If you want my patches to look at beforehand, I can get them to you in
> a blink:-). So far they've been tested by me and Nerijus Baliunas (who
> is a brave soul and seems to be running them in production:-). They're
> good for 2.3 with milters, not yet 2.4 with body editing milters.

Thanks for the details Glenn. Am i correct in understanding that this 
will only affect users of milters?

From Rodney at rcrcomputing.com  Wed Jan 31 03:34:49 2007
From: Rodney at rcrcomputing.com (Rodney Richison)
Date: Wed Jan 31 02:38:22 2007
Subject: add high scoring spam to my rbl list
Message-ID: <D5CCFECF93FF4F4EB819EC304BE34A0404AE10@server1.RCRComputing.local>

> > Is there a way one might grab the ip of the high scoring spam
> > Mailscanner finds and have it put into my own rbl list for postfix
> to
> > then deny...
> >
> > Kindof wondering if such a project exists.
> >
> 
> Although not exactly what you're looking for, the Vispan project does
> essentially what I think you are looking to do.     It simply examines
> MailScanner's log and keeps track of spammers.    If a certain spammer
> sends more spams within a specified amount of time then what you
allow,
> then it automatically adds that sender to your access list so that
it's
> denied at the MTA level.
> 
Looks like your reply has really hit the jackpot. After searching along
these lines, I've found a gentleman who has patched vispan to do exactly
that. Add them to a rbldns!  I will be installing vispan tonight along
with the patches. On a futher note, the author of vispan has implemented
the patch into the main program and is testing as we speak!



From jcb at dream.com.ph  Wed Jan 31 04:47:49 2007
From: jcb at dream.com.ph (jepoy)
Date: Wed Jan 31 03:51:12 2007
Subject: dcc,razor,pyzor on MS running centos4.4
References: <01b101c7405f$12666640$920bbdcb@pmsi.net><223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<200701260148020079.03ABA951@smtp1.ace.net.au>
Message-ID: <001e01c744ea$955b67a0$920bbdcb@pmsi.net>


----- Original Message ----- 
From: "Peter Nitschke" <email@ace.net.au>
To: <mailscanner@lists.mailscanner.info>
Sent: Thursday, January 25, 2007 11:18 PM
Subject: Re[2]: dcc,razor,pyzor on MS running centos4.4


> On 25/01/2007 at 10:42 AM Glenn Steen wrote:
>
>>On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
>>>
>>>
>>> hi guys,
>>>
>>> just read about these things as plugins on spamassassin. how can i
>>> incorporate them on my centos 4.4.
>>>
>>Start looking at (MAQ):
>>http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_and
> _bayes
>>And also (wiki):
>>http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spama
> ssassin:plugins
>
> Is that stuff still current?  On my new Centos 4 setup I simply used "yum
> install perl-Razor-Agent pyzor DCC"
>
> The last 2 are from atrpms.net
>
> I then commented out the lines in spam.assassin.prefs.conf: (I got lint
> errors if I left them in)
> # pyzor path
> # DCC path
>
> Last I made sure the relevant lines in v310.pre were uncommented.
>
> Bingo, instant razor, pyzor and DCC.
>
> Peter
>
hi peter,
what repository did you use ? can you please send me the config on your yum 
for me to download these plugins using yum.

Tnx. 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at katy.com  Wed Jan 31 07:12:49 2007
From: john at katy.com (John Schmerold)
Date: Wed Jan 31 06:16:09 2007
Subject: Performance
Message-ID: <45C03361.5040903@katy.com>

We're seeing significant backlogs, mail is taking 2-6 hours to get thru 
the Postfix/Mailscanner gauntlet we've setup. What's everyone else 
seeing in terms of mail processing time?

I've looked at the home page & WIKI, so, I'm guessing I am missing 
something or there are new techniques not yet published on the 
mailscanner.info

Some of my statistics are as follows:
Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
Mail volume: approx 7,500 messages per day
Misc: We have set the noatime flag on spool and log partitions & use a 
local DNS caching nameserver.

MS Configuration:
[root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
# See http://www.mailscanner.info/MailScanner.conf.index.html for all 
options & defaults
%etc-dir% = /etc/MailScanner
%mcp-dir% = /etc/MailScanner/mcp
%org-long-name% = Schmerold
%org-name% = Schmerold
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%web-site% = www.schmerold.com

Always Include SpamAssassin Report = yes
Archive Mail = /etc/MailScanner/rules/archive.rules
High Scoring Spam Actions = store
High SpamAssassin Score = 7
Incoming Queue Dir = /var/spool/postfix/hold
Incoming Work Dir = /var/spool/MailScanner/incoming
Language Strings = /etc/MailScanner/reports/en/languages.conf
MTA = postfix
Outgoing Queue Dir = /var/spool/postfix/incoming
Required SpamAssassin Score = 4
Restart Every = 7200
Run As Group = postfix
Run As User = postfix
Sign Clean Messages = no
SpamAssassin Site Rules Dir = /etc/mail/spamassassin

Log Speed = yes
Max Children = 2
Max Unscanned Messages Per Scan = 10
Max Unsafe Messages Per Scan = 10
Spam List =
Virus Scanners = f-prot
[root@mx1 ~]#

PostFix Configuration:
[root@mx1 ~]# postconf -n
canonical_maps = hash:/etc/postfix/canonical
config_directory = /etc/postfix
disable_vrfy_command = yes
hash_queue_names = ""
header_checks = regexp:/etc/postfix/header_checks
masquerade_exceptions = root
message_size_limit = 51200000
mydomain = schmerold.com
myhostname = mx1.schmerold.com
mynetworks = 127.0.0.0/8 65.16.251.208/29
relay_domains = katy.com katy.net katycomputer.com  schmerold.com
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname 
reject_non_fqdn_hostname reject_non_fqdn_sender  
reject_non_fqdn_recipient  reject_unknown_sender_domain 
permit_mynetworks reject_unauth_destination check_sender_access 
hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org 
reject_rbl_client zen.spamhaus.org permit
smtpd_sender_restrictions = hash:/etc/postfix/access
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
[root@mx1 ~]#


MS Log:
[root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to 
389AB894965
Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to 
A6D8289500D
Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to 
20327894942
Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 7 messages
Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 128844 bytes 
per second (8272398 / 64)
Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed in 
64.20 seconds
Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages 
waiting
Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 10 messages, 
169939 bytes
Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the 
SpamAssassin cache
Jan 30 23:40:04 mx1 named[2116]: lame server resolving 
'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
Jan 30 23:40:08 mx1 named[2116]: lame server resolving 
'21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): 194.70.36.12#53
Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 spam messages
Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 
bytes per second
Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content Scanning: Starting
Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at 
156861 bytes per second
Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from 
www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and 
have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from 
www-data@balancetechnology.com
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to 
6535E894D8C
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to 
DB04E894E55
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to 
0597D895371
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to 
0CB4B8953AD
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to 
AC1D989448D
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to 
A879089466A
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to 
80A7B894E67
Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 7 messages
Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at 
650569 bytes per second
Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes 
per second (86123 / 70)
Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) processed in 
70.85 seconds
Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 messages 
waiting
Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 10 messages, 
160591 bytes
[root@mx1 ~]#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: john.vcf
Type: text/x-vcard
Size: 241 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070131/c99fc5bd/john-0001.vcf
From brent.addis at pronet.co.nz  Wed Jan 31 07:38:01 2007
From: brent.addis at pronet.co.nz (Brent Addis)
Date: Wed Jan 31 06:45:58 2007
Subject: Performance
References: <45C03361.5040903@katy.com>
Message-ID: <7EF1F27F7292534D82933F70AB6996CC07AFA6@pro-ak-exch01.hosted.pronet.net.nz>

Are you sure you're only processing 7,500 (ish) messages per day? Your hardware configuration is exactly the same as my dev box, and can plow 25k messages through without too much issue. 70 seconds for a batch of 10 messages is fairly average, its not overly high. At that rate you should be able to do way more than 7,500 messages. However that huge backlog is fairly odd. Check your not using any large spamassasin rulesets (blacklist.cf comes to mind, its huge and slows things down a lot). Did all that mail come in at once or is it a trickle throughout the day? Doing things such as mounting the mailscanner spooldir in ram rather than on disk can speed things up a bit too. Is this happening on one machine, or multiple machines?


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info on behalf of John Schmerold
Sent: Wed 1/31/2007 7:12 PM
To: mailscanner@lists.mailscanner.info
Subject: Performance
 
We're seeing significant backlogs, mail is taking 2-6 hours to get thru 
the Postfix/Mailscanner gauntlet we've setup. What's everyone else 
seeing in terms of mail processing time?

I've looked at the home page & WIKI, so, I'm guessing I am missing 
something or there are new techniques not yet published on the 
mailscanner.info

Some of my statistics are as follows:
Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
Mail volume: approx 7,500 messages per day
Misc: We have set the noatime flag on spool and log partitions & use a 
local DNS caching nameserver.

MS Configuration:
[root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
# See http://www.mailscanner.info/MailScanner.conf.index.html for all 
options & defaults
%etc-dir% = /etc/MailScanner
%mcp-dir% = /etc/MailScanner/mcp
%org-long-name% = Schmerold
%org-name% = Schmerold
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%web-site% = www.schmerold.com

Always Include SpamAssassin Report = yes
Archive Mail = /etc/MailScanner/rules/archive.rules
High Scoring Spam Actions = store
High SpamAssassin Score = 7
Incoming Queue Dir = /var/spool/postfix/hold
Incoming Work Dir = /var/spool/MailScanner/incoming
Language Strings = /etc/MailScanner/reports/en/languages.conf
MTA = postfix
Outgoing Queue Dir = /var/spool/postfix/incoming
Required SpamAssassin Score = 4
Restart Every = 7200
Run As Group = postfix
Run As User = postfix
Sign Clean Messages = no
SpamAssassin Site Rules Dir = /etc/mail/spamassassin

Log Speed = yes
Max Children = 2
Max Unscanned Messages Per Scan = 10
Max Unsafe Messages Per Scan = 10
Spam List =
Virus Scanners = f-prot
[root@mx1 ~]#

PostFix Configuration:
[root@mx1 ~]# postconf -n
canonical_maps = hash:/etc/postfix/canonical
config_directory = /etc/postfix
disable_vrfy_command = yes
hash_queue_names = ""
header_checks = regexp:/etc/postfix/header_checks
masquerade_exceptions = root
message_size_limit = 51200000
mydomain = schmerold.com
myhostname = mx1.schmerold.com
mynetworks = 127.0.0.0/8 65.16.251.208/29
relay_domains = katy.com katy.net katycomputer.com  schmerold.com
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname 
reject_non_fqdn_hostname reject_non_fqdn_sender  
reject_non_fqdn_recipient  reject_unknown_sender_domain 
permit_mynetworks reject_unauth_destination check_sender_access 
hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org 
reject_rbl_client zen.spamhaus.org permit
smtpd_sender_restrictions = hash:/etc/postfix/access
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
[root@mx1 ~]#


MS Log:
[root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to 
389AB894965
Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to 
A6D8289500D
Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to 
20327894942
Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 7 messages
Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 128844 bytes 
per second (8272398 / 64)
Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed in 
64.20 seconds
Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages 
waiting
Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 10 messages, 
169939 bytes
Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the 
SpamAssassin cache
Jan 30 23:40:04 mx1 named[2116]: lame server resolving 
'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
Jan 30 23:40:08 mx1 named[2116]: lame server resolving 
'21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): 194.70.36.12#53
Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 spam messages
Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 
bytes per second
Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content Scanning: Starting
Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at 
156861 bytes per second
Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from 
www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and 
have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from 
www-data@balancetechnology.com
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to 
6535E894D8C
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to 
DB04E894E55
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to 
0597D895371
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to 
0CB4B8953AD
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to 
AC1D989448D
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to 
A879089466A
Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to 
80A7B894E67
Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 7 messages
Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at 
650569 bytes per second
Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes 
per second (86123 / 70)
Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) processed in 
70.85 seconds
Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 messages 
waiting
Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 10 messages, 
160591 bytes
[root@mx1 ~]#

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 5544 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070131/0abeab5b/attachment.bin
From email at ace.net.au  Wed Jan 31 07:57:33 2007
From: email at ace.net.au (Peter Nitschke)
Date: Wed Jan 31 07:01:09 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <001e01c744ea$955b67a0$920bbdcb@pmsi.net>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<200701260148020079.03ABA951@smtp1.ace.net.au>
	<001e01c744ea$955b67a0$920bbdcb@pmsi.net>
Message-ID: <200701311727330662.20C71937@smtp1.ace.net.au>

>From: "Peter Nitschke" <email@ace.net.au>
>To: <mailscanner@lists.mailscanner.info>
>Sent: Thursday, January 25, 2007 11:18 PM
>Subject: Re[2]: dcc,razor,pyzor on MS running centos4.4
>
>
>> On 25/01/2007 at 10:42 AM Glenn Steen wrote:
>>
>>>On 25/01/07, jepoy <jcb@dream.com.ph> wrote:
>>>>
>>>>
>>>> hi guys,
>>>>
>>>> just read about these things as plugins on spamassassin. how can i
>>>> incorporate them on my centos 4.4.
>>>>
>>>Start looking at (MAQ):
>>>http://wiki.mailscanner.info/doku.php?id=maq:index#spamassassin_plugins_a
nd
>> _bayes
>>>And also (wiki):
>>>http://wiki.mailscanner.info/doku.php?id=&idx=documentation:anti_spam:spa
ma
>> ssassin:plugins
>>
>> Is that stuff still current?  On my new Centos 4 setup I simply used
"yum
>> install perl-Razor-Agent pyzor DCC"
>>
>> The last 2 are from atrpms.net
>>
>> I then commented out the lines in spam.assassin.prefs.conf: (I got lint
>> errors if I left them in)
>> # pyzor path
>> # DCC path
>>
>> Last I made sure the relevant lines in v310.pre were uncommented.
>>
>> Bingo, instant razor, pyzor and DCC.
>>
>> Peter
>>
>hi peter,
>what repository did you use ? can you please send me the config on your
>yum 
>for me to download these plugins using yum.

See above - "The last 2 are from atrpms.net"  

[atrpms]
name=Red Hat Enterprise Linux 4 - i386 - ATrpms
baseurl=http://dl.atrpms.net/el4-i386/atrpms/stable
failovermethod=priority
enabled=1
protect=0

Razor is from the base repo.

Peter



From naolson at gmail.com  Wed Jan 31 08:18:35 2007
From: naolson at gmail.com (Nathan Olson)
Date: Wed Jan 31 07:21:54 2007
Subject: dcc,razor,pyzor on MS running centos4.4
In-Reply-To: <223f97700701270255l62d89c81w71453bfcf6b3ae6f@mail.gmail.com>
References: <01b101c7405f$12666640$920bbdcb@pmsi.net>
	<223f97700701250142x24f73cdeq46efeb90de783fa2@mail.gmail.com>
	<200701260148020079.03ABA951@smtp1.ace.net.au>
	<223f97700701250736l620c9967h586a8257282f1225@mail.gmail.com>
	<200701260237560115.03D958C4@smtp1.ace.net.au>
	<00d501c7419e$b6f1b300$920bbdcb@pmsi.net>
	<01a701c741c7$27d07a20$920bbdcb@pmsi.net>
	<223f97700701270255l62d89c81w71453bfcf6b3ae6f@mail.gmail.com>
Message-ID: <8f54b4330701302318k4ad70f1dh895d372480003593@mail.gmail.com>

> will these plugins help?

Razor is very effective (for us).
~300,000 envelopes/day (after RBLs) at a state university.

Nate
From leiw324 at yahoo.com.hk  Wed Jan 31 09:15:46 2007
From: leiw324 at yahoo.com.hk (Wilson Kwok)
Date: Wed Jan 31 08:19:04 2007
Subject: How to uninstall mailscanner
Message-ID: <479827.65526.qm@web54406.mail.yahoo.com>

Im using FC4,  MailScanner-4.53.8-1.rpm.tar.gz, spamassassin-3.0.6-1.fc4(FC4 default), clamav-0.88.4.tar.gz 
   
   
   
  Thanks



 _______________________________________
 YM - Â÷½u°T®§
 ´Nºâ§A¨S¦³¤Wºô¡A§AªºªB¤Í¤´¥i¥H¯d¤U°T®§µ¹§A¡A·í§A¤Wºô®É´N¯à¥ß§Y¬Ý¨ì¡A¥ô¦ó»¡¸Ü³£ÉN¨«¥¢¡C
 http://messenger.yahoo.com.hk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070131/60f2ea8d/attachment.html
From glenn.steen at gmail.com  Wed Jan 31 10:08:03 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 31 09:11:23 2007
Subject: New Beta 4.58.6 released
In-Reply-To: <45BFD212.6090204@rogers.com>
References: <45BCCF3B.8060608@ecs.soton.ac.uk> <45BD7919.1020009@rogers.com>
	<223f97700701290100i6e788e2gba57830a01a8e67b@mail.gmail.com>
	<45BFD212.6090204@rogers.com>
Message-ID: <223f97700701310108v134f0009r23829465ffd29b91@mail.gmail.com>

On 31/01/07, Mike Jakubik <mikej@rogers.com> wrote:
> Glenn Steen wrote:
> >
> > We aim at making "milter edited queue files" -> "a (new) normal queue
> > file".
> >
> > If you want my patches to look at beforehand, I can get them to you in
> > a blink:-). So far they've been tested by me and Nerijus Baliunas (who
> > is a brave soul and seems to be running them in production:-). They're
> > good for 2.3 with milters, not yet 2.4 with body editing milters.
>
> Thanks for the details Glenn. Am i correct in understanding that this
> will only affect users of milters?
>
Yes. Seems you don't have to have it actually "edit" anything though,
the p record "placeholders" will be added just by enabling it... Then
again, why would one have a milter that was in effect a "dummy":-).

Seems most people don't use the milter option in 2.3 in conjunction
with MailScanner, since we've had one (1) request in this area
(Nerijus:) for all the time 2.3 has eben around. Then again, there has
(as always) been a certain lag before distros picked up 2.3 so that
may change the numbers, and certainly 2.4 with full body replacement
milters will have an effect.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From martinh at solidstatelogic.com  Wed Jan 31 10:18:22 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 31 09:21:49 2007
Subject: Performance
In-Reply-To: <45C03361.5040903@katy.com>
Message-ID: <467cc6e65922054aa286ea40cfd4dfa6@solidstatelogic.com>

John

Eww - should be seeing 5-30 seconds per batch at that level..

Check you're not running ALL the RBL's...you can also put some timing
info into the logs so you can start to find out where delays are..

Log Speed = yes

As Brent said, are you running extra rules in /etc/mail/spamassassin and
if so any large ones (the bigevil family should NOT be used for
example).

Looks like you've got a massive backlog in the hold queue too...I
suggest you're doing more than 7,500 messages per day...do you drop
unknown addresses on the inbound (pre) MailScanner postfix??? You can
easily drop 50% of the traffic then and there using that technique.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of John Schmerold
> Sent: 31 January 2007 06:13
> To: mailscanner@lists.mailscanner.info
> Subject: Performance
>
> We're seeing significant backlogs, mail is taking 2-6 hours to get
thru
> the Postfix/Mailscanner gauntlet we've setup. What's everyone else
> seeing in terms of mail processing time?
>
> I've looked at the home page & WIKI, so, I'm guessing I am missing
> something or there are new techniques not yet published on the
> mailscanner.info
>
> Some of my statistics are as follows:
> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
> Mail volume: approx 7,500 messages per day
> Misc: We have set the noatime flag on spool and log partitions & use a
> local DNS caching nameserver.
>
> MS Configuration:
> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
> # See http://www.mailscanner.info/MailScanner.conf.index.html for all
> options & defaults
> %etc-dir% = /etc/MailScanner
> %mcp-dir% = /etc/MailScanner/mcp
> %org-long-name% = Schmerold
> %org-name% = Schmerold
> %report-dir% = /etc/MailScanner/reports/en
> %rules-dir% = /etc/MailScanner/rules
> %web-site% = www.schmerold.com
>
> Always Include SpamAssassin Report = yes
> Archive Mail = /etc/MailScanner/rules/archive.rules
> High Scoring Spam Actions = store
> High SpamAssassin Score = 7
> Incoming Queue Dir = /var/spool/postfix/hold
> Incoming Work Dir = /var/spool/MailScanner/incoming
> Language Strings = /etc/MailScanner/reports/en/languages.conf
> MTA = postfix
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Required SpamAssassin Score = 4
> Restart Every = 7200
> Run As Group = postfix
> Run As User = postfix
> Sign Clean Messages = no
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>
> Log Speed = yes
> Max Children = 2
> Max Unscanned Messages Per Scan = 10
> Max Unsafe Messages Per Scan = 10
> Spam List =
> Virus Scanners = f-prot
> [root@mx1 ~]#
>
> PostFix Configuration:
> [root@mx1 ~]# postconf -n
> canonical_maps = hash:/etc/postfix/canonical
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> hash_queue_names = ""
> header_checks = regexp:/etc/postfix/header_checks
> masquerade_exceptions = root
> message_size_limit = 51200000
> mydomain = schmerold.com
> myhostname = mx1.schmerold.com
> mynetworks = 127.0.0.0/8 65.16.251.208/29
> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_invalid_hostname
> reject_non_fqdn_hostname reject_non_fqdn_sender
> reject_non_fqdn_recipient  reject_unknown_sender_domain
> permit_mynetworks reject_unauth_destination check_sender_access
> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org
> reject_rbl_client zen.spamhaus.org permit
> smtpd_sender_restrictions = hash:/etc/postfix/access
> transport_maps = hash:/etc/postfix/transport
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual
> [root@mx1 ~]#
>
>
> MS Log:
> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to
> 389AB894965
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to
> A6D8289500D
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to
> 20327894942
> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 7
messages
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 128844
bytes
> per second (8272398 / 64)
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed
in
> 64.20 seconds
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages
> waiting
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 10
messages,
> 169939 bytes
> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the
> SpamAssassin cache
> Jan 30 23:40:04 mx1 named[2116]: lame server resolving
> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
> Jan 30 23:40:08 mx1 named[2116]: lame server resolving
> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?):
> 194.70.36.12#53
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 spam
messages
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227
> bytes per second
> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content Scanning:
> Starting
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at
> 156861 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from
> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and
> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from
> www-data@balancetechnology.com
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to
> 6535E894D8C
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to
> DB04E894E55
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to
> 0597D895371
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to
> 0CB4B8953AD
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to
> AC1D989448D
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to
> A879089466A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to
> 80A7B894E67
> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 7
messages
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at
> 650569 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes
> per second (86123 / 70)
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) processed
in
> 70.85 seconds
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 messages
> waiting
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 10
messages,
> 160591 bytes
> [root@mx1 ~]#




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From martinh at solidstatelogic.com  Wed Jan 31 10:29:10 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 31 09:32:47 2007
Subject: Performance
In-Reply-To: <45C03361.5040903@katy.com>
Message-ID: <9d2d5d683586b64faa524db30012bfa3@solidstatelogic.com>

John

> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed
in
> 64.20 seconds

So MailScanner is running at a reasonable speed.....



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of John Schmerold
> Sent: 31 January 2007 06:13
> To: mailscanner@lists.mailscanner.info
> Subject: Performance
>
> We're seeing significant backlogs, mail is taking 2-6 hours to get
thru
> the Postfix/Mailscanner gauntlet we've setup. What's everyone else
> seeing in terms of mail processing time?
>
> I've looked at the home page & WIKI, so, I'm guessing I am missing
> something or there are new techniques not yet published on the
> mailscanner.info
>
> Some of my statistics are as follows:
> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
> Mail volume: approx 7,500 messages per day
> Misc: We have set the noatime flag on spool and log partitions & use a
> local DNS caching nameserver.
>
> MS Configuration:
> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
> # See http://www.mailscanner.info/MailScanner.conf.index.html for all
> options & defaults
> %etc-dir% = /etc/MailScanner
> %mcp-dir% = /etc/MailScanner/mcp
> %org-long-name% = Schmerold
> %org-name% = Schmerold
> %report-dir% = /etc/MailScanner/reports/en
> %rules-dir% = /etc/MailScanner/rules
> %web-site% = www.schmerold.com
>
> Always Include SpamAssassin Report = yes
> Archive Mail = /etc/MailScanner/rules/archive.rules
> High Scoring Spam Actions = store
> High SpamAssassin Score = 7
> Incoming Queue Dir = /var/spool/postfix/hold
> Incoming Work Dir = /var/spool/MailScanner/incoming
> Language Strings = /etc/MailScanner/reports/en/languages.conf
> MTA = postfix
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Required SpamAssassin Score = 4
> Restart Every = 7200
> Run As Group = postfix
> Run As User = postfix
> Sign Clean Messages = no
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>
> Log Speed = yes
> Max Children = 2
> Max Unscanned Messages Per Scan = 10
> Max Unsafe Messages Per Scan = 10
> Spam List =
> Virus Scanners = f-prot
> [root@mx1 ~]#
>
> PostFix Configuration:
> [root@mx1 ~]# postconf -n
> canonical_maps = hash:/etc/postfix/canonical
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> hash_queue_names = ""
> header_checks = regexp:/etc/postfix/header_checks
> masquerade_exceptions = root
> message_size_limit = 51200000
> mydomain = schmerold.com
> myhostname = mx1.schmerold.com
> mynetworks = 127.0.0.0/8 65.16.251.208/29
> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_invalid_hostname
> reject_non_fqdn_hostname reject_non_fqdn_sender
> reject_non_fqdn_recipient  reject_unknown_sender_domain
> permit_mynetworks reject_unauth_destination check_sender_access
> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org
> reject_rbl_client zen.spamhaus.org permit
> smtpd_sender_restrictions = hash:/etc/postfix/access
> transport_maps = hash:/etc/postfix/transport
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual
> [root@mx1 ~]#
>
>
> MS Log:
> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to
> 389AB894965
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to
> A6D8289500D
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to
> 20327894942
> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 7
messages
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 128844
bytes
> per second (8272398 / 64)
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed
in
> 64.20 seconds
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages
> waiting
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 10
messages,
> 169939 bytes
> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the
> SpamAssassin cache
> Jan 30 23:40:04 mx1 named[2116]: lame server resolving
> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
> Jan 30 23:40:08 mx1 named[2116]: lame server resolving
> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?):
> 194.70.36.12#53
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 spam
messages
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227
> bytes per second
> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content Scanning:
> Starting
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at
> 156861 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from
> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and
> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from
> www-data@balancetechnology.com
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to
> 6535E894D8C
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to
> DB04E894E55
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to
> 0597D895371
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to
> 0CB4B8953AD
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to
> AC1D989448D
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to
> A879089466A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to
> 80A7B894E67
> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 7
messages
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at
> 650569 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes
> per second (86123 / 70)
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) processed
in
> 70.85 seconds
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 messages
> waiting
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 10
messages,
> 160591 bytes
> [root@mx1 ~]#




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From glenn.steen at gmail.com  Wed Jan 31 10:35:24 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 31 09:38:43 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>
	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
Message-ID: <223f97700701310135y32701200h472f5906a3e3904a@mail.gmail.com>

On 30/01/07, Res <res@ausics.net> wrote:
> On Tue, 30 Jan 2007, Randal, Phil wrote:
>
> >> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
> >> an absolute "no" to qmail.
>
> who voted no to qmail? It in fact the best for virtual domains.
>
> If I wasnt voted in for sendmail, chuck me in now :)
>
>
> > It takes a while to get used to
>
> This is the biggest thing, it is very very configurable and that scares
> those who dont know it.

This is actually true for all of Exim, Sendmail and Postfix... When
you scratch the surface, there be dragons:-).

> I liken Sendmail to a console user and postfix as the gui user

Well, To use your analogy... Sendmail has mutated (slooowly) from a
"homegrown piece of crap CUI, that you constantly have to tinker with,
or wave chicken wings at" to "a rather well functioning newt-based
CUI, with convenient commands and fileformats if one don't want it"...
Modern Sendmail isn't at all as horrid as it used to be when I used to
use it:-):-). And I actually still use Sendmail on systems that come
preloaded with it... Why bother changing that on a DB server (or
similar)?

I suspect you mean that Postfix is "inflexible, but streamlined", by
the GUI reference? Can't really say I agree;-). More like it was that
nice CUI with options from the start:-D.

But this is neither here nor there. The MTAs in question are very well
come together, all told. You have your view on the matter, I have
mine, and we can certainly agree to disagree, as we have in the
past;-).

Note to the casual reader: The analogy above doesn't imply any use of
a configuration tool aside from an editor, it is after all just an
analogy;-).

> /me ducks from Glenn
As well you should:-)

It's a bit fun to be perceived as such an advocate for PF. Sure, it is
what I use, and prefer,  now... And "the devil one knows best" is
usually the one to go with (would be a huge investment in time to
switch to Exim, for example, simply because I'd need to start from
scratch... again... I like to know my MTAs well:-)... But if there
would arise a situation where, for some strange reason, Postfix would
not be a viable option for MailScanner... Well then I'd certainly have
no problem moving to either of the other candidates.

This whole discussion reminds me a lot of the old "Which OS is
best"... The answers: "Any". "None". "Doesn't matter as much as you'd
think". "Which OS do you know?". "They can basically be taught to do
anything"... :-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From holger at gebhardweb.de  Wed Jan 31 10:36:47 2007
From: holger at gebhardweb.de (Holger Gebhard)
Date: Wed Jan 31 09:40:21 2007
Subject: Performance
References: <45C03361.5040903@katy.com>
Message-ID: <01b901c7451b$542e9140$0164320a@pcconhg203>

Change "Max Children =" to 4 or 5...

Only two Children are very low for your Hardware Setup ;-)

----- Original Message ----- 
From: "John Schmerold" <john@katy.com>
To: <mailscanner@lists.mailscanner.info>
Sent: Wednesday, January 31, 2007 7:12 AM
Subject: Performance


> We're seeing significant backlogs, mail is taking 2-6 hours to get thru
> the Postfix/Mailscanner gauntlet we've setup. What's everyone else
> seeing in terms of mail processing time?
>
> I've looked at the home page & WIKI, so, I'm guessing I am missing
> something or there are new techniques not yet published on the
> mailscanner.info
>
> Some of my statistics are as follows:
> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
> Mail volume: approx 7,500 messages per day
> Misc: We have set the noatime flag on spool and log partitions & use a
> local DNS caching nameserver.
>
> MS Configuration:
> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
> # See http://www.mailscanner.info/MailScanner.conf.index.html for all
> options & defaults
> %etc-dir% = /etc/MailScanner
> %mcp-dir% = /etc/MailScanner/mcp
> %org-long-name% = Schmerold
> %org-name% = Schmerold
> %report-dir% = /etc/MailScanner/reports/en
> %rules-dir% = /etc/MailScanner/rules
> %web-site% = www.schmerold.com
>
> Always Include SpamAssassin Report = yes
> Archive Mail = /etc/MailScanner/rules/archive.rules
> High Scoring Spam Actions = store
> High SpamAssassin Score = 7
> Incoming Queue Dir = /var/spool/postfix/hold
> Incoming Work Dir = /var/spool/MailScanner/incoming
> Language Strings = /etc/MailScanner/reports/en/languages.conf
> MTA = postfix
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Required SpamAssassin Score = 4
> Restart Every = 7200
> Run As Group = postfix
> Run As User = postfix
> Sign Clean Messages = no
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>
> Log Speed = yes
> Max Children = 2
> Max Unscanned Messages Per Scan = 10
> Max Unsafe Messages Per Scan = 10
> Spam List =
> Virus Scanners = f-prot
> [root@mx1 ~]#
>
> PostFix Configuration:
> [root@mx1 ~]# postconf -n
> canonical_maps = hash:/etc/postfix/canonical
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> hash_queue_names = ""
> header_checks = regexp:/etc/postfix/header_checks
> masquerade_exceptions = root
> message_size_limit = 51200000
> mydomain = schmerold.com
> myhostname = mx1.schmerold.com
> mynetworks = 127.0.0.0/8 65.16.251.208/29
> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_invalid_hostname
> reject_non_fqdn_hostname reject_non_fqdn_sender
> reject_non_fqdn_recipient  reject_unknown_sender_domain
> permit_mynetworks reject_unauth_destination check_sender_access
> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org
> reject_rbl_client zen.spamhaus.org permit
> smtpd_sender_restrictions = hash:/etc/postfix/access
> transport_maps = hash:/etc/postfix/transport
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual
> [root@mx1 ~]#
>
>
> MS Log:
> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to
> 389AB894965
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to
> A6D8289500D
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to
> 20327894942
> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 7 messages
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 128844 bytes
> per second (8272398 / 64)
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed in
> 64.20 seconds
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages
> waiting
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 10 messages,
> 169939 bytes
> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the
> SpamAssassin cache
> Jan 30 23:40:04 mx1 named[2116]: lame server resolving
> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
> Jan 30 23:40:08 mx1 named[2116]: lame server resolving
> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): 
> 194.70.36.12#53
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 spam messages
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227
> bytes per second
> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content Scanning: 
> Starting
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at
> 156861 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from
> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and
> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from
> www-data@balancetechnology.com
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to
> 6535E894D8C
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to
> DB04E894E55
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to
> 0597D895371
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to
> 0CB4B8953AD
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to
> AC1D989448D
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to
> A879089466A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to
> 80A7B894E67
> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 7 messages
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at
> 650569 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes
> per second (86123 / 70)
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) processed in
> 70.85 seconds
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 messages
> waiting
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 10 messages,
> 160591 bytes
> [root@mx1 ~]#
>


--------------------------------------------------------------------------------


> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> 

From glenn.steen at gmail.com  Wed Jan 31 11:15:14 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 31 10:18:34 2007
Subject: Performance
In-Reply-To: <45C03361.5040903@katy.com>
References: <45C03361.5040903@katy.com>
Message-ID: <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com>

On 31/01/07, John Schmerold <john@katy.com> wrote:
> We're seeing significant backlogs, mail is taking 2-6 hours to get thru
> the Postfix/Mailscanner gauntlet we've setup. What's everyone else
> seeing in terms of mail processing time?
>
> I've looked at the home page & WIKI, so, I'm guessing I am missing
> something or there are new techniques not yet published on the
> mailscanner.info
>
> Some of my statistics are as follows:
> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
> Mail volume: approx 7,500 messages per day
> Misc: We have set the noatime flag on spool and log partitions & use a
> local DNS caching nameserver.

This should be able to cope well...
(snip)

> PostFix Configuration:
> [root@mx1 ~]# postconf -n
> canonical_maps = hash:/etc/postfix/canonical
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> hash_queue_names = ""
> header_checks = regexp:/etc/postfix/header_checks
> masquerade_exceptions = root
> message_size_limit = 51200000
> mydomain = schmerold.com
> myhostname = mx1.schmerold.com
> mynetworks = 127.0.0.0/8 65.16.251.208/29
> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
Why is there no "companion" relay_recipient_maps? You should reject
unknown recipients.

> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
Here you should perhaps have a
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/deny_domain_spoof
Where the deny_domain_spoof is simply an access file detailing the
domains and IP addresses you relay for like "katy.com REJECT". Will be
perfectly safe to use.

> smtpd_recipient_restrictions = reject_invalid_hostname
> reject_non_fqdn_hostname reject_non_fqdn_sender
> reject_non_fqdn_recipient  reject_unknown_sender_domain
> permit_mynetworks reject_unauth_destination check_sender_access
> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org
> reject_rbl_client zen.spamhaus.org permit
> smtpd_sender_restrictions = hash:/etc/postfix/access
> transport_maps = hash:/etc/postfix/transport
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual
> [root@mx1 ~]#
>
>
> MS Log:
> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to
> 389AB894965
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to
> A6D8289500D
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to
> 20327894942
> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 7 messages
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 128844 bytes
> per second (8272398 / 64)
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed in
> 64.20 seconds
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages
> waiting
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 10 messages,
> 169939 bytes
> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the
> SpamAssassin cache
> Jan 30 23:40:04 mx1 named[2116]: lame server resolving
> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
> Jan 30 23:40:08 mx1 named[2116]: lame server resolving
> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): 194.70.36.12#53
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 spam messages
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227
> bytes per second
> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content Scanning: Starting
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at
> 156861 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from
> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and
> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from
> www-data@balancetechnology.com
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to
> 6535E894D8C
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to
> DB04E894E55
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to
> 0597D895371
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to
> 0CB4B8953AD
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to
> AC1D989448D
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to
> A879089466A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to
> 80A7B894E67
> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 7 messages
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at
> 650569 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes
> per second (86123 / 70)
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) processed in
> 70.85 seconds
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 messages
> waiting
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 10 messages,
> 160591 bytes
> [root@mx1 ~]#

In this snippet of log we see a lot of requeueing, but no actual
deliveries. Are we to assume that they happen as expected? Most
messages seem to be on HOLD, so ... that is probably nothing.

What does pflogsumm (or similar tool) have to say about the last day
or so? Did all these messages just "plonk" in at approximately the
same time?
Approximately 10 messages/minute would make for somewhere around 14K
messages/day, which isn't that good, but not horrendous either... and
it should be able to keep up, unless you have extremely bursty
traffic.
Are all these adressed to the domains in question?
If you run a message through SA, to get the network tests, do you see
any ... noticeable ... lag anywhere? Any of the digest checks perhaps?

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From steve.freegard at fsl.com  Wed Jan 31 11:47:56 2007
From: steve.freegard at fsl.com (Steve Freegard)
Date: Wed Jan 31 10:51:32 2007
Subject: Performance
In-Reply-To: <45C03361.5040903@katy.com>
References: <45C03361.5040903@katy.com>
Message-ID: <45C073DC.7050708@fsl.com>

Hi John,


John Schmerold wrote:
> We're seeing significant backlogs, mail is taking 2-6 hours to get thru 
> the Postfix/Mailscanner gauntlet we've setup. What's everyone else 
> seeing in terms of mail processing time?

As long as you have a sub 10 second time per message (Time of Batch / 
Batch Size), then generally things are OK.

> I've looked at the home page & WIKI, so, I'm guessing I am missing 
> something or there are new techniques not yet published on the 
> mailscanner.info
> 
> Some of my statistics are as follows:
> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
> Mail volume: approx 7,500 messages per day
> Misc: We have set the noatime flag on spool and log partitions & use a 
> local DNS caching nameserver.

Okay - do you also have /var/spool/MailScanner/incoming on tmpfs?

You don't mention your which OS you are running - if it is a RedHat 
Clone then you can set:

TMPDIR=/dev/shm
export TMPDIR

In the MailScanner initscript, which will give a small speed-up to 
SpamAssassin which will create all of it's temporary files in tmpfs as well.

> Max Children = 2

This is too low for your hardware, this should be set to 5.

> Max Unscanned Messages Per Scan = 10
> Max Unsafe Messages Per Scan = 10

These are too low also, I would set these to at least 30.  You need a 
batch size that is equal to the number of messages that could come into 
your system on average at any one time within the queue scan interval 
for maximum efficiency.

> PostFix Configuration:

> smtpd_recipient_restrictions = reject_invalid_hostname 
> reject_non_fqdn_hostname reject_non_fqdn_sender  
> reject_non_fqdn_recipient  reject_unknown_sender_domain 
> permit_mynetworks reject_unauth_destination check_sender_access 
> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org 
> reject_rbl_client zen.spamhaus.org permit

Why are you checking cbl.abuseat.org and zen.spamhaus.org? - drop the 
CBL and use Zen only as it includes all the CBL data anyway.  You could 
also add list.dsbl.org too as this catches a few compromised systems 
that Zen misses here.

As you have a large backlog anyway - I suggest that you put some more 
radical configuration into Postfix so that it doesn't get any worse.

This requires Postfix 2.3 or newer:

# This is required apparently.
smtpd_delay_reject=no

# Introduce a Sendmail equivalent GreetPause
# Use /etc/postfix/nodelay_clients as a whitelist
smtpd_client_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  check_client_access hash:/etc/postfix/nodelay_clients
  sleep 4
  reject_unauth_pipelining

# Catch the systems that honour GreetPause only
# to start PIPELINING without waiting for EHLO.
# To be properly effective a multi-line greeting
# banner is *required* (patch required for Postfix).
smtpd_helo_restrictions =
  sleep 1
  reject_unauth_pipelining

> MS Log:
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed in 
> 64.20 seconds

6.42 average per message - this looks fine.

If you are running Pyzor, disable it and you'll find this will drop this 
figure even further.

> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages 
> waiting

Based on 5 children - this will take 6215.73 seconds to process all of 
these messages (1.7 hours).

Hope this helps.

Kind regards,
Steve.
From prandal at herefordshire.gov.uk  Wed Jan 31 12:21:30 2007
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Wed Jan 31 11:25:58 2007
Subject: Performance
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk>

Max Children = 2
Max Unscanned Messages Per Scan = 10
Max Unsafe Messages Per Scan = 10

These seem a bit on the low side to me.

The defaults are:

Max Children = 5
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30

Any reason why you so drastically changed them downwards?

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of John Schmerold
> Sent: 31 January 2007 06:13
> To: mailscanner@lists.mailscanner.info
> Subject: Performance
> 
> We're seeing significant backlogs, mail is taking 2-6 hours 
> to get thru 
> the Postfix/Mailscanner gauntlet we've setup. What's everyone else 
> seeing in terms of mail processing time?
> 
> I've looked at the home page & WIKI, so, I'm guessing I am missing 
> something or there are new techniques not yet published on the 
> mailscanner.info
> 
> Some of my statistics are as follows:
> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
> Mail volume: approx 7,500 messages per day
> Misc: We have set the noatime flag on spool and log 
> partitions & use a 
> local DNS caching nameserver.
> 
> MS Configuration:
> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
> # See http://www.mailscanner.info/MailScanner.conf.index.html for all 
> options & defaults
> %etc-dir% = /etc/MailScanner
> %mcp-dir% = /etc/MailScanner/mcp
> %org-long-name% = Schmerold
> %org-name% = Schmerold
> %report-dir% = /etc/MailScanner/reports/en
> %rules-dir% = /etc/MailScanner/rules
> %web-site% = www.schmerold.com
> 
> Always Include SpamAssassin Report = yes
> Archive Mail = /etc/MailScanner/rules/archive.rules
> High Scoring Spam Actions = store
> High SpamAssassin Score = 7
> Incoming Queue Dir = /var/spool/postfix/hold
> Incoming Work Dir = /var/spool/MailScanner/incoming
> Language Strings = /etc/MailScanner/reports/en/languages.conf
> MTA = postfix
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Required SpamAssassin Score = 4
> Restart Every = 7200
> Run As Group = postfix
> Run As User = postfix
> Sign Clean Messages = no
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
> 
> Log Speed = yes
> Max Children = 2
> Max Unscanned Messages Per Scan = 10
> Max Unsafe Messages Per Scan = 10
> Spam List =
> Virus Scanners = f-prot
> [root@mx1 ~]#
> 
> PostFix Configuration:
> [root@mx1 ~]# postconf -n
> canonical_maps = hash:/etc/postfix/canonical
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> hash_queue_names = ""
> header_checks = regexp:/etc/postfix/header_checks
> masquerade_exceptions = root
> message_size_limit = 51200000
> mydomain = schmerold.com
> myhostname = mx1.schmerold.com
> mynetworks = 127.0.0.0/8 65.16.251.208/29
> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_invalid_hostname 
> reject_non_fqdn_hostname reject_non_fqdn_sender  
> reject_non_fqdn_recipient  reject_unknown_sender_domain 
> permit_mynetworks reject_unauth_destination check_sender_access 
> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org 
> reject_rbl_client zen.spamhaus.org permit
> smtpd_sender_restrictions = hash:/etc/postfix/access
> transport_maps = hash:/etc/postfix/transport
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual
> [root@mx1 ~]#
> 
> 
> MS Log:
> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to 
> 389AB894965
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to 
> A6D8289500D
> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to 
> 20327894942
> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 
> 7 messages
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 
> 128844 bytes 
> per second (8272398 / 64)
> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) 
> processed in 
> 64.20 seconds
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 
> messages 
> waiting
> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 
> 10 messages, 
> 169939 bytes
> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the 
> SpamAssassin cache
> Jan 30 23:40:04 mx1 named[2116]: lame server resolving 
> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
> Jan 30 23:40:08 mx1 named[2116]: lame server resolving 
> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): 
> 194.70.36.12#53
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 
> spam messages
> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 
> bytes per second
> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content 
> Scanning: Starting
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at 
> 156861 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from 
> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and 
> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from 
> www-data@balancetechnology.com
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to 
> 6535E894D8C
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to 
> DB04E894E55
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to 
> 0597D895371
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to 
> 0CB4B8953AD
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to 
> AC1D989448D
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to 
> A879089466A
> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to 
> 80A7B894E67
> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 
> 7 messages
> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at 
> 650569 bytes per second
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes 
> per second (86123 / 70)
> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) 
> processed in 
> 70.85 seconds
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 
> messages 
> waiting
> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 
> 10 messages, 
> 160591 bytes
> [root@mx1 ~]#
> 
From MailScanner at ecs.soton.ac.uk  Wed Jan 31 12:37:26 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 11:44:02 2007
Subject: Performance
In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk>
Message-ID: <45C07F76.5050409@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just a quick note of info:

When asking users for settings like this, a very useful command is
MailScanner -changed
which will list all the configuration options that have been changed 
from their supplied defaults.
You might want to do
MailScanner -changed | grep -v reports
to strip out all the report directories.

Just thought you might like to know this one.

Randal, Phil wrote:
> Max Children = 2
> Max Unscanned Messages Per Scan = 10
> Max Unsafe Messages Per Scan = 10
>
> These seem a bit on the low side to me.
>
> The defaults are:
>
> Max Children = 5
> Max Unscanned Messages Per Scan = 30
> Max Unsafe Messages Per Scan = 30
>
> Any reason why you so drastically changed them downwards?
>
> Phil
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK  
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info 
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
>> Of John Schmerold
>> Sent: 31 January 2007 06:13
>> To: mailscanner@lists.mailscanner.info
>> Subject: Performance
>>
>> We're seeing significant backlogs, mail is taking 2-6 hours 
>> to get thru 
>> the Postfix/Mailscanner gauntlet we've setup. What's everyone else 
>> seeing in terms of mail processing time?
>>
>> I've looked at the home page & WIKI, so, I'm guessing I am missing 
>> something or there are new techniques not yet published on the 
>> mailscanner.info
>>
>> Some of my statistics are as follows:
>> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
>> Mail volume: approx 7,500 messages per day
>> Misc: We have set the noatime flag on spool and log 
>> partitions & use a 
>> local DNS caching nameserver.
>>
>> MS Configuration:
>> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
>> # See http://www.mailscanner.info/MailScanner.conf.index.html for all 
>> options & defaults
>> %etc-dir% = /etc/MailScanner
>> %mcp-dir% = /etc/MailScanner/mcp
>> %org-long-name% = Schmerold
>> %org-name% = Schmerold
>> %report-dir% = /etc/MailScanner/reports/en
>> %rules-dir% = /etc/MailScanner/rules
>> %web-site% = www.schmerold.com
>>
>> Always Include SpamAssassin Report = yes
>> Archive Mail = /etc/MailScanner/rules/archive.rules
>> High Scoring Spam Actions = store
>> High SpamAssassin Score = 7
>> Incoming Queue Dir = /var/spool/postfix/hold
>> Incoming Work Dir = /var/spool/MailScanner/incoming
>> Language Strings = /etc/MailScanner/reports/en/languages.conf
>> MTA = postfix
>> Outgoing Queue Dir = /var/spool/postfix/incoming
>> Required SpamAssassin Score = 4
>> Restart Every = 7200
>> Run As Group = postfix
>> Run As User = postfix
>> Sign Clean Messages = no
>> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>>
>> Log Speed = yes
>> Max Children = 2
>> Max Unscanned Messages Per Scan = 10
>> Max Unsafe Messages Per Scan = 10
>> Spam List =
>> Virus Scanners = f-prot
>> [root@mx1 ~]#
>>
>> PostFix Configuration:
>> [root@mx1 ~]# postconf -n
>> canonical_maps = hash:/etc/postfix/canonical
>> config_directory = /etc/postfix
>> disable_vrfy_command = yes
>> hash_queue_names = ""
>> header_checks = regexp:/etc/postfix/header_checks
>> masquerade_exceptions = root
>> message_size_limit = 51200000
>> mydomain = schmerold.com
>> myhostname = mx1.schmerold.com
>> mynetworks = 127.0.0.0/8 65.16.251.208/29
>> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
>> smtpd_data_restrictions = reject_unauth_pipelining, permit
>> smtpd_helo_required = yes
>> smtpd_recipient_restrictions = reject_invalid_hostname 
>> reject_non_fqdn_hostname reject_non_fqdn_sender  
>> reject_non_fqdn_recipient  reject_unknown_sender_domain 
>> permit_mynetworks reject_unauth_destination check_sender_access 
>> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org 
>> reject_rbl_client zen.spamhaus.org permit
>> smtpd_sender_restrictions = hash:/etc/postfix/access
>> transport_maps = hash:/etc/postfix/transport
>> virtual_alias_domains = hash:/etc/postfix/virtual
>> virtual_alias_maps = hash:/etc/postfix/virtual
>> [root@mx1 ~]#
>>
>>
>> MS Log:
>> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to 
>> 389AB894965
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to 
>> A6D8289500D
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to 
>> 20327894942
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 
>> 7 messages
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 
>> 128844 bytes 
>> per second (8272398 / 64)
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) 
>> processed in 
>> 64.20 seconds
>> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 
>> messages 
>> waiting
>> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 
>> 10 messages, 
>> 169939 bytes
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the 
>> SpamAssassin cache
>> Jan 30 23:40:04 mx1 named[2116]: lame server resolving 
>> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
>> Jan 30 23:40:08 mx1 named[2116]: lame server resolving 
>> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): 
>> 194.70.36.12#53
>> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 
>> spam messages
>> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227 
>> bytes per second
>> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content 
>> Scanning: Starting
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at 
>> 156861 bytes per second
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from 
>> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and 
>> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from 
>> www-data@balancetechnology.com
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to 
>> 6535E894D8C
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to 
>> DB04E894E55
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to 
>> 0597D895371
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to 
>> 0CB4B8953AD
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to 
>> AC1D989448D
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to 
>> A879089466A
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to 
>> 80A7B894E67
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 
>> 7 messages
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at 
>> 650569 bytes per second
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes 
>> per second (86123 / 70)
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) 
>> processed in 
>> 70.85 seconds
>> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 
>> messages 
>> waiting
>> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 
>> 10 messages, 
>> 160591 bytes
>> [root@mx1 ~]#
>>
>>     

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFwIAkEfZZRxQVtlQRAnusAJ0fndDGEiez6STf9Dot7dOPX86wIgCgzQG6
IZOU3csDOx5HSYsTeJohzpE=
=GDYn
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From micoots at yahoo.com  Wed Jan 31 12:56:21 2007
From: micoots at yahoo.com (Michael Mansour)
Date: Wed Jan 31 11:59:41 2007
Subject: Enable MCP Bounce, no such thing?
Message-ID: <770483.43283.qm@web33311.mail.mud.yahoo.com>

Hi,

I'm using mailscanner-4.57.6-1

In MailScanner.conf, there's an option:

Enable Spam Bounce 

which allows the bouncing of email to the sender. I'm after this option not for Spam, but for MCP.

The closest I find in MailScanner.conf is:

Bounce MCP As Attachment = yes

but this doesn't work ie. no bounce is sent.

I was expecting an equivalent MCP command like:

Enable MCP Bounce

based on the similarities between the Spam and MCP command set, but no such command exists.

So my question is, if a message is MCP or high scoring MCP and I delete it, how do I organise to notify the sender that their message has been blocked - which is explained in these options:

Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt

Thanks.

Michael.




Send instant messages to your online friends http://au.messenger.yahoo.com 
From MailScanner at ecs.soton.ac.uk  Wed Jan 31 13:00:42 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 12:04:30 2007
Subject: Performance
In-Reply-To: <45C073DC.7050708@fsl.com>
References: <45C03361.5040903@katy.com> <45C073DC.7050708@fsl.com>
Message-ID: <45C084EA.1030304@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Freegard wrote:
> You don't mention your which OS you are running - if it is a RedHat 
> Clone then you can set:
>
> TMPDIR=/dev/shm
> export TMPDIR
What's the best way of adding this to the init.d script? (or 
check_mailscanner)
If /dev/shm exists will it always be used as a tmpfs dir? It would be 
simpler than remounting /tmp, which most users don't do. Personally I 
think /tmp should always be tmpfs, like Solaris does.

So just this:

if [ -d /dev/shm ]; then
    TMPDIR=/dev/shm
    export TMPDIR
fi

in check_MailScanner should do the trick nicely, shouldn't it?
The init.d scripts call check_MailScanner, so there's only 1 place to be 
modified.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: UTF-8

wj8DBQFFwITvEfZZRxQVtlQRAihEAJ9tNfJtFzSSTo514os9dm3nukoiigCfavz2
KyFgtAaVIMWVNz+5S6oS4ck=
=wMk9
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From evanderleun at hal9000.nl  Wed Jan 31 13:04:36 2007
From: evanderleun at hal9000.nl (Erik van der Leun)
Date: Wed Jan 31 12:07:54 2007
Subject: MailScanner -changed
In-Reply-To: <45C07F76.5050409@ecs.soton.ac.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk>
	<45C07F76.5050409@ecs.soton.ac.uk>
Message-ID: <45C085D4.80402@hal9000.nl>

Hi folks,

I hope this question isn't too mindless of me...
Within the first minute I couldn't find a more plausable explanation 
than a glitch in the *MailScanner -changed* output...

the one that popped up in my mind as I read the output of
MailScanner -changed and noticed that the default MailScanner version 
claimed to be 1.0.0

clavius ~ # MailScanner -changed | grep version
mailscannerversionnumber           1.0.0          4.56.8
clavius ~ #

Is there any logic in this at all? or just something that's never fixed?

It's hardly of any importance, but I found this still worth it to bug 
you people with >:-)
(my apologies for this, but I find the project serious enough to discuss 
all details :> )

Kind regards,
Erik van der Leun



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070131/100a1997/attachment.html
From MailScanner at ecs.soton.ac.uk  Wed Jan 31 13:19:06 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 12:25:02 2007
Subject: Enable MCP Bounce, no such thing?
In-Reply-To: <770483.43283.qm@web33311.mail.mud.yahoo.com>
References: <770483.43283.qm@web33311.mail.mud.yahoo.com>
Message-ID: <45C0893A.1020801@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a feeling I decided there wasn't a use for such an option and 
didn't implement it.

Michael Mansour wrote:
> Hi,
>
> I'm using mailscanner-4.57.6-1
>
> In MailScanner.conf, there's an option:
>
> Enable Spam Bounce 
>
> which allows the bouncing of email to the sender. I'm after this option not for Spam, but for MCP.
>
> The closest I find in MailScanner.conf is:
>
> Bounce MCP As Attachment = yes
>
> but this doesn't work ie. no bounce is sent.
>
> I was expecting an equivalent MCP command like:
>
> Enable MCP Bounce
>
> based on the similarities between the Spam and MCP command set, but no such command exists.
>
> So my question is, if a message is MCP or high scoring MCP and I delete it, how do I organise to notify the sender that their message has been blocked - which is explained in these options:
>
> Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
> Sender MCP Report = %report-dir%/sender.mcp.report.txt
>
> Thanks.
>
> Michael.
>
>
>
>
> Send instant messages to your online friends http://au.messenger.yahoo.com 
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFwImHEfZZRxQVtlQRAkkWAJ9LWziks3jD+ovVfnQosZIDOjRK6wCgrQat
wniBs4U7ry6VByvBC1m4y2g=
=OVAg
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Wed Jan 31 13:22:54 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 12:29:59 2007
Subject: MailScanner -changed
In-Reply-To: <45C085D4.80402@hal9000.nl>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FF289@isabella.herefordshire.gov.uk>	<45C07F76.5050409@ecs.soton.ac.uk>
	<45C085D4.80402@hal9000.nl>
Message-ID: <45C08A1E.7030904@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Erik van der Leun wrote:
> Hi folks,
>
> I hope this question isn't too mindless of me...
> Within the first minute I couldn't find a more plausable explanation 
> than a glitch in the *MailScanner -changed* output...
>
> the one that popped up in my mind as I read the output of
> MailScanner -changed and noticed that the default MailScanner version 
> claimed to be 1.0.0
>
> clavius ~ # MailScanner -changed | grep version
> mailscannerversionnumber           1.0.0          4.56.8
> clavius ~ #
>
> Is there any logic in this at all? or just something that's never fixed?
It's not a bug, it's just that this is all based out of the 
ConfigDefs.pl file, which has the internal default values for 
everything. If you don't specify a "MailScanner Version Number =" value 
in MailScanner.conf, this is the value it will use. I didn't see any 
point in writing yet more code to handle it as a special case. And I 
didn't see any point in making the build scripts yet more complicated so 
they can set this value to the current version number. It's just there 
to make sure you don't use a MailScanner.conf for 4.58 on 4.57 for example.

>
> It's hardly of any importance, but I found this still worth it to bug 
> you people with >:-)
> (my apologies for this, but I find the project serious enough to 
> discuss all details :> )
>
> Kind regards,
> Erik van der Leun
>
>
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFwIqwEfZZRxQVtlQRArl9AKC4sMXu+gfcsIcvjpAig74aWj7OYQCgiuvu
xR85BO6guIJCfc5gBvek87o=
=xxSc
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From john at katy.com  Wed Jan 31 15:21:07 2007
From: john at katy.com (John Schmerold)
Date: Wed Jan 31 14:24:32 2007
Subject: Performance
In-Reply-To: <467cc6e65922054aa286ea40cfd4dfa6@solidstatelogic.com>
References: <467cc6e65922054aa286ea40cfd4dfa6@solidstatelogic.com>
Message-ID: <45C0A5D3.4000408@katy.com>

Mailscanner list to the rescue. Thank you.

I'll get these suggestions implemented, only one I have problem 
implementing is the relay_recipient_maps suggestions. This box is a 
filter for several endpoints. I have one endpoint (a Exim/Cpanel box) 
that incorrectly states an address doesn't exist, until you actually 
deliver a message, another endpoint (a qmail box) that acknowledges all 
email address, takes in the message, then sends a rejection notice, of 
course, I also have a Groupwise & Exchange server receiving mail. I have 
not given up on this, however, everytime, I've taken a stab at it, bad 
things happen (mail gets bounced).

I'll let the group know the outcome. Thanks again.

Martin.Hepworth wrote:
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of John Schmerold
>> Sent: 31 January 2007 06:13
>> To: mailscanner@lists.mailscanner.info
>> Subject: Performance
>>
>> We're seeing significant backlogs, mail is taking 2-6 hours to get
> thru
>> the Postfix/Mailscanner gauntlet we've setup. What's everyone else
>> seeing in terms of mail processing time?
>>
>> I've looked at the home page & WIKI, so, I'm guessing I am missing
>> something or there are new techniques not yet published on the
>> mailscanner.info
>>
>> Some of my statistics are as follows:
>> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
>> Mail volume: approx 7,500 messages per day
>> Misc: We have set the noatime flag on spool and log partitions & use a
>> local DNS caching nameserver.
From clacroix at cegep-ste-foy.qc.ca  Wed Jan 31 15:36:55 2007
From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix)
Date: Wed Jan 31 14:38:42 2007
Subject: Disable quarantine.
Message-ID: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>

Hi,

i posted a message 2 days ago and i havn't got a reply.

I think that with these options it's disabled. I still get alot of messages 
beiing quarantined and it's problematic for me.

What config should i modify to make sure my attachments don't get cought by 
mailscanner?

Thanks
Charles

Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0640
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
Allow Filenames =
Deny Filenames =
Filename Rules =
Allow Filetypes =
Deny Filetypes =
Filetype Rules =
Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Filename Modify Subject = no
Filename Subject Text = {Filename?}
From MailScanner at ecs.soton.ac.uk  Wed Jan 31 15:41:32 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 14:45:36 2007
Subject: Disable quarantine.
In-Reply-To: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
Message-ID: <45C0AA9C.2060905@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

But you've got Quarantine Infections = yes, which looks fairly obvious 
to me that it will quarantine infected messages.

Charles Lacroix wrote:
> Hi,
>
> i posted a message 2 days ago and i havn't got a reply.
>
> I think that with these options it's disabled. I still get alot of messages 
> beiing quarantined and it's problematic for me.
>
> What config should i modify to make sure my attachments don't get cought by 
> mailscanner?
>
> Thanks
> Charles
>
> Quarantine Dir = /var/spool/MailScanner/quarantine
> Quarantine User =
> Quarantine Group =
> Quarantine Permissions = 0640
> Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
> Allow Filenames =
> Deny Filenames =
> Filename Rules =
> Allow Filetypes =
> Deny Filetypes =
> Filetype Rules =
> Quarantine Infections = yes
> Quarantine Silent Viruses = no
> Quarantine Modified Body = no
> Quarantine Whole Message = yes
> Quarantine Whole Messages As Queue Files = no
> Filename Modify Subject = no
> Filename Subject Text = {Filename?}
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFwKqhEfZZRxQVtlQRAjEwAKCrdsXLBmop8ZiCGgXe2akwom9jxgCgxuEh
TXmhCHO+miE64ObRGT6sfFA=
=k97W
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From clacroix at cegep-ste-foy.qc.ca  Wed Jan 31 15:49:03 2007
From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix)
Date: Wed Jan 31 14:50:50 2007
Subject: Disable quarantine.
In-Reply-To: <45C0AA9C.2060905@ecs.soton.ac.uk>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
	<45C0AA9C.2060905@ecs.soton.ac.uk>
Message-ID: <200701310949.03579.clacroix@cegep-ste-foy.qc.ca>


well i was scared that if i disabled that, attachments would be silently 
dropped. But i will go ahead and disable it for now.


# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.

Thanks

On Wednesday 31 January 2007 09:41, Julian Field wrote:
> But you've got Quarantine Infections = yes, which looks fairly obvious
> to me that it will quarantine infected messages.
>
> Charles Lacroix wrote:
> > Hi,
> >
> > i posted a message 2 days ago and i havn't got a reply.
> >
> > I think that with these options it's disabled. I still get alot of
> > messages beiing quarantined and it's problematic for me.
> >
> > What config should i modify to make sure my attachments don't get cought
> > by mailscanner?
> >
> > Thanks
> > Charles
> >
> > Quarantine Dir = /var/spool/MailScanner/quarantine
> > Quarantine User =
> > Quarantine Group =
> > Quarantine Permissions = 0640
> > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
> > Allow Filenames =
> > Deny Filenames =
> > Filename Rules =
> > Allow Filetypes =
> > Deny Filetypes =
> > Filetype Rules =
> > Quarantine Infections = yes
> > Quarantine Silent Viruses = no
> > Quarantine Modified Body = no
> > Quarantine Whole Message = yes
> > Quarantine Whole Messages As Queue Files = no
> > Filename Modify Subject = no
> > Filename Subject Text = {Filename?}
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
From Chris at 7of9b.org  Wed Jan 31 16:08:43 2007
From: Chris at 7of9b.org (Chris Burton)
Date: Wed Jan 31 15:16:10 2007
Subject: msrbl, anyone using these RBLs?
References: <epaog9$b09$1@sea.gmane.org><45B8E899.5050801@chapman.edu>	<epb2ra$kfs$1@sea.gmane.org><epn6n8$us0$1@sea.gmane.org>
	<epntkr$ndt$2@sea.gmane.org>
Message-ID: <026c01c7454a$11b01f80$0af9a8c0@murphy3>

> I haven't had one hit yet, but I am dropping zen hits at the mta.
> I am probably killing anything that might hit before it gets in.

Hi,
 The (msrbl) zones are mostly empty at the moment as I have a backlog of 
reports to process as the site is being moved again to a more powerful 
servers.

ChrisB. 

From glenn.steen at gmail.com  Wed Jan 31 16:23:18 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 31 15:26:42 2007
Subject: Performance
In-Reply-To: <45C0A5D3.4000408@katy.com>
References: <467cc6e65922054aa286ea40cfd4dfa6@solidstatelogic.com>
	<45C0A5D3.4000408@katy.com>
Message-ID: <223f97700701310723o145a973bpba118d76bd0a3a40@mail.gmail.com>

On 31/01/07, John Schmerold <john@katy.com> wrote:
> Mailscanner list to the rescue. Thank you.
>
> I'll get these suggestions implemented, only one I have problem
> implementing is the relay_recipient_maps suggestions. This box is a
> filter for several endpoints. I have one endpoint (a Exim/Cpanel box)
> that incorrectly states an address doesn't exist, until you actually
> deliver a message, another endpoint (a qmail box) that acknowledges all
> email address, takes in the message, then sends a rejection notice, of
> course, I also have a Groupwise & Exchange server receiving mail. I have
> not given up on this, however, everytime, I've taken a stab at it, bad
> things happen (mail gets bounced).

Ummmmm, you don't use SMTP at all to construct these maps... So no
VERIFY strangeness or somesuch come into play.
Either construct the map file(s) by hand or use some scripted method
(some are mentioned in the wiki, as you might know)... The maps would
look something like
user1@domain1.tld OK
user2@domain1.tld OK
etc.
You need postmap the files so that they become hashed db files, else
nothing will work.
I'd suggest you create one map per domain, and construct one script
per domain to update them periodically (on a busy system every 15
minutes could be about right).
Of course you need make sure the files contain every possible
permutation ... aliases and all. But you should be able to test things
out before actually committing it to postfix.

> I'll let the group know the outcome. Thanks again.
Ok.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Wed Jan 31 16:31:22 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 15:35:13 2007
Subject: Disable quarantine.
In-Reply-To: <45C0AA9C.2060905@ecs.soton.ac.uk>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
	<45C0AA9C.2060905@ecs.soton.ac.uk>
Message-ID: <45C0B64A.7030909@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry, I mis-read your question.

To stop things being caught altogether you can switch off "Scan 
Messages", which will disable MailScanner altogether.

Julian Field wrote:
> * PGP Signed: 01/31/07 at 14:41:37
>
> But you've got Quarantine Infections = yes, which looks fairly obvious 
> to me that it will quarantine infected messages.
>
> Charles Lacroix wrote:
>> Hi,
>>
>> i posted a message 2 days ago and i havn't got a reply.
>>
>> I think that with these options it's disabled. I still get alot of 
>> messages beiing quarantined and it's problematic for me.
>>
>> What config should i modify to make sure my attachments don't get 
>> cought by mailscanner?
>>
>> Thanks
>> Charles
>>
>> Quarantine Dir = /var/spool/MailScanner/quarantine
>> Quarantine User =
>> Quarantine Group =
>> Quarantine Permissions = 0640
>> Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
>> Allow Filenames =
>> Deny Filenames =
>> Filename Rules =
>> Allow Filetypes =
>> Deny Filetypes =
>> Filetype Rules =
>> Quarantine Infections = yes
>> Quarantine Silent Viruses = no
>> Quarantine Modified Body = no
>> Quarantine Whole Message = yes
>> Quarantine Whole Messages As Queue Files = no
>> Filename Modify Subject = no
>> Filename Subject Text = {Filename?}
>>   
>
> Jules
>

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFwLZOEfZZRxQVtlQRAmKiAJ90EMfge7bgICHeZVx/y0g4+Lxu9wCfe/bk
B1CXBRvLmQrFxOHkfJwIuto=
=kpUr
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From clacroix at cegep-ste-foy.qc.ca  Wed Jan 31 16:44:57 2007
From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix)
Date: Wed Jan 31 15:46:48 2007
Subject: Disable quarantine.
In-Reply-To: <45C0B64A.7030909@ecs.soton.ac.uk>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
	<45C0AA9C.2060905@ecs.soton.ac.uk>
	<45C0B64A.7030909@ecs.soton.ac.uk>
Message-ID: <200701311044.58045.clacroix@cegep-ste-foy.qc.ca>


I do have scan message = yes

but if i set it to no, will it still scan for spam ?

Thanks
Charles

On Wednesday 31 January 2007 10:31, Julian Field wrote:
> Sorry, I mis-read your question.
>
> To stop things being caught altogether you can switch off "Scan
> Messages", which will disable MailScanner altogether.
>
> Julian Field wrote:
> > * PGP Signed: 01/31/07 at 14:41:37
> >
> > But you've got Quarantine Infections = yes, which looks fairly obvious
> > to me that it will quarantine infected messages.
> >
> > Charles Lacroix wrote:
> >> Hi,
> >>
> >> i posted a message 2 days ago and i havn't got a reply.
> >>
> >> I think that with these options it's disabled. I still get alot of
> >> messages beiing quarantined and it's problematic for me.
> >>
> >> What config should i modify to make sure my attachments don't get
> >> cought by mailscanner?
> >>
> >> Thanks
> >> Charles
> >>
> >> Quarantine Dir = /var/spool/MailScanner/quarantine
> >> Quarantine User =
> >> Quarantine Group =
> >> Quarantine Permissions = 0640
> >> Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
> >> Allow Filenames =
> >> Deny Filenames =
> >> Filename Rules =
> >> Allow Filetypes =
> >> Deny Filetypes =
> >> Filetype Rules =
> >> Quarantine Infections = yes
> >> Quarantine Silent Viruses = no
> >> Quarantine Modified Body = no
> >> Quarantine Whole Message = yes
> >> Quarantine Whole Messages As Queue Files = no
> >> Filename Modify Subject = no
> >> Filename Subject Text = {Filename?}
> >
> > Jules
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
From MailScanner at ecs.soton.ac.uk  Wed Jan 31 17:04:41 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 16:09:30 2007
Subject: Disable quarantine.
In-Reply-To: <200701311044.58045.clacroix@cegep-ste-foy.qc.ca>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>	<45C0AA9C.2060905@ecs.soton.ac.uk>	<45C0B64A.7030909@ecs.soton.ac.uk>
	<200701311044.58045.clacroix@cegep-ste-foy.qc.ca>
Message-ID: <45C0BE19.7020409@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No.

What you want is probably this set:

Spam Checks = yes
Virus Scanning = no
Dangerous Content Scanning = no

That will make it do spam checks but nothing else.

Charles Lacroix wrote:
> I do have scan message = yes
>
> but if i set it to no, will it still scan for spam ?
>
> Thanks
> Charles
>
> On Wednesday 31 January 2007 10:31, Julian Field wrote:
>   
>> Sorry, I mis-read your question.
>>
>> To stop things being caught altogether you can switch off "Scan
>> Messages", which will disable MailScanner altogether.
>>
>> Julian Field wrote:
>>     
>>> * PGP Signed: 01/31/07 at 14:41:37
>>>
>>> But you've got Quarantine Infections = yes, which looks fairly obvious
>>> to me that it will quarantine infected messages.
>>>
>>> Charles Lacroix wrote:
>>>       
>>>> Hi,
>>>>
>>>> i posted a message 2 days ago and i havn't got a reply.
>>>>
>>>> I think that with these options it's disabled. I still get alot of
>>>> messages beiing quarantined and it's problematic for me.
>>>>
>>>> What config should i modify to make sure my attachments don't get
>>>> cought by mailscanner?
>>>>
>>>> Thanks
>>>> Charles
>>>>
>>>> Quarantine Dir = /var/spool/MailScanner/quarantine
>>>> Quarantine User =
>>>> Quarantine Group =
>>>> Quarantine Permissions = 0640
>>>> Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
>>>> Allow Filenames =
>>>> Deny Filenames =
>>>> Filename Rules =
>>>> Allow Filetypes =
>>>> Deny Filetypes =
>>>> Filetype Rules =
>>>> Quarantine Infections = yes
>>>> Quarantine Silent Viruses = no
>>>> Quarantine Modified Body = no
>>>> Quarantine Whole Message = yes
>>>> Quarantine Whole Messages As Queue Files = no
>>>> Filename Modify Subject = no
>>>> Filename Subject Text = {Filename?}
>>>>         
>>> Jules
>>>       
>> Jules
>>
>> --
>> Julian Field MEng CITP
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> For all your IT requirements visit www.transtec.co.uk
>>     

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFwL4hEfZZRxQVtlQRAps1AKCeT8HOtar/a7fCciKAD24oeC7T4ACgntuO
bxi70ZOvWM3KFDC2ZRiR/zU=
=dXwX
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From clacroix at cegep-ste-foy.qc.ca  Wed Jan 31 17:15:43 2007
From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix)
Date: Wed Jan 31 16:17:39 2007
Subject: Disable quarantine.
In-Reply-To: <45C0BE19.7020409@ecs.soton.ac.uk>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
	<200701311044.58045.clacroix@cegep-ste-foy.qc.ca>
	<45C0BE19.7020409@ecs.soton.ac.uk>
Message-ID: <200701311115.43610.clacroix@cegep-ste-foy.qc.ca>


I do want to scan for Dangerous Content 
as phishing fraud 

Virus scanning i am planning on pushing clamav in there.
as i filter with clamav directly into postfix at the moment.


How can we just disable attachment checks ?

Or at worse, put a rule to allow everything.

Thanks,
Charles


On Wednesday 31 January 2007 11:04, Julian Field wrote:
> No.
>
> What you want is probably this set:
>
> Spam Checks = yes
> Virus Scanning = no
> Dangerous Content Scanning = no
>
> That will make it do spam checks but nothing else.
>
> Charles Lacroix wrote:
> > I do have scan message = yes
> >
> > but if i set it to no, will it still scan for spam ?
> >
> > Thanks
> > Charles
> >
> > On Wednesday 31 January 2007 10:31, Julian Field wrote:
> >> Sorry, I mis-read your question.
> >>
> >> To stop things being caught altogether you can switch off "Scan
> >> Messages", which will disable MailScanner altogether.
> >>
> >> Julian Field wrote:
> >>> * PGP Signed: 01/31/07 at 14:41:37
> >>>
> >>> But you've got Quarantine Infections = yes, which looks fairly obvious
> >>> to me that it will quarantine infected messages.
> >>>
> >>> Charles Lacroix wrote:
> >>>> Hi,
> >>>>
> >>>> i posted a message 2 days ago and i havn't got a reply.
> >>>>
> >>>> I think that with these options it's disabled. I still get alot of
> >>>> messages beiing quarantined and it's problematic for me.
> >>>>
> >>>> What config should i modify to make sure my attachments don't get
> >>>> cought by mailscanner?
> >>>>
> >>>> Thanks
> >>>> Charles
> >>>>
> >>>> Quarantine Dir = /var/spool/MailScanner/quarantine
> >>>> Quarantine User =
> >>>> Quarantine Group =
> >>>> Quarantine Permissions = 0640
> >>>> Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap
> >>>> Allow Filenames =
> >>>> Deny Filenames =
> >>>> Filename Rules =
> >>>> Allow Filetypes =
> >>>> Deny Filetypes =
> >>>> Filetype Rules =
> >>>> Quarantine Infections = yes
> >>>> Quarantine Silent Viruses = no
> >>>> Quarantine Modified Body = no
> >>>> Quarantine Whole Message = yes
> >>>> Quarantine Whole Messages As Queue Files = no
> >>>> Filename Modify Subject = no
> >>>> Filename Subject Text = {Filename?}
> >>>
> >>> Jules
> >>
> >> Jules
> >>
> >> --
> >> Julian Field MEng CITP
> >> www.MailScanner.info
> >> Buy the MailScanner book at www.MailScanner.info/store
> >>
> >> Need help customising MailScanner?
> >> Contact me!
> >> Need help fixing or optimising your systems?
> >> Contact me!
> >> Need help getting you started solving new requirements from your boss?
> >> Contact me!
> >>
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>
> >>
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >> For all your IT requirements visit www.transtec.co.uk
>
> Jules
>
> --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
From ssilva at sgvwater.com  Wed Jan 31 17:19:01 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 31 16:23:00 2007
Subject: Performance
In-Reply-To: <45C03361.5040903@katy.com>
References: <45C03361.5040903@katy.com>
Message-ID: <epqfhl$d54$2@sea.gmane.org>

John Schmerold spake the following on 1/30/2007 10:12 PM:
> We're seeing significant backlogs, mail is taking 2-6 hours to get thru
> the Postfix/Mailscanner gauntlet we've setup. What's everyone else
> seeing in terms of mail processing time?
> 
> I've looked at the home page & WIKI, so, I'm guessing I am missing
> something or there are new techniques not yet published on the
> mailscanner.info
> 
> Some of my statistics are as follows:
> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
> Mail volume: approx 7,500 messages per day
> Misc: We have set the noatime flag on spool and log partitions & use a
> local DNS caching nameserver.
> 
> MS Configuration:
> [root@mx1 ~]# cat /etc/MailScanner/MailScanner.conf
> # See http://www.mailscanner.info/MailScanner.conf.index.html for all
> options & defaults
> %etc-dir% = /etc/MailScanner
> %mcp-dir% = /etc/MailScanner/mcp
> %org-long-name% = Schmerold
> %org-name% = Schmerold
> %report-dir% = /etc/MailScanner/reports/en
> %rules-dir% = /etc/MailScanner/rules
> %web-site% = www.schmerold.com
> 
> Always Include SpamAssassin Report = yes
> Archive Mail = /etc/MailScanner/rules/archive.rules
> High Scoring Spam Actions = store
> High SpamAssassin Score = 7
> Incoming Queue Dir = /var/spool/postfix/hold
> Incoming Work Dir = /var/spool/MailScanner/incoming
> Language Strings = /etc/MailScanner/reports/en/languages.conf
> MTA = postfix
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Required SpamAssassin Score = 4
> Restart Every = 7200
> Run As Group = postfix
> Run As User = postfix
> Sign Clean Messages = no
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
> 
> Log Speed = yes
> Max Children = 2
You have enough oomph to run more than 2 children. See if doubling it helps.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From ssilva at sgvwater.com  Wed Jan 31 17:28:17 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 31 16:31:53 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>
	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
Message-ID: <epqg31$d54$3@sea.gmane.org>

Res spake the following on 1/30/2007 4:37 AM:
> On Tue, 30 Jan 2007, Randal, Phil wrote:
> 
>>> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
>>> an absolute "no" to qmail.
> 
> who voted no to qmail? It in fact the best for virtual domains.
The original poster of the thread
"We're looking for something that is secure, efficient, maintained (which
rules out qmail)..."

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From Denis.Beauchemin at USherbrooke.ca  Wed Jan 31 17:35:58 2007
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Wed Jan 31 16:39:33 2007
Subject: OT: exim v3 vs v4
Message-ID: <45C0C56E.5010306@USherbrooke.ca>

Hello all,

I have the O'Reilly Exim book by Philip Hazel.  It covers release 3.

On my RHEL servers I have release 4.

I want to configure it for authenticated+encrypted email relaying using 
LDAP.  Do you think I could make use of my rel 3 book to configure a rel 
4 server or should I get my hands on a rel 4 book?

A couple of days ago I was leaning towards Postfix but the recent 
discussions here make me consider Exim as well...

Thanks!

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070131/37b0df35/smime-0001.bin
From martinh at solidstatelogic.com  Wed Jan 31 17:39:45 2007
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jan 31 16:43:49 2007
Subject: exim v3 vs v4
In-Reply-To: <45C0C56E.5010306@USherbrooke.ca>
Message-ID: <f65451bbf2f6b14d98700bb6efbb9a48@solidstatelogic.com>

Exim 4  please

Exim 3 hasn't been supported by the authors for years (yes years).

Exim 4 is radically different to 3, you'll need to give Phil hazel a few
more pounds and get the new book..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin
> Sent: 31 January 2007 16:36
> To: MailScanner
> Subject: OT: exim v3 vs v4
>
> Hello all,
>
> I have the O'Reilly Exim book by Philip Hazel.  It covers release 3.
>
> On my RHEL servers I have release 4.
>
> I want to configure it for authenticated+encrypted email relaying
using
> LDAP.  Do you think I could make use of my rel 3 book to configure a
rel
> 4 server or should I get my hands on a rel 4 book?
>
> A couple of days ago I was leaning towards Postfix but the recent
> discussions here make me consider Exim as well...
>
> Thanks!
>
> Denis
>
> --
>    _
>   ?v?   Denis Beauchemin, analyste
>  /(_)\  Universit? de Sherbrooke, S.T.I.
>   ^ ^   T: 819.821.8000x62252 F: 819.821.8045
>





**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From dhawal at netmagicsolutions.com  Wed Jan 31 17:43:15 2007
From: dhawal at netmagicsolutions.com (Dhawal Doshy)
Date: Wed Jan 31 16:46:53 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <epqg31$d54$3@sea.gmane.org>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
	<epqg31$d54$3@sea.gmane.org>
Message-ID: <45C0C723.4070608@netmagicsolutions.com>

Scott Silva wrote:
> Res spake the following on 1/30/2007 4:37 AM:
>> On Tue, 30 Jan 2007, Randal, Phil wrote:
>>
>>>> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
>>>> an absolute "no" to qmail.
>> who voted no to qmail? It in fact the best for virtual domains.
> The original poster of the thread
> "We're looking for something that is secure, efficient, maintained (which
> rules out qmail)..."

One (actually 2) patch to rule them all.. and bring qmail to the current 
century. So does your current MTA support SPF/DomainKeys without a 
milter/policy_daemon? This one does..
http://qmail.jms1.net/patches/combined.shtml

The original qmail may no longer be maintained, but it is still rock 
solid and quite efficient.. and a few patches do bring it to the level 
of a sendmail/postfix/exim.. plus as Res adds "show a product that 
compares to qmail virtual domains".

2 coins..
- dhawal
From mailscanner at yeticomputers.com  Wed Jan 31 18:30:04 2007
From: mailscanner at yeticomputers.com (Rick Chadderdon)
Date: Wed Jan 31 17:33:35 2007
Subject: Disable quarantine.
In-Reply-To: <200701311115.43610.clacroix@cegep-ste-foy.qc.ca>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>	<200701311044.58045.clacroix@cegep-ste-foy.qc.ca>	<45C0BE19.7020409@ecs.soton.ac.uk>
	<200701311115.43610.clacroix@cegep-ste-foy.qc.ca>
Message-ID: <45C0D21C.5060904@yeticomputers.com>

Charles Lacroix wrote:
> I do want to scan for Dangerous Content 
> as phishing fraud 
>
> Virus scanning i am planning on pushing clamav in there.
> as i filter with clamav directly into postfix at the moment.
>
>
> How can we just disable attachment checks ?
>
> Or at worse, put a rule to allow everything.
So you want MailScanner to scan *only* for spam and phishing?  
MailScanner might be too much tool for your needs since it seems as 
though the only thing specific to MailScanner that you want to use is 
its internal phishing/HTML scanner.  Still...

You might be able to achieve what you want by setting:

Virus Scanning = no  # the default is "Virus Scanning = yes"

and then using filetype.rules.conf and filename.rules.conf to allow the 
most common kinds of files to pass through unmolested.  I'm not sure if 
MailScanner still does filetype/filename scans if Virus Scanning is set 
to "no", but you could give it a try.

You can always use rulesets to modify which messages get which tests.  I 
recommend doing this rather than just opening up a huge hole by trying 
to allow all attachments.

Rick


From clacroix at cegep-ste-foy.qc.ca  Wed Jan 31 19:24:03 2007
From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix)
Date: Wed Jan 31 18:25:52 2007
Subject: Disable quarantine.
In-Reply-To: <45C0D21C.5060904@yeticomputers.com>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
	<200701311115.43610.clacroix@cegep-ste-foy.qc.ca>
	<45C0D21C.5060904@yeticomputers.com>
Message-ID: <200701311324.03162.clacroix@cegep-ste-foy.qc.ca>


Well i want to disable it until i get more familiar with the rulesset.

As it's blocking alot of files that aren't problematic. 

can i write a rule in filename.rules

allow	*.*	-	-





On Wednesday 31 January 2007 12:30, Rick Chadderdon wrote:
> Charles Lacroix wrote:
> > I do want to scan for Dangerous Content
> > as phishing fraud
> >
> > Virus scanning i am planning on pushing clamav in there.
> > as i filter with clamav directly into postfix at the moment.
> >
> >
> > How can we just disable attachment checks ?
> >
> > Or at worse, put a rule to allow everything.
>
> So you want MailScanner to scan *only* for spam and phishing?
> MailScanner might be too much tool for your needs since it seems as
> though the only thing specific to MailScanner that you want to use is
> its internal phishing/HTML scanner.  Still...
>
> You might be able to achieve what you want by setting:
>
> Virus Scanning = no  # the default is "Virus Scanning = yes"
>
> and then using filetype.rules.conf and filename.rules.conf to allow the
> most common kinds of files to pass through unmolested.  I'm not sure if
> MailScanner still does filetype/filename scans if Virus Scanning is set
> to "no", but you could give it a try.
>
> You can always use rulesets to modify which messages get which tests.  I
> recommend doing this rather than just opening up a huge hole by trying
> to allow all attachments.
>
> Rick
From ssilva at sgvwater.com  Wed Jan 31 20:14:05 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 31 19:17:43 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45C0C723.4070608@netmagicsolutions.com>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>	<epqg31$d54$3@sea.gmane.org>
	<45C0C723.4070608@netmagicsolutions.com>
Message-ID: <epqpps$qak$1@sea.gmane.org>

Dhawal Doshy spake the following on 1/31/2007 8:43 AM:
> Scott Silva wrote:
>> Res spake the following on 1/30/2007 4:37 AM:
>>> On Tue, 30 Jan 2007, Randal, Phil wrote:
>>>
>>>>> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
>>>>> an absolute "no" to qmail.
>>> who voted no to qmail? It in fact the best for virtual domains.
>> The original poster of the thread
>> "We're looking for something that is secure, efficient, maintained (which
>> rules out qmail)..."
> 
> One (actually 2) patch to rule them all.. and bring qmail to the current
> century. So does your current MTA support SPF/DomainKeys without a
> milter/policy_daemon? This one does..
> http://qmail.jms1.net/patches/combined.shtml
> 
> The original qmail may no longer be maintained, but it is still rock
> solid and quite efficient.. and a few patches do bring it to the level
> of a sendmail/postfix/exim.. plus as Res adds "show a product that
> compares to qmail virtual domains".
> 
> 2 coins..
> - dhawal
But does Julian support qmail in mailscanner?
More patches?

I didn't badmouth qmail, as I haven't used it. I have considered postfix, and
might try it in my next server build. Used exim only on a Debian print server
I built back in the stone age. Since I don't have time to do much consulting
anymore with linux (my spare time is spent fixing windows machines for extra
$$$), so I really can't spend a lot of time with new things.
I'm only using sendmail because, like was said before, it is the devil I know.

I hate to waste all that time I banged my head against the wall!




-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From mrm at medicine.wisc.edu  Wed Jan 31 20:52:15 2007
From: mrm at medicine.wisc.edu (Michael Masse)
Date: Wed Jan 31 19:56:11 2007
Subject: RBL performance:  caching nameserver vs RBL mirroring
Message-ID: <45C09F0F.7FBE.00FC.3@medicine.wisc.edu>

Can someone explain the pro's and con's of each with respect to
performance and accuracy, or am I confused and they are not actually
mutually exclusive, and have nothing to do with eachother?

Mike

From MailScanner at ecs.soton.ac.uk  Wed Jan 31 21:04:47 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 20:08:48 2007
Subject: Disable quarantine.
In-Reply-To: <200701311324.03162.clacroix@cegep-ste-foy.qc.ca>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>	<200701311115.43610.clacroix@cegep-ste-foy.qc.ca>	<45C0D21C.5060904@yeticomputers.com>
	<200701311324.03162.clacroix@cegep-ste-foy.qc.ca>
Message-ID: <45C0F65F.9070507@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please lookup rulesets in any of the documentation, or Google for that 
matter. They are well documented with quite a lot of examples.

Charles Lacroix wrote:
> Well i want to disable it until i get more familiar with the rulesset.
>
> As it's blocking alot of files that aren't problematic. 
>
> can i write a rule in filename.rules
>
> allow	*.*	-	-
>
>
>
>
>
> On Wednesday 31 January 2007 12:30, Rick Chadderdon wrote:
>   
>> Charles Lacroix wrote:
>>     
>>> I do want to scan for Dangerous Content
>>> as phishing fraud
>>>
>>> Virus scanning i am planning on pushing clamav in there.
>>> as i filter with clamav directly into postfix at the moment.
>>>
>>>
>>> How can we just disable attachment checks ?
>>>
>>> Or at worse, put a rule to allow everything.
>>>       
>> So you want MailScanner to scan *only* for spam and phishing?
>> MailScanner might be too much tool for your needs since it seems as
>> though the only thing specific to MailScanner that you want to use is
>> its internal phishing/HTML scanner.  Still...
>>
>> You might be able to achieve what you want by setting:
>>
>> Virus Scanning = no  # the default is "Virus Scanning = yes"
>>
>> and then using filetype.rules.conf and filename.rules.conf to allow the
>> most common kinds of files to pass through unmolested.  I'm not sure if
>> MailScanner still does filetype/filename scans if Virus Scanning is set
>> to "no", but you could give it a try.
>>
>> You can always use rulesets to modify which messages get which tests.  I
>> recommend doing this rather than just opening up a huge hole by trying
>> to allow all attachments.
>>
>> Rick
>>     

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFFwPZ0EfZZRxQVtlQRApxQAKCnOp1SyFYhAMrr6qfAEnGWK9gPnQCfXGlE
dLzucnIvSvTuBlZNEqP7KXY=
=cMIE
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From MailScanner at ecs.soton.ac.uk  Wed Jan 31 21:07:37 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 20:13:23 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <epqpps$qak$1@sea.gmane.org>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>	<epqg31$d54$3@sea.gmane.org>	<45C0C723.4070608@netmagicsolutions.com>
	<epqpps$qak$1@sea.gmane.org>
Message-ID: <45C0F709.8030805@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Scott Silva wrote:
> Dhawal Doshy spake the following on 1/31/2007 8:43 AM:
>   
>> Scott Silva wrote:
>>     
>>> Res spake the following on 1/30/2007 4:37 AM:
>>>       
>>>> On Tue, 30 Jan 2007, Randal, Phil wrote:
>>>>
>>>>         
>>>>>> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
>>>>>> an absolute "no" to qmail.
>>>>>>             
>>>> who voted no to qmail? It in fact the best for virtual domains.
>>>>         
>>> The original poster of the thread
>>> "We're looking for something that is secure, efficient, maintained (which
>>> rules out qmail)..."
>>>       
>> One (actually 2) patch to rule them all.. and bring qmail to the current
>> century. So does your current MTA support SPF/DomainKeys without a
>> milter/policy_daemon? This one does..
>> http://qmail.jms1.net/patches/combined.shtml
>>
>> The original qmail may no longer be maintained, but it is still rock
>> solid and quite efficient.. and a few patches do bring it to the level
>> of a sendmail/postfix/exim.. plus as Res adds "show a product that
>> compares to qmail virtual domains".
>>
>> 2 coins..
>> - dhawal
>>     
> But does Julian support qmail in mailscanner?
>   
No, but someone called opencomputing does/did.
> More patches?
>   
What's qmail without its patches? :-)
You don't so much configure it as patch it until it does what you want :-)
> I didn't badmouth qmail, as I haven't used it. I have considered postfix, and
> might try it in my next server build. Used exim only on a Debian print server
> I built back in the stone age. Since I don't have time to do much consulting
> anymore with linux (my spare time is spent fixing windows machines for extra
> $$$), so I really can't spend a lot of time with new things.
> I'm only using sendmail because, like was said before, it is the devil I know.
>
> I hate to waste all that time I banged my head against the wall!
>
>
>
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: UTF-8

wj8DBQFFwPeDEfZZRxQVtlQRAhiaAKDhqsjHbvfKe9lapWwBAl4k+AfUAACgjH+Y
JwUA0VSH0tiBYJPj3JVAr4E=
=MNmM
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From ssilva at sgvwater.com  Wed Jan 31 21:26:15 2007
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jan 31 20:29:55 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <45C0F709.8030805@ecs.soton.ac.uk>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>	<epqg31$d54$3@sea.gmane.org>	<45C0C723.4070608@netmagicsolutions.com>	<epqpps$qak$1@sea.gmane.org>
	<45C0F709.8030805@ecs.soton.ac.uk>
Message-ID: <epqu16$an9$1@sea.gmane.org>

Julian Field spake the following on 1/31/2007 12:07 PM:
> 
> 
> Scott Silva wrote:
>> Dhawal Doshy spake the following on 1/31/2007 8:43 AM:
> 
>>> Scott Silva wrote:
>>>     
>>>> Res spake the following on 1/30/2007 4:37 AM:
>>>>       
>>>>> On Tue, 30 Jan 2007, Randal, Phil wrote:
>>>>>
>>>>>         
>>>>>>> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
>>>>>>> an absolute "no" to qmail.
>>>>>>>             
>>>>> who voted no to qmail? It in fact the best for virtual domains.
>>>>>         
>>>> The original poster of the thread
>>>> "We're looking for something that is secure, efficient, maintained (which
>>>> rules out qmail)..."
>>>>       
>>> One (actually 2) patch to rule them all.. and bring qmail to the current
>>> century. So does your current MTA support SPF/DomainKeys without a
>>> milter/policy_daemon? This one does..
>>> http://qmail.jms1.net/patches/combined.shtml
>>>
>>> The original qmail may no longer be maintained, but it is still rock
>>> solid and quite efficient.. and a few patches do bring it to the level
>>> of a sendmail/postfix/exim.. plus as Res adds "show a product that
>>> compares to qmail virtual domains".
>>>
>>> 2 coins..
>>> - dhawal
>>>     
>> But does Julian support qmail in mailscanner?
> 
> No, but someone called opencomputing does/did.
>> More patches?
> 
> What's qmail without its patches? :-)
> You don't so much configure it as patch it until it does what you want :-)
>> I didn't badmouth qmail, as I haven't used it. I have considered postfix, and
>> might try it in my next server build. Used exim only on a Debian print server
>> I built back in the stone age. Since I don't have time to do much consulting
>> anymore with linux (my spare time is spent fixing windows machines for extra
>> $$$), so I really can't spend a lot of time with new things.
>> I'm only using sendmail because, like was said before, it is the devil I know.
> 
>> I hate to waste all that time I banged my head against the wall!
> 
> 
> 
> 
> 
> 
> Jules
> 
Opencomputing did re-write for qmail, but they don't seem to be very current.
I looked at that option when I first started looking at Mailscanner.
Anything is better than amavis (the old, original version).
If I could only have the time to play with everything.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

From taz at taz-mania.com  Wed Jan 31 21:28:37 2007
From: taz at taz-mania.com (Dennis Willson)
Date: Wed Jan 31 20:31:59 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0701301107040.27955@ebfjryy.nhfvpf.arg>
Message-ID: <web-9015914@namesystems.net>


Julian probably doesn't want to show a preference, but it would be 
nice to know which one he finds easier to support, has less trouble 
with, gives the best implementation for MS, etc..

Also, while I use a specific mail server for my MailScanner hubs, it's 
more out of the fact that I have been using it for years and am happy 
enough with it and understand it enought that I don't feel motivated 
to learn a new one. 

A table of feature comparisions would be nice...
One thing that I fee I must have is the ability to use Milters. There 
are so many really good Milters out there and now that I have written 
a couple of my own I feel that is a must have. I know that Sendmail 
and Postfix support Milters, but do any others?

From res at ausics.net  Wed Jan 31 21:35:28 2007
From: res at ausics.net (Res)
Date: Wed Jan 31 20:39:09 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <epqg31$d54$3@sea.gmane.org>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>
	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
	<epqg31$d54$3@sea.gmane.org>
Message-ID: <Pine.LNX.4.64.0702010631001.3940@ebfjryy.nhfvpf.arg>

On Wed, 31 Jan 2007, Scott Silva wrote:

> Res spake the following on 1/30/2007 4:37 AM:
>> On Tue, 30 Jan 2007, Randal, Phil wrote:
>>
>>>> Typical outcome .. 2 votes postfix one for exim. A sendmail bash and
>>>> an absolute "no" to qmail.
>>
>> who voted no to qmail? It in fact the best for virtual domains.

> The original poster of the thread
> "We're looking for something that is secure, efficient, maintained (which
> rules out qmail)..."

Its secure, (afterall it so featureless it must be :)
efficient, yes it is (if patched)
maintained = D.O.A

But still, its the second most popular MTA, and even though I despise it, 
It's my best friend in hosting mail servers, as with countless millions of
others :) . but only in virtual domain situation with vpopmail, i'd never 
use it as a stand alone MTA with no virtuals, ever.



-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From MailScanner at ecs.soton.ac.uk  Wed Jan 31 21:47:02 2007
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jan 31 20:51:34 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <web-9015914@namesystems.net>
References: <web-9015914@namesystems.net>
Message-ID: <45C10046.7050300@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Dennis Willson wrote:
>
> Julian probably doesn't want to show a preference, but it would be 
> nice to know which one he finds easier to support, has less trouble 
> with, gives the best implementation for MS, etc..
sendmail was the main one I wrote the original support for.
So the best implementation in MailScanner is sendmail, inevitably.

>
> Also, while I use a specific mail server for my MailScanner hubs, it's 
> more out of the fact that I have been using it for years and am happy 
> enough with it and understand it enought that I don't feel motivated 
> to learn a new one.
> A table of feature comparisions would be nice...
> One thing that I fee I must have is the ability to use Milters. There 
> are so many really good Milters out there and now that I have written 
> a couple of my own I feel that is a must have. I know that Sendmail 
> and Postfix support Milters, but do any others?
>
I would go for sendmail if I were you. They invented milters. Postfix 
supported milters as the other children were doing it so he thought he 
should too. And don't get me started on 'p' records, a complete hack in 
my view.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFFwQB4EfZZRxQVtlQRAqktAKCAQA92irrjw+zXTY2a56VbrhHJAACgot2U
9PoJkWIazHL8unhSHKn60n8=
=lcDq
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

From res at ausics.net  Wed Jan 31 21:49:08 2007
From: res at ausics.net (Res)
Date: Wed Jan 31 20:52:37 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <epqpps$qak$1@sea.gmane.org>
References: <86144ED6CE5B004DA23E1EAC0B569B58125FEFF0@isabella.herefordshire.gov.uk>
	<Pine.LNX.4.64.0701302235210.29736@ebfjryy.nhfvpf.arg>
	<epqg31$d54$3@sea.gmane.org>
	<45C0C723.4070608@netmagicsolutions.com> <epqpps$qak$1@sea.gmane.org>
Message-ID: <Pine.LNX.4.64.0702010648060.3940@ebfjryy.nhfvpf.arg>

On Wed, 31 Jan 2007, Scott Silva wrote:

> But does Julian support qmail in mailscanner?

No. But other people do, the wiki has instructions for it like it does 
with all the common MTA's


-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From res at ausics.net  Wed Jan 31 21:53:47 2007
From: res at ausics.net (Res)
Date: Wed Jan 31 20:57:16 2007
Subject: {MailScanner: Spam} Re: OT: building new server, need MTA advice
In-Reply-To: <web-9015914@namesystems.net>
References: <web-9015914@namesystems.net>
Message-ID: <Pine.LNX.4.64.0702010650450.3940@ebfjryy.nhfvpf.arg>

On Wed, 31 Jan 2007, Dennis Willson wrote:

>
> Julian probably doesn't want to show a preference, but it would be nice to 
> know which one he finds easier to support, has less trouble with, gives the 
> best implementation for MS, etc..

Thats very obvious by the posts in here. Sendmail is easiest, followed by 
Exim and then Postfix (which is the most problematic because of its author)


-- 
Cheers
Res

"We can be Heroes, just for one day" - Davey (Jones) Bowie


From alex at nkpanama.com  Wed Jan 31 22:13:04 2007
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Wed Jan 31 21:17:00 2007
Subject: RBL performance:  caching nameserver vs RBL mirroring
In-Reply-To: <45C09F0F.7FBE.00FC.3@medicine.wisc.edu>
References: <45C09F0F.7FBE.00FC.3@medicine.wisc.edu>
Message-ID: <45C10660.2070101@nkpanama.com>

Michael Masse wrote:
> Can someone explain the pro's and con's of each with respect to
> performance and accuracy, or am I confused and they are not actually
> mutually exclusive, and have nothing to do with eachother?
> 
> Mike
> 
Caching nameserver means "keep a copy of DNS lookups so I don't have to 
do it again for some time". RBL Mirroring means "don't ask a remote RBL 
every time I get a message; download the changes to the list periodically".
From glenn.steen at gmail.com  Wed Jan 31 22:16:28 2007
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed Jan 31 21:19:49 2007
Subject: Disable quarantine.
In-Reply-To: <200701311324.03162.clacroix@cegep-ste-foy.qc.ca>
References: <200701310936.55414.clacroix@cegep-ste-foy.qc.ca>
	<200701311115.43610.clacroix@cegep-ste-foy.qc.ca>
	<45C0D21C.5060904@yeticomputers.com>
	<200701311324.03162.clacroix@cegep-ste-foy.qc.ca>
Message-ID: <223f97700701311316ife8eda7vd5d99ba267b81a16@mail.gmail.com>

On 31/01/07, Charles Lacroix <clacroix@cegep-ste-foy.qc.ca> wrote:
>
> Well i want to disable it until i get more familiar with the rulesset.
>
> As it's blocking alot of files that aren't problematic.
>
> can i write a rule in filename.rules
>
> allow   *.*     -       -
If you want that, just set
Filename Rules = # empty string
and
File Command = # Equally empty

in MailScanner.conf and then restart MailScanner.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From gerard at seibercom.net  Wed Jan 31 22:40:29 2007
From: gerard at seibercom.net (Gerard Seibert)
Date: Wed Jan 31 21:43:35 2007
Subject: OT: building new server, need MTA advice
In-Reply-To: <Pine.LNX.4.64.0702010650450.3940@ebfjryy.nhfvpf.arg>
References: <web-9015914@namesystems.net>
	<Pine.LNX.4.64.0702010650450.3940@ebfjryy.nhfvpf.arg>
Message-ID: <20070131163457.B633.GERARD@seibercom.net>

On Wednesday January 31, 2007 at 03:53:47 (PM) Res wrote:

> Thats very obvious by the posts in here. Sendmail is easiest, followed by 
> Exim and then Postfix (which is the most problematic because of its author)


I would be interested in why you make that statement regarding Postfix. I
had used Sendmail for several years and found it confusing. Getting SASL,
etc working on it can be a real chore.

The only problem I have ever had in Postfix is with Mailscanner,
although the newer versions of Mailscanner don't seem to exhibiting that
trait. I will agree through that milters work far better on Sendmail
than Postfix. The problem is that they were written with Sendmail in
mind. Even the clamav milter does not work correctly. I spoke to its
author and he indicated that perhaps someday, although ot in the
foreseeable future he might modify it  to work with Postfix.

-- 
Gerard
From pete at enitech.com.au  Wed Jan 31 23:37:25 2007
From: pete at enitech.com.au (Peter Russell)
Date: Wed Jan 31 22:40:53 2007
Subject: Performance
In-Reply-To: <223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com>
References: <45C03361.5040903@katy.com>
	<223f97700701310215u67f9f941ifa40f902cd2d357@mail.gmail.com>
Message-ID: <45C11A25.5010407@enitech.com.au>



Glenn Steen wrote:
> On 31/01/07, John Schmerold <john@katy.com> wrote:
>> We're seeing significant backlogs, mail is taking 2-6 hours to get thru
>> the Postfix/Mailscanner gauntlet we've setup. What's everyone else
>> seeing in terms of mail processing time?
>>
>> I've looked at the home page & WIKI, so, I'm guessing I am missing
>> something or there are new techniques not yet published on the
>> mailscanner.info
>>
>> Some of my statistics are as follows:
>> Server config: 2.8GHz P4, 2GB DDR2, Maxtor SATA HDD
>> Mail volume: approx 7,500 messages per day
>> Misc: We have set the noatime flag on spool and log partitions & use a
>> local DNS caching nameserver.
> 
> This should be able to cope well...
> (snip)
> 
>> PostFix Configuration:
>> [root@mx1 ~]# postconf -n
>> canonical_maps = hash:/etc/postfix/canonical
>> config_directory = /etc/postfix
>> disable_vrfy_command = yes
>> hash_queue_names = ""
>> header_checks = regexp:/etc/postfix/header_checks
>> masquerade_exceptions = root
>> message_size_limit = 51200000
>> mydomain = schmerold.com
>> myhostname = mx1.schmerold.com
>> mynetworks = 127.0.0.0/8 65.16.251.208/29
>> relay_domains = katy.com katy.net katycomputer.com  schmerold.com
> Why is there no "companion" relay_recipient_maps? You should reject
> unknown recipients.
> 
>> smtpd_data_restrictions = reject_unauth_pipelining, permit
>> smtpd_helo_required = yes
> Here you should perhaps have a
> smtpd_helo_restrictions = permit_mynetworks, check_helo_access
> hash:/etc/postfix/deny_domain_spoof
> Where the deny_domain_spoof is simply an access file detailing the
> domains and IP addresses you relay for like "katy.com REJECT". Will be
> perfectly safe to use.

Glenn - should he have REJECT for domains he relays for? I am interested 
in tweaking my postfix config myself. Any chance one fo the postfix 
gurus like your self would post up your main.cf with some comments on 
your anti spam settings?


> 
>> smtpd_recipient_restrictions = reject_invalid_hostname
>> reject_non_fqdn_hostname reject_non_fqdn_sender
>> reject_non_fqdn_recipient  reject_unknown_sender_domain
>> permit_mynetworks reject_unauth_destination check_sender_access
>> hash:/etc/postfix/whitelist reject_rbl_client cbl.abuseat.org
>> reject_rbl_client zen.spamhaus.org permit
>> smtpd_sender_restrictions = hash:/etc/postfix/access
>> transport_maps = hash:/etc/postfix/transport
>> virtual_alias_domains = hash:/etc/postfix/virtual
>> virtual_alias_maps = hash:/etc/postfix/virtual
>> [root@mx1 ~]#
>>
>>
>> MS Log:
>> [root@mx1 ~]# cat /var/log/messages | grep "Jan 30 23:40"
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 4F51A4B4468.A8F46 to
>> 389AB894965
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: A8330894942.93836 to
>> A6D8289500D
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Requeue: 368088943F4.C0B33 to
>> 20327894942
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Uninfected: Delivered 7 messages
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch completed at 128844 bytes
>> per second (8272398 / 64)
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Batch (10 messages) processed in
>> 64.20 seconds
>> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Found 7981 messages
>> waiting
>> Jan 30 23:40:03 mx1 MailScanner[24752]: New Batch: Scanning 10 messages,
>> 169939 bytes
>> Jan 30 23:40:03 mx1 MailScanner[24752]: Expired 11 records from the
>> SpamAssassin cache
>> Jan 30 23:40:04 mx1 named[2116]: lame server resolving
>> 'mail.voltech-auto.com' (in 'voltech-auto.com'?): 216.53.199.57#53
>> Jan 30 23:40:08 mx1 named[2116]: lame server resolving
>> '21.36.70.194.in-addr.arpa' (in '36.70.194.in-addr.arpa'?): 
>> 194.70.36.12#53
>> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks: Found 5 spam 
>> messages
>> Jan 30 23:40:42 mx1 MailScanner[24762]: Spam Checks completed at 1227
>> bytes per second
>> Jan 30 23:40:42 mx1 MailScanner[24762]: Virus and Content Scanning: 
>> Starting
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Scanning completed at
>> 156861 bytes per second
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Found phishing fraud from
>> www.google.com claiming to be www.chase.com in 6BE8F895371.5D53A
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Content Checks: Detected and
>> have disarmed web bug tags in HTML message in 6BE8F895371.5D53A from
>> www-data@balancetechnology.com
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 3B29B894E55.CEBEA to
>> 6535E894D8C
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 6BE8F895371.5D53A to
>> DB04E894E55
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 73748895A57.5ABB7 to
>> 0597D895371
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 937E689448D.77EDA to
>> 0CB4B8953AD
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: 754F789466A.8DA78 to
>> AC1D989448D
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: D5177894E67.3DEEA to
>> A879089466A
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Requeue: A3E798940E3.B4BEB to
>> 80A7B894E67
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Uninfected: Delivered 7 messages
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Virus Processing completed at
>> 650569 bytes per second
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch completed at 1215 bytes
>> per second (86123 / 70)
>> Jan 30 23:40:43 mx1 MailScanner[24762]: Batch (10 messages) processed in
>> 70.85 seconds
>> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Found 7993 messages
>> waiting
>> Jan 30 23:40:43 mx1 MailScanner[24762]: New Batch: Scanning 10 messages,
>> 160591 bytes
>> [root@mx1 ~]#
> 
> In this snippet of log we see a lot of requeueing, but no actual
> deliveries. Are we to assume that they happen as expected? Most
> messages seem to be on HOLD, so ... that is probably nothing.

What is the regexp for your HOLD queue?

> 
> What does pflogsumm (or similar tool) have to say about the last day
> or so? Did all these messages just "plonk" in at approximately the
> same time?
> Approximately 10 messages/minute would make for somewhere around 14K
> messages/day, which isn't that good, but not horrendous either... and
> it should be able to keep up, unless you have extremely bursty
> traffic.
> Are all these adressed to the domains in question?
> If you run a message through SA, to get the network tests, do you see
> any ... noticeable ... lag anywhere? Any of the digest checks perhaps?
>